6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
46 #include <epan/epan.h>
47 #include <epan/filesystem.h>
50 #include "color_filters.h"
52 #include <epan/column.h>
53 #include <epan/packet.h>
54 #include <epan/column-utils.h>
55 #include "packet-range.h"
61 #include "alert_box.h"
62 #include "simple_dialog.h"
63 #include "progress_dlg.h"
65 #include <epan/prefs.h>
66 #include <epan/dfilter/dfilter.h>
67 #include <epan/epan_dissect.h>
69 #include <epan/dissectors/packet-data.h>
70 #include <epan/dissectors/packet-ber.h>
71 #include <epan/timestamp.h>
72 #include <epan/dfilter/dfilter-macro.h>
73 #include <wsutil/file_util.h>
74 #include <epan/strutil.h>
78 gboolean auto_scroll_live;
81 static nstime_t first_ts;
82 static nstime_t prev_dis_ts;
83 static guint32 cum_bytes = 0;
85 static void cf_reset_state(capture_file *cf);
87 static int read_packet(capture_file *cf, dfilter_t *dfcode,
88 gboolean filtering_tap_listeners, guint tap_flags, gint64 offset);
90 static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
91 gboolean refilter, gboolean redissect);
93 static gboolean match_protocol_tree(capture_file *cf, frame_data *fdata,
95 static void match_subtree_text(proto_node *node, gpointer data);
96 static gboolean match_summary_line(capture_file *cf, frame_data *fdata,
98 static gboolean match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
100 static gboolean match_ascii(capture_file *cf, frame_data *fdata,
102 static gboolean match_unicode(capture_file *cf, frame_data *fdata,
104 static gboolean match_binary(capture_file *cf, frame_data *fdata,
106 static gboolean match_dfilter(capture_file *cf, frame_data *fdata,
108 static gboolean find_packet(capture_file *cf,
109 gboolean (*match_function)(capture_file *, frame_data *, void *),
112 static void cf_open_failure_alert_box(const char *filename, int err,
113 gchar *err_info, gboolean for_writing,
115 static const char *file_rename_error_message(int err);
116 static void cf_write_failure_alert_box(const char *filename, int err);
117 static void cf_close_failure_alert_box(const char *filename, int err);
119 /* Update the progress bar this many times when reading a file. */
120 #define N_PROGBAR_UPDATES 100
122 /* Number of "frame_data" structures per memory chunk.
123 XXX - is this the right number? */
124 #define FRAME_DATA_CHUNK_SIZE 1024
127 /* this callback mechanism should possibly be replaced by the g_signal_...() stuff (if I only would know how :-) */
129 cf_callback_t cb_fct;
131 } cf_callback_data_t;
133 static GList *cf_callbacks = NULL;
136 cf_callback_invoke(int event, gpointer data)
138 cf_callback_data_t *cb;
139 GList *cb_item = cf_callbacks;
141 /* there should be at least one interested */
142 g_assert(cb_item != NULL);
144 while(cb_item != NULL) {
146 cb->cb_fct(event, data, cb->user_data);
147 cb_item = g_list_next(cb_item);
153 cf_callback_add(cf_callback_t func, gpointer user_data)
155 cf_callback_data_t *cb;
157 cb = g_malloc(sizeof(cf_callback_data_t));
159 cb->user_data = user_data;
161 cf_callbacks = g_list_append(cf_callbacks, cb);
165 cf_callback_remove(cf_callback_t func)
167 cf_callback_data_t *cb;
168 GList *cb_item = cf_callbacks;
170 while(cb_item != NULL) {
172 if(cb->cb_fct == func) {
173 cf_callbacks = g_list_remove(cf_callbacks, cb);
177 cb_item = g_list_next(cb_item);
180 g_assert_not_reached();
184 cf_timestamp_auto_precision(capture_file *cf)
186 int prec = timestamp_get_precision();
189 /* don't try to get the file's precision if none is opened */
190 if(cf->state == FILE_CLOSED) {
194 /* if we are in auto mode, set precision of current file */
195 if(prec == TS_PREC_AUTO ||
196 prec == TS_PREC_AUTO_SEC ||
197 prec == TS_PREC_AUTO_DSEC ||
198 prec == TS_PREC_AUTO_CSEC ||
199 prec == TS_PREC_AUTO_MSEC ||
200 prec == TS_PREC_AUTO_USEC ||
201 prec == TS_PREC_AUTO_NSEC)
203 switch(wtap_file_tsprecision(cf->wth)) {
204 case(WTAP_FILE_TSPREC_SEC):
205 timestamp_set_precision(TS_PREC_AUTO_SEC);
207 case(WTAP_FILE_TSPREC_DSEC):
208 timestamp_set_precision(TS_PREC_AUTO_DSEC);
210 case(WTAP_FILE_TSPREC_CSEC):
211 timestamp_set_precision(TS_PREC_AUTO_CSEC);
213 case(WTAP_FILE_TSPREC_MSEC):
214 timestamp_set_precision(TS_PREC_AUTO_MSEC);
216 case(WTAP_FILE_TSPREC_USEC):
217 timestamp_set_precision(TS_PREC_AUTO_USEC);
219 case(WTAP_FILE_TSPREC_NSEC):
220 timestamp_set_precision(TS_PREC_AUTO_NSEC);
223 g_assert_not_reached();
230 cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
235 wth = wtap_open_offline(fname, err, &err_info, TRUE);
239 /* The open succeeded. Close whatever capture file we had open,
240 and fill in the information for this file. */
243 /* Initialize all data structures used for dissection. */
246 /* We're about to start reading the file. */
247 cf->state = FILE_READ_IN_PROGRESS;
252 /* Set the file name because we need it to set the follow stream filter.
253 XXX - is that still true? We need it for other reasons, though,
255 cf->filename = g_strdup(fname);
257 /* Indicate whether it's a permanent or temporary file. */
258 cf->is_tempfile = is_tempfile;
260 /* If it's a temporary capture buffer file, mark it as not saved. */
261 cf->user_saved = !is_tempfile;
263 cf->cd_t = wtap_file_type(cf->wth);
265 cf->displayed_count = 0;
266 cf->marked_count = 0;
267 cf->drops_known = FALSE;
269 cf->snap = wtap_snapshot_length(cf->wth);
271 /* Snapshot length not known. */
272 cf->has_snap = FALSE;
273 cf->snap = WTAP_MAX_PACKET_SIZE;
276 nstime_set_zero(&cf->elapsed_time);
277 nstime_set_unset(&first_ts);
278 nstime_set_unset(&prev_dis_ts);
280 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
282 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
284 g_assert(cf->plist_chunk);
286 /* change the time formats now, as we might have a new precision */
287 cf_change_time_formats(cf);
289 fileset_file_opened(fname);
291 if(cf->cd_t == WTAP_FILE_BER) {
292 /* tell the BER dissector the file name */
293 ber_set_filename(cf->filename);
299 cf_open_failure_alert_box(fname, *err, err_info, FALSE, 0);
305 * Reset the state for the currently closed file, but don't do the
306 * UI callbacks; this is for use in "cf_open()", where we don't
307 * want the UI to go from "file open" to "file closed" back to
308 * "file open", we want it to go from "old file open" to "new file
309 * open and being read".
312 cf_reset_state(capture_file *cf)
314 /* Die if we're in the middle of reading a file. */
315 g_assert(cf->state != FILE_READ_IN_PROGRESS);
321 /* We have no file open... */
322 if (cf->filename != NULL) {
323 /* If it's a temporary file, remove it. */
325 ws_unlink(cf->filename);
326 g_free(cf->filename);
329 /* ...which means we have nothing to save. */
330 cf->user_saved = FALSE;
332 if (cf->plist_chunk != NULL) {
333 g_mem_chunk_destroy(cf->plist_chunk);
334 cf->plist_chunk = NULL;
336 if (cf->rfcode != NULL) {
337 dfilter_free(cf->rfcode);
341 cf->plist_end = NULL;
342 cf_unselect_packet(cf); /* nothing to select */
343 cf->first_displayed = NULL;
344 cf->last_displayed = NULL;
346 /* No frame selected, no field in that frame selected. */
347 cf->current_frame = NULL;
349 cf->finfo_selected = NULL;
351 /* Clear the packet list. */
352 #ifdef NEW_PACKET_LIST
353 new_packet_list_freeze();
354 new_packet_list_thaw();
356 packet_list_freeze();
363 nstime_set_zero(&cf->elapsed_time);
365 reset_tap_listeners();
367 /* We have no file open. */
368 cf->state = FILE_CLOSED;
370 fileset_file_closed();
373 /* Reset everything to a pristine state */
375 cf_close(capture_file *cf)
377 /* do GUI things even if file is already closed,
378 * e.g. to cleanup things if a capture couldn't be started */
379 cf_callback_invoke(cf_cb_file_closing, cf);
381 /* close things, if not already closed before */
382 if(cf->state != FILE_CLOSED) {
383 color_filters_cleanup();
385 cleanup_dissection();
388 cf_callback_invoke(cf_cb_file_closed, cf);
391 /* an out of memory exception occured, wait for a user button press to exit */
392 void outofmemory_cb(gpointer dialog _U_, gint btn _U_, gpointer data _U_)
398 cf_read(capture_file *cf)
402 const gchar *name_ptr;
404 char errmsg_errno[1024+1];
406 progdlg_t *volatile progbar = NULL;
408 volatile gint64 size;
410 volatile float progbar_val;
412 gchar status_str[100];
413 volatile gint64 progbar_nextstep;
414 volatile gint64 progbar_quantum;
416 gboolean filtering_tap_listeners;
419 volatile int displayed_once = 0;
422 /* Compile the current display filter.
423 * We assume this will not fail since cf->dfilter is only set in
424 * cf_filter IFF the filter was valid.
428 dfilter_compile(cf->dfilter, &dfcode);
431 /* Do we have any tap listeners with filters? */
432 filtering_tap_listeners = have_filtering_tap_listeners();
434 /* Get the union of the flags for all tap listeners. */
435 tap_flags = union_of_tap_listener_flags();
439 reset_tap_listeners();
441 cf_callback_invoke(cf_cb_file_read_start, cf);
443 name_ptr = get_basename(cf->filename);
445 /* Find the size of the file. */
446 size = wtap_file_size(cf->wth, NULL);
448 /* Update the progress bar when it gets to this value. */
449 progbar_nextstep = 0;
450 /* When we reach the value that triggers a progress bar update,
451 bump that value by this amount. */
453 progbar_quantum = size/N_PROGBAR_UPDATES;
456 /* Progress so far. */
459 #ifdef NEW_PACKET_LIST
460 new_packet_list_freeze();
462 packet_list_freeze();
466 g_get_current_time(&start_time);
468 while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
470 /* Create the progress bar if necessary.
471 We check on every iteration of the loop, so that it takes no
472 longer than the standard time to create it (otherwise, for a
473 large file, we might take considerably longer than that standard
474 time in order to get to the next progress bar step). */
475 if (progbar == NULL) {
476 progbar = delayed_create_progress_dlg("Loading", name_ptr,
477 TRUE, &stop_flag, &start_time, progbar_val);
480 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
481 when we update it, we have to run the GTK+ main loop to get it
482 to repaint what's pending, and doing so may involve an "ioctl()"
483 to see if there's any pending input from an X server, and doing
484 that for every packet can be costly, especially on a big file. */
485 if (data_offset >= progbar_nextstep) {
486 file_pos = wtap_read_so_far(cf->wth, NULL);
487 progbar_val = (gfloat) file_pos / (gfloat) size;
488 if (progbar_val > 1.0) {
489 /* The file probably grew while we were reading it.
490 Update file size, and try again. */
491 size = wtap_file_size(cf->wth, NULL);
493 progbar_val = (gfloat) file_pos / (gfloat) size;
494 /* If it's still > 1, either "wtap_file_size()" failed (in which
495 case there's not much we can do about it), or the file
496 *shrank* (in which case there's not much we can do about
497 it); just clip the progress value at 1.0. */
498 if (progbar_val > 1.0f)
501 if (progbar != NULL) {
502 /* update the packet lists content on the first run or frequently on very large files */
503 /* (on smaller files the display update takes longer than reading the file) */
505 if (progbar_quantum > 500000 || displayed_once == 0) {
506 if ((auto_scroll_live || displayed_once == 0 || cf->displayed_count < 1000) && cf->plist_end != NULL) {
508 #ifdef NEW_PACKET_LIST
509 /* XXX - Add move to end function call. Freeze/thaw if
513 if (auto_scroll_live)
514 packet_list_moveto_end();
515 packet_list_freeze();
516 #endif /* NEW_PACKET_LIST */
519 #endif /* HAVE_LIBPCAP */
520 g_snprintf(status_str, sizeof(status_str),
521 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
522 file_pos / 1024, size / 1024);
523 update_progress_dlg(progbar, progbar_val, status_str);
525 progbar_nextstep += progbar_quantum;
530 /* Well, the user decided to abort the read. He/She will be warned and
531 it might be enough for him/her to work with the already loaded
533 This is especially true for very large capture files, where you don't
534 want to wait loading the whole file (which may last minutes or even
535 hours even on fast machines) just to see that it was the wrong file. */
539 read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
541 CATCH(OutOfMemoryError) {
544 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
545 "%sOut Of Memory!%s\n"
547 "Sorry, but Wireshark has to terminate now!\n"
549 "Some infos / workarounds can be found at:\n"
550 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
551 simple_dialog_primary_start(), simple_dialog_primary_end());
552 /* we have to terminate, as we cannot recover from the memory error */
553 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
555 main_window_update();
556 /* XXX - how to avoid a busy wait? */
564 /* Cleanup and release all dfilter resources */
566 dfilter_free(dfcode);
569 /* We're done reading the file; destroy the progress bar if it was created. */
571 destroy_progress_dlg(progbar);
573 /* We're done reading sequentially through the file. */
574 cf->state = FILE_READ_DONE;
576 /* Close the sequential I/O side, to free up memory it requires. */
577 wtap_sequential_close(cf->wth);
579 /* Allow the protocol dissectors to free up memory that they
580 * don't need after the sequential run-through of the packets. */
581 postseq_cleanup_all_protocols();
583 /* Set the file encapsulation type now; we don't know what it is until
584 we've looked at all the packets, as we don't know until then whether
585 there's more than one type (and thus whether it's
586 WTAP_ENCAP_PER_PACKET). */
587 cf->lnk_t = wtap_file_encap(cf->wth);
589 cf->current_frame = cf->first_displayed;
592 #ifdef NEW_PACKET_LIST
593 new_packet_list_thaw();
598 cf_callback_invoke(cf_cb_file_read_finished, cf);
600 #ifndef NEW_PACKET_LIST
601 /* If we have any displayed packets to select, select the first of those
602 packets by making the first row the selected row. */
603 if (cf->first_displayed != NULL)
604 packet_list_select_row(0);
605 #endif /* NEW_PACKET_LIST */
608 simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
609 "%sFile loading was cancelled!%s\n"
611 "The remaining packets in the file were discarded.\n"
613 "As a lot of packets from the original file will be missing,\n"
614 "remember to be careful when saving the current content to a file.\n",
615 simple_dialog_primary_start(), simple_dialog_primary_end());
616 return CF_READ_ERROR;
620 /* Put up a message box noting that the read failed somewhere along
621 the line. Don't throw out the stuff we managed to read, though,
625 case WTAP_ERR_UNSUPPORTED_ENCAP:
626 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
627 "The capture file has a packet with a network type that Wireshark doesn't support.\n(%s)",
630 errmsg = errmsg_errno;
633 case WTAP_ERR_CANT_READ:
634 errmsg = "An attempt to read from the capture file failed for"
635 " some unknown reason.";
638 case WTAP_ERR_SHORT_READ:
639 errmsg = "The capture file appears to have been cut short"
640 " in the middle of a packet.";
643 case WTAP_ERR_BAD_RECORD:
644 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
645 "The capture file appears to be damaged or corrupt.\n(%s)",
648 errmsg = errmsg_errno;
652 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
653 "An error occurred while reading the"
654 " capture file: %s.", wtap_strerror(err));
655 errmsg = errmsg_errno;
658 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", errmsg);
659 return CF_READ_ERROR;
666 cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
668 cf_status_t cf_status;
670 cf_status = cf_open(cf, fname, is_tempfile, err);
675 cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
677 gint64 data_offset = 0;
679 volatile int newly_displayed_packets = 0;
681 gboolean filtering_tap_listeners;
684 /* Compile the current display filter.
685 * We assume this will not fail since cf->dfilter is only set in
686 * cf_filter IFF the filter was valid.
690 dfilter_compile(cf->dfilter, &dfcode);
693 /* Do we have any tap listeners with filters? */
694 filtering_tap_listeners = have_filtering_tap_listeners();
696 /* Get the union of the flags for all tap listeners. */
697 tap_flags = union_of_tap_listener_flags();
701 #ifdef NEW_PACKET_LIST
702 new_packet_list_freeze();
704 packet_list_check_end();
705 packet_list_freeze();
708 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
710 while (to_read != 0 && (wtap_read(cf->wth, err, &err_info, &data_offset))) {
711 if (cf->state == FILE_READ_ABORTED) {
712 /* Well, the user decided to exit Wireshark. Break out of the
713 loop, and let the code below (which is called even if there
714 aren't any packets left to read) exit. */
718 if (read_packet(cf, dfcode, filtering_tap_listeners, tap_flags,
719 data_offset) != -1) {
720 newly_displayed_packets++;
723 CATCH(OutOfMemoryError) {
726 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
727 "%sOut Of Memory!%s\n"
729 "Sorry, but Wireshark has to terminate now!\n"
731 "The capture file is not lost, it can be found at:\n"
734 "Some infos / workarounds can be found at:\n"
735 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
736 simple_dialog_primary_start(), simple_dialog_primary_end(), cf->filename);
737 /* we have to terminate, as we cannot recover from the memory error */
738 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
740 main_window_update();
741 /* XXX - how to avoid a busy wait? */
744 #ifdef NEW_PACKET_LIST
745 new_packet_list_thaw();
749 return CF_READ_ABORTED;
755 /* Cleanup and release all dfilter resources */
757 dfilter_free(dfcode);
760 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: count %u state: %u err: %u",
761 cf->count, cf->state, *err);*/
763 #ifdef NEW_PACKET_LIST
764 new_packet_list_thaw();
766 /* XXX - this causes "flickering" of the list */
770 #ifndef NEW_PACKET_LIST
771 /* moving to the end of the packet list - if the user requested so and
772 we have some new packets.
773 this doesn't seem to work well with a frozen GTK_Clist, so do this after
774 packet_list_thaw() is done, see bugzilla 1188 */
775 /* XXX - this cheats and looks inside the packet list to find the final
777 if (newly_displayed_packets && auto_scroll_live && cf->plist_end != NULL)
778 packet_list_moveto_end();
779 #endif /* NEW_PACKET_LIST */
781 if (cf->state == FILE_READ_ABORTED) {
782 /* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
783 so that our caller can kill off the capture child process;
784 this will cause an EOF on the pipe from the child, so
785 "cf_finish_tail()" will be called, and it will clean up
787 return CF_READ_ABORTED;
788 } else if (*err != 0) {
789 /* We got an error reading the capture file.
790 XXX - pop up a dialog box instead? */
791 g_warning("Error \"%s\" while reading: \"%s\"\n",
792 wtap_strerror(*err), cf->filename);
794 return CF_READ_ERROR;
800 cf_finish_tail(capture_file *cf, int *err)
805 gboolean filtering_tap_listeners;
808 /* Compile the current display filter.
809 * We assume this will not fail since cf->dfilter is only set in
810 * cf_filter IFF the filter was valid.
814 dfilter_compile(cf->dfilter, &dfcode);
817 /* Do we have any tap listeners with filters? */
818 filtering_tap_listeners = have_filtering_tap_listeners();
820 /* Get the union of the flags for all tap listeners. */
821 tap_flags = union_of_tap_listener_flags();
823 if(cf->wth == NULL) {
825 return CF_READ_ERROR;
828 #ifdef NEW_PACKET_LIST
829 new_packet_list_freeze();
831 packet_list_check_end();
832 packet_list_freeze();
835 while ((wtap_read(cf->wth, err, &err_info, &data_offset))) {
836 if (cf->state == FILE_READ_ABORTED) {
837 /* Well, the user decided to abort the read. Break out of the
838 loop, and let the code below (which is called even if there
839 aren't any packets left to read) exit. */
842 read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
845 /* Cleanup and release all dfilter resources */
847 dfilter_free(dfcode);
850 #ifdef NEW_PACKET_LIST
851 new_packet_list_thaw();
856 if (cf->state == FILE_READ_ABORTED) {
857 /* Well, the user decided to abort the read. We're only called
858 when the child capture process closes the pipe to us (meaning
859 it's probably exited), so we can just close the capture
860 file; we return CF_READ_ABORTED so our caller can do whatever
861 is appropriate when that happens. */
863 return CF_READ_ABORTED;
866 #ifndef NEW_PACKET_LIST
867 if (auto_scroll_live && cf->plist_end != NULL)
868 /* XXX - this cheats and looks inside the packet list to find the final
870 packet_list_moveto_end();
873 /* We're done reading sequentially through the file. */
874 cf->state = FILE_READ_DONE;
876 /* We're done reading sequentially through the file; close the
877 sequential I/O side, to free up memory it requires. */
878 wtap_sequential_close(cf->wth);
880 /* Allow the protocol dissectors to free up memory that they
881 * don't need after the sequential run-through of the packets. */
882 postseq_cleanup_all_protocols();
884 /* Set the file encapsulation type now; we don't know what it is until
885 we've looked at all the packets, as we don't know until then whether
886 there's more than one type (and thus whether it's
887 WTAP_ENCAP_PER_PACKET). */
888 cf->lnk_t = wtap_file_encap(cf->wth);
891 /* We got an error reading the capture file.
892 XXX - pop up a dialog box? */
893 return CF_READ_ERROR;
898 #endif /* HAVE_LIBPCAP */
901 cf_get_display_name(capture_file *cf)
903 const gchar *displayname;
905 /* Return a name to use in displays */
906 if (!cf->is_tempfile) {
907 /* Get the last component of the file name, and use that. */
909 displayname = get_basename(cf->filename);
911 displayname="(No file)";
914 /* The file we read is a temporary file from a live capture;
915 we don't mention its name. */
916 displayname = "(Untitled)";
921 /* XXX - use a macro instead? */
923 cf_get_packet_count(capture_file *cf)
928 /* XXX - use a macro instead? */
930 cf_set_packet_count(capture_file *cf, int packet_count)
932 cf->count = packet_count;
935 /* XXX - use a macro instead? */
937 cf_is_tempfile(capture_file *cf)
939 return cf->is_tempfile;
942 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile)
944 cf->is_tempfile = is_tempfile;
948 /* XXX - use a macro instead? */
949 void cf_set_drops_known(capture_file *cf, gboolean drops_known)
951 cf->drops_known = drops_known;
954 /* XXX - use a macro instead? */
955 void cf_set_drops(capture_file *cf, guint32 drops)
960 /* XXX - use a macro instead? */
961 gboolean cf_get_drops_known(capture_file *cf)
963 return cf->drops_known;
966 /* XXX - use a macro instead? */
967 guint32 cf_get_drops(capture_file *cf)
972 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
978 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
979 dfilter_t *dfcode, gboolean filtering_tap_listeners,
981 union wtap_pseudo_header *pseudo_header, const guchar *buf,
985 gboolean create_proto_tree = FALSE;
988 /* just add some value here until we know if it is being displayed or not */
989 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
991 /* If we don't have the time stamp of the first packet in the
992 capture, it's because this is the first packet. Save the time
993 stamp of this packet as the time stamp of the first packet. */
994 if (nstime_is_unset(&first_ts)) {
995 first_ts = fdata->abs_ts;
997 /* if this frames is marked as a reference time frame, reset
998 firstsec and firstusec to this frame */
999 if(fdata->flags.ref_time){
1000 first_ts = fdata->abs_ts;
1003 /* If we don't have the time stamp of the previous displayed packet,
1004 it's because this is the first displayed packet. Save the time
1005 stamp of this packet as the time stamp of the previous displayed
1007 if (nstime_is_unset(&prev_dis_ts)) {
1008 prev_dis_ts = fdata->abs_ts;
1011 /* Get the time elapsed between the first packet and this packet. */
1012 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
1014 /* If it's greater than the current elapsed time, set the elapsed time
1015 to it (we check for "greater than" so as not to be confused by
1016 time moving backwards). */
1017 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
1018 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
1019 cf->elapsed_time = fdata->rel_ts;
1022 /* Get the time elapsed between the previous displayed packet and
1024 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
1028 we have a display filter and are re-applying it;
1030 we have a list of color filters;
1032 we have tap listeners with filters;
1034 we have tap listeners that require a protocol tree;
1036 we have custom columns;
1038 allocate a protocol tree root node, so that we'll construct
1039 a protocol tree against which a filter expression can be
1041 if ((dfcode != NULL && refilter) || color_filters_used() ||
1042 filtering_tap_listeners || (tap_flags & TL_REQUIRES_PROTO_TREE) ||
1043 have_custom_cols(&cf->cinfo))
1044 create_proto_tree = TRUE;
1046 /* Dissect the frame. */
1047 edt = epan_dissect_new(create_proto_tree, FALSE);
1049 if (dfcode != NULL && refilter) {
1050 epan_dissect_prime_dfilter(edt, dfcode);
1052 /* prepare color filters */
1053 if (color_filters_used()) {
1054 color_filters_prime_edt(edt);
1057 col_custom_prime_edt(edt, &cf->cinfo);
1059 tap_queue_init(edt);
1060 epan_dissect_run(edt, pseudo_header, buf, fdata, &cf->cinfo);
1061 tap_push_tapped_queue(edt);
1063 /* If we have a display filter, apply it if we're refiltering, otherwise
1064 leave the "passed_dfilter" flag alone.
1066 If we don't have a display filter, set "passed_dfilter" to 1. */
1067 if (dfcode != NULL) {
1069 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, edt) ? 1 : 0;
1072 fdata->flags.passed_dfilter = 1;
1074 if( (fdata->flags.passed_dfilter) || (edt->pi.fd->flags.ref_time) ){
1075 /* This frame either passed the display filter list or is marked as
1076 a time reference frame. All time reference frames are displayed
1077 even if they dont pass the display filter */
1078 if(edt->pi.fd->flags.ref_time){
1079 /* if this was a TIME REF frame we should reset the cul bytes field */
1080 cum_bytes = fdata->pkt_len;
1081 fdata->cum_bytes = cum_bytes;
1083 /* increase cum_bytes with this packets length */
1084 cum_bytes += fdata->pkt_len;
1087 epan_dissect_fill_in_columns(edt);
1089 /* If we haven't yet seen the first frame, this is it.
1091 XXX - we must do this before we add the row to the display,
1092 as, if the display's GtkCList's selection mode is
1093 GTK_SELECTION_BROWSE, when the first entry is added to it,
1094 "cf_select_packet()" will be called, and it will fetch the row
1095 data for the 0th row, and will get a null pointer rather than
1096 "fdata", as "gtk_clist_append()" won't yet have returned and
1097 thus "gtk_clist_set_row_data()" won't yet have been called.
1099 We thus need to leave behind bread crumbs so that
1100 "cf_select_packet()" can find this frame. See the comment
1101 in "cf_select_packet()". */
1102 if (cf->first_displayed == NULL)
1103 cf->first_displayed = fdata;
1105 /* This is the last frame we've seen so far. */
1106 cf->last_displayed = fdata;
1108 #ifdef NEW_PACKET_LIST
1109 /* This function returns the color_t that was applied to the packet (in
1110 * the old packet list). Applying the color to the packet is only done
1111 * in the following function when not using the new packet list. */
1112 fdata->color_filter = color_filters_colorize_packet(0, edt);
1114 row = new_packet_list_append(&cf->cinfo, fdata);
1116 row = packet_list_append(cf->cinfo.col_data, fdata);
1118 /* colorize packet: first apply color filters
1119 * then if packet is marked, use preferences to overwrite color
1120 * we do both to make sure that when a packet gets un-marked, the
1121 * color will be correctly set (fixes bug 2038)
1123 fdata->color_filter = color_filters_colorize_packet(row, edt);
1124 if (fdata->flags.marked) {
1125 packet_list_set_colors(row, &prefs.gui_marked_fg, &prefs.gui_marked_bg);
1127 #endif /* NEW_PACKET_LIST */
1129 /* Set the time of the previous displayed frame to the time of this
1131 prev_dis_ts = fdata->abs_ts;
1133 cf->displayed_count++;
1135 /* This frame didn't pass the display filter, so it's not being added
1136 to the clist, and thus has no row. */
1139 epan_dissect_free(edt);
1143 /* read in a new packet */
1144 /* returns the row of the new packet in the packet list or -1 if not displayed */
1146 read_packet(capture_file *cf, dfilter_t *dfcode,
1147 gboolean filtering_tap_listeners, guint tap_flags, gint64 offset)
1149 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
1150 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
1151 const guchar *buf = wtap_buf_ptr(cf->wth);
1154 frame_data *plist_end;
1155 epan_dissect_t *edt;
1158 /* Allocate the next list entry, and add it to the list. */
1159 fdata = g_mem_chunk_alloc(cf->plist_chunk);
1165 fdata->pkt_len = phdr->len;
1166 fdata->cap_len = phdr->caplen;
1167 fdata->file_off = offset;
1168 fdata->lnk_t = phdr->pkt_encap;
1169 fdata->flags.encoding = CHAR_ASCII;
1170 fdata->flags.visited = 0;
1171 fdata->flags.marked = 0;
1172 fdata->flags.ref_time = 0;
1173 fdata->color_filter = NULL;
1175 fdata->abs_ts.secs = phdr->ts.secs;
1176 fdata->abs_ts.nsecs = phdr->ts.nsecs;
1178 if (cf->plist_end != NULL)
1179 nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &cf->plist_end->abs_ts);
1181 nstime_set_zero(&fdata->del_cap_ts);
1185 edt = epan_dissect_new(TRUE, FALSE);
1186 epan_dissect_prime_dfilter(edt, cf->rfcode);
1187 epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
1188 passed = dfilter_apply_edt(cf->rfcode, edt);
1189 epan_dissect_free(edt);
1192 plist_end = cf->plist_end;
1193 fdata->prev = plist_end;
1194 if (plist_end != NULL)
1195 plist_end->next = fdata;
1198 cf->plist_end = fdata;
1201 cf->f_datalen = offset + phdr->caplen;
1202 fdata->num = cf->count;
1203 if (!cf->redissecting) {
1204 row = add_packet_to_packet_list(fdata, cf, dfcode,
1205 filtering_tap_listeners, tap_flags,
1206 pseudo_header, buf, TRUE);
1209 /* XXX - if we didn't have read filters, or if we could avoid
1210 allocating the "frame_data" structure until we knew whether
1211 the frame passed the read filter, we could use a G_ALLOC_ONLY
1214 ...but, at least in one test I did, where I just made the chunk
1215 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
1216 seem to save a noticeable amount of time or space. */
1217 g_mem_chunk_free(cf->plist_chunk, fdata);
1224 cf_merge_files(char **out_filenamep, int in_file_count,
1225 char *const *in_filenames, int file_type, gboolean do_append)
1227 merge_in_file_t *in_files;
1233 int open_err, read_err, write_err, close_err;
1237 char errmsg_errno[1024+1];
1239 gboolean got_read_error = FALSE, got_write_error = FALSE;
1241 progdlg_t *progbar = NULL;
1243 gint64 f_len, file_pos;
1245 GTimeVal start_time;
1246 gchar status_str[100];
1247 gint64 progbar_nextstep;
1248 gint64 progbar_quantum;
1250 /* open the input files */
1251 if (!merge_open_in_files(in_file_count, in_filenames, &in_files,
1252 &open_err, &err_info, &err_fileno)) {
1254 cf_open_failure_alert_box(in_filenames[err_fileno], open_err, err_info,
1259 if (*out_filenamep != NULL) {
1260 out_filename = *out_filenamep;
1261 out_fd = ws_open(out_filename, O_CREAT|O_TRUNC|O_BINARY, 0600);
1265 out_fd = create_tempfile(&tmpname, "wireshark");
1268 out_filename = g_strdup(tmpname);
1269 *out_filenamep = out_filename;
1273 merge_close_in_files(in_file_count, in_files);
1275 cf_open_failure_alert_box(out_filename, open_err, NULL, TRUE, file_type);
1279 pdh = wtap_dump_fdopen(out_fd, file_type,
1280 merge_select_frame_type(in_file_count, in_files),
1281 merge_max_snapshot_length(in_file_count, in_files),
1282 FALSE /* compressed */, &open_err);
1285 merge_close_in_files(in_file_count, in_files);
1287 cf_open_failure_alert_box(out_filename, open_err, err_info, TRUE,
1292 /* Get the sum of the sizes of all the files. */
1294 for (i = 0; i < in_file_count; i++)
1295 f_len += in_files[i].size;
1297 /* Update the progress bar when it gets to this value. */
1298 progbar_nextstep = 0;
1299 /* When we reach the value that triggers a progress bar update,
1300 bump that value by this amount. */
1301 progbar_quantum = f_len/N_PROGBAR_UPDATES;
1302 /* Progress so far. */
1306 g_get_current_time(&start_time);
1308 /* do the merge (or append) */
1311 wth = merge_append_read_packet(in_file_count, in_files, &read_err,
1314 wth = merge_read_packet(in_file_count, in_files, &read_err,
1318 got_read_error = TRUE;
1322 /* Get the sum of the data offsets in all of the files. */
1324 for (i = 0; i < in_file_count; i++)
1325 data_offset += in_files[i].data_offset;
1327 /* Create the progress bar if necessary.
1328 We check on every iteration of the loop, so that it takes no
1329 longer than the standard time to create it (otherwise, for a
1330 large file, we might take considerably longer than that standard
1331 time in order to get to the next progress bar step). */
1332 if (progbar == NULL) {
1333 progbar = delayed_create_progress_dlg("Merging", "files",
1334 FALSE, &stop_flag, &start_time, progbar_val);
1337 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1338 when we update it, we have to run the GTK+ main loop to get it
1339 to repaint what's pending, and doing so may involve an "ioctl()"
1340 to see if there's any pending input from an X server, and doing
1341 that for every packet can be costly, especially on a big file. */
1342 if (data_offset >= progbar_nextstep) {
1343 /* Get the sum of the seek positions in all of the files. */
1345 for (i = 0; i < in_file_count; i++)
1346 file_pos += wtap_read_so_far(in_files[i].wth, NULL);
1347 progbar_val = (gfloat) file_pos / (gfloat) f_len;
1348 if (progbar_val > 1.0f) {
1349 /* Some file probably grew while we were reading it.
1350 That "shouldn't happen", so we'll just clip the progress
1354 if (progbar != NULL) {
1355 g_snprintf(status_str, sizeof(status_str),
1356 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
1357 file_pos / 1024, f_len / 1024);
1358 update_progress_dlg(progbar, progbar_val, status_str);
1360 progbar_nextstep += progbar_quantum;
1364 /* Well, the user decided to abort the merge. */
1368 if (!wtap_dump(pdh, wtap_phdr(wth), wtap_pseudoheader(wth),
1369 wtap_buf_ptr(wth), &write_err)) {
1370 got_write_error = TRUE;
1375 /* We're done merging the files; destroy the progress bar if it was created. */
1376 if (progbar != NULL)
1377 destroy_progress_dlg(progbar);
1379 merge_close_in_files(in_file_count, in_files);
1380 if (!got_read_error && !got_write_error) {
1381 if (!wtap_dump_close(pdh, &write_err))
1382 got_write_error = TRUE;
1384 wtap_dump_close(pdh, &close_err);
1386 if (got_read_error) {
1388 * Find the file on which we got the error, and report the error.
1390 for (i = 0; i < in_file_count; i++) {
1391 if (in_files[i].state == GOT_ERROR) {
1392 /* Put up a message box noting that a read failed somewhere along
1396 case WTAP_ERR_UNSUPPORTED_ENCAP:
1397 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1398 "The capture file %%s has a packet with a network type that Wireshark doesn't support.\n(%s)",
1401 errmsg = errmsg_errno;
1404 case WTAP_ERR_CANT_READ:
1405 errmsg = "An attempt to read from the capture file %s failed for"
1406 " some unknown reason.";
1409 case WTAP_ERR_SHORT_READ:
1410 errmsg = "The capture file %s appears to have been cut short"
1411 " in the middle of a packet.";
1414 case WTAP_ERR_BAD_RECORD:
1415 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1416 "The capture file %%s appears to be damaged or corrupt.\n(%s)",
1419 errmsg = errmsg_errno;
1423 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1424 "An error occurred while reading the"
1425 " capture file %%s: %s.", wtap_strerror(read_err));
1426 errmsg = errmsg_errno;
1429 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, errmsg, in_files[i].filename);
1434 if (got_write_error) {
1435 /* Put up an alert box for the write error. */
1436 cf_write_failure_alert_box(out_filename, write_err);
1439 if (got_read_error || got_write_error || stop_flag) {
1440 /* Callers aren't expected to treat an error or an explicit abort
1441 differently - we put up error dialogs ourselves, so they don't
1449 cf_filter_packets(capture_file *cf, gchar *dftext, gboolean force)
1451 const char *filter_new = dftext ? dftext : "";
1452 const char *filter_old = cf->dfilter ? cf->dfilter : "";
1455 /* if new filter equals old one, do nothing unless told to do so */
1456 if (!force && strcmp(filter_new, filter_old) == 0) {
1462 if (dftext == NULL) {
1463 /* The new filter is an empty filter (i.e., display all packets).
1464 * so leave dfcode==NULL
1468 * We have a filter; make a copy of it (as we'll be saving it),
1469 * and try to compile it.
1471 dftext = g_strdup(dftext);
1472 if (!dfilter_compile(dftext, &dfcode)) {
1473 /* The attempt failed; report an error. */
1474 gchar *safe_dftext = simple_dialog_format_message(dftext);
1475 gchar *safe_dfilter_error_msg = simple_dialog_format_message(
1477 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1480 "The following display filter isn't a valid display filter:\n%s\n"
1481 "See the help for a description of the display filter syntax.",
1482 simple_dialog_primary_start(), safe_dfilter_error_msg,
1483 simple_dialog_primary_end(), safe_dftext);
1484 g_free(safe_dfilter_error_msg);
1485 g_free(safe_dftext);
1491 if (dfcode == NULL) {
1492 /* Yes - free the filter text, and set it to null. */
1498 /* We have a valid filter. Replace the current filter. */
1499 g_free(cf->dfilter);
1500 cf->dfilter = dftext;
1502 /* Now rescan the packet list, applying the new filter, but not
1503 throwing away information constructed on a previous pass. */
1504 if (dftext == NULL) {
1505 rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
1507 rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
1510 /* Cleanup and release all dfilter resources */
1511 if (dfcode != NULL){
1512 dfilter_free(dfcode);
1518 cf_colorize_packets(capture_file *cf)
1520 rescan_packets(cf, "Colorizing", "all packets", FALSE, FALSE);
1524 cf_reftime_packets(capture_file *cf)
1526 rescan_packets(cf, "Updating Reftime", "all packets", FALSE, FALSE);
1530 cf_redissect_packets(capture_file *cf)
1532 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1535 /* Rescan the list of packets, reconstructing the CList.
1537 "action" describes why we're doing this; it's used in the progress
1540 "action_item" describes what we're doing; it's used in the progress
1543 "refilter" is TRUE if we need to re-evaluate the filter expression.
1545 "redissect" is TRUE if we need to make the dissectors reconstruct
1546 any state information they have (because a preference that affects
1547 some dissector has changed, meaning some dissector might construct
1548 its state differently from the way it was constructed the last time). */
1550 rescan_packets(capture_file *cf, const char *action, const char *action_item,
1551 gboolean refilter, gboolean redissect)
1554 progdlg_t *progbar = NULL;
1559 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
1560 int selected_row, prev_row, preceding_row, following_row;
1561 gboolean selected_frame_seen;
1564 GTimeVal start_time;
1565 gchar status_str[100];
1566 int progbar_nextstep;
1567 int progbar_quantum;
1569 gboolean filtering_tap_listeners;
1572 /* Compile the current display filter.
1573 * We assume this will not fail since cf->dfilter is only set in
1574 * cf_filter IFF the filter was valid.
1578 dfilter_compile(cf->dfilter, &dfcode);
1581 /* Do we have any tap listeners with filters? */
1582 filtering_tap_listeners = have_filtering_tap_listeners();
1584 /* Get the union of the flags for all tap listeners. */
1585 tap_flags = union_of_tap_listener_flags();
1588 reset_tap_listeners();
1589 /* Which frame, if any, is the currently selected frame?
1590 XXX - should the selected frame or the focus frame be the "current"
1591 frame, that frame being the one from which "Find Frame" searches
1593 selected_frame = cf->current_frame;
1595 /* We don't yet know what row that frame will be on, if any, after we
1596 rebuild the clist, however. */
1600 /* We need to re-initialize all the state information that protocols
1601 keep, because some preference that controls a dissector has changed,
1602 which might cause the state information to be constructed differently
1603 by that dissector. */
1605 /* We might receive new packets while redissecting, and we don't
1606 want to dissect those before their time. */
1607 cf->redissecting = TRUE;
1609 /* Initialize all data structures used for dissection. */
1613 /* Freeze the packet list while we redo it, so we don't get any
1614 screen updates while it happens. */
1615 #ifdef NEW_PACKET_LIST
1616 new_packet_list_freeze();
1618 packet_list_freeze();
1621 packet_list_clear();
1624 /* We don't yet know which will be the first and last frames displayed. */
1625 cf->first_displayed = NULL;
1626 cf->last_displayed = NULL;
1628 /* We currently don't display any packets */
1629 cf->displayed_count = 0;
1631 /* Iterate through the list of frames. Call a routine for each frame
1632 to check whether it should be displayed and, if so, add it to
1633 the display list. */
1634 nstime_set_unset(&first_ts);
1635 nstime_set_unset(&prev_dis_ts);
1637 /* Update the progress bar when it gets to this value. */
1638 progbar_nextstep = 0;
1639 /* When we reach the value that triggers a progress bar update,
1640 bump that value by this amount. */
1641 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1642 /* Count of packets at which we've looked. */
1644 /* Progress so far. */
1648 g_get_current_time(&start_time);
1650 row = -1; /* no previous row yet */
1655 preceding_frame = NULL;
1657 following_frame = NULL;
1659 selected_frame_seen = FALSE;
1661 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1662 /* Create the progress bar if necessary.
1663 We check on every iteration of the loop, so that it takes no
1664 longer than the standard time to create it (otherwise, for a
1665 large file, we might take considerably longer than that standard
1666 time in order to get to the next progress bar step). */
1667 if (progbar == NULL)
1668 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
1669 &stop_flag, &start_time,
1672 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1673 when we update it, we have to run the GTK+ main loop to get it
1674 to repaint what's pending, and doing so may involve an "ioctl()"
1675 to see if there's any pending input from an X server, and doing
1676 that for every packet can be costly, especially on a big file. */
1677 if (count >= progbar_nextstep) {
1678 /* let's not divide by zero. I should never be started
1679 * with count == 0, so let's assert that
1681 g_assert(cf->count > 0);
1682 progbar_val = (gfloat) count / cf->count;
1684 if (progbar != NULL) {
1685 g_snprintf(status_str, sizeof(status_str),
1686 "%4u of %u frames", count, cf->count);
1687 update_progress_dlg(progbar, progbar_val, status_str);
1690 progbar_nextstep += progbar_quantum;
1694 /* Well, the user decided to abort the filtering. Just stop.
1696 XXX - go back to the previous filter? Users probably just
1697 want not to wait for a filtering operation to finish;
1698 unless we cancel by having no filter, reverting to the
1699 previous filter will probably be even more expensive than
1700 continuing the filtering, as it involves going back to the
1701 beginning and filtering, and even with no filter we currently
1702 have to re-generate the entire clist, which is also expensive.
1704 I'm not sure what Network Monitor does, but it doesn't appear
1705 to give you an unfiltered display if you cancel. */
1712 /* Since all state for the frame was destroyed, mark the frame
1713 * as not visited, free the GSList referring to the state
1714 * data (the per-frame data itself was freed by
1715 * "init_dissection()"), and null out the GSList pointer. */
1716 fdata->flags.visited = 0;
1718 g_slist_free(fdata->pfd);
1723 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1724 cf->pd, fdata->cap_len, &err, &err_info)) {
1725 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1726 cf_read_error_message(err, err_info), cf->filename);
1730 /* If the previous frame is displayed, and we haven't yet seen the
1731 selected frame, remember that frame - it's the closest one we've
1732 yet seen before the selected frame. */
1733 if (prev_row != -1 && !selected_frame_seen) {
1734 preceding_row = prev_row;
1735 preceding_frame = prev_frame;
1737 row = add_packet_to_packet_list(fdata, cf, dfcode, filtering_tap_listeners,
1738 tap_flags, &cf->pseudo_header, cf->pd,
1741 /* If this frame is displayed, and this is the first frame we've
1742 seen displayed after the selected frame, remember this frame -
1743 it's the closest one we've yet seen at or after the selected
1745 if (row != -1 && selected_frame_seen && following_row == -1) {
1746 following_row = row;
1747 following_frame = fdata;
1749 if (fdata == selected_frame) {
1751 selected_frame_seen = TRUE;
1754 /* Remember this row/frame - it'll be the previous row/frame
1755 on the next pass through the loop. */
1760 /* We are done redissecting the packet list. */
1761 cf->redissecting = FALSE;
1763 #ifndef NEW_PACKET_LIST
1764 /* Re-sort the list using the previously selected order */
1765 packet_list_set_sort_column();
1769 /* Clear out what remains of the visited flags and per-frame data
1772 XXX - that may cause various forms of bogosity when dissecting
1773 these frames, as they won't have been seen by this sequential
1774 pass, but the only alternative I see is to keep scanning them
1775 even though the user requested that the scan stop, and that
1776 would leave the user stuck with an Wireshark grinding on
1777 until it finishes. Should we just stick them with that? */
1778 for (; fdata != NULL; fdata = fdata->next) {
1779 fdata->flags.visited = 0;
1781 g_slist_free(fdata->pfd);
1787 /* We're done filtering the packets; destroy the progress bar if it
1789 if (progbar != NULL)
1790 destroy_progress_dlg(progbar);
1792 /* Unfreeze the packet list. */
1793 #ifdef NEW_PACKET_LIST
1794 new_packet_list_thaw();
1799 if (selected_row == -1) {
1800 /* The selected frame didn't pass the filter. */
1801 if (selected_frame == NULL) {
1802 /* That's because there *was* no selected frame. Make the first
1803 displayed frame the current frame. */
1806 /* Find the nearest displayed frame to the selected frame (whether
1807 it's before or after that frame) and make that the current frame.
1808 If the next and previous displayed frames are equidistant from the
1809 selected frame, choose the next one. */
1810 g_assert(following_frame == NULL ||
1811 following_frame->num >= selected_frame->num);
1812 g_assert(preceding_frame == NULL ||
1813 preceding_frame->num <= selected_frame->num);
1814 if (following_frame == NULL) {
1815 /* No frame after the selected frame passed the filter, so we
1816 have to select the last displayed frame before the selected
1818 selected_row = preceding_row;
1819 } else if (preceding_frame == NULL) {
1820 /* No frame before the selected frame passed the filter, so we
1821 have to select the first displayed frame after the selected
1823 selected_row = following_row;
1825 /* Frames before and after the selected frame passed the filter, so
1826 we'll select the previous frame */
1827 selected_row = preceding_row;
1832 if (selected_row == -1) {
1833 /* There are no frames displayed at all. */
1834 cf_unselect_packet(cf);
1836 #ifndef NEW_PACKET_LIST
1837 /* Either the frame that was selected passed the filter, or we've
1838 found the nearest displayed frame to that frame. Select it, make
1839 it the focus row, and make it visible. */
1840 if (selected_row == 0) {
1841 /* Set to invalid to force update of packet list and packet details */
1842 cf->current_row = -1;
1844 packet_list_set_selected_row(selected_row);
1845 #endif /* NEW_PACKET_LIST */
1848 /* Cleanup and release all dfilter resources */
1849 if (dfcode != NULL){
1850 dfilter_free(dfcode);
1861 process_specified_packets(capture_file *cf, packet_range_t *range,
1862 const char *string1, const char *string2, gboolean terminate_is_stop,
1863 gboolean (*callback)(capture_file *, frame_data *,
1864 union wtap_pseudo_header *, const guint8 *, void *),
1865 void *callback_args)
1870 union wtap_pseudo_header pseudo_header;
1871 guint8 pd[WTAP_MAX_PACKET_SIZE+1];
1872 psp_return_t ret = PSP_FINISHED;
1874 progdlg_t *progbar = NULL;
1877 gboolean progbar_stop_flag;
1878 GTimeVal progbar_start_time;
1879 gchar progbar_status_str[100];
1880 int progbar_nextstep;
1881 int progbar_quantum;
1882 range_process_e process_this;
1884 /* Update the progress bar when it gets to this value. */
1885 progbar_nextstep = 0;
1886 /* When we reach the value that triggers a progress bar update,
1887 bump that value by this amount. */
1888 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1889 /* Count of packets at which we've looked. */
1891 /* Progress so far. */
1894 progbar_stop_flag = FALSE;
1895 g_get_current_time(&progbar_start_time);
1897 packet_range_process_init(range);
1899 /* Iterate through the list of packets, printing the packets that
1900 were selected by the current display filter. */
1901 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1902 /* Create the progress bar if necessary.
1903 We check on every iteration of the loop, so that it takes no
1904 longer than the standard time to create it (otherwise, for a
1905 large file, we might take considerably longer than that standard
1906 time in order to get to the next progress bar step). */
1907 if (progbar == NULL)
1908 progbar = delayed_create_progress_dlg(string1, string2,
1911 &progbar_start_time,
1914 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1915 when we update it, we have to run the GTK+ main loop to get it
1916 to repaint what's pending, and doing so may involve an "ioctl()"
1917 to see if there's any pending input from an X server, and doing
1918 that for every packet can be costly, especially on a big file. */
1919 if (progbar_count >= progbar_nextstep) {
1920 /* let's not divide by zero. I should never be started
1921 * with count == 0, so let's assert that
1923 g_assert(cf->count > 0);
1924 progbar_val = (gfloat) progbar_count / cf->count;
1926 if (progbar != NULL) {
1927 g_snprintf(progbar_status_str, sizeof(progbar_status_str),
1928 "%4u of %u packets", progbar_count, cf->count);
1929 update_progress_dlg(progbar, progbar_val, progbar_status_str);
1932 progbar_nextstep += progbar_quantum;
1935 if (progbar_stop_flag) {
1936 /* Well, the user decided to abort the operation. Just stop,
1937 and arrange to return PSP_STOPPED to our caller, so they know
1938 it was stopped explicitly. */
1945 /* do we have to process this packet? */
1946 process_this = packet_range_process_packet(range, fdata);
1947 if (process_this == range_process_next) {
1948 /* this packet uninteresting, continue with next one */
1950 } else if (process_this == range_processing_finished) {
1951 /* all interesting packets processed, stop the loop */
1955 /* Get the packet */
1956 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
1957 pd, fdata->cap_len, &err, &err_info)) {
1958 /* Attempt to get the packet failed. */
1959 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1960 cf_read_error_message(err, err_info), cf->filename);
1964 /* Process the packet */
1965 if (!callback(cf, fdata, &pseudo_header, pd, callback_args)) {
1966 /* Callback failed. We assume it reported the error appropriately. */
1972 /* We're done printing the packets; destroy the progress bar if
1974 if (progbar != NULL)
1975 destroy_progress_dlg(progbar);
1981 gboolean construct_protocol_tree;
1983 } retap_callback_args_t;
1986 retap_packet(capture_file *cf _U_, frame_data *fdata,
1987 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1990 retap_callback_args_t *args = argsp;
1991 epan_dissect_t *edt;
1993 edt = epan_dissect_new(args->construct_protocol_tree, FALSE);
1994 tap_queue_init(edt);
1995 epan_dissect_run(edt, pseudo_header, pd, fdata, args->cinfo);
1996 tap_push_tapped_queue(edt);
1997 epan_dissect_free(edt);
2003 cf_retap_packets(capture_file *cf)
2005 packet_range_t range;
2006 retap_callback_args_t callback_args;
2007 gboolean filtering_tap_listeners;
2010 /* Do we have any tap listeners with filters? */
2011 filtering_tap_listeners = have_filtering_tap_listeners();
2013 tap_flags = union_of_tap_listener_flags();
2015 /* If any tap listeners have filters, or require the protocol tree,
2016 construct the protocol tree. */
2017 callback_args.construct_protocol_tree = filtering_tap_listeners ||
2018 (tap_flags & TL_REQUIRES_PROTO_TREE);
2020 /* If any tap listeners require the columns, construct them. */
2021 callback_args.cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
2023 /* Reset the tap listeners. */
2024 reset_tap_listeners();
2026 /* Iterate through the list of packets, dissecting all packets and
2027 re-running the taps. */
2028 packet_range_init(&range);
2029 packet_range_process_init(&range);
2030 switch (process_specified_packets(cf, &range, "Recalculating statistics on",
2031 "all packets", TRUE, retap_packet,
2034 /* Completed successfully. */
2038 /* Well, the user decided to abort the refiltering.
2039 Return CF_READ_ABORTED so our caller knows they did that. */
2040 return CF_READ_ABORTED;
2043 /* Error while retapping. */
2044 return CF_READ_ERROR;
2047 g_assert_not_reached();
2052 print_args_t *print_args;
2053 gboolean print_header_line;
2054 char *header_line_buf;
2055 int header_line_buf_len;
2056 gboolean print_formfeed;
2057 gboolean print_separator;
2061 } print_callback_args_t;
2064 print_packet(capture_file *cf, frame_data *fdata,
2065 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2068 print_callback_args_t *args = argsp;
2069 epan_dissect_t *edt;
2075 gboolean proto_tree_needed;
2076 char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
2077 char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
2079 /* Create the protocol tree, and make it visible, if we're printing
2080 the dissection or the hex data.
2081 XXX - do we need it if we're just printing the hex data? */
2083 args->print_args->print_dissections != print_dissections_none || args->print_args->print_hex || have_custom_cols(&cf->cinfo);
2084 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
2086 /* Fill in the column information if we're printing the summary
2088 if (args->print_args->print_summary) {
2089 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2090 epan_dissect_fill_in_columns(edt);
2092 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2094 if (args->print_formfeed) {
2095 if (!new_page(args->print_args->stream))
2098 if (args->print_separator) {
2099 if (!print_line(args->print_args->stream, 0, ""))
2105 * We generate bookmarks, if the output format supports them.
2106 * The name is "__frameN__".
2108 g_snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
2110 if (args->print_args->print_summary) {
2111 if (args->print_header_line) {
2112 if (!print_line(args->print_args->stream, 0, args->header_line_buf))
2114 args->print_header_line = FALSE; /* we might not need to print any more */
2116 cp = &args->line_buf[0];
2118 for (i = 0; i < cf->cinfo.num_cols; i++) {
2119 /* Find the length of the string for this column. */
2120 column_len = (int) strlen(cf->cinfo.col_data[i]);
2121 if (args->col_widths[i] > column_len)
2122 column_len = args->col_widths[i];
2124 /* Make sure there's room in the line buffer for the column; if not,
2125 double its length. */
2126 line_len += column_len + 1; /* "+1" for space */
2127 if (line_len > args->line_buf_len) {
2128 cp_off = (int) (cp - args->line_buf);
2129 args->line_buf_len = 2 * line_len;
2130 args->line_buf = g_realloc(args->line_buf, args->line_buf_len + 1);
2131 cp = args->line_buf + cp_off;
2134 /* Right-justify the packet number column. */
2135 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2136 g_snprintf(cp, column_len+1, "%*s", args->col_widths[i], cf->cinfo.col_data[i]);
2138 g_snprintf(cp, column_len+1, "%-*s", args->col_widths[i], cf->cinfo.col_data[i]);
2140 if (i != cf->cinfo.num_cols - 1)
2146 * Generate a bookmark, using the summary line as the title.
2148 if (!print_bookmark(args->print_args->stream, bookmark_name,
2152 if (!print_line(args->print_args->stream, 0, args->line_buf))
2156 * Generate a bookmark, using "Frame N" as the title, as we're not
2157 * printing the summary line.
2159 g_snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
2160 if (!print_bookmark(args->print_args->stream, bookmark_name,
2163 } /* if (print_summary) */
2165 if (args->print_args->print_dissections != print_dissections_none) {
2166 if (args->print_args->print_summary) {
2167 /* Separate the summary line from the tree with a blank line. */
2168 if (!print_line(args->print_args->stream, 0, ""))
2172 /* Print the information in that tree. */
2173 if (!proto_tree_print(args->print_args, edt, args->print_args->stream))
2176 /* Print a blank line if we print anything after this (aka more than one packet). */
2177 args->print_separator = TRUE;
2179 /* Print a header line if we print any more packet summaries */
2180 args->print_header_line = TRUE;
2183 if (args->print_args->print_hex) {
2184 /* Print the full packet data as hex. */
2185 if (!print_hex_data(args->print_args->stream, edt))
2188 /* Print a blank line if we print anything after this (aka more than one packet). */
2189 args->print_separator = TRUE;
2191 /* Print a header line if we print any more packet summaries */
2192 args->print_header_line = TRUE;
2193 } /* if (args->print_args->print_dissections != print_dissections_none) */
2195 epan_dissect_free(edt);
2197 /* do we want to have a formfeed between each packet from now on? */
2198 if(args->print_args->print_formfeed) {
2199 args->print_formfeed = TRUE;
2205 epan_dissect_free(edt);
2210 cf_print_packets(capture_file *cf, print_args_t *print_args)
2213 print_callback_args_t callback_args;
2221 callback_args.print_args = print_args;
2222 callback_args.print_header_line = TRUE;
2223 callback_args.header_line_buf = NULL;
2224 callback_args.header_line_buf_len = 256;
2225 callback_args.print_formfeed = FALSE;
2226 callback_args.print_separator = FALSE;
2227 callback_args.line_buf = NULL;
2228 callback_args.line_buf_len = 256;
2229 callback_args.col_widths = NULL;
2231 if (!print_preamble(print_args->stream, cf->filename)) {
2232 destroy_print_stream(print_args->stream);
2233 return CF_PRINT_WRITE_ERROR;
2236 if (print_args->print_summary) {
2237 /* We're printing packet summaries. Allocate the header line buffer
2238 and get the column widths. */
2239 callback_args.header_line_buf = g_malloc(callback_args.header_line_buf_len + 1);
2241 /* Find the widths for each of the columns - maximum of the
2242 width of the title and the width of the data - and construct
2243 a buffer with a line containing the column titles. */
2244 callback_args.col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
2245 cp = &callback_args.header_line_buf[0];
2247 for (i = 0; i < cf->cinfo.num_cols; i++) {
2248 /* Don't pad the last column. */
2249 if (i == cf->cinfo.num_cols - 1)
2250 callback_args.col_widths[i] = 0;
2252 callback_args.col_widths[i] = (gint) strlen(cf->cinfo.col_title[i]);
2253 data_width = get_column_char_width(get_column_format(i));
2254 if (data_width > callback_args.col_widths[i])
2255 callback_args.col_widths[i] = data_width;
2258 /* Find the length of the string for this column. */
2259 column_len = (int) strlen(cf->cinfo.col_title[i]);
2260 if (callback_args.col_widths[i] > column_len)
2261 column_len = callback_args.col_widths[i];
2263 /* Make sure there's room in the line buffer for the column; if not,
2264 double its length. */
2265 line_len += column_len + 1; /* "+1" for space */
2266 if (line_len > callback_args.header_line_buf_len) {
2267 cp_off = (int) (cp - callback_args.header_line_buf);
2268 callback_args.header_line_buf_len = 2 * line_len;
2269 callback_args.header_line_buf = g_realloc(callback_args.header_line_buf,
2270 callback_args.header_line_buf_len + 1);
2271 cp = callback_args.header_line_buf + cp_off;
2274 /* Right-justify the packet number column. */
2275 /* if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2276 g_snprintf(cp, column_len+1, "%*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2278 g_snprintf(cp, column_len+1, "%-*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2280 if (i != cf->cinfo.num_cols - 1)
2285 /* Now start out the main line buffer with the same length as the
2286 header line buffer. */
2287 callback_args.line_buf_len = callback_args.header_line_buf_len;
2288 callback_args.line_buf = g_malloc(callback_args.line_buf_len + 1);
2289 } /* if (print_summary) */
2291 /* Iterate through the list of packets, printing the packets we were
2293 ret = process_specified_packets(cf, &print_args->range, "Printing",
2294 "selected packets", TRUE, print_packet,
2297 g_free(callback_args.header_line_buf);
2298 g_free(callback_args.line_buf);
2299 g_free(callback_args.col_widths);
2304 /* Completed successfully. */
2308 /* Well, the user decided to abort the printing.
2310 XXX - note that what got generated before they did that
2311 will get printed if we're piping to a print program; we'd
2312 have to write to a file and then hand that to the print
2313 program to make it actually not print anything. */
2317 /* Error while printing.
2319 XXX - note that what got generated before they did that
2320 will get printed if we're piping to a print program; we'd
2321 have to write to a file and then hand that to the print
2322 program to make it actually not print anything. */
2323 destroy_print_stream(print_args->stream);
2324 return CF_PRINT_WRITE_ERROR;
2327 if (!print_finale(print_args->stream)) {
2328 destroy_print_stream(print_args->stream);
2329 return CF_PRINT_WRITE_ERROR;
2332 if (!destroy_print_stream(print_args->stream))
2333 return CF_PRINT_WRITE_ERROR;
2339 write_pdml_packet(capture_file *cf _U_, frame_data *fdata,
2340 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2344 epan_dissect_t *edt;
2346 /* Create the protocol tree, but don't fill in the column information. */
2347 edt = epan_dissect_new(TRUE, TRUE);
2348 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2350 /* Write out the information in that tree. */
2351 proto_tree_write_pdml(edt, fh);
2353 epan_dissect_free(edt);
2359 cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
2364 fh = ws_fopen(print_args->file, "w");
2366 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2368 write_pdml_preamble(fh);
2371 return CF_PRINT_WRITE_ERROR;
2374 /* Iterate through the list of packets, printing the packets we were
2376 ret = process_specified_packets(cf, &print_args->range, "Writing PDML",
2377 "selected packets", TRUE,
2378 write_pdml_packet, fh);
2383 /* Completed successfully. */
2387 /* Well, the user decided to abort the printing. */
2391 /* Error while printing. */
2393 return CF_PRINT_WRITE_ERROR;
2396 write_pdml_finale(fh);
2399 return CF_PRINT_WRITE_ERROR;
2402 /* XXX - check for an error */
2409 write_psml_packet(capture_file *cf, frame_data *fdata,
2410 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2414 epan_dissect_t *edt;
2415 gboolean proto_tree_needed;
2417 /* Fill in the column information, only create the protocol tree
2418 if having custom columns. */
2419 proto_tree_needed = have_custom_cols(&cf->cinfo);
2420 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
2421 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2422 epan_dissect_fill_in_columns(edt);
2424 /* Write out the information in that tree. */
2425 proto_tree_write_psml(edt, fh);
2427 epan_dissect_free(edt);
2433 cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
2438 fh = ws_fopen(print_args->file, "w");
2440 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2442 write_psml_preamble(fh);
2445 return CF_PRINT_WRITE_ERROR;
2448 /* Iterate through the list of packets, printing the packets we were
2450 ret = process_specified_packets(cf, &print_args->range, "Writing PSML",
2451 "selected packets", TRUE,
2452 write_psml_packet, fh);
2457 /* Completed successfully. */
2461 /* Well, the user decided to abort the printing. */
2465 /* Error while printing. */
2467 return CF_PRINT_WRITE_ERROR;
2470 write_psml_finale(fh);
2473 return CF_PRINT_WRITE_ERROR;
2476 /* XXX - check for an error */
2483 write_csv_packet(capture_file *cf, frame_data *fdata,
2484 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2488 epan_dissect_t *edt;
2489 gboolean proto_tree_needed;
2491 /* Fill in the column information, only create the protocol tree
2492 if having custom columns. */
2493 proto_tree_needed = have_custom_cols(&cf->cinfo);
2494 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
2495 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2496 epan_dissect_fill_in_columns(edt);
2498 /* Write out the information in that tree. */
2499 proto_tree_write_csv(edt, fh);
2501 epan_dissect_free(edt);
2507 cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
2512 fh = ws_fopen(print_args->file, "w");
2514 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2516 write_csv_preamble(fh);
2519 return CF_PRINT_WRITE_ERROR;
2522 /* Iterate through the list of packets, printing the packets we were
2524 ret = process_specified_packets(cf, &print_args->range, "Writing CSV",
2525 "selected packets", TRUE,
2526 write_csv_packet, fh);
2531 /* Completed successfully. */
2535 /* Well, the user decided to abort the printing. */
2539 /* Error while printing. */
2541 return CF_PRINT_WRITE_ERROR;
2544 write_csv_finale(fh);
2547 return CF_PRINT_WRITE_ERROR;
2550 /* XXX - check for an error */
2557 write_carrays_packet(capture_file *cf _U_, frame_data *fdata,
2558 union wtap_pseudo_header *pseudo_header _U_,
2559 const guint8 *pd, void *argsp)
2563 proto_tree_write_carrays(pd, fdata->cap_len, fdata->num, fh);
2568 cf_write_carrays_packets(capture_file *cf, print_args_t *print_args)
2573 fh = ws_fopen(print_args->file, "w");
2576 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2578 write_carrays_preamble(fh);
2582 return CF_PRINT_WRITE_ERROR;
2585 /* Iterate through the list of packets, printing the packets we were
2587 ret = process_specified_packets(cf, &print_args->range,
2589 "selected packets", TRUE,
2590 write_carrays_packet, fh);
2593 /* Completed successfully. */
2596 /* Well, the user decided to abort the printing. */
2599 /* Error while printing. */
2601 return CF_PRINT_WRITE_ERROR;
2604 write_carrays_finale(fh);
2608 return CF_PRINT_WRITE_ERROR;
2615 /* Scan through the packet list and change all columns that use the
2616 "command-line-specified" time stamp format to use the current
2617 value of that format. */
2619 cf_change_time_formats(capture_file *cf)
2622 progdlg_t *progbar = NULL;
2628 GTimeVal start_time;
2629 gchar status_str[100];
2630 int progbar_nextstep;
2631 int progbar_quantum;
2632 gboolean sorted_by_frame_column;
2635 /* adjust timestamp precision if auto is selected */
2636 cf_timestamp_auto_precision(cf);
2638 /* Are there any columns with time stamps in the "command-line-specified"
2641 XXX - we have to force the "column is writable" flag on, as it
2642 might be off from the last frame that was dissected. */
2643 col_set_writable(&cf->cinfo, TRUE);
2644 if (!check_col(&cf->cinfo, COL_CLS_TIME) &&
2645 !check_col(&cf->cinfo, COL_ABS_TIME) &&
2646 !check_col(&cf->cinfo, COL_ABS_DATE_TIME) &&
2647 !check_col(&cf->cinfo, COL_REL_TIME) &&
2648 !check_col(&cf->cinfo, COL_DELTA_TIME) &&
2649 !check_col(&cf->cinfo, COL_DELTA_TIME_DIS)) {
2650 /* No, there aren't any columns in that format, so we have no work
2655 /* Freeze the packet list while we redo it, so we don't get any
2656 screen updates while it happens. */
2657 #ifdef NEW_PACKET_LIST
2658 new_packet_list_freeze();
2660 packet_list_freeze();
2663 /* Update the progress bar when it gets to this value. */
2664 progbar_nextstep = 0;
2665 /* When we reach the value that triggers a progress bar update,
2666 bump that value by this amount. */
2667 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2668 /* Count of packets at which we've looked. */
2670 /* Progress so far. */
2673 /* If the rows are currently sorted by the frame column then we know
2674 * the row number of each packet: it's the row number of the previously
2675 * displayed packet + 1.
2677 * Otherwise, if the display is sorted by a different column then we have
2678 * to use the O(N) packet_list_find_row_from_data() (thus making the job
2679 * of changing the time display format O(N**2)).
2681 * (XXX - In fact it's still O(N**2) because gtk_clist_set_text() takes
2682 * the row number and walks that many elements down the clist to find
2683 * the appropriate element.)
2685 sorted_by_frame_column = FALSE;
2686 for (i = 0; i < cf->cinfo.num_cols; i++) {
2687 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2689 #ifndef NEW_PACKET_LIST
2690 sorted_by_frame_column = (i == packet_list_get_sort_column());
2697 g_get_current_time(&start_time);
2699 /* Iterate through the list of packets, checking whether the packet
2700 is in a row of the summary list and, if so, whether there are
2701 any columns that show the time in the "command-line-specified"
2702 format and, if so, update that row. */
2703 for (fdata = cf->plist, row = -1; fdata != NULL; fdata = fdata->next) {
2704 /* Create the progress bar if necessary.
2705 We check on every iteration of the loop, so that it takes no
2706 longer than the standard time to create it (otherwise, for a
2707 large file, we might take considerably longer than that standard
2708 time in order to get to the next progress bar step). */
2709 if (progbar == NULL)
2710 progbar = delayed_create_progress_dlg("Changing", "time display",
2711 TRUE, &stop_flag, &start_time, progbar_val);
2713 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2714 when we update it, we have to run the GTK+ main loop to get it
2715 to repaint what's pending, and doing so may involve an "ioctl()"
2716 to see if there's any pending input from an X server, and doing
2717 that for every packet can be costly, especially on a big file. */
2718 if (count >= progbar_nextstep) {
2719 /* let's not divide by zero. I should never be started
2720 * with count == 0, so let's assert that
2722 g_assert(cf->count > 0);
2724 progbar_val = (gfloat) count / cf->count;
2726 if (progbar != NULL) {
2727 g_snprintf(status_str, sizeof(status_str),
2728 "%4u of %u packets", count, cf->count);
2729 update_progress_dlg(progbar, progbar_val, status_str);
2732 progbar_nextstep += progbar_quantum;
2736 /* Well, the user decided to abort the redisplay. Just stop.
2738 XXX - this leaves the time field in the old format in
2739 frames we haven't yet processed. So it goes; should we
2740 simply not offer them the option of stopping? */
2746 /* Find what row this packet is in. */
2747 if (!sorted_by_frame_column) {
2748 /* This function is O(N), so we try to avoid using it... */
2749 #ifdef NEW_PACKET_LIST
2750 row = new_packet_list_find_row_from_data(fdata, FALSE);
2752 row = packet_list_find_row_from_data(fdata);
2755 /* ...which we do by maintaining a count of packets that are
2756 being displayed (i.e., that have passed the display filter),
2757 and using the current value of that count as the row number
2758 (which is why we can only do it when the display is sorted
2759 by the frame number). */
2760 if (fdata->flags.passed_dfilter)
2767 /* This packet is in the summary list, on row "row". */
2769 for (i = 0; i < cf->cinfo.num_cols; i++) {
2770 if (col_has_time_fmt(&cf->cinfo, i)) {
2771 /* This is one of the columns that shows the time in
2772 "command-line-specified" format; update it. */
2773 cf->cinfo.col_buf[i][0] = '\0';
2774 col_set_fmt_time(fdata, &cf->cinfo, cf->cinfo.col_fmt[i], i);
2775 #ifdef NEW_PACKET_LIST
2777 packet_list_set_text(row, i, cf->cinfo.col_data[i]);
2784 /* We're done redisplaying the packets; destroy the progress bar if it
2786 if (progbar != NULL)
2787 destroy_progress_dlg(progbar);
2789 /* Set the column widths of those columns that show the time in
2790 "command-line-specified" format. */
2791 for (i = 0; i < cf->cinfo.num_cols; i++) {
2792 if (col_has_time_fmt(&cf->cinfo, i)) {
2793 #ifndef NEW_PACKET_LIST
2794 packet_list_set_time_width(cf->cinfo.col_fmt[i], i);
2799 /* Unfreeze the packet list. */
2800 #ifdef NEW_PACKET_LIST
2801 new_packet_list_thaw();
2811 gboolean frame_matched;
2815 cf_find_packet_protocol_tree(capture_file *cf, const char *string)
2819 mdata.string = string;
2820 mdata.string_len = strlen(string);
2821 return find_packet(cf, match_protocol_tree, &mdata);
2825 match_protocol_tree(capture_file *cf, frame_data *fdata, void *criterion)
2827 match_data *mdata = criterion;
2828 epan_dissect_t *edt;
2830 /* Construct the protocol tree, including the displayed text */
2831 edt = epan_dissect_new(TRUE, TRUE);
2832 /* We don't need the column information */
2833 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
2835 /* Iterate through all the nodes, seeing if they have text that matches. */
2837 mdata->frame_matched = FALSE;
2838 proto_tree_children_foreach(edt->tree, match_subtree_text, mdata);
2839 epan_dissect_free(edt);
2840 return mdata->frame_matched;
2844 match_subtree_text(proto_node *node, gpointer data)
2846 match_data *mdata = (match_data*) data;
2847 const gchar *string = mdata->string;
2848 size_t string_len = mdata->string_len;
2849 capture_file *cf = mdata->cf;
2850 field_info *fi = PITEM_FINFO(node);
2851 gchar label_str[ITEM_LABEL_LENGTH];
2858 if (mdata->frame_matched) {
2859 /* We already had a match; don't bother doing any more work. */
2863 /* Don't match invisible entries. */
2864 if (PROTO_ITEM_IS_HIDDEN(node))
2867 /* was a free format label produced? */
2869 label_ptr = fi->rep->representation;
2871 /* no, make a generic label */
2872 label_ptr = label_str;
2873 proto_item_fill_label(fi, label_str);
2876 /* Does that label match? */
2877 label_len = strlen(label_ptr);
2878 for (i = 0; i < label_len; i++) {
2879 c_char = label_ptr[i];
2881 c_char = toupper(c_char);
2882 if (c_char == string[c_match]) {
2884 if (c_match == string_len) {
2885 /* No need to look further; we have a match */
2886 mdata->frame_matched = TRUE;
2893 /* Recurse into the subtree, if it exists */
2894 if (node->first_child != NULL)
2895 proto_tree_children_foreach(node, match_subtree_text, mdata);
2899 cf_find_packet_summary_line(capture_file *cf, const char *string)
2903 mdata.string = string;
2904 mdata.string_len = strlen(string);
2905 return find_packet(cf, match_summary_line, &mdata);
2909 match_summary_line(capture_file *cf, frame_data *fdata, void *criterion)
2911 match_data *mdata = criterion;
2912 const gchar *string = mdata->string;
2913 size_t string_len = mdata->string_len;
2914 epan_dissect_t *edt;
2915 const char *info_column;
2916 size_t info_column_len;
2917 gboolean frame_matched = FALSE;
2923 /* Don't bother constructing the protocol tree */
2924 edt = epan_dissect_new(FALSE, FALSE);
2925 /* Get the column information */
2926 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
2928 /* Find the Info column */
2929 for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
2930 if (cf->cinfo.fmt_matx[colx][COL_INFO]) {
2931 /* Found it. See if we match. */
2932 info_column = edt->pi.cinfo->col_data[colx];
2933 info_column_len = strlen(info_column);
2934 for (i = 0; i < info_column_len; i++) {
2935 c_char = info_column[i];
2937 c_char = toupper(c_char);
2938 if (c_char == string[c_match]) {
2940 if (c_match == string_len) {
2941 frame_matched = TRUE;
2950 epan_dissect_free(edt);
2951 return frame_matched;
2957 } cbs_t; /* "Counted byte string" */
2960 cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size)
2965 info.data_len = string_size;
2967 /* String or hex search? */
2969 /* String search - what type of string? */
2970 switch (cf->scs_type) {
2972 case SCS_ASCII_AND_UNICODE:
2973 return find_packet(cf, match_ascii_and_unicode, &info);
2976 return find_packet(cf, match_ascii, &info);
2979 return find_packet(cf, match_unicode, &info);
2982 g_assert_not_reached();
2986 return find_packet(cf, match_binary, &info);
2990 match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2992 cbs_t *info = criterion;
2993 const guint8 *ascii_text = info->data;
2994 size_t textlen = info->data_len;
2995 gboolean frame_matched;
3001 frame_matched = FALSE;
3002 buf_len = fdata->pkt_len;
3003 for (i = 0; i < buf_len; i++) {
3006 c_char = toupper(c_char);
3008 if (c_char == ascii_text[c_match]) {
3010 if (c_match == textlen) {
3011 frame_matched = TRUE;
3012 cf->search_pos = i; /* Save the position of the last character
3013 for highlighting the field. */
3020 return frame_matched;
3024 match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
3026 cbs_t *info = criterion;
3027 const guint8 *ascii_text = info->data;
3028 size_t textlen = info->data_len;
3029 gboolean frame_matched;
3035 frame_matched = FALSE;
3036 buf_len = fdata->pkt_len;
3037 for (i = 0; i < buf_len; i++) {
3040 c_char = toupper(c_char);
3041 if (c_char == ascii_text[c_match]) {
3043 if (c_match == textlen) {
3044 frame_matched = TRUE;
3045 cf->search_pos = i; /* Save the position of the last character
3046 for highlighting the field. */
3052 return frame_matched;
3056 match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
3058 cbs_t *info = criterion;
3059 const guint8 *ascii_text = info->data;
3060 size_t textlen = info->data_len;
3061 gboolean frame_matched;
3067 frame_matched = FALSE;
3068 buf_len = fdata->pkt_len;
3069 for (i = 0; i < buf_len; i++) {
3072 c_char = toupper(c_char);
3073 if (c_char == ascii_text[c_match]) {
3076 if (c_match == textlen) {
3077 frame_matched = TRUE;
3078 cf->search_pos = i; /* Save the position of the last character
3079 for highlighting the field. */
3085 return frame_matched;
3089 match_binary(capture_file *cf, frame_data *fdata, void *criterion)
3091 cbs_t *info = criterion;
3092 const guint8 *binary_data = info->data;
3093 size_t datalen = info->data_len;
3094 gboolean frame_matched;
3099 frame_matched = FALSE;
3100 buf_len = fdata->pkt_len;
3101 for (i = 0; i < buf_len; i++) {
3102 if (cf->pd[i] == binary_data[c_match]) {
3104 if (c_match == datalen) {
3105 frame_matched = TRUE;
3106 cf->search_pos = i; /* Save the position of the last character
3107 for highlighting the field. */
3113 return frame_matched;
3117 cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode)
3119 return find_packet(cf, match_dfilter, sfcode);
3123 match_dfilter(capture_file *cf, frame_data *fdata, void *criterion)
3125 dfilter_t *sfcode = criterion;
3126 epan_dissect_t *edt;
3127 gboolean frame_matched;
3129 edt = epan_dissect_new(TRUE, FALSE);
3130 epan_dissect_prime_dfilter(edt, sfcode);
3131 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
3132 frame_matched = dfilter_apply_edt(sfcode, edt);
3133 epan_dissect_free(edt);
3134 return frame_matched;
3138 find_packet(capture_file *cf,
3139 gboolean (*match_function)(capture_file *, frame_data *, void *),
3142 frame_data *start_fd;
3144 frame_data *new_fd = NULL;
3145 progdlg_t *progbar = NULL;
3152 GTimeVal start_time;
3153 gchar status_str[100];
3154 int progbar_nextstep;
3155 int progbar_quantum;
3158 start_fd = cf->current_frame;
3159 if (start_fd != NULL) {
3160 /* Iterate through the list of packets, starting at the packet we've
3161 picked, calling a routine to run the filter on the packet, see if
3162 it matches, and stop if so. */
3166 /* Update the progress bar when it gets to this value. */
3167 progbar_nextstep = 0;
3168 /* When we reach the value that triggers a progress bar update,
3169 bump that value by this amount. */
3170 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
3171 /* Progress so far. */
3175 g_get_current_time(&start_time);
3178 title = cf->sfilter?cf->sfilter:"";
3180 /* Create the progress bar if necessary.
3181 We check on every iteration of the loop, so that it takes no
3182 longer than the standard time to create it (otherwise, for a
3183 large file, we might take considerably longer than that standard
3184 time in order to get to the next progress bar step). */
3185 if (progbar == NULL)
3186 progbar = delayed_create_progress_dlg("Searching", title,
3187 FALSE, &stop_flag, &start_time, progbar_val);
3189 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
3190 when we update it, we have to run the GTK+ main loop to get it
3191 to repaint what's pending, and doing so may involve an "ioctl()"
3192 to see if there's any pending input from an X server, and doing
3193 that for every packet can be costly, especially on a big file. */
3194 if (count >= progbar_nextstep) {
3195 /* let's not divide by zero. I should never be started
3196 * with count == 0, so let's assert that
3198 g_assert(cf->count > 0);
3200 progbar_val = (gfloat) count / cf->count;
3202 if (progbar != NULL) {
3203 g_snprintf(status_str, sizeof(status_str),
3204 "%4u of %u packets", count, cf->count);
3205 update_progress_dlg(progbar, progbar_val, status_str);
3208 progbar_nextstep += progbar_quantum;
3212 /* Well, the user decided to abort the search. Go back to the
3213 frame where we started. */
3218 /* Go past the current frame. */
3219 if (cf->sbackward) {
3220 /* Go on to the previous frame. */
3221 fdata = fdata->prev;
3222 if (fdata == NULL) {
3224 * XXX - other apps have a bit more of a detailed message
3225 * for this, and instead of offering "OK" and "Cancel",
3226 * they offer things such as "Continue" and "Cancel";
3227 * we need an API for popping up alert boxes with
3228 * {Verb} and "Cancel".
3231 if (prefs.gui_find_wrap)
3233 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3234 "%sBeginning of capture exceeded!%s\n\n"
3235 "Search is continued from the end of the capture.",
3236 simple_dialog_primary_start(), simple_dialog_primary_end());
3237 fdata = cf->plist_end; /* wrap around */
3241 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3242 "%sBeginning of capture exceeded!%s\n\n"
3243 "Try searching forwards.",
3244 simple_dialog_primary_start(), simple_dialog_primary_end());
3245 fdata = start_fd; /* stay on previous packet */
3249 /* Go on to the next frame. */
3250 fdata = fdata->next;
3251 if (fdata == NULL) {
3252 if (prefs.gui_find_wrap)
3254 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3255 "%sEnd of capture exceeded!%s\n\n"
3256 "Search is continued from the start of the capture.",
3257 simple_dialog_primary_start(), simple_dialog_primary_end());
3258 fdata = cf->plist; /* wrap around */
3262 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3263 "%sEnd of capture exceeded!%s\n\n"
3264 "Try searching backwards.",
3265 simple_dialog_primary_start(), simple_dialog_primary_end());
3266 fdata = start_fd; /* stay on previous packet */
3273 /* Is this packet in the display? */
3274 if (fdata->flags.passed_dfilter) {
3275 /* Yes. Load its data. */
3276 if (!wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
3277 cf->pd, fdata->cap_len, &err, &err_info)) {
3278 /* Read error. Report the error, and go back to the frame
3279 where we started. */
3280 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3281 cf_read_error_message(err, err_info), cf->filename);
3286 /* Does it match the search criterion? */
3287 if ((*match_function)(cf, fdata, criterion)) {
3289 break; /* found it! */
3293 if (fdata == start_fd) {
3294 /* We're back to the frame we were on originally, and that frame
3295 doesn't match the search filter. The search failed. */
3300 /* We're done scanning the packets; destroy the progress bar if it
3302 if (progbar != NULL)
3303 destroy_progress_dlg(progbar);
3306 if (new_fd != NULL) {
3307 #ifdef NEW_PACKET_LIST
3308 /* Find and select */
3309 row = new_packet_list_find_row_from_data(fdata, TRUE);
3311 /* We found a frame. Find what row it's in. */
3312 row = packet_list_find_row_from_data(new_fd);
3313 #endif /* NEW_PACKET_LIST */
3315 /* We didn't find a row even though we know that a frame
3316 * exists that satifies the search criteria. This means that the
3317 * frame isn't being displayed currently so we can't select it. */
3318 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3319 "%sEnd of capture exceeded!%s\n\n"
3320 "The capture file is probably not fully loaded.",
3321 simple_dialog_primary_start(), simple_dialog_primary_end());
3325 #ifndef NEW_PACKET_LIST
3326 /* Select that row, make it the focus row, and make it visible. */
3327 packet_list_set_selected_row(row);
3328 #endif /* NEW_PACKET_LIST */
3329 return TRUE; /* success */
3331 return FALSE; /* failure */
3335 cf_goto_frame(capture_file *cf, guint fnumber)
3340 for (fdata = cf->plist; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
3343 if (fdata == NULL) {
3344 /* we didn't find a packet with that packet number */
3345 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3346 "There is no packet with the packet number %u.", fnumber);
3347 return FALSE; /* we failed to go to that packet */
3349 if (!fdata->flags.passed_dfilter) {
3350 /* that packet currently isn't displayed */
3351 /* XXX - add it to the set of displayed packets? */
3352 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3353 "The packet number %u isn't currently being displayed.", fnumber);
3354 return FALSE; /* we failed to go to that packet */
3357 #ifdef NEW_PACKET_LIST
3358 row = new_packet_list_find_row_from_data(fdata, TRUE);
3360 /* We found that packet, and it's currently being displayed.
3361 Find what row it's in. */
3362 row = packet_list_find_row_from_data(fdata);
3363 g_assert(row != -1);
3365 /* Select that row, make it the focus row, and make it visible. */
3366 packet_list_set_selected_row(row);
3367 #endif /* NEW_PACKET_LIST */
3368 return TRUE; /* we got to that packet */
3372 cf_goto_top_frame(capture_file *cf)
3376 frame_data *lowest_fdata = NULL;
3378 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3379 if (fdata->flags.passed_dfilter) {
3380 lowest_fdata = fdata;
3385 if (lowest_fdata == NULL) {
3389 #ifdef NEW_PACKET_LIST
3390 /* Find and select */
3391 row = new_packet_list_find_row_from_data(fdata, TRUE);
3393 /* We found that packet, and it's currently being displayed.
3394 Find what row it's in. */
3395 row = packet_list_find_row_from_data(lowest_fdata);
3396 g_assert(row != -1);
3398 /* Select that row, make it the focus row, and make it visible. */
3399 packet_list_set_selected_row(row);
3400 #endif /* NEW_PACKET_LIST */
3401 return TRUE; /* we got to that packet */
3405 cf_goto_bottom_frame(capture_file *cf)
3409 frame_data *highest_fdata = NULL;
3411 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3412 if (fdata->flags.passed_dfilter) {
3413 highest_fdata = fdata;
3417 if (highest_fdata == NULL) {
3421 #ifdef NEW_PACKET_LIST
3422 /* Find and select */
3423 row = new_packet_list_find_row_from_data(fdata, TRUE);
3425 /* We found that packet, and it's currently being displayed.
3426 Find what row it's in. */
3427 row = packet_list_find_row_from_data(highest_fdata);
3428 g_assert(row != -1);
3430 /* Select that row, make it the focus row, and make it visible. */
3431 packet_list_set_selected_row(row);
3432 #endif /* NEW_PACKET_LIST */
3433 return TRUE; /* we got to that packet */
3437 * Go to frame specified by currently selected protocol tree item.
3440 cf_goto_framenum(capture_file *cf)
3442 header_field_info *hfinfo;
3445 if (cf->finfo_selected) {
3446 hfinfo = cf->finfo_selected->hfinfo;
3448 if (hfinfo->type == FT_FRAMENUM) {
3449 framenum = fvalue_get_uinteger(&cf->finfo_selected->value);
3451 return cf_goto_frame(cf, framenum);
3458 /* Select the packet on a given row. */
3460 cf_select_packet(capture_file *cf, int row)
3466 /* Get the frame data struct pointer for this frame */
3467 #ifdef NEW_PACKET_LIST
3468 fdata = new_packet_list_get_row_data(row);
3470 fdata = (frame_data *)packet_list_get_row_data(row);
3473 if (fdata == NULL) {
3474 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
3475 the first entry is added to it by "real_insert_row()", that row
3476 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
3477 our version and the vanilla GTK+ version).
3479 This means that a "select-row" signal is emitted; this causes
3480 "packet_list_select_cb()" to be called, which causes "cf_select_packet()"
3483 "cf_select_packet()" fetches, above, the data associated with the
3484 row that was selected; however, as "gtk_clist_append()", which
3485 called "real_insert_row()", hasn't yet returned, we haven't yet
3486 associated any data with that row, so we get back a null pointer.
3488 We can't assume that there's only one frame in the frame list,
3489 either, as we may be filtering the display.
3491 We therefore assume that, if "row" is 0, i.e. the first row
3492 is being selected, and "cf->first_displayed" equals
3493 "cf->last_displayed", i.e. there's only one frame being
3494 displayed, that frame is the frame we want.
3496 This means we have to set "cf->first_displayed" and
3497 "cf->last_displayed" before adding the row to the
3498 GtkCList; see the comment in "add_packet_to_packet_list()". */
3500 if (row == 0 && cf->first_displayed == cf->last_displayed)
3501 fdata = cf->first_displayed;
3504 /* If fdata _still_ isn't set simply give up. */
3505 if (fdata == NULL) {
3509 /* Get the data in that frame. */
3510 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
3511 cf->pd, fdata->cap_len, &err, &err_info)) {
3512 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3513 cf_read_error_message(err, err_info), cf->filename);
3517 /* Record that this frame is the current frame. */
3518 cf->current_frame = fdata;
3519 cf->current_row = row;
3521 /* Create the logical protocol tree. */
3522 if (cf->edt != NULL) {
3523 epan_dissect_free(cf->edt);
3526 /* We don't need the columns here. */
3527 cf->edt = epan_dissect_new(TRUE, TRUE);
3529 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
3532 dfilter_macro_build_ftv_cache(cf->edt->tree);
3534 cf_callback_invoke(cf_cb_packet_selected, cf);
3537 /* Unselect the selected packet, if any. */
3539 cf_unselect_packet(capture_file *cf)
3541 /* Destroy the epan_dissect_t for the unselected packet. */
3542 if (cf->edt != NULL) {
3543 epan_dissect_free(cf->edt);
3547 /* No packet is selected. */
3548 cf->current_frame = NULL;
3549 cf->current_row = 0;
3551 cf_callback_invoke(cf_cb_packet_unselected, cf);
3553 /* No protocol tree means no selected field. */
3554 cf_unselect_field(cf);
3557 /* Unset the selected protocol tree field, if any. */
3559 cf_unselect_field(capture_file *cf)
3561 cf->finfo_selected = NULL;
3563 cf_callback_invoke(cf_cb_field_unselected, cf);
3567 * Mark a particular frame.
3570 cf_mark_frame(capture_file *cf, frame_data *frame)
3572 if (! frame->flags.marked) {
3573 frame->flags.marked = TRUE;
3574 if (cf->count > cf->marked_count)
3580 * Unmark a particular frame.
3583 cf_unmark_frame(capture_file *cf, frame_data *frame)
3585 if (frame->flags.marked) {
3586 frame->flags.marked = FALSE;
3587 if (cf->marked_count > 0)
3595 } save_callback_args_t;
3598 * Save a capture to a file, in a particular format, saving either
3599 * all packets, all currently-displayed packets, or all marked packets.
3601 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
3602 * up a message box for the failure.
3605 save_packet(capture_file *cf _U_, frame_data *fdata,
3606 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
3609 save_callback_args_t *args = argsp;
3610 struct wtap_pkthdr hdr;
3613 /* init the wtap header for saving */
3614 hdr.ts.secs = fdata->abs_ts.secs;
3615 hdr.ts.nsecs = fdata->abs_ts.nsecs;
3616 hdr.caplen = fdata->cap_len;
3617 hdr.len = fdata->pkt_len;
3618 hdr.pkt_encap = fdata->lnk_t;
3620 /* and save the packet */
3621 if (!wtap_dump(args->pdh, &hdr, pseudo_header, pd, &err)) {
3622 cf_write_failure_alert_box(args->fname, err);
3629 * Can this capture file be saved in any format except by copying the raw data?
3632 cf_can_save_as(capture_file *cf)
3636 for (ft = 0; ft < WTAP_NUM_FILE_TYPES; ft++) {
3637 /* To save a file with Wiretap, Wiretap has to handle that format,
3638 and its code to handle that format must be able to write a file
3639 with this file's encapsulation type. */
3640 if (wtap_dump_can_open(ft) && wtap_dump_can_write_encap(ft, cf->lnk_t)) {
3641 /* OK, we can write it out in this type. */
3646 /* No, we couldn't save it in any format. */
3651 cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed)
3653 gchar *from_filename;
3657 save_callback_args_t callback_args;
3659 cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname);
3661 /* don't write over an existing file. */
3662 /* this should've been already checked by our caller, just to be sure... */
3663 if (file_exists(fname)) {
3664 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3665 "%sCapture file: \"%s\" already exists!%s\n\n"
3666 "Please choose a different filename.",
3667 simple_dialog_primary_start(), fname, simple_dialog_primary_end());
3671 packet_range_process_init(range);
3674 if (packet_range_process_all(range) && save_format == cf->cd_t) {
3675 /* We're not filtering packets, and we're saving it in the format
3676 it's already in, so we can just move or copy the raw data. */
3678 if (cf->is_tempfile) {
3679 /* The file being saved is a temporary file from a live
3680 capture, so it doesn't need to stay around under that name;
3681 first, try renaming the capture buffer file to the new name. */
3683 if (ws_rename(cf->filename, fname) == 0) {
3684 /* That succeeded - there's no need to copy the source file. */
3685 from_filename = NULL;
3688 if (errno == EXDEV) {
3689 /* They're on different file systems, so we have to copy the
3692 from_filename = cf->filename;
3694 /* The rename failed, but not because they're on different
3695 file systems - put up an error message. (Or should we
3696 just punt and try to copy? The only reason why I'd
3697 expect the rename to fail and the copy to succeed would
3698 be if we didn't have permission to remove the file from
3699 the temporary directory, and that might be fixable - but
3700 is it worth requiring the user to go off and fix it?) */
3701 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3702 file_rename_error_message(errno), fname);
3708 from_filename = cf->filename;
3711 /* It's a permanent file, so we should copy it, and not remove the
3714 from_filename = cf->filename;
3718 /* Copy the file, if we haven't moved it. */
3719 if (!copy_file_binary_mode(from_filename, fname))
3723 /* Either we're filtering packets, or we're saving in a different
3724 format; we can't do that by copying or moving the capture file,
3725 we have to do it by writing the packets out in Wiretap. */
3726 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap,
3729 cf_open_failure_alert_box(fname, err, NULL, TRUE, save_format);
3733 /* XXX - we let the user save a subset of the packets.
3735 If we do that, should we make that file the current file? If so,
3736 it means we can no longer get at the other packets. What does
3739 /* Iterate through the list of packets, processing the packets we were
3742 XXX - we've already called "packet_range_process_init(range)", but
3743 "process_specified_packets()" will do it again. Fortunately,
3744 that's harmless in this case, as we haven't done anything to
3745 "range" since we initialized it. */
3746 callback_args.pdh = pdh;
3747 callback_args.fname = fname;
3748 switch (process_specified_packets(cf, range, "Saving", "selected packets",
3749 TRUE, save_packet, &callback_args)) {
3752 /* Completed successfully. */
3756 /* The user decided to abort the saving.
3757 XXX - remove the output file? */
3761 /* Error while saving. */
3762 wtap_dump_close(pdh, &err);
3766 if (!wtap_dump_close(pdh, &err)) {
3767 cf_close_failure_alert_box(fname, err);
3772 cf_callback_invoke(cf_cb_file_safe_finished, NULL);
3774 if (packet_range_process_all(range)) {
3775 /* We saved the entire capture, not just some packets from it.
3776 Open and read the file we saved it to.
3778 XXX - this is somewhat of a waste; we already have the
3779 packets, all this gets us is updated file type information
3780 (which we could just stuff into "cf"), and having the new
3781 file be the one we have opened and from which we're reading
3782 the data, and it means we have to spend time opening and
3783 reading the file, which could be a significant amount of
3784 time if the file is large. */
3785 cf->user_saved = TRUE;
3787 if ((cf_open(cf, fname, FALSE, &err)) == CF_OK) {
3788 /* XXX - report errors if this fails?
3789 What should we return if it fails or is aborted? */
3790 switch (cf_read(cf)) {
3794 /* Just because we got an error, that doesn't mean we were unable
3795 to read any of the file; we handle what we could get from the
3799 case CF_READ_ABORTED:
3800 /* The user bailed out of re-reading the capture file; the
3801 capture file has been closed - just return (without
3802 changing any menu settings; "cf_close()" set them
3803 correctly for the "no capture file open" state). */
3806 cf_callback_invoke(cf_cb_file_safe_reload_finished, NULL);
3812 cf_callback_invoke(cf_cb_file_safe_failed, NULL);
3817 cf_open_failure_alert_box(const char *filename, int err, gchar *err_info,
3818 gboolean for_writing, int file_type)
3821 /* Wiretap error. */
3824 case WTAP_ERR_NOT_REGULAR_FILE:
3825 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3826 "The file \"%s\" is a \"special file\" or socket or other non-regular file.",
3830 case WTAP_ERR_RANDOM_OPEN_PIPE:
3831 /* Seen only when opening a capture file for reading. */
3832 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3833 "The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.",
3837 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
3838 /* Seen only when opening a capture file for reading. */
3839 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3840 "The file \"%s\" isn't a capture file in a format Wireshark understands.",
3844 case WTAP_ERR_UNSUPPORTED:
3845 /* Seen only when opening a capture file for reading. */
3846 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3847 "The file \"%s\" isn't a capture file in a format Wireshark understands.\n"
3849 filename, err_info);
3853 case WTAP_ERR_CANT_WRITE_TO_PIPE:
3854 /* Seen only when opening a capture file for writing. */
3855 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3856 "The file \"%s\" is a pipe, and %s capture files can't be "
3857 "written to a pipe.",
3858 filename, wtap_file_type_string(file_type));
3861 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
3862 /* Seen only when opening a capture file for writing. */
3863 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3864 "Wireshark doesn't support writing capture files in that format.");
3867 case WTAP_ERR_UNSUPPORTED_ENCAP:
3869 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3870 "Wireshark can't save this capture in that format.");
3872 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3873 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.\n"
3875 filename, err_info);
3880 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
3882 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3883 "Wireshark can't save this capture in that format.");
3885 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3886 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
3891 case WTAP_ERR_BAD_RECORD:
3892 /* Seen only when opening a capture file for reading. */
3893 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3894 "The file \"%s\" appears to be damaged or corrupt.\n"
3896 filename, err_info);
3900 case WTAP_ERR_CANT_OPEN:
3902 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3903 "The file \"%s\" could not be created for some unknown reason.",
3906 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3907 "The file \"%s\" could not be opened for some unknown reason.",
3912 case WTAP_ERR_SHORT_READ:
3913 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3914 "The file \"%s\" appears to have been cut short"
3915 " in the middle of a packet or other data.",
3919 case WTAP_ERR_SHORT_WRITE:
3920 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3921 "A full header couldn't be written to the file \"%s\".",
3925 case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
3926 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3927 "Gzip compression not supported by this file type.");
3931 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3932 "The file \"%s\" could not be %s: %s.",
3934 for_writing ? "created" : "opened",
3935 wtap_strerror(err));
3940 open_failure_alert_box(filename, err, for_writing);
3945 file_rename_error_message(int err)
3948 static char errmsg_errno[1024+1];
3953 errmsg = "The path to the file \"%s\" doesn't exist.";
3957 errmsg = "You don't have permission to move the capture file to \"%s\".";
3961 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3962 "The file \"%%s\" could not be moved: %s.",
3963 wtap_strerror(err));
3964 errmsg = errmsg_errno;
3971 cf_read_error_message(int err, gchar *err_info)
3973 static char errmsg_errno[1024+1];
3977 case WTAP_ERR_UNSUPPORTED_ENCAP:
3978 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3979 "The file \"%%s\" has a packet with a network type that Wireshark doesn't support.\n(%s)",
3984 case WTAP_ERR_BAD_RECORD:
3985 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3986 "An error occurred while reading from the file \"%%s\": %s.\n(%s)",
3987 wtap_strerror(err), err_info);
3992 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3993 "An error occurred while reading from the file \"%%s\": %s.",
3994 wtap_strerror(err));
3997 return errmsg_errno;
4001 cf_write_failure_alert_box(const char *filename, int err)
4004 /* Wiretap error. */
4005 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4006 "An error occurred while writing to the file \"%s\": %s.",
4007 filename, wtap_strerror(err));
4010 write_failure_alert_box(filename, err);
4014 /* Check for write errors - if the file is being written to an NFS server,
4015 a write error may not show up until the file is closed, as NFS clients
4016 might not send writes to the server until the "write()" call finishes,
4017 so that the write may fail on the server but the "write()" may succeed. */
4019 cf_close_failure_alert_box(const char *filename, int err)
4022 /* Wiretap error. */
4025 case WTAP_ERR_CANT_CLOSE:
4026 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4027 "The file \"%s\" couldn't be closed for some unknown reason.",
4031 case WTAP_ERR_SHORT_WRITE:
4032 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4033 "Not all the packets could be written to the file \"%s\".",
4038 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4039 "An error occurred while closing the file \"%s\": %s.",
4040 filename, wtap_strerror(err));
4045 We assume that a close error from the OS is really a write error. */
4046 write_failure_alert_box(filename, err);
4050 /* Reload the current capture file. */
4052 cf_reload(capture_file *cf) {
4054 gboolean is_tempfile;
4057 /* If the file could be opened, "cf_open()" calls "cf_close()"
4058 to get rid of state for the old capture file before filling in state
4059 for the new capture file. "cf_close()" will remove the file if
4060 it's a temporary file; we don't want that to happen (for one thing,
4061 it'd prevent subsequent reopens from working). Remember whether it's
4062 a temporary file, mark it as not being a temporary file, and then
4063 reopen it as the type of file it was.
4065 Also, "cf_close()" will free "cf->filename", so we must make
4066 a copy of it first. */
4067 filename = g_strdup(cf->filename);
4068 is_tempfile = cf->is_tempfile;
4069 cf->is_tempfile = FALSE;
4070 if (cf_open(cf, filename, is_tempfile, &err) == CF_OK) {
4071 switch (cf_read(cf)) {
4075 /* Just because we got an error, that doesn't mean we were unable
4076 to read any of the file; we handle what we could get from the
4080 case CF_READ_ABORTED:
4081 /* The user bailed out of re-reading the capture file; the
4082 capture file has been closed - just free the capture file name
4083 string and return (without changing the last containing
4089 /* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
4090 Instead, the file was left open, so we should restore "cf->is_tempfile"
4093 XXX - change the menu? Presumably "cf_open()" will do that;
4094 make sure it does! */
4095 cf->is_tempfile = is_tempfile;
4097 /* "cf_open()" made a copy of the file name we handed it, so
4098 we should free up our copy. */