6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
46 #ifdef NEED_STRERROR_H
50 #include <epan/epan.h>
51 #include <epan/filesystem.h>
54 #include "color_filters.h"
56 #include <epan/column.h>
57 #include <epan/packet.h>
58 #include "packet-range.h"
64 #include "alert_box.h"
65 #include "simple_dialog.h"
66 #include "progress_dlg.h"
68 #include <epan/prefs.h>
69 #include <epan/dfilter/dfilter.h>
70 #include <epan/conversation.h>
71 #include <epan/epan_dissect.h>
73 #include "stat_menu.h"
74 #include "tap_dfilter_dlg.h"
75 #include <epan/dissectors/packet-data.h>
76 #include <epan/dissectors/packet-ber.h>
77 #include <epan/timestamp.h>
78 #include <epan/dfilter/dfilter-macro.h>
79 #include "file_util.h"
80 #include <epan/column-utils.h>
81 #include <epan/strutil.h>
82 #include <epan/emem.h>
85 gboolean auto_scroll_live;
88 static nstime_t first_ts;
89 static nstime_t prev_dis_ts;
90 static guint32 cum_bytes = 0;
92 static void cf_reset_state(capture_file *cf);
94 static int read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset);
96 static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
97 gboolean refilter, gboolean redissect);
99 static gboolean match_protocol_tree(capture_file *cf, frame_data *fdata,
101 static void match_subtree_text(proto_node *node, gpointer data);
102 static gboolean match_summary_line(capture_file *cf, frame_data *fdata,
104 static gboolean match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
106 static gboolean match_ascii(capture_file *cf, frame_data *fdata,
108 static gboolean match_unicode(capture_file *cf, frame_data *fdata,
110 static gboolean match_binary(capture_file *cf, frame_data *fdata,
112 static gboolean match_dfilter(capture_file *cf, frame_data *fdata,
114 static gboolean find_packet(capture_file *cf,
115 gboolean (*match_function)(capture_file *, frame_data *, void *),
118 static void cf_open_failure_alert_box(const char *filename, int err,
119 gchar *err_info, gboolean for_writing,
121 static const char *file_rename_error_message(int err);
122 static void cf_write_failure_alert_box(const char *filename, int err);
123 static void cf_close_failure_alert_box(const char *filename, int err);
124 static gboolean copy_binary_file(const char *from_filename, const char *to_filename);
126 /* Update the progress bar this many times when reading a file. */
127 #define N_PROGBAR_UPDATES 100
129 /* Number of "frame_data" structures per memory chunk.
130 XXX - is this the right number? */
131 #define FRAME_DATA_CHUNK_SIZE 1024
134 /* one callback for now, we could have a list later */
135 static cf_callback_t cf_cb = NULL;
136 static gpointer cf_cb_user_data = NULL;
139 cf_callback_invoke(int event, gpointer data)
141 g_assert(cf_cb != NULL);
142 cf_cb(event, data, cf_cb_user_data);
147 cf_callback_add(cf_callback_t func, gpointer user_data)
149 /* More than one callback listener is currently not implemented,
150 but should be easy to do. */
151 g_assert(cf_cb == NULL);
153 cf_cb_user_data = user_data;
157 cf_callback_remove(cf_callback_t func _U_)
159 g_assert(cf_cb != NULL);
161 cf_cb_user_data = NULL;
165 cf_timestamp_auto_precision(capture_file *cf)
167 int prec = timestamp_get_precision();
170 /* don't try to get the file's precision if none is opened */
171 if(cf->state == FILE_CLOSED) {
175 /* if we are in auto mode, set precision of current file */
176 if(prec == TS_PREC_AUTO ||
177 prec == TS_PREC_AUTO_SEC ||
178 prec == TS_PREC_AUTO_DSEC ||
179 prec == TS_PREC_AUTO_CSEC ||
180 prec == TS_PREC_AUTO_MSEC ||
181 prec == TS_PREC_AUTO_USEC ||
182 prec == TS_PREC_AUTO_NSEC)
184 switch(wtap_file_tsprecision(cf->wth)) {
185 case(WTAP_FILE_TSPREC_SEC):
186 timestamp_set_precision(TS_PREC_AUTO_SEC);
188 case(WTAP_FILE_TSPREC_DSEC):
189 timestamp_set_precision(TS_PREC_AUTO_DSEC);
191 case(WTAP_FILE_TSPREC_CSEC):
192 timestamp_set_precision(TS_PREC_AUTO_CSEC);
194 case(WTAP_FILE_TSPREC_MSEC):
195 timestamp_set_precision(TS_PREC_AUTO_MSEC);
197 case(WTAP_FILE_TSPREC_USEC):
198 timestamp_set_precision(TS_PREC_AUTO_USEC);
200 case(WTAP_FILE_TSPREC_NSEC):
201 timestamp_set_precision(TS_PREC_AUTO_NSEC);
204 g_assert_not_reached();
211 cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
216 wth = wtap_open_offline(fname, err, &err_info, TRUE);
220 /* The open succeeded. Close whatever capture file we had open,
221 and fill in the information for this file. */
224 /* Initialize all data structures used for dissection. */
227 /* We're about to start reading the file. */
228 cf->state = FILE_READ_IN_PROGRESS;
233 /* Set the file name because we need it to set the follow stream filter.
234 XXX - is that still true? We need it for other reasons, though,
236 cf->filename = g_strdup(fname);
238 /* Indicate whether it's a permanent or temporary file. */
239 cf->is_tempfile = is_tempfile;
241 /* If it's a temporary capture buffer file, mark it as not saved. */
242 cf->user_saved = !is_tempfile;
244 cf->cd_t = wtap_file_type(cf->wth);
246 cf->displayed_count = 0;
247 cf->marked_count = 0;
248 cf->drops_known = FALSE;
250 cf->snap = wtap_snapshot_length(cf->wth);
252 /* Snapshot length not known. */
253 cf->has_snap = FALSE;
254 cf->snap = WTAP_MAX_PACKET_SIZE;
257 nstime_set_zero(&cf->elapsed_time);
258 nstime_set_unset(&first_ts);
259 nstime_set_unset(&prev_dis_ts);
261 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
263 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
265 g_assert(cf->plist_chunk);
267 /* change the time formats now, as we might have a new precision */
268 cf_change_time_formats(cf);
270 fileset_file_opened(fname);
272 if(cf->cd_t == WTAP_FILE_BER) {
273 /* tell the BER dissector the file name */
274 ber_set_filename(cf->filename);
280 cf_open_failure_alert_box(fname, *err, err_info, FALSE, 0);
286 * Reset the state for the currently closed file, but don't do the
287 * UI callbacks; this is for use in "cf_open()", where we don't
288 * want the UI to go from "file open" to "file closed" back to
289 * "file open", we want it to go from "old file open" to "new file
290 * open and being read".
293 cf_reset_state(capture_file *cf)
295 /* Die if we're in the middle of reading a file. */
296 g_assert(cf->state != FILE_READ_IN_PROGRESS);
302 /* We have no file open... */
303 if (cf->filename != NULL) {
304 /* If it's a temporary file, remove it. */
306 eth_unlink(cf->filename);
307 g_free(cf->filename);
310 /* ...which means we have nothing to save. */
311 cf->user_saved = FALSE;
313 if (cf->plist_chunk != NULL) {
314 g_mem_chunk_destroy(cf->plist_chunk);
315 cf->plist_chunk = NULL;
317 if (cf->rfcode != NULL) {
318 dfilter_free(cf->rfcode);
322 cf->plist_end = NULL;
323 cf_unselect_packet(cf); /* nothing to select */
324 cf->first_displayed = NULL;
325 cf->last_displayed = NULL;
327 /* No frame selected, no field in that frame selected. */
328 cf->current_frame = NULL;
329 cf->finfo_selected = NULL;
331 /* Clear the packet list. */
332 packet_list_freeze();
338 nstime_set_zero(&cf->elapsed_time);
340 reset_tap_listeners();
342 /* We have no file open. */
343 cf->state = FILE_CLOSED;
345 fileset_file_closed();
348 /* Reset everything to a pristine state */
350 cf_close(capture_file *cf)
352 /* do GUI things even if file is already closed,
353 * e.g. to cleanup things if a capture couldn't be started */
354 cf_callback_invoke(cf_cb_file_closing, cf);
356 /* close things, if not already closed before */
357 if(cf->state != FILE_CLOSED) {
359 color_filters_cleanup();
363 cleanup_dissection();
366 cf_callback_invoke(cf_cb_file_closed, cf);
369 /* an out of memory exception occured, wait for a user button press to exit */
370 void outofmemory_cb(gpointer dialog _U_, gint btn _U_, gpointer data _U_)
376 cf_read(capture_file *cf)
380 const gchar *name_ptr;
382 char errmsg_errno[1024+1];
383 gchar err_str[2048+1];
385 progdlg_t *volatile progbar = NULL;
387 volatile gint64 size;
389 volatile float progbar_val;
391 gchar status_str[100];
392 volatile gint64 progbar_nextstep;
393 volatile gint64 progbar_quantum;
396 /* Compile the current display filter.
397 * We assume this will not fail since cf->dfilter is only set in
398 * cf_filter IFF the filter was valid.
402 dfilter_compile(cf->dfilter, &dfcode);
407 reset_tap_listeners();
408 tap_dfilter_dlg_update();
410 cf_callback_invoke(cf_cb_file_read_start, cf);
412 name_ptr = get_basename(cf->filename);
414 /* Find the size of the file. */
415 size = wtap_file_size(cf->wth, NULL);
417 /* Update the progress bar when it gets to this value. */
418 progbar_nextstep = 0;
419 /* When we reach the value that triggers a progress bar update,
420 bump that value by this amount. */
422 progbar_quantum = size/N_PROGBAR_UPDATES;
425 /* Progress so far. */
428 packet_list_freeze();
431 g_get_current_time(&start_time);
433 while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
435 /* Create the progress bar if necessary.
436 We check on every iteration of the loop, so that it takes no
437 longer than the standard time to create it (otherwise, for a
438 large file, we might take considerably longer than that standard
439 time in order to get to the next progress bar step). */
440 if (progbar == NULL) {
441 progbar = delayed_create_progress_dlg("Loading", name_ptr,
442 TRUE, &stop_flag, &start_time, progbar_val);
445 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
446 when we update it, we have to run the GTK+ main loop to get it
447 to repaint what's pending, and doing so may involve an "ioctl()"
448 to see if there's any pending input from an X server, and doing
449 that for every packet can be costly, especially on a big file. */
450 if (data_offset >= progbar_nextstep) {
451 file_pos = wtap_read_so_far(cf->wth, NULL);
452 progbar_val = (gfloat) file_pos / (gfloat) size;
453 if (progbar_val > 1.0) {
454 /* The file probably grew while we were reading it.
455 Update file size, and try again. */
456 size = wtap_file_size(cf->wth, NULL);
458 progbar_val = (gfloat) file_pos / (gfloat) size;
459 /* If it's still > 1, either "wtap_file_size()" failed (in which
460 case there's not much we can do about it), or the file
461 *shrank* (in which case there's not much we can do about
462 it); just clip the progress value at 1.0. */
463 if (progbar_val > 1.0)
466 if (progbar != NULL) {
467 /* update the packet lists content on the first run or frequently on very large files */
468 /* (on smaller files the display update takes longer than reading the file) */
470 if(progbar_quantum > 500000 || progbar_nextstep == 0) {
472 if (auto_scroll_live && cf->plist_end != NULL)
473 packet_list_moveto_end();
474 packet_list_freeze();
478 g_snprintf(status_str, sizeof(status_str),
479 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
480 file_pos / 1024, size / 1024);
481 update_progress_dlg(progbar, progbar_val, status_str);
483 progbar_nextstep += progbar_quantum;
488 /* Well, the user decided to abort the read. He/She will be warned and
489 it might be enough for him/her to work with the already loaded
491 This is especially true for very large capture files, where you don't
492 want to wait loading the whole file (which may last minutes or even
493 hours even on fast machines) just to see that it was the wrong file. */
497 read_packet(cf, dfcode, data_offset);
499 CATCH(OutOfMemoryError) {
502 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
503 "%sOut Of Memory!%s\n"
505 "Sorry, but Wireshark has to terminate now!\n"
507 "Some infos / workarounds can be found at:\n"
508 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
509 simple_dialog_primary_start(), simple_dialog_primary_end());
510 /* we have to terminate, as we cannot recover from the memory error */
511 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
513 main_window_update();
514 /* XXX - how to avoid a busy wait? */
522 /* Cleanup and release all dfilter resources */
524 dfilter_free(dfcode);
527 /* We're done reading the file; destroy the progress bar if it was created. */
529 destroy_progress_dlg(progbar);
531 /* We're done reading sequentially through the file. */
532 cf->state = FILE_READ_DONE;
534 /* Close the sequential I/O side, to free up memory it requires. */
535 wtap_sequential_close(cf->wth);
537 /* Allow the protocol dissectors to free up memory that they
538 * don't need after the sequential run-through of the packets. */
539 postseq_cleanup_all_protocols();
541 /* Set the file encapsulation type now; we don't know what it is until
542 we've looked at all the packets, as we don't know until then whether
543 there's more than one type (and thus whether it's
544 WTAP_ENCAP_PER_PACKET). */
545 cf->lnk_t = wtap_file_encap(cf->wth);
547 cf->current_frame = cf->first_displayed;
550 cf_callback_invoke(cf_cb_file_read_finished, cf);
552 /* If we have any displayed packets to select, select the first of those
553 packets by making the first row the selected row. */
554 if (cf->first_displayed != NULL)
555 packet_list_select_row(0);
558 simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
559 "%sFile loading was cancelled!%s\n"
561 "The remaining packets in the file were discarded.\n"
563 "As a lot of packets from the original file will be missing,\n"
564 "remember to be careful when saving the current content to a file.\n",
565 simple_dialog_primary_start(), simple_dialog_primary_end());
566 return CF_READ_ERROR;
570 /* Put up a message box noting that the read failed somewhere along
571 the line. Don't throw out the stuff we managed to read, though,
575 case WTAP_ERR_UNSUPPORTED_ENCAP:
576 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
577 "The capture file has a packet with a network type that Wireshark doesn't support.\n(%s)",
580 errmsg = errmsg_errno;
583 case WTAP_ERR_CANT_READ:
584 errmsg = "An attempt to read from the capture file failed for"
585 " some unknown reason.";
588 case WTAP_ERR_SHORT_READ:
589 errmsg = "The capture file appears to have been cut short"
590 " in the middle of a packet.";
593 case WTAP_ERR_BAD_RECORD:
594 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
595 "The capture file appears to be damaged or corrupt.\n(%s)",
598 errmsg = errmsg_errno;
602 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
603 "An error occurred while reading the"
604 " capture file: %s.", wtap_strerror(err));
605 errmsg = errmsg_errno;
608 g_snprintf(err_str, sizeof err_str, errmsg);
609 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, err_str);
610 return CF_READ_ERROR;
617 cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
619 cf_status_t cf_status;
621 cf_status = cf_open(cf, fname, is_tempfile, err);
626 cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
628 gint64 data_offset = 0;
630 volatile int newly_displayed_packets = 0;
633 /* Compile the current display filter.
634 * We assume this will not fail since cf->dfilter is only set in
635 * cf_filter IFF the filter was valid.
639 dfilter_compile(cf->dfilter, &dfcode);
644 packet_list_check_end();
645 packet_list_freeze();
647 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
649 while (to_read != 0 && (wtap_read(cf->wth, err, &err_info, &data_offset))) {
650 if (cf->state == FILE_READ_ABORTED) {
651 /* Well, the user decided to exit Wireshark. Break out of the
652 loop, and let the code below (which is called even if there
653 aren't any packets left to read) exit. */
657 if (read_packet(cf, dfcode, data_offset) != -1) {
658 newly_displayed_packets++;
661 CATCH(OutOfMemoryError) {
664 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
665 "%sOut Of Memory!%s\n"
667 "Sorry, but Wireshark has to terminate now!\n"
669 "The capture file is not lost, it can be found at:\n"
672 "Some infos / workarounds can be found at:\n"
673 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
674 simple_dialog_primary_start(), simple_dialog_primary_end(), cf->filename);
675 /* we have to terminate, as we cannot recover from the memory error */
676 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
678 main_window_update();
679 /* XXX - how to avoid a busy wait? */
683 return CF_READ_ABORTED;
689 /* Cleanup and release all dfilter resources */
691 dfilter_free(dfcode);
694 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: count %u state: %u err: %u",
695 cf->count, cf->state, *err);*/
697 /* XXX - this causes "flickering" of the list */
700 /* moving to the end of the packet list - if the user requested so and
701 we have some new packets.
702 this doesn't seem to work well with a frozen GTK_Clist, so do this after
703 packet_list_thaw() is done, see bugzilla 1188 */
704 /* XXX - this cheats and looks inside the packet list to find the final
706 if (newly_displayed_packets && auto_scroll_live && cf->plist_end != NULL)
707 packet_list_moveto_end();
709 if (cf->state == FILE_READ_ABORTED) {
710 /* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
711 so that our caller can kill off the capture child process;
712 this will cause an EOF on the pipe from the child, so
713 "cf_finish_tail()" will be called, and it will clean up
715 return CF_READ_ABORTED;
716 } else if (*err != 0) {
717 /* We got an error reading the capture file.
718 XXX - pop up a dialog box instead? */
719 g_warning("Error \"%s\" while reading: \"%s\"\n",
720 wtap_strerror(*err), cf->filename);
722 return CF_READ_ERROR;
728 cf_finish_tail(capture_file *cf, int *err)
734 /* Compile the current display filter.
735 * We assume this will not fail since cf->dfilter is only set in
736 * cf_filter IFF the filter was valid.
740 dfilter_compile(cf->dfilter, &dfcode);
743 if(cf->wth == NULL) {
745 return CF_READ_ERROR;
748 packet_list_check_end();
749 packet_list_freeze();
751 while ((wtap_read(cf->wth, err, &err_info, &data_offset))) {
752 if (cf->state == FILE_READ_ABORTED) {
753 /* Well, the user decided to abort the read. Break out of the
754 loop, and let the code below (which is called even if there
755 aren't any packets left to read) exit. */
758 read_packet(cf, dfcode, data_offset);
761 /* Cleanup and release all dfilter resources */
763 dfilter_free(dfcode);
768 if (cf->state == FILE_READ_ABORTED) {
769 /* Well, the user decided to abort the read. We're only called
770 when the child capture process closes the pipe to us (meaning
771 it's probably exited), so we can just close the capture
772 file; we return CF_READ_ABORTED so our caller can do whatever
773 is appropriate when that happens. */
775 return CF_READ_ABORTED;
778 if (auto_scroll_live && cf->plist_end != NULL)
779 /* XXX - this cheats and looks inside the packet list to find the final
781 packet_list_moveto_end();
783 /* We're done reading sequentially through the file. */
784 cf->state = FILE_READ_DONE;
786 /* We're done reading sequentially through the file; close the
787 sequential I/O side, to free up memory it requires. */
788 wtap_sequential_close(cf->wth);
790 /* Allow the protocol dissectors to free up memory that they
791 * don't need after the sequential run-through of the packets. */
792 postseq_cleanup_all_protocols();
794 /* Set the file encapsulation type now; we don't know what it is until
795 we've looked at all the packets, as we don't know until then whether
796 there's more than one type (and thus whether it's
797 WTAP_ENCAP_PER_PACKET). */
798 cf->lnk_t = wtap_file_encap(cf->wth);
801 /* We got an error reading the capture file.
802 XXX - pop up a dialog box? */
803 return CF_READ_ERROR;
808 #endif /* HAVE_LIBPCAP */
811 cf_get_display_name(capture_file *cf)
813 const gchar *displayname;
815 /* Return a name to use in displays */
816 if (!cf->is_tempfile) {
817 /* Get the last component of the file name, and use that. */
819 displayname = get_basename(cf->filename);
821 displayname="(No file)";
824 /* The file we read is a temporary file from a live capture;
825 we don't mention its name. */
826 displayname = "(Untitled)";
831 /* XXX - use a macro instead? */
833 cf_get_packet_count(capture_file *cf)
838 /* XXX - use a macro instead? */
840 cf_set_packet_count(capture_file *cf, int packet_count)
842 cf->count = packet_count;
845 /* XXX - use a macro instead? */
847 cf_is_tempfile(capture_file *cf)
849 return cf->is_tempfile;
852 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile)
854 cf->is_tempfile = is_tempfile;
858 /* XXX - use a macro instead? */
859 void cf_set_drops_known(capture_file *cf, gboolean drops_known)
861 cf->drops_known = drops_known;
864 /* XXX - use a macro instead? */
865 void cf_set_drops(capture_file *cf, guint32 drops)
870 /* XXX - use a macro instead? */
871 gboolean cf_get_drops_known(capture_file *cf)
873 return cf->drops_known;
876 /* XXX - use a macro instead? */
877 guint32 cf_get_drops(capture_file *cf)
882 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
888 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
890 union wtap_pseudo_header *pseudo_header, const guchar *buf,
894 gboolean create_proto_tree = FALSE;
897 /* just add some value here until we know if it is being displayed or not */
898 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
900 /* If we don't have the time stamp of the first packet in the
901 capture, it's because this is the first packet. Save the time
902 stamp of this packet as the time stamp of the first packet. */
903 if (nstime_is_unset(&first_ts)) {
904 first_ts = fdata->abs_ts;
906 /* if this frames is marked as a reference time frame, reset
907 firstsec and firstusec to this frame */
908 if(fdata->flags.ref_time){
909 first_ts = fdata->abs_ts;
912 /* If we don't have the time stamp of the previous displayed packet,
913 it's because this is the first displayed packet. Save the time
914 stamp of this packet as the time stamp of the previous displayed
916 if (nstime_is_unset(&prev_dis_ts)) {
917 prev_dis_ts = fdata->abs_ts;
920 /* Get the time elapsed between the first packet and this packet. */
921 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
923 /* If it's greater than the current elapsed time, set the elapsed time
924 to it (we check for "greater than" so as not to be confused by
925 time moving backwards). */
926 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
927 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
928 cf->elapsed_time = fdata->rel_ts;
931 /* Get the time elapsed between the previous displayed packet and
933 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
937 we have a display filter and are re-applying it;
939 we have a list of color filters;
941 we have tap listeners;
943 we have custom columns;
945 allocate a protocol tree root node, so that we'll construct
946 a protocol tree against which a filter expression can be
948 if ((dfcode != NULL && refilter) || color_filters_used()
949 || num_tap_filters != 0 || have_custom_cols(&cf->cinfo))
950 create_proto_tree = TRUE;
952 /* Dissect the frame. */
953 edt = epan_dissect_new(create_proto_tree, FALSE);
955 if (dfcode != NULL && refilter) {
956 epan_dissect_prime_dfilter(edt, dfcode);
958 /* prepare color filters */
959 if (color_filters_used()) {
960 color_filters_prime_edt(edt);
963 col_custom_prime_edt(edt, &cf->cinfo);
966 epan_dissect_run(edt, pseudo_header, buf, fdata, &cf->cinfo);
967 tap_push_tapped_queue(edt);
969 /* If we have a display filter, apply it if we're refiltering, otherwise
970 leave the "passed_dfilter" flag alone.
972 If we don't have a display filter, set "passed_dfilter" to 1. */
973 if (dfcode != NULL) {
975 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, edt) ? 1 : 0;
978 fdata->flags.passed_dfilter = 1;
980 if( (fdata->flags.passed_dfilter)
981 || (edt->pi.fd->flags.ref_time) ){
982 /* This frame either passed the display filter list or is marked as
983 a time reference frame. All time reference frames are displayed
984 even if they dont pass the display filter */
985 /* if this was a TIME REF frame we should reset the cul bytes field */
986 if(edt->pi.fd->flags.ref_time){
987 cum_bytes = fdata->pkt_len;
988 fdata->cum_bytes = cum_bytes;
991 /* increase cum_bytes with this packets length */
992 cum_bytes += fdata->pkt_len;
994 epan_dissect_fill_in_columns(edt);
996 /* If we haven't yet seen the first frame, this is it.
998 XXX - we must do this before we add the row to the display,
999 as, if the display's GtkCList's selection mode is
1000 GTK_SELECTION_BROWSE, when the first entry is added to it,
1001 "cf_select_packet()" will be called, and it will fetch the row
1002 data for the 0th row, and will get a null pointer rather than
1003 "fdata", as "gtk_clist_append()" won't yet have returned and
1004 thus "gtk_clist_set_row_data()" won't yet have been called.
1006 We thus need to leave behind bread crumbs so that
1007 "cf_select_packet()" can find this frame. See the comment
1008 in "cf_select_packet()". */
1009 if (cf->first_displayed == NULL)
1010 cf->first_displayed = fdata;
1012 /* This is the last frame we've seen so far. */
1013 cf->last_displayed = fdata;
1015 fdata->col_expr.col_expr = cf->cinfo.col_expr.col_expr;
1016 fdata->col_expr.col_expr_val = cf->cinfo.col_expr.col_expr_val;
1018 row = packet_list_append(cf->cinfo.col_data, fdata);
1020 /* colorize packet: first apply color filters
1021 * then if packet is marked, use preferences to overwrite color
1022 * we do both to make sure that when a packet gets un-marked, the
1023 * color will be correctly set (fixes bug 2038)
1025 fdata->color_filter = color_filters_colorize_packet(row, edt);
1026 if (fdata->flags.marked) {
1027 packet_list_set_colors(row, &prefs.gui_marked_fg, &prefs.gui_marked_bg);
1030 /* Set the time of the previous displayed frame to the time of this
1032 prev_dis_ts = fdata->abs_ts;
1034 cf->displayed_count++;
1036 /* This frame didn't pass the display filter, so it's not being added
1037 to the clist, and thus has no row. */
1040 epan_dissect_free(edt);
1044 /* read in a new packet */
1045 /* returns the row of the new packet in the packet list or -1 if not displayed */
1047 read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset)
1049 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
1050 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
1051 const guchar *buf = wtap_buf_ptr(cf->wth);
1054 frame_data *plist_end;
1055 epan_dissect_t *edt;
1058 /* Allocate the next list entry, and add it to the list. */
1059 fdata = g_mem_chunk_alloc(cf->plist_chunk);
1065 fdata->pkt_len = phdr->len;
1066 fdata->cap_len = phdr->caplen;
1067 fdata->file_off = offset;
1068 fdata->lnk_t = phdr->pkt_encap;
1069 fdata->flags.encoding = CHAR_ASCII;
1070 fdata->flags.visited = 0;
1071 fdata->flags.marked = 0;
1072 fdata->flags.ref_time = 0;
1073 fdata->color_filter = NULL;
1075 fdata->abs_ts.secs = phdr->ts.secs;
1076 fdata->abs_ts.nsecs = phdr->ts.nsecs;
1078 if (cf->plist_end != NULL)
1079 nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &cf->plist_end->abs_ts);
1081 nstime_set_zero(&fdata->del_cap_ts);
1085 edt = epan_dissect_new(TRUE, FALSE);
1086 epan_dissect_prime_dfilter(edt, cf->rfcode);
1087 epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
1088 passed = dfilter_apply_edt(cf->rfcode, edt);
1089 epan_dissect_free(edt);
1092 plist_end = cf->plist_end;
1093 fdata->prev = plist_end;
1094 if (plist_end != NULL)
1095 plist_end->next = fdata;
1098 cf->plist_end = fdata;
1101 cf->f_datalen = offset + phdr->caplen;
1102 fdata->num = cf->count;
1103 row = add_packet_to_packet_list(fdata, cf, dfcode, pseudo_header, buf, TRUE);
1105 /* XXX - if we didn't have read filters, or if we could avoid
1106 allocating the "frame_data" structure until we knew whether
1107 the frame passed the read filter, we could use a G_ALLOC_ONLY
1110 ...but, at least in one test I did, where I just made the chunk
1111 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
1112 seem to save a noticeable amount of time or space. */
1113 g_mem_chunk_free(cf->plist_chunk, fdata);
1120 cf_merge_files(char **out_filenamep, int in_file_count,
1121 char *const *in_filenames, int file_type, gboolean do_append)
1123 merge_in_file_t *in_files;
1126 char tmpname[128+1];
1129 int open_err, read_err, write_err, close_err;
1133 char errmsg_errno[1024+1];
1134 gchar err_str[2048+1];
1136 gboolean got_read_error = FALSE, got_write_error = FALSE;
1138 progdlg_t *progbar = NULL;
1140 gint64 f_len, file_pos;
1142 GTimeVal start_time;
1143 gchar status_str[100];
1144 gint64 progbar_nextstep;
1145 gint64 progbar_quantum;
1147 /* open the input files */
1148 if (!merge_open_in_files(in_file_count, in_filenames, &in_files,
1149 &open_err, &err_info, &err_fileno)) {
1151 cf_open_failure_alert_box(in_filenames[err_fileno], open_err, err_info,
1156 if (*out_filenamep != NULL) {
1157 out_filename = *out_filenamep;
1158 out_fd = eth_open(out_filename, O_CREAT|O_TRUNC|O_BINARY, 0600);
1162 out_fd = create_tempfile(tmpname, sizeof tmpname, "ether");
1165 out_filename = g_strdup(tmpname);
1166 *out_filenamep = out_filename;
1170 merge_close_in_files(in_file_count, in_files);
1172 cf_open_failure_alert_box(out_filename, open_err, NULL, TRUE, file_type);
1176 pdh = wtap_dump_fdopen(out_fd, file_type,
1177 merge_select_frame_type(in_file_count, in_files),
1178 merge_max_snapshot_length(in_file_count, in_files),
1179 FALSE /* compressed */, &open_err);
1182 merge_close_in_files(in_file_count, in_files);
1184 cf_open_failure_alert_box(out_filename, open_err, err_info, TRUE,
1189 /* Get the sum of the sizes of all the files. */
1191 for (i = 0; i < in_file_count; i++)
1192 f_len += in_files[i].size;
1194 /* Update the progress bar when it gets to this value. */
1195 progbar_nextstep = 0;
1196 /* When we reach the value that triggers a progress bar update,
1197 bump that value by this amount. */
1198 progbar_quantum = f_len/N_PROGBAR_UPDATES;
1199 /* Progress so far. */
1203 g_get_current_time(&start_time);
1205 /* do the merge (or append) */
1208 wth = merge_append_read_packet(in_file_count, in_files, &read_err,
1211 wth = merge_read_packet(in_file_count, in_files, &read_err,
1215 got_read_error = TRUE;
1219 /* Get the sum of the data offsets in all of the files. */
1221 for (i = 0; i < in_file_count; i++)
1222 data_offset += in_files[i].data_offset;
1224 /* Create the progress bar if necessary.
1225 We check on every iteration of the loop, so that it takes no
1226 longer than the standard time to create it (otherwise, for a
1227 large file, we might take considerably longer than that standard
1228 time in order to get to the next progress bar step). */
1229 if (progbar == NULL) {
1230 progbar = delayed_create_progress_dlg("Merging", "files",
1231 FALSE, &stop_flag, &start_time, progbar_val);
1234 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1235 when we update it, we have to run the GTK+ main loop to get it
1236 to repaint what's pending, and doing so may involve an "ioctl()"
1237 to see if there's any pending input from an X server, and doing
1238 that for every packet can be costly, especially on a big file. */
1239 if (data_offset >= progbar_nextstep) {
1240 /* Get the sum of the seek positions in all of the files. */
1242 for (i = 0; i < in_file_count; i++)
1243 file_pos += wtap_read_so_far(in_files[i].wth, NULL);
1244 progbar_val = (gfloat) file_pos / (gfloat) f_len;
1245 if (progbar_val > 1.0) {
1246 /* Some file probably grew while we were reading it.
1247 That "shouldn't happen", so we'll just clip the progress
1251 if (progbar != NULL) {
1252 g_snprintf(status_str, sizeof(status_str),
1253 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
1254 file_pos / 1024, f_len / 1024);
1255 update_progress_dlg(progbar, progbar_val, status_str);
1257 progbar_nextstep += progbar_quantum;
1261 /* Well, the user decided to abort the merge. */
1265 if (!wtap_dump(pdh, wtap_phdr(wth), wtap_pseudoheader(wth),
1266 wtap_buf_ptr(wth), &write_err)) {
1267 got_write_error = TRUE;
1272 /* We're done merging the files; destroy the progress bar if it was created. */
1273 if (progbar != NULL)
1274 destroy_progress_dlg(progbar);
1276 merge_close_in_files(in_file_count, in_files);
1277 if (!got_read_error && !got_write_error) {
1278 if (!wtap_dump_close(pdh, &write_err))
1279 got_write_error = TRUE;
1281 wtap_dump_close(pdh, &close_err);
1283 if (got_read_error) {
1285 * Find the file on which we got the error, and report the error.
1287 for (i = 0; i < in_file_count; i++) {
1288 if (in_files[i].state == GOT_ERROR) {
1289 /* Put up a message box noting that a read failed somewhere along
1293 case WTAP_ERR_UNSUPPORTED_ENCAP:
1294 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1295 "The capture file %%s has a packet with a network type that Wireshark doesn't support.\n(%s)",
1298 errmsg = errmsg_errno;
1301 case WTAP_ERR_CANT_READ:
1302 errmsg = "An attempt to read from the capture file %s failed for"
1303 " some unknown reason.";
1306 case WTAP_ERR_SHORT_READ:
1307 errmsg = "The capture file %s appears to have been cut short"
1308 " in the middle of a packet.";
1311 case WTAP_ERR_BAD_RECORD:
1312 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1313 "The capture file %%s appears to be damaged or corrupt.\n(%s)",
1316 errmsg = errmsg_errno;
1320 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1321 "An error occurred while reading the"
1322 " capture file %%s: %s.", wtap_strerror(read_err));
1323 errmsg = errmsg_errno;
1326 g_snprintf(err_str, sizeof err_str, errmsg, in_files[i].filename);
1327 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, err_str);
1332 if (got_write_error) {
1333 /* Put up an alert box for the write error. */
1334 cf_write_failure_alert_box(out_filename, write_err);
1337 if (got_read_error || got_write_error || stop_flag) {
1338 /* Callers aren't expected to treat an error or an explicit abort
1339 differently - we put up error dialogs ourselves, so they don't
1347 cf_filter_packets(capture_file *cf, gchar *dftext, gboolean force)
1349 const char *filter_new = dftext ? dftext : "";
1350 const char *filter_old = cf->dfilter ? cf->dfilter : "";
1353 /* if new filter equals old one, do nothing unless told to do so */
1354 if (!force && strcmp(filter_new, filter_old) == 0) {
1360 if (dftext == NULL) {
1361 /* The new filter is an empty filter (i.e., display all packets).
1362 * so leave dfcode==NULL
1366 * We have a filter; make a copy of it (as we'll be saving it),
1367 * and try to compile it.
1369 dftext = g_strdup(dftext);
1370 if (!dfilter_compile(dftext, &dfcode)) {
1371 /* The attempt failed; report an error. */
1372 gchar *safe_dftext = simple_dialog_format_message(dftext);
1373 gchar *safe_dfilter_error_msg = simple_dialog_format_message(
1375 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1378 "The following display filter isn't a valid display filter:\n%s\n"
1379 "See the help for a description of the display filter syntax.",
1380 simple_dialog_primary_start(), safe_dfilter_error_msg,
1381 simple_dialog_primary_end(), safe_dftext);
1382 g_free(safe_dfilter_error_msg);
1383 g_free(safe_dftext);
1389 if (dfcode == NULL) {
1390 /* Yes - free the filter text, and set it to null. */
1396 /* We have a valid filter. Replace the current filter. */
1397 if (cf->dfilter != NULL)
1398 g_free(cf->dfilter);
1399 cf->dfilter = dftext;
1401 /* Now rescan the packet list, applying the new filter, but not
1402 throwing away information constructed on a previous pass. */
1403 if (dftext == NULL) {
1404 rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
1406 rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
1409 /* Cleanup and release all dfilter resources */
1410 if (dfcode != NULL){
1411 dfilter_free(dfcode);
1417 cf_colorize_packets(capture_file *cf)
1419 rescan_packets(cf, "Colorizing", "all packets", FALSE, FALSE);
1423 cf_reftime_packets(capture_file *cf)
1425 rescan_packets(cf, "Updating Reftime", "all packets", FALSE, FALSE);
1429 cf_redissect_packets(capture_file *cf)
1431 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1434 /* Rescan the list of packets, reconstructing the CList.
1436 "action" describes why we're doing this; it's used in the progress
1439 "action_item" describes what we're doing; it's used in the progress
1442 "refilter" is TRUE if we need to re-evaluate the filter expression.
1444 "redissect" is TRUE if we need to make the dissectors reconstruct
1445 any state information they have (because a preference that affects
1446 some dissector has changed, meaning some dissector might construct
1447 its state differently from the way it was constructed the last time). */
1449 rescan_packets(capture_file *cf, const char *action, const char *action_item,
1450 gboolean refilter, gboolean redissect)
1453 progdlg_t *progbar = NULL;
1458 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
1459 int selected_row, prev_row, preceding_row, following_row;
1460 gboolean selected_frame_seen;
1463 GTimeVal start_time;
1464 gchar status_str[100];
1465 int progbar_nextstep;
1466 int progbar_quantum;
1469 /* Compile the current display filter.
1470 * We assume this will not fail since cf->dfilter is only set in
1471 * cf_filter IFF the filter was valid.
1475 dfilter_compile(cf->dfilter, &dfcode);
1479 reset_tap_listeners();
1480 /* Which frame, if any, is the currently selected frame?
1481 XXX - should the selected frame or the focus frame be the "current"
1482 frame, that frame being the one from which "Find Frame" searches
1484 selected_frame = cf->current_frame;
1486 /* We don't yet know what row that frame will be on, if any, after we
1487 rebuild the clist, however. */
1491 /* We need to re-initialize all the state information that protocols
1492 keep, because some preference that controls a dissector has changed,
1493 which might cause the state information to be constructed differently
1494 by that dissector. */
1496 /* Initialize all data structures used for dissection. */
1500 /* Freeze the packet list while we redo it, so we don't get any
1501 screen updates while it happens. */
1502 packet_list_freeze();
1505 packet_list_clear();
1507 /* We don't yet know which will be the first and last frames displayed. */
1508 cf->first_displayed = NULL;
1509 cf->last_displayed = NULL;
1511 /* We currently don't display any packets */
1512 cf->displayed_count = 0;
1514 /* Iterate through the list of frames. Call a routine for each frame
1515 to check whether it should be displayed and, if so, add it to
1516 the display list. */
1517 nstime_set_unset(&first_ts);
1518 nstime_set_unset(&prev_dis_ts);
1520 /* Update the progress bar when it gets to this value. */
1521 progbar_nextstep = 0;
1522 /* When we reach the value that triggers a progress bar update,
1523 bump that value by this amount. */
1524 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1525 /* Count of packets at which we've looked. */
1527 /* Progress so far. */
1531 g_get_current_time(&start_time);
1533 row = -1; /* no previous row yet */
1538 preceding_frame = NULL;
1540 following_frame = NULL;
1542 selected_frame_seen = FALSE;
1544 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1545 /* Create the progress bar if necessary.
1546 We check on every iteration of the loop, so that it takes no
1547 longer than the standard time to create it (otherwise, for a
1548 large file, we might take considerably longer than that standard
1549 time in order to get to the next progress bar step). */
1550 if (progbar == NULL)
1551 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
1552 &stop_flag, &start_time,
1555 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1556 when we update it, we have to run the GTK+ main loop to get it
1557 to repaint what's pending, and doing so may involve an "ioctl()"
1558 to see if there's any pending input from an X server, and doing
1559 that for every packet can be costly, especially on a big file. */
1560 if (count >= progbar_nextstep) {
1561 /* let's not divide by zero. I should never be started
1562 * with count == 0, so let's assert that
1564 g_assert(cf->count > 0);
1565 progbar_val = (gfloat) count / cf->count;
1567 if (progbar != NULL) {
1568 g_snprintf(status_str, sizeof(status_str),
1569 "%4u of %u frames", count, cf->count);
1570 update_progress_dlg(progbar, progbar_val, status_str);
1573 progbar_nextstep += progbar_quantum;
1577 /* Well, the user decided to abort the filtering. Just stop.
1579 XXX - go back to the previous filter? Users probably just
1580 want not to wait for a filtering operation to finish;
1581 unless we cancel by having no filter, reverting to the
1582 previous filter will probably be even more expensive than
1583 continuing the filtering, as it involves going back to the
1584 beginning and filtering, and even with no filter we currently
1585 have to re-generate the entire clist, which is also expensive.
1587 I'm not sure what Network Monitor does, but it doesn't appear
1588 to give you an unfiltered display if you cancel. */
1595 /* Since all state for the frame was destroyed, mark the frame
1596 * as not visited, free the GSList referring to the state
1597 * data (the per-frame data itself was freed by
1598 * "init_dissection()"), and null out the GSList pointer. */
1599 fdata->flags.visited = 0;
1601 g_slist_free(fdata->pfd);
1606 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1607 cf->pd, fdata->cap_len, &err, &err_info)) {
1608 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1609 cf_read_error_message(err, err_info), cf->filename);
1613 /* If the previous frame is displayed, and we haven't yet seen the
1614 selected frame, remember that frame - it's the closest one we've
1615 yet seen before the selected frame. */
1616 if (prev_row != -1 && !selected_frame_seen) {
1617 preceding_row = prev_row;
1618 preceding_frame = prev_frame;
1620 row = add_packet_to_packet_list(fdata, cf, dfcode, &cf->pseudo_header, cf->pd,
1623 /* If this frame is displayed, and this is the first frame we've
1624 seen displayed after the selected frame, remember this frame -
1625 it's the closest one we've yet seen at or after the selected
1627 if (row != -1 && selected_frame_seen && following_row == -1) {
1628 following_row = row;
1629 following_frame = fdata;
1631 if (fdata == selected_frame) {
1633 selected_frame_seen = TRUE;
1636 /* Remember this row/frame - it'll be the previous row/frame
1637 on the next pass through the loop. */
1642 /* Re-sort the list using the previously selected order */
1643 packet_list_set_sort_column();
1646 /* Clear out what remains of the visited flags and per-frame data
1649 XXX - that may cause various forms of bogosity when dissecting
1650 these frames, as they won't have been seen by this sequential
1651 pass, but the only alternative I see is to keep scanning them
1652 even though the user requested that the scan stop, and that
1653 would leave the user stuck with an Wireshark grinding on
1654 until it finishes. Should we just stick them with that? */
1655 for (; fdata != NULL; fdata = fdata->next) {
1656 fdata->flags.visited = 0;
1658 g_slist_free(fdata->pfd);
1664 /* We're done filtering the packets; destroy the progress bar if it
1666 if (progbar != NULL)
1667 destroy_progress_dlg(progbar);
1669 /* Unfreeze the packet list. */
1672 if (selected_row == -1) {
1673 /* The selected frame didn't pass the filter. */
1674 if (selected_frame == NULL) {
1675 /* That's because there *was* no selected frame. Make the first
1676 displayed frame the current frame. */
1679 /* Find the nearest displayed frame to the selected frame (whether
1680 it's before or after that frame) and make that the current frame.
1681 If the next and previous displayed frames are equidistant from the
1682 selected frame, choose the next one. */
1683 g_assert(following_frame == NULL ||
1684 following_frame->num >= selected_frame->num);
1685 g_assert(preceding_frame == NULL ||
1686 preceding_frame->num <= selected_frame->num);
1687 if (following_frame == NULL) {
1688 /* No frame after the selected frame passed the filter, so we
1689 have to select the last displayed frame before the selected
1691 selected_row = preceding_row;
1692 } else if (preceding_frame == NULL) {
1693 /* No frame before the selected frame passed the filter, so we
1694 have to select the first displayed frame after the selected
1696 selected_row = following_row;
1698 /* Frames before and after the selected frame passed the filter, so
1699 we'll select the previous frame */
1700 selected_row = preceding_row;
1705 if (selected_row == -1) {
1706 /* There are no frames displayed at all. */
1707 cf_unselect_packet(cf);
1709 /* Either the frame that was selected passed the filter, or we've
1710 found the nearest displayed frame to that frame. Select it, make
1711 it the focus row, and make it visible. */
1712 packet_list_set_selected_row(selected_row);
1715 /* Cleanup and release all dfilter resources */
1716 if (dfcode != NULL){
1717 dfilter_free(dfcode);
1728 process_specified_packets(capture_file *cf, packet_range_t *range,
1729 const char *string1, const char *string2, gboolean terminate_is_stop,
1730 gboolean (*callback)(capture_file *, frame_data *,
1731 union wtap_pseudo_header *, const guint8 *, void *),
1732 void *callback_args)
1737 union wtap_pseudo_header pseudo_header;
1738 guint8 pd[WTAP_MAX_PACKET_SIZE+1];
1739 psp_return_t ret = PSP_FINISHED;
1741 progdlg_t *progbar = NULL;
1744 gboolean progbar_stop_flag;
1745 GTimeVal progbar_start_time;
1746 gchar progbar_status_str[100];
1747 int progbar_nextstep;
1748 int progbar_quantum;
1749 range_process_e process_this;
1751 /* Update the progress bar when it gets to this value. */
1752 progbar_nextstep = 0;
1753 /* When we reach the value that triggers a progress bar update,
1754 bump that value by this amount. */
1755 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1756 /* Count of packets at which we've looked. */
1758 /* Progress so far. */
1761 progbar_stop_flag = FALSE;
1762 g_get_current_time(&progbar_start_time);
1764 packet_range_process_init(range);
1766 /* Iterate through the list of packets, printing the packets that
1767 were selected by the current display filter. */
1768 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1769 /* Create the progress bar if necessary.
1770 We check on every iteration of the loop, so that it takes no
1771 longer than the standard time to create it (otherwise, for a
1772 large file, we might take considerably longer than that standard
1773 time in order to get to the next progress bar step). */
1774 if (progbar == NULL)
1775 progbar = delayed_create_progress_dlg(string1, string2,
1778 &progbar_start_time,
1781 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1782 when we update it, we have to run the GTK+ main loop to get it
1783 to repaint what's pending, and doing so may involve an "ioctl()"
1784 to see if there's any pending input from an X server, and doing
1785 that for every packet can be costly, especially on a big file. */
1786 if (progbar_count >= progbar_nextstep) {
1787 /* let's not divide by zero. I should never be started
1788 * with count == 0, so let's assert that
1790 g_assert(cf->count > 0);
1791 progbar_val = (gfloat) progbar_count / cf->count;
1793 if (progbar != NULL) {
1794 g_snprintf(progbar_status_str, sizeof(progbar_status_str),
1795 "%4u of %u packets", progbar_count, cf->count);
1796 update_progress_dlg(progbar, progbar_val, progbar_status_str);
1799 progbar_nextstep += progbar_quantum;
1802 if (progbar_stop_flag) {
1803 /* Well, the user decided to abort the operation. Just stop,
1804 and arrange to return PSP_STOPPED to our caller, so they know
1805 it was stopped explicitly. */
1812 /* do we have to process this packet? */
1813 process_this = packet_range_process_packet(range, fdata);
1814 if (process_this == range_process_next) {
1815 /* this packet uninteresting, continue with next one */
1817 } else if (process_this == range_processing_finished) {
1818 /* all interesting packets processed, stop the loop */
1822 /* Get the packet */
1823 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
1824 pd, fdata->cap_len, &err, &err_info)) {
1825 /* Attempt to get the packet failed. */
1826 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1827 cf_read_error_message(err, err_info), cf->filename);
1831 /* Process the packet */
1832 if (!callback(cf, fdata, &pseudo_header, pd, callback_args)) {
1833 /* Callback failed. We assume it reported the error appropriately. */
1839 /* We're done printing the packets; destroy the progress bar if
1841 if (progbar != NULL)
1842 destroy_progress_dlg(progbar);
1848 retap_packet(capture_file *cf _U_, frame_data *fdata,
1849 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1852 column_info *cinfo = argsp;
1853 epan_dissect_t *edt;
1855 /* If we have tap listeners, allocate a protocol tree root node, so that
1856 we'll construct a protocol tree against which a filter expression can
1858 edt = epan_dissect_new(num_tap_filters != 0, FALSE);
1859 tap_queue_init(edt);
1860 epan_dissect_run(edt, pseudo_header, pd, fdata, cinfo);
1861 tap_push_tapped_queue(edt);
1862 epan_dissect_free(edt);
1868 cf_retap_packets(capture_file *cf, gboolean do_columns)
1870 packet_range_t range;
1872 /* Reset the tap listeners. */
1873 reset_tap_listeners();
1875 /* Iterate through the list of packets, dissecting all packets and
1876 re-running the taps. */
1877 packet_range_init(&range);
1878 packet_range_process_init(&range);
1879 switch (process_specified_packets(cf, &range, "Refiltering statistics on",
1880 "all packets", TRUE, retap_packet,
1881 do_columns ? &cf->cinfo : NULL)) {
1883 /* Completed successfully. */
1887 /* Well, the user decided to abort the refiltering.
1888 Return CF_READ_ABORTED so our caller knows they did that. */
1889 return CF_READ_ABORTED;
1892 /* Error while retapping. */
1893 return CF_READ_ERROR;
1896 g_assert_not_reached();
1901 print_args_t *print_args;
1902 gboolean print_header_line;
1903 char *header_line_buf;
1904 int header_line_buf_len;
1905 gboolean print_formfeed;
1906 gboolean print_separator;
1910 } print_callback_args_t;
1913 print_packet(capture_file *cf, frame_data *fdata,
1914 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1917 print_callback_args_t *args = argsp;
1918 epan_dissect_t *edt;
1924 gboolean proto_tree_needed;
1925 char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
1926 char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
1928 /* Create the protocol tree, and make it visible, if we're printing
1929 the dissection or the hex data.
1930 XXX - do we need it if we're just printing the hex data? */
1932 args->print_args->print_dissections != print_dissections_none || args->print_args->print_hex;
1933 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
1935 /* Fill in the column information if we're printing the summary
1937 if (args->print_args->print_summary) {
1938 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
1939 epan_dissect_fill_in_columns(edt);
1941 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
1943 if (args->print_formfeed) {
1944 if (!new_page(args->print_args->stream))
1947 if (args->print_separator) {
1948 if (!print_line(args->print_args->stream, 0, ""))
1954 * We generate bookmarks, if the output format supports them.
1955 * The name is "__frameN__".
1957 g_snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
1959 if (args->print_args->print_summary) {
1960 if (args->print_header_line) {
1961 if (!print_line(args->print_args->stream, 0, args->header_line_buf))
1963 args->print_header_line = FALSE; /* we might not need to print any more */
1965 cp = &args->line_buf[0];
1967 for (i = 0; i < cf->cinfo.num_cols; i++) {
1968 /* Find the length of the string for this column. */
1969 column_len = strlen(cf->cinfo.col_data[i]);
1970 if (args->col_widths[i] > column_len)
1971 column_len = args->col_widths[i];
1973 /* Make sure there's room in the line buffer for the column; if not,
1974 double its length. */
1975 line_len += column_len + 1; /* "+1" for space */
1976 if (line_len > args->line_buf_len) {
1977 cp_off = cp - args->line_buf;
1978 args->line_buf_len = 2 * line_len;
1979 args->line_buf = g_realloc(args->line_buf, args->line_buf_len + 1);
1980 cp = args->line_buf + cp_off;
1983 /* Right-justify the packet number column. */
1984 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
1985 sprintf(cp, "%*s", args->col_widths[i], cf->cinfo.col_data[i]);
1987 sprintf(cp, "%-*s", args->col_widths[i], cf->cinfo.col_data[i]);
1989 if (i != cf->cinfo.num_cols - 1)
1995 * Generate a bookmark, using the summary line as the title.
1997 if (!print_bookmark(args->print_args->stream, bookmark_name,
2001 if (!print_line(args->print_args->stream, 0, args->line_buf))
2005 * Generate a bookmark, using "Frame N" as the title, as we're not
2006 * printing the summary line.
2008 g_snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
2009 if (!print_bookmark(args->print_args->stream, bookmark_name,
2012 } /* if (print_summary) */
2014 if (args->print_args->print_dissections != print_dissections_none) {
2015 if (args->print_args->print_summary) {
2016 /* Separate the summary line from the tree with a blank line. */
2017 if (!print_line(args->print_args->stream, 0, ""))
2021 /* Print the information in that tree. */
2022 if (!proto_tree_print(args->print_args, edt, args->print_args->stream))
2025 /* Print a blank line if we print anything after this (aka more than one packet). */
2026 args->print_separator = TRUE;
2028 /* Print a header line if we print any more packet summaries */
2029 args->print_header_line = TRUE;
2032 if (args->print_args->print_hex) {
2033 /* Print the full packet data as hex. */
2034 if (!print_hex_data(args->print_args->stream, edt))
2037 /* Print a blank line if we print anything after this (aka more than one packet). */
2038 args->print_separator = TRUE;
2040 /* Print a header line if we print any more packet summaries */
2041 args->print_header_line = TRUE;
2042 } /* if (args->print_args->print_dissections != print_dissections_none) */
2044 epan_dissect_free(edt);
2046 /* do we want to have a formfeed between each packet from now on? */
2047 if(args->print_args->print_formfeed) {
2048 args->print_formfeed = TRUE;
2054 epan_dissect_free(edt);
2059 cf_print_packets(capture_file *cf, print_args_t *print_args)
2062 print_callback_args_t callback_args;
2070 callback_args.print_args = print_args;
2071 callback_args.print_header_line = TRUE;
2072 callback_args.header_line_buf = NULL;
2073 callback_args.header_line_buf_len = 256;
2074 callback_args.print_formfeed = FALSE;
2075 callback_args.print_separator = FALSE;
2076 callback_args.line_buf = NULL;
2077 callback_args.line_buf_len = 256;
2078 callback_args.col_widths = NULL;
2080 if (!print_preamble(print_args->stream, cf->filename)) {
2081 destroy_print_stream(print_args->stream);
2082 return CF_PRINT_WRITE_ERROR;
2085 if (print_args->print_summary) {
2086 /* We're printing packet summaries. Allocate the header line buffer
2087 and get the column widths. */
2088 callback_args.header_line_buf = g_malloc(callback_args.header_line_buf_len + 1);
2090 /* Find the widths for each of the columns - maximum of the
2091 width of the title and the width of the data - and construct
2092 a buffer with a line containing the column titles. */
2093 callback_args.col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
2094 cp = &callback_args.header_line_buf[0];
2096 for (i = 0; i < cf->cinfo.num_cols; i++) {
2097 /* Don't pad the last column. */
2098 if (i == cf->cinfo.num_cols - 1)
2099 callback_args.col_widths[i] = 0;
2101 callback_args.col_widths[i] = strlen(cf->cinfo.col_title[i]);
2102 data_width = get_column_char_width(get_column_format(i));
2103 if (data_width > callback_args.col_widths[i])
2104 callback_args.col_widths[i] = data_width;
2107 /* Find the length of the string for this column. */
2108 column_len = strlen(cf->cinfo.col_title[i]);
2109 if (callback_args.col_widths[i] > column_len)
2110 column_len = callback_args.col_widths[i];
2112 /* Make sure there's room in the line buffer for the column; if not,
2113 double its length. */
2114 line_len += column_len + 1; /* "+1" for space */
2115 if (line_len > callback_args.header_line_buf_len) {
2116 cp_off = cp - callback_args.header_line_buf;
2117 callback_args.header_line_buf_len = 2 * line_len;
2118 callback_args.header_line_buf = g_realloc(callback_args.header_line_buf,
2119 callback_args.header_line_buf_len + 1);
2120 cp = callback_args.header_line_buf + cp_off;
2123 /* Right-justify the packet number column. */
2124 /* if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2125 sprintf(cp, "%*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2127 sprintf(cp, "%-*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2129 if (i != cf->cinfo.num_cols - 1)
2134 /* Now start out the main line buffer with the same length as the
2135 header line buffer. */
2136 callback_args.line_buf_len = callback_args.header_line_buf_len;
2137 callback_args.line_buf = g_malloc(callback_args.line_buf_len + 1);
2138 } /* if (print_summary) */
2140 /* Iterate through the list of packets, printing the packets we were
2142 ret = process_specified_packets(cf, &print_args->range, "Printing",
2143 "selected packets", TRUE, print_packet,
2146 if (callback_args.header_line_buf != NULL)
2147 g_free(callback_args.header_line_buf);
2148 if (callback_args.line_buf != NULL)
2149 g_free(callback_args.line_buf);
2150 if (callback_args.col_widths != NULL)
2151 g_free(callback_args.col_widths);
2156 /* Completed successfully. */
2160 /* Well, the user decided to abort the printing.
2162 XXX - note that what got generated before they did that
2163 will get printed if we're piping to a print program; we'd
2164 have to write to a file and then hand that to the print
2165 program to make it actually not print anything. */
2169 /* Error while printing.
2171 XXX - note that what got generated before they did that
2172 will get printed if we're piping to a print program; we'd
2173 have to write to a file and then hand that to the print
2174 program to make it actually not print anything. */
2175 destroy_print_stream(print_args->stream);
2176 return CF_PRINT_WRITE_ERROR;
2179 if (!print_finale(print_args->stream)) {
2180 destroy_print_stream(print_args->stream);
2181 return CF_PRINT_WRITE_ERROR;
2184 if (!destroy_print_stream(print_args->stream))
2185 return CF_PRINT_WRITE_ERROR;
2191 write_pdml_packet(capture_file *cf _U_, frame_data *fdata,
2192 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2196 epan_dissect_t *edt;
2198 /* Create the protocol tree, but don't fill in the column information. */
2199 edt = epan_dissect_new(TRUE, TRUE);
2200 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2202 /* Write out the information in that tree. */
2203 proto_tree_write_pdml(edt, fh);
2205 epan_dissect_free(edt);
2211 cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
2216 fh = eth_fopen(print_args->file, "w");
2218 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2220 write_pdml_preamble(fh);
2223 return CF_PRINT_WRITE_ERROR;
2226 /* Iterate through the list of packets, printing the packets we were
2228 ret = process_specified_packets(cf, &print_args->range, "Writing PDML",
2229 "selected packets", TRUE,
2230 write_pdml_packet, fh);
2235 /* Completed successfully. */
2239 /* Well, the user decided to abort the printing. */
2243 /* Error while printing. */
2245 return CF_PRINT_WRITE_ERROR;
2248 write_pdml_finale(fh);
2251 return CF_PRINT_WRITE_ERROR;
2254 /* XXX - check for an error */
2261 write_psml_packet(capture_file *cf, frame_data *fdata,
2262 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2266 epan_dissect_t *edt;
2268 /* Fill in the column information, but don't create the protocol tree. */
2269 edt = epan_dissect_new(FALSE, FALSE);
2270 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2271 epan_dissect_fill_in_columns(edt);
2273 /* Write out the information in that tree. */
2274 proto_tree_write_psml(edt, fh);
2276 epan_dissect_free(edt);
2282 cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
2287 fh = eth_fopen(print_args->file, "w");
2289 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2291 write_psml_preamble(fh);
2294 return CF_PRINT_WRITE_ERROR;
2297 /* Iterate through the list of packets, printing the packets we were
2299 ret = process_specified_packets(cf, &print_args->range, "Writing PSML",
2300 "selected packets", TRUE,
2301 write_psml_packet, fh);
2306 /* Completed successfully. */
2310 /* Well, the user decided to abort the printing. */
2314 /* Error while printing. */
2316 return CF_PRINT_WRITE_ERROR;
2319 write_psml_finale(fh);
2322 return CF_PRINT_WRITE_ERROR;
2325 /* XXX - check for an error */
2332 write_csv_packet(capture_file *cf, frame_data *fdata,
2333 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2337 epan_dissect_t *edt;
2339 /* Fill in the column information, but don't create the protocol tree. */
2340 edt = epan_dissect_new(FALSE, FALSE);
2341 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2342 epan_dissect_fill_in_columns(edt);
2344 /* Write out the information in that tree. */
2345 proto_tree_write_csv(edt, fh);
2347 epan_dissect_free(edt);
2353 cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
2358 fh = eth_fopen(print_args->file, "w");
2360 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2362 write_csv_preamble(fh);
2365 return CF_PRINT_WRITE_ERROR;
2368 /* Iterate through the list of packets, printing the packets we were
2370 ret = process_specified_packets(cf, &print_args->range, "Writing CSV",
2371 "selected packets", TRUE,
2372 write_csv_packet, fh);
2377 /* Completed successfully. */
2381 /* Well, the user decided to abort the printing. */
2385 /* Error while printing. */
2387 return CF_PRINT_WRITE_ERROR;
2390 write_csv_finale(fh);
2393 return CF_PRINT_WRITE_ERROR;
2396 /* XXX - check for an error */
2403 write_carrays_packet(capture_file *cf _U_, frame_data *fdata,
2404 union wtap_pseudo_header *pseudo_header _U_,
2405 const guint8 *pd, void *argsp)
2409 proto_tree_write_carrays(pd, fdata->cap_len, fdata->num, fh);
2414 cf_write_carrays_packets(capture_file *cf, print_args_t *print_args)
2419 fh = eth_fopen(print_args->file, "w");
2422 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2424 write_carrays_preamble(fh);
2428 return CF_PRINT_WRITE_ERROR;
2431 /* Iterate through the list of packets, printing the packets we were
2433 ret = process_specified_packets(cf, &print_args->range,
2435 "selected packets", TRUE,
2436 write_carrays_packet, fh);
2439 /* Completed successfully. */
2442 /* Well, the user decided to abort the printing. */
2445 /* Error while printing. */
2447 return CF_PRINT_WRITE_ERROR;
2450 write_carrays_finale(fh);
2454 return CF_PRINT_WRITE_ERROR;
2461 /* Scan through the packet list and change all columns that use the
2462 "command-line-specified" time stamp format to use the current
2463 value of that format. */
2465 cf_change_time_formats(capture_file *cf)
2468 progdlg_t *progbar = NULL;
2474 GTimeVal start_time;
2475 gchar status_str[100];
2476 int progbar_nextstep;
2477 int progbar_quantum;
2479 gboolean sorted_by_frame_column;
2482 /* adjust timestamp precision if auto is selected */
2483 cf_timestamp_auto_precision(cf);
2485 /* Are there any columns with time stamps in the "command-line-specified"
2488 XXX - we have to force the "column is writable" flag on, as it
2489 might be off from the last frame that was dissected. */
2490 col_set_writable(&cf->cinfo, TRUE);
2491 if (!check_col(&cf->cinfo, COL_CLS_TIME)) {
2492 /* No, there aren't any columns in that format, so we have no work
2496 first = cf->cinfo.col_first[COL_CLS_TIME];
2497 g_assert(first >= 0);
2498 last = cf->cinfo.col_last[COL_CLS_TIME];
2500 /* Freeze the packet list while we redo it, so we don't get any
2501 screen updates while it happens. */
2502 packet_list_freeze();
2504 /* Update the progress bar when it gets to this value. */
2505 progbar_nextstep = 0;
2506 /* When we reach the value that triggers a progress bar update,
2507 bump that value by this amount. */
2508 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2509 /* Count of packets at which we've looked. */
2511 /* Progress so far. */
2514 /* If the rows are currently sorted by the frame column then we know
2515 * the row number of each packet: it's the row number of the previously
2516 * displayed packet + 1.
2518 * Otherwise, if the display is sorted by a different column then we have
2519 * to use the O(N) packet_list_find_row_from_data() (thus making the job
2520 * of changing the time display format O(N**2)).
2522 * (XXX - In fact it's still O(N**2) because gtk_clist_set_text() takes
2523 * the row number and walks that many elements down the clist to find
2524 * the appropriate element.)
2526 sorted_by_frame_column = FALSE;
2527 for (i = 0; i < cf->cinfo.num_cols; i++) {
2528 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2530 sorted_by_frame_column = (i == packet_list_get_sort_column());
2536 g_get_current_time(&start_time);
2538 /* Iterate through the list of packets, checking whether the packet
2539 is in a row of the summary list and, if so, whether there are
2540 any columns that show the time in the "command-line-specified"
2541 format and, if so, update that row. */
2542 for (fdata = cf->plist, row = -1; fdata != NULL; fdata = fdata->next) {
2543 /* Create the progress bar if necessary.
2544 We check on every iteration of the loop, so that it takes no
2545 longer than the standard time to create it (otherwise, for a
2546 large file, we might take considerably longer than that standard
2547 time in order to get to the next progress bar step). */
2548 if (progbar == NULL)
2549 progbar = delayed_create_progress_dlg("Changing", "time display",
2550 TRUE, &stop_flag, &start_time, progbar_val);
2552 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2553 when we update it, we have to run the GTK+ main loop to get it
2554 to repaint what's pending, and doing so may involve an "ioctl()"
2555 to see if there's any pending input from an X server, and doing
2556 that for every packet can be costly, especially on a big file. */
2557 if (count >= progbar_nextstep) {
2558 /* let's not divide by zero. I should never be started
2559 * with count == 0, so let's assert that
2561 g_assert(cf->count > 0);
2563 progbar_val = (gfloat) count / cf->count;
2565 if (progbar != NULL) {
2566 g_snprintf(status_str, sizeof(status_str),
2567 "%4u of %u packets", count, cf->count);
2568 update_progress_dlg(progbar, progbar_val, status_str);
2571 progbar_nextstep += progbar_quantum;
2575 /* Well, the user decided to abort the redisplay. Just stop.
2577 XXX - this leaves the time field in the old format in
2578 frames we haven't yet processed. So it goes; should we
2579 simply not offer them the option of stopping? */
2585 /* Find what row this packet is in. */
2586 if (!sorted_by_frame_column) {
2587 /* This function is O(N), so we try to avoid using it... */
2588 row = packet_list_find_row_from_data(fdata);
2590 /* ...which we do by maintaining a count of packets that are
2591 being displayed (i.e., that have passed the display filter),
2592 and using the current value of that count as the row number
2593 (which is why we can only do it when the display is sorted
2594 by the frame number). */
2595 if (fdata->flags.passed_dfilter)
2602 /* This packet is in the summary list, on row "row". */
2604 for (i = first; i <= last; i++) {
2605 if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
2606 /* This is one of the columns that shows the time in
2607 "command-line-specified" format; update it. */
2608 cf->cinfo.col_buf[i][0] = '\0';
2609 col_set_cls_time(fdata, &cf->cinfo, i);
2610 packet_list_set_text(row, i, cf->cinfo.col_data[i]);
2616 /* We're done redisplaying the packets; destroy the progress bar if it
2618 if (progbar != NULL)
2619 destroy_progress_dlg(progbar);
2621 /* Set the column widths of those columns that show the time in
2622 "command-line-specified" format. */
2623 for (i = first; i <= last; i++) {
2624 if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
2625 packet_list_set_cls_time_width(i);
2629 /* Unfreeze the packet list. */
2637 gboolean frame_matched;
2641 cf_find_packet_protocol_tree(capture_file *cf, const char *string)
2645 mdata.string = string;
2646 mdata.string_len = strlen(string);
2647 return find_packet(cf, match_protocol_tree, &mdata);
2651 match_protocol_tree(capture_file *cf, frame_data *fdata, void *criterion)
2653 match_data *mdata = criterion;
2654 epan_dissect_t *edt;
2656 /* Construct the protocol tree, including the displayed text */
2657 edt = epan_dissect_new(TRUE, TRUE);
2658 /* We don't need the column information */
2659 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
2661 /* Iterate through all the nodes, seeing if they have text that matches. */
2663 mdata->frame_matched = FALSE;
2664 proto_tree_children_foreach(edt->tree, match_subtree_text, mdata);
2665 epan_dissect_free(edt);
2666 return mdata->frame_matched;
2670 match_subtree_text(proto_node *node, gpointer data)
2672 match_data *mdata = (match_data*) data;
2673 const gchar *string = mdata->string;
2674 size_t string_len = mdata->string_len;
2675 capture_file *cf = mdata->cf;
2676 field_info *fi = PITEM_FINFO(node);
2677 gchar label_str[ITEM_LABEL_LENGTH];
2684 if (mdata->frame_matched) {
2685 /* We already had a match; don't bother doing any more work. */
2689 /* Don't match invisible entries. */
2690 if (PROTO_ITEM_IS_HIDDEN(node))
2693 /* was a free format label produced? */
2695 label_ptr = fi->rep->representation;
2697 /* no, make a generic label */
2698 label_ptr = label_str;
2699 proto_item_fill_label(fi, label_str);
2702 /* Does that label match? */
2703 label_len = strlen(label_ptr);
2704 for (i = 0; i < label_len; i++) {
2705 c_char = label_ptr[i];
2707 c_char = toupper(c_char);
2708 if (c_char == string[c_match]) {
2710 if (c_match == string_len) {
2711 /* No need to look further; we have a match */
2712 mdata->frame_matched = TRUE;
2719 /* Recurse into the subtree, if it exists */
2720 if (node->first_child != NULL)
2721 proto_tree_children_foreach(node, match_subtree_text, mdata);
2725 cf_find_packet_summary_line(capture_file *cf, const char *string)
2729 mdata.string = string;
2730 mdata.string_len = strlen(string);
2731 return find_packet(cf, match_summary_line, &mdata);
2735 match_summary_line(capture_file *cf, frame_data *fdata, void *criterion)
2737 match_data *mdata = criterion;
2738 const gchar *string = mdata->string;
2739 size_t string_len = mdata->string_len;
2740 epan_dissect_t *edt;
2741 const char *info_column;
2742 size_t info_column_len;
2743 gboolean frame_matched = FALSE;
2749 /* Don't bother constructing the protocol tree */
2750 edt = epan_dissect_new(FALSE, FALSE);
2751 /* Get the column information */
2752 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
2754 /* Find the Info column */
2755 for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
2756 if (cf->cinfo.fmt_matx[colx][COL_INFO]) {
2757 /* Found it. See if we match. */
2758 info_column = edt->pi.cinfo->col_data[colx];
2759 info_column_len = strlen(info_column);
2760 for (i = 0; i < info_column_len; i++) {
2761 c_char = info_column[i];
2763 c_char = toupper(c_char);
2764 if (c_char == string[c_match]) {
2766 if (c_match == string_len) {
2767 frame_matched = TRUE;
2776 epan_dissect_free(edt);
2777 return frame_matched;
2783 } cbs_t; /* "Counted byte string" */
2786 cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size)
2791 info.data_len = string_size;
2793 /* String or hex search? */
2795 /* String search - what type of string? */
2796 switch (cf->scs_type) {
2798 case SCS_ASCII_AND_UNICODE:
2799 return find_packet(cf, match_ascii_and_unicode, &info);
2802 return find_packet(cf, match_ascii, &info);
2805 return find_packet(cf, match_unicode, &info);
2808 g_assert_not_reached();
2812 return find_packet(cf, match_binary, &info);
2816 match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2818 cbs_t *info = criterion;
2819 const char *ascii_text = info->data;
2820 size_t textlen = info->data_len;
2821 gboolean frame_matched;
2827 frame_matched = FALSE;
2828 buf_len = fdata->pkt_len;
2829 for (i = 0; i < buf_len; i++) {
2832 c_char = toupper(c_char);
2834 if (c_char == ascii_text[c_match]) {
2836 if (c_match == textlen) {
2837 frame_matched = TRUE;
2838 cf->search_pos = i; /* Save the position of the last character
2839 for highlighting the field. */
2846 return frame_matched;
2850 match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
2852 cbs_t *info = criterion;
2853 const char *ascii_text = info->data;
2854 size_t textlen = info->data_len;
2855 gboolean frame_matched;
2861 frame_matched = FALSE;
2862 buf_len = fdata->pkt_len;
2863 for (i = 0; i < buf_len; i++) {
2866 c_char = toupper(c_char);
2867 if (c_char == ascii_text[c_match]) {
2869 if (c_match == textlen) {
2870 frame_matched = TRUE;
2871 cf->search_pos = i; /* Save the position of the last character
2872 for highlighting the field. */
2878 return frame_matched;
2882 match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2884 cbs_t *info = criterion;
2885 const char *ascii_text = info->data;
2886 size_t textlen = info->data_len;
2887 gboolean frame_matched;
2893 frame_matched = FALSE;
2894 buf_len = fdata->pkt_len;
2895 for (i = 0; i < buf_len; i++) {
2898 c_char = toupper(c_char);
2899 if (c_char == ascii_text[c_match]) {
2902 if (c_match == textlen) {
2903 frame_matched = TRUE;
2904 cf->search_pos = i; /* Save the position of the last character
2905 for highlighting the field. */
2911 return frame_matched;
2915 match_binary(capture_file *cf, frame_data *fdata, void *criterion)
2917 cbs_t *info = criterion;
2918 const guint8 *binary_data = info->data;
2919 size_t datalen = info->data_len;
2920 gboolean frame_matched;
2925 frame_matched = FALSE;
2926 buf_len = fdata->pkt_len;
2927 for (i = 0; i < buf_len; i++) {
2928 if (cf->pd[i] == binary_data[c_match]) {
2930 if (c_match == datalen) {
2931 frame_matched = TRUE;
2932 cf->search_pos = i; /* Save the position of the last character
2933 for highlighting the field. */
2939 return frame_matched;
2943 cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode)
2945 return find_packet(cf, match_dfilter, sfcode);
2949 match_dfilter(capture_file *cf, frame_data *fdata, void *criterion)
2951 dfilter_t *sfcode = criterion;
2952 epan_dissect_t *edt;
2953 gboolean frame_matched;
2955 edt = epan_dissect_new(TRUE, FALSE);
2956 epan_dissect_prime_dfilter(edt, sfcode);
2957 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
2958 frame_matched = dfilter_apply_edt(sfcode, edt);
2959 epan_dissect_free(edt);
2960 return frame_matched;
2964 find_packet(capture_file *cf,
2965 gboolean (*match_function)(capture_file *, frame_data *, void *),
2968 frame_data *start_fd;
2970 frame_data *new_fd = NULL;
2971 progdlg_t *progbar = NULL;
2978 GTimeVal start_time;
2979 gchar status_str[100];
2980 int progbar_nextstep;
2981 int progbar_quantum;
2984 start_fd = cf->current_frame;
2985 if (start_fd != NULL) {
2986 /* Iterate through the list of packets, starting at the packet we've
2987 picked, calling a routine to run the filter on the packet, see if
2988 it matches, and stop if so. */
2992 /* Update the progress bar when it gets to this value. */
2993 progbar_nextstep = 0;
2994 /* When we reach the value that triggers a progress bar update,
2995 bump that value by this amount. */
2996 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2997 /* Progress so far. */
3001 g_get_current_time(&start_time);
3004 title = cf->sfilter?cf->sfilter:"";
3006 /* Create the progress bar if necessary.
3007 We check on every iteration of the loop, so that it takes no
3008 longer than the standard time to create it (otherwise, for a
3009 large file, we might take considerably longer than that standard
3010 time in order to get to the next progress bar step). */
3011 if (progbar == NULL)
3012 progbar = delayed_create_progress_dlg("Searching", title,
3013 FALSE, &stop_flag, &start_time, progbar_val);
3015 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
3016 when we update it, we have to run the GTK+ main loop to get it
3017 to repaint what's pending, and doing so may involve an "ioctl()"
3018 to see if there's any pending input from an X server, and doing
3019 that for every packet can be costly, especially on a big file. */
3020 if (count >= progbar_nextstep) {
3021 /* let's not divide by zero. I should never be started
3022 * with count == 0, so let's assert that
3024 g_assert(cf->count > 0);
3026 progbar_val = (gfloat) count / cf->count;
3028 if (progbar != NULL) {
3029 g_snprintf(status_str, sizeof(status_str),
3030 "%4u of %u packets", count, cf->count);
3031 update_progress_dlg(progbar, progbar_val, status_str);
3034 progbar_nextstep += progbar_quantum;
3038 /* Well, the user decided to abort the search. Go back to the
3039 frame where we started. */
3044 /* Go past the current frame. */
3045 if (cf->sbackward) {
3046 /* Go on to the previous frame. */
3047 fdata = fdata->prev;
3048 if (fdata == NULL) {
3050 * XXX - other apps have a bit more of a detailed message
3051 * for this, and instead of offering "OK" and "Cancel",
3052 * they offer things such as "Continue" and "Cancel";
3053 * we need an API for popping up alert boxes with
3054 * {Verb} and "Cancel".
3057 if (prefs.gui_find_wrap)
3059 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3060 "%sBeginning of capture exceeded!%s\n\n"
3061 "Search is continued from the end of the capture.",
3062 simple_dialog_primary_start(), simple_dialog_primary_end());
3063 fdata = cf->plist_end; /* wrap around */
3067 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3068 "%sBeginning of capture exceeded!%s\n\n"
3069 "Try searching forwards.",
3070 simple_dialog_primary_start(), simple_dialog_primary_end());
3071 fdata = start_fd; /* stay on previous packet */
3075 /* Go on to the next frame. */
3076 fdata = fdata->next;
3077 if (fdata == NULL) {
3078 if (prefs.gui_find_wrap)
3080 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3081 "%sEnd of capture exceeded!%s\n\n"
3082 "Search is continued from the start of the capture.",
3083 simple_dialog_primary_start(), simple_dialog_primary_end());
3084 fdata = cf->plist; /* wrap around */
3088 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3089 "%sEnd of capture exceeded!%s\n\n"
3090 "Try searching backwards.",
3091 simple_dialog_primary_start(), simple_dialog_primary_end());
3092 fdata = start_fd; /* stay on previous packet */
3099 /* Is this packet in the display? */
3100 if (fdata->flags.passed_dfilter) {
3101 /* Yes. Load its data. */
3102 if (!wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
3103 cf->pd, fdata->cap_len, &err, &err_info)) {
3104 /* Read error. Report the error, and go back to the frame
3105 where we started. */
3106 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3107 cf_read_error_message(err, err_info), cf->filename);
3112 /* Does it match the search criterion? */
3113 if ((*match_function)(cf, fdata, criterion)) {
3115 break; /* found it! */
3119 if (fdata == start_fd) {
3120 /* We're back to the frame we were on originally, and that frame
3121 doesn't match the search filter. The search failed. */
3126 /* We're done scanning the packets; destroy the progress bar if it
3128 if (progbar != NULL)
3129 destroy_progress_dlg(progbar);
3132 if (new_fd != NULL) {
3133 /* We found a frame. Find what row it's in. */
3134 row = packet_list_find_row_from_data(new_fd);
3135 g_assert(row != -1);
3137 /* Select that row, make it the focus row, and make it visible. */
3138 packet_list_set_selected_row(row);
3139 return TRUE; /* success */
3141 return FALSE; /* failure */
3145 cf_goto_frame(capture_file *cf, guint fnumber)
3150 for (fdata = cf->plist; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
3153 if (fdata == NULL) {
3154 /* we didn't find a packet with that packet number */
3155 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3156 "There is no packet with the packet number %u.", fnumber);
3157 return FALSE; /* we failed to go to that packet */
3159 if (!fdata->flags.passed_dfilter) {
3160 /* that packet currently isn't displayed */
3161 /* XXX - add it to the set of displayed packets? */
3162 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3163 "The packet number %u isn't currently being displayed.", fnumber);
3164 return FALSE; /* we failed to go to that packet */
3167 /* We found that packet, and it's currently being displayed.
3168 Find what row it's in. */
3169 row = packet_list_find_row_from_data(fdata);
3170 g_assert(row != -1);
3172 /* Select that row, make it the focus row, and make it visible. */
3173 packet_list_set_selected_row(row);
3174 return TRUE; /* we got to that packet */
3178 cf_goto_top_frame(capture_file *cf)
3182 frame_data *lowest_fdata = NULL;
3184 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3185 if (fdata->flags.passed_dfilter) {
3186 lowest_fdata = fdata;
3191 if (lowest_fdata == NULL) {
3195 /* We found that packet, and it's currently being displayed.
3196 Find what row it's in. */
3197 row = packet_list_find_row_from_data(lowest_fdata);
3198 g_assert(row != -1);
3200 /* Select that row, make it the focus row, and make it visible. */
3201 packet_list_set_selected_row(row);
3202 return TRUE; /* we got to that packet */
3206 cf_goto_bottom_frame(capture_file *cf)
3210 frame_data *highest_fdata = NULL;
3212 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3213 if (fdata->flags.passed_dfilter) {
3214 highest_fdata = fdata;
3218 if (highest_fdata == NULL) {
3222 /* We found that packet, and it's currently being displayed.
3223 Find what row it's in. */
3224 row = packet_list_find_row_from_data(highest_fdata);
3225 g_assert(row != -1);
3227 /* Select that row, make it the focus row, and make it visible. */
3228 packet_list_set_selected_row(row);
3229 return TRUE; /* we got to that packet */
3233 * Go to frame specified by currently selected protocol tree item.
3236 cf_goto_framenum(capture_file *cf)
3238 header_field_info *hfinfo;
3241 if (cf->finfo_selected) {
3242 hfinfo = cf->finfo_selected->hfinfo;
3244 if (hfinfo->type == FT_FRAMENUM) {
3245 framenum = fvalue_get_uinteger(&cf->finfo_selected->value);
3247 return cf_goto_frame(cf, framenum);
3254 /* Select the packet on a given row. */
3256 cf_select_packet(capture_file *cf, int row)
3262 /* Get the frame data struct pointer for this frame */
3263 fdata = (frame_data *)packet_list_get_row_data(row);
3265 if (fdata == NULL) {
3266 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
3267 the first entry is added to it by "real_insert_row()", that row
3268 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
3269 our version and the vanilla GTK+ version).
3271 This means that a "select-row" signal is emitted; this causes
3272 "packet_list_select_cb()" to be called, which causes "cf_select_packet()"
3275 "cf_select_packet()" fetches, above, the data associated with the
3276 row that was selected; however, as "gtk_clist_append()", which
3277 called "real_insert_row()", hasn't yet returned, we haven't yet
3278 associated any data with that row, so we get back a null pointer.
3280 We can't assume that there's only one frame in the frame list,
3281 either, as we may be filtering the display.
3283 We therefore assume that, if "row" is 0, i.e. the first row
3284 is being selected, and "cf->first_displayed" equals
3285 "cf->last_displayed", i.e. there's only one frame being
3286 displayed, that frame is the frame we want.
3288 This means we have to set "cf->first_displayed" and
3289 "cf->last_displayed" before adding the row to the
3290 GtkCList; see the comment in "add_packet_to_packet_list()". */
3292 if (row == 0 && cf->first_displayed == cf->last_displayed)
3293 fdata = cf->first_displayed;
3296 /* If fdata _still_ isn't set simply give up. */
3297 if (fdata == NULL) {
3301 /* Get the data in that frame. */
3302 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
3303 cf->pd, fdata->cap_len, &err, &err_info)) {
3304 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3305 cf_read_error_message(err, err_info), cf->filename);
3309 /* Record that this frame is the current frame. */
3310 cf->current_frame = fdata;
3312 /* Create the logical protocol tree. */
3313 if (cf->edt != NULL) {
3314 epan_dissect_free(cf->edt);
3317 /* We don't need the columns here. */
3318 cf->edt = epan_dissect_new(TRUE, TRUE);
3320 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
3323 dfilter_macro_build_ftv_cache(cf->edt->tree);
3325 cf_callback_invoke(cf_cb_packet_selected, cf);
3328 /* Unselect the selected packet, if any. */
3330 cf_unselect_packet(capture_file *cf)
3332 /* Destroy the epan_dissect_t for the unselected packet. */
3333 if (cf->edt != NULL) {
3334 epan_dissect_free(cf->edt);
3338 /* No packet is selected. */
3339 cf->current_frame = NULL;
3341 cf_callback_invoke(cf_cb_packet_unselected, cf);
3343 /* No protocol tree means no selected field. */
3344 cf_unselect_field(cf);
3347 /* Unset the selected protocol tree field, if any. */
3349 cf_unselect_field(capture_file *cf)
3351 cf->finfo_selected = NULL;
3353 cf_callback_invoke(cf_cb_field_unselected, cf);
3357 * Mark a particular frame.
3360 cf_mark_frame(capture_file *cf, frame_data *frame)
3362 if (! frame->flags.marked) {
3363 frame->flags.marked = TRUE;
3364 if (cf->count > cf->marked_count)
3370 * Unmark a particular frame.
3373 cf_unmark_frame(capture_file *cf, frame_data *frame)
3375 if (frame->flags.marked) {
3376 frame->flags.marked = FALSE;
3377 if (cf->marked_count > 0)
3385 } save_callback_args_t;
3388 * Save a capture to a file, in a particular format, saving either
3389 * all packets, all currently-displayed packets, or all marked packets.
3391 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
3392 * up a message box for the failure.
3395 save_packet(capture_file *cf _U_, frame_data *fdata,
3396 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
3399 save_callback_args_t *args = argsp;
3400 struct wtap_pkthdr hdr;
3403 /* init the wtap header for saving */
3404 hdr.ts.secs = fdata->abs_ts.secs;
3405 hdr.ts.nsecs = fdata->abs_ts.nsecs;
3406 hdr.caplen = fdata->cap_len;
3407 hdr.len = fdata->pkt_len;
3408 hdr.pkt_encap = fdata->lnk_t;
3410 /* and save the packet */
3411 if (!wtap_dump(args->pdh, &hdr, pseudo_header, pd, &err)) {
3412 cf_write_failure_alert_box(args->fname, err);
3419 * Can this capture file be saved in any format except by copying the raw data?
3422 cf_can_save_as(capture_file *cf)
3426 for (ft = 0; ft < WTAP_NUM_FILE_TYPES; ft++) {
3427 /* To save a file with Wiretap, Wiretap has to handle that format,
3428 and its code to handle that format must be able to write a file
3429 with this file's encapsulation type. */
3430 if (wtap_dump_can_open(ft) && wtap_dump_can_write_encap(ft, cf->lnk_t)) {
3431 /* OK, we can write it out in this type. */
3436 /* No, we couldn't save it in any format. */
3441 cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed)
3443 gchar *from_filename;
3447 save_callback_args_t callback_args;
3449 cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname);
3451 /* don't write over an existing file. */
3452 /* this should've been already checked by our caller, just to be sure... */
3453 if (file_exists(fname)) {
3454 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3455 "%sCapture file: \"%s\" already exists!%s\n\n"
3456 "Please choose a different filename.",
3457 simple_dialog_primary_start(), fname, simple_dialog_primary_end());
3461 packet_range_process_init(range);
3464 if (packet_range_process_all(range) && save_format == cf->cd_t) {
3465 /* We're not filtering packets, and we're saving it in the format
3466 it's already in, so we can just move or copy the raw data. */
3468 if (cf->is_tempfile) {
3469 /* The file being saved is a temporary file from a live
3470 capture, so it doesn't need to stay around under that name;
3471 first, try renaming the capture buffer file to the new name. */
3473 if (eth_rename(cf->filename, fname) == 0) {
3474 /* That succeeded - there's no need to copy the source file. */
3475 from_filename = NULL;
3478 if (errno == EXDEV) {
3479 /* They're on different file systems, so we have to copy the
3482 from_filename = cf->filename;
3484 /* The rename failed, but not because they're on different
3485 file systems - put up an error message. (Or should we
3486 just punt and try to copy? The only reason why I'd
3487 expect the rename to fail and the copy to succeed would
3488 be if we didn't have permission to remove the file from
3489 the temporary directory, and that might be fixable - but
3490 is it worth requiring the user to go off and fix it?) */
3491 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3492 file_rename_error_message(errno), fname);
3498 from_filename = cf->filename;
3501 /* It's a permanent file, so we should copy it, and not remove the
3504 from_filename = cf->filename;
3508 /* Copy the file, if we haven't moved it. */
3509 if (!copy_binary_file(from_filename, fname))
3513 /* Either we're filtering packets, or we're saving in a different
3514 format; we can't do that by copying or moving the capture file,
3515 we have to do it by writing the packets out in Wiretap. */
3516 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap,
3519 cf_open_failure_alert_box(fname, err, NULL, TRUE, save_format);
3523 /* XXX - we let the user save a subset of the packets.
3525 If we do that, should we make that file the current file? If so,
3526 it means we can no longer get at the other packets. What does
3529 /* Iterate through the list of packets, processing the packets we were
3532 XXX - we've already called "packet_range_process_init(range)", but
3533 "process_specified_packets()" will do it again. Fortunately,
3534 that's harmless in this case, as we haven't done anything to
3535 "range" since we initialized it. */
3536 callback_args.pdh = pdh;
3537 callback_args.fname = fname;
3538 switch (process_specified_packets(cf, range, "Saving", "selected packets",
3539 TRUE, save_packet, &callback_args)) {
3542 /* Completed successfully. */
3546 /* The user decided to abort the saving.
3547 XXX - remove the output file? */
3551 /* Error while saving. */
3552 wtap_dump_close(pdh, &err);
3556 if (!wtap_dump_close(pdh, &err)) {
3557 cf_close_failure_alert_box(fname, err);
3562 cf_callback_invoke(cf_cb_file_safe_finished, NULL);
3564 if (packet_range_process_all(range)) {
3565 /* We saved the entire capture, not just some packets from it.
3566 Open and read the file we saved it to.
3568 XXX - this is somewhat of a waste; we already have the
3569 packets, all this gets us is updated file type information
3570 (which we could just stuff into "cf"), and having the new
3571 file be the one we have opened and from which we're reading
3572 the data, and it means we have to spend time opening and
3573 reading the file, which could be a significant amount of
3574 time if the file is large. */
3575 cf->user_saved = TRUE;
3577 if ((cf_open(cf, fname, FALSE, &err)) == CF_OK) {
3578 /* XXX - report errors if this fails?
3579 What should we return if it fails or is aborted? */
3580 switch (cf_read(cf)) {
3584 /* Just because we got an error, that doesn't mean we were unable
3585 to read any of the file; we handle what we could get from the
3589 case CF_READ_ABORTED:
3590 /* The user bailed out of re-reading the capture file; the
3591 capture file has been closed - just return (without
3592 changing any menu settings; "cf_close()" set them
3593 correctly for the "no capture file open" state). */
3596 cf_callback_invoke(cf_cb_file_safe_reload_finished, NULL);
3602 cf_callback_invoke(cf_cb_file_safe_failed, NULL);
3607 cf_open_failure_alert_box(const char *filename, int err, gchar *err_info,
3608 gboolean for_writing, int file_type)
3611 /* Wiretap error. */
3614 case WTAP_ERR_NOT_REGULAR_FILE:
3615 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3616 "The file \"%s\" is a \"special file\" or socket or other non-regular file.",
3620 case WTAP_ERR_RANDOM_OPEN_PIPE:
3621 /* Seen only when opening a capture file for reading. */
3622 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3623 "The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.",
3627 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
3628 /* Seen only when opening a capture file for reading. */
3629 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3630 "The file \"%s\" isn't a capture file in a format Wireshark understands.",
3634 case WTAP_ERR_UNSUPPORTED:
3635 /* Seen only when opening a capture file for reading. */
3636 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3637 "The file \"%s\" isn't a capture file in a format Wireshark understands.\n"
3639 filename, err_info);
3643 case WTAP_ERR_CANT_WRITE_TO_PIPE:
3644 /* Seen only when opening a capture file for writing. */
3645 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3646 "The file \"%s\" is a pipe, and %s capture files can't be "
3647 "written to a pipe.",
3648 filename, wtap_file_type_string(file_type));
3651 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
3652 /* Seen only when opening a capture file for writing. */
3653 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3654 "Wireshark doesn't support writing capture files in that format.");
3657 case WTAP_ERR_UNSUPPORTED_ENCAP:
3659 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3660 "Wireshark can't save this capture in that format.");
3662 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3663 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.\n"
3665 filename, err_info);
3670 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
3672 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3673 "Wireshark can't save this capture in that format.");
3675 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3676 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
3681 case WTAP_ERR_BAD_RECORD:
3682 /* Seen only when opening a capture file for reading. */
3683 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3684 "The file \"%s\" appears to be damaged or corrupt.\n"
3686 filename, err_info);
3690 case WTAP_ERR_CANT_OPEN:
3692 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3693 "The file \"%s\" could not be created for some unknown reason.",
3696 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3697 "The file \"%s\" could not be opened for some unknown reason.",
3702 case WTAP_ERR_SHORT_READ:
3703 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3704 "The file \"%s\" appears to have been cut short"
3705 " in the middle of a packet or other data.",
3709 case WTAP_ERR_SHORT_WRITE:
3710 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3711 "A full header couldn't be written to the file \"%s\".",
3715 case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
3716 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3717 "Gzip compression not supported by this file type.");
3721 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3722 "The file \"%s\" could not be %s: %s.",
3724 for_writing ? "created" : "opened",
3725 wtap_strerror(err));
3730 open_failure_alert_box(filename, err, for_writing);
3735 file_rename_error_message(int err)
3738 static char errmsg_errno[1024+1];
3743 errmsg = "The path to the file \"%s\" doesn't exist.";
3747 errmsg = "You don't have permission to move the capture file to \"%s\".";
3751 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3752 "The file \"%%s\" could not be moved: %s.",
3753 wtap_strerror(err));
3754 errmsg = errmsg_errno;
3761 cf_read_error_message(int err, const gchar *err_info)
3763 static char errmsg_errno[1024+1];
3767 case WTAP_ERR_UNSUPPORTED_ENCAP:
3768 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3769 "The file \"%%s\" has a packet with a network type that Wireshark doesn't support.\n(%s)",
3773 case WTAP_ERR_BAD_RECORD:
3774 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3775 "An error occurred while reading from the file \"%%s\": %s.\n(%s)",
3776 wtap_strerror(err), err_info);
3780 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3781 "An error occurred while reading from the file \"%%s\": %s.",
3782 wtap_strerror(err));
3785 return errmsg_errno;
3789 cf_write_failure_alert_box(const char *filename, int err)
3792 /* Wiretap error. */
3793 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3794 "An error occurred while writing to the file \"%s\": %s.",
3795 filename, wtap_strerror(err));
3798 write_failure_alert_box(filename, err);
3802 /* Check for write errors - if the file is being written to an NFS server,
3803 a write error may not show up until the file is closed, as NFS clients
3804 might not send writes to the server until the "write()" call finishes,
3805 so that the write may fail on the server but the "write()" may succeed. */
3807 cf_close_failure_alert_box(const char *filename, int err)
3810 /* Wiretap error. */
3813 case WTAP_ERR_CANT_CLOSE:
3814 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3815 "The file \"%s\" couldn't be closed for some unknown reason.",
3819 case WTAP_ERR_SHORT_WRITE:
3820 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3821 "Not all the packets could be written to the file \"%s\".",
3826 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3827 "An error occurred while closing the file \"%s\": %s.",
3828 filename, wtap_strerror(err));
3833 We assume that a close error from the OS is really a write error. */
3834 write_failure_alert_box(filename, err);
3838 /* Reload the current capture file. */
3840 cf_reload(capture_file *cf) {
3842 gboolean is_tempfile;
3845 /* If the file could be opened, "cf_open()" calls "cf_close()"
3846 to get rid of state for the old capture file before filling in state
3847 for the new capture file. "cf_close()" will remove the file if
3848 it's a temporary file; we don't want that to happen (for one thing,
3849 it'd prevent subsequent reopens from working). Remember whether it's
3850 a temporary file, mark it as not being a temporary file, and then
3851 reopen it as the type of file it was.
3853 Also, "cf_close()" will free "cf->filename", so we must make
3854 a copy of it first. */
3855 filename = g_strdup(cf->filename);
3856 is_tempfile = cf->is_tempfile;
3857 cf->is_tempfile = FALSE;
3858 if (cf_open(cf, filename, is_tempfile, &err) == CF_OK) {
3859 switch (cf_read(cf)) {
3863 /* Just because we got an error, that doesn't mean we were unable
3864 to read any of the file; we handle what we could get from the
3868 case CF_READ_ABORTED:
3869 /* The user bailed out of re-reading the capture file; the
3870 capture file has been closed - just free the capture file name
3871 string and return (without changing the last containing
3877 /* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
3878 Instead, the file was left open, so we should restore "cf->is_tempfile"
3881 XXX - change the menu? Presumably "cf_open()" will do that;
3882 make sure it does! */
3883 cf->is_tempfile = is_tempfile;
3885 /* "cf_open()" made a copy of the file name we handed it, so
3886 we should free up our copy. */
3890 /* Copies a file in binary mode, for those operating systems that care about
3892 * Returns TRUE on success, FALSE on failure. If a failure, it also
3893 * displays a simple dialog window with the error message.
3896 copy_binary_file(const char *from_filename, const char *to_filename)
3898 int from_fd, to_fd, nread, nwritten, err;
3901 /* Copy the raw bytes of the file. */
3902 from_fd = eth_open(from_filename, O_RDONLY | O_BINARY, 0000 /* no creation so don't matter */);
3904 open_failure_alert_box(from_filename, errno, FALSE);
3908 /* Use open() instead of creat() so that we can pass the O_BINARY
3909 flag, which is relevant on Win32; it appears that "creat()"
3910 may open the file in text mode, not binary mode, but we want
3911 to copy the raw bytes of the file, so we need the output file
3912 to be open in binary mode. */
3913 to_fd = eth_open(to_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
3915 open_failure_alert_box(to_filename, errno, TRUE);
3920 while ((nread = eth_read(from_fd, pd, sizeof pd)) > 0) {
3921 nwritten = eth_write(to_fd, pd, nread);
3922 if (nwritten < nread) {
3926 err = WTAP_ERR_SHORT_WRITE;
3927 write_failure_alert_box(to_filename, err);
3935 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3936 "An error occurred while reading from the file \"%s\": %s.",
3937 from_filename, strerror(err));
3943 if (eth_close(to_fd) < 0) {
3944 write_failure_alert_box(to_filename, errno);