4 * $Id: file.c,v 1.277 2002/06/07 07:47:56 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
47 #ifdef HAVE_SYS_STAT_H
55 #ifdef NEED_SNPRINTF_H
56 # include "snprintf.h"
59 #ifdef NEED_STRERROR_H
63 #ifdef HAVE_SYS_TYPES_H
64 # include <sys/types.h>
67 #ifdef HAVE_NETINET_IN_H
68 # include <netinet/in.h>
71 #include <epan/epan.h>
72 #include <epan/filesystem.h>
76 #include "gtk/color_utils.h"
78 #include <epan/packet.h>
83 #include "simple_dialog.h"
84 #include "progress_dlg.h"
86 #include "statusbar.h"
88 #include "gtk/proto_draw.h"
89 #include "gtk/packet_win.h"
90 #include <epan/dfilter/dfilter.h>
91 #include <epan/conversation.h>
93 #include "gtk/colors.h"
94 #include <epan/epan_dissect.h>
96 extern GtkWidget *packet_list, *byte_nb_ptr, *tree_view;
99 gboolean auto_scroll_live;
102 static guint32 firstsec, firstusec;
103 static guint32 prevsec, prevusec;
105 static void read_packet(capture_file *cf, long offset);
107 static void rescan_packets(capture_file *cf, const char *action,
108 gboolean refilter, gboolean redissect);
110 static void set_selected_row(int row);
112 static void freeze_clist(capture_file *cf);
113 static void thaw_clist(capture_file *cf);
115 static char *file_rename_error_message(int err);
116 static char *file_close_error_message(int err);
117 static gboolean copy_binary_file(char *from_filename, char *to_filename);
119 /* Update the progress bar this many times when reading a file. */
120 #define N_PROGBAR_UPDATES 100
122 /* Number of "frame_data" structures per memory chunk.
123 XXX - is this the right number? */
124 #define FRAME_DATA_CHUNK_SIZE 1024
127 open_cap_file(char *fname, gboolean is_tempfile, capture_file *cf)
134 wth = wtap_open_offline(fname, &err, TRUE);
138 /* Find the size of the file. */
140 if (fstat(fd, &cf_stat) < 0) {
146 /* The open succeeded. Close whatever capture file we had open,
147 and fill in the information for this file. */
150 /* Initialize all data structures used for dissection. */
153 /* We're about to start reading the file. */
154 cf->state = FILE_READ_IN_PROGRESS;
158 cf->f_len = cf_stat.st_size;
160 /* Set the file name because we need it to set the follow stream filter.
161 XXX - is that still true? We need it for other reasons, though,
163 cf->filename = g_strdup(fname);
165 /* Indicate whether it's a permanent or temporary file. */
166 cf->is_tempfile = is_tempfile;
168 /* If it's a temporary capture buffer file, mark it as not saved. */
169 cf->user_saved = !is_tempfile;
171 cf->cd_t = wtap_file_type(cf->wth);
173 cf->marked_count = 0;
174 cf->drops_known = FALSE;
178 cf->snap = wtap_snapshot_length(cf->wth);
180 /* Snapshot length not known. */
181 cf->has_snap = FALSE;
182 cf->snap = WTAP_MAX_PACKET_SIZE;
185 cf->progbar_quantum = 0;
186 cf->progbar_nextstep = 0;
187 firstsec = 0, firstusec = 0;
188 prevsec = 0, prevusec = 0;
190 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
192 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
194 g_assert(cf->plist_chunk);
199 simple_dialog(ESD_TYPE_CRIT, NULL,
200 file_open_error_message(err, FALSE), fname);
204 /* Reset everything to a pristine state */
206 close_cap_file(capture_file *cf)
208 /* Die if we're in the middle of reading a file. */
209 g_assert(cf->state != FILE_READ_IN_PROGRESS);
211 /* Destroy all popup packet windows, as they refer to packets in the
212 capture file we're closing. */
213 destroy_packet_wins();
219 /* We have no file open... */
220 if (cf->filename != NULL) {
221 /* If it's a temporary file, remove it. */
223 unlink(cf->filename);
224 g_free(cf->filename);
227 /* ...which means we have nothing to save. */
228 cf->user_saved = FALSE;
230 if (cf->plist_chunk != NULL) {
231 g_mem_chunk_destroy(cf->plist_chunk);
232 cf->plist_chunk = NULL;
234 if (cf->rfcode != NULL) {
235 dfilter_free(cf->rfcode);
239 cf->plist_end = NULL;
240 unselect_packet(cf); /* nothing to select */
241 cf->first_displayed = NULL;
242 cf->last_displayed = NULL;
244 /* Clear the packet list. */
245 gtk_clist_freeze(GTK_CLIST(packet_list));
246 gtk_clist_clear(GTK_CLIST(packet_list));
247 gtk_clist_thaw(GTK_CLIST(packet_list));
249 /* Clear any file-related status bar messages.
250 XXX - should be "clear *ALL* file-related status bar messages;
251 will there ever be more than one on the stack? */
252 statusbar_pop_file_msg();
254 /* Restore the standard title bar message. */
255 set_main_window_name("The Ethereal Network Analyzer");
257 /* Disable all menu items that make sense only if you have a capture. */
258 set_menus_for_capture_file(FALSE);
259 set_menus_for_unsaved_capture_file(FALSE);
260 set_menus_for_captured_packets(FALSE);
261 set_menus_for_selected_packet(FALSE);
262 set_menus_for_capture_in_progress(FALSE);
263 set_menus_for_selected_tree_row(FALSE);
265 /* We have no file open. */
266 cf->state = FILE_CLOSED;
269 /* Set the file name in the status line, in the name for the main window,
270 and in the name for the main window's icon. */
272 set_display_filename(capture_file *cf)
276 static const gchar done_fmt_nodrops[] = " File: %s";
277 static const gchar done_fmt_drops[] = " File: %s Drops: %u";
279 gchar *win_name_fmt = "%s - Ethereal";
282 if (!cf->is_tempfile) {
283 /* Get the last component of the file name, and put that in the
285 name_ptr = get_basename(cf->filename);
287 /* The file we read is a temporary file from a live capture;
288 we don't mention its name in the status bar. */
289 name_ptr = "<capture>";
292 if (cf->drops_known) {
293 msg_len = strlen(name_ptr) + strlen(done_fmt_drops) + 64;
294 done_msg = g_malloc(msg_len);
295 snprintf(done_msg, msg_len, done_fmt_drops, name_ptr, cf->drops);
297 msg_len = strlen(name_ptr) + strlen(done_fmt_nodrops);
298 done_msg = g_malloc(msg_len);
299 snprintf(done_msg, msg_len, done_fmt_nodrops, name_ptr);
301 statusbar_push_file_msg(done_msg);
304 msg_len = strlen(name_ptr) + strlen(win_name_fmt) + 1;
305 win_name = g_malloc(msg_len);
306 snprintf(win_name, msg_len, win_name_fmt, name_ptr);
307 set_main_window_name(win_name);
312 read_cap_file(capture_file *cf, int *err)
314 gchar *name_ptr, *load_msg, *load_fmt = " Loading: %s...";
317 char errmsg_errno[1024+1];
318 gchar err_str[2048+1];
327 name_ptr = get_basename(cf->filename);
329 msg_len = strlen(name_ptr) + strlen(load_fmt) + 2;
330 load_msg = g_malloc(msg_len);
331 snprintf(load_msg, msg_len, load_fmt, name_ptr);
332 statusbar_push_file_msg(load_msg);
334 /* Update the progress bar when it gets to this value. */
335 cf->progbar_nextstep = 0;
336 /* When we reach the value that triggers a progress bar update,
337 bump that value by this amount. */
338 cf->progbar_quantum = cf->f_len/N_PROGBAR_UPDATES;
347 progbar = create_progress_dlg(load_msg, "Stop", &stop_flag);
350 while ((wtap_read(cf->wth, err, &data_offset))) {
351 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
352 when we update it, we have to run the GTK+ main loop to get it
353 to repaint what's pending, and doing so may involve an "ioctl()"
354 to see if there's any pending input from an X server, and doing
355 that for every packet can be costly, especially on a big file. */
356 if (data_offset >= cf->progbar_nextstep) {
357 file_pos = lseek(cf->filed, 0, SEEK_CUR);
358 prog_val = (gfloat) file_pos / (gfloat) cf->f_len;
359 if (prog_val > 1.0) {
360 /* The file probably grew while we were reading it.
361 Update "cf->f_len", and try again. */
362 fd = wtap_fd(cf->wth);
363 if (fstat(fd, &cf_stat) >= 0) {
364 cf->f_len = cf_stat.st_size;
365 prog_val = (gfloat) file_pos / (gfloat) cf->f_len;
367 /* If it's still > 1, either the "fstat()" failed (in which
368 case there's not much we can do about it), or the file
369 *shrank* (in which case there's not much we can do about
370 it); just clip the progress value at 1.0. */
374 update_progress_dlg(progbar, prog_val);
375 cf->progbar_nextstep += cf->progbar_quantum;
379 /* Well, the user decided to abort the read. Destroy the progress
380 bar, close the capture file, and return READ_ABORTED so our caller
381 can do whatever is appropriate when that happens. */
382 destroy_progress_dlg(progbar);
383 cf->state = FILE_READ_ABORTED; /* so that we're allowed to close it */
384 gtk_clist_thaw(GTK_CLIST(packet_list)); /* undo our freeze */
386 return (READ_ABORTED);
388 read_packet(cf, data_offset);
391 /* We're done reading the file; destroy the progress bar. */
392 destroy_progress_dlg(progbar);
394 /* We're done reading sequentially through the file. */
395 cf->state = FILE_READ_DONE;
397 /* Close the sequential I/O side, to free up memory it requires. */
398 wtap_sequential_close(cf->wth);
400 /* Allow the protocol dissectors to free up memory that they
401 * don't need after the sequential run-through of the packets. */
402 postseq_cleanup_all_protocols();
404 /* Set the file encapsulation type now; we don't know what it is until
405 we've looked at all the packets, as we don't know until then whether
406 there's more than one type (and thus whether it's
407 WTAP_ENCAP_PER_PACKET). */
408 cf->lnk_t = wtap_file_encap(cf->wth);
410 cf->current_frame = cf->first_displayed;
413 statusbar_pop_file_msg();
414 set_display_filename(cf);
416 /* Enable menu items that make sense if you have a capture file you've
418 set_menus_for_capture_file(TRUE);
419 set_menus_for_unsaved_capture_file(!cf->user_saved);
421 /* Enable menu items that make sense if you have some captured packets. */
422 set_menus_for_captured_packets(TRUE);
424 /* If we have any displayed packets to select, select the first of those
425 packets by making the first row the selected row. */
426 if (cf->first_displayed != NULL)
427 gtk_signal_emit_by_name(GTK_OBJECT(packet_list), "select_row", 0);
430 /* Put up a message box noting that the read failed somewhere along
431 the line. Don't throw out the stuff we managed to read, though,
435 case WTAP_ERR_UNSUPPORTED_ENCAP:
436 errmsg = "The capture file is for a network type that Ethereal doesn't support.";
439 case WTAP_ERR_CANT_READ:
440 errmsg = "An attempt to read from the file failed for"
441 " some unknown reason.";
444 case WTAP_ERR_SHORT_READ:
445 errmsg = "The capture file appears to have been cut short"
446 " in the middle of a packet.";
449 case WTAP_ERR_BAD_RECORD:
450 errmsg = "The capture file appears to be damaged or corrupt.";
454 snprintf(errmsg_errno, sizeof(errmsg_errno),
455 "An error occurred while reading the"
456 " capture file: %s.", wtap_strerror(*err));
457 errmsg = errmsg_errno;
460 snprintf(err_str, sizeof err_str, errmsg);
461 simple_dialog(ESD_TYPE_CRIT, NULL, err_str);
464 return (READ_SUCCESS);
469 start_tail_cap_file(char *fname, gboolean is_tempfile, capture_file *cf)
474 err = open_cap_file(fname, is_tempfile, cf);
476 /* Disable menu items that make no sense if you're currently running
478 set_menus_for_capture_in_progress(TRUE);
480 /* Enable menu items that make sense if you have some captured
481 packets (yes, I know, we don't have any *yet*). */
482 set_menus_for_captured_packets(TRUE);
484 for (i = 0; i < cf->cinfo.num_cols; i++) {
485 if (get_column_resize_type(cf->cinfo.col_fmt[i]) == RESIZE_LIVE)
486 gtk_clist_set_column_auto_resize(GTK_CLIST(packet_list), i, TRUE);
488 gtk_clist_set_column_auto_resize(GTK_CLIST(packet_list), i, FALSE);
489 gtk_clist_set_column_width(GTK_CLIST(packet_list), i,
490 cf->cinfo.col_width[i]);
491 gtk_clist_set_column_resizeable(GTK_CLIST(packet_list), i, TRUE);
495 statusbar_push_file_msg(" <live capture in progress>");
501 continue_tail_cap_file(capture_file *cf, int to_read, int *err)
503 long data_offset = 0;
505 gtk_clist_freeze(GTK_CLIST(packet_list));
507 while (to_read != 0 && (wtap_read(cf->wth, err, &data_offset))) {
508 if (cf->state == FILE_READ_ABORTED) {
509 /* Well, the user decided to exit Ethereal. Break out of the
510 loop, and let the code below (which is called even if there
511 aren't any packets left to read) exit. */
514 read_packet(cf, data_offset);
518 gtk_clist_thaw(GTK_CLIST(packet_list));
520 /* XXX - this cheats and looks inside the packet list to find the final
522 if (auto_scroll_live && cf->plist_end != NULL)
523 gtk_clist_moveto(GTK_CLIST(packet_list),
524 GTK_CLIST(packet_list)->rows - 1, -1, 1.0, 1.0);
526 if (cf->state == FILE_READ_ABORTED) {
527 /* Well, the user decided to exit Ethereal. Return READ_ABORTED
528 so that our caller can kill off the capture child process;
529 this will cause an EOF on the pipe from the child, so
530 "finish_tail_cap_file()" will be called, and it will clean up
533 } else if (*err != 0) {
534 /* We got an error reading the capture file.
535 XXX - pop up a dialog box? */
538 return (READ_SUCCESS);
542 finish_tail_cap_file(capture_file *cf, int *err)
546 gtk_clist_freeze(GTK_CLIST(packet_list));
548 while ((wtap_read(cf->wth, err, &data_offset))) {
549 if (cf->state == FILE_READ_ABORTED) {
550 /* Well, the user decided to abort the read. Break out of the
551 loop, and let the code below (which is called even if there
552 aren't any packets left to read) exit. */
555 read_packet(cf, data_offset);
558 if (cf->state == FILE_READ_ABORTED) {
559 /* Well, the user decided to abort the read. We're only called
560 when the child capture process closes the pipe to us (meaning
561 it's probably exited), so we can just close the capture
562 file; we return READ_ABORTED so our caller can do whatever
563 is appropriate when that happens. */
569 if (auto_scroll_live && cf->plist_end != NULL)
570 /* XXX - this cheats and looks inside the packet list to find the final
572 gtk_clist_moveto(GTK_CLIST(packet_list),
573 GTK_CLIST(packet_list)->rows - 1, -1, 1.0, 1.0);
575 /* We're done reading sequentially through the file. */
576 cf->state = FILE_READ_DONE;
578 /* We're done reading sequentially through the file; close the
579 sequential I/O side, to free up memory it requires. */
580 wtap_sequential_close(cf->wth);
582 /* Allow the protocol dissectors to free up memory that they
583 * don't need after the sequential run-through of the packets. */
584 postseq_cleanup_all_protocols();
586 /* Set the file encapsulation type now; we don't know what it is until
587 we've looked at all the packets, as we don't know until then whether
588 there's more than one type (and thus whether it's
589 WTAP_ENCAP_PER_PACKET). */
590 cf->lnk_t = wtap_file_encap(cf->wth);
592 /* Pop the "<live capture in progress>" message off the status bar. */
593 statusbar_pop_file_msg();
595 set_display_filename(cf);
597 /* Enable menu items that make sense if you're not currently running
599 set_menus_for_capture_in_progress(FALSE);
601 /* Enable menu items that make sense if you have a capture file
602 you've finished reading. */
603 set_menus_for_capture_file(TRUE);
604 set_menus_for_unsaved_capture_file(!cf->user_saved);
607 /* We got an error reading the capture file.
608 XXX - pop up a dialog box? */
611 return (READ_SUCCESS);
613 #endif /* HAVE_LIBPCAP */
616 color_filter_t *colorf;
618 } apply_color_filter_args;
621 * If no color filter has been applied, apply this one.
622 * (The "if no color filter has been applied" is to handle the case where
623 * more than one color filter matches the packet.)
626 apply_color_filter(gpointer filter_arg, gpointer argp)
628 color_filter_t *colorf = filter_arg;
629 apply_color_filter_args *args = argp;
631 if (colorf->c_colorfilter != NULL && args->colorf == NULL) {
632 if (dfilter_apply_edt(colorf->c_colorfilter, args->edt))
633 args->colorf = colorf;
638 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
639 union wtap_pseudo_header *pseudo_header, const u_char *buf,
642 apply_color_filter_args args;
644 gboolean create_proto_tree = FALSE;
648 /* We don't yet have a color filter to apply. */
651 /* If we don't have the time stamp of the first packet in the
652 capture, it's because this is the first packet. Save the time
653 stamp of this packet as the time stamp of the first packet. */
654 if (!firstsec && !firstusec) {
655 firstsec = fdata->abs_secs;
656 firstusec = fdata->abs_usecs;
661 we have a display filter and are re-applying it;
663 we have a list of color filters;
665 allocate a protocol tree root node, so that we'll construct
666 a protocol tree against which a filter expression can be
668 if ((cf->dfcode != NULL && refilter) || filter_list != NULL)
669 create_proto_tree = TRUE;
671 /* Dissect the frame. */
672 edt = epan_dissect_new(create_proto_tree, FALSE);
674 if (cf->dfcode != NULL && refilter) {
675 epan_dissect_prime_dfilter(edt, cf->dfcode);
678 filter_list_prime_edt(edt);
680 epan_dissect_run(edt, pseudo_header, buf, fdata, &cf->cinfo);
683 /* If we have a display filter, apply it if we're refiltering, otherwise
684 leave the "passed_dfilter" flag alone.
686 If we don't have a display filter, set "passed_dfilter" to 1. */
687 if (cf->dfcode != NULL) {
689 if (cf->dfcode != NULL)
690 fdata->flags.passed_dfilter = dfilter_apply_edt(cf->dfcode, edt) ? 1 : 0;
692 fdata->flags.passed_dfilter = 1;
695 fdata->flags.passed_dfilter = 1;
697 /* If we have color filters, and the frame is to be displayed, apply
698 the color filters. */
699 if (fdata->flags.passed_dfilter) {
700 if (filter_list != NULL) {
702 g_slist_foreach(filter_list, apply_color_filter, &args);
707 if (fdata->flags.passed_dfilter) {
708 /* This frame passed the display filter, so add it to the clist. */
710 /* If we don't have the time stamp of the previous displayed packet,
711 it's because this is the first displayed packet. Save the time
712 stamp of this packet as the time stamp of the previous displayed
714 if (!prevsec && !prevusec) {
715 prevsec = fdata->abs_secs;
716 prevusec = fdata->abs_usecs;
719 /* Get the time elapsed between the first packet and this packet. */
720 compute_timestamp_diff(&fdata->rel_secs, &fdata->rel_usecs,
721 fdata->abs_secs, fdata->abs_usecs, firstsec, firstusec);
723 /* If it's greater than the current elapsed time, set the elapsed time
724 to it (we check for "greater than" so as not to be confused by
725 time moving backwards). */
726 if ((gint32)cf->esec < fdata->rel_secs
727 || ((gint32)cf->esec == fdata->rel_secs && (gint32)cf->eusec < fdata->rel_usecs)) {
728 cf->esec = fdata->rel_secs;
729 cf->eusec = fdata->rel_usecs;
732 /* Get the time elapsed between the previous displayed packet and
734 compute_timestamp_diff(&fdata->del_secs, &fdata->del_usecs,
735 fdata->abs_secs, fdata->abs_usecs, prevsec, prevusec);
736 prevsec = fdata->abs_secs;
737 prevusec = fdata->abs_usecs;
739 epan_dissect_fill_in_columns(edt);
741 /* If we haven't yet seen the first frame, this is it.
743 XXX - we must do this before we add the row to the display,
744 as, if the display's GtkCList's selection mode is
745 GTK_SELECTION_BROWSE, when the first entry is added to it,
746 "select_packet()" will be called, and it will fetch the row
747 data for the 0th row, and will get a null pointer rather than
748 "fdata", as "gtk_clist_append()" won't yet have returned and
749 thus "gtk_clist_set_row_data()" won't yet have been called.
751 We thus need to leave behind bread crumbs so that
752 "select_packet()" can find this frame. See the comment
753 in "select_packet()". */
754 if (cf->first_displayed == NULL)
755 cf->first_displayed = fdata;
757 /* This is the last frame we've seen so far. */
758 cf->last_displayed = fdata;
760 row = gtk_clist_append(GTK_CLIST(packet_list), cf->cinfo.col_data);
761 gtk_clist_set_row_data(GTK_CLIST(packet_list), row, fdata);
763 if (fdata->flags.marked) {
764 color_t_to_gdkcolor(&bg, &prefs.gui_marked_bg);
765 color_t_to_gdkcolor(&fg, &prefs.gui_marked_fg);
766 } else if (filter_list != NULL && (args.colorf != NULL)) {
767 bg = args.colorf->bg_color;
768 fg = args.colorf->fg_color;
773 gtk_clist_set_background(GTK_CLIST(packet_list), row, &bg);
774 gtk_clist_set_foreground(GTK_CLIST(packet_list), row, &fg);
776 /* This frame didn't pass the display filter, so it's not being added
777 to the clist, and thus has no row. */
780 epan_dissect_free(edt);
785 read_packet(capture_file *cf, long offset)
787 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
788 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
789 const u_char *buf = wtap_buf_ptr(cf->wth);
792 frame_data *plist_end;
795 /* Allocate the next list entry, and add it to the list. */
796 fdata = g_mem_chunk_alloc(cf->plist_chunk);
801 fdata->pkt_len = phdr->len;
802 fdata->cap_len = phdr->caplen;
803 fdata->file_off = offset;
804 fdata->lnk_t = phdr->pkt_encap;
805 fdata->abs_secs = phdr->ts.tv_sec;
806 fdata->abs_usecs = phdr->ts.tv_usec;
807 fdata->flags.encoding = CHAR_ASCII;
808 fdata->flags.visited = 0;
809 fdata->flags.marked = 0;
813 edt = epan_dissect_new(TRUE, FALSE);
814 epan_dissect_prime_dfilter(edt, cf->rfcode);
815 epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
816 passed = dfilter_apply_edt(cf->rfcode, edt);
817 epan_dissect_free(edt);
820 plist_end = cf->plist_end;
821 fdata->prev = plist_end;
822 if (plist_end != NULL)
823 plist_end->next = fdata;
826 cf->plist_end = fdata;
829 fdata->num = cf->count;
830 add_packet_to_packet_list(fdata, cf, pseudo_header, buf, TRUE);
832 /* XXX - if we didn't have read filters, or if we could avoid
833 allocating the "frame_data" structure until we knew whether
834 the frame passed the read filter, we could use a G_ALLOC_ONLY
837 ...but, at least in one test I did, where I just made the chunk
838 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
839 seem to save a noticeable amount of time or space. */
840 g_mem_chunk_free(cf->plist_chunk, fdata);
845 filter_packets(capture_file *cf, gchar *dftext)
849 if (dftext == NULL) {
850 /* The new filter is an empty filter (i.e., display all packets). */
854 * We have a filter; make a copy of it (as we'll be saving it),
855 * and try to compile it.
857 dftext = g_strdup(dftext);
858 if (!dfilter_compile(dftext, &dfcode)) {
859 /* The attempt failed; report an error. */
860 simple_dialog(ESD_TYPE_CRIT, NULL, dfilter_error_msg);
865 if (dfcode == NULL) {
866 /* Yes - free the filter text, and set it to null. */
872 /* We have a valid filter. Replace the current filter. */
873 if (cf->dfilter != NULL)
875 cf->dfilter = dftext;
876 if (cf->dfcode != NULL)
877 dfilter_free(cf->dfcode);
880 /* Now rescan the packet list, applying the new filter, but not
881 throwing away information constructed on a previous pass. */
882 rescan_packets(cf, "Filtering", TRUE, FALSE);
887 colorize_packets(capture_file *cf)
889 rescan_packets(cf, "Colorizing", FALSE, FALSE);
893 redissect_packets(capture_file *cf)
895 rescan_packets(cf, "Reprocessing", TRUE, TRUE);
898 /* Rescan the list of packets, reconstructing the CList.
900 "action" describes why we're doing this; it's used in the progress
903 "refilter" is TRUE if we need to re-evaluate the filter expression.
905 "redissect" is TRUE if we need to make the dissectors reconstruct
906 any state information they have (because a preference that affects
907 some dissector has changed, meaning some dissector might construct
908 its state differently from the way it was constructed the last time). */
910 rescan_packets(capture_file *cf, const char *action, gboolean refilter,
916 guint32 progbar_quantum;
917 guint32 progbar_nextstep;
920 frame_data *selected_frame;
924 /* Which frame, if any, is the currently selected frame?
925 XXX - should the selected frame or the focus frame be the "current"
926 frame, that frame being the one from which "Find Frame" searches
928 selected_frame = cf->current_frame;
930 /* We don't yet know what row that frame will be on, if any, after we
931 rebuild the clist, however. */
935 /* We need to re-initialize all the state information that protocols
936 keep, because some preference that controls a dissector has changed,
937 which might cause the state information to be constructed differently
938 by that dissector. */
940 /* Initialize all data structures used for dissection. */
944 /* Freeze the packet list while we redo it, so we don't get any
945 screen updates while it happens. */
946 gtk_clist_freeze(GTK_CLIST(packet_list));
949 gtk_clist_clear(GTK_CLIST(packet_list));
951 /* We don't yet know which will be the first and last frames displayed. */
952 cf->first_displayed = NULL;
953 cf->last_displayed = NULL;
955 /* Iterate through the list of frames. Call a routine for each frame
956 to check whether it should be displayed and, if so, add it to
963 /* Update the progress bar when it gets to this value. */
964 progbar_nextstep = 0;
965 /* When we reach the value that triggers a progress bar update,
966 bump that value by this amount. */
967 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
968 /* Count of packets at which we've looked. */
972 progbar = create_progress_dlg(action, "Stop", &stop_flag);
974 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
975 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
976 when we update it, we have to run the GTK+ main loop to get it
977 to repaint what's pending, and doing so may involve an "ioctl()"
978 to see if there's any pending input from an X server, and doing
979 that for every packet can be costly, especially on a big file. */
980 if (count >= progbar_nextstep) {
981 /* let's not divide by zero. I should never be started
982 * with count == 0, so let's assert that
984 g_assert(cf->count > 0);
986 update_progress_dlg(progbar, (gfloat) count / cf->count);
988 progbar_nextstep += progbar_quantum;
992 /* Well, the user decided to abort the filtering. Just stop.
994 XXX - go back to the previous filter? Users probably just
995 want not to wait for a filtering operation to finish;
996 unless we cancel by having no filter, reverting to the
997 previous filter will probably be even more expensive than
998 continuing the filtering, as it involves going back to the
999 beginning and filtering, and even with no filter we currently
1000 have to re-generate the entire clist, which is also expensive.
1002 I'm not sure what Network Monitor does, but it doesn't appear
1003 to give you an unfiltered display if you cancel. */
1010 /* Since all state for the frame was destroyed, mark the frame
1011 * as not visited, free the GSList referring to the state
1012 * data (the per-frame data itself was freed by
1013 * "init_dissection()"), and null out the GSList pointer. */
1014 fdata->flags.visited = 0;
1016 g_slist_free(fdata->pfd);
1021 /* XXX - do something with "err" */
1022 wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1023 cf->pd, fdata->cap_len, &err);
1025 row = add_packet_to_packet_list(fdata, cf, &cf->pseudo_header, cf->pd,
1027 if (fdata == selected_frame)
1032 /* Clear out what remains of the visited flags and per-frame data
1035 XXX - that may cause various forms of bogosity when dissecting
1036 these frames, as they won't have been seen by this sequential
1037 pass, but the only alternative I see is to keep scanning them
1038 even though the user requested that the scan stop, and that
1039 would leave the user stuck with an Ethereal grinding on
1040 until it finishes. Should we just stick them with that? */
1041 for (; fdata != NULL; fdata = fdata->next) {
1042 fdata->flags.visited = 0;
1044 g_slist_free(fdata->pfd);
1050 /* We're done filtering the packets; destroy the progress bar. */
1051 destroy_progress_dlg(progbar);
1053 /* Unfreeze the packet list. */
1054 gtk_clist_thaw(GTK_CLIST(packet_list));
1056 if (selected_row != -1) {
1057 /* The frame that was selected passed the filter; select it, make it
1058 the focus row, and make it visible. */
1059 set_selected_row(selected_row);
1060 finfo_selected = NULL;
1062 /* The selected frame didn't pass the filter; make the first frame
1063 the current frame, and leave it unselected. */
1064 unselect_packet(cf);
1065 cf->current_frame = cf->first_displayed;
1070 print_packets(capture_file *cf, print_args_t *print_args)
1076 guint32 progbar_quantum;
1077 guint32 progbar_nextstep;
1080 gint *col_widths = NULL;
1082 gboolean print_separator;
1083 char *line_buf = NULL;
1084 int line_buf_len = 256;
1088 epan_dissect_t *edt = NULL;
1090 cf->print_fh = open_print_dest(print_args->to_file, print_args->dest);
1091 if (cf->print_fh == NULL)
1092 return FALSE; /* attempt to open destination failed */
1094 print_preamble(cf->print_fh, print_args->format);
1096 if (print_args->print_summary) {
1097 /* We're printing packet summaries. Allocate the line buffer at
1098 its initial length. */
1099 line_buf = g_malloc(line_buf_len + 1);
1101 /* Find the widths for each of the columns - maximum of the
1102 width of the title and the width of the data - and print
1103 the column titles. */
1104 col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
1107 for (i = 0; i < cf->cinfo.num_cols; i++) {
1108 /* Don't pad the last column. */
1109 if (i == cf->cinfo.num_cols - 1)
1112 col_widths[i] = strlen(cf->cinfo.col_title[i]);
1113 data_width = get_column_char_width(get_column_format(i));
1114 if (data_width > col_widths[i])
1115 col_widths[i] = data_width;
1118 /* Find the length of the string for this column. */
1119 column_len = strlen(cf->cinfo.col_title[i]);
1120 if (col_widths[i] > column_len)
1121 column_len = col_widths[i];
1123 /* Make sure there's room in the line buffer for the column; if not,
1124 double its length. */
1125 line_len += column_len + 1; /* "+1" for space or \n */
1126 if (line_len > line_buf_len) {
1128 line_buf = g_realloc(line_buf, line_buf_len + 1);
1131 /* Right-justify the packet number column. */
1132 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
1133 sprintf(cp, "%*s", col_widths[i], cf->cinfo.col_title[i]);
1135 sprintf(cp, "%-*s", col_widths[i], cf->cinfo.col_title[i]);
1137 if (i == cf->cinfo.num_cols - 1)
1143 print_line(cf->print_fh, print_args->format, line_buf);
1146 print_separator = FALSE;
1148 /* Update the progress bar when it gets to this value. */
1149 progbar_nextstep = 0;
1150 /* When we reach the value that triggers a progress bar update,
1151 bump that value by this amount. */
1152 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1153 /* Count of packets at which we've looked. */
1157 progbar = create_progress_dlg("Printing", "Stop", &stop_flag);
1159 /* Iterate through the list of packets, printing the packets that
1160 were selected by the current display filter. */
1161 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1162 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1163 when we update it, we have to run the GTK+ main loop to get it
1164 to repaint what's pending, and doing so may involve an "ioctl()"
1165 to see if there's any pending input from an X server, and doing
1166 that for every packet can be costly, especially on a big file. */
1167 if (count >= progbar_nextstep) {
1168 /* let's not divide by zero. I should never be started
1169 * with count == 0, so let's assert that
1171 g_assert(cf->count > 0);
1173 update_progress_dlg(progbar, (gfloat) count / cf->count);
1175 progbar_nextstep += progbar_quantum;
1179 /* Well, the user decided to abort the printing. Just stop.
1181 XXX - note that what got generated before they did that
1182 will get printed, as we're piping to a print program; we'd
1183 have to write to a file and then hand that to the print
1184 program to make it actually not print anything. */
1189 /* Check to see if we are suppressing unmarked packets, if so,
1190 * suppress them and then proceed to check for visibility.
1192 if (((print_args->suppress_unmarked && fdata->flags.marked ) ||
1193 !(print_args->suppress_unmarked)) && fdata->flags.passed_dfilter) {
1194 /* XXX - do something with "err" */
1195 wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1196 cf->pd, fdata->cap_len, &err);
1197 if (print_args->print_summary) {
1198 /* Fill in the column information, but don't bother creating
1199 the logical protocol tree. */
1200 edt = epan_dissect_new(FALSE, FALSE);
1201 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
1202 epan_dissect_fill_in_columns(edt);
1205 for (i = 0; i < cf->cinfo.num_cols; i++) {
1206 /* Find the length of the string for this column. */
1207 column_len = strlen(cf->cinfo.col_data[i]);
1208 if (col_widths[i] > column_len)
1209 column_len = col_widths[i];
1211 /* Make sure there's room in the line buffer for the column; if not,
1212 double its length. */
1213 line_len += column_len + 1; /* "+1" for space or \n */
1214 if (line_len > line_buf_len) {
1216 line_buf = g_realloc(line_buf, line_buf_len + 1);
1219 /* Right-justify the packet number column. */
1220 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
1221 sprintf(cp, "%*s", col_widths[i], cf->cinfo.col_data[i]);
1223 sprintf(cp, "%-*s", col_widths[i], cf->cinfo.col_data[i]);
1225 if (i == cf->cinfo.num_cols - 1)
1231 print_line(cf->print_fh, print_args->format, line_buf);
1233 if (print_separator)
1234 print_line(cf->print_fh, print_args->format, "\n");
1236 /* Create the logical protocol tree, complete with the display
1237 representation of the items; we don't need the columns here,
1239 edt = epan_dissect_new(TRUE, TRUE);
1240 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
1242 /* Print the information in that tree. */
1243 proto_tree_print(print_args, edt, cf->print_fh);
1245 if (print_args->print_hex) {
1246 /* Print the full packet data as hex. */
1247 print_hex_data(cf->print_fh, print_args->format, edt);
1250 /* Print a blank line if we print anything after this. */
1251 print_separator = TRUE;
1253 epan_dissect_free(edt);
1257 /* We're done printing the packets; destroy the progress bar. */
1258 destroy_progress_dlg(progbar);
1260 if (col_widths != NULL)
1262 if (line_buf != NULL)
1265 print_finale(cf->print_fh, print_args->format);
1267 close_print_dest(print_args->to_file, cf->print_fh);
1269 cf->print_fh = NULL;
1274 /* Scan through the packet list and change all columns that use the
1275 "command-line-specified" time stamp format to use the current
1276 value of that format. */
1278 change_time_formats(capture_file *cf)
1283 guint32 progbar_quantum;
1284 guint32 progbar_nextstep;
1290 /* Are there any columns with time stamps in the "command-line-specified"
1293 XXX - we have to force the "column is writable" flag on, as it
1294 might be off from the last frame that was dissected. */
1295 col_set_writable(&cf->cinfo, TRUE);
1296 if (!check_col(&cf->cinfo, COL_CLS_TIME)) {
1297 /* No, there aren't any columns in that format, so we have no work
1302 /* Freeze the packet list while we redo it, so we don't get any
1303 screen updates while it happens. */
1306 /* Update the progress bar when it gets to this value. */
1307 progbar_nextstep = 0;
1308 /* When we reach the value that triggers a progress bar update,
1309 bump that value by this amount. */
1310 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1311 /* Count of packets at which we've looked. */
1315 progbar = create_progress_dlg("Changing time display", "Stop", &stop_flag);
1317 /* Iterate through the list of packets, checking whether the packet
1318 is in a row of the summary list and, if so, whether there are
1319 any columns that show the time in the "command-line-specified"
1320 format and, if so, update that row. */
1321 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1322 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1323 when we update it, we have to run the GTK+ main loop to get it
1324 to repaint what's pending, and doing so may involve an "ioctl()"
1325 to see if there's any pending input from an X server, and doing
1326 that for every packet can be costly, especially on a big file. */
1327 if (count >= progbar_nextstep) {
1328 /* let's not divide by zero. I should never be started
1329 * with count == 0, so let's assert that
1331 g_assert(cf->count > 0);
1333 update_progress_dlg(progbar, (gfloat) count / cf->count);
1335 progbar_nextstep += progbar_quantum;
1339 /* Well, the user decided to abort the redisplay. Just stop.
1341 XXX - this leaves the time field in the old format in
1342 frames we haven't yet processed. So it goes; should we
1343 simply not offer them the option of stopping? */
1349 /* Find what row this packet is in. */
1350 row = gtk_clist_find_row_from_data(GTK_CLIST(packet_list), fdata);
1353 /* This packet is in the summary list, on row "row". */
1355 for (i = 0; i < cf->cinfo.num_cols; i++) {
1356 if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
1357 /* This is one of the columns that shows the time in
1358 "command-line-specified" format; update it. */
1359 cf->cinfo.col_buf[i][0] = '\0';
1360 col_set_cls_time(fdata, &cf->cinfo, i);
1361 gtk_clist_set_text(GTK_CLIST(packet_list), row, i,
1362 cf->cinfo.col_data[i]);
1368 /* We're done redisplaying the packets; destroy the progress bar. */
1369 destroy_progress_dlg(progbar);
1371 /* Set the column widths of those columns that show the time in
1372 "command-line-specified" format. */
1373 pl_style = gtk_widget_get_style(packet_list);
1374 for (i = 0; i < cf->cinfo.num_cols; i++) {
1375 if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
1376 gtk_clist_set_column_width(GTK_CLIST(packet_list), i,
1377 gdk_string_width(pl_style->font, get_column_longest_string(COL_CLS_TIME)));
1381 /* Unfreeze the packet list. */
1386 find_packet(capture_file *cf, dfilter_t *sfcode)
1388 frame_data *start_fd;
1390 frame_data *new_fd = NULL;
1391 progdlg_t *progbar = NULL;
1393 guint32 progbar_quantum;
1394 guint32 progbar_nextstep;
1397 gboolean frame_matched;
1399 epan_dissect_t *edt;
1401 start_fd = cf->current_frame;
1402 if (start_fd != NULL) {
1403 /* Iterate through the list of packets, starting at the packet we've
1404 picked, calling a routine to run the filter on the packet, see if
1405 it matches, and stop if so. */
1409 /* Update the progress bar when it gets to this value. We start at
1410 20, not 0, so that we don't get a progress bar until we've
1411 checked at least that many frames, so that a very quick search
1412 doesn't pop up and immediately destroy a progress bar.
1414 XXX - should use a timer? Like 50 ms. */
1415 progbar_nextstep = 20;
1416 /* When we reach the value that triggers a progress bar update,
1417 bump that value by this amount. */
1418 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1424 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1425 when we update it, we have to run the GTK+ main loop to get it
1426 to repaint what's pending, and doing so may involve an "ioctl()"
1427 to see if there's any pending input from an X server, and doing
1428 that for every packet can be costly, especially on a big file. */
1429 if (count >= progbar_nextstep) {
1430 /* let's not divide by zero. I should never be started
1431 * with count == 0, so let's assert that
1433 g_assert(cf->count > 0);
1435 /* Create the progress bar if it doesn't exist; we don't create it
1436 immediately, so that we don't have it appear and immediately
1437 disappear if the search is quick. */
1438 if (progbar == NULL)
1439 progbar = create_progress_dlg("Searching", "Cancel", &stop_flag);
1441 update_progress_dlg(progbar, (gfloat) count / cf->count);
1443 progbar_nextstep += progbar_quantum;
1447 /* Well, the user decided to abort the search. Go back to the
1448 frame where we started. */
1453 /* Go past the current frame. */
1454 if (cf->sbackward) {
1455 /* Go on to the previous frame. */
1456 fdata = fdata->prev;
1458 fdata = cf->plist_end; /* wrap around */
1460 /* Go on to the next frame. */
1461 fdata = fdata->next;
1463 fdata = cf->plist; /* wrap around */
1468 /* Is this packet in the display? */
1469 if (fdata->flags.passed_dfilter) {
1470 /* Yes. Does it match the search filter? */
1471 /* XXX - do something with "err" */
1472 wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
1473 cf->pd, fdata->cap_len, &err);
1474 edt = epan_dissect_new(TRUE, FALSE);
1475 epan_dissect_prime_dfilter(edt, sfcode);
1476 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
1477 frame_matched = dfilter_apply_edt(sfcode, edt);
1478 epan_dissect_free(edt);
1479 if (frame_matched) {
1481 break; /* found it! */
1485 if (fdata == start_fd) {
1486 /* We're back to the frame we were on originally, and that frame
1487 doesn't match the search filter. The search failed. */
1492 /* We're done scanning the packets; destroy the progress bar, if
1494 if (progbar != NULL)
1495 destroy_progress_dlg(progbar);
1498 if (new_fd != NULL) {
1499 /* We found a frame. Find what row it's in. */
1500 row = gtk_clist_find_row_from_data(GTK_CLIST(packet_list), new_fd);
1501 g_assert(row != -1);
1503 /* Select that row, make it the focus row, and make it visible. */
1504 set_selected_row(row);
1505 return TRUE; /* success */
1507 return FALSE; /* failure */
1511 goto_frame(capture_file *cf, guint fnumber)
1516 for (fdata = cf->plist; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
1520 return NO_SUCH_FRAME; /* we didn't find that frame */
1521 if (!fdata->flags.passed_dfilter)
1522 return FRAME_NOT_DISPLAYED; /* the frame with that number isn't displayed */
1524 /* We found that frame, and it's currently being displayed.
1525 Find what row it's in. */
1526 row = gtk_clist_find_row_from_data(GTK_CLIST(packet_list), fdata);
1527 g_assert(row != -1);
1529 /* Select that row, make it the focus row, and make it visible. */
1530 set_selected_row(row);
1534 /* Select the packet on a given row. */
1536 select_packet(capture_file *cf, int row)
1541 /* Get the frame data struct pointer for this frame */
1542 fdata = (frame_data *) gtk_clist_get_row_data(GTK_CLIST(packet_list), row);
1544 if (fdata == NULL) {
1545 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
1546 the first entry is added to it by "real_insert_row()", that row
1547 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
1548 our version and the vanilla GTK+ version).
1550 This means that a "select-row" signal is emitted; this causes
1551 "packet_list_select_cb()" to be called, which causes "select_packet()"
1554 "select_packet()" fetches, above, the data associated with the
1555 row that was selected; however, as "gtk_clist_append()", which
1556 called "real_insert_row()", hasn't yet returned, we haven't yet
1557 associated any data with that row, so we get back a null pointer.
1559 We can't assume that there's only one frame in the frame list,
1560 either, as we may be filtering the display.
1562 We therefore assume that, if "row" is 0, i.e. the first row
1563 is being selected, and "cf->first_displayed" equals
1564 "cf->last_displayed", i.e. there's only one frame being
1565 displayed, that frame is the frame we want.
1567 This means we have to set "cf->first_displayed" and
1568 "cf->last_displayed" before adding the row to the
1569 GtkCList; see the comment in "add_packet_to_packet_list()". */
1571 if (row == 0 && cf->first_displayed == cf->last_displayed)
1572 fdata = cf->first_displayed;
1575 /* Record that this frame is the current frame. */
1576 cf->current_frame = fdata;
1578 /* Get the data in that frame. */
1579 /* XXX - do something with "err" */
1580 wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1581 cf->pd, fdata->cap_len, &err);
1583 /* Create the logical protocol tree. */
1584 if (cf->edt != NULL) {
1585 epan_dissect_free(cf->edt);
1588 /* We don't need the columns here. */
1589 cf->edt = epan_dissect_new(TRUE, TRUE);
1590 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
1593 /* Display the GUI protocol tree and hex dump.
1594 XXX - why do we dump core if we call "proto_tree_draw()"
1595 before calling "add_byte_views()"? */
1596 add_byte_views(cf->edt, tree_view, byte_nb_ptr);
1597 proto_tree_draw(cf->edt->tree, tree_view);
1599 /* A packet is selected. */
1600 set_menus_for_selected_packet(TRUE);
1603 /* Unselect the selected packet, if any. */
1605 unselect_packet(capture_file *cf)
1607 /* Destroy the epan_dissect_t for the unselected packet. */
1608 if (cf->edt != NULL) {
1609 epan_dissect_free(cf->edt);
1613 /* Clear out the display of that packet. */
1614 clear_tree_and_hex_views();
1616 /* No packet is selected. */
1617 set_menus_for_selected_packet(FALSE);
1619 /* No protocol tree means no selected field. */
1623 /* Set the selected row and the focus row of the packet list to the specified
1624 row, and make it visible if it's not currently visible. */
1626 set_selected_row(int row)
1628 if (gtk_clist_row_is_visible(GTK_CLIST(packet_list), row) != GTK_VISIBILITY_FULL)
1629 gtk_clist_moveto(GTK_CLIST(packet_list), row, -1, 0.0, 0.0);
1631 /* XXX - why is there no "gtk_clist_set_focus_row()", so that we
1632 can make the row for the frame we found the focus row?
1636 http://www.gnome.org/mailing-lists/archives/gtk-list/2000-January/0038.shtml
1639 GTK_CLIST(packet_list)->focus_row = row;
1641 gtk_clist_select_row(GTK_CLIST(packet_list), row, -1);
1644 /* Unset the selected protocol tree field, if any. */
1646 unselect_field(void)
1648 statusbar_pop_field_msg();
1649 finfo_selected = NULL;
1650 set_menus_for_selected_tree_row(FALSE);
1654 * Mark a particular frame.
1657 mark_frame(capture_file *cf, frame_data *frame)
1659 frame->flags.marked = TRUE;
1664 * Unmark a particular frame.
1667 unmark_frame(capture_file *cf, frame_data *frame)
1669 frame->flags.marked = FALSE;
1674 freeze_clist(capture_file *cf)
1678 /* Make the column sizes static, so they don't adjust while
1679 we're reading the capture file (freezing the clist doesn't
1680 seem to suffice). */
1681 for (i = 0; i < cf->cinfo.num_cols; i++)
1682 gtk_clist_set_column_auto_resize(GTK_CLIST(packet_list), i, FALSE);
1683 gtk_clist_freeze(GTK_CLIST(packet_list));
1687 thaw_clist(capture_file *cf)
1691 for (i = 0; i < cf->cinfo.num_cols; i++) {
1692 if (get_column_resize_type(cf->cinfo.col_fmt[i]) == RESIZE_MANUAL) {
1693 /* Set this column's width to the appropriate value. */
1694 gtk_clist_set_column_width(GTK_CLIST(packet_list), i,
1695 cf->cinfo.col_width[i]);
1697 /* Make this column's size dynamic, so that it adjusts to the
1698 appropriate size. */
1699 gtk_clist_set_column_auto_resize(GTK_CLIST(packet_list), i, TRUE);
1702 gtk_clist_thaw(GTK_CLIST(packet_list));
1704 /* Hopefully, the columns have now gotten their appropriate sizes;
1705 make them resizeable - a column that auto-resizes cannot be
1706 resized by the user, and *vice versa*. */
1707 for (i = 0; i < cf->cinfo.num_cols; i++)
1708 gtk_clist_set_column_resizeable(GTK_CLIST(packet_list), i, TRUE);
1712 * Save a capture to a file, in a particular format, saving either
1713 * all packets, all currently-displayed packets, or all marked packets.
1715 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
1716 * up a message box for the failure.
1719 save_cap_file(char *fname, capture_file *cf, gboolean save_filtered,
1720 gboolean save_marked, guint save_format)
1722 gchar *from_filename;
1723 gchar *name_ptr, *save_msg, *save_fmt = " Saving: %s...";
1729 struct wtap_pkthdr hdr;
1730 union wtap_pseudo_header pseudo_header;
1733 name_ptr = get_basename(fname);
1734 msg_len = strlen(name_ptr) + strlen(save_fmt) + 2;
1735 save_msg = g_malloc(msg_len);
1736 snprintf(save_msg, msg_len, save_fmt, name_ptr);
1737 statusbar_push_file_msg(save_msg);
1740 if (!save_filtered && !save_marked && save_format == cf->cd_t) {
1741 /* We're not filtering packets, and we're saving it in the format
1742 it's already in, so we can just move or copy the raw data. */
1744 if (cf->is_tempfile) {
1745 /* The file being saved is a temporary file from a live
1746 capture, so it doesn't need to stay around under that name;
1747 first, try renaming the capture buffer file to the new name. */
1749 if (rename(cf->filename, fname) == 0) {
1750 /* That succeeded - there's no need to copy the source file. */
1751 from_filename = NULL;
1754 if (errno == EXDEV) {
1755 /* They're on different file systems, so we have to copy the
1758 from_filename = cf->filename;
1760 /* The rename failed, but not because they're on different
1761 file systems - put up an error message. (Or should we
1762 just punt and try to copy? The only reason why I'd
1763 expect the rename to fail and the copy to succeed would
1764 be if we didn't have permission to remove the file from
1765 the temporary directory, and that might be fixable - but
1766 is it worth requiring the user to go off and fix it?) */
1767 simple_dialog(ESD_TYPE_CRIT, NULL,
1768 file_rename_error_message(errno), fname);
1774 from_filename = cf->filename;
1777 /* It's a permanent file, so we should copy it, and not remove the
1780 from_filename = cf->filename;
1784 /* Check that the from file is not the same as to file */
1785 if (strcmp(from_filename, fname) == 0) {
1786 simple_dialog(ESD_TYPE_CRIT, NULL,
1787 "Can't save over current capture file: %s!",
1792 /* Copy the file, if we haven't moved it. */
1793 if (!copy_binary_file(from_filename, fname))
1797 /* Either we're filtering packets, or we're saving in a different
1798 format; we can't do that by copying or moving the capture file,
1799 we have to do it by writing the packets out in Wiretap. */
1800 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap, &err);
1802 simple_dialog(ESD_TYPE_CRIT, NULL,
1803 file_open_error_message(err, TRUE), fname);
1807 /* XXX - have a way to save only the packets currently selected by
1808 the display filter or the marked ones.
1810 If we do that, should we make that file the current file? If so,
1811 it means we can no longer get at the other packets. What does
1813 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1814 /* XXX - do a progress bar */
1815 if ((!save_filtered && !save_marked) ||
1816 (save_filtered && fdata->flags.passed_dfilter && !save_marked) ||
1817 (save_marked && fdata->flags.marked && !save_filtered) ||
1818 (save_filtered && save_marked && fdata->flags.passed_dfilter &&
1819 fdata->flags.marked)) {
1821 - we're saving all frames, or
1822 - we're saving filtered frames and this one passed the display filter or
1823 - we're saving marked frames (and it has been marked) or
1824 - we're saving filtered _and_ marked frames,
1826 hdr.ts.tv_sec = fdata->abs_secs;
1827 hdr.ts.tv_usec = fdata->abs_usecs;
1828 hdr.caplen = fdata->cap_len;
1829 hdr.len = fdata->pkt_len;
1830 hdr.pkt_encap = fdata->lnk_t;
1831 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
1832 pd, fdata->cap_len, &err)) {
1833 simple_dialog(ESD_TYPE_CRIT, NULL,
1834 file_read_error_message(err), cf->filename);
1835 wtap_dump_close(pdh, &err);
1839 if (!wtap_dump(pdh, &hdr, &pseudo_header, pd, &err)) {
1840 simple_dialog(ESD_TYPE_CRIT, NULL,
1841 file_write_error_message(err), fname);
1842 wtap_dump_close(pdh, &err);
1848 if (!wtap_dump_close(pdh, &err)) {
1849 simple_dialog(ESD_TYPE_WARN, NULL,
1850 file_close_error_message(err), fname);
1855 /* Pop the "Saving:" message off the status bar. */
1856 statusbar_pop_file_msg();
1857 if (!save_filtered && !save_marked) {
1858 /* We saved the entire capture, not just some packets from it.
1859 Open and read the file we saved it to.
1861 XXX - this is somewhat of a waste; we already have the
1862 packets, all this gets us is updated file type information
1863 (which we could just stuff into "cf"), and having the new
1864 file be the one we have opened and from which we're reading
1865 the data, and it means we have to spend time opening and
1866 reading the file, which could be a significant amount of
1867 time if the file is large. */
1868 cf->user_saved = TRUE;
1870 if ((err = open_cap_file(fname, FALSE, cf)) == 0) {
1871 /* XXX - report errors if this fails?
1872 What should we return if it fails or is aborted? */
1873 switch (read_cap_file(cf, &err)) {
1877 /* Just because we got an error, that doesn't mean we were unable
1878 to read any of the file; we handle what we could get from the
1883 /* The user bailed out of re-reading the capture file; the
1884 capture file has been closed - just return (without
1885 changing any menu settings; "close_cap_file()" set them
1886 correctly for the "no capture file open" state). */
1889 set_menus_for_unsaved_capture_file(FALSE);
1895 /* Pop the "Saving:" message off the status bar. */
1896 statusbar_pop_file_msg();
1901 file_open_error_message(int err, gboolean for_writing)
1904 static char errmsg_errno[1024+1];
1908 case WTAP_ERR_NOT_REGULAR_FILE:
1909 errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
1912 case WTAP_ERR_RANDOM_OPEN_PIPE:
1913 /* Seen only when opening a capture file for reading. */
1914 errmsg = "The file \"%s\" is a pipe or FIFO; Ethereal cannot read pipe or FIFO files.";
1917 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
1918 case WTAP_ERR_UNSUPPORTED:
1919 /* Seen only when opening a capture file for reading. */
1920 errmsg = "The file \"%s\" is not a capture file in a format Ethereal understands.";
1923 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
1924 /* Seen only when opening a capture file for writing. */
1925 errmsg = "Ethereal does not support writing capture files in that format.";
1928 case WTAP_ERR_UNSUPPORTED_ENCAP:
1929 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
1931 errmsg = "Ethereal cannot save this capture in that format.";
1933 errmsg = "The file \"%s\" is a capture for a network type that Ethereal doesn't support.";
1936 case WTAP_ERR_BAD_RECORD:
1937 errmsg = "The file \"%s\" appears to be damaged or corrupt.";
1940 case WTAP_ERR_CANT_OPEN:
1942 errmsg = "The file \"%s\" could not be created for some unknown reason.";
1944 errmsg = "The file \"%s\" could not be opened for some unknown reason.";
1947 case WTAP_ERR_SHORT_READ:
1948 errmsg = "The file \"%s\" appears to have been cut short"
1949 " in the middle of a packet or other data.";
1952 case WTAP_ERR_SHORT_WRITE:
1953 errmsg = "A full header couldn't be written to the file \"%s\".";
1958 errmsg = "The path to the file \"%s\" does not exist.";
1960 errmsg = "The file \"%s\" does not exist.";
1965 errmsg = "You do not have permission to create or write to the file \"%s\".";
1967 errmsg = "You do not have permission to read the file \"%s\".";
1971 errmsg = "\"%s\" is a directory (folder), not a file.";
1975 snprintf(errmsg_errno, sizeof(errmsg_errno),
1976 "The file \"%%s\" could not be opened: %s.",
1977 wtap_strerror(err));
1978 errmsg = errmsg_errno;
1985 file_rename_error_message(int err)
1988 static char errmsg_errno[1024+1];
1993 errmsg = "The path to the file \"%s\" does not exist.";
1997 errmsg = "You do not have permission to move the capture file to \"%s\".";
2001 snprintf(errmsg_errno, sizeof(errmsg_errno),
2002 "The file \"%%s\" could not be moved: %s.",
2003 wtap_strerror(err));
2004 errmsg = errmsg_errno;
2011 file_read_error_message(int err)
2013 static char errmsg_errno[1024+1];
2015 snprintf(errmsg_errno, sizeof(errmsg_errno),
2016 "An error occurred while reading from the file \"%%s\": %s.",
2017 wtap_strerror(err));
2018 return errmsg_errno;
2022 file_write_error_message(int err)
2025 static char errmsg_errno[1024+1];
2030 errmsg = "The file \"%s\" could not be saved because there is no space left on the file system.";
2035 errmsg = "The file \"%s\" could not be saved because you are too close to, or over, your disk quota.";
2040 snprintf(errmsg_errno, sizeof(errmsg_errno),
2041 "An error occurred while writing to the file \"%%s\": %s.",
2042 wtap_strerror(err));
2043 errmsg = errmsg_errno;
2049 /* Check for write errors - if the file is being written to an NFS server,
2050 a write error may not show up until the file is closed, as NFS clients
2051 might not send writes to the server until the "write()" call finishes,
2052 so that the write may fail on the server but the "write()" may succeed. */
2054 file_close_error_message(int err)
2057 static char errmsg_errno[1024+1];
2061 case WTAP_ERR_CANT_CLOSE:
2062 errmsg = "The file \"%s\" couldn't be closed for some unknown reason.";
2065 case WTAP_ERR_SHORT_WRITE:
2066 errmsg = "Not all the packets could be written to the file \"%s\".";
2070 errmsg = "The file \"%s\" could not be saved because there is no space left on the file system.";
2075 errmsg = "The file \"%s\" could not be saved because you are too close to, or over, your disk quota.";
2080 snprintf(errmsg_errno, sizeof(errmsg_errno),
2081 "An error occurred while closing the file \"%%s\": %s.",
2082 wtap_strerror(err));
2083 errmsg = errmsg_errno;
2090 /* Copies a file in binary mode, for those operating systems that care about
2092 * Returns TRUE on success, FALSE on failure. If a failure, it also
2093 * displays a simple dialog window with the error message.
2096 copy_binary_file(char *from_filename, char *to_filename)
2098 int from_fd, to_fd, nread, nwritten, err;
2099 guint8 pd[65536]; /* XXX - Hmm, 64K here, 64K in save_cap_file(),
2100 perhaps we should make just one 64K buffer. */
2102 /* Copy the raw bytes of the file. */
2103 from_fd = open(from_filename, O_RDONLY | O_BINARY);
2106 simple_dialog(ESD_TYPE_CRIT, NULL,
2107 file_open_error_message(err, TRUE), from_filename);
2111 /* Use open() instead of creat() so that we can pass the O_BINARY
2112 flag, which is relevant on Win32; it appears that "creat()"
2113 may open the file in text mode, not binary mode, but we want
2114 to copy the raw bytes of the file, so we need the output file
2115 to be open in binary mode. */
2116 to_fd = open(to_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
2119 simple_dialog(ESD_TYPE_CRIT, NULL,
2120 file_open_error_message(err, TRUE), to_filename);
2125 while ((nread = read(from_fd, pd, sizeof pd)) > 0) {
2126 nwritten = write(to_fd, pd, nread);
2127 if (nwritten < nread) {
2131 err = WTAP_ERR_SHORT_WRITE;
2132 simple_dialog(ESD_TYPE_CRIT, NULL,
2133 file_write_error_message(err), to_filename);
2141 simple_dialog(ESD_TYPE_CRIT, NULL,
2142 file_read_error_message(err), from_filename);
2148 if (close(to_fd) < 0) {
2150 simple_dialog(ESD_TYPE_CRIT, NULL,
2151 file_close_error_message(err), to_filename);