6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
46 #include <epan/epan.h>
47 #include <epan/filesystem.h>
50 #include "color_filters.h"
52 #include <epan/column.h>
53 #include <epan/packet.h>
54 #include <epan/column-utils.h>
55 #include "packet-range.h"
61 #include "alert_box.h"
62 #include "simple_dialog.h"
63 #include "progress_dlg.h"
65 #include <epan/prefs.h>
66 #include <epan/dfilter/dfilter.h>
67 #include <epan/epan_dissect.h>
69 #include <epan/dissectors/packet-data.h>
70 #include <epan/dissectors/packet-ber.h>
71 #include <epan/timestamp.h>
72 #include <epan/dfilter/dfilter-macro.h>
73 #include <wsutil/file_util.h>
74 #include <epan/strutil.h>
77 gboolean auto_scroll_live;
80 static guint32 cum_bytes;
81 static nstime_t first_ts;
82 static nstime_t prev_dis_ts;
83 static nstime_t prev_cap_ts;
85 static gulong computed_elapsed;
87 static void cf_reset_state(capture_file *cf);
89 static int read_packet(capture_file *cf, dfilter_t *dfcode,
90 gboolean filtering_tap_listeners, guint tap_flags, gint64 offset);
92 static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
93 gboolean refilter, gboolean redissect);
95 static gboolean match_protocol_tree(capture_file *cf, frame_data *fdata,
97 static void match_subtree_text(proto_node *node, gpointer data);
98 static gboolean match_summary_line(capture_file *cf, frame_data *fdata,
100 static gboolean match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
102 static gboolean match_ascii(capture_file *cf, frame_data *fdata,
104 static gboolean match_unicode(capture_file *cf, frame_data *fdata,
106 static gboolean match_binary(capture_file *cf, frame_data *fdata,
108 static gboolean match_dfilter(capture_file *cf, frame_data *fdata,
110 static gboolean find_packet(capture_file *cf,
111 gboolean (*match_function)(capture_file *, frame_data *, void *),
114 static void cf_open_failure_alert_box(const char *filename, int err,
115 gchar *err_info, gboolean for_writing,
117 static const char *file_rename_error_message(int err);
118 static void cf_write_failure_alert_box(const char *filename, int err);
119 static void cf_close_failure_alert_box(const char *filename, int err);
120 #ifdef NEW_PACKET_LIST
121 static void ref_time_packets(capture_file *cf);
123 /* Update the progress bar this many times when reading a file. */
124 #define N_PROGBAR_UPDATES 100
125 /* We read around 200k/100ms domt update the progress bar more often than that */
126 #define MIN_QUANTUM 200000
127 #define MIN_NUMBER_OF_PACKET 1500
129 /* Number of "frame_data" structures per memory chunk.
130 XXX - is this the right number? */
131 #define FRAME_DATA_CHUNK_SIZE 1024
134 /* this callback mechanism should possibly be replaced by the g_signal_...() stuff (if I only would know how :-) */
136 cf_callback_t cb_fct;
138 } cf_callback_data_t;
140 static GList *cf_callbacks = NULL;
143 cf_callback_invoke(int event, gpointer data)
145 cf_callback_data_t *cb;
146 GList *cb_item = cf_callbacks;
148 /* there should be at least one interested */
149 g_assert(cb_item != NULL);
151 while(cb_item != NULL) {
153 cb->cb_fct(event, data, cb->user_data);
154 cb_item = g_list_next(cb_item);
160 cf_callback_add(cf_callback_t func, gpointer user_data)
162 cf_callback_data_t *cb;
164 cb = g_malloc(sizeof(cf_callback_data_t));
166 cb->user_data = user_data;
168 cf_callbacks = g_list_append(cf_callbacks, cb);
172 cf_callback_remove(cf_callback_t func)
174 cf_callback_data_t *cb;
175 GList *cb_item = cf_callbacks;
177 while(cb_item != NULL) {
179 if(cb->cb_fct == func) {
180 cf_callbacks = g_list_remove(cf_callbacks, cb);
184 cb_item = g_list_next(cb_item);
187 g_assert_not_reached();
191 cf_timestamp_auto_precision(capture_file *cf)
193 #ifdef NEW_PACKET_LIST
196 int prec = timestamp_get_precision();
199 /* don't try to get the file's precision if none is opened */
200 if(cf->state == FILE_CLOSED) {
204 /* if we are in auto mode, set precision of current file */
205 if(prec == TS_PREC_AUTO ||
206 prec == TS_PREC_AUTO_SEC ||
207 prec == TS_PREC_AUTO_DSEC ||
208 prec == TS_PREC_AUTO_CSEC ||
209 prec == TS_PREC_AUTO_MSEC ||
210 prec == TS_PREC_AUTO_USEC ||
211 prec == TS_PREC_AUTO_NSEC)
213 switch(wtap_file_tsprecision(cf->wth)) {
214 case(WTAP_FILE_TSPREC_SEC):
215 timestamp_set_precision(TS_PREC_AUTO_SEC);
217 case(WTAP_FILE_TSPREC_DSEC):
218 timestamp_set_precision(TS_PREC_AUTO_DSEC);
220 case(WTAP_FILE_TSPREC_CSEC):
221 timestamp_set_precision(TS_PREC_AUTO_CSEC);
223 case(WTAP_FILE_TSPREC_MSEC):
224 timestamp_set_precision(TS_PREC_AUTO_MSEC);
226 case(WTAP_FILE_TSPREC_USEC):
227 timestamp_set_precision(TS_PREC_AUTO_USEC);
229 case(WTAP_FILE_TSPREC_NSEC):
230 timestamp_set_precision(TS_PREC_AUTO_NSEC);
233 g_assert_not_reached();
236 #ifdef NEW_PACKET_LIST
237 /* Set the column widths of those columns that show the time in
238 "command-line-specified" format. */
239 for (i = 0; i < cf->cinfo.num_cols; i++) {
240 if (col_has_time_fmt(&cf->cinfo, i)) {
241 new_packet_list_resize_column(i);
248 cf_get_computed_elapsed(void)
250 return computed_elapsed;
253 static void reset_elapsed(void)
255 computed_elapsed = 0;
258 static void compute_elapsed(GTimeVal *start_time)
263 g_get_current_time(&time_now);
265 delta_time = (time_now.tv_sec - start_time->tv_sec) * 1e6 +
266 time_now.tv_usec - start_time->tv_usec;
268 computed_elapsed = (gulong) (delta_time / 1000); /* ms*/
272 cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
277 wth = wtap_open_offline(fname, err, &err_info, TRUE);
281 /* The open succeeded. Close whatever capture file we had open,
282 and fill in the information for this file. */
285 /* Cleanup all data structures used for dissection. */
286 cleanup_dissection();
287 /* Initialize all data structures used for dissection. */
290 /* We're about to start reading the file. */
291 cf->state = FILE_READ_IN_PROGRESS;
296 /* Set the file name because we need it to set the follow stream filter.
297 XXX - is that still true? We need it for other reasons, though,
299 cf->filename = g_strdup(fname);
301 /* Indicate whether it's a permanent or temporary file. */
302 cf->is_tempfile = is_tempfile;
304 /* If it's a temporary capture buffer file, mark it as not saved. */
305 cf->user_saved = !is_tempfile;
309 cf->cd_t = wtap_file_type(cf->wth);
311 cf->displayed_count = 0;
312 cf->marked_count = 0;
313 cf->drops_known = FALSE;
315 cf->snap = wtap_snapshot_length(cf->wth);
317 /* Snapshot length not known. */
318 cf->has_snap = FALSE;
319 cf->snap = WTAP_MAX_PACKET_SIZE;
323 nstime_set_zero(&cf->elapsed_time);
324 nstime_set_unset(&first_ts);
325 nstime_set_unset(&prev_dis_ts);
326 nstime_set_unset(&prev_cap_ts);
329 #if GLIB_CHECK_VERSION(2,10,0)
331 /* memory chunks have been deprecated in favor of the slice allocator,
332 * which has been added in 2.10
334 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
336 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
338 g_assert(cf->plist_chunk);
341 #ifdef NEW_PACKET_LIST
342 /* Adjust timestamp precision if auto is selected, col width will be adjusted */
343 cf_timestamp_auto_precision(cf);
345 new_packet_list_queue_draw();
347 /* change the time formats now, as we might have a new precision */
348 cf_change_time_formats(cf);
350 fileset_file_opened(fname);
352 if(cf->cd_t == WTAP_FILE_BER) {
353 /* tell the BER dissector the file name */
354 ber_set_filename(cf->filename);
360 cf_open_failure_alert_box(fname, *err, err_info, FALSE, 0);
366 * Reset the state for the currently closed file, but don't do the
367 * UI callbacks; this is for use in "cf_open()", where we don't
368 * want the UI to go from "file open" to "file closed" back to
369 * "file open", we want it to go from "old file open" to "new file
370 * open and being read".
373 cf_reset_state(capture_file *cf)
375 /* Die if we're in the middle of reading a file. */
376 g_assert(cf->state != FILE_READ_IN_PROGRESS);
382 /* We have no file open... */
383 if (cf->filename != NULL) {
384 /* If it's a temporary file, remove it. */
386 ws_unlink(cf->filename);
387 g_free(cf->filename);
390 /* ...which means we have nothing to save. */
391 cf->user_saved = FALSE;
393 #if GLIB_CHECK_VERSION(2,10,0)
394 if (cf->plist_start != NULL)
395 g_slice_free_chain(frame_data, cf->plist_start, next);
397 /* memory chunks have been deprecated in favor of the slice allocator,
398 * which has been added in 2.10
400 if (cf->plist_chunk != NULL) {
401 g_mem_chunk_destroy(cf->plist_chunk);
402 cf->plist_chunk = NULL;
405 if (cf->rfcode != NULL) {
406 dfilter_free(cf->rfcode);
409 cf->plist_start = NULL;
410 cf->plist_end = NULL;
411 cf_unselect_packet(cf); /* nothing to select */
412 cf->first_displayed = NULL;
413 cf->last_displayed = NULL;
415 /* No frame selected, no field in that frame selected. */
416 cf->current_frame = NULL;
418 cf->finfo_selected = NULL;
420 /* Clear the packet list. */
421 #ifdef NEW_PACKET_LIST
422 new_packet_list_freeze();
423 new_packet_list_clear();
424 new_packet_list_thaw();
426 packet_list_freeze();
433 nstime_set_zero(&cf->elapsed_time);
435 reset_tap_listeners();
437 /* We have no file open. */
438 cf->state = FILE_CLOSED;
440 fileset_file_closed();
443 /* Reset everything to a pristine state */
445 cf_close(capture_file *cf)
447 /* do GUI things even if file is already closed,
448 * e.g. to cleanup things if a capture couldn't be started */
449 cf_callback_invoke(cf_cb_file_closing, cf);
451 /* close things, if not already closed before */
452 if(cf->state != FILE_CLOSED) {
453 color_filters_cleanup();
455 cleanup_dissection();
458 cf_callback_invoke(cf_cb_file_closed, cf);
461 /* an out of memory exception occured, wait for a user button press to exit */
462 void outofmemory_cb(gpointer dialog _U_, gint btn _U_, gpointer data _U_)
467 static float calc_progbar_val(capture_file *cf, gint64 size, gint64 file_pos){
471 progbar_val = (gfloat) file_pos / (gfloat) size;
472 if (progbar_val > 1.0) {
473 /* The file probably grew while we were reading it.
474 Update file size, and try again. */
475 size = wtap_file_size(cf->wth, NULL);
477 progbar_val = (gfloat) file_pos / (gfloat) size;
478 /* If it's still > 1, either "wtap_file_size()" failed (in which
479 case there's not much we can do about it), or the file
480 *shrank* (in which case there's not much we can do about
481 it); just clip the progress value at 1.0. */
482 if (progbar_val > 1.0f)
489 cf_read(capture_file *cf)
493 const gchar *name_ptr;
495 char errmsg_errno[1024+1];
497 progdlg_t *volatile progbar = NULL;
499 volatile gint64 size;
500 volatile float progbar_val;
502 gchar status_str[100];
503 volatile gint64 progbar_nextstep;
504 volatile gint64 progbar_quantum;
506 gboolean filtering_tap_listeners;
508 volatile int count = 0;
510 volatile int displayed_once = 0;
514 /* Compile the current display filter.
515 * We assume this will not fail since cf->dfilter is only set in
516 * cf_filter IFF the filter was valid.
518 compiled = dfilter_compile(cf->dfilter, &dfcode);
519 g_assert(!cf->dfilter || (compiled && dfcode));
521 /* Do we have any tap listeners with filters? */
522 filtering_tap_listeners = have_filtering_tap_listeners();
524 /* Get the union of the flags for all tap listeners. */
525 tap_flags = union_of_tap_listener_flags();
527 reset_tap_listeners();
529 cf_callback_invoke(cf_cb_file_read_start, cf);
531 name_ptr = get_basename(cf->filename);
533 /* Find the size of the file. */
534 size = wtap_file_size(cf->wth, NULL);
536 /* Update the progress bar when it gets to this value. */
537 progbar_nextstep = 0;
538 /* When we reach the value that triggers a progress bar update,
539 bump that value by this amount. */
541 progbar_quantum = size/N_PROGBAR_UPDATES;
542 if (progbar_quantum < MIN_QUANTUM)
543 progbar_quantum = MIN_QUANTUM;
546 /* Progress so far. */
549 #ifdef NEW_PACKET_LIST
550 new_packet_list_freeze();
552 packet_list_freeze();
556 g_get_current_time(&start_time);
558 while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
561 /* Create the progress bar if necessary.
562 * Check wether it should be created or not every MIN_NUMBER_OF_PACKET
564 if ((progbar == NULL) && !(count % MIN_NUMBER_OF_PACKET)){
565 progbar_val = calc_progbar_val( cf, size, data_offset);
566 progbar = delayed_create_progress_dlg("Loading", name_ptr,
567 TRUE, &stop_flag, &start_time, progbar_val);
570 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
571 when we update it, we have to run the GTK+ main loop to get it
572 to repaint what's pending, and doing so may involve an "ioctl()"
573 to see if there's any pending input from an X server, and doing
574 that for every packet can be costly, especially on a big file. */
575 if (data_offset >= progbar_nextstep) {
576 if (progbar != NULL) {
577 progbar_val = calc_progbar_val( cf, size, data_offset);
578 /* update the packet lists content on the first run or frequently on very large files */
579 /* (on smaller files the display update takes longer than reading the file) */
581 if (progbar_quantum > 500000 || displayed_once == 0) {
582 if ((auto_scroll_live || displayed_once == 0 || cf->displayed_count < 1000) && cf->plist_end != NULL) {
584 #ifdef NEW_PACKET_LIST
585 new_packet_list_thaw();
586 if (auto_scroll_live)
587 new_packet_list_moveto_end();
588 new_packet_list_freeze();
591 if (auto_scroll_live)
592 packet_list_moveto_end();
593 packet_list_freeze();
594 #endif /* NEW_PACKET_LIST */
597 #endif /* HAVE_LIBPCAP */
598 g_snprintf(status_str, sizeof(status_str),
599 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
600 data_offset / 1024, size / 1024);
601 update_progress_dlg(progbar, progbar_val, status_str);
603 progbar_nextstep += progbar_quantum;
608 /* Well, the user decided to abort the read. He/She will be warned and
609 it might be enough for him/her to work with the already loaded
611 This is especially true for very large capture files, where you don't
612 want to wait loading the whole file (which may last minutes or even
613 hours even on fast machines) just to see that it was the wrong file. */
617 read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
619 CATCH(OutOfMemoryError) {
622 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
623 "%sOut Of Memory!%s\n"
625 "Sorry, but Wireshark has to terminate now!\n"
627 "Some infos / workarounds can be found at:\n"
628 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
629 simple_dialog_primary_start(), simple_dialog_primary_end());
630 /* we have to terminate, as we cannot recover from the memory error */
631 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
633 main_window_update();
634 /* XXX - how to avoid a busy wait? */
642 /* Cleanup and release all dfilter resources */
644 dfilter_free(dfcode);
647 /* We're done reading the file; destroy the progress bar if it was created. */
649 destroy_progress_dlg(progbar);
651 /* We're done reading sequentially through the file. */
652 cf->state = FILE_READ_DONE;
654 /* Close the sequential I/O side, to free up memory it requires. */
655 wtap_sequential_close(cf->wth);
657 /* Allow the protocol dissectors to free up memory that they
658 * don't need after the sequential run-through of the packets. */
659 postseq_cleanup_all_protocols();
661 /* compute the time it took to load the file */
662 compute_elapsed(&start_time);
664 /* Set the file encapsulation type now; we don't know what it is until
665 we've looked at all the packets, as we don't know until then whether
666 there's more than one type (and thus whether it's
667 WTAP_ENCAP_PER_PACKET). */
668 cf->lnk_t = wtap_file_encap(cf->wth);
670 cf->current_frame = cf->first_displayed;
673 #ifdef NEW_PACKET_LIST
674 new_packet_list_thaw();
679 cf_callback_invoke(cf_cb_file_read_finished, cf);
681 /* If we have any displayed packets to select, select the first of those
682 packets by making the first row the selected row. */
683 if (cf->first_displayed != NULL){
684 #ifdef NEW_PACKET_LIST
685 new_packet_list_select_first_row();
687 packet_list_select_row(0);
688 #endif /* NEW_PACKET_LIST */
692 simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
693 "%sFile loading was cancelled!%s\n"
695 "The remaining packets in the file were discarded.\n"
697 "As a lot of packets from the original file will be missing,\n"
698 "remember to be careful when saving the current content to a file.\n",
699 simple_dialog_primary_start(), simple_dialog_primary_end());
700 return CF_READ_ERROR;
704 /* Put up a message box noting that the read failed somewhere along
705 the line. Don't throw out the stuff we managed to read, though,
709 case WTAP_ERR_UNSUPPORTED_ENCAP:
710 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
711 "The capture file has a packet with a network type that Wireshark doesn't support.\n(%s)",
714 errmsg = errmsg_errno;
717 case WTAP_ERR_CANT_READ:
718 errmsg = "An attempt to read from the capture file failed for"
719 " some unknown reason.";
722 case WTAP_ERR_SHORT_READ:
723 errmsg = "The capture file appears to have been cut short"
724 " in the middle of a packet.";
727 case WTAP_ERR_BAD_RECORD:
728 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
729 "The capture file appears to be damaged or corrupt.\n(%s)",
732 errmsg = errmsg_errno;
736 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
737 "An error occurred while reading the"
738 " capture file: %s.", wtap_strerror(err));
739 errmsg = errmsg_errno;
742 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", errmsg);
743 return CF_READ_ERROR;
750 cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
752 cf_status_t cf_status;
754 cf_status = cf_open(cf, fname, is_tempfile, err);
759 cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
761 gint64 data_offset = 0;
763 volatile int newly_displayed_packets = 0;
765 gboolean filtering_tap_listeners;
767 volatile gboolean visible = FALSE;
770 /* Compile the current display filter.
771 * We assume this will not fail since cf->dfilter is only set in
772 * cf_filter IFF the filter was valid.
774 compiled = dfilter_compile(cf->dfilter, &dfcode);
775 g_assert(!cf->dfilter || (compiled && dfcode));
777 /* Do we have any tap listeners with filters? */
778 filtering_tap_listeners = have_filtering_tap_listeners();
780 /* Get the union of the flags for all tap listeners. */
781 tap_flags = union_of_tap_listener_flags();
785 #ifdef NEW_PACKET_LIST
786 new_packet_list_check_end();
787 new_packet_list_freeze();
789 packet_list_check_end();
790 packet_list_freeze();
793 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
795 while (to_read != 0 && (wtap_read(cf->wth, err, &err_info, &data_offset))) {
796 if (cf->state == FILE_READ_ABORTED) {
797 /* Well, the user decided to exit Wireshark. Break out of the
798 loop, and let the code below (which is called even if there
799 aren't any packets left to read) exit. */
803 if (read_packet(cf, dfcode, filtering_tap_listeners, tap_flags,
804 data_offset) != -1) {
806 newly_displayed_packets++;
811 CATCH(OutOfMemoryError) {
814 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
815 "%sOut Of Memory!%s\n"
817 "Sorry, but Wireshark has to terminate now!\n"
819 "The capture file is not lost, it can be found at:\n"
822 "Some infos / workarounds can be found at:\n"
823 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
824 simple_dialog_primary_start(), simple_dialog_primary_end(), cf->filename);
825 /* we have to terminate, as we cannot recover from the memory error */
826 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
828 main_window_update();
829 /* XXX - how to avoid a busy wait? */
832 #ifdef NEW_PACKET_LIST
833 new_packet_list_thaw();
837 return CF_READ_ABORTED;
843 /* Cleanup and release all dfilter resources */
845 dfilter_free(dfcode);
848 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: count %u state: %u err: %u",
849 cf->count, cf->state, *err);*/
851 #ifdef NEW_PACKET_LIST
852 new_packet_list_thaw();
854 /* XXX - this causes "flickering" of the list */
858 /* moving to the end of the packet list - if the user requested so and
859 we have some new packets. */
860 if (newly_displayed_packets && auto_scroll_live && cf->plist_end != NULL)
861 #ifdef NEW_PACKET_LIST
863 new_packet_list_moveto_end();
865 /* this doesn't seem to work well with a frozen GTK_Clist, so do this after
866 packet_list_thaw() is done, see bugzilla 1188 */
867 /* XXX - this cheats and looks inside the packet list to find the final
869 packet_list_moveto_end();
870 #endif /* NEW_PACKET_LIST */
872 if (cf->state == FILE_READ_ABORTED) {
873 /* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
874 so that our caller can kill off the capture child process;
875 this will cause an EOF on the pipe from the child, so
876 "cf_finish_tail()" will be called, and it will clean up
878 return CF_READ_ABORTED;
879 } else if (*err != 0) {
880 /* We got an error reading the capture file.
881 XXX - pop up a dialog box instead? */
882 g_warning("Error \"%s\" while reading: \"%s\"\n",
883 wtap_strerror(*err), cf->filename);
885 return CF_READ_ERROR;
891 cf_finish_tail(capture_file *cf, int *err)
896 gboolean filtering_tap_listeners;
900 /* Compile the current display filter.
901 * We assume this will not fail since cf->dfilter is only set in
902 * cf_filter IFF the filter was valid.
904 compiled = dfilter_compile(cf->dfilter, &dfcode);
905 g_assert(!cf->dfilter || (compiled && dfcode));
907 /* Do we have any tap listeners with filters? */
908 filtering_tap_listeners = have_filtering_tap_listeners();
910 /* Get the union of the flags for all tap listeners. */
911 tap_flags = union_of_tap_listener_flags();
913 if(cf->wth == NULL) {
915 return CF_READ_ERROR;
918 #ifdef NEW_PACKET_LIST
919 new_packet_list_check_end();
920 new_packet_list_freeze();
922 packet_list_check_end();
923 packet_list_freeze();
926 while ((wtap_read(cf->wth, err, &err_info, &data_offset))) {
927 if (cf->state == FILE_READ_ABORTED) {
928 /* Well, the user decided to abort the read. Break out of the
929 loop, and let the code below (which is called even if there
930 aren't any packets left to read) exit. */
933 read_packet(cf, dfcode, filtering_tap_listeners, tap_flags, data_offset);
936 /* Cleanup and release all dfilter resources */
938 dfilter_free(dfcode);
941 #ifdef NEW_PACKET_LIST
942 new_packet_list_thaw();
947 if (cf->state == FILE_READ_ABORTED) {
948 /* Well, the user decided to abort the read. We're only called
949 when the child capture process closes the pipe to us (meaning
950 it's probably exited), so we can just close the capture
951 file; we return CF_READ_ABORTED so our caller can do whatever
952 is appropriate when that happens. */
954 return CF_READ_ABORTED;
957 if (auto_scroll_live && cf->plist_end != NULL)
958 #ifdef NEW_PACKET_LIST
959 new_packet_list_moveto_end();
961 /* XXX - this cheats and looks inside the packet list to find the final
963 packet_list_moveto_end();
966 /* We're done reading sequentially through the file. */
967 cf->state = FILE_READ_DONE;
969 /* We're done reading sequentially through the file; close the
970 sequential I/O side, to free up memory it requires. */
971 wtap_sequential_close(cf->wth);
973 /* Allow the protocol dissectors to free up memory that they
974 * don't need after the sequential run-through of the packets. */
975 postseq_cleanup_all_protocols();
977 /* Set the file encapsulation type now; we don't know what it is until
978 we've looked at all the packets, as we don't know until then whether
979 there's more than one type (and thus whether it's
980 WTAP_ENCAP_PER_PACKET). */
981 cf->lnk_t = wtap_file_encap(cf->wth);
984 /* We got an error reading the capture file.
985 XXX - pop up a dialog box? */
986 return CF_READ_ERROR;
991 #endif /* HAVE_LIBPCAP */
994 cf_get_display_name(capture_file *cf)
996 const gchar *displayname;
998 /* Return a name to use in displays */
999 if (!cf->is_tempfile) {
1000 /* Get the last component of the file name, and use that. */
1002 displayname = get_basename(cf->filename);
1004 displayname="(No file)";
1007 /* The file we read is a temporary file from a live capture;
1008 we don't mention its name. */
1009 displayname = "(Untitled)";
1014 /* XXX - use a macro instead? */
1016 cf_get_packet_count(capture_file *cf)
1021 /* XXX - use a macro instead? */
1023 cf_set_packet_count(capture_file *cf, int packet_count)
1025 cf->count = packet_count;
1028 /* XXX - use a macro instead? */
1030 cf_is_tempfile(capture_file *cf)
1032 return cf->is_tempfile;
1035 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile)
1037 cf->is_tempfile = is_tempfile;
1041 /* XXX - use a macro instead? */
1042 void cf_set_drops_known(capture_file *cf, gboolean drops_known)
1044 cf->drops_known = drops_known;
1047 /* XXX - use a macro instead? */
1048 void cf_set_drops(capture_file *cf, guint32 drops)
1053 /* XXX - use a macro instead? */
1054 gboolean cf_get_drops_known(capture_file *cf)
1056 return cf->drops_known;
1059 /* XXX - use a macro instead? */
1060 guint32 cf_get_drops(capture_file *cf)
1065 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
1067 cf->rfcode = rfcode;
1070 #ifdef NEW_PACKET_LIST
1072 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
1073 dfilter_t *dfcode, gboolean filtering_tap_listeners,
1075 union wtap_pseudo_header *pseudo_header, const guchar *buf,
1077 gboolean add_to_packet_list)
1079 gboolean create_proto_tree = FALSE;
1084 cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
1086 frame_data_set_before_dissect(fdata, &cf->elapsed_time,
1087 &first_ts, &prev_dis_ts, &prev_cap_ts);
1090 + we have a display filter and are re-applying it;
1091 + we have tap listeners with filters;
1092 + we have tap listeners that require a protocol tree;
1094 allocate a protocol tree root node, so that we'll construct
1095 a protocol tree against which a filter expression can be
1097 if ((dfcode != NULL && refilter) ||
1098 filtering_tap_listeners || (tap_flags & TL_REQUIRES_PROTO_TREE))
1099 create_proto_tree = TRUE;
1101 /* Dissect the frame. */
1102 epan_dissect_init(&edt, create_proto_tree, FALSE);
1104 if (dfcode != NULL && refilter) {
1105 epan_dissect_prime_dfilter(&edt, dfcode);
1108 tap_queue_init(&edt);
1109 epan_dissect_run(&edt, pseudo_header, buf, fdata, cinfo);
1110 tap_push_tapped_queue(&edt);
1112 /* If we have a display filter, apply it if we're refiltering, otherwise
1113 leave the "passed_dfilter" flag alone.
1115 If we don't have a display filter, set "passed_dfilter" to 1. */
1116 if (dfcode != NULL) {
1118 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, &edt) ? 1 : 0;
1121 fdata->flags.passed_dfilter = 1;
1123 if (add_to_packet_list) {
1124 /* We fill the needed columns from new_packet_list */
1125 row = new_packet_list_append(cinfo, fdata, &edt.pi);
1128 if(fdata->flags.passed_dfilter || fdata->flags.ref_time)
1130 frame_data_set_after_dissect(fdata, &cum_bytes, &prev_dis_ts);
1132 /* If we haven't yet seen the first frame, this is it.
1134 XXX - we must do this before we add the row to the display,
1135 as, if the display's GtkCList's selection mode is
1136 GTK_SELECTION_BROWSE, when the first entry is added to it,
1137 "cf_select_packet()" will be called, and it will fetch the row
1138 data for the 0th row, and will get a null pointer rather than
1139 "fdata", as "gtk_clist_append()" won't yet have returned and
1140 thus "gtk_clist_set_row_data()" won't yet have been called.
1142 We thus need to leave behind bread crumbs so that
1143 "cf_select_packet()" can find this frame. See the comment
1144 in "cf_select_packet()". */
1145 if (cf->first_displayed == NULL)
1146 cf->first_displayed = fdata;
1148 /* This is the last frame we've seen so far. */
1149 cf->last_displayed = fdata;
1151 cf->displayed_count++;
1154 epan_dissect_cleanup(&edt);
1161 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
1162 dfilter_t *dfcode, gboolean filtering_tap_listeners,
1164 union wtap_pseudo_header *pseudo_header, const guchar *buf,
1166 gboolean add_to_packet_list _U_)
1168 gboolean create_proto_tree = FALSE;
1175 /* just add some value here until we know if it is being displayed or not */
1176 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
1178 /* If we don't have the time stamp of the first packet in the
1179 capture, it's because this is the first packet. Save the time
1180 stamp of this packet as the time stamp of the first packet. */
1181 if (nstime_is_unset(&first_ts)) {
1182 first_ts = fdata->abs_ts;
1184 /* if this frames is marked as a reference time frame, reset
1185 firstsec and firstusec to this frame */
1186 if(fdata->flags.ref_time){
1187 first_ts = fdata->abs_ts;
1190 /* If we don't have the time stamp of the previous displayed packet,
1191 it's because this is the first displayed packet. Save the time
1192 stamp of this packet as the time stamp of the previous displayed
1194 if (nstime_is_unset(&prev_dis_ts)) {
1195 prev_dis_ts = fdata->abs_ts;
1198 /* Get the time elapsed between the first packet and this packet. */
1199 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
1201 /* If it's greater than the current elapsed time, set the elapsed time
1202 to it (we check for "greater than" so as not to be confused by
1203 time moving backwards). */
1204 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
1205 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
1206 cf->elapsed_time = fdata->rel_ts;
1209 /* Get the time elapsed between the previous displayed packet and
1211 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
1215 we have a display filter and are re-applying it;
1217 we have a list of color filters;
1219 we have tap listeners with filters;
1221 we have tap listeners that require a protocol tree;
1223 we have custom columns;
1225 allocate a protocol tree root node, so that we'll construct
1226 a protocol tree against which a filter expression can be
1228 if ((dfcode != NULL && refilter) ||
1229 color_filters_used() ||
1230 have_custom_cols(cinfo) ||
1231 filtering_tap_listeners || (tap_flags & TL_REQUIRES_PROTO_TREE))
1232 create_proto_tree = TRUE;
1234 /* Dissect the frame. */
1235 epan_dissect_init(&edt, create_proto_tree, FALSE);
1237 if (dfcode != NULL && refilter) {
1238 epan_dissect_prime_dfilter(&edt, dfcode);
1241 /* prepare color filters */
1242 color_filters_prime_edt(&edt);
1243 col_custom_prime_edt(&edt, cinfo);
1245 tap_queue_init(&edt);
1246 epan_dissect_run(&edt, pseudo_header, buf, fdata, cinfo);
1247 tap_push_tapped_queue(&edt);
1249 /* If we have a display filter, apply it if we're refiltering, otherwise
1250 leave the "passed_dfilter" flag alone.
1252 If we don't have a display filter, set "passed_dfilter" to 1. */
1253 if (dfcode != NULL) {
1255 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, &edt) ? 1 : 0;
1258 fdata->flags.passed_dfilter = 1;
1260 if( (fdata->flags.passed_dfilter) || (fdata->flags.ref_time) )
1262 /* This frame either passed the display filter list or is marked as
1263 a time reference frame. All time reference frames are displayed
1264 even if they dont pass the display filter */
1265 if(fdata->flags.ref_time){
1266 /* if this was a TIME REF frame we should reset the cul bytes field */
1267 cum_bytes = fdata->pkt_len;
1268 fdata->cum_bytes = cum_bytes;
1270 /* increase cum_bytes with this packets length */
1271 cum_bytes += fdata->pkt_len;
1274 epan_dissect_fill_in_columns(&edt, FALSE, TRUE);
1276 /* If we haven't yet seen the first frame, this is it.
1278 XXX - we must do this before we add the row to the display,
1279 as, if the display's GtkCList's selection mode is
1280 GTK_SELECTION_BROWSE, when the first entry is added to it,
1281 "cf_select_packet()" will be called, and it will fetch the row
1282 data for the 0th row, and will get a null pointer rather than
1283 "fdata", as "gtk_clist_append()" won't yet have returned and
1284 thus "gtk_clist_set_row_data()" won't yet have been called.
1286 We thus need to leave behind bread crumbs so that
1287 "cf_select_packet()" can find this frame. See the comment
1288 in "cf_select_packet()". */
1289 if (cf->first_displayed == NULL)
1290 cf->first_displayed = fdata;
1292 /* This is the last frame we've seen so far. */
1293 cf->last_displayed = fdata;
1295 row = packet_list_append(cinfo->col_data, fdata);
1297 /* colorize packet: first apply color filters
1298 * then if packet is marked, use preferences to overwrite color
1299 * we do both to make sure that when a packet gets un-marked, the
1300 * color will be correctly set (fixes bug 2038)
1302 fdata->color_filter = color_filters_colorize_packet(row, &edt);
1303 if (fdata->flags.marked) {
1304 packet_list_set_colors(row, &prefs.gui_marked_fg, &prefs.gui_marked_bg);
1307 /* Set the time of the previous displayed frame to the time of this
1309 prev_dis_ts = fdata->abs_ts;
1311 cf->displayed_count++;
1314 epan_dissect_cleanup(&edt);
1319 /* read in a new packet */
1320 /* returns the row of the new packet in the packet list or -1 if not displayed */
1322 read_packet(capture_file *cf, dfilter_t *dfcode,
1323 gboolean filtering_tap_listeners, guint tap_flags, gint64 offset)
1325 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
1326 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
1327 const guchar *buf = wtap_buf_ptr(cf->wth);
1330 frame_data *plist_end;
1335 /* Allocate the next list entry, and add it to the list.
1336 * memory chunks have been deprecated in favor of the slice allocator,
1337 * which has been added in 2.10
1339 #if GLIB_CHECK_VERSION(2,10,0)
1340 fdata = g_slice_new(frame_data);
1342 fdata = g_mem_chunk_alloc(cf->plist_chunk);
1345 frame_data_init(fdata, cf->count, phdr, offset, cum_bytes);
1347 #ifdef NEW_PACKET_LIST
1348 fdata->col_text_len = se_alloc0(sizeof(fdata->col_text_len) * (cf->cinfo.num_cols));
1349 fdata->col_text = se_alloc0(sizeof(fdata->col_text) * (cf->cinfo.num_cols));
1355 epan_dissect_init(&edt, TRUE, FALSE);
1356 epan_dissect_prime_dfilter(&edt, cf->rfcode);
1357 epan_dissect_run(&edt, pseudo_header, buf, fdata, NULL);
1358 passed = dfilter_apply_edt(cf->rfcode, &edt);
1359 epan_dissect_cleanup(&edt);
1363 plist_end = cf->plist_end;
1364 fdata->prev = plist_end;
1365 if (plist_end != NULL)
1366 plist_end->next = fdata;
1368 cf->plist_start = fdata;
1369 cf->plist_end = fdata;
1371 cf->f_datalen = offset + phdr->caplen;
1373 if (!cf->redissecting) {
1374 row = add_packet_to_packet_list(fdata, cf, dfcode,
1375 filtering_tap_listeners, tap_flags,
1376 pseudo_header, buf, TRUE, TRUE);
1379 /* We didn't pass read filter so roll back count */
1382 /* XXX - if we didn't have read filters, or if we could avoid
1383 allocating the "frame_data" structure until we knew whether
1384 the frame passed the read filter, we could use a G_ALLOC_ONLY
1387 ...but, at least in one test I did, where I just made the chunk
1388 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
1389 seem to save a noticeable amount of time or space. */
1390 #if GLIB_CHECK_VERSION(2,10,0)
1391 /* memory chunks have been deprecated in favor of the slice allocator,
1392 * which has been added in 2.10
1394 g_slice_free(frame_data,fdata);
1396 g_mem_chunk_free(cf->plist_chunk, fdata);
1404 cf_merge_files(char **out_filenamep, int in_file_count,
1405 char *const *in_filenames, int file_type, gboolean do_append)
1407 merge_in_file_t *in_files;
1413 int open_err, read_err, write_err, close_err;
1417 char errmsg_errno[1024+1];
1419 gboolean got_read_error = FALSE, got_write_error = FALSE;
1421 progdlg_t *progbar = NULL;
1423 gint64 f_len, file_pos;
1425 GTimeVal start_time;
1426 gchar status_str[100];
1427 gint64 progbar_nextstep;
1428 gint64 progbar_quantum;
1430 /* open the input files */
1431 if (!merge_open_in_files(in_file_count, in_filenames, &in_files,
1432 &open_err, &err_info, &err_fileno)) {
1434 cf_open_failure_alert_box(in_filenames[err_fileno], open_err, err_info,
1439 if (*out_filenamep != NULL) {
1440 out_filename = *out_filenamep;
1441 out_fd = ws_open(out_filename, O_CREAT|O_TRUNC|O_BINARY, 0600);
1445 out_fd = create_tempfile(&tmpname, "wireshark");
1448 out_filename = g_strdup(tmpname);
1449 *out_filenamep = out_filename;
1453 merge_close_in_files(in_file_count, in_files);
1455 cf_open_failure_alert_box(out_filename, open_err, NULL, TRUE, file_type);
1459 pdh = wtap_dump_fdopen(out_fd, file_type,
1460 merge_select_frame_type(in_file_count, in_files),
1461 merge_max_snapshot_length(in_file_count, in_files),
1462 FALSE /* compressed */, &open_err);
1465 merge_close_in_files(in_file_count, in_files);
1467 cf_open_failure_alert_box(out_filename, open_err, err_info, TRUE,
1472 /* Get the sum of the sizes of all the files. */
1474 for (i = 0; i < in_file_count; i++)
1475 f_len += in_files[i].size;
1477 /* Update the progress bar when it gets to this value. */
1478 progbar_nextstep = 0;
1479 /* When we reach the value that triggers a progress bar update,
1480 bump that value by this amount. */
1481 progbar_quantum = f_len/N_PROGBAR_UPDATES;
1482 /* Progress so far. */
1486 g_get_current_time(&start_time);
1488 /* do the merge (or append) */
1491 wth = merge_append_read_packet(in_file_count, in_files, &read_err,
1494 wth = merge_read_packet(in_file_count, in_files, &read_err,
1498 got_read_error = TRUE;
1502 /* Get the sum of the data offsets in all of the files. */
1504 for (i = 0; i < in_file_count; i++)
1505 data_offset += in_files[i].data_offset;
1507 /* Create the progress bar if necessary.
1508 We check on every iteration of the loop, so that it takes no
1509 longer than the standard time to create it (otherwise, for a
1510 large file, we might take considerably longer than that standard
1511 time in order to get to the next progress bar step). */
1512 if (progbar == NULL) {
1513 progbar = delayed_create_progress_dlg("Merging", "files",
1514 FALSE, &stop_flag, &start_time, progbar_val);
1517 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1518 when we update it, we have to run the GTK+ main loop to get it
1519 to repaint what's pending, and doing so may involve an "ioctl()"
1520 to see if there's any pending input from an X server, and doing
1521 that for every packet can be costly, especially on a big file. */
1522 if (data_offset >= progbar_nextstep) {
1523 /* Get the sum of the seek positions in all of the files. */
1525 for (i = 0; i < in_file_count; i++)
1526 file_pos += wtap_read_so_far(in_files[i].wth, NULL);
1527 progbar_val = (gfloat) file_pos / (gfloat) f_len;
1528 if (progbar_val > 1.0f) {
1529 /* Some file probably grew while we were reading it.
1530 That "shouldn't happen", so we'll just clip the progress
1534 if (progbar != NULL) {
1535 g_snprintf(status_str, sizeof(status_str),
1536 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
1537 file_pos / 1024, f_len / 1024);
1538 update_progress_dlg(progbar, progbar_val, status_str);
1540 progbar_nextstep += progbar_quantum;
1544 /* Well, the user decided to abort the merge. */
1548 if (!wtap_dump(pdh, wtap_phdr(wth), wtap_pseudoheader(wth),
1549 wtap_buf_ptr(wth), &write_err)) {
1550 got_write_error = TRUE;
1555 /* We're done merging the files; destroy the progress bar if it was created. */
1556 if (progbar != NULL)
1557 destroy_progress_dlg(progbar);
1559 merge_close_in_files(in_file_count, in_files);
1560 if (!got_read_error && !got_write_error) {
1561 if (!wtap_dump_close(pdh, &write_err))
1562 got_write_error = TRUE;
1564 wtap_dump_close(pdh, &close_err);
1566 if (got_read_error) {
1568 * Find the file on which we got the error, and report the error.
1570 for (i = 0; i < in_file_count; i++) {
1571 if (in_files[i].state == GOT_ERROR) {
1572 /* Put up a message box noting that a read failed somewhere along
1576 case WTAP_ERR_UNSUPPORTED_ENCAP:
1577 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1578 "The capture file %%s has a packet with a network type that Wireshark doesn't support.\n(%s)",
1581 errmsg = errmsg_errno;
1584 case WTAP_ERR_CANT_READ:
1585 errmsg = "An attempt to read from the capture file %s failed for"
1586 " some unknown reason.";
1589 case WTAP_ERR_SHORT_READ:
1590 errmsg = "The capture file %s appears to have been cut short"
1591 " in the middle of a packet.";
1594 case WTAP_ERR_BAD_RECORD:
1595 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1596 "The capture file %%s appears to be damaged or corrupt.\n(%s)",
1599 errmsg = errmsg_errno;
1603 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1604 "An error occurred while reading the"
1605 " capture file %%s: %s.", wtap_strerror(read_err));
1606 errmsg = errmsg_errno;
1609 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, errmsg, in_files[i].filename);
1614 if (got_write_error) {
1615 /* Put up an alert box for the write error. */
1616 cf_write_failure_alert_box(out_filename, write_err);
1619 if (got_read_error || got_write_error || stop_flag) {
1620 /* Callers aren't expected to treat an error or an explicit abort
1621 differently - we put up error dialogs ourselves, so they don't
1629 cf_filter_packets(capture_file *cf, gchar *dftext, gboolean force)
1631 const char *filter_new = dftext ? dftext : "";
1632 const char *filter_old = cf->dfilter ? cf->dfilter : "";
1635 /* if new filter equals old one, do nothing unless told to do so */
1636 if (!force && strcmp(filter_new, filter_old) == 0) {
1642 if (dftext == NULL) {
1643 /* The new filter is an empty filter (i.e., display all packets).
1644 * so leave dfcode==NULL
1648 * We have a filter; make a copy of it (as we'll be saving it),
1649 * and try to compile it.
1651 dftext = g_strdup(dftext);
1652 if (!dfilter_compile(dftext, &dfcode)) {
1653 /* The attempt failed; report an error. */
1654 gchar *safe_dftext = simple_dialog_format_message(dftext);
1655 gchar *safe_dfilter_error_msg = simple_dialog_format_message(
1657 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1660 "The following display filter isn't a valid display filter:\n%s\n"
1661 "See the help for a description of the display filter syntax.",
1662 simple_dialog_primary_start(), safe_dfilter_error_msg,
1663 simple_dialog_primary_end(), safe_dftext);
1664 g_free(safe_dfilter_error_msg);
1665 g_free(safe_dftext);
1671 if (dfcode == NULL) {
1672 /* Yes - free the filter text, and set it to null. */
1678 /* We have a valid filter. Replace the current filter. */
1679 g_free(cf->dfilter);
1680 cf->dfilter = dftext;
1682 /* Now rescan the packet list, applying the new filter, but not
1683 throwing away information constructed on a previous pass. */
1684 if (dftext == NULL) {
1685 rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
1687 rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
1690 /* Cleanup and release all dfilter resources */
1691 if (dfcode != NULL){
1692 dfilter_free(dfcode);
1698 cf_colorize_packets(capture_file *cf)
1700 rescan_packets(cf, "Colorizing", "all packets", FALSE, FALSE);
1704 cf_reftime_packets(capture_file *cf)
1707 #ifdef NEW_PACKET_LIST
1708 ref_time_packets(cf);
1710 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1715 cf_redissect_packets(capture_file *cf)
1717 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1720 /* Rescan the list of packets, reconstructing the CList.
1722 "action" describes why we're doing this; it's used in the progress
1725 "action_item" describes what we're doing; it's used in the progress
1728 "refilter" is TRUE if we need to re-evaluate the filter expression.
1730 "redissect" is TRUE if we need to make the dissectors reconstruct
1731 any state information they have (because a preference that affects
1732 some dissector has changed, meaning some dissector might construct
1733 its state differently from the way it was constructed the last time). */
1734 #ifdef NEW_PACKET_LIST
1736 rescan_packets(capture_file *cf, const char *action, const char *action_item,
1737 gboolean refilter, gboolean redissect)
1739 /* Rescan packets new packet list */
1741 progdlg_t *progbar = NULL;
1746 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
1747 int selected_frame_num, preceding_frame_num, following_frame_num, prev_frame_num;
1748 gboolean selected_frame_seen;
1751 GTimeVal start_time;
1752 gchar status_str[100];
1753 int progbar_nextstep;
1754 int progbar_quantum;
1756 gboolean filtering_tap_listeners;
1758 gboolean add_to_packet_list = FALSE;
1761 /* Compile the current display filter.
1762 * We assume this will not fail since cf->dfilter is only set in
1763 * cf_filter IFF the filter was valid.
1765 compiled = dfilter_compile(cf->dfilter, &dfcode);
1766 g_assert(!cf->dfilter || (compiled && dfcode));
1768 /* Do we have any tap listeners with filters? */
1769 filtering_tap_listeners = have_filtering_tap_listeners();
1771 /* Get the union of the flags for all tap listeners. */
1772 tap_flags = union_of_tap_listener_flags();
1774 reset_tap_listeners();
1775 /* Which frame, if any, is the currently selected frame?
1776 XXX - should the selected frame or the focus frame be the "current"
1777 frame, that frame being the one from which "Find Frame" searches
1779 selected_frame = cf->current_frame;
1781 /* Mark frane num as not found */
1782 selected_frame_num = -1;
1784 /* Freeze the packet list while we redo it, so we don't get any
1785 screen updates while it happens. */
1786 new_packet_list_freeze();
1789 /* We need to re-initialize all the state information that protocols
1790 keep, because some preference that controls a dissector has changed,
1791 which might cause the state information to be constructed differently
1792 by that dissector. */
1794 /* We might receive new packets while redissecting, and we don't
1795 want to dissect those before their time. */
1796 cf->redissecting = TRUE;
1798 /* Cleanup all data structures used for dissection. */
1799 cleanup_dissection();
1800 /* Initialize all data structures used for dissection. */
1803 /* We need to redissect the packets so we have to discard our old
1804 * packet list store. */
1805 new_packet_list_clear();
1806 add_to_packet_list = TRUE;
1809 /* We don't yet know which will be the first and last frames displayed. */
1810 cf->first_displayed = NULL;
1811 cf->last_displayed = NULL;
1815 /* We currently don't display any packets */
1816 cf->displayed_count = 0;
1818 /* Iterate through the list of frames. Call a routine for each frame
1819 to check whether it should be displayed and, if so, add it to
1820 the display list. */
1821 nstime_set_unset(&first_ts);
1822 nstime_set_unset(&prev_dis_ts);
1823 nstime_set_unset(&prev_cap_ts);
1826 /* Update the progress bar when it gets to this value. */
1827 progbar_nextstep = 0;
1828 /* When we reach the value that triggers a progress bar update,
1829 bump that value by this amount. */
1830 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1831 /* Count of packets at which we've looked. */
1833 /* Progress so far. */
1837 g_get_current_time(&start_time);
1839 /* no previous row yet */
1841 prev_frame_num = -1;
1844 preceding_frame_num = -1;
1845 preceding_frame = NULL;
1846 following_frame_num = -1;
1847 following_frame = NULL;
1849 selected_frame_seen = FALSE;
1851 for (fdata = cf->plist_start; fdata != NULL; fdata = fdata->next) {
1852 /* Create the progress bar if necessary.
1853 We check on every iteration of the loop, so that it takes no
1854 longer than the standard time to create it (otherwise, for a
1855 large file, we might take considerably longer than that standard
1856 time in order to get to the next progress bar step). */
1857 if (progbar == NULL)
1858 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
1859 &stop_flag, &start_time,
1862 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1863 when we update it, we have to run the GTK+ main loop to get it
1864 to repaint what's pending, and doing so may involve an "ioctl()"
1865 to see if there's any pending input from an X server, and doing
1866 that for every packet can be costly, especially on a big file. */
1867 if (count >= progbar_nextstep) {
1868 /* let's not divide by zero. I should never be started
1869 * with count == 0, so let's assert that
1871 g_assert(cf->count > 0);
1872 progbar_val = (gfloat) count / cf->count;
1874 if (progbar != NULL) {
1875 g_snprintf(status_str, sizeof(status_str),
1876 "%4u of %u frames", count, cf->count);
1877 update_progress_dlg(progbar, progbar_val, status_str);
1880 progbar_nextstep += progbar_quantum;
1884 /* Well, the user decided to abort the filtering. Just stop.
1886 XXX - go back to the previous filter? Users probably just
1887 want not to wait for a filtering operation to finish;
1888 unless we cancel by having no filter, reverting to the
1889 previous filter will probably be even more expensive than
1890 continuing the filtering, as it involves going back to the
1891 beginning and filtering, and even with no filter we currently
1892 have to re-generate the entire clist, which is also expensive.
1894 I'm not sure what Network Monitor does, but it doesn't appear
1895 to give you an unfiltered display if you cancel. */
1902 /* Since all state for the frame was destroyed, mark the frame
1903 * as not visited, free the GSList referring to the state
1904 * data (the per-frame data itself was freed by
1905 * "init_dissection()"), and null out the GSList pointer. */
1906 fdata->flags.visited = 0;
1907 frame_data_cleanup(fdata);
1909 /* cleanup_dissection() calls se_free_all();
1910 * And after that fdata->col_text (which is allocated using se_alloc0())
1911 * no longer points to valid memory.
1913 fdata->col_text_len = se_alloc0(sizeof(fdata->col_text_len) * (cf->cinfo.num_cols));
1914 fdata->col_text = se_alloc0(sizeof(fdata->col_text) * (cf->cinfo.num_cols));
1917 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1918 cf->pd, fdata->cap_len, &err, &err_info)) {
1919 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1920 cf_read_error_message(err, err_info), cf->filename);
1924 /* If the previous frame is displayed, and we haven't yet seen the
1925 selected frame, remember that frame - it's the closest one we've
1926 yet seen before the selected frame. */
1927 if (prev_frame_num != -1 && !selected_frame_seen && prev_frame->flags.passed_dfilter) {
1928 preceding_frame_num = prev_frame_num;
1929 preceding_frame = prev_frame;
1931 add_packet_to_packet_list(fdata, cf, dfcode, filtering_tap_listeners,
1932 tap_flags, &cf->pseudo_header, cf->pd,
1934 add_to_packet_list);
1936 /* If this frame is displayed, and this is the first frame we've
1937 seen displayed after the selected frame, remember this frame -
1938 it's the closest one we've yet seen at or after the selected
1940 if (fdata->flags.passed_dfilter && selected_frame_seen && following_frame_num == -1) {
1941 following_frame_num = fdata->num;
1942 following_frame = fdata;
1944 if (fdata == selected_frame) {
1945 selected_frame_seen = TRUE;
1946 if (fdata->flags.passed_dfilter)
1947 selected_frame_num = fdata->num;
1950 /* Remember this frame - it'll be the previous frame
1951 on the next pass through the loop. */
1952 prev_frame_num = fdata->num;
1956 /* We are done redissecting the packet list. */
1957 cf->redissecting = FALSE;
1960 /* Clear out what remains of the visited flags and per-frame data
1963 XXX - that may cause various forms of bogosity when dissecting
1964 these frames, as they won't have been seen by this sequential
1965 pass, but the only alternative I see is to keep scanning them
1966 even though the user requested that the scan stop, and that
1967 would leave the user stuck with an Wireshark grinding on
1968 until it finishes. Should we just stick them with that? */
1969 for (; fdata != NULL; fdata = fdata->next) {
1970 fdata->flags.visited = 0;
1971 frame_data_cleanup(fdata);
1975 /* We're done filtering the packets; destroy the progress bar if it
1977 if (progbar != NULL)
1978 destroy_progress_dlg(progbar);
1980 /* Unfreeze the packet list. */
1981 if (!add_to_packet_list)
1982 new_packet_list_recreate_visible_rows();
1984 new_packet_list_thaw();
1986 if (selected_frame_num == -1) {
1987 /* The selected frame didn't pass the filter. */
1988 if (selected_frame == NULL) {
1989 /* That's because there *was* no selected frame. Make the first
1990 displayed frame the current frame. */
1991 selected_frame_num = 0;
1993 /* Find the nearest displayed frame to the selected frame (whether
1994 it's before or after that frame) and make that the current frame.
1995 If the next and previous displayed frames are equidistant from the
1996 selected frame, choose the next one. */
1997 g_assert(following_frame == NULL ||
1998 following_frame->num >= selected_frame->num);
1999 g_assert(preceding_frame == NULL ||
2000 preceding_frame->num <= selected_frame->num);
2001 if (following_frame == NULL) {
2002 /* No frame after the selected frame passed the filter, so we
2003 have to select the last displayed frame before the selected
2005 selected_frame_num = preceding_frame_num;
2006 selected_frame = preceding_frame;
2007 } else if (preceding_frame == NULL) {
2008 /* No frame before the selected frame passed the filter, so we
2009 have to select the first displayed frame after the selected
2011 selected_frame_num = following_frame_num;
2012 selected_frame = following_frame;
2014 /* Frames before and after the selected frame passed the filter, so
2015 we'll select the previous frame */
2016 selected_frame_num = preceding_frame_num;
2017 selected_frame = preceding_frame;
2022 if (selected_frame_num == -1) {
2023 /* There are no frames displayed at all. */
2024 cf_unselect_packet(cf);
2026 /* Either the frame that was selected passed the filter, or we've
2027 found the nearest displayed frame to that frame. Select it, make
2028 it the focus row, and make it visible. */
2029 if (selected_frame_num == 0) {
2030 new_packet_list_select_first_row();
2032 new_packet_list_find_row_from_data(selected_frame, TRUE);
2036 /* Cleanup and release all dfilter resources */
2037 if (dfcode != NULL){
2038 dfilter_free(dfcode);
2045 rescan_packets(capture_file *cf, const char *action, const char *action_item,
2046 gboolean refilter, gboolean redissect)
2049 progdlg_t *progbar = NULL;
2054 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
2055 int selected_row, prev_row, preceding_row, following_row;
2056 gboolean selected_frame_seen;
2059 GTimeVal start_time;
2060 gchar status_str[100];
2061 int progbar_nextstep;
2062 int progbar_quantum;
2064 gboolean filtering_tap_listeners;
2066 gboolean add_to_packet_list = TRUE;
2069 /* Compile the current display filter.
2070 * We assume this will not fail since cf->dfilter is only set in
2071 * cf_filter IFF the filter was valid.
2073 compiled = dfilter_compile(cf->dfilter, &dfcode);
2074 g_assert(!cf->dfilter || (compiled && dfcode));
2076 /* Do we have any tap listeners with filters? */
2077 filtering_tap_listeners = have_filtering_tap_listeners();
2079 /* Get the union of the flags for all tap listeners. */
2080 tap_flags = union_of_tap_listener_flags();
2082 reset_tap_listeners();
2083 /* Which frame, if any, is the currently selected frame?
2084 XXX - should the selected frame or the focus frame be the "current"
2085 frame, that frame being the one from which "Find Frame" searches
2087 selected_frame = cf->current_frame;
2089 /* We don't yet know what row that frame will be on, if any, after we
2090 rebuild the clist, however. */
2093 /* Freeze the packet list while we redo it, so we don't get any
2094 screen updates while it happens. */
2095 packet_list_freeze();
2098 packet_list_clear();
2101 /* We need to re-initialize all the state information that protocols
2102 keep, because some preference that controls a dissector has changed,
2103 which might cause the state information to be constructed differently
2104 by that dissector. */
2106 /* We might receive new packets while redissecting, and we don't
2107 want to dissect those before their time. */
2108 cf->redissecting = TRUE;
2110 /* Cleanup all data structures used for dissection. */
2111 cleanup_dissection();
2112 /* Initialize all data structures used for dissection. */
2117 /* We don't yet know which will be the first and last frames displayed. */
2118 cf->first_displayed = NULL;
2119 cf->last_displayed = NULL;
2123 /* We currently don't display any packets */
2124 cf->displayed_count = 0;
2126 /* Iterate through the list of frames. Call a routine for each frame
2127 to check whether it should be displayed and, if so, add it to
2128 the display list. */
2129 nstime_set_unset(&first_ts);
2130 nstime_set_unset(&prev_dis_ts);
2133 /* Update the progress bar when it gets to this value. */
2134 progbar_nextstep = 0;
2135 /* When we reach the value that triggers a progress bar update,
2136 bump that value by this amount. */
2137 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2138 /* Count of packets at which we've looked. */
2140 /* Progress so far. */
2144 g_get_current_time(&start_time);
2146 row = -1; /* no previous row yet */
2151 preceding_frame = NULL;
2153 following_frame = NULL;
2155 selected_frame_seen = FALSE;
2157 for (fdata = cf->plist_start; fdata != NULL; fdata = fdata->next) {
2158 /* Create the progress bar if necessary.
2159 We check on every iteration of the loop, so that it takes no
2160 longer than the standard time to create it (otherwise, for a
2161 large file, we might take considerably longer than that standard
2162 time in order to get to the next progress bar step). */
2163 if (progbar == NULL)
2164 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
2165 &stop_flag, &start_time,
2168 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2169 when we update it, we have to run the GTK+ main loop to get it
2170 to repaint what's pending, and doing so may involve an "ioctl()"
2171 to see if there's any pending input from an X server, and doing
2172 that for every packet can be costly, especially on a big file. */
2173 if (count >= progbar_nextstep) {
2174 /* let's not divide by zero. I should never be started
2175 * with count == 0, so let's assert that
2177 g_assert(cf->count > 0);
2178 progbar_val = (gfloat) count / cf->count;
2180 if (progbar != NULL) {
2181 g_snprintf(status_str, sizeof(status_str),
2182 "%4u of %u frames", count, cf->count);
2183 update_progress_dlg(progbar, progbar_val, status_str);
2186 progbar_nextstep += progbar_quantum;
2190 /* Well, the user decided to abort the filtering. Just stop.
2192 XXX - go back to the previous filter? Users probably just
2193 want not to wait for a filtering operation to finish;
2194 unless we cancel by having no filter, reverting to the
2195 previous filter will probably be even more expensive than
2196 continuing the filtering, as it involves going back to the
2197 beginning and filtering, and even with no filter we currently
2198 have to re-generate the entire clist, which is also expensive.
2200 I'm not sure what Network Monitor does, but it doesn't appear
2201 to give you an unfiltered display if you cancel. */
2208 /* Since all state for the frame was destroyed, mark the frame
2209 * as not visited, free the GSList referring to the state
2210 * data (the per-frame data itself was freed by
2211 * "init_dissection()"), and null out the GSList pointer.
2213 fdata->flags.visited = 0;
2214 frame_data_cleanup(fdata);
2217 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
2218 cf->pd, fdata->cap_len, &err, &err_info)) {
2219 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
2220 cf_read_error_message(err, err_info), cf->filename);
2224 /* If the previous frame is displayed, and we haven't yet seen the
2225 selected frame, remember that frame - it's the closest one we've
2226 yet seen before the selected frame. */
2227 if (prev_row != -1 && !selected_frame_seen) {
2228 preceding_row = prev_row;
2229 preceding_frame = prev_frame;
2231 row = add_packet_to_packet_list(fdata, cf, dfcode, filtering_tap_listeners,
2232 tap_flags, &cf->pseudo_header, cf->pd,
2234 add_to_packet_list);
2236 /* If this frame is displayed, and this is the first frame we've
2237 seen displayed after the selected frame, remember this frame -
2238 it's the closest one we've yet seen at or after the selected
2240 if (row != -1 && selected_frame_seen && following_row == -1) {
2241 following_row = row;
2242 following_frame = fdata;
2244 if (fdata == selected_frame) {
2246 selected_frame_seen = TRUE;
2249 /* Remember this row/frame - it'll be the previous row/frame
2250 on the next pass through the loop. */
2255 /* We are done redissecting the packet list. */
2256 cf->redissecting = FALSE;
2259 /* Clear out what remains of the visited flags and per-frame data
2262 XXX - that may cause various forms of bogosity when dissecting
2263 these frames, as they won't have been seen by this sequential
2264 pass, but the only alternative I see is to keep scanning them
2265 even though the user requested that the scan stop, and that
2266 would leave the user stuck with an Wireshark grinding on
2267 until it finishes. Should we just stick them with that? */
2268 for (; fdata != NULL; fdata = fdata->next) {
2269 fdata->flags.visited = 0;
2270 frame_data_cleanup(fdata);
2274 /* We're done filtering the packets; destroy the progress bar if it
2276 if (progbar != NULL)
2277 destroy_progress_dlg(progbar);
2279 /* Unfreeze the packet list. */
2282 if (selected_row == -1) {
2283 /* The selected frame didn't pass the filter. */
2284 if (selected_frame == NULL) {
2285 /* That's because there *was* no selected frame. Make the first
2286 displayed frame the current frame. */
2289 /* Find the nearest displayed frame to the selected frame (whether
2290 it's before or after that frame) and make that the current frame.
2291 If the next and previous displayed frames are equidistant from the
2292 selected frame, choose the next one. */
2293 g_assert(following_frame == NULL ||
2294 following_frame->num >= selected_frame->num);
2295 g_assert(preceding_frame == NULL ||
2296 preceding_frame->num <= selected_frame->num);
2297 if (following_frame == NULL) {
2298 /* No frame after the selected frame passed the filter, so we
2299 have to select the last displayed frame before the selected
2301 selected_row = preceding_row;
2302 } else if (preceding_frame == NULL) {
2303 /* No frame before the selected frame passed the filter, so we
2304 have to select the first displayed frame after the selected
2306 selected_row = following_row;
2308 /* Frames before and after the selected frame passed the filter, so
2309 we'll select the previous frame */
2310 selected_row = preceding_row;
2315 if (selected_row == -1) {
2316 /* There are no frames displayed at all. */
2317 cf_unselect_packet(cf);
2319 /* Either the frame that was selected passed the filter, or we've
2320 found the nearest displayed frame to that frame. Select it, make
2321 it the focus row, and make it visible. */
2322 if (selected_row == 0) {
2323 /* Set to invalid to force update of packet list and packet details */
2324 cf->current_row = -1;
2326 packet_list_set_selected_row(selected_row);
2329 /* Cleanup and release all dfilter resources */
2330 if (dfcode != NULL){
2331 dfilter_free(dfcode);
2334 #endif /* NEW_PACKET_LIST */
2337 * Scan trough all frame data and recalculate the ref time
2338 * without rereading the file.
2339 * XXX - do we need a progres bar or is this fast enough?
2341 #ifdef NEW_PACKET_LIST
2343 ref_time_packets(capture_file *cf)
2347 nstime_set_unset(&first_ts);
2348 nstime_set_unset(&prev_dis_ts);
2349 nstime_set_unset(&prev_cap_ts);
2352 for (fdata = cf->plist_start; fdata != NULL; fdata = fdata->next) {
2353 /* just add some value here until we know if it is being displayed or not */
2354 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
2356 /* If we don't have the time stamp of the first packet in the
2357 capture, it's because this is the first packet. Save the time
2358 stamp of this packet as the time stamp of the first packet. */
2359 if (nstime_is_unset(&first_ts)) {
2360 first_ts = fdata->abs_ts;
2362 /* if this frames is marked as a reference time frame, reset
2363 firstsec and firstusec to this frame */
2364 if(fdata->flags.ref_time){
2365 first_ts = fdata->abs_ts;
2368 /* If we don't have the time stamp of the previous displayed packet,
2369 it's because this is the first displayed packet. Save the time
2370 stamp of this packet as the time stamp of the previous displayed
2372 if (nstime_is_unset(&prev_dis_ts)) {
2373 prev_dis_ts = fdata->abs_ts;
2376 /* Get the time elapsed between the first packet and this packet. */
2377 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
2379 /* If it's greater than the current elapsed time, set the elapsed time
2380 to it (we check for "greater than" so as not to be confused by
2381 time moving backwards). */
2382 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
2383 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
2384 cf->elapsed_time = fdata->rel_ts;
2387 /* Get the time elapsed between the previous displayed packet and
2389 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
2391 if( (fdata->flags.passed_dfilter) || (fdata->flags.ref_time) ){
2392 /* This frame either passed the display filter list or is marked as
2393 a time reference frame. All time reference frames are displayed
2394 even if they dont pass the display filter */
2395 if(fdata->flags.ref_time){
2396 /* if this was a TIME REF frame we should reset the cul bytes field */
2397 cum_bytes = fdata->pkt_len;
2398 fdata->cum_bytes = cum_bytes;
2400 /* increase cum_bytes with this packets length */
2401 cum_bytes += fdata->pkt_len;
2415 process_specified_packets(capture_file *cf, packet_range_t *range,
2416 const char *string1, const char *string2, gboolean terminate_is_stop,
2417 gboolean (*callback)(capture_file *, frame_data *,
2418 union wtap_pseudo_header *, const guint8 *, void *),
2419 void *callback_args)
2424 union wtap_pseudo_header pseudo_header;
2425 guint8 pd[WTAP_MAX_PACKET_SIZE+1];
2426 psp_return_t ret = PSP_FINISHED;
2428 progdlg_t *progbar = NULL;
2431 gboolean progbar_stop_flag;
2432 GTimeVal progbar_start_time;
2433 gchar progbar_status_str[100];
2434 int progbar_nextstep;
2435 int progbar_quantum;
2436 range_process_e process_this;
2438 /* Update the progress bar when it gets to this value. */
2439 progbar_nextstep = 0;
2440 /* When we reach the value that triggers a progress bar update,
2441 bump that value by this amount. */
2442 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2443 /* Count of packets at which we've looked. */
2445 /* Progress so far. */
2448 progbar_stop_flag = FALSE;
2449 g_get_current_time(&progbar_start_time);
2451 packet_range_process_init(range);
2453 /* Iterate through the list of packets, printing the packets that
2454 were selected by the current display filter. */
2455 for (fdata = cf->plist_start; fdata != NULL; fdata = fdata->next) {
2456 /* Create the progress bar if necessary.
2457 We check on every iteration of the loop, so that it takes no
2458 longer than the standard time to create it (otherwise, for a
2459 large file, we might take considerably longer than that standard
2460 time in order to get to the next progress bar step). */
2461 if (progbar == NULL)
2462 progbar = delayed_create_progress_dlg(string1, string2,
2465 &progbar_start_time,
2468 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2469 when we update it, we have to run the GTK+ main loop to get it
2470 to repaint what's pending, and doing so may involve an "ioctl()"
2471 to see if there's any pending input from an X server, and doing
2472 that for every packet can be costly, especially on a big file. */
2473 if (progbar_count >= progbar_nextstep) {
2474 /* let's not divide by zero. I should never be started
2475 * with count == 0, so let's assert that
2477 g_assert(cf->count > 0);
2478 progbar_val = (gfloat) progbar_count / cf->count;
2480 if (progbar != NULL) {
2481 g_snprintf(progbar_status_str, sizeof(progbar_status_str),
2482 "%4u of %u packets", progbar_count, cf->count);
2483 update_progress_dlg(progbar, progbar_val, progbar_status_str);
2486 progbar_nextstep += progbar_quantum;
2489 if (progbar_stop_flag) {
2490 /* Well, the user decided to abort the operation. Just stop,
2491 and arrange to return PSP_STOPPED to our caller, so they know
2492 it was stopped explicitly. */
2499 /* do we have to process this packet? */
2500 process_this = packet_range_process_packet(range, fdata);
2501 if (process_this == range_process_next) {
2502 /* this packet uninteresting, continue with next one */
2504 } else if (process_this == range_processing_finished) {
2505 /* all interesting packets processed, stop the loop */
2509 /* Get the packet */
2510 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
2511 pd, fdata->cap_len, &err, &err_info)) {
2512 /* Attempt to get the packet failed. */
2513 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
2514 cf_read_error_message(err, err_info), cf->filename);
2518 /* Process the packet */
2519 if (!callback(cf, fdata, &pseudo_header, pd, callback_args)) {
2520 /* Callback failed. We assume it reported the error appropriately. */
2526 /* We're done printing the packets; destroy the progress bar if
2528 if (progbar != NULL)
2529 destroy_progress_dlg(progbar);
2535 gboolean construct_protocol_tree;
2537 } retap_callback_args_t;
2540 retap_packet(capture_file *cf _U_, frame_data *fdata,
2541 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2544 retap_callback_args_t *args = argsp;
2547 epan_dissect_init(&edt, args->construct_protocol_tree, FALSE);
2548 tap_queue_init(&edt);
2549 epan_dissect_run(&edt, pseudo_header, pd, fdata, args->cinfo);
2550 tap_push_tapped_queue(&edt);
2551 epan_dissect_cleanup(&edt);
2557 cf_retap_packets(capture_file *cf)
2559 packet_range_t range;
2560 retap_callback_args_t callback_args;
2561 gboolean filtering_tap_listeners;
2564 /* Do we have any tap listeners with filters? */
2565 filtering_tap_listeners = have_filtering_tap_listeners();
2567 tap_flags = union_of_tap_listener_flags();
2569 /* If any tap listeners have filters, or require the protocol tree,
2570 construct the protocol tree. */
2571 callback_args.construct_protocol_tree = filtering_tap_listeners ||
2572 (tap_flags & TL_REQUIRES_PROTO_TREE);
2574 /* If any tap listeners require the columns, construct them. */
2575 callback_args.cinfo = (tap_flags & TL_REQUIRES_COLUMNS) ? &cf->cinfo : NULL;
2577 /* Reset the tap listeners. */
2578 reset_tap_listeners();
2580 /* Iterate through the list of packets, dissecting all packets and
2581 re-running the taps. */
2582 packet_range_init(&range);
2583 packet_range_process_init(&range);
2584 switch (process_specified_packets(cf, &range, "Recalculating statistics on",
2585 "all packets", TRUE, retap_packet,
2588 /* Completed successfully. */
2592 /* Well, the user decided to abort the refiltering.
2593 Return CF_READ_ABORTED so our caller knows they did that. */
2594 return CF_READ_ABORTED;
2597 /* Error while retapping. */
2598 return CF_READ_ERROR;
2601 g_assert_not_reached();
2606 print_args_t *print_args;
2607 gboolean print_header_line;
2608 char *header_line_buf;
2609 int header_line_buf_len;
2610 gboolean print_formfeed;
2611 gboolean print_separator;
2615 } print_callback_args_t;
2618 print_packet(capture_file *cf, frame_data *fdata,
2619 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2622 print_callback_args_t *args = argsp;
2629 gboolean proto_tree_needed;
2630 char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
2631 char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
2633 /* Create the protocol tree, and make it visible, if we're printing
2634 the dissection or the hex data.
2635 XXX - do we need it if we're just printing the hex data? */
2637 args->print_args->print_dissections != print_dissections_none || args->print_args->print_hex || have_custom_cols(&cf->cinfo);
2638 epan_dissect_init(&edt, proto_tree_needed, proto_tree_needed);
2640 /* Fill in the column information if we're printing the summary
2642 if (args->print_args->print_summary) {
2643 epan_dissect_run(&edt, pseudo_header, pd, fdata, &cf->cinfo);
2644 epan_dissect_fill_in_columns(&edt, FALSE, TRUE);
2646 epan_dissect_run(&edt, pseudo_header, pd, fdata, NULL);
2648 if (args->print_formfeed) {
2649 if (!new_page(args->print_args->stream))
2652 if (args->print_separator) {
2653 if (!print_line(args->print_args->stream, 0, ""))
2659 * We generate bookmarks, if the output format supports them.
2660 * The name is "__frameN__".
2662 g_snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
2664 if (args->print_args->print_summary) {
2665 if (args->print_header_line) {
2666 if (!print_line(args->print_args->stream, 0, args->header_line_buf))
2668 args->print_header_line = FALSE; /* we might not need to print any more */
2670 cp = &args->line_buf[0];
2672 for (i = 0; i < cf->cinfo.num_cols; i++) {
2673 /* Find the length of the string for this column. */
2674 column_len = (int) strlen(cf->cinfo.col_data[i]);
2675 if (args->col_widths[i] > column_len)
2676 column_len = args->col_widths[i];
2678 /* Make sure there's room in the line buffer for the column; if not,
2679 double its length. */
2680 line_len += column_len + 1; /* "+1" for space */
2681 if (line_len > args->line_buf_len) {
2682 cp_off = (int) (cp - args->line_buf);
2683 args->line_buf_len = 2 * line_len;
2684 args->line_buf = g_realloc(args->line_buf, args->line_buf_len + 1);
2685 cp = args->line_buf + cp_off;
2688 /* Right-justify the packet number column. */
2689 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2690 g_snprintf(cp, column_len+1, "%*s", args->col_widths[i], cf->cinfo.col_data[i]);
2692 g_snprintf(cp, column_len+1, "%-*s", args->col_widths[i], cf->cinfo.col_data[i]);
2694 if (i != cf->cinfo.num_cols - 1)
2700 * Generate a bookmark, using the summary line as the title.
2702 if (!print_bookmark(args->print_args->stream, bookmark_name,
2706 if (!print_line(args->print_args->stream, 0, args->line_buf))
2710 * Generate a bookmark, using "Frame N" as the title, as we're not
2711 * printing the summary line.
2713 g_snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
2714 if (!print_bookmark(args->print_args->stream, bookmark_name,
2717 } /* if (print_summary) */
2719 if (args->print_args->print_dissections != print_dissections_none) {
2720 if (args->print_args->print_summary) {
2721 /* Separate the summary line from the tree with a blank line. */
2722 if (!print_line(args->print_args->stream, 0, ""))
2726 /* Print the information in that tree. */
2727 if (!proto_tree_print(args->print_args, &edt, args->print_args->stream))
2730 /* Print a blank line if we print anything after this (aka more than one packet). */
2731 args->print_separator = TRUE;
2733 /* Print a header line if we print any more packet summaries */
2734 args->print_header_line = TRUE;
2737 if (args->print_args->print_hex) {
2738 /* Print the full packet data as hex. */
2739 if (!print_hex_data(args->print_args->stream, &edt))
2742 /* Print a blank line if we print anything after this (aka more than one packet). */
2743 args->print_separator = TRUE;
2745 /* Print a header line if we print any more packet summaries */
2746 args->print_header_line = TRUE;
2747 } /* if (args->print_args->print_dissections != print_dissections_none) */
2749 epan_dissect_cleanup(&edt);
2751 /* do we want to have a formfeed between each packet from now on? */
2752 if(args->print_args->print_formfeed) {
2753 args->print_formfeed = TRUE;
2759 epan_dissect_cleanup(&edt);
2764 cf_print_packets(capture_file *cf, print_args_t *print_args)
2767 print_callback_args_t callback_args;
2775 callback_args.print_args = print_args;
2776 callback_args.print_header_line = TRUE;
2777 callback_args.header_line_buf = NULL;
2778 callback_args.header_line_buf_len = 256;
2779 callback_args.print_formfeed = FALSE;
2780 callback_args.print_separator = FALSE;
2781 callback_args.line_buf = NULL;
2782 callback_args.line_buf_len = 256;
2783 callback_args.col_widths = NULL;
2785 if (!print_preamble(print_args->stream, cf->filename)) {
2786 destroy_print_stream(print_args->stream);
2787 return CF_PRINT_WRITE_ERROR;
2790 if (print_args->print_summary) {
2791 /* We're printing packet summaries. Allocate the header line buffer
2792 and get the column widths. */
2793 callback_args.header_line_buf = g_malloc(callback_args.header_line_buf_len + 1);
2795 /* Find the widths for each of the columns - maximum of the
2796 width of the title and the width of the data - and construct
2797 a buffer with a line containing the column titles. */
2798 callback_args.col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
2799 cp = &callback_args.header_line_buf[0];
2801 for (i = 0; i < cf->cinfo.num_cols; i++) {
2802 /* Don't pad the last column. */
2803 if (i == cf->cinfo.num_cols - 1)
2804 callback_args.col_widths[i] = 0;
2806 callback_args.col_widths[i] = (gint) strlen(cf->cinfo.col_title[i]);
2807 data_width = get_column_char_width(get_column_format(i));
2808 if (data_width > callback_args.col_widths[i])
2809 callback_args.col_widths[i] = data_width;
2812 /* Find the length of the string for this column. */
2813 column_len = (int) strlen(cf->cinfo.col_title[i]);
2814 if (callback_args.col_widths[i] > column_len)
2815 column_len = callback_args.col_widths[i];
2817 /* Make sure there's room in the line buffer for the column; if not,
2818 double its length. */
2819 line_len += column_len + 1; /* "+1" for space */
2820 if (line_len > callback_args.header_line_buf_len) {
2821 cp_off = (int) (cp - callback_args.header_line_buf);
2822 callback_args.header_line_buf_len = 2 * line_len;
2823 callback_args.header_line_buf = g_realloc(callback_args.header_line_buf,
2824 callback_args.header_line_buf_len + 1);
2825 cp = callback_args.header_line_buf + cp_off;
2828 /* Right-justify the packet number column. */
2829 /* if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2830 g_snprintf(cp, column_len+1, "%*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2832 g_snprintf(cp, column_len+1, "%-*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2834 if (i != cf->cinfo.num_cols - 1)
2839 /* Now start out the main line buffer with the same length as the
2840 header line buffer. */
2841 callback_args.line_buf_len = callback_args.header_line_buf_len;
2842 callback_args.line_buf = g_malloc(callback_args.line_buf_len + 1);
2843 } /* if (print_summary) */
2845 /* Iterate through the list of packets, printing the packets we were
2847 ret = process_specified_packets(cf, &print_args->range, "Printing",
2848 "selected packets", TRUE, print_packet,
2851 g_free(callback_args.header_line_buf);
2852 g_free(callback_args.line_buf);
2853 g_free(callback_args.col_widths);
2858 /* Completed successfully. */
2862 /* Well, the user decided to abort the printing.
2864 XXX - note that what got generated before they did that
2865 will get printed if we're piping to a print program; we'd
2866 have to write to a file and then hand that to the print
2867 program to make it actually not print anything. */
2871 /* Error while printing.
2873 XXX - note that what got generated before they did that
2874 will get printed if we're piping to a print program; we'd
2875 have to write to a file and then hand that to the print
2876 program to make it actually not print anything. */
2877 destroy_print_stream(print_args->stream);
2878 return CF_PRINT_WRITE_ERROR;
2881 if (!print_finale(print_args->stream)) {
2882 destroy_print_stream(print_args->stream);
2883 return CF_PRINT_WRITE_ERROR;
2886 if (!destroy_print_stream(print_args->stream))
2887 return CF_PRINT_WRITE_ERROR;
2893 write_pdml_packet(capture_file *cf _U_, frame_data *fdata,
2894 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2900 /* Create the protocol tree, but don't fill in the column information. */
2901 epan_dissect_init(&edt, TRUE, TRUE);
2902 epan_dissect_run(&edt, pseudo_header, pd, fdata, NULL);
2904 /* Write out the information in that tree. */
2905 proto_tree_write_pdml(&edt, fh);
2907 epan_dissect_cleanup(&edt);
2913 cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
2918 fh = ws_fopen(print_args->file, "w");
2920 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2922 write_pdml_preamble(fh);
2925 return CF_PRINT_WRITE_ERROR;
2928 /* Iterate through the list of packets, printing the packets we were
2930 ret = process_specified_packets(cf, &print_args->range, "Writing PDML",
2931 "selected packets", TRUE,
2932 write_pdml_packet, fh);
2937 /* Completed successfully. */
2941 /* Well, the user decided to abort the printing. */
2945 /* Error while printing. */
2947 return CF_PRINT_WRITE_ERROR;
2950 write_pdml_finale(fh);
2953 return CF_PRINT_WRITE_ERROR;
2956 /* XXX - check for an error */
2963 write_psml_packet(capture_file *cf, frame_data *fdata,
2964 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2969 gboolean proto_tree_needed;
2971 /* Fill in the column information, only create the protocol tree
2972 if having custom columns. */
2973 proto_tree_needed = have_custom_cols(&cf->cinfo);
2974 epan_dissect_init(&edt, proto_tree_needed, proto_tree_needed);
2975 epan_dissect_run(&edt, pseudo_header, pd, fdata, &cf->cinfo);
2976 epan_dissect_fill_in_columns(&edt, FALSE, TRUE);
2978 /* Write out the information in that tree. */
2979 proto_tree_write_psml(&edt, fh);
2981 epan_dissect_cleanup(&edt);
2987 cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
2992 fh = ws_fopen(print_args->file, "w");
2994 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2996 write_psml_preamble(fh);
2999 return CF_PRINT_WRITE_ERROR;
3002 /* Iterate through the list of packets, printing the packets we were
3004 ret = process_specified_packets(cf, &print_args->range, "Writing PSML",
3005 "selected packets", TRUE,
3006 write_psml_packet, fh);
3011 /* Completed successfully. */
3015 /* Well, the user decided to abort the printing. */
3019 /* Error while printing. */
3021 return CF_PRINT_WRITE_ERROR;
3024 write_psml_finale(fh);
3027 return CF_PRINT_WRITE_ERROR;
3030 /* XXX - check for an error */
3037 write_csv_packet(capture_file *cf, frame_data *fdata,
3038 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
3043 gboolean proto_tree_needed;
3045 /* Fill in the column information, only create the protocol tree
3046 if having custom columns. */
3047 proto_tree_needed = have_custom_cols(&cf->cinfo);
3048 epan_dissect_init(&edt, proto_tree_needed, proto_tree_needed);
3049 epan_dissect_run(&edt, pseudo_header, pd, fdata, &cf->cinfo);
3050 epan_dissect_fill_in_columns(&edt, FALSE, TRUE);
3052 /* Write out the information in that tree. */
3053 proto_tree_write_csv(&edt, fh);
3055 epan_dissect_cleanup(&edt);
3061 cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
3066 fh = ws_fopen(print_args->file, "w");
3068 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
3070 write_csv_preamble(fh);
3073 return CF_PRINT_WRITE_ERROR;
3076 /* Iterate through the list of packets, printing the packets we were
3078 ret = process_specified_packets(cf, &print_args->range, "Writing CSV",
3079 "selected packets", TRUE,
3080 write_csv_packet, fh);
3085 /* Completed successfully. */
3089 /* Well, the user decided to abort the printing. */
3093 /* Error while printing. */
3095 return CF_PRINT_WRITE_ERROR;
3098 write_csv_finale(fh);
3101 return CF_PRINT_WRITE_ERROR;
3104 /* XXX - check for an error */
3111 write_carrays_packet(capture_file *cf _U_, frame_data *fdata,
3112 union wtap_pseudo_header *pseudo_header _U_,
3113 const guint8 *pd, void *argsp)
3117 proto_tree_write_carrays(pd, fdata->cap_len, fdata->num, fh);
3122 cf_write_carrays_packets(capture_file *cf, print_args_t *print_args)
3127 fh = ws_fopen(print_args->file, "w");
3130 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
3132 write_carrays_preamble(fh);
3136 return CF_PRINT_WRITE_ERROR;
3139 /* Iterate through the list of packets, printing the packets we were
3141 ret = process_specified_packets(cf, &print_args->range,
3143 "selected packets", TRUE,
3144 write_carrays_packet, fh);
3147 /* Completed successfully. */
3150 /* Well, the user decided to abort the printing. */
3153 /* Error while printing. */
3155 return CF_PRINT_WRITE_ERROR;
3158 write_carrays_finale(fh);
3162 return CF_PRINT_WRITE_ERROR;
3169 #ifndef NEW_PACKET_LIST /* This function is not needed with the new packet list */
3171 /* Scan through the packet list and change all columns that use the
3172 "command-line-specified" time stamp format to use the current
3173 value of that format. */
3175 cf_change_time_formats(capture_file *cf)
3179 progdlg_t *progbar = NULL;
3184 GTimeVal start_time;
3185 gchar status_str[100];
3186 int progbar_nextstep;
3187 int progbar_quantum;
3188 gboolean sorted_by_frame_column;
3190 /* Adjust timestamp precision if auto is selected */
3191 cf_timestamp_auto_precision(cf);
3193 /* Are there any columns with time stamps in the "command-line-specified"
3196 XXX - we have to force the "column is writable" flag on, as it
3197 might be off from the last frame that was dissected. */
3198 col_set_writable(&cf->cinfo, TRUE);
3199 if (!check_col(&cf->cinfo, COL_CLS_TIME) &&
3200 !check_col(&cf->cinfo, COL_ABS_TIME) &&
3201 !check_col(&cf->cinfo, COL_ABS_DATE_TIME) &&
3202 !check_col(&cf->cinfo, COL_REL_TIME) &&
3203 !check_col(&cf->cinfo, COL_DELTA_TIME) &&
3204 !check_col(&cf->cinfo, COL_DELTA_TIME_DIS)) {
3205 /* No, there aren't any columns in that format, so we have no work
3210 /* Freeze the packet list while we redo it, so we don't get any
3211 screen updates while it happens. */
3212 packet_list_freeze();
3214 /* Update the progress bar when it gets to this value. */
3215 progbar_nextstep = 0;
3216 /* When we reach the value that triggers a progress bar update,
3217 bump that value by this amount. */
3218 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
3219 /* Count of packets at which we've looked. */
3221 /* Progress so far. */
3224 /* If the rows are currently sorted by the frame column then we know
3225 * the row number of each packet: it's the row number of the previously
3226 * displayed packet + 1.
3228 * Otherwise, if the display is sorted by a different column then we have
3229 * to use the O(N) packet_list_find_row_from_data() (thus making the job
3230 * of changing the time display format O(N**2)).
3232 * (XXX - In fact it's still O(N**2) because gtk_clist_set_text() takes
3233 * the row number and walks that many elements down the clist to find
3234 * the appropriate element.)
3236 sorted_by_frame_column = FALSE;
3237 for (i = 0; i < cf->cinfo.num_cols; i++) {
3238 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
3240 sorted_by_frame_column = (i == packet_list_get_sort_column());
3246 g_get_current_time(&start_time);
3248 /* Iterate through the list of packets, checking whether the packet
3249 is in a row of the summary list and, if so, whether there are
3250 any columns that show the time in the "command-line-specified"
3251 format and, if so, update that row. */
3252 for (fdata = cf->plist_start, row = -1; fdata != NULL; fdata = fdata->next) {
3253 /* Create the progress bar if necessary.
3254 We check on every iteration of the loop, so that it takes no
3255 longer than the standard time to create it (otherwise, for a
3256 large file, we might take considerably longer than that standard
3257 time in order to get to the next progress bar step). */
3258 if (progbar == NULL)
3259 progbar = delayed_create_progress_dlg("Changing", "time display",
3260 TRUE, &stop_flag, &start_time, progbar_val);
3262 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
3263 when we update it, we have to run the GTK+ main loop to get it
3264 to repaint what's pending, and doing so may involve an "ioctl()"
3265 to see if there's any pending input from an X server, and doing
3266 that for every packet can be costly, especially on a big file. */
3267 if (count >= progbar_nextstep) {
3268 /* let's not divide by zero. I should never be started
3269 * with count == 0, so let's assert that
3271 g_assert(cf->count > 0);
3273 progbar_val = (gfloat) count / cf->count;
3275 if (progbar != NULL) {
3276 g_snprintf(status_str, sizeof(status_str),
3277 "%4u of %u packets", count, cf->count);
3278 update_progress_dlg(progbar, progbar_val, status_str);
3281 progbar_nextstep += progbar_quantum;
3285 /* Well, the user decided to abort the redisplay. Just stop.
3287 XXX - this leaves the time field in the old format in
3288 frames we haven't yet processed. So it goes; should we
3289 simply not offer them the option of stopping? */
3295 /* Find what row this packet is in. */
3296 if (!sorted_by_frame_column) {
3297 /* This function is O(N), so we try to avoid using it... */
3298 row = packet_list_find_row_from_data(fdata);
3300 /* ...which we do by maintaining a count of packets that are
3301 being displayed (i.e., that have passed the display filter),
3302 and using the current value of that count as the row number
3303 (which is why we can only do it when the display is sorted
3304 by the frame number). */
3305 if (fdata->flags.passed_dfilter)
3312 /* This packet is in the summary list, on row "row". */
3314 for (i = 0; i < cf->cinfo.num_cols; i++) {
3315 if (col_has_time_fmt(&cf->cinfo, i)) {
3316 /* This is one of the columns that shows the time in
3317 "command-line-specified" format; update it. */
3318 cf->cinfo.col_buf[i][0] = '\0';
3319 col_set_fmt_time(fdata, &cf->cinfo, cf->cinfo.col_fmt[i], i);
3320 packet_list_set_text(row, i, cf->cinfo.col_data[i]);
3326 /* We're done redisplaying the packets; destroy the progress bar if it
3328 if (progbar != NULL)
3329 destroy_progress_dlg(progbar);
3331 /* Set the column widths of those columns that show the time in
3332 "command-line-specified" format. */
3333 for (i = 0; i < cf->cinfo.num_cols; i++) {
3334 if (col_has_time_fmt(&cf->cinfo, i)) {
3335 packet_list_set_time_width(cf->cinfo.col_fmt[i], i);
3339 /* Unfreeze the packet list. */
3342 #endif /* NEW_PACKET_LIST */
3349 gboolean frame_matched;
3353 cf_find_packet_protocol_tree(capture_file *cf, const char *string)
3357 mdata.string = string;
3358 mdata.string_len = strlen(string);
3359 return find_packet(cf, match_protocol_tree, &mdata);
3363 match_protocol_tree(capture_file *cf, frame_data *fdata, void *criterion)
3365 match_data *mdata = criterion;
3368 /* Construct the protocol tree, including the displayed text */
3369 epan_dissect_init(&edt, TRUE, TRUE);
3370 /* We don't need the column information */
3371 epan_dissect_run(&edt, &cf->pseudo_header, cf->pd, fdata, NULL);
3373 /* Iterate through all the nodes, seeing if they have text that matches. */
3375 mdata->frame_matched = FALSE;
3376 proto_tree_children_foreach(edt.tree, match_subtree_text, mdata);
3377 epan_dissect_cleanup(&edt);
3378 return mdata->frame_matched;
3382 match_subtree_text(proto_node *node, gpointer data)
3384 match_data *mdata = (match_data*) data;
3385 const gchar *string = mdata->string;
3386 size_t string_len = mdata->string_len;
3387 capture_file *cf = mdata->cf;
3388 field_info *fi = PNODE_FINFO(node);
3389 gchar label_str[ITEM_LABEL_LENGTH];
3396 g_assert(fi && "dissection with an invisible proto tree?");
3398 if (mdata->frame_matched) {
3399 /* We already had a match; don't bother doing any more work. */
3403 /* Don't match invisible entries. */
3404 if (PROTO_ITEM_IS_HIDDEN(node))
3407 /* was a free format label produced? */
3409 label_ptr = fi->rep->representation;
3411 /* no, make a generic label */
3412 label_ptr = label_str;
3413 proto_item_fill_label(fi, label_str);
3416 /* Does that label match? */
3417 label_len = strlen(label_ptr);
3418 for (i = 0; i < label_len; i++) {
3419 c_char = label_ptr[i];
3421 c_char = toupper(c_char);
3422 if (c_char == string[c_match]) {
3424 if (c_match == string_len) {
3425 /* No need to look further; we have a match */
3426 mdata->frame_matched = TRUE;
3433 /* Recurse into the subtree, if it exists */
3434 if (node->first_child != NULL)
3435 proto_tree_children_foreach(node, match_subtree_text, mdata);
3439 cf_find_packet_summary_line(capture_file *cf, const char *string)
3443 mdata.string = string;
3444 mdata.string_len = strlen(string);
3445 return find_packet(cf, match_summary_line, &mdata);
3449 match_summary_line(capture_file *cf, frame_data *fdata, void *criterion)
3451 match_data *mdata = criterion;
3452 const gchar *string = mdata->string;
3453 size_t string_len = mdata->string_len;
3455 const char *info_column;
3456 size_t info_column_len;
3457 gboolean frame_matched = FALSE;
3463 /* Don't bother constructing the protocol tree */
3464 epan_dissect_init(&edt, FALSE, FALSE);
3465 /* Get the column information */
3466 epan_dissect_run(&edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
3468 /* Find the Info column */
3469 for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
3470 if (cf->cinfo.fmt_matx[colx][COL_INFO]) {
3471 /* Found it. See if we match. */
3472 info_column = edt.pi.cinfo->col_data[colx];
3473 info_column_len = strlen(info_column);
3474 for (i = 0; i < info_column_len; i++) {
3475 c_char = info_column[i];
3477 c_char = toupper(c_char);
3478 if (c_char == string[c_match]) {
3480 if (c_match == string_len) {
3481 frame_matched = TRUE;
3490 epan_dissect_cleanup(&edt);
3491 return frame_matched;
3497 } cbs_t; /* "Counted byte string" */
3500 cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size)
3505 info.data_len = string_size;
3507 /* String or hex search? */
3509 /* String search - what type of string? */
3510 switch (cf->scs_type) {
3512 case SCS_ASCII_AND_UNICODE:
3513 return find_packet(cf, match_ascii_and_unicode, &info);
3516 return find_packet(cf, match_ascii, &info);
3519 return find_packet(cf, match_unicode, &info);
3522 g_assert_not_reached();
3526 return find_packet(cf, match_binary, &info);
3530 match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
3532 cbs_t *info = criterion;
3533 const guint8 *ascii_text = info->data;
3534 size_t textlen = info->data_len;
3535 gboolean frame_matched;
3541 frame_matched = FALSE;
3542 buf_len = fdata->pkt_len;
3543 for (i = 0; i < buf_len; i++) {
3546 c_char = toupper(c_char);
3548 if (c_char == ascii_text[c_match]) {
3550 if (c_match == textlen) {
3551 frame_matched = TRUE;
3552 cf->search_pos = i; /* Save the position of the last character
3553 for highlighting the field. */
3560 return frame_matched;
3564 match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
3566 cbs_t *info = criterion;
3567 const guint8 *ascii_text = info->data;
3568 size_t textlen = info->data_len;
3569 gboolean frame_matched;
3575 frame_matched = FALSE;
3576 buf_len = fdata->pkt_len;
3577 for (i = 0; i < buf_len; i++) {
3580 c_char = toupper(c_char);
3581 if (c_char == ascii_text[c_match]) {
3583 if (c_match == textlen) {
3584 frame_matched = TRUE;
3585 cf->search_pos = i; /* Save the position of the last character
3586 for highlighting the field. */
3592 return frame_matched;
3596 match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
3598 cbs_t *info = criterion;
3599 const guint8 *ascii_text = info->data;
3600 size_t textlen = info->data_len;
3601 gboolean frame_matched;
3607 frame_matched = FALSE;
3608 buf_len = fdata->pkt_len;
3609 for (i = 0; i < buf_len; i++) {
3612 c_char = toupper(c_char);
3613 if (c_char == ascii_text[c_match]) {
3616 if (c_match == textlen) {
3617 frame_matched = TRUE;
3618 cf->search_pos = i; /* Save the position of the last character
3619 for highlighting the field. */
3625 return frame_matched;
3629 match_binary(capture_file *cf, frame_data *fdata, void *criterion)
3631 cbs_t *info = criterion;
3632 const guint8 *binary_data = info->data;
3633 size_t datalen = info->data_len;
3634 gboolean frame_matched;
3639 frame_matched = FALSE;
3640 buf_len = fdata->pkt_len;
3641 for (i = 0; i < buf_len; i++) {
3642 if (cf->pd[i] == binary_data[c_match]) {
3644 if (c_match == datalen) {
3645 frame_matched = TRUE;
3646 cf->search_pos = i; /* Save the position of the last character
3647 for highlighting the field. */
3653 return frame_matched;
3657 cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode)
3659 return find_packet(cf, match_dfilter, sfcode);
3663 match_dfilter(capture_file *cf, frame_data *fdata, void *criterion)
3665 dfilter_t *sfcode = criterion;
3667 gboolean frame_matched;
3669 epan_dissect_init(&edt, TRUE, FALSE);
3670 epan_dissect_prime_dfilter(&edt, sfcode);
3671 epan_dissect_run(&edt, &cf->pseudo_header, cf->pd, fdata, NULL);
3672 frame_matched = dfilter_apply_edt(sfcode, &edt);
3673 epan_dissect_cleanup(&edt);
3674 return frame_matched;
3678 find_packet(capture_file *cf,
3679 gboolean (*match_function)(capture_file *, frame_data *, void *),
3682 frame_data *start_fd;
3684 frame_data *new_fd = NULL;
3685 progdlg_t *progbar = NULL;
3692 GTimeVal start_time;
3693 gchar status_str[100];
3694 int progbar_nextstep;
3695 int progbar_quantum;
3698 start_fd = cf->current_frame;
3699 if (start_fd != NULL) {
3700 /* Iterate through the list of packets, starting at the packet we've
3701 picked, calling a routine to run the filter on the packet, see if
3702 it matches, and stop if so. */
3706 /* Update the progress bar when it gets to this value. */
3707 progbar_nextstep = 0;
3708 /* When we reach the value that triggers a progress bar update,
3709 bump that value by this amount. */
3710 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
3711 /* Progress so far. */
3715 g_get_current_time(&start_time);
3718 title = cf->sfilter?cf->sfilter:"";
3720 /* Create the progress bar if necessary.
3721 We check on every iteration of the loop, so that it takes no
3722 longer than the standard time to create it (otherwise, for a
3723 large file, we might take considerably longer than that standard
3724 time in order to get to the next progress bar step). */
3725 if (progbar == NULL)
3726 progbar = delayed_create_progress_dlg("Searching", title,
3727 FALSE, &stop_flag, &start_time, progbar_val);
3729 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
3730 when we update it, we have to run the GTK+ main loop to get it
3731 to repaint what's pending, and doing so may involve an "ioctl()"
3732 to see if there's any pending input from an X server, and doing
3733 that for every packet can be costly, especially on a big file. */
3734 if (count >= progbar_nextstep) {
3735 /* let's not divide by zero. I should never be started
3736 * with count == 0, so let's assert that
3738 g_assert(cf->count > 0);
3740 progbar_val = (gfloat) count / cf->count;
3742 if (progbar != NULL) {
3743 g_snprintf(status_str, sizeof(status_str),
3744 "%4u of %u packets", count, cf->count);
3745 update_progress_dlg(progbar, progbar_val, status_str);
3748 progbar_nextstep += progbar_quantum;
3752 /* Well, the user decided to abort the search. Go back to the
3753 frame where we started. */
3758 /* Go past the current frame. */
3759 if (cf->sbackward) {
3760 /* Go on to the previous frame. */
3761 fdata = fdata->prev;
3762 if (fdata == NULL) {
3764 * XXX - other apps have a bit more of a detailed message
3765 * for this, and instead of offering "OK" and "Cancel",
3766 * they offer things such as "Continue" and "Cancel";
3767 * we need an API for popping up alert boxes with
3768 * {Verb} and "Cancel".
3771 if (prefs.gui_find_wrap)
3773 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3774 "%sBeginning of capture exceeded!%s\n\n"
3775 "Search is continued from the end of the capture.",
3776 simple_dialog_primary_start(), simple_dialog_primary_end());
3777 fdata = cf->plist_end; /* wrap around */
3781 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3782 "%sBeginning of capture exceeded!%s\n\n"
3783 "Try searching forwards.",
3784 simple_dialog_primary_start(), simple_dialog_primary_end());
3785 fdata = start_fd; /* stay on previous packet */
3789 /* Go on to the next frame. */
3790 fdata = fdata->next;
3791 if (fdata == NULL) {
3792 if (prefs.gui_find_wrap)
3794 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3795 "%sEnd of capture exceeded!%s\n\n"
3796 "Search is continued from the start of the capture.",
3797 simple_dialog_primary_start(), simple_dialog_primary_end());
3798 fdata = cf->plist_start; /* wrap around */
3802 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3803 "%sEnd of capture exceeded!%s\n\n"
3804 "Try searching backwards.",
3805 simple_dialog_primary_start(), simple_dialog_primary_end());
3806 fdata = start_fd; /* stay on previous packet */
3813 /* Is this packet in the display? */
3814 if (fdata->flags.passed_dfilter) {
3815 /* Yes. Load its data. */
3816 if (!wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
3817 cf->pd, fdata->cap_len, &err, &err_info)) {
3818 /* Read error. Report the error, and go back to the frame
3819 where we started. */
3820 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3821 cf_read_error_message(err, err_info), cf->filename);
3826 /* Does it match the search criterion? */
3827 if ((*match_function)(cf, fdata, criterion)) {
3829 break; /* found it! */
3833 if (fdata == start_fd) {
3834 /* We're back to the frame we were on originally, and that frame
3835 doesn't match the search filter. The search failed. */
3840 /* We're done scanning the packets; destroy the progress bar if it
3842 if (progbar != NULL)
3843 destroy_progress_dlg(progbar);
3846 if (new_fd != NULL) {
3847 #ifdef NEW_PACKET_LIST
3848 /* Find and select */
3849 row = new_packet_list_find_row_from_data(fdata, TRUE);
3851 /* We found a frame. Find what row it's in. */
3852 row = packet_list_find_row_from_data(new_fd);
3853 #endif /* NEW_PACKET_LIST */
3855 /* We didn't find a row even though we know that a frame
3856 * exists that satifies the search criteria. This means that the
3857 * frame isn't being displayed currently so we can't select it. */
3858 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3859 "%sEnd of capture exceeded!%s\n\n"
3860 "The capture file is probably not fully loaded.",
3861 simple_dialog_primary_start(), simple_dialog_primary_end());
3865 #ifndef NEW_PACKET_LIST
3866 /* Select that row, make it the focus row, and make it visible. */
3867 packet_list_set_selected_row(row);
3868 #endif /* NEW_PACKET_LIST */
3869 return TRUE; /* success */
3871 return FALSE; /* failure */
3875 cf_goto_frame(capture_file *cf, guint fnumber)
3880 for (fdata = cf->plist_start; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
3883 if (fdata == NULL) {
3884 /* we didn't find a packet with that packet number */
3885 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3886 "There is no packet with the packet number %u.", fnumber);
3887 return FALSE; /* we failed to go to that packet */
3889 if (!fdata->flags.passed_dfilter) {
3890 /* that packet currently isn't displayed */
3891 /* XXX - add it to the set of displayed packets? */
3892 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3893 "The packet number %u isn't currently being displayed.", fnumber);
3894 return FALSE; /* we failed to go to that packet */
3897 #ifdef NEW_PACKET_LIST
3898 row = new_packet_list_find_row_from_data(fdata, TRUE);
3900 /* We found that packet, and it's currently being displayed.
3901 Find what row it's in. */
3902 row = packet_list_find_row_from_data(fdata);
3903 g_assert(row != -1);
3905 /* Select that row, make it the focus row, and make it visible. */
3906 packet_list_set_selected_row(row);
3907 #endif /* NEW_PACKET_LIST */
3908 return TRUE; /* we got to that packet */
3912 cf_goto_top_frame(capture_file *cf _U_)
3914 #ifdef NEW_PACKET_LIST
3915 /* Find and select */
3916 new_packet_list_select_first_row();
3920 frame_data *lowest_fdata = NULL;
3922 for (fdata = cf->plist_start; fdata != NULL; fdata = fdata->next) {
3923 if (fdata->flags.passed_dfilter) {
3924 lowest_fdata = fdata;
3929 if (lowest_fdata == NULL) {
3933 /* We found that packet, and it's currently being displayed.
3934 Find what row it's in. */
3935 row = packet_list_find_row_from_data(lowest_fdata);
3936 g_assert(row != -1);
3938 /* Select that row, make it the focus row, and make it visible. */
3939 packet_list_set_selected_row(row);
3940 #endif /* NEW_PACKET_LIST */
3941 return TRUE; /* we got to that packet */
3945 cf_goto_bottom_frame(capture_file *cf _U_) /* cf is unused w/ NEW_PACKET_LIST */
3947 #ifdef NEW_PACKET_LIST
3948 /* Find and select */
3949 new_packet_list_select_last_row();
3953 frame_data *highest_fdata = NULL;
3955 for (fdata = cf->plist_start; fdata != NULL; fdata = fdata->next) {
3956 if (fdata->flags.passed_dfilter) {
3957 highest_fdata = fdata;
3961 if (highest_fdata == NULL) {
3965 /* We found that packet, and it's currently being displayed.
3966 Find what row it's in. */
3967 row = packet_list_find_row_from_data(highest_fdata);
3968 g_assert(row != -1);
3970 /* Select that row, make it the focus row, and make it visible. */
3971 packet_list_set_selected_row(row);
3972 #endif /* NEW_PACKET_LIST */
3973 return TRUE; /* we got to that packet */
3977 * Go to frame specified by currently selected protocol tree item.
3980 cf_goto_framenum(capture_file *cf)
3982 header_field_info *hfinfo;
3985 if (cf->finfo_selected) {
3986 hfinfo = cf->finfo_selected->hfinfo;
3988 if (hfinfo->type == FT_FRAMENUM) {
3989 framenum = fvalue_get_uinteger(&cf->finfo_selected->value);
3991 return cf_goto_frame(cf, framenum);
3998 /* Select the packet on a given row. */
4000 cf_select_packet(capture_file *cf, int row)
4006 /* Get the frame data struct pointer for this frame */
4007 #ifdef NEW_PACKET_LIST
4008 fdata = new_packet_list_get_row_data(row);
4010 fdata = (frame_data *)packet_list_get_row_data(row);
4013 if (fdata == NULL) {
4014 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
4015 the first entry is added to it by "real_insert_row()", that row
4016 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
4017 our version and the vanilla GTK+ version).
4019 This means that a "select-row" signal is emitted; this causes
4020 "packet_list_select_cb()" to be called, which causes "cf_select_packet()"
4023 "cf_select_packet()" fetches, above, the data associated with the
4024 row that was selected; however, as "gtk_clist_append()", which
4025 called "real_insert_row()", hasn't yet returned, we haven't yet
4026 associated any data with that row, so we get back a null pointer.
4028 We can't assume that there's only one frame in the frame list,
4029 either, as we may be filtering the display.
4031 We therefore assume that, if "row" is 0, i.e. the first row
4032 is being selected, and "cf->first_displayed" equals
4033 "cf->last_displayed", i.e. there's only one frame being
4034 displayed, that frame is the frame we want.
4036 This means we have to set "cf->first_displayed" and
4037 "cf->last_displayed" before adding the row to the
4038 GtkCList; see the comment in "add_packet_to_packet_list()". */
4040 if (row == 0 && cf->first_displayed == cf->last_displayed)
4041 fdata = cf->first_displayed;
4044 /* If fdata _still_ isn't set simply give up. */
4045 if (fdata == NULL) {
4049 /* Get the data in that frame. */
4050 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
4051 cf->pd, fdata->cap_len, &err, &err_info)) {
4052 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4053 cf_read_error_message(err, err_info), cf->filename);
4057 /* Record that this frame is the current frame. */
4058 cf->current_frame = fdata;
4059 cf->current_row = row;
4061 /* Create the logical protocol tree. */
4062 if (cf->edt != NULL)
4063 epan_dissect_free(cf->edt);
4065 /* We don't need the columns here. */
4066 cf->edt = epan_dissect_new(TRUE, TRUE);
4068 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
4071 dfilter_macro_build_ftv_cache(cf->edt->tree);
4073 cf_callback_invoke(cf_cb_packet_selected, cf);
4076 /* Unselect the selected packet, if any. */
4078 cf_unselect_packet(capture_file *cf)
4080 /* Destroy the epan_dissect_t for the unselected packet. */
4081 if (cf->edt != NULL) {
4082 epan_dissect_free(cf->edt);
4086 /* No packet is selected. */
4087 cf->current_frame = NULL;
4088 cf->current_row = 0;
4090 cf_callback_invoke(cf_cb_packet_unselected, cf);
4092 /* No protocol tree means no selected field. */
4093 cf_unselect_field(cf);
4096 /* Unset the selected protocol tree field, if any. */
4098 cf_unselect_field(capture_file *cf)
4100 cf->finfo_selected = NULL;
4102 cf_callback_invoke(cf_cb_field_unselected, cf);
4106 * Mark a particular frame.
4109 cf_mark_frame(capture_file *cf, frame_data *frame)
4111 if (! frame->flags.marked) {
4112 frame->flags.marked = TRUE;
4113 if (cf->count > cf->marked_count)
4119 * Unmark a particular frame.
4122 cf_unmark_frame(capture_file *cf, frame_data *frame)
4124 if (frame->flags.marked) {
4125 frame->flags.marked = FALSE;
4126 if (cf->marked_count > 0)
4134 } save_callback_args_t;
4137 * Save a capture to a file, in a particular format, saving either
4138 * all packets, all currently-displayed packets, or all marked packets.
4140 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
4141 * up a message box for the failure.
4144 save_packet(capture_file *cf _U_, frame_data *fdata,
4145 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
4148 save_callback_args_t *args = argsp;
4149 struct wtap_pkthdr hdr;
4152 /* init the wtap header for saving */
4153 hdr.ts.secs = fdata->abs_ts.secs;
4154 hdr.ts.nsecs = fdata->abs_ts.nsecs;
4155 hdr.caplen = fdata->cap_len;
4156 hdr.len = fdata->pkt_len;
4157 hdr.pkt_encap = fdata->lnk_t;
4159 /* and save the packet */
4160 if (!wtap_dump(args->pdh, &hdr, pseudo_header, pd, &err)) {
4161 cf_write_failure_alert_box(args->fname, err);
4168 * Can this capture file be saved in any format except by copying the raw data?
4171 cf_can_save_as(capture_file *cf)
4175 for (ft = 0; ft < WTAP_NUM_FILE_TYPES; ft++) {
4176 /* To save a file with Wiretap, Wiretap has to handle that format,
4177 and its code to handle that format must be able to write a file
4178 with this file's encapsulation type. */
4179 if (wtap_dump_can_open(ft) && wtap_dump_can_write_encap(ft, cf->lnk_t)) {
4180 /* OK, we can write it out in this type. */
4185 /* No, we couldn't save it in any format. */
4190 cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed)
4192 gchar *from_filename;
4196 save_callback_args_t callback_args;
4198 cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname);
4200 /* don't write over an existing file. */
4201 /* this should've been already checked by our caller, just to be sure... */
4202 if (file_exists(fname)) {
4203 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4204 "%sCapture file: \"%s\" already exists!%s\n\n"
4205 "Please choose a different filename.",
4206 simple_dialog_primary_start(), fname, simple_dialog_primary_end());
4210 packet_range_process_init(range);
4213 if (packet_range_process_all(range) && save_format == cf->cd_t) {
4214 /* We're not filtering packets, and we're saving it in the format
4215 it's already in, so we can just move or copy the raw data. */
4217 if (cf->is_tempfile) {
4218 /* The file being saved is a temporary file from a live
4219 capture, so it doesn't need to stay around under that name;
4220 first, try renaming the capture buffer file to the new name. */
4222 if (ws_rename(cf->filename, fname) == 0) {
4223 /* That succeeded - there's no need to copy the source file. */
4224 from_filename = NULL;
4227 if (errno == EXDEV) {
4228 /* They're on different file systems, so we have to copy the
4231 from_filename = cf->filename;
4233 /* The rename failed, but not because they're on different
4234 file systems - put up an error message. (Or should we
4235 just punt and try to copy? The only reason why I'd
4236 expect the rename to fail and the copy to succeed would
4237 be if we didn't have permission to remove the file from
4238 the temporary directory, and that might be fixable - but
4239 is it worth requiring the user to go off and fix it?) */
4240 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4241 file_rename_error_message(errno), fname);
4247 from_filename = cf->filename;
4250 /* It's a permanent file, so we should copy it, and not remove the
4253 from_filename = cf->filename;
4257 /* Copy the file, if we haven't moved it. */
4258 if (!copy_file_binary_mode(from_filename, fname))
4262 /* Either we're filtering packets, or we're saving in a different
4263 format; we can't do that by copying or moving the capture file,
4264 we have to do it by writing the packets out in Wiretap. */
4265 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap,
4268 cf_open_failure_alert_box(fname, err, NULL, TRUE, save_format);
4272 /* XXX - we let the user save a subset of the packets.
4274 If we do that, should we make that file the current file? If so,
4275 it means we can no longer get at the other packets. What does
4278 /* Iterate through the list of packets, processing the packets we were
4281 XXX - we've already called "packet_range_process_init(range)", but
4282 "process_specified_packets()" will do it again. Fortunately,
4283 that's harmless in this case, as we haven't done anything to
4284 "range" since we initialized it. */
4285 callback_args.pdh = pdh;
4286 callback_args.fname = fname;
4287 switch (process_specified_packets(cf, range, "Saving", "selected packets",
4288 TRUE, save_packet, &callback_args)) {
4291 /* Completed successfully. */
4295 /* The user decided to abort the saving.
4296 XXX - remove the output file? */
4300 /* Error while saving. */
4301 wtap_dump_close(pdh, &err);
4305 if (!wtap_dump_close(pdh, &err)) {
4306 cf_close_failure_alert_box(fname, err);
4311 cf_callback_invoke(cf_cb_file_safe_finished, NULL);
4313 if (packet_range_process_all(range)) {
4314 /* We saved the entire capture, not just some packets from it.
4315 Open and read the file we saved it to.
4317 XXX - this is somewhat of a waste; we already have the
4318 packets, all this gets us is updated file type information
4319 (which we could just stuff into "cf"), and having the new
4320 file be the one we have opened and from which we're reading
4321 the data, and it means we have to spend time opening and
4322 reading the file, which could be a significant amount of
4323 time if the file is large. */
4324 cf->user_saved = TRUE;
4326 if ((cf_open(cf, fname, FALSE, &err)) == CF_OK) {
4327 /* XXX - report errors if this fails?
4328 What should we return if it fails or is aborted? */
4329 switch (cf_read(cf)) {
4333 /* Just because we got an error, that doesn't mean we were unable
4334 to read any of the file; we handle what we could get from the
4338 case CF_READ_ABORTED:
4339 /* The user bailed out of re-reading the capture file; the
4340 capture file has been closed - just return (without
4341 changing any menu settings; "cf_close()" set them
4342 correctly for the "no capture file open" state). */
4345 cf_callback_invoke(cf_cb_file_safe_reload_finished, NULL);
4351 cf_callback_invoke(cf_cb_file_safe_failed, NULL);
4356 cf_open_failure_alert_box(const char *filename, int err, gchar *err_info,
4357 gboolean for_writing, int file_type)
4360 /* Wiretap error. */
4363 case WTAP_ERR_NOT_REGULAR_FILE:
4364 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4365 "The file \"%s\" is a \"special file\" or socket or other non-regular file.",
4369 case WTAP_ERR_RANDOM_OPEN_PIPE:
4370 /* Seen only when opening a capture file for reading. */
4371 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4372 "The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.",
4376 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
4377 /* Seen only when opening a capture file for reading. */
4378 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4379 "The file \"%s\" isn't a capture file in a format Wireshark understands.",
4383 case WTAP_ERR_UNSUPPORTED:
4384 /* Seen only when opening a capture file for reading. */
4385 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4386 "The file \"%s\" isn't a capture file in a format Wireshark understands.\n"
4388 filename, err_info);
4392 case WTAP_ERR_CANT_WRITE_TO_PIPE:
4393 /* Seen only when opening a capture file for writing. */
4394 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4395 "The file \"%s\" is a pipe, and %s capture files can't be "
4396 "written to a pipe.",
4397 filename, wtap_file_type_string(file_type));
4400 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
4401 /* Seen only when opening a capture file for writing. */
4402 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4403 "Wireshark doesn't support writing capture files in that format.");
4406 case WTAP_ERR_UNSUPPORTED_ENCAP:
4408 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4409 "Wireshark can't save this capture in that format.");
4411 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4412 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.\n"
4414 filename, err_info);
4419 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
4421 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4422 "Wireshark can't save this capture in that format.");
4424 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4425 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
4430 case WTAP_ERR_BAD_RECORD:
4431 /* Seen only when opening a capture file for reading. */
4432 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4433 "The file \"%s\" appears to be damaged or corrupt.\n"
4435 filename, err_info);
4439 case WTAP_ERR_CANT_OPEN:
4441 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4442 "The file \"%s\" could not be created for some unknown reason.",
4445 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4446 "The file \"%s\" could not be opened for some unknown reason.",
4451 case WTAP_ERR_SHORT_READ:
4452 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4453 "The file \"%s\" appears to have been cut short"
4454 " in the middle of a packet or other data.",
4458 case WTAP_ERR_SHORT_WRITE:
4459 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4460 "A full header couldn't be written to the file \"%s\".",
4464 case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
4465 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4466 "Gzip compression not supported by this file type.");
4470 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4471 "The file \"%s\" could not be %s: %s.",
4473 for_writing ? "created" : "opened",
4474 wtap_strerror(err));
4479 open_failure_alert_box(filename, err, for_writing);
4484 file_rename_error_message(int err)
4487 static char errmsg_errno[1024+1];
4492 errmsg = "The path to the file \"%s\" doesn't exist.";
4496 errmsg = "You don't have permission to move the capture file to \"%s\".";
4500 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4501 "The file \"%%s\" could not be moved: %s.",
4502 wtap_strerror(err));
4503 errmsg = errmsg_errno;
4510 cf_read_error_message(int err, gchar *err_info)
4512 static char errmsg_errno[1024+1];
4516 case WTAP_ERR_UNSUPPORTED_ENCAP:
4517 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4518 "The file \"%%s\" has a packet with a network type that Wireshark doesn't support.\n(%s)",
4523 case WTAP_ERR_BAD_RECORD:
4524 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4525 "An error occurred while reading from the file \"%%s\": %s.\n(%s)",
4526 wtap_strerror(err), err_info);
4531 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
4532 "An error occurred while reading from the file \"%%s\": %s.",
4533 wtap_strerror(err));
4536 return errmsg_errno;
4540 cf_write_failure_alert_box(const char *filename, int err)
4543 /* Wiretap error. */
4544 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4545 "An error occurred while writing to the file \"%s\": %s.",
4546 filename, wtap_strerror(err));
4549 write_failure_alert_box(filename, err);
4553 /* Check for write errors - if the file is being written to an NFS server,
4554 a write error may not show up until the file is closed, as NFS clients
4555 might not send writes to the server until the "write()" call finishes,
4556 so that the write may fail on the server but the "write()" may succeed. */
4558 cf_close_failure_alert_box(const char *filename, int err)
4561 /* Wiretap error. */
4564 case WTAP_ERR_CANT_CLOSE:
4565 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4566 "The file \"%s\" couldn't be closed for some unknown reason.",
4570 case WTAP_ERR_SHORT_WRITE:
4571 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4572 "Not all the packets could be written to the file \"%s\".",
4577 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
4578 "An error occurred while closing the file \"%s\": %s.",
4579 filename, wtap_strerror(err));
4584 We assume that a close error from the OS is really a write error. */
4585 write_failure_alert_box(filename, err);
4589 /* Reload the current capture file. */
4591 cf_reload(capture_file *cf) {
4593 gboolean is_tempfile;
4596 /* If the file could be opened, "cf_open()" calls "cf_close()"
4597 to get rid of state for the old capture file before filling in state
4598 for the new capture file. "cf_close()" will remove the file if
4599 it's a temporary file; we don't want that to happen (for one thing,
4600 it'd prevent subsequent reopens from working). Remember whether it's
4601 a temporary file, mark it as not being a temporary file, and then
4602 reopen it as the type of file it was.
4604 Also, "cf_close()" will free "cf->filename", so we must make
4605 a copy of it first. */
4606 filename = g_strdup(cf->filename);
4607 is_tempfile = cf->is_tempfile;
4608 cf->is_tempfile = FALSE;
4609 if (cf_open(cf, filename, is_tempfile, &err) == CF_OK) {
4610 switch (cf_read(cf)) {
4614 /* Just because we got an error, that doesn't mean we were unable
4615 to read any of the file; we handle what we could get from the
4619 case CF_READ_ABORTED:
4620 /* The user bailed out of re-reading the capture file; the
4621 capture file has been closed - just free the capture file name
4622 string and return (without changing the last containing
4628 /* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
4629 Instead, the file was left open, so we should restore "cf->is_tempfile"
4632 XXX - change the menu? Presumably "cf_open()" will do that;
4633 make sure it does! */
4634 cf->is_tempfile = is_tempfile;
4636 /* "cf_open()" made a copy of the file name we handed it, so
4637 we should free up our copy. */