6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
46 #ifdef NEED_STRERROR_H
50 #include <epan/epan.h>
51 #include <epan/filesystem.h>
54 #include "color_filters.h"
56 #include <epan/column.h>
57 #include <epan/packet.h>
58 #include "packet-range.h"
64 #include "alert_box.h"
65 #include "simple_dialog.h"
66 #include "progress_dlg.h"
68 #include <epan/prefs.h>
69 #include <epan/dfilter/dfilter.h>
70 #include <epan/epan_dissect.h>
72 #include <epan/dissectors/packet-data.h>
73 #include <epan/dissectors/packet-ber.h>
74 #include <epan/timestamp.h>
75 #include <epan/dfilter/dfilter-macro.h>
76 #include <wsutil/file_util.h>
77 #include <epan/column-utils.h>
78 #include <epan/strutil.h>
81 gboolean auto_scroll_live;
84 static nstime_t first_ts;
85 static nstime_t prev_dis_ts;
86 static guint32 cum_bytes = 0;
88 static void cf_reset_state(capture_file *cf);
90 static int read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset);
92 static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
93 gboolean refilter, gboolean redissect);
95 static gboolean match_protocol_tree(capture_file *cf, frame_data *fdata,
97 static void match_subtree_text(proto_node *node, gpointer data);
98 static gboolean match_summary_line(capture_file *cf, frame_data *fdata,
100 static gboolean match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
102 static gboolean match_ascii(capture_file *cf, frame_data *fdata,
104 static gboolean match_unicode(capture_file *cf, frame_data *fdata,
106 static gboolean match_binary(capture_file *cf, frame_data *fdata,
108 static gboolean match_dfilter(capture_file *cf, frame_data *fdata,
110 static gboolean find_packet(capture_file *cf,
111 gboolean (*match_function)(capture_file *, frame_data *, void *),
114 static void cf_open_failure_alert_box(const char *filename, int err,
115 gchar *err_info, gboolean for_writing,
117 static const char *file_rename_error_message(int err);
118 static void cf_write_failure_alert_box(const char *filename, int err);
119 static void cf_close_failure_alert_box(const char *filename, int err);
120 static gboolean copy_binary_file(const char *from_filename, const char *to_filename);
122 /* Update the progress bar this many times when reading a file. */
123 #define N_PROGBAR_UPDATES 100
125 /* Number of "frame_data" structures per memory chunk.
126 XXX - is this the right number? */
127 #define FRAME_DATA_CHUNK_SIZE 1024
130 /* this callback mechanism should possibly be replaced by the g_signal_...() stuff (if I only would know how :-) */
132 cf_callback_t cb_fct;
134 } cf_callback_data_t;
136 static GList *cf_callbacks = NULL;
139 cf_callback_invoke(int event, gpointer data)
141 cf_callback_data_t *cb;
142 GList *cb_item = cf_callbacks;
144 /* there should be at least one interested */
145 g_assert(cb_item != NULL);
147 while(cb_item != NULL) {
149 cb->cb_fct(event, data, cb->user_data);
150 cb_item = g_list_next(cb_item);
156 cf_callback_add(cf_callback_t func, gpointer user_data)
158 cf_callback_data_t *cb;
160 cb = g_malloc(sizeof(cf_callback_data_t));
162 cb->user_data = user_data;
164 cf_callbacks = g_list_append(cf_callbacks, cb);
168 cf_callback_remove(cf_callback_t func)
170 cf_callback_data_t *cb;
171 GList *cb_item = cf_callbacks;
173 while(cb_item != NULL) {
175 if(cb->cb_fct == func) {
176 cf_callbacks = g_list_remove(cf_callbacks, cb);
180 cb_item = g_list_next(cb_item);
183 g_assert_not_reached();
187 cf_timestamp_auto_precision(capture_file *cf)
189 int prec = timestamp_get_precision();
192 /* don't try to get the file's precision if none is opened */
193 if(cf->state == FILE_CLOSED) {
197 /* if we are in auto mode, set precision of current file */
198 if(prec == TS_PREC_AUTO ||
199 prec == TS_PREC_AUTO_SEC ||
200 prec == TS_PREC_AUTO_DSEC ||
201 prec == TS_PREC_AUTO_CSEC ||
202 prec == TS_PREC_AUTO_MSEC ||
203 prec == TS_PREC_AUTO_USEC ||
204 prec == TS_PREC_AUTO_NSEC)
206 switch(wtap_file_tsprecision(cf->wth)) {
207 case(WTAP_FILE_TSPREC_SEC):
208 timestamp_set_precision(TS_PREC_AUTO_SEC);
210 case(WTAP_FILE_TSPREC_DSEC):
211 timestamp_set_precision(TS_PREC_AUTO_DSEC);
213 case(WTAP_FILE_TSPREC_CSEC):
214 timestamp_set_precision(TS_PREC_AUTO_CSEC);
216 case(WTAP_FILE_TSPREC_MSEC):
217 timestamp_set_precision(TS_PREC_AUTO_MSEC);
219 case(WTAP_FILE_TSPREC_USEC):
220 timestamp_set_precision(TS_PREC_AUTO_USEC);
222 case(WTAP_FILE_TSPREC_NSEC):
223 timestamp_set_precision(TS_PREC_AUTO_NSEC);
226 g_assert_not_reached();
233 cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
238 wth = wtap_open_offline(fname, err, &err_info, TRUE);
242 /* The open succeeded. Close whatever capture file we had open,
243 and fill in the information for this file. */
246 /* Initialize all data structures used for dissection. */
249 /* We're about to start reading the file. */
250 cf->state = FILE_READ_IN_PROGRESS;
255 /* Set the file name because we need it to set the follow stream filter.
256 XXX - is that still true? We need it for other reasons, though,
258 cf->filename = g_strdup(fname);
260 /* Indicate whether it's a permanent or temporary file. */
261 cf->is_tempfile = is_tempfile;
263 /* If it's a temporary capture buffer file, mark it as not saved. */
264 cf->user_saved = !is_tempfile;
266 cf->cd_t = wtap_file_type(cf->wth);
268 cf->displayed_count = 0;
269 cf->marked_count = 0;
270 cf->drops_known = FALSE;
272 cf->snap = wtap_snapshot_length(cf->wth);
274 /* Snapshot length not known. */
275 cf->has_snap = FALSE;
276 cf->snap = WTAP_MAX_PACKET_SIZE;
279 nstime_set_zero(&cf->elapsed_time);
280 nstime_set_unset(&first_ts);
281 nstime_set_unset(&prev_dis_ts);
283 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
285 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
287 g_assert(cf->plist_chunk);
289 /* change the time formats now, as we might have a new precision */
290 cf_change_time_formats(cf);
292 fileset_file_opened(fname);
294 if(cf->cd_t == WTAP_FILE_BER) {
295 /* tell the BER dissector the file name */
296 ber_set_filename(cf->filename);
302 cf_open_failure_alert_box(fname, *err, err_info, FALSE, 0);
308 * Reset the state for the currently closed file, but don't do the
309 * UI callbacks; this is for use in "cf_open()", where we don't
310 * want the UI to go from "file open" to "file closed" back to
311 * "file open", we want it to go from "old file open" to "new file
312 * open and being read".
315 cf_reset_state(capture_file *cf)
317 /* Die if we're in the middle of reading a file. */
318 g_assert(cf->state != FILE_READ_IN_PROGRESS);
324 /* We have no file open... */
325 if (cf->filename != NULL) {
326 /* If it's a temporary file, remove it. */
328 ws_unlink(cf->filename);
329 g_free(cf->filename);
332 /* ...which means we have nothing to save. */
333 cf->user_saved = FALSE;
335 if (cf->plist_chunk != NULL) {
336 frame_data *fdata = cf->plist;
338 g_strfreev(fdata->col_expr.col_expr);
339 g_strfreev(fdata->col_expr.col_expr_val);
342 g_mem_chunk_destroy(cf->plist_chunk);
343 cf->plist_chunk = NULL;
345 if (cf->rfcode != NULL) {
346 dfilter_free(cf->rfcode);
350 cf->plist_end = NULL;
351 cf_unselect_packet(cf); /* nothing to select */
352 cf->first_displayed = NULL;
353 cf->last_displayed = NULL;
355 /* No frame selected, no field in that frame selected. */
356 cf->current_frame = NULL;
358 cf->finfo_selected = NULL;
360 /* Clear the packet list. */
361 packet_list_freeze();
367 nstime_set_zero(&cf->elapsed_time);
369 reset_tap_listeners();
371 /* We have no file open. */
372 cf->state = FILE_CLOSED;
374 fileset_file_closed();
377 /* Reset everything to a pristine state */
379 cf_close(capture_file *cf)
381 /* do GUI things even if file is already closed,
382 * e.g. to cleanup things if a capture couldn't be started */
383 cf_callback_invoke(cf_cb_file_closing, cf);
385 /* close things, if not already closed before */
386 if(cf->state != FILE_CLOSED) {
388 color_filters_cleanup();
392 cleanup_dissection();
395 cf_callback_invoke(cf_cb_file_closed, cf);
398 /* an out of memory exception occured, wait for a user button press to exit */
399 void outofmemory_cb(gpointer dialog _U_, gint btn _U_, gpointer data _U_)
405 cf_read(capture_file *cf)
409 const gchar *name_ptr;
411 char errmsg_errno[1024+1];
413 progdlg_t *volatile progbar = NULL;
415 volatile gint64 size;
417 volatile float progbar_val;
419 gchar status_str[100];
420 volatile gint64 progbar_nextstep;
421 volatile gint64 progbar_quantum;
424 /* Compile the current display filter.
425 * We assume this will not fail since cf->dfilter is only set in
426 * cf_filter IFF the filter was valid.
430 dfilter_compile(cf->dfilter, &dfcode);
435 reset_tap_listeners();
437 cf_callback_invoke(cf_cb_file_read_start, cf);
439 name_ptr = get_basename(cf->filename);
441 /* Find the size of the file. */
442 size = wtap_file_size(cf->wth, NULL);
444 /* Update the progress bar when it gets to this value. */
445 progbar_nextstep = 0;
446 /* When we reach the value that triggers a progress bar update,
447 bump that value by this amount. */
449 progbar_quantum = size/N_PROGBAR_UPDATES;
452 /* Progress so far. */
455 packet_list_freeze();
458 g_get_current_time(&start_time);
460 while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
462 /* Create the progress bar if necessary.
463 We check on every iteration of the loop, so that it takes no
464 longer than the standard time to create it (otherwise, for a
465 large file, we might take considerably longer than that standard
466 time in order to get to the next progress bar step). */
467 if (progbar == NULL) {
468 progbar = delayed_create_progress_dlg("Loading", name_ptr,
469 TRUE, &stop_flag, &start_time, progbar_val);
472 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
473 when we update it, we have to run the GTK+ main loop to get it
474 to repaint what's pending, and doing so may involve an "ioctl()"
475 to see if there's any pending input from an X server, and doing
476 that for every packet can be costly, especially on a big file. */
477 if (data_offset >= progbar_nextstep) {
478 file_pos = wtap_read_so_far(cf->wth, NULL);
479 progbar_val = (gfloat) file_pos / (gfloat) size;
480 if (progbar_val > 1.0) {
481 /* The file probably grew while we were reading it.
482 Update file size, and try again. */
483 size = wtap_file_size(cf->wth, NULL);
485 progbar_val = (gfloat) file_pos / (gfloat) size;
486 /* If it's still > 1, either "wtap_file_size()" failed (in which
487 case there's not much we can do about it), or the file
488 *shrank* (in which case there's not much we can do about
489 it); just clip the progress value at 1.0. */
490 if (progbar_val > 1.0)
493 if (progbar != NULL) {
494 /* update the packet lists content on the first run or frequently on very large files */
495 /* (on smaller files the display update takes longer than reading the file) */
497 if(progbar_quantum > 500000 || progbar_nextstep == 0) {
499 if (auto_scroll_live && cf->plist_end != NULL)
500 packet_list_moveto_end();
501 packet_list_freeze();
505 g_snprintf(status_str, sizeof(status_str),
506 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
507 file_pos / 1024, size / 1024);
508 update_progress_dlg(progbar, progbar_val, status_str);
510 progbar_nextstep += progbar_quantum;
515 /* Well, the user decided to abort the read. He/She will be warned and
516 it might be enough for him/her to work with the already loaded
518 This is especially true for very large capture files, where you don't
519 want to wait loading the whole file (which may last minutes or even
520 hours even on fast machines) just to see that it was the wrong file. */
524 read_packet(cf, dfcode, data_offset);
526 CATCH(OutOfMemoryError) {
529 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
530 "%sOut Of Memory!%s\n"
532 "Sorry, but Wireshark has to terminate now!\n"
534 "Some infos / workarounds can be found at:\n"
535 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
536 simple_dialog_primary_start(), simple_dialog_primary_end());
537 /* we have to terminate, as we cannot recover from the memory error */
538 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
540 main_window_update();
541 /* XXX - how to avoid a busy wait? */
549 /* Cleanup and release all dfilter resources */
551 dfilter_free(dfcode);
554 /* We're done reading the file; destroy the progress bar if it was created. */
556 destroy_progress_dlg(progbar);
558 /* We're done reading sequentially through the file. */
559 cf->state = FILE_READ_DONE;
561 /* Close the sequential I/O side, to free up memory it requires. */
562 wtap_sequential_close(cf->wth);
564 /* Allow the protocol dissectors to free up memory that they
565 * don't need after the sequential run-through of the packets. */
566 postseq_cleanup_all_protocols();
568 /* Set the file encapsulation type now; we don't know what it is until
569 we've looked at all the packets, as we don't know until then whether
570 there's more than one type (and thus whether it's
571 WTAP_ENCAP_PER_PACKET). */
572 cf->lnk_t = wtap_file_encap(cf->wth);
574 cf->current_frame = cf->first_displayed;
579 cf_callback_invoke(cf_cb_file_read_finished, cf);
581 /* If we have any displayed packets to select, select the first of those
582 packets by making the first row the selected row. */
583 if (cf->first_displayed != NULL)
584 packet_list_select_row(0);
587 simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
588 "%sFile loading was cancelled!%s\n"
590 "The remaining packets in the file were discarded.\n"
592 "As a lot of packets from the original file will be missing,\n"
593 "remember to be careful when saving the current content to a file.\n",
594 simple_dialog_primary_start(), simple_dialog_primary_end());
595 return CF_READ_ERROR;
599 /* Put up a message box noting that the read failed somewhere along
600 the line. Don't throw out the stuff we managed to read, though,
604 case WTAP_ERR_UNSUPPORTED_ENCAP:
605 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
606 "The capture file has a packet with a network type that Wireshark doesn't support.\n(%s)",
609 errmsg = errmsg_errno;
612 case WTAP_ERR_CANT_READ:
613 errmsg = "An attempt to read from the capture file failed for"
614 " some unknown reason.";
617 case WTAP_ERR_SHORT_READ:
618 errmsg = "The capture file appears to have been cut short"
619 " in the middle of a packet.";
622 case WTAP_ERR_BAD_RECORD:
623 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
624 "The capture file appears to be damaged or corrupt.\n(%s)",
627 errmsg = errmsg_errno;
631 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
632 "An error occurred while reading the"
633 " capture file: %s.", wtap_strerror(err));
634 errmsg = errmsg_errno;
637 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", errmsg);
638 return CF_READ_ERROR;
645 cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
647 cf_status_t cf_status;
649 cf_status = cf_open(cf, fname, is_tempfile, err);
654 cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
656 gint64 data_offset = 0;
658 volatile int newly_displayed_packets = 0;
661 /* Compile the current display filter.
662 * We assume this will not fail since cf->dfilter is only set in
663 * cf_filter IFF the filter was valid.
667 dfilter_compile(cf->dfilter, &dfcode);
672 packet_list_check_end();
673 packet_list_freeze();
675 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
677 while (to_read != 0 && (wtap_read(cf->wth, err, &err_info, &data_offset))) {
678 if (cf->state == FILE_READ_ABORTED) {
679 /* Well, the user decided to exit Wireshark. Break out of the
680 loop, and let the code below (which is called even if there
681 aren't any packets left to read) exit. */
685 if (read_packet(cf, dfcode, data_offset) != -1) {
686 newly_displayed_packets++;
689 CATCH(OutOfMemoryError) {
692 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
693 "%sOut Of Memory!%s\n"
695 "Sorry, but Wireshark has to terminate now!\n"
697 "The capture file is not lost, it can be found at:\n"
700 "Some infos / workarounds can be found at:\n"
701 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
702 simple_dialog_primary_start(), simple_dialog_primary_end(), cf->filename);
703 /* we have to terminate, as we cannot recover from the memory error */
704 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
706 main_window_update();
707 /* XXX - how to avoid a busy wait? */
711 return CF_READ_ABORTED;
717 /* Cleanup and release all dfilter resources */
719 dfilter_free(dfcode);
722 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: count %u state: %u err: %u",
723 cf->count, cf->state, *err);*/
725 /* XXX - this causes "flickering" of the list */
728 /* moving to the end of the packet list - if the user requested so and
729 we have some new packets.
730 this doesn't seem to work well with a frozen GTK_Clist, so do this after
731 packet_list_thaw() is done, see bugzilla 1188 */
732 /* XXX - this cheats and looks inside the packet list to find the final
734 if (newly_displayed_packets && auto_scroll_live && cf->plist_end != NULL)
735 packet_list_moveto_end();
737 if (cf->state == FILE_READ_ABORTED) {
738 /* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
739 so that our caller can kill off the capture child process;
740 this will cause an EOF on the pipe from the child, so
741 "cf_finish_tail()" will be called, and it will clean up
743 return CF_READ_ABORTED;
744 } else if (*err != 0) {
745 /* We got an error reading the capture file.
746 XXX - pop up a dialog box instead? */
747 g_warning("Error \"%s\" while reading: \"%s\"\n",
748 wtap_strerror(*err), cf->filename);
750 return CF_READ_ERROR;
756 cf_finish_tail(capture_file *cf, int *err)
762 /* Compile the current display filter.
763 * We assume this will not fail since cf->dfilter is only set in
764 * cf_filter IFF the filter was valid.
768 dfilter_compile(cf->dfilter, &dfcode);
771 if(cf->wth == NULL) {
773 return CF_READ_ERROR;
776 packet_list_check_end();
777 packet_list_freeze();
779 while ((wtap_read(cf->wth, err, &err_info, &data_offset))) {
780 if (cf->state == FILE_READ_ABORTED) {
781 /* Well, the user decided to abort the read. Break out of the
782 loop, and let the code below (which is called even if there
783 aren't any packets left to read) exit. */
786 read_packet(cf, dfcode, data_offset);
789 /* Cleanup and release all dfilter resources */
791 dfilter_free(dfcode);
796 if (cf->state == FILE_READ_ABORTED) {
797 /* Well, the user decided to abort the read. We're only called
798 when the child capture process closes the pipe to us (meaning
799 it's probably exited), so we can just close the capture
800 file; we return CF_READ_ABORTED so our caller can do whatever
801 is appropriate when that happens. */
803 return CF_READ_ABORTED;
806 if (auto_scroll_live && cf->plist_end != NULL)
807 /* XXX - this cheats and looks inside the packet list to find the final
809 packet_list_moveto_end();
811 /* We're done reading sequentially through the file. */
812 cf->state = FILE_READ_DONE;
814 /* We're done reading sequentially through the file; close the
815 sequential I/O side, to free up memory it requires. */
816 wtap_sequential_close(cf->wth);
818 /* Allow the protocol dissectors to free up memory that they
819 * don't need after the sequential run-through of the packets. */
820 postseq_cleanup_all_protocols();
822 /* Set the file encapsulation type now; we don't know what it is until
823 we've looked at all the packets, as we don't know until then whether
824 there's more than one type (and thus whether it's
825 WTAP_ENCAP_PER_PACKET). */
826 cf->lnk_t = wtap_file_encap(cf->wth);
829 /* We got an error reading the capture file.
830 XXX - pop up a dialog box? */
831 return CF_READ_ERROR;
836 #endif /* HAVE_LIBPCAP */
839 cf_get_display_name(capture_file *cf)
841 const gchar *displayname;
843 /* Return a name to use in displays */
844 if (!cf->is_tempfile) {
845 /* Get the last component of the file name, and use that. */
847 displayname = get_basename(cf->filename);
849 displayname="(No file)";
852 /* The file we read is a temporary file from a live capture;
853 we don't mention its name. */
854 displayname = "(Untitled)";
859 /* XXX - use a macro instead? */
861 cf_get_packet_count(capture_file *cf)
866 /* XXX - use a macro instead? */
868 cf_set_packet_count(capture_file *cf, int packet_count)
870 cf->count = packet_count;
873 /* XXX - use a macro instead? */
875 cf_is_tempfile(capture_file *cf)
877 return cf->is_tempfile;
880 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile)
882 cf->is_tempfile = is_tempfile;
886 /* XXX - use a macro instead? */
887 void cf_set_drops_known(capture_file *cf, gboolean drops_known)
889 cf->drops_known = drops_known;
892 /* XXX - use a macro instead? */
893 void cf_set_drops(capture_file *cf, guint32 drops)
898 /* XXX - use a macro instead? */
899 gboolean cf_get_drops_known(capture_file *cf)
901 return cf->drops_known;
904 /* XXX - use a macro instead? */
905 guint32 cf_get_drops(capture_file *cf)
910 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
916 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
918 union wtap_pseudo_header *pseudo_header, const guchar *buf,
922 gboolean create_proto_tree = FALSE;
925 /* just add some value here until we know if it is being displayed or not */
926 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
928 /* If we don't have the time stamp of the first packet in the
929 capture, it's because this is the first packet. Save the time
930 stamp of this packet as the time stamp of the first packet. */
931 if (nstime_is_unset(&first_ts)) {
932 first_ts = fdata->abs_ts;
934 /* if this frames is marked as a reference time frame, reset
935 firstsec and firstusec to this frame */
936 if(fdata->flags.ref_time){
937 first_ts = fdata->abs_ts;
940 /* If we don't have the time stamp of the previous displayed packet,
941 it's because this is the first displayed packet. Save the time
942 stamp of this packet as the time stamp of the previous displayed
944 if (nstime_is_unset(&prev_dis_ts)) {
945 prev_dis_ts = fdata->abs_ts;
948 /* Get the time elapsed between the first packet and this packet. */
949 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
951 /* If it's greater than the current elapsed time, set the elapsed time
952 to it (we check for "greater than" so as not to be confused by
953 time moving backwards). */
954 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
955 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
956 cf->elapsed_time = fdata->rel_ts;
959 /* Get the time elapsed between the previous displayed packet and
961 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
965 we have a display filter and are re-applying it;
967 we have a list of color filters;
969 we have tap listeners;
971 we have custom columns;
973 allocate a protocol tree root node, so that we'll construct
974 a protocol tree against which a filter expression can be
976 if ((dfcode != NULL && refilter) || color_filters_used()
977 || num_tap_filters != 0 || have_custom_cols(&cf->cinfo))
978 create_proto_tree = TRUE;
980 /* Dissect the frame. */
981 edt = epan_dissect_new(create_proto_tree, FALSE);
983 if (dfcode != NULL && refilter) {
984 epan_dissect_prime_dfilter(edt, dfcode);
986 /* prepare color filters */
987 if (color_filters_used()) {
988 color_filters_prime_edt(edt);
991 col_custom_prime_edt(edt, &cf->cinfo);
994 epan_dissect_run(edt, pseudo_header, buf, fdata, &cf->cinfo);
995 tap_push_tapped_queue(edt);
997 /* If we have a display filter, apply it if we're refiltering, otherwise
998 leave the "passed_dfilter" flag alone.
1000 If we don't have a display filter, set "passed_dfilter" to 1. */
1001 if (dfcode != NULL) {
1003 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, edt) ? 1 : 0;
1006 fdata->flags.passed_dfilter = 1;
1008 if( (fdata->flags.passed_dfilter)
1009 || (edt->pi.fd->flags.ref_time) ){
1010 /* This frame either passed the display filter list or is marked as
1011 a time reference frame. All time reference frames are displayed
1012 even if they dont pass the display filter */
1013 if(edt->pi.fd->flags.ref_time){
1014 /* if this was a TIME REF frame we should reset the cul bytes field */
1015 cum_bytes = fdata->pkt_len;
1016 fdata->cum_bytes = cum_bytes;
1018 /* increase cum_bytes with this packets length */
1019 cum_bytes += fdata->pkt_len;
1022 epan_dissect_fill_in_columns(edt);
1024 /* If we haven't yet seen the first frame, this is it.
1026 XXX - we must do this before we add the row to the display,
1027 as, if the display's GtkCList's selection mode is
1028 GTK_SELECTION_BROWSE, when the first entry is added to it,
1029 "cf_select_packet()" will be called, and it will fetch the row
1030 data for the 0th row, and will get a null pointer rather than
1031 "fdata", as "gtk_clist_append()" won't yet have returned and
1032 thus "gtk_clist_set_row_data()" won't yet have been called.
1034 We thus need to leave behind bread crumbs so that
1035 "cf_select_packet()" can find this frame. See the comment
1036 in "cf_select_packet()". */
1037 if (cf->first_displayed == NULL)
1038 cf->first_displayed = fdata;
1040 /* This is the last frame we've seen so far. */
1041 cf->last_displayed = fdata;
1043 /* XXX - GLIB1 implementation provided to support backport of this feature. */
1044 #if (GLIB_MAJOR_VERSION >= 2)
1045 fdata->col_expr.col_expr = g_strdupv(cf->cinfo.col_expr.col_expr);
1046 fdata->col_expr.col_expr_val = g_strdupv(cf->cinfo.col_expr.col_expr_val);
1051 fdata->col_expr.col_expr = (gchar **) g_malloc(sizeof(gchar *) * (cf->cinfo.num_cols + 1));
1052 fdata->col_expr.col_expr_val = (gchar **) g_malloc(sizeof(gchar *) * (cf->cinfo.num_cols + 1));
1054 for (i=0; i <= cf->cinfo.num_cols; i++)
1056 fdata->col_expr.col_expr[i] = g_strdup(cf->cinfo.col_expr.col_expr[i]);
1057 fdata->col_expr.col_expr_val[i] = g_strdup(cf->cinfo.col_expr.col_expr_val[i]);
1059 fdata->col_expr.col_expr[i] = NULL;
1060 fdata->col_expr.col_expr_val[i] = NULL;
1063 row = packet_list_append(cf->cinfo.col_data, fdata);
1065 /* colorize packet: first apply color filters
1066 * then if packet is marked, use preferences to overwrite color
1067 * we do both to make sure that when a packet gets un-marked, the
1068 * color will be correctly set (fixes bug 2038)
1070 fdata->color_filter = color_filters_colorize_packet(row, edt);
1071 if (fdata->flags.marked) {
1072 packet_list_set_colors(row, &prefs.gui_marked_fg, &prefs.gui_marked_bg);
1075 /* Set the time of the previous displayed frame to the time of this
1077 prev_dis_ts = fdata->abs_ts;
1079 cf->displayed_count++;
1081 /* This frame didn't pass the display filter, so it's not being added
1082 to the clist, and thus has no row. */
1085 epan_dissect_free(edt);
1089 /* read in a new packet */
1090 /* returns the row of the new packet in the packet list or -1 if not displayed */
1092 read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset)
1094 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
1095 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
1096 const guchar *buf = wtap_buf_ptr(cf->wth);
1099 frame_data *plist_end;
1100 epan_dissect_t *edt;
1103 /* Allocate the next list entry, and add it to the list. */
1104 fdata = g_mem_chunk_alloc(cf->plist_chunk);
1110 fdata->pkt_len = phdr->len;
1111 fdata->cap_len = phdr->caplen;
1112 fdata->file_off = offset;
1113 fdata->lnk_t = phdr->pkt_encap;
1114 fdata->flags.encoding = CHAR_ASCII;
1115 fdata->flags.visited = 0;
1116 fdata->flags.marked = 0;
1117 fdata->flags.ref_time = 0;
1118 fdata->color_filter = NULL;
1119 fdata->col_expr.col_expr = NULL;
1120 fdata->col_expr.col_expr_val = NULL;
1122 fdata->abs_ts.secs = phdr->ts.secs;
1123 fdata->abs_ts.nsecs = phdr->ts.nsecs;
1125 if (cf->plist_end != NULL)
1126 nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &cf->plist_end->abs_ts);
1128 nstime_set_zero(&fdata->del_cap_ts);
1132 edt = epan_dissect_new(TRUE, FALSE);
1133 epan_dissect_prime_dfilter(edt, cf->rfcode);
1134 epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
1135 passed = dfilter_apply_edt(cf->rfcode, edt);
1136 epan_dissect_free(edt);
1139 plist_end = cf->plist_end;
1140 fdata->prev = plist_end;
1141 if (plist_end != NULL)
1142 plist_end->next = fdata;
1145 cf->plist_end = fdata;
1148 cf->f_datalen = offset + phdr->caplen;
1149 fdata->num = cf->count;
1150 if (!cf->redissecting) {
1151 row = add_packet_to_packet_list(fdata, cf, dfcode, pseudo_header, buf, TRUE);
1154 /* XXX - if we didn't have read filters, or if we could avoid
1155 allocating the "frame_data" structure until we knew whether
1156 the frame passed the read filter, we could use a G_ALLOC_ONLY
1159 ...but, at least in one test I did, where I just made the chunk
1160 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
1161 seem to save a noticeable amount of time or space. */
1162 g_strfreev(fdata->col_expr.col_expr);
1163 g_strfreev(fdata->col_expr.col_expr_val);
1164 g_mem_chunk_free(cf->plist_chunk, fdata);
1171 cf_merge_files(char **out_filenamep, int in_file_count,
1172 char *const *in_filenames, int file_type, gboolean do_append)
1174 merge_in_file_t *in_files;
1177 char tmpname[128+1];
1180 int open_err, read_err, write_err, close_err;
1184 char errmsg_errno[1024+1];
1186 gboolean got_read_error = FALSE, got_write_error = FALSE;
1188 progdlg_t *progbar = NULL;
1190 gint64 f_len, file_pos;
1192 GTimeVal start_time;
1193 gchar status_str[100];
1194 gint64 progbar_nextstep;
1195 gint64 progbar_quantum;
1197 /* open the input files */
1198 if (!merge_open_in_files(in_file_count, in_filenames, &in_files,
1199 &open_err, &err_info, &err_fileno)) {
1201 cf_open_failure_alert_box(in_filenames[err_fileno], open_err, err_info,
1206 if (*out_filenamep != NULL) {
1207 out_filename = *out_filenamep;
1208 out_fd = ws_open(out_filename, O_CREAT|O_TRUNC|O_BINARY, 0600);
1212 out_fd = create_tempfile(tmpname, sizeof tmpname, "ether");
1215 out_filename = g_strdup(tmpname);
1216 *out_filenamep = out_filename;
1220 merge_close_in_files(in_file_count, in_files);
1222 cf_open_failure_alert_box(out_filename, open_err, NULL, TRUE, file_type);
1226 pdh = wtap_dump_fdopen(out_fd, file_type,
1227 merge_select_frame_type(in_file_count, in_files),
1228 merge_max_snapshot_length(in_file_count, in_files),
1229 FALSE /* compressed */, &open_err);
1232 merge_close_in_files(in_file_count, in_files);
1234 cf_open_failure_alert_box(out_filename, open_err, err_info, TRUE,
1239 /* Get the sum of the sizes of all the files. */
1241 for (i = 0; i < in_file_count; i++)
1242 f_len += in_files[i].size;
1244 /* Update the progress bar when it gets to this value. */
1245 progbar_nextstep = 0;
1246 /* When we reach the value that triggers a progress bar update,
1247 bump that value by this amount. */
1248 progbar_quantum = f_len/N_PROGBAR_UPDATES;
1249 /* Progress so far. */
1253 g_get_current_time(&start_time);
1255 /* do the merge (or append) */
1258 wth = merge_append_read_packet(in_file_count, in_files, &read_err,
1261 wth = merge_read_packet(in_file_count, in_files, &read_err,
1265 got_read_error = TRUE;
1269 /* Get the sum of the data offsets in all of the files. */
1271 for (i = 0; i < in_file_count; i++)
1272 data_offset += in_files[i].data_offset;
1274 /* Create the progress bar if necessary.
1275 We check on every iteration of the loop, so that it takes no
1276 longer than the standard time to create it (otherwise, for a
1277 large file, we might take considerably longer than that standard
1278 time in order to get to the next progress bar step). */
1279 if (progbar == NULL) {
1280 progbar = delayed_create_progress_dlg("Merging", "files",
1281 FALSE, &stop_flag, &start_time, progbar_val);
1284 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1285 when we update it, we have to run the GTK+ main loop to get it
1286 to repaint what's pending, and doing so may involve an "ioctl()"
1287 to see if there's any pending input from an X server, and doing
1288 that for every packet can be costly, especially on a big file. */
1289 if (data_offset >= progbar_nextstep) {
1290 /* Get the sum of the seek positions in all of the files. */
1292 for (i = 0; i < in_file_count; i++)
1293 file_pos += wtap_read_so_far(in_files[i].wth, NULL);
1294 progbar_val = (gfloat) file_pos / (gfloat) f_len;
1295 if (progbar_val > 1.0) {
1296 /* Some file probably grew while we were reading it.
1297 That "shouldn't happen", so we'll just clip the progress
1301 if (progbar != NULL) {
1302 g_snprintf(status_str, sizeof(status_str),
1303 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
1304 file_pos / 1024, f_len / 1024);
1305 update_progress_dlg(progbar, progbar_val, status_str);
1307 progbar_nextstep += progbar_quantum;
1311 /* Well, the user decided to abort the merge. */
1315 if (!wtap_dump(pdh, wtap_phdr(wth), wtap_pseudoheader(wth),
1316 wtap_buf_ptr(wth), &write_err)) {
1317 got_write_error = TRUE;
1322 /* We're done merging the files; destroy the progress bar if it was created. */
1323 if (progbar != NULL)
1324 destroy_progress_dlg(progbar);
1326 merge_close_in_files(in_file_count, in_files);
1327 if (!got_read_error && !got_write_error) {
1328 if (!wtap_dump_close(pdh, &write_err))
1329 got_write_error = TRUE;
1331 wtap_dump_close(pdh, &close_err);
1333 if (got_read_error) {
1335 * Find the file on which we got the error, and report the error.
1337 for (i = 0; i < in_file_count; i++) {
1338 if (in_files[i].state == GOT_ERROR) {
1339 /* Put up a message box noting that a read failed somewhere along
1343 case WTAP_ERR_UNSUPPORTED_ENCAP:
1344 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1345 "The capture file %%s has a packet with a network type that Wireshark doesn't support.\n(%s)",
1348 errmsg = errmsg_errno;
1351 case WTAP_ERR_CANT_READ:
1352 errmsg = "An attempt to read from the capture file %s failed for"
1353 " some unknown reason.";
1356 case WTAP_ERR_SHORT_READ:
1357 errmsg = "The capture file %s appears to have been cut short"
1358 " in the middle of a packet.";
1361 case WTAP_ERR_BAD_RECORD:
1362 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1363 "The capture file %%s appears to be damaged or corrupt.\n(%s)",
1366 errmsg = errmsg_errno;
1370 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1371 "An error occurred while reading the"
1372 " capture file %%s: %s.", wtap_strerror(read_err));
1373 errmsg = errmsg_errno;
1376 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, errmsg, in_files[i].filename);
1381 if (got_write_error) {
1382 /* Put up an alert box for the write error. */
1383 cf_write_failure_alert_box(out_filename, write_err);
1386 if (got_read_error || got_write_error || stop_flag) {
1387 /* Callers aren't expected to treat an error or an explicit abort
1388 differently - we put up error dialogs ourselves, so they don't
1396 cf_filter_packets(capture_file *cf, gchar *dftext, gboolean force)
1398 const char *filter_new = dftext ? dftext : "";
1399 const char *filter_old = cf->dfilter ? cf->dfilter : "";
1402 /* if new filter equals old one, do nothing unless told to do so */
1403 if (!force && strcmp(filter_new, filter_old) == 0) {
1409 if (dftext == NULL) {
1410 /* The new filter is an empty filter (i.e., display all packets).
1411 * so leave dfcode==NULL
1415 * We have a filter; make a copy of it (as we'll be saving it),
1416 * and try to compile it.
1418 dftext = g_strdup(dftext);
1419 if (!dfilter_compile(dftext, &dfcode)) {
1420 /* The attempt failed; report an error. */
1421 gchar *safe_dftext = simple_dialog_format_message(dftext);
1422 gchar *safe_dfilter_error_msg = simple_dialog_format_message(
1424 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1427 "The following display filter isn't a valid display filter:\n%s\n"
1428 "See the help for a description of the display filter syntax.",
1429 simple_dialog_primary_start(), safe_dfilter_error_msg,
1430 simple_dialog_primary_end(), safe_dftext);
1431 g_free(safe_dfilter_error_msg);
1432 g_free(safe_dftext);
1438 if (dfcode == NULL) {
1439 /* Yes - free the filter text, and set it to null. */
1445 /* We have a valid filter. Replace the current filter. */
1446 if (cf->dfilter != NULL)
1447 g_free(cf->dfilter);
1448 cf->dfilter = dftext;
1450 /* Now rescan the packet list, applying the new filter, but not
1451 throwing away information constructed on a previous pass. */
1452 if (dftext == NULL) {
1453 rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
1455 rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
1458 /* Cleanup and release all dfilter resources */
1459 if (dfcode != NULL){
1460 dfilter_free(dfcode);
1466 cf_colorize_packets(capture_file *cf)
1468 rescan_packets(cf, "Colorizing", "all packets", FALSE, FALSE);
1472 cf_reftime_packets(capture_file *cf)
1474 rescan_packets(cf, "Updating Reftime", "all packets", FALSE, FALSE);
1478 cf_redissect_packets(capture_file *cf)
1480 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1483 /* Rescan the list of packets, reconstructing the CList.
1485 "action" describes why we're doing this; it's used in the progress
1488 "action_item" describes what we're doing; it's used in the progress
1491 "refilter" is TRUE if we need to re-evaluate the filter expression.
1493 "redissect" is TRUE if we need to make the dissectors reconstruct
1494 any state information they have (because a preference that affects
1495 some dissector has changed, meaning some dissector might construct
1496 its state differently from the way it was constructed the last time). */
1498 rescan_packets(capture_file *cf, const char *action, const char *action_item,
1499 gboolean refilter, gboolean redissect)
1502 progdlg_t *progbar = NULL;
1507 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
1508 int selected_row, prev_row, preceding_row, following_row;
1509 gboolean selected_frame_seen;
1512 GTimeVal start_time;
1513 gchar status_str[100];
1514 int progbar_nextstep;
1515 int progbar_quantum;
1518 /* Compile the current display filter.
1519 * We assume this will not fail since cf->dfilter is only set in
1520 * cf_filter IFF the filter was valid.
1524 dfilter_compile(cf->dfilter, &dfcode);
1528 reset_tap_listeners();
1529 /* Which frame, if any, is the currently selected frame?
1530 XXX - should the selected frame or the focus frame be the "current"
1531 frame, that frame being the one from which "Find Frame" searches
1533 selected_frame = cf->current_frame;
1535 /* We don't yet know what row that frame will be on, if any, after we
1536 rebuild the clist, however. */
1540 /* We need to re-initialize all the state information that protocols
1541 keep, because some preference that controls a dissector has changed,
1542 which might cause the state information to be constructed differently
1543 by that dissector. */
1545 /* We might receive new packets while redissecting, and we don't
1546 want to dissect those before their time. */
1547 cf->redissecting = TRUE;
1549 /* Initialize all data structures used for dissection. */
1553 /* Freeze the packet list while we redo it, so we don't get any
1554 screen updates while it happens. */
1555 packet_list_freeze();
1558 packet_list_clear();
1560 /* We don't yet know which will be the first and last frames displayed. */
1561 cf->first_displayed = NULL;
1562 cf->last_displayed = NULL;
1564 /* We currently don't display any packets */
1565 cf->displayed_count = 0;
1567 /* Iterate through the list of frames. Call a routine for each frame
1568 to check whether it should be displayed and, if so, add it to
1569 the display list. */
1570 nstime_set_unset(&first_ts);
1571 nstime_set_unset(&prev_dis_ts);
1573 /* Update the progress bar when it gets to this value. */
1574 progbar_nextstep = 0;
1575 /* When we reach the value that triggers a progress bar update,
1576 bump that value by this amount. */
1577 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1578 /* Count of packets at which we've looked. */
1580 /* Progress so far. */
1584 g_get_current_time(&start_time);
1586 row = -1; /* no previous row yet */
1591 preceding_frame = NULL;
1593 following_frame = NULL;
1595 selected_frame_seen = FALSE;
1597 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1598 /* Create the progress bar if necessary.
1599 We check on every iteration of the loop, so that it takes no
1600 longer than the standard time to create it (otherwise, for a
1601 large file, we might take considerably longer than that standard
1602 time in order to get to the next progress bar step). */
1603 if (progbar == NULL)
1604 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
1605 &stop_flag, &start_time,
1608 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1609 when we update it, we have to run the GTK+ main loop to get it
1610 to repaint what's pending, and doing so may involve an "ioctl()"
1611 to see if there's any pending input from an X server, and doing
1612 that for every packet can be costly, especially on a big file. */
1613 if (count >= progbar_nextstep) {
1614 /* let's not divide by zero. I should never be started
1615 * with count == 0, so let's assert that
1617 g_assert(cf->count > 0);
1618 progbar_val = (gfloat) count / cf->count;
1620 if (progbar != NULL) {
1621 g_snprintf(status_str, sizeof(status_str),
1622 "%4u of %u frames", count, cf->count);
1623 update_progress_dlg(progbar, progbar_val, status_str);
1626 progbar_nextstep += progbar_quantum;
1630 /* Well, the user decided to abort the filtering. Just stop.
1632 XXX - go back to the previous filter? Users probably just
1633 want not to wait for a filtering operation to finish;
1634 unless we cancel by having no filter, reverting to the
1635 previous filter will probably be even more expensive than
1636 continuing the filtering, as it involves going back to the
1637 beginning and filtering, and even with no filter we currently
1638 have to re-generate the entire clist, which is also expensive.
1640 I'm not sure what Network Monitor does, but it doesn't appear
1641 to give you an unfiltered display if you cancel. */
1648 /* Since all state for the frame was destroyed, mark the frame
1649 * as not visited, free the GSList referring to the state
1650 * data (the per-frame data itself was freed by
1651 * "init_dissection()"), and null out the GSList pointer. */
1652 fdata->flags.visited = 0;
1654 g_slist_free(fdata->pfd);
1659 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1660 cf->pd, fdata->cap_len, &err, &err_info)) {
1661 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1662 cf_read_error_message(err, err_info), cf->filename);
1666 /* If the previous frame is displayed, and we haven't yet seen the
1667 selected frame, remember that frame - it's the closest one we've
1668 yet seen before the selected frame. */
1669 if (prev_row != -1 && !selected_frame_seen) {
1670 preceding_row = prev_row;
1671 preceding_frame = prev_frame;
1673 row = add_packet_to_packet_list(fdata, cf, dfcode, &cf->pseudo_header, cf->pd,
1676 /* If this frame is displayed, and this is the first frame we've
1677 seen displayed after the selected frame, remember this frame -
1678 it's the closest one we've yet seen at or after the selected
1680 if (row != -1 && selected_frame_seen && following_row == -1) {
1681 following_row = row;
1682 following_frame = fdata;
1684 if (fdata == selected_frame) {
1686 selected_frame_seen = TRUE;
1689 /* Remember this row/frame - it'll be the previous row/frame
1690 on the next pass through the loop. */
1695 /* We are done redissecting the packet list. */
1696 cf->redissecting = FALSE;
1698 /* Re-sort the list using the previously selected order */
1699 packet_list_set_sort_column();
1702 /* Clear out what remains of the visited flags and per-frame data
1705 XXX - that may cause various forms of bogosity when dissecting
1706 these frames, as they won't have been seen by this sequential
1707 pass, but the only alternative I see is to keep scanning them
1708 even though the user requested that the scan stop, and that
1709 would leave the user stuck with an Wireshark grinding on
1710 until it finishes. Should we just stick them with that? */
1711 for (; fdata != NULL; fdata = fdata->next) {
1712 fdata->flags.visited = 0;
1714 g_slist_free(fdata->pfd);
1720 /* We're done filtering the packets; destroy the progress bar if it
1722 if (progbar != NULL)
1723 destroy_progress_dlg(progbar);
1725 /* Unfreeze the packet list. */
1728 if (selected_row == -1) {
1729 /* The selected frame didn't pass the filter. */
1730 if (selected_frame == NULL) {
1731 /* That's because there *was* no selected frame. Make the first
1732 displayed frame the current frame. */
1735 /* Find the nearest displayed frame to the selected frame (whether
1736 it's before or after that frame) and make that the current frame.
1737 If the next and previous displayed frames are equidistant from the
1738 selected frame, choose the next one. */
1739 g_assert(following_frame == NULL ||
1740 following_frame->num >= selected_frame->num);
1741 g_assert(preceding_frame == NULL ||
1742 preceding_frame->num <= selected_frame->num);
1743 if (following_frame == NULL) {
1744 /* No frame after the selected frame passed the filter, so we
1745 have to select the last displayed frame before the selected
1747 selected_row = preceding_row;
1748 } else if (preceding_frame == NULL) {
1749 /* No frame before the selected frame passed the filter, so we
1750 have to select the first displayed frame after the selected
1752 selected_row = following_row;
1754 /* Frames before and after the selected frame passed the filter, so
1755 we'll select the previous frame */
1756 selected_row = preceding_row;
1761 if (selected_row == -1) {
1762 /* There are no frames displayed at all. */
1763 cf_unselect_packet(cf);
1765 /* Either the frame that was selected passed the filter, or we've
1766 found the nearest displayed frame to that frame. Select it, make
1767 it the focus row, and make it visible. */
1768 if (selected_row == 0) {
1769 /* Set to invalid to force update of packet list and packet details */
1770 cf->current_row = -1;
1772 packet_list_set_selected_row(selected_row);
1775 /* Cleanup and release all dfilter resources */
1776 if (dfcode != NULL){
1777 dfilter_free(dfcode);
1788 process_specified_packets(capture_file *cf, packet_range_t *range,
1789 const char *string1, const char *string2, gboolean terminate_is_stop,
1790 gboolean (*callback)(capture_file *, frame_data *,
1791 union wtap_pseudo_header *, const guint8 *, void *),
1792 void *callback_args)
1797 union wtap_pseudo_header pseudo_header;
1798 guint8 pd[WTAP_MAX_PACKET_SIZE+1];
1799 psp_return_t ret = PSP_FINISHED;
1801 progdlg_t *progbar = NULL;
1804 gboolean progbar_stop_flag;
1805 GTimeVal progbar_start_time;
1806 gchar progbar_status_str[100];
1807 int progbar_nextstep;
1808 int progbar_quantum;
1809 range_process_e process_this;
1811 /* Update the progress bar when it gets to this value. */
1812 progbar_nextstep = 0;
1813 /* When we reach the value that triggers a progress bar update,
1814 bump that value by this amount. */
1815 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1816 /* Count of packets at which we've looked. */
1818 /* Progress so far. */
1821 progbar_stop_flag = FALSE;
1822 g_get_current_time(&progbar_start_time);
1824 packet_range_process_init(range);
1826 /* Iterate through the list of packets, printing the packets that
1827 were selected by the current display filter. */
1828 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1829 /* Create the progress bar if necessary.
1830 We check on every iteration of the loop, so that it takes no
1831 longer than the standard time to create it (otherwise, for a
1832 large file, we might take considerably longer than that standard
1833 time in order to get to the next progress bar step). */
1834 if (progbar == NULL)
1835 progbar = delayed_create_progress_dlg(string1, string2,
1838 &progbar_start_time,
1841 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1842 when we update it, we have to run the GTK+ main loop to get it
1843 to repaint what's pending, and doing so may involve an "ioctl()"
1844 to see if there's any pending input from an X server, and doing
1845 that for every packet can be costly, especially on a big file. */
1846 if (progbar_count >= progbar_nextstep) {
1847 /* let's not divide by zero. I should never be started
1848 * with count == 0, so let's assert that
1850 g_assert(cf->count > 0);
1851 progbar_val = (gfloat) progbar_count / cf->count;
1853 if (progbar != NULL) {
1854 g_snprintf(progbar_status_str, sizeof(progbar_status_str),
1855 "%4u of %u packets", progbar_count, cf->count);
1856 update_progress_dlg(progbar, progbar_val, progbar_status_str);
1859 progbar_nextstep += progbar_quantum;
1862 if (progbar_stop_flag) {
1863 /* Well, the user decided to abort the operation. Just stop,
1864 and arrange to return PSP_STOPPED to our caller, so they know
1865 it was stopped explicitly. */
1872 /* do we have to process this packet? */
1873 process_this = packet_range_process_packet(range, fdata);
1874 if (process_this == range_process_next) {
1875 /* this packet uninteresting, continue with next one */
1877 } else if (process_this == range_processing_finished) {
1878 /* all interesting packets processed, stop the loop */
1882 /* Get the packet */
1883 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
1884 pd, fdata->cap_len, &err, &err_info)) {
1885 /* Attempt to get the packet failed. */
1886 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1887 cf_read_error_message(err, err_info), cf->filename);
1891 /* Process the packet */
1892 if (!callback(cf, fdata, &pseudo_header, pd, callback_args)) {
1893 /* Callback failed. We assume it reported the error appropriately. */
1899 /* We're done printing the packets; destroy the progress bar if
1901 if (progbar != NULL)
1902 destroy_progress_dlg(progbar);
1908 retap_packet(capture_file *cf _U_, frame_data *fdata,
1909 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1912 column_info *cinfo = argsp;
1913 epan_dissect_t *edt;
1915 /* If we have tap listeners, allocate a protocol tree root node, so that
1916 we'll construct a protocol tree against which a filter expression can
1918 edt = epan_dissect_new(num_tap_filters != 0, FALSE);
1919 tap_queue_init(edt);
1920 epan_dissect_run(edt, pseudo_header, pd, fdata, cinfo);
1921 tap_push_tapped_queue(edt);
1922 epan_dissect_free(edt);
1928 cf_retap_packets(capture_file *cf, gboolean do_columns)
1930 packet_range_t range;
1932 /* Reset the tap listeners. */
1933 reset_tap_listeners();
1935 /* Iterate through the list of packets, dissecting all packets and
1936 re-running the taps. */
1937 packet_range_init(&range);
1938 packet_range_process_init(&range);
1939 switch (process_specified_packets(cf, &range, "Refiltering statistics on",
1940 "all packets", TRUE, retap_packet,
1941 do_columns ? &cf->cinfo : NULL)) {
1943 /* Completed successfully. */
1947 /* Well, the user decided to abort the refiltering.
1948 Return CF_READ_ABORTED so our caller knows they did that. */
1949 return CF_READ_ABORTED;
1952 /* Error while retapping. */
1953 return CF_READ_ERROR;
1956 g_assert_not_reached();
1961 print_args_t *print_args;
1962 gboolean print_header_line;
1963 char *header_line_buf;
1964 int header_line_buf_len;
1965 gboolean print_formfeed;
1966 gboolean print_separator;
1970 } print_callback_args_t;
1973 print_packet(capture_file *cf, frame_data *fdata,
1974 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1977 print_callback_args_t *args = argsp;
1978 epan_dissect_t *edt;
1984 gboolean proto_tree_needed;
1985 char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
1986 char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
1988 /* Create the protocol tree, and make it visible, if we're printing
1989 the dissection or the hex data.
1990 XXX - do we need it if we're just printing the hex data? */
1992 args->print_args->print_dissections != print_dissections_none || args->print_args->print_hex || have_custom_cols(&cf->cinfo);
1993 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
1995 /* Fill in the column information if we're printing the summary
1997 if (args->print_args->print_summary) {
1998 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
1999 epan_dissect_fill_in_columns(edt);
2001 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2003 if (args->print_formfeed) {
2004 if (!new_page(args->print_args->stream))
2007 if (args->print_separator) {
2008 if (!print_line(args->print_args->stream, 0, ""))
2014 * We generate bookmarks, if the output format supports them.
2015 * The name is "__frameN__".
2017 g_snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
2019 if (args->print_args->print_summary) {
2020 if (args->print_header_line) {
2021 if (!print_line(args->print_args->stream, 0, args->header_line_buf))
2023 args->print_header_line = FALSE; /* we might not need to print any more */
2025 cp = &args->line_buf[0];
2027 for (i = 0; i < cf->cinfo.num_cols; i++) {
2028 /* Find the length of the string for this column. */
2029 column_len = strlen(cf->cinfo.col_data[i]);
2030 if (args->col_widths[i] > column_len)
2031 column_len = args->col_widths[i];
2033 /* Make sure there's room in the line buffer for the column; if not,
2034 double its length. */
2035 line_len += column_len + 1; /* "+1" for space */
2036 if (line_len > args->line_buf_len) {
2037 cp_off = cp - args->line_buf;
2038 args->line_buf_len = 2 * line_len;
2039 args->line_buf = g_realloc(args->line_buf, args->line_buf_len + 1);
2040 cp = args->line_buf + cp_off;
2043 /* Right-justify the packet number column. */
2044 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2045 sprintf(cp, "%*s", args->col_widths[i], cf->cinfo.col_data[i]);
2047 sprintf(cp, "%-*s", args->col_widths[i], cf->cinfo.col_data[i]);
2049 if (i != cf->cinfo.num_cols - 1)
2055 * Generate a bookmark, using the summary line as the title.
2057 if (!print_bookmark(args->print_args->stream, bookmark_name,
2061 if (!print_line(args->print_args->stream, 0, args->line_buf))
2065 * Generate a bookmark, using "Frame N" as the title, as we're not
2066 * printing the summary line.
2068 g_snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
2069 if (!print_bookmark(args->print_args->stream, bookmark_name,
2072 } /* if (print_summary) */
2074 if (args->print_args->print_dissections != print_dissections_none) {
2075 if (args->print_args->print_summary) {
2076 /* Separate the summary line from the tree with a blank line. */
2077 if (!print_line(args->print_args->stream, 0, ""))
2081 /* Print the information in that tree. */
2082 if (!proto_tree_print(args->print_args, edt, args->print_args->stream))
2085 /* Print a blank line if we print anything after this (aka more than one packet). */
2086 args->print_separator = TRUE;
2088 /* Print a header line if we print any more packet summaries */
2089 args->print_header_line = TRUE;
2092 if (args->print_args->print_hex) {
2093 /* Print the full packet data as hex. */
2094 if (!print_hex_data(args->print_args->stream, edt))
2097 /* Print a blank line if we print anything after this (aka more than one packet). */
2098 args->print_separator = TRUE;
2100 /* Print a header line if we print any more packet summaries */
2101 args->print_header_line = TRUE;
2102 } /* if (args->print_args->print_dissections != print_dissections_none) */
2104 epan_dissect_free(edt);
2106 /* do we want to have a formfeed between each packet from now on? */
2107 if(args->print_args->print_formfeed) {
2108 args->print_formfeed = TRUE;
2114 epan_dissect_free(edt);
2119 cf_print_packets(capture_file *cf, print_args_t *print_args)
2122 print_callback_args_t callback_args;
2130 callback_args.print_args = print_args;
2131 callback_args.print_header_line = TRUE;
2132 callback_args.header_line_buf = NULL;
2133 callback_args.header_line_buf_len = 256;
2134 callback_args.print_formfeed = FALSE;
2135 callback_args.print_separator = FALSE;
2136 callback_args.line_buf = NULL;
2137 callback_args.line_buf_len = 256;
2138 callback_args.col_widths = NULL;
2140 if (!print_preamble(print_args->stream, cf->filename)) {
2141 destroy_print_stream(print_args->stream);
2142 return CF_PRINT_WRITE_ERROR;
2145 if (print_args->print_summary) {
2146 /* We're printing packet summaries. Allocate the header line buffer
2147 and get the column widths. */
2148 callback_args.header_line_buf = g_malloc(callback_args.header_line_buf_len + 1);
2150 /* Find the widths for each of the columns - maximum of the
2151 width of the title and the width of the data - and construct
2152 a buffer with a line containing the column titles. */
2153 callback_args.col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
2154 cp = &callback_args.header_line_buf[0];
2156 for (i = 0; i < cf->cinfo.num_cols; i++) {
2157 /* Don't pad the last column. */
2158 if (i == cf->cinfo.num_cols - 1)
2159 callback_args.col_widths[i] = 0;
2161 callback_args.col_widths[i] = strlen(cf->cinfo.col_title[i]);
2162 data_width = get_column_char_width(get_column_format(i));
2163 if (data_width > callback_args.col_widths[i])
2164 callback_args.col_widths[i] = data_width;
2167 /* Find the length of the string for this column. */
2168 column_len = strlen(cf->cinfo.col_title[i]);
2169 if (callback_args.col_widths[i] > column_len)
2170 column_len = callback_args.col_widths[i];
2172 /* Make sure there's room in the line buffer for the column; if not,
2173 double its length. */
2174 line_len += column_len + 1; /* "+1" for space */
2175 if (line_len > callback_args.header_line_buf_len) {
2176 cp_off = cp - callback_args.header_line_buf;
2177 callback_args.header_line_buf_len = 2 * line_len;
2178 callback_args.header_line_buf = g_realloc(callback_args.header_line_buf,
2179 callback_args.header_line_buf_len + 1);
2180 cp = callback_args.header_line_buf + cp_off;
2183 /* Right-justify the packet number column. */
2184 /* if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2185 sprintf(cp, "%*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2187 sprintf(cp, "%-*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2189 if (i != cf->cinfo.num_cols - 1)
2194 /* Now start out the main line buffer with the same length as the
2195 header line buffer. */
2196 callback_args.line_buf_len = callback_args.header_line_buf_len;
2197 callback_args.line_buf = g_malloc(callback_args.line_buf_len + 1);
2198 } /* if (print_summary) */
2200 /* Iterate through the list of packets, printing the packets we were
2202 ret = process_specified_packets(cf, &print_args->range, "Printing",
2203 "selected packets", TRUE, print_packet,
2206 if (callback_args.header_line_buf != NULL)
2207 g_free(callback_args.header_line_buf);
2208 if (callback_args.line_buf != NULL)
2209 g_free(callback_args.line_buf);
2210 if (callback_args.col_widths != NULL)
2211 g_free(callback_args.col_widths);
2216 /* Completed successfully. */
2220 /* Well, the user decided to abort the printing.
2222 XXX - note that what got generated before they did that
2223 will get printed if we're piping to a print program; we'd
2224 have to write to a file and then hand that to the print
2225 program to make it actually not print anything. */
2229 /* Error while printing.
2231 XXX - note that what got generated before they did that
2232 will get printed if we're piping to a print program; we'd
2233 have to write to a file and then hand that to the print
2234 program to make it actually not print anything. */
2235 destroy_print_stream(print_args->stream);
2236 return CF_PRINT_WRITE_ERROR;
2239 if (!print_finale(print_args->stream)) {
2240 destroy_print_stream(print_args->stream);
2241 return CF_PRINT_WRITE_ERROR;
2244 if (!destroy_print_stream(print_args->stream))
2245 return CF_PRINT_WRITE_ERROR;
2251 write_pdml_packet(capture_file *cf _U_, frame_data *fdata,
2252 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2256 epan_dissect_t *edt;
2258 /* Create the protocol tree, but don't fill in the column information. */
2259 edt = epan_dissect_new(TRUE, TRUE);
2260 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2262 /* Write out the information in that tree. */
2263 proto_tree_write_pdml(edt, fh);
2265 epan_dissect_free(edt);
2271 cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
2276 fh = ws_fopen(print_args->file, "w");
2278 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2280 write_pdml_preamble(fh);
2283 return CF_PRINT_WRITE_ERROR;
2286 /* Iterate through the list of packets, printing the packets we were
2288 ret = process_specified_packets(cf, &print_args->range, "Writing PDML",
2289 "selected packets", TRUE,
2290 write_pdml_packet, fh);
2295 /* Completed successfully. */
2299 /* Well, the user decided to abort the printing. */
2303 /* Error while printing. */
2305 return CF_PRINT_WRITE_ERROR;
2308 write_pdml_finale(fh);
2311 return CF_PRINT_WRITE_ERROR;
2314 /* XXX - check for an error */
2321 write_psml_packet(capture_file *cf, frame_data *fdata,
2322 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2326 epan_dissect_t *edt;
2327 gboolean proto_tree_needed;
2329 /* Fill in the column information, only create the protocol tree
2330 if having custom columns. */
2331 proto_tree_needed = have_custom_cols(&cf->cinfo);
2332 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
2333 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2334 epan_dissect_fill_in_columns(edt);
2336 /* Write out the information in that tree. */
2337 proto_tree_write_psml(edt, fh);
2339 epan_dissect_free(edt);
2345 cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
2350 fh = ws_fopen(print_args->file, "w");
2352 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2354 write_psml_preamble(fh);
2357 return CF_PRINT_WRITE_ERROR;
2360 /* Iterate through the list of packets, printing the packets we were
2362 ret = process_specified_packets(cf, &print_args->range, "Writing PSML",
2363 "selected packets", TRUE,
2364 write_psml_packet, fh);
2369 /* Completed successfully. */
2373 /* Well, the user decided to abort the printing. */
2377 /* Error while printing. */
2379 return CF_PRINT_WRITE_ERROR;
2382 write_psml_finale(fh);
2385 return CF_PRINT_WRITE_ERROR;
2388 /* XXX - check for an error */
2395 write_csv_packet(capture_file *cf, frame_data *fdata,
2396 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2400 epan_dissect_t *edt;
2401 gboolean proto_tree_needed;
2403 /* Fill in the column information, only create the protocol tree
2404 if having custom columns. */
2405 proto_tree_needed = have_custom_cols(&cf->cinfo);
2406 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
2407 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2408 epan_dissect_fill_in_columns(edt);
2410 /* Write out the information in that tree. */
2411 proto_tree_write_csv(edt, fh);
2413 epan_dissect_free(edt);
2419 cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
2424 fh = ws_fopen(print_args->file, "w");
2426 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2428 write_csv_preamble(fh);
2431 return CF_PRINT_WRITE_ERROR;
2434 /* Iterate through the list of packets, printing the packets we were
2436 ret = process_specified_packets(cf, &print_args->range, "Writing CSV",
2437 "selected packets", TRUE,
2438 write_csv_packet, fh);
2443 /* Completed successfully. */
2447 /* Well, the user decided to abort the printing. */
2451 /* Error while printing. */
2453 return CF_PRINT_WRITE_ERROR;
2456 write_csv_finale(fh);
2459 return CF_PRINT_WRITE_ERROR;
2462 /* XXX - check for an error */
2469 write_carrays_packet(capture_file *cf _U_, frame_data *fdata,
2470 union wtap_pseudo_header *pseudo_header _U_,
2471 const guint8 *pd, void *argsp)
2475 proto_tree_write_carrays(pd, fdata->cap_len, fdata->num, fh);
2480 cf_write_carrays_packets(capture_file *cf, print_args_t *print_args)
2485 fh = ws_fopen(print_args->file, "w");
2488 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2490 write_carrays_preamble(fh);
2494 return CF_PRINT_WRITE_ERROR;
2497 /* Iterate through the list of packets, printing the packets we were
2499 ret = process_specified_packets(cf, &print_args->range,
2501 "selected packets", TRUE,
2502 write_carrays_packet, fh);
2505 /* Completed successfully. */
2508 /* Well, the user decided to abort the printing. */
2511 /* Error while printing. */
2513 return CF_PRINT_WRITE_ERROR;
2516 write_carrays_finale(fh);
2520 return CF_PRINT_WRITE_ERROR;
2527 /* Scan through the packet list and change all columns that use the
2528 "command-line-specified" time stamp format to use the current
2529 value of that format. */
2531 cf_change_time_formats(capture_file *cf)
2534 progdlg_t *progbar = NULL;
2540 GTimeVal start_time;
2541 gchar status_str[100];
2542 int progbar_nextstep;
2543 int progbar_quantum;
2544 gboolean sorted_by_frame_column;
2547 /* adjust timestamp precision if auto is selected */
2548 cf_timestamp_auto_precision(cf);
2550 /* Are there any columns with time stamps in the "command-line-specified"
2553 XXX - we have to force the "column is writable" flag on, as it
2554 might be off from the last frame that was dissected. */
2555 col_set_writable(&cf->cinfo, TRUE);
2556 if (!check_col(&cf->cinfo, COL_CLS_TIME) &&
2557 !check_col(&cf->cinfo, COL_ABS_TIME) &&
2558 !check_col(&cf->cinfo, COL_ABS_DATE_TIME) &&
2559 !check_col(&cf->cinfo, COL_REL_TIME) &&
2560 !check_col(&cf->cinfo, COL_DELTA_TIME) &&
2561 !check_col(&cf->cinfo, COL_DELTA_TIME_DIS)) {
2562 /* No, there aren't any columns in that format, so we have no work
2567 /* Freeze the packet list while we redo it, so we don't get any
2568 screen updates while it happens. */
2569 packet_list_freeze();
2571 /* Update the progress bar when it gets to this value. */
2572 progbar_nextstep = 0;
2573 /* When we reach the value that triggers a progress bar update,
2574 bump that value by this amount. */
2575 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2576 /* Count of packets at which we've looked. */
2578 /* Progress so far. */
2581 /* If the rows are currently sorted by the frame column then we know
2582 * the row number of each packet: it's the row number of the previously
2583 * displayed packet + 1.
2585 * Otherwise, if the display is sorted by a different column then we have
2586 * to use the O(N) packet_list_find_row_from_data() (thus making the job
2587 * of changing the time display format O(N**2)).
2589 * (XXX - In fact it's still O(N**2) because gtk_clist_set_text() takes
2590 * the row number and walks that many elements down the clist to find
2591 * the appropriate element.)
2593 sorted_by_frame_column = FALSE;
2594 for (i = 0; i < cf->cinfo.num_cols; i++) {
2595 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2597 sorted_by_frame_column = (i == packet_list_get_sort_column());
2603 g_get_current_time(&start_time);
2605 /* Iterate through the list of packets, checking whether the packet
2606 is in a row of the summary list and, if so, whether there are
2607 any columns that show the time in the "command-line-specified"
2608 format and, if so, update that row. */
2609 for (fdata = cf->plist, row = -1; fdata != NULL; fdata = fdata->next) {
2610 /* Create the progress bar if necessary.
2611 We check on every iteration of the loop, so that it takes no
2612 longer than the standard time to create it (otherwise, for a
2613 large file, we might take considerably longer than that standard
2614 time in order to get to the next progress bar step). */
2615 if (progbar == NULL)
2616 progbar = delayed_create_progress_dlg("Changing", "time display",
2617 TRUE, &stop_flag, &start_time, progbar_val);
2619 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2620 when we update it, we have to run the GTK+ main loop to get it
2621 to repaint what's pending, and doing so may involve an "ioctl()"
2622 to see if there's any pending input from an X server, and doing
2623 that for every packet can be costly, especially on a big file. */
2624 if (count >= progbar_nextstep) {
2625 /* let's not divide by zero. I should never be started
2626 * with count == 0, so let's assert that
2628 g_assert(cf->count > 0);
2630 progbar_val = (gfloat) count / cf->count;
2632 if (progbar != NULL) {
2633 g_snprintf(status_str, sizeof(status_str),
2634 "%4u of %u packets", count, cf->count);
2635 update_progress_dlg(progbar, progbar_val, status_str);
2638 progbar_nextstep += progbar_quantum;
2642 /* Well, the user decided to abort the redisplay. Just stop.
2644 XXX - this leaves the time field in the old format in
2645 frames we haven't yet processed. So it goes; should we
2646 simply not offer them the option of stopping? */
2652 /* Find what row this packet is in. */
2653 if (!sorted_by_frame_column) {
2654 /* This function is O(N), so we try to avoid using it... */
2655 row = packet_list_find_row_from_data(fdata);
2657 /* ...which we do by maintaining a count of packets that are
2658 being displayed (i.e., that have passed the display filter),
2659 and using the current value of that count as the row number
2660 (which is why we can only do it when the display is sorted
2661 by the frame number). */
2662 if (fdata->flags.passed_dfilter)
2669 /* This packet is in the summary list, on row "row". */
2671 for (i = 0; i < cf->cinfo.num_cols; i++) {
2672 if (col_has_time_fmt(&cf->cinfo, i)) {
2673 /* This is one of the columns that shows the time in
2674 "command-line-specified" format; update it. */
2675 cf->cinfo.col_buf[i][0] = '\0';
2676 col_set_fmt_time(fdata, &cf->cinfo, cf->cinfo.col_fmt[i], i);
2677 packet_list_set_text(row, i, cf->cinfo.col_data[i]);
2683 /* We're done redisplaying the packets; destroy the progress bar if it
2685 if (progbar != NULL)
2686 destroy_progress_dlg(progbar);
2688 /* Set the column widths of those columns that show the time in
2689 "command-line-specified" format. */
2690 for (i = 0; i < cf->cinfo.num_cols; i++) {
2691 if (col_has_time_fmt(&cf->cinfo, i)) {
2692 packet_list_set_time_width(cf->cinfo.col_fmt[i], i);
2696 /* Unfreeze the packet list. */
2704 gboolean frame_matched;
2708 cf_find_packet_protocol_tree(capture_file *cf, const char *string)
2712 mdata.string = string;
2713 mdata.string_len = strlen(string);
2714 return find_packet(cf, match_protocol_tree, &mdata);
2718 match_protocol_tree(capture_file *cf, frame_data *fdata, void *criterion)
2720 match_data *mdata = criterion;
2721 epan_dissect_t *edt;
2723 /* Construct the protocol tree, including the displayed text */
2724 edt = epan_dissect_new(TRUE, TRUE);
2725 /* We don't need the column information */
2726 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
2728 /* Iterate through all the nodes, seeing if they have text that matches. */
2730 mdata->frame_matched = FALSE;
2731 proto_tree_children_foreach(edt->tree, match_subtree_text, mdata);
2732 epan_dissect_free(edt);
2733 return mdata->frame_matched;
2737 match_subtree_text(proto_node *node, gpointer data)
2739 match_data *mdata = (match_data*) data;
2740 const gchar *string = mdata->string;
2741 size_t string_len = mdata->string_len;
2742 capture_file *cf = mdata->cf;
2743 field_info *fi = PITEM_FINFO(node);
2744 gchar label_str[ITEM_LABEL_LENGTH];
2751 if (mdata->frame_matched) {
2752 /* We already had a match; don't bother doing any more work. */
2756 /* Don't match invisible entries. */
2757 if (PROTO_ITEM_IS_HIDDEN(node))
2760 /* was a free format label produced? */
2762 label_ptr = fi->rep->representation;
2764 /* no, make a generic label */
2765 label_ptr = label_str;
2766 proto_item_fill_label(fi, label_str);
2769 /* Does that label match? */
2770 label_len = strlen(label_ptr);
2771 for (i = 0; i < label_len; i++) {
2772 c_char = label_ptr[i];
2774 c_char = toupper(c_char);
2775 if (c_char == string[c_match]) {
2777 if (c_match == string_len) {
2778 /* No need to look further; we have a match */
2779 mdata->frame_matched = TRUE;
2786 /* Recurse into the subtree, if it exists */
2787 if (node->first_child != NULL)
2788 proto_tree_children_foreach(node, match_subtree_text, mdata);
2792 cf_find_packet_summary_line(capture_file *cf, const char *string)
2796 mdata.string = string;
2797 mdata.string_len = strlen(string);
2798 return find_packet(cf, match_summary_line, &mdata);
2802 match_summary_line(capture_file *cf, frame_data *fdata, void *criterion)
2804 match_data *mdata = criterion;
2805 const gchar *string = mdata->string;
2806 size_t string_len = mdata->string_len;
2807 epan_dissect_t *edt;
2808 const char *info_column;
2809 size_t info_column_len;
2810 gboolean frame_matched = FALSE;
2816 /* Don't bother constructing the protocol tree */
2817 edt = epan_dissect_new(FALSE, FALSE);
2818 /* Get the column information */
2819 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
2821 /* Find the Info column */
2822 for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
2823 if (cf->cinfo.fmt_matx[colx][COL_INFO]) {
2824 /* Found it. See if we match. */
2825 info_column = edt->pi.cinfo->col_data[colx];
2826 info_column_len = strlen(info_column);
2827 for (i = 0; i < info_column_len; i++) {
2828 c_char = info_column[i];
2830 c_char = toupper(c_char);
2831 if (c_char == string[c_match]) {
2833 if (c_match == string_len) {
2834 frame_matched = TRUE;
2843 epan_dissect_free(edt);
2844 return frame_matched;
2850 } cbs_t; /* "Counted byte string" */
2853 cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size)
2858 info.data_len = string_size;
2860 /* String or hex search? */
2862 /* String search - what type of string? */
2863 switch (cf->scs_type) {
2865 case SCS_ASCII_AND_UNICODE:
2866 return find_packet(cf, match_ascii_and_unicode, &info);
2869 return find_packet(cf, match_ascii, &info);
2872 return find_packet(cf, match_unicode, &info);
2875 g_assert_not_reached();
2879 return find_packet(cf, match_binary, &info);
2883 match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2885 cbs_t *info = criterion;
2886 const guint8 *ascii_text = info->data;
2887 size_t textlen = info->data_len;
2888 gboolean frame_matched;
2894 frame_matched = FALSE;
2895 buf_len = fdata->pkt_len;
2896 for (i = 0; i < buf_len; i++) {
2899 c_char = toupper(c_char);
2901 if (c_char == ascii_text[c_match]) {
2903 if (c_match == textlen) {
2904 frame_matched = TRUE;
2905 cf->search_pos = i; /* Save the position of the last character
2906 for highlighting the field. */
2913 return frame_matched;
2917 match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
2919 cbs_t *info = criterion;
2920 const guint8 *ascii_text = info->data;
2921 size_t textlen = info->data_len;
2922 gboolean frame_matched;
2928 frame_matched = FALSE;
2929 buf_len = fdata->pkt_len;
2930 for (i = 0; i < buf_len; i++) {
2933 c_char = toupper(c_char);
2934 if (c_char == ascii_text[c_match]) {
2936 if (c_match == textlen) {
2937 frame_matched = TRUE;
2938 cf->search_pos = i; /* Save the position of the last character
2939 for highlighting the field. */
2945 return frame_matched;
2949 match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2951 cbs_t *info = criterion;
2952 const guint8 *ascii_text = info->data;
2953 size_t textlen = info->data_len;
2954 gboolean frame_matched;
2960 frame_matched = FALSE;
2961 buf_len = fdata->pkt_len;
2962 for (i = 0; i < buf_len; i++) {
2965 c_char = toupper(c_char);
2966 if (c_char == ascii_text[c_match]) {
2969 if (c_match == textlen) {
2970 frame_matched = TRUE;
2971 cf->search_pos = i; /* Save the position of the last character
2972 for highlighting the field. */
2978 return frame_matched;
2982 match_binary(capture_file *cf, frame_data *fdata, void *criterion)
2984 cbs_t *info = criterion;
2985 const guint8 *binary_data = info->data;
2986 size_t datalen = info->data_len;
2987 gboolean frame_matched;
2992 frame_matched = FALSE;
2993 buf_len = fdata->pkt_len;
2994 for (i = 0; i < buf_len; i++) {
2995 if (cf->pd[i] == binary_data[c_match]) {
2997 if (c_match == datalen) {
2998 frame_matched = TRUE;
2999 cf->search_pos = i; /* Save the position of the last character
3000 for highlighting the field. */
3006 return frame_matched;
3010 cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode)
3012 return find_packet(cf, match_dfilter, sfcode);
3016 match_dfilter(capture_file *cf, frame_data *fdata, void *criterion)
3018 dfilter_t *sfcode = criterion;
3019 epan_dissect_t *edt;
3020 gboolean frame_matched;
3022 edt = epan_dissect_new(TRUE, FALSE);
3023 epan_dissect_prime_dfilter(edt, sfcode);
3024 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
3025 frame_matched = dfilter_apply_edt(sfcode, edt);
3026 epan_dissect_free(edt);
3027 return frame_matched;
3031 find_packet(capture_file *cf,
3032 gboolean (*match_function)(capture_file *, frame_data *, void *),
3035 frame_data *start_fd;
3037 frame_data *new_fd = NULL;
3038 progdlg_t *progbar = NULL;
3045 GTimeVal start_time;
3046 gchar status_str[100];
3047 int progbar_nextstep;
3048 int progbar_quantum;
3051 start_fd = cf->current_frame;
3052 if (start_fd != NULL) {
3053 /* Iterate through the list of packets, starting at the packet we've
3054 picked, calling a routine to run the filter on the packet, see if
3055 it matches, and stop if so. */
3059 /* Update the progress bar when it gets to this value. */
3060 progbar_nextstep = 0;
3061 /* When we reach the value that triggers a progress bar update,
3062 bump that value by this amount. */
3063 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
3064 /* Progress so far. */
3068 g_get_current_time(&start_time);
3071 title = cf->sfilter?cf->sfilter:"";
3073 /* Create the progress bar if necessary.
3074 We check on every iteration of the loop, so that it takes no
3075 longer than the standard time to create it (otherwise, for a
3076 large file, we might take considerably longer than that standard
3077 time in order to get to the next progress bar step). */
3078 if (progbar == NULL)
3079 progbar = delayed_create_progress_dlg("Searching", title,
3080 FALSE, &stop_flag, &start_time, progbar_val);
3082 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
3083 when we update it, we have to run the GTK+ main loop to get it
3084 to repaint what's pending, and doing so may involve an "ioctl()"
3085 to see if there's any pending input from an X server, and doing
3086 that for every packet can be costly, especially on a big file. */
3087 if (count >= progbar_nextstep) {
3088 /* let's not divide by zero. I should never be started
3089 * with count == 0, so let's assert that
3091 g_assert(cf->count > 0);
3093 progbar_val = (gfloat) count / cf->count;
3095 if (progbar != NULL) {
3096 g_snprintf(status_str, sizeof(status_str),
3097 "%4u of %u packets", count, cf->count);
3098 update_progress_dlg(progbar, progbar_val, status_str);
3101 progbar_nextstep += progbar_quantum;
3105 /* Well, the user decided to abort the search. Go back to the
3106 frame where we started. */
3111 /* Go past the current frame. */
3112 if (cf->sbackward) {
3113 /* Go on to the previous frame. */
3114 fdata = fdata->prev;
3115 if (fdata == NULL) {
3117 * XXX - other apps have a bit more of a detailed message
3118 * for this, and instead of offering "OK" and "Cancel",
3119 * they offer things such as "Continue" and "Cancel";
3120 * we need an API for popping up alert boxes with
3121 * {Verb} and "Cancel".
3124 if (prefs.gui_find_wrap)
3126 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3127 "%sBeginning of capture exceeded!%s\n\n"
3128 "Search is continued from the end of the capture.",
3129 simple_dialog_primary_start(), simple_dialog_primary_end());
3130 fdata = cf->plist_end; /* wrap around */
3134 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3135 "%sBeginning of capture exceeded!%s\n\n"
3136 "Try searching forwards.",
3137 simple_dialog_primary_start(), simple_dialog_primary_end());
3138 fdata = start_fd; /* stay on previous packet */
3142 /* Go on to the next frame. */
3143 fdata = fdata->next;
3144 if (fdata == NULL) {
3145 if (prefs.gui_find_wrap)
3147 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3148 "%sEnd of capture exceeded!%s\n\n"
3149 "Search is continued from the start of the capture.",
3150 simple_dialog_primary_start(), simple_dialog_primary_end());
3151 fdata = cf->plist; /* wrap around */
3155 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3156 "%sEnd of capture exceeded!%s\n\n"
3157 "Try searching backwards.",
3158 simple_dialog_primary_start(), simple_dialog_primary_end());
3159 fdata = start_fd; /* stay on previous packet */
3166 /* Is this packet in the display? */
3167 if (fdata->flags.passed_dfilter) {
3168 /* Yes. Load its data. */
3169 if (!wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
3170 cf->pd, fdata->cap_len, &err, &err_info)) {
3171 /* Read error. Report the error, and go back to the frame
3172 where we started. */
3173 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3174 cf_read_error_message(err, err_info), cf->filename);
3179 /* Does it match the search criterion? */
3180 if ((*match_function)(cf, fdata, criterion)) {
3182 break; /* found it! */
3186 if (fdata == start_fd) {
3187 /* We're back to the frame we were on originally, and that frame
3188 doesn't match the search filter. The search failed. */
3193 /* We're done scanning the packets; destroy the progress bar if it
3195 if (progbar != NULL)
3196 destroy_progress_dlg(progbar);
3199 if (new_fd != NULL) {
3200 /* We found a frame. Find what row it's in. */
3201 row = packet_list_find_row_from_data(new_fd);
3202 g_assert(row != -1);
3204 /* Select that row, make it the focus row, and make it visible. */
3205 packet_list_set_selected_row(row);
3206 return TRUE; /* success */
3208 return FALSE; /* failure */
3212 cf_goto_frame(capture_file *cf, guint fnumber)
3217 for (fdata = cf->plist; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
3220 if (fdata == NULL) {
3221 /* we didn't find a packet with that packet number */
3222 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3223 "There is no packet with the packet number %u.", fnumber);
3224 return FALSE; /* we failed to go to that packet */
3226 if (!fdata->flags.passed_dfilter) {
3227 /* that packet currently isn't displayed */
3228 /* XXX - add it to the set of displayed packets? */
3229 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3230 "The packet number %u isn't currently being displayed.", fnumber);
3231 return FALSE; /* we failed to go to that packet */
3234 /* We found that packet, and it's currently being displayed.
3235 Find what row it's in. */
3236 row = packet_list_find_row_from_data(fdata);
3237 g_assert(row != -1);
3239 /* Select that row, make it the focus row, and make it visible. */
3240 packet_list_set_selected_row(row);
3241 return TRUE; /* we got to that packet */
3245 cf_goto_top_frame(capture_file *cf)
3249 frame_data *lowest_fdata = NULL;
3251 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3252 if (fdata->flags.passed_dfilter) {
3253 lowest_fdata = fdata;
3258 if (lowest_fdata == NULL) {
3262 /* We found that packet, and it's currently being displayed.
3263 Find what row it's in. */
3264 row = packet_list_find_row_from_data(lowest_fdata);
3265 g_assert(row != -1);
3267 /* Select that row, make it the focus row, and make it visible. */
3268 packet_list_set_selected_row(row);
3269 return TRUE; /* we got to that packet */
3273 cf_goto_bottom_frame(capture_file *cf)
3277 frame_data *highest_fdata = NULL;
3279 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3280 if (fdata->flags.passed_dfilter) {
3281 highest_fdata = fdata;
3285 if (highest_fdata == NULL) {
3289 /* We found that packet, and it's currently being displayed.
3290 Find what row it's in. */
3291 row = packet_list_find_row_from_data(highest_fdata);
3292 g_assert(row != -1);
3294 /* Select that row, make it the focus row, and make it visible. */
3295 packet_list_set_selected_row(row);
3296 return TRUE; /* we got to that packet */
3300 * Go to frame specified by currently selected protocol tree item.
3303 cf_goto_framenum(capture_file *cf)
3305 header_field_info *hfinfo;
3308 if (cf->finfo_selected) {
3309 hfinfo = cf->finfo_selected->hfinfo;
3311 if (hfinfo->type == FT_FRAMENUM) {
3312 framenum = fvalue_get_uinteger(&cf->finfo_selected->value);
3314 return cf_goto_frame(cf, framenum);
3321 /* Select the packet on a given row. */
3323 cf_select_packet(capture_file *cf, int row)
3329 /* Get the frame data struct pointer for this frame */
3330 fdata = (frame_data *)packet_list_get_row_data(row);
3332 if (fdata == NULL) {
3333 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
3334 the first entry is added to it by "real_insert_row()", that row
3335 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
3336 our version and the vanilla GTK+ version).
3338 This means that a "select-row" signal is emitted; this causes
3339 "packet_list_select_cb()" to be called, which causes "cf_select_packet()"
3342 "cf_select_packet()" fetches, above, the data associated with the
3343 row that was selected; however, as "gtk_clist_append()", which
3344 called "real_insert_row()", hasn't yet returned, we haven't yet
3345 associated any data with that row, so we get back a null pointer.
3347 We can't assume that there's only one frame in the frame list,
3348 either, as we may be filtering the display.
3350 We therefore assume that, if "row" is 0, i.e. the first row
3351 is being selected, and "cf->first_displayed" equals
3352 "cf->last_displayed", i.e. there's only one frame being
3353 displayed, that frame is the frame we want.
3355 This means we have to set "cf->first_displayed" and
3356 "cf->last_displayed" before adding the row to the
3357 GtkCList; see the comment in "add_packet_to_packet_list()". */
3359 if (row == 0 && cf->first_displayed == cf->last_displayed)
3360 fdata = cf->first_displayed;
3363 /* If fdata _still_ isn't set simply give up. */
3364 if (fdata == NULL) {
3368 /* Get the data in that frame. */
3369 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
3370 cf->pd, fdata->cap_len, &err, &err_info)) {
3371 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3372 cf_read_error_message(err, err_info), cf->filename);
3376 /* Record that this frame is the current frame. */
3377 cf->current_frame = fdata;
3378 cf->current_row = row;
3380 /* Create the logical protocol tree. */
3381 if (cf->edt != NULL) {
3382 epan_dissect_free(cf->edt);
3385 /* We don't need the columns here. */
3386 cf->edt = epan_dissect_new(TRUE, TRUE);
3388 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
3391 dfilter_macro_build_ftv_cache(cf->edt->tree);
3393 cf_callback_invoke(cf_cb_packet_selected, cf);
3396 /* Unselect the selected packet, if any. */
3398 cf_unselect_packet(capture_file *cf)
3400 /* Destroy the epan_dissect_t for the unselected packet. */
3401 if (cf->edt != NULL) {
3402 epan_dissect_free(cf->edt);
3406 /* No packet is selected. */
3407 cf->current_frame = NULL;
3408 cf->current_row = 0;
3410 cf_callback_invoke(cf_cb_packet_unselected, cf);
3412 /* No protocol tree means no selected field. */
3413 cf_unselect_field(cf);
3416 /* Unset the selected protocol tree field, if any. */
3418 cf_unselect_field(capture_file *cf)
3420 cf->finfo_selected = NULL;
3422 cf_callback_invoke(cf_cb_field_unselected, cf);
3426 * Mark a particular frame.
3429 cf_mark_frame(capture_file *cf, frame_data *frame)
3431 if (! frame->flags.marked) {
3432 frame->flags.marked = TRUE;
3433 if (cf->count > cf->marked_count)
3439 * Unmark a particular frame.
3442 cf_unmark_frame(capture_file *cf, frame_data *frame)
3444 if (frame->flags.marked) {
3445 frame->flags.marked = FALSE;
3446 if (cf->marked_count > 0)
3454 } save_callback_args_t;
3457 * Save a capture to a file, in a particular format, saving either
3458 * all packets, all currently-displayed packets, or all marked packets.
3460 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
3461 * up a message box for the failure.
3464 save_packet(capture_file *cf _U_, frame_data *fdata,
3465 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
3468 save_callback_args_t *args = argsp;
3469 struct wtap_pkthdr hdr;
3472 /* init the wtap header for saving */
3473 hdr.ts.secs = fdata->abs_ts.secs;
3474 hdr.ts.nsecs = fdata->abs_ts.nsecs;
3475 hdr.caplen = fdata->cap_len;
3476 hdr.len = fdata->pkt_len;
3477 hdr.pkt_encap = fdata->lnk_t;
3479 /* and save the packet */
3480 if (!wtap_dump(args->pdh, &hdr, pseudo_header, pd, &err)) {
3481 cf_write_failure_alert_box(args->fname, err);
3488 * Can this capture file be saved in any format except by copying the raw data?
3491 cf_can_save_as(capture_file *cf)
3495 for (ft = 0; ft < WTAP_NUM_FILE_TYPES; ft++) {
3496 /* To save a file with Wiretap, Wiretap has to handle that format,
3497 and its code to handle that format must be able to write a file
3498 with this file's encapsulation type. */
3499 if (wtap_dump_can_open(ft) && wtap_dump_can_write_encap(ft, cf->lnk_t)) {
3500 /* OK, we can write it out in this type. */
3505 /* No, we couldn't save it in any format. */
3510 cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed)
3512 gchar *from_filename;
3516 save_callback_args_t callback_args;
3518 cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname);
3520 /* don't write over an existing file. */
3521 /* this should've been already checked by our caller, just to be sure... */
3522 if (file_exists(fname)) {
3523 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3524 "%sCapture file: \"%s\" already exists!%s\n\n"
3525 "Please choose a different filename.",
3526 simple_dialog_primary_start(), fname, simple_dialog_primary_end());
3530 packet_range_process_init(range);
3533 if (packet_range_process_all(range) && save_format == cf->cd_t) {
3534 /* We're not filtering packets, and we're saving it in the format
3535 it's already in, so we can just move or copy the raw data. */
3537 if (cf->is_tempfile) {
3538 /* The file being saved is a temporary file from a live
3539 capture, so it doesn't need to stay around under that name;
3540 first, try renaming the capture buffer file to the new name. */
3542 if (ws_rename(cf->filename, fname) == 0) {
3543 /* That succeeded - there's no need to copy the source file. */
3544 from_filename = NULL;
3547 if (errno == EXDEV) {
3548 /* They're on different file systems, so we have to copy the
3551 from_filename = cf->filename;
3553 /* The rename failed, but not because they're on different
3554 file systems - put up an error message. (Or should we
3555 just punt and try to copy? The only reason why I'd
3556 expect the rename to fail and the copy to succeed would
3557 be if we didn't have permission to remove the file from
3558 the temporary directory, and that might be fixable - but
3559 is it worth requiring the user to go off and fix it?) */
3560 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3561 file_rename_error_message(errno), fname);
3567 from_filename = cf->filename;
3570 /* It's a permanent file, so we should copy it, and not remove the
3573 from_filename = cf->filename;
3577 /* Copy the file, if we haven't moved it. */
3578 if (!copy_binary_file(from_filename, fname))
3582 /* Either we're filtering packets, or we're saving in a different
3583 format; we can't do that by copying or moving the capture file,
3584 we have to do it by writing the packets out in Wiretap. */
3585 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap,
3588 cf_open_failure_alert_box(fname, err, NULL, TRUE, save_format);
3592 /* XXX - we let the user save a subset of the packets.
3594 If we do that, should we make that file the current file? If so,
3595 it means we can no longer get at the other packets. What does
3598 /* Iterate through the list of packets, processing the packets we were
3601 XXX - we've already called "packet_range_process_init(range)", but
3602 "process_specified_packets()" will do it again. Fortunately,
3603 that's harmless in this case, as we haven't done anything to
3604 "range" since we initialized it. */
3605 callback_args.pdh = pdh;
3606 callback_args.fname = fname;
3607 switch (process_specified_packets(cf, range, "Saving", "selected packets",
3608 TRUE, save_packet, &callback_args)) {
3611 /* Completed successfully. */
3615 /* The user decided to abort the saving.
3616 XXX - remove the output file? */
3620 /* Error while saving. */
3621 wtap_dump_close(pdh, &err);
3625 if (!wtap_dump_close(pdh, &err)) {
3626 cf_close_failure_alert_box(fname, err);
3631 cf_callback_invoke(cf_cb_file_safe_finished, NULL);
3633 if (packet_range_process_all(range)) {
3634 /* We saved the entire capture, not just some packets from it.
3635 Open and read the file we saved it to.
3637 XXX - this is somewhat of a waste; we already have the
3638 packets, all this gets us is updated file type information
3639 (which we could just stuff into "cf"), and having the new
3640 file be the one we have opened and from which we're reading
3641 the data, and it means we have to spend time opening and
3642 reading the file, which could be a significant amount of
3643 time if the file is large. */
3644 cf->user_saved = TRUE;
3646 if ((cf_open(cf, fname, FALSE, &err)) == CF_OK) {
3647 /* XXX - report errors if this fails?
3648 What should we return if it fails or is aborted? */
3649 switch (cf_read(cf)) {
3653 /* Just because we got an error, that doesn't mean we were unable
3654 to read any of the file; we handle what we could get from the
3658 case CF_READ_ABORTED:
3659 /* The user bailed out of re-reading the capture file; the
3660 capture file has been closed - just return (without
3661 changing any menu settings; "cf_close()" set them
3662 correctly for the "no capture file open" state). */
3665 cf_callback_invoke(cf_cb_file_safe_reload_finished, NULL);
3671 cf_callback_invoke(cf_cb_file_safe_failed, NULL);
3676 cf_open_failure_alert_box(const char *filename, int err, gchar *err_info,
3677 gboolean for_writing, int file_type)
3680 /* Wiretap error. */
3683 case WTAP_ERR_NOT_REGULAR_FILE:
3684 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3685 "The file \"%s\" is a \"special file\" or socket or other non-regular file.",
3689 case WTAP_ERR_RANDOM_OPEN_PIPE:
3690 /* Seen only when opening a capture file for reading. */
3691 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3692 "The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.",
3696 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
3697 /* Seen only when opening a capture file for reading. */
3698 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3699 "The file \"%s\" isn't a capture file in a format Wireshark understands.",
3703 case WTAP_ERR_UNSUPPORTED:
3704 /* Seen only when opening a capture file for reading. */
3705 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3706 "The file \"%s\" isn't a capture file in a format Wireshark understands.\n"
3708 filename, err_info);
3712 case WTAP_ERR_CANT_WRITE_TO_PIPE:
3713 /* Seen only when opening a capture file for writing. */
3714 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3715 "The file \"%s\" is a pipe, and %s capture files can't be "
3716 "written to a pipe.",
3717 filename, wtap_file_type_string(file_type));
3720 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
3721 /* Seen only when opening a capture file for writing. */
3722 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3723 "Wireshark doesn't support writing capture files in that format.");
3726 case WTAP_ERR_UNSUPPORTED_ENCAP:
3728 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3729 "Wireshark can't save this capture in that format.");
3731 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3732 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.\n"
3734 filename, err_info);
3739 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
3741 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3742 "Wireshark can't save this capture in that format.");
3744 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3745 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
3750 case WTAP_ERR_BAD_RECORD:
3751 /* Seen only when opening a capture file for reading. */
3752 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3753 "The file \"%s\" appears to be damaged or corrupt.\n"
3755 filename, err_info);
3759 case WTAP_ERR_CANT_OPEN:
3761 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3762 "The file \"%s\" could not be created for some unknown reason.",
3765 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3766 "The file \"%s\" could not be opened for some unknown reason.",
3771 case WTAP_ERR_SHORT_READ:
3772 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3773 "The file \"%s\" appears to have been cut short"
3774 " in the middle of a packet or other data.",
3778 case WTAP_ERR_SHORT_WRITE:
3779 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3780 "A full header couldn't be written to the file \"%s\".",
3784 case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
3785 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3786 "Gzip compression not supported by this file type.");
3790 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3791 "The file \"%s\" could not be %s: %s.",
3793 for_writing ? "created" : "opened",
3794 wtap_strerror(err));
3799 open_failure_alert_box(filename, err, for_writing);
3804 file_rename_error_message(int err)
3807 static char errmsg_errno[1024+1];
3812 errmsg = "The path to the file \"%s\" doesn't exist.";
3816 errmsg = "You don't have permission to move the capture file to \"%s\".";
3820 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3821 "The file \"%%s\" could not be moved: %s.",
3822 wtap_strerror(err));
3823 errmsg = errmsg_errno;
3830 cf_read_error_message(int err, gchar *err_info)
3832 static char errmsg_errno[1024+1];
3836 case WTAP_ERR_UNSUPPORTED_ENCAP:
3837 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3838 "The file \"%%s\" has a packet with a network type that Wireshark doesn't support.\n(%s)",
3843 case WTAP_ERR_BAD_RECORD:
3844 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3845 "An error occurred while reading from the file \"%%s\": %s.\n(%s)",
3846 wtap_strerror(err), err_info);
3851 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3852 "An error occurred while reading from the file \"%%s\": %s.",
3853 wtap_strerror(err));
3856 return errmsg_errno;
3860 cf_write_failure_alert_box(const char *filename, int err)
3863 /* Wiretap error. */
3864 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3865 "An error occurred while writing to the file \"%s\": %s.",
3866 filename, wtap_strerror(err));
3869 write_failure_alert_box(filename, err);
3873 /* Check for write errors - if the file is being written to an NFS server,
3874 a write error may not show up until the file is closed, as NFS clients
3875 might not send writes to the server until the "write()" call finishes,
3876 so that the write may fail on the server but the "write()" may succeed. */
3878 cf_close_failure_alert_box(const char *filename, int err)
3881 /* Wiretap error. */
3884 case WTAP_ERR_CANT_CLOSE:
3885 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3886 "The file \"%s\" couldn't be closed for some unknown reason.",
3890 case WTAP_ERR_SHORT_WRITE:
3891 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3892 "Not all the packets could be written to the file \"%s\".",
3897 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3898 "An error occurred while closing the file \"%s\": %s.",
3899 filename, wtap_strerror(err));
3904 We assume that a close error from the OS is really a write error. */
3905 write_failure_alert_box(filename, err);
3909 /* Reload the current capture file. */
3911 cf_reload(capture_file *cf) {
3913 gboolean is_tempfile;
3916 /* If the file could be opened, "cf_open()" calls "cf_close()"
3917 to get rid of state for the old capture file before filling in state
3918 for the new capture file. "cf_close()" will remove the file if
3919 it's a temporary file; we don't want that to happen (for one thing,
3920 it'd prevent subsequent reopens from working). Remember whether it's
3921 a temporary file, mark it as not being a temporary file, and then
3922 reopen it as the type of file it was.
3924 Also, "cf_close()" will free "cf->filename", so we must make
3925 a copy of it first. */
3926 filename = g_strdup(cf->filename);
3927 is_tempfile = cf->is_tempfile;
3928 cf->is_tempfile = FALSE;
3929 if (cf_open(cf, filename, is_tempfile, &err) == CF_OK) {
3930 switch (cf_read(cf)) {
3934 /* Just because we got an error, that doesn't mean we were unable
3935 to read any of the file; we handle what we could get from the
3939 case CF_READ_ABORTED:
3940 /* The user bailed out of re-reading the capture file; the
3941 capture file has been closed - just free the capture file name
3942 string and return (without changing the last containing
3948 /* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
3949 Instead, the file was left open, so we should restore "cf->is_tempfile"
3952 XXX - change the menu? Presumably "cf_open()" will do that;
3953 make sure it does! */
3954 cf->is_tempfile = is_tempfile;
3956 /* "cf_open()" made a copy of the file name we handed it, so
3957 we should free up our copy. */
3961 /* Copies a file in binary mode, for those operating systems that care about
3963 * Returns TRUE on success, FALSE on failure. If a failure, it also
3964 * displays a simple dialog window with the error message.
3967 copy_binary_file(const char *from_filename, const char *to_filename)
3969 int from_fd, to_fd, nread, nwritten, err;
3972 /* Copy the raw bytes of the file. */
3973 from_fd = ws_open(from_filename, O_RDONLY | O_BINARY, 0000 /* no creation so don't matter */);
3975 open_failure_alert_box(from_filename, errno, FALSE);
3979 /* Use open() instead of creat() so that we can pass the O_BINARY
3980 flag, which is relevant on Win32; it appears that "creat()"
3981 may open the file in text mode, not binary mode, but we want
3982 to copy the raw bytes of the file, so we need the output file
3983 to be open in binary mode. */
3984 to_fd = ws_open(to_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
3986 open_failure_alert_box(to_filename, errno, TRUE);
3991 while ((nread = ws_read(from_fd, pd, sizeof pd)) > 0) {
3992 nwritten = ws_write(to_fd, pd, nread);
3993 if (nwritten < nread) {
3997 err = WTAP_ERR_SHORT_WRITE;
3998 write_failure_alert_box(to_filename, err);
4006 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4007 "An error occurred while reading from the file \"%s\": %s.",
4008 from_filename, strerror(err));
4014 if (ws_close(to_fd) < 0) {
4015 write_failure_alert_box(to_filename, errno);