6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
46 #ifdef NEED_STRERROR_H
50 #include <epan/epan.h>
51 #include <epan/filesystem.h>
54 #include "color_filters.h"
56 #include <epan/column.h>
57 #include <epan/packet.h>
58 #include "packet-range.h"
64 #include "alert_box.h"
65 #include "simple_dialog.h"
66 #include "progress_dlg.h"
68 #include <epan/prefs.h>
69 #include <epan/dfilter/dfilter.h>
70 #include <epan/conversation.h>
71 #include <epan/epan_dissect.h>
73 #include "stat_menu.h"
74 #include "tap_dfilter_dlg.h"
75 #include <epan/dissectors/packet-data.h>
76 #include <epan/dissectors/packet-ber.h>
77 #include <epan/timestamp.h>
78 #include <epan/dfilter/dfilter-macro.h>
79 #include "file_util.h"
84 gboolean auto_scroll_live;
87 static nstime_t first_ts;
88 static nstime_t prev_dis_ts;
89 static guint32 cum_bytes = 0;
91 static void cf_reset_state(capture_file *cf);
93 static int read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset);
95 static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
96 gboolean refilter, gboolean redissect);
98 static gboolean match_protocol_tree(capture_file *cf, frame_data *fdata,
100 static void match_subtree_text(proto_node *node, gpointer data);
101 static gboolean match_summary_line(capture_file *cf, frame_data *fdata,
103 static gboolean match_ascii_and_unicode(capture_file *cf, frame_data *fdata,
105 static gboolean match_ascii(capture_file *cf, frame_data *fdata,
107 static gboolean match_unicode(capture_file *cf, frame_data *fdata,
109 static gboolean match_binary(capture_file *cf, frame_data *fdata,
111 static gboolean match_dfilter(capture_file *cf, frame_data *fdata,
113 static gboolean find_packet(capture_file *cf,
114 gboolean (*match_function)(capture_file *, frame_data *, void *),
117 static void cf_open_failure_alert_box(const char *filename, int err,
118 gchar *err_info, gboolean for_writing,
120 static const char *file_rename_error_message(int err);
121 static void cf_write_failure_alert_box(const char *filename, int err);
122 static void cf_close_failure_alert_box(const char *filename, int err);
123 static gboolean copy_binary_file(const char *from_filename, const char *to_filename);
125 /* Update the progress bar this many times when reading a file. */
126 #define N_PROGBAR_UPDATES 100
128 /* Number of "frame_data" structures per memory chunk.
129 XXX - is this the right number? */
130 #define FRAME_DATA_CHUNK_SIZE 1024
133 /* one callback for now, we could have a list later */
134 static cf_callback_t cf_cb = NULL;
135 static gpointer cf_cb_user_data = NULL;
138 cf_callback_invoke(int event, gpointer data)
140 g_assert(cf_cb != NULL);
141 cf_cb(event, data, cf_cb_user_data);
146 cf_callback_add(cf_callback_t func, gpointer user_data)
148 /* More than one callback listener is currently not implemented,
149 but should be easy to do. */
150 g_assert(cf_cb == NULL);
152 cf_cb_user_data = user_data;
156 cf_callback_remove(cf_callback_t func _U_)
158 g_assert(cf_cb != NULL);
160 cf_cb_user_data = NULL;
164 cf_timestamp_auto_precision(capture_file *cf)
166 int prec = timestamp_get_precision();
169 /* don't try to get the file's precision if none is opened */
170 if(cf->state == FILE_CLOSED) {
174 /* if we are in auto mode, set precision of current file */
175 if(prec == TS_PREC_AUTO ||
176 prec == TS_PREC_AUTO_SEC ||
177 prec == TS_PREC_AUTO_DSEC ||
178 prec == TS_PREC_AUTO_CSEC ||
179 prec == TS_PREC_AUTO_MSEC ||
180 prec == TS_PREC_AUTO_USEC ||
181 prec == TS_PREC_AUTO_NSEC)
183 switch(wtap_file_tsprecision(cf->wth)) {
184 case(WTAP_FILE_TSPREC_SEC):
185 timestamp_set_precision(TS_PREC_AUTO_SEC);
187 case(WTAP_FILE_TSPREC_DSEC):
188 timestamp_set_precision(TS_PREC_AUTO_DSEC);
190 case(WTAP_FILE_TSPREC_CSEC):
191 timestamp_set_precision(TS_PREC_AUTO_CSEC);
193 case(WTAP_FILE_TSPREC_MSEC):
194 timestamp_set_precision(TS_PREC_AUTO_MSEC);
196 case(WTAP_FILE_TSPREC_USEC):
197 timestamp_set_precision(TS_PREC_AUTO_USEC);
199 case(WTAP_FILE_TSPREC_NSEC):
200 timestamp_set_precision(TS_PREC_AUTO_NSEC);
203 g_assert_not_reached();
210 cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
215 wth = wtap_open_offline(fname, err, &err_info, TRUE);
219 /* The open succeeded. Close whatever capture file we had open,
220 and fill in the information for this file. */
223 /* Initialize all data structures used for dissection. */
226 /* We're about to start reading the file. */
227 cf->state = FILE_READ_IN_PROGRESS;
232 /* Set the file name because we need it to set the follow stream filter.
233 XXX - is that still true? We need it for other reasons, though,
235 cf->filename = g_strdup(fname);
237 /* Indicate whether it's a permanent or temporary file. */
238 cf->is_tempfile = is_tempfile;
240 /* If it's a temporary capture buffer file, mark it as not saved. */
241 cf->user_saved = !is_tempfile;
243 cf->cd_t = wtap_file_type(cf->wth);
245 cf->displayed_count = 0;
246 cf->marked_count = 0;
247 cf->drops_known = FALSE;
249 cf->snap = wtap_snapshot_length(cf->wth);
251 /* Snapshot length not known. */
252 cf->has_snap = FALSE;
253 cf->snap = WTAP_MAX_PACKET_SIZE;
256 nstime_set_zero(&cf->elapsed_time);
257 nstime_set_unset(&first_ts);
258 nstime_set_unset(&prev_dis_ts);
260 cf->plist_chunk = g_mem_chunk_new("frame_data_chunk",
262 FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
264 g_assert(cf->plist_chunk);
266 /* change the time formats now, as we might have a new precision */
267 cf_change_time_formats(cf);
269 fileset_file_opened(fname);
271 if(cf->cd_t == WTAP_FILE_BER) {
272 /* tell the BER dissector the file name */
273 ber_set_filename(cf->filename);
279 cf_open_failure_alert_box(fname, *err, err_info, FALSE, 0);
285 * Reset the state for the currently closed file, but don't do the
286 * UI callbacks; this is for use in "cf_open()", where we don't
287 * want the UI to go from "file open" to "file closed" back to
288 * "file open", we want it to go from "old file open" to "new file
289 * open and being read".
292 cf_reset_state(capture_file *cf)
294 /* Die if we're in the middle of reading a file. */
295 g_assert(cf->state != FILE_READ_IN_PROGRESS);
301 /* We have no file open... */
302 if (cf->filename != NULL) {
303 /* If it's a temporary file, remove it. */
305 eth_unlink(cf->filename);
306 g_free(cf->filename);
309 /* ...which means we have nothing to save. */
310 cf->user_saved = FALSE;
312 if (cf->plist_chunk != NULL) {
313 g_mem_chunk_destroy(cf->plist_chunk);
314 cf->plist_chunk = NULL;
316 if (cf->rfcode != NULL) {
317 dfilter_free(cf->rfcode);
321 cf->plist_end = NULL;
322 cf_unselect_packet(cf); /* nothing to select */
323 cf->first_displayed = NULL;
324 cf->last_displayed = NULL;
326 /* No frame selected, no field in that frame selected. */
327 cf->current_frame = NULL;
328 cf->finfo_selected = NULL;
330 /* Clear the packet list. */
331 packet_list_freeze();
337 nstime_set_zero(&cf->elapsed_time);
339 reset_tap_listeners();
341 /* We have no file open. */
342 cf->state = FILE_CLOSED;
344 fileset_file_closed();
347 /* Reset everything to a pristine state */
349 cf_close(capture_file *cf)
351 /* do GUI things even if file is already closed,
352 * e.g. to cleanup things if a capture couldn't be started */
353 cf_callback_invoke(cf_cb_file_closing, cf);
355 /* close things, if not already closed before */
356 if(cf->state != FILE_CLOSED) {
358 color_filters_cleanup();
362 cleanup_dissection();
365 cf_callback_invoke(cf_cb_file_closed, cf);
368 /* an out of memory exception occured, wait for a user button press to exit */
369 void outofmemory_cb(gpointer dialog _U_, gint btn _U_, gpointer data _U_)
375 cf_read(capture_file *cf)
379 const gchar *name_ptr;
381 char errmsg_errno[1024+1];
382 gchar err_str[2048+1];
384 progdlg_t *volatile progbar = NULL;
386 volatile gint64 size;
388 volatile float progbar_val;
390 gchar status_str[100];
391 volatile gint64 progbar_nextstep;
392 volatile gint64 progbar_quantum;
395 /* Compile the current display filter.
396 * We assume this will not fail since cf->dfilter is only set in
397 * cf_filter IFF the filter was valid.
401 dfilter_compile(cf->dfilter, &dfcode);
406 reset_tap_listeners();
407 tap_dfilter_dlg_update();
409 cf_callback_invoke(cf_cb_file_read_start, cf);
411 name_ptr = get_basename(cf->filename);
413 /* Find the size of the file. */
414 size = wtap_file_size(cf->wth, NULL);
416 /* Update the progress bar when it gets to this value. */
417 progbar_nextstep = 0;
418 /* When we reach the value that triggers a progress bar update,
419 bump that value by this amount. */
421 progbar_quantum = size/N_PROGBAR_UPDATES;
424 /* Progress so far. */
427 packet_list_freeze();
430 g_get_current_time(&start_time);
432 while ((wtap_read(cf->wth, &err, &err_info, &data_offset))) {
434 /* Create the progress bar if necessary.
435 We check on every iteration of the loop, so that it takes no
436 longer than the standard time to create it (otherwise, for a
437 large file, we might take considerably longer than that standard
438 time in order to get to the next progress bar step). */
439 if (progbar == NULL) {
440 progbar = delayed_create_progress_dlg("Loading", name_ptr,
441 TRUE, &stop_flag, &start_time, progbar_val);
444 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
445 when we update it, we have to run the GTK+ main loop to get it
446 to repaint what's pending, and doing so may involve an "ioctl()"
447 to see if there's any pending input from an X server, and doing
448 that for every packet can be costly, especially on a big file. */
449 if (data_offset >= progbar_nextstep) {
450 file_pos = wtap_read_so_far(cf->wth, NULL);
451 progbar_val = (gfloat) file_pos / (gfloat) size;
452 if (progbar_val > 1.0) {
453 /* The file probably grew while we were reading it.
454 Update file size, and try again. */
455 size = wtap_file_size(cf->wth, NULL);
457 progbar_val = (gfloat) file_pos / (gfloat) size;
458 /* If it's still > 1, either "wtap_file_size()" failed (in which
459 case there's not much we can do about it), or the file
460 *shrank* (in which case there's not much we can do about
461 it); just clip the progress value at 1.0. */
462 if (progbar_val > 1.0)
465 if (progbar != NULL) {
466 /* update the packet lists content on the first run or frequently on very large files */
467 /* (on smaller files the display update takes longer than reading the file) */
469 if(progbar_quantum > 500000 || progbar_nextstep == 0) {
471 if (auto_scroll_live && cf->plist_end != NULL)
472 packet_list_moveto_end();
473 packet_list_freeze();
477 g_snprintf(status_str, sizeof(status_str),
478 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
479 file_pos / 1024, size / 1024);
480 update_progress_dlg(progbar, progbar_val, status_str);
482 progbar_nextstep += progbar_quantum;
487 /* Well, the user decided to abort the read. He/She will be warned and
488 it might be enough for him/her to work with the already loaded
490 This is especially true for very large capture files, where you don't
491 want to wait loading the whole file (which may last minutes or even
492 hours even on fast machines) just to see that it was the wrong file. */
496 read_packet(cf, dfcode, data_offset);
498 CATCH(OutOfMemoryError) {
501 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
502 "%sOut Of Memory!%s\n"
504 "Sorry, but Wireshark has to terminate now!\n"
506 "Some infos / workarounds can be found at:\n"
507 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
508 simple_dialog_primary_start(), simple_dialog_primary_end());
509 /* we have to terminate, as we cannot recover from the memory error */
510 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
512 main_window_update();
513 /* XXX - how to avoid a busy wait? */
521 /* Cleanup and release all dfilter resources */
523 dfilter_free(dfcode);
526 /* We're done reading the file; destroy the progress bar if it was created. */
528 destroy_progress_dlg(progbar);
530 /* We're done reading sequentially through the file. */
531 cf->state = FILE_READ_DONE;
533 /* Close the sequential I/O side, to free up memory it requires. */
534 wtap_sequential_close(cf->wth);
536 /* Allow the protocol dissectors to free up memory that they
537 * don't need after the sequential run-through of the packets. */
538 postseq_cleanup_all_protocols();
540 /* Set the file encapsulation type now; we don't know what it is until
541 we've looked at all the packets, as we don't know until then whether
542 there's more than one type (and thus whether it's
543 WTAP_ENCAP_PER_PACKET). */
544 cf->lnk_t = wtap_file_encap(cf->wth);
546 cf->current_frame = cf->first_displayed;
549 cf_callback_invoke(cf_cb_file_read_finished, cf);
551 /* If we have any displayed packets to select, select the first of those
552 packets by making the first row the selected row. */
553 if (cf->first_displayed != NULL)
554 packet_list_select_row(0);
557 simple_dialog(ESD_TYPE_WARN, ESD_BTN_OK,
558 "%sFile loading was cancelled!%s\n"
560 "The remaining packets in the file were discarded.\n"
562 "As a lot of packets from the original file will be missing,\n"
563 "remember to be careful when saving the current content to a file.\n",
564 simple_dialog_primary_start(), simple_dialog_primary_end());
565 return CF_READ_ERROR;
569 /* Put up a message box noting that the read failed somewhere along
570 the line. Don't throw out the stuff we managed to read, though,
574 case WTAP_ERR_UNSUPPORTED_ENCAP:
575 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
576 "The capture file has a packet with a network type that Wireshark doesn't support.\n(%s)",
579 errmsg = errmsg_errno;
582 case WTAP_ERR_CANT_READ:
583 errmsg = "An attempt to read from the capture file failed for"
584 " some unknown reason.";
587 case WTAP_ERR_SHORT_READ:
588 errmsg = "The capture file appears to have been cut short"
589 " in the middle of a packet.";
592 case WTAP_ERR_BAD_RECORD:
593 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
594 "The capture file appears to be damaged or corrupt.\n(%s)",
597 errmsg = errmsg_errno;
601 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
602 "An error occurred while reading the"
603 " capture file: %s.", wtap_strerror(err));
604 errmsg = errmsg_errno;
607 g_snprintf(err_str, sizeof err_str, errmsg);
608 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, err_str);
609 return CF_READ_ERROR;
616 cf_start_tail(capture_file *cf, const char *fname, gboolean is_tempfile, int *err)
618 cf_status_t cf_status;
620 cf_status = cf_open(cf, fname, is_tempfile, err);
625 cf_continue_tail(capture_file *cf, volatile int to_read, int *err)
627 gint64 data_offset = 0;
629 volatile int newly_displayed_packets = 0;
632 /* Compile the current display filter.
633 * We assume this will not fail since cf->dfilter is only set in
634 * cf_filter IFF the filter was valid.
638 dfilter_compile(cf->dfilter, &dfcode);
643 packet_list_check_end();
644 packet_list_freeze();
646 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: %u new: %u", cf->count, to_read);*/
648 while (to_read != 0 && (wtap_read(cf->wth, err, &err_info, &data_offset))) {
649 if (cf->state == FILE_READ_ABORTED) {
650 /* Well, the user decided to exit Wireshark. Break out of the
651 loop, and let the code below (which is called even if there
652 aren't any packets left to read) exit. */
656 if (read_packet(cf, dfcode, data_offset) != -1) {
657 newly_displayed_packets++;
660 CATCH(OutOfMemoryError) {
663 dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
664 "%sOut Of Memory!%s\n"
666 "Sorry, but Wireshark has to terminate now!\n"
668 "The capture file is not lost, it can be found at:\n"
671 "Some infos / workarounds can be found at:\n"
672 "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
673 simple_dialog_primary_start(), simple_dialog_primary_end(), cf->filename);
674 /* we have to terminate, as we cannot recover from the memory error */
675 simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
677 main_window_update();
678 /* XXX - how to avoid a busy wait? */
682 return CF_READ_ABORTED;
688 /* Cleanup and release all dfilter resources */
690 dfilter_free(dfcode);
693 /*g_log(NULL, G_LOG_LEVEL_MESSAGE, "cf_continue_tail: count %u state: %u err: %u",
694 cf->count, cf->state, *err);*/
696 /* XXX - this causes "flickering" of the list */
699 /* moving to the end of the packet list - if the user requested so and
700 we have some new packets.
701 this doesn't seem to work well with a frozen GTK_Clist, so do this after
702 packet_list_thaw() is done, see bugzilla 1188 */
703 /* XXX - this cheats and looks inside the packet list to find the final
705 if (newly_displayed_packets && auto_scroll_live && cf->plist_end != NULL)
706 packet_list_moveto_end();
708 if (cf->state == FILE_READ_ABORTED) {
709 /* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
710 so that our caller can kill off the capture child process;
711 this will cause an EOF on the pipe from the child, so
712 "cf_finish_tail()" will be called, and it will clean up
714 return CF_READ_ABORTED;
715 } else if (*err != 0) {
716 /* We got an error reading the capture file.
717 XXX - pop up a dialog box instead? */
718 g_warning("Error \"%s\" while reading: \"%s\"\n",
719 wtap_strerror(*err), cf->filename);
721 return CF_READ_ERROR;
727 cf_finish_tail(capture_file *cf, int *err)
733 /* Compile the current display filter.
734 * We assume this will not fail since cf->dfilter is only set in
735 * cf_filter IFF the filter was valid.
739 dfilter_compile(cf->dfilter, &dfcode);
742 if(cf->wth == NULL) {
744 return CF_READ_ERROR;
747 packet_list_check_end();
748 packet_list_freeze();
750 while ((wtap_read(cf->wth, err, &err_info, &data_offset))) {
751 if (cf->state == FILE_READ_ABORTED) {
752 /* Well, the user decided to abort the read. Break out of the
753 loop, and let the code below (which is called even if there
754 aren't any packets left to read) exit. */
757 read_packet(cf, dfcode, data_offset);
760 /* Cleanup and release all dfilter resources */
762 dfilter_free(dfcode);
767 if (cf->state == FILE_READ_ABORTED) {
768 /* Well, the user decided to abort the read. We're only called
769 when the child capture process closes the pipe to us (meaning
770 it's probably exited), so we can just close the capture
771 file; we return CF_READ_ABORTED so our caller can do whatever
772 is appropriate when that happens. */
774 return CF_READ_ABORTED;
777 if (auto_scroll_live && cf->plist_end != NULL)
778 /* XXX - this cheats and looks inside the packet list to find the final
780 packet_list_moveto_end();
782 /* We're done reading sequentially through the file. */
783 cf->state = FILE_READ_DONE;
785 /* We're done reading sequentially through the file; close the
786 sequential I/O side, to free up memory it requires. */
787 wtap_sequential_close(cf->wth);
789 /* Allow the protocol dissectors to free up memory that they
790 * don't need after the sequential run-through of the packets. */
791 postseq_cleanup_all_protocols();
793 /* Set the file encapsulation type now; we don't know what it is until
794 we've looked at all the packets, as we don't know until then whether
795 there's more than one type (and thus whether it's
796 WTAP_ENCAP_PER_PACKET). */
797 cf->lnk_t = wtap_file_encap(cf->wth);
800 /* We got an error reading the capture file.
801 XXX - pop up a dialog box? */
802 return CF_READ_ERROR;
807 #endif /* HAVE_LIBPCAP */
810 cf_get_display_name(capture_file *cf)
812 const gchar *displayname;
814 /* Return a name to use in displays */
815 if (!cf->is_tempfile) {
816 /* Get the last component of the file name, and use that. */
818 displayname = get_basename(cf->filename);
820 displayname="(No file)";
823 /* The file we read is a temporary file from a live capture;
824 we don't mention its name. */
825 displayname = "(Untitled)";
830 /* XXX - use a macro instead? */
832 cf_get_packet_count(capture_file *cf)
837 /* XXX - use a macro instead? */
839 cf_set_packet_count(capture_file *cf, int packet_count)
841 cf->count = packet_count;
844 /* XXX - use a macro instead? */
846 cf_is_tempfile(capture_file *cf)
848 return cf->is_tempfile;
851 void cf_set_tempfile(capture_file *cf, gboolean is_tempfile)
853 cf->is_tempfile = is_tempfile;
857 /* XXX - use a macro instead? */
858 void cf_set_drops_known(capture_file *cf, gboolean drops_known)
860 cf->drops_known = drops_known;
863 /* XXX - use a macro instead? */
864 void cf_set_drops(capture_file *cf, guint32 drops)
869 /* XXX - use a macro instead? */
870 gboolean cf_get_drops_known(capture_file *cf)
872 return cf->drops_known;
875 /* XXX - use a macro instead? */
876 guint32 cf_get_drops(capture_file *cf)
881 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
887 add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
889 union wtap_pseudo_header *pseudo_header, const guchar *buf,
893 gboolean create_proto_tree = FALSE;
896 /* just add some value here until we know if it is being displayed or not */
897 fdata->cum_bytes = cum_bytes + fdata->pkt_len;
899 /* If we don't have the time stamp of the first packet in the
900 capture, it's because this is the first packet. Save the time
901 stamp of this packet as the time stamp of the first packet. */
902 if (nstime_is_unset(&first_ts)) {
903 first_ts = fdata->abs_ts;
905 /* if this frames is marked as a reference time frame, reset
906 firstsec and firstusec to this frame */
907 if(fdata->flags.ref_time){
908 first_ts = fdata->abs_ts;
911 /* If we don't have the time stamp of the previous displayed packet,
912 it's because this is the first displayed packet. Save the time
913 stamp of this packet as the time stamp of the previous displayed
915 if (nstime_is_unset(&prev_dis_ts)) {
916 prev_dis_ts = fdata->abs_ts;
919 /* Get the time elapsed between the first packet and this packet. */
920 nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
922 /* If it's greater than the current elapsed time, set the elapsed time
923 to it (we check for "greater than" so as not to be confused by
924 time moving backwards). */
925 if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs
926 || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
927 cf->elapsed_time = fdata->rel_ts;
930 /* Get the time elapsed between the previous displayed packet and
932 nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
936 we have a display filter and are re-applying it;
938 we have a list of color filters;
940 we have tap listeners;
942 allocate a protocol tree root node, so that we'll construct
943 a protocol tree against which a filter expression can be
945 if ((dfcode != NULL && refilter) || color_filters_used()
946 || num_tap_filters != 0)
947 create_proto_tree = TRUE;
949 /* Dissect the frame. */
950 edt = epan_dissect_new(create_proto_tree, FALSE);
952 if (dfcode != NULL && refilter) {
953 epan_dissect_prime_dfilter(edt, dfcode);
955 /* prepare color filters */
956 if (color_filters_used()) {
957 color_filters_prime_edt(edt);
960 epan_dissect_run(edt, pseudo_header, buf, fdata, &cf->cinfo);
961 tap_push_tapped_queue(edt);
963 /* If we have a display filter, apply it if we're refiltering, otherwise
964 leave the "passed_dfilter" flag alone.
966 If we don't have a display filter, set "passed_dfilter" to 1. */
967 if (dfcode != NULL) {
969 fdata->flags.passed_dfilter = dfilter_apply_edt(dfcode, edt) ? 1 : 0;
972 fdata->flags.passed_dfilter = 1;
974 if( (fdata->flags.passed_dfilter)
975 || (edt->pi.fd->flags.ref_time) ){
976 /* This frame either passed the display filter list or is marked as
977 a time reference frame. All time reference frames are displayed
978 even if they dont pass the display filter */
979 /* if this was a TIME REF frame we should reset the cul bytes field */
980 if(edt->pi.fd->flags.ref_time){
981 cum_bytes = fdata->pkt_len;
982 fdata->cum_bytes = cum_bytes;
985 /* increase cum_bytes with this packets length */
986 cum_bytes += fdata->pkt_len;
988 epan_dissect_fill_in_columns(edt);
990 /* If we haven't yet seen the first frame, this is it.
992 XXX - we must do this before we add the row to the display,
993 as, if the display's GtkCList's selection mode is
994 GTK_SELECTION_BROWSE, when the first entry is added to it,
995 "cf_select_packet()" will be called, and it will fetch the row
996 data for the 0th row, and will get a null pointer rather than
997 "fdata", as "gtk_clist_append()" won't yet have returned and
998 thus "gtk_clist_set_row_data()" won't yet have been called.
1000 We thus need to leave behind bread crumbs so that
1001 "cf_select_packet()" can find this frame. See the comment
1002 in "cf_select_packet()". */
1003 if (cf->first_displayed == NULL)
1004 cf->first_displayed = fdata;
1006 /* This is the last frame we've seen so far. */
1007 cf->last_displayed = fdata;
1009 row = packet_list_append(cf->cinfo.col_data, fdata);
1011 /* colorize packet: first apply color filters
1012 * then if packet is marked, use preferences to overwrite color
1013 * we do both to make sure that when a packet gets un-marked, the
1014 * color will be correctly set (fixes bug 2038)
1016 fdata->color_filter = color_filters_colorize_packet(row, edt);
1017 if (fdata->flags.marked) {
1018 packet_list_set_colors(row, &prefs.gui_marked_fg, &prefs.gui_marked_bg);
1021 /* Set the time of the previous displayed frame to the time of this
1023 prev_dis_ts = fdata->abs_ts;
1025 cf->displayed_count++;
1027 /* This frame didn't pass the display filter, so it's not being added
1028 to the clist, and thus has no row. */
1031 epan_dissect_free(edt);
1035 /* read in a new packet */
1036 /* returns the row of the new packet in the packet list or -1 if not displayed */
1038 read_packet(capture_file *cf, dfilter_t *dfcode, gint64 offset)
1040 const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
1041 union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
1042 const guchar *buf = wtap_buf_ptr(cf->wth);
1045 frame_data *plist_end;
1046 epan_dissect_t *edt;
1049 /* Allocate the next list entry, and add it to the list. */
1050 fdata = g_mem_chunk_alloc(cf->plist_chunk);
1056 fdata->pkt_len = phdr->len;
1057 fdata->cap_len = phdr->caplen;
1058 fdata->file_off = offset;
1059 fdata->lnk_t = phdr->pkt_encap;
1060 fdata->flags.encoding = CHAR_ASCII;
1061 fdata->flags.visited = 0;
1062 fdata->flags.marked = 0;
1063 fdata->flags.ref_time = 0;
1064 fdata->color_filter = NULL;
1066 fdata->abs_ts.secs = phdr->ts.secs;
1067 fdata->abs_ts.nsecs = phdr->ts.nsecs;
1069 if (cf->plist_end != NULL)
1070 nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &cf->plist_end->abs_ts);
1072 nstime_set_zero(&fdata->del_cap_ts);
1076 edt = epan_dissect_new(TRUE, FALSE);
1077 epan_dissect_prime_dfilter(edt, cf->rfcode);
1078 epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
1079 passed = dfilter_apply_edt(cf->rfcode, edt);
1080 epan_dissect_free(edt);
1083 plist_end = cf->plist_end;
1084 fdata->prev = plist_end;
1085 if (plist_end != NULL)
1086 plist_end->next = fdata;
1089 cf->plist_end = fdata;
1092 cf->f_datalen = offset + phdr->caplen;
1093 fdata->num = cf->count;
1094 row = add_packet_to_packet_list(fdata, cf, dfcode, pseudo_header, buf, TRUE);
1096 /* XXX - if we didn't have read filters, or if we could avoid
1097 allocating the "frame_data" structure until we knew whether
1098 the frame passed the read filter, we could use a G_ALLOC_ONLY
1101 ...but, at least in one test I did, where I just made the chunk
1102 a G_ALLOC_ONLY chunk and read in a huge capture file, it didn't
1103 seem to save a noticeable amount of time or space. */
1104 g_mem_chunk_free(cf->plist_chunk, fdata);
1111 cf_merge_files(char **out_filenamep, int in_file_count,
1112 char *const *in_filenames, int file_type, gboolean do_append)
1114 merge_in_file_t *in_files;
1117 char tmpname[128+1];
1120 int open_err, read_err, write_err, close_err;
1124 char errmsg_errno[1024+1];
1125 gchar err_str[2048+1];
1127 gboolean got_read_error = FALSE, got_write_error = FALSE;
1129 progdlg_t *progbar = NULL;
1131 gint64 f_len, file_pos;
1133 GTimeVal start_time;
1134 gchar status_str[100];
1135 gint64 progbar_nextstep;
1136 gint64 progbar_quantum;
1138 /* open the input files */
1139 if (!merge_open_in_files(in_file_count, in_filenames, &in_files,
1140 &open_err, &err_info, &err_fileno)) {
1142 cf_open_failure_alert_box(in_filenames[err_fileno], open_err, err_info,
1147 if (*out_filenamep != NULL) {
1148 out_filename = *out_filenamep;
1149 out_fd = eth_open(out_filename, O_CREAT|O_TRUNC|O_BINARY, 0600);
1153 out_fd = create_tempfile(tmpname, sizeof tmpname, "ether");
1156 out_filename = g_strdup(tmpname);
1157 *out_filenamep = out_filename;
1161 merge_close_in_files(in_file_count, in_files);
1163 cf_open_failure_alert_box(out_filename, open_err, NULL, TRUE, file_type);
1167 pdh = wtap_dump_fdopen(out_fd, file_type,
1168 merge_select_frame_type(in_file_count, in_files),
1169 merge_max_snapshot_length(in_file_count, in_files),
1170 FALSE /* compressed */, &open_err);
1173 merge_close_in_files(in_file_count, in_files);
1175 cf_open_failure_alert_box(out_filename, open_err, err_info, TRUE,
1180 /* Get the sum of the sizes of all the files. */
1182 for (i = 0; i < in_file_count; i++)
1183 f_len += in_files[i].size;
1185 /* Update the progress bar when it gets to this value. */
1186 progbar_nextstep = 0;
1187 /* When we reach the value that triggers a progress bar update,
1188 bump that value by this amount. */
1189 progbar_quantum = f_len/N_PROGBAR_UPDATES;
1190 /* Progress so far. */
1194 g_get_current_time(&start_time);
1196 /* do the merge (or append) */
1199 wth = merge_append_read_packet(in_file_count, in_files, &read_err,
1202 wth = merge_read_packet(in_file_count, in_files, &read_err,
1206 got_read_error = TRUE;
1210 /* Get the sum of the data offsets in all of the files. */
1212 for (i = 0; i < in_file_count; i++)
1213 data_offset += in_files[i].data_offset;
1215 /* Create the progress bar if necessary.
1216 We check on every iteration of the loop, so that it takes no
1217 longer than the standard time to create it (otherwise, for a
1218 large file, we might take considerably longer than that standard
1219 time in order to get to the next progress bar step). */
1220 if (progbar == NULL) {
1221 progbar = delayed_create_progress_dlg("Merging", "files",
1222 FALSE, &stop_flag, &start_time, progbar_val);
1225 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1226 when we update it, we have to run the GTK+ main loop to get it
1227 to repaint what's pending, and doing so may involve an "ioctl()"
1228 to see if there's any pending input from an X server, and doing
1229 that for every packet can be costly, especially on a big file. */
1230 if (data_offset >= progbar_nextstep) {
1231 /* Get the sum of the seek positions in all of the files. */
1233 for (i = 0; i < in_file_count; i++)
1234 file_pos += wtap_read_so_far(in_files[i].wth, NULL);
1235 progbar_val = (gfloat) file_pos / (gfloat) f_len;
1236 if (progbar_val > 1.0) {
1237 /* Some file probably grew while we were reading it.
1238 That "shouldn't happen", so we'll just clip the progress
1242 if (progbar != NULL) {
1243 g_snprintf(status_str, sizeof(status_str),
1244 "%" G_GINT64_MODIFIER "dKB of %" G_GINT64_MODIFIER "dKB",
1245 file_pos / 1024, f_len / 1024);
1246 update_progress_dlg(progbar, progbar_val, status_str);
1248 progbar_nextstep += progbar_quantum;
1252 /* Well, the user decided to abort the merge. */
1256 if (!wtap_dump(pdh, wtap_phdr(wth), wtap_pseudoheader(wth),
1257 wtap_buf_ptr(wth), &write_err)) {
1258 got_write_error = TRUE;
1263 /* We're done merging the files; destroy the progress bar if it was created. */
1264 if (progbar != NULL)
1265 destroy_progress_dlg(progbar);
1267 merge_close_in_files(in_file_count, in_files);
1268 if (!got_read_error && !got_write_error) {
1269 if (!wtap_dump_close(pdh, &write_err))
1270 got_write_error = TRUE;
1272 wtap_dump_close(pdh, &close_err);
1274 if (got_read_error) {
1276 * Find the file on which we got the error, and report the error.
1278 for (i = 0; i < in_file_count; i++) {
1279 if (in_files[i].state == GOT_ERROR) {
1280 /* Put up a message box noting that a read failed somewhere along
1284 case WTAP_ERR_UNSUPPORTED_ENCAP:
1285 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1286 "The capture file %%s has a packet with a network type that Wireshark doesn't support.\n(%s)",
1289 errmsg = errmsg_errno;
1292 case WTAP_ERR_CANT_READ:
1293 errmsg = "An attempt to read from the capture file %s failed for"
1294 " some unknown reason.";
1297 case WTAP_ERR_SHORT_READ:
1298 errmsg = "The capture file %s appears to have been cut short"
1299 " in the middle of a packet.";
1302 case WTAP_ERR_BAD_RECORD:
1303 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1304 "The capture file %%s appears to be damaged or corrupt.\n(%s)",
1307 errmsg = errmsg_errno;
1311 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
1312 "An error occurred while reading the"
1313 " capture file %%s: %s.", wtap_strerror(read_err));
1314 errmsg = errmsg_errno;
1317 g_snprintf(err_str, sizeof err_str, errmsg, in_files[i].filename);
1318 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, err_str);
1323 if (got_write_error) {
1324 /* Put up an alert box for the write error. */
1325 cf_write_failure_alert_box(out_filename, write_err);
1328 if (got_read_error || got_write_error || stop_flag) {
1329 /* Callers aren't expected to treat an error or an explicit abort
1330 differently - we put up error dialogs ourselves, so they don't
1338 cf_filter_packets(capture_file *cf, gchar *dftext, gboolean force)
1340 const char *filter_new = dftext ? dftext : "";
1341 const char *filter_old = cf->dfilter ? cf->dfilter : "";
1344 /* if new filter equals old one, do nothing unless told to do so */
1345 if (!force && strcmp(filter_new, filter_old) == 0) {
1351 if (dftext == NULL) {
1352 /* The new filter is an empty filter (i.e., display all packets).
1353 * so leave dfcode==NULL
1357 * We have a filter; make a copy of it (as we'll be saving it),
1358 * and try to compile it.
1360 dftext = g_strdup(dftext);
1361 if (!dfilter_compile(dftext, &dfcode)) {
1362 /* The attempt failed; report an error. */
1363 gchar *safe_dftext = simple_dialog_format_message(dftext);
1364 gchar *safe_dfilter_error_msg = simple_dialog_format_message(
1366 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1369 "The following display filter isn't a valid display filter:\n%s\n"
1370 "See the help for a description of the display filter syntax.",
1371 simple_dialog_primary_start(), safe_dfilter_error_msg,
1372 simple_dialog_primary_end(), safe_dftext);
1373 g_free(safe_dfilter_error_msg);
1374 g_free(safe_dftext);
1380 if (dfcode == NULL) {
1381 /* Yes - free the filter text, and set it to null. */
1387 /* We have a valid filter. Replace the current filter. */
1388 if (cf->dfilter != NULL)
1389 g_free(cf->dfilter);
1390 cf->dfilter = dftext;
1392 /* Now rescan the packet list, applying the new filter, but not
1393 throwing away information constructed on a previous pass. */
1394 if (dftext == NULL) {
1395 rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
1397 rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
1400 /* Cleanup and release all dfilter resources */
1401 if (dfcode != NULL){
1402 dfilter_free(dfcode);
1408 cf_colorize_packets(capture_file *cf)
1410 rescan_packets(cf, "Colorizing", "all packets", FALSE, FALSE);
1414 cf_reftime_packets(capture_file *cf)
1416 rescan_packets(cf, "Updating Reftime", "all packets", FALSE, FALSE);
1420 cf_redissect_packets(capture_file *cf)
1422 rescan_packets(cf, "Reprocessing", "all packets", TRUE, TRUE);
1425 /* Rescan the list of packets, reconstructing the CList.
1427 "action" describes why we're doing this; it's used in the progress
1430 "action_item" describes what we're doing; it's used in the progress
1433 "refilter" is TRUE if we need to re-evaluate the filter expression.
1435 "redissect" is TRUE if we need to make the dissectors reconstruct
1436 any state information they have (because a preference that affects
1437 some dissector has changed, meaning some dissector might construct
1438 its state differently from the way it was constructed the last time). */
1440 rescan_packets(capture_file *cf, const char *action, const char *action_item,
1441 gboolean refilter, gboolean redissect)
1444 progdlg_t *progbar = NULL;
1449 frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
1450 int selected_row, prev_row, preceding_row, following_row;
1451 gboolean selected_frame_seen;
1454 GTimeVal start_time;
1455 gchar status_str[100];
1456 int progbar_nextstep;
1457 int progbar_quantum;
1460 /* Compile the current display filter.
1461 * We assume this will not fail since cf->dfilter is only set in
1462 * cf_filter IFF the filter was valid.
1466 dfilter_compile(cf->dfilter, &dfcode);
1470 reset_tap_listeners();
1471 /* Which frame, if any, is the currently selected frame?
1472 XXX - should the selected frame or the focus frame be the "current"
1473 frame, that frame being the one from which "Find Frame" searches
1475 selected_frame = cf->current_frame;
1477 /* We don't yet know what row that frame will be on, if any, after we
1478 rebuild the clist, however. */
1482 /* We need to re-initialize all the state information that protocols
1483 keep, because some preference that controls a dissector has changed,
1484 which might cause the state information to be constructed differently
1485 by that dissector. */
1487 /* Initialize all data structures used for dissection. */
1491 /* Freeze the packet list while we redo it, so we don't get any
1492 screen updates while it happens. */
1493 packet_list_freeze();
1496 packet_list_clear();
1498 /* We don't yet know which will be the first and last frames displayed. */
1499 cf->first_displayed = NULL;
1500 cf->last_displayed = NULL;
1502 /* We currently don't display any packets */
1503 cf->displayed_count = 0;
1505 /* Iterate through the list of frames. Call a routine for each frame
1506 to check whether it should be displayed and, if so, add it to
1507 the display list. */
1508 nstime_set_unset(&first_ts);
1509 nstime_set_unset(&prev_dis_ts);
1511 /* Update the progress bar when it gets to this value. */
1512 progbar_nextstep = 0;
1513 /* When we reach the value that triggers a progress bar update,
1514 bump that value by this amount. */
1515 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1516 /* Count of packets at which we've looked. */
1518 /* Progress so far. */
1522 g_get_current_time(&start_time);
1524 row = -1; /* no previous row yet */
1529 preceding_frame = NULL;
1531 following_frame = NULL;
1533 selected_frame_seen = FALSE;
1535 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1536 /* Create the progress bar if necessary.
1537 We check on every iteration of the loop, so that it takes no
1538 longer than the standard time to create it (otherwise, for a
1539 large file, we might take considerably longer than that standard
1540 time in order to get to the next progress bar step). */
1541 if (progbar == NULL)
1542 progbar = delayed_create_progress_dlg(action, action_item, TRUE,
1543 &stop_flag, &start_time,
1546 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1547 when we update it, we have to run the GTK+ main loop to get it
1548 to repaint what's pending, and doing so may involve an "ioctl()"
1549 to see if there's any pending input from an X server, and doing
1550 that for every packet can be costly, especially on a big file. */
1551 if (count >= progbar_nextstep) {
1552 /* let's not divide by zero. I should never be started
1553 * with count == 0, so let's assert that
1555 g_assert(cf->count > 0);
1556 progbar_val = (gfloat) count / cf->count;
1558 if (progbar != NULL) {
1559 g_snprintf(status_str, sizeof(status_str),
1560 "%4u of %u frames", count, cf->count);
1561 update_progress_dlg(progbar, progbar_val, status_str);
1564 progbar_nextstep += progbar_quantum;
1568 /* Well, the user decided to abort the filtering. Just stop.
1570 XXX - go back to the previous filter? Users probably just
1571 want not to wait for a filtering operation to finish;
1572 unless we cancel by having no filter, reverting to the
1573 previous filter will probably be even more expensive than
1574 continuing the filtering, as it involves going back to the
1575 beginning and filtering, and even with no filter we currently
1576 have to re-generate the entire clist, which is also expensive.
1578 I'm not sure what Network Monitor does, but it doesn't appear
1579 to give you an unfiltered display if you cancel. */
1586 /* Since all state for the frame was destroyed, mark the frame
1587 * as not visited, free the GSList referring to the state
1588 * data (the per-frame data itself was freed by
1589 * "init_dissection()"), and null out the GSList pointer. */
1590 fdata->flags.visited = 0;
1592 g_slist_free(fdata->pfd);
1597 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
1598 cf->pd, fdata->cap_len, &err, &err_info)) {
1599 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1600 cf_read_error_message(err, err_info), cf->filename);
1604 /* If the previous frame is displayed, and we haven't yet seen the
1605 selected frame, remember that frame - it's the closest one we've
1606 yet seen before the selected frame. */
1607 if (prev_row != -1 && !selected_frame_seen) {
1608 preceding_row = prev_row;
1609 preceding_frame = prev_frame;
1611 row = add_packet_to_packet_list(fdata, cf, dfcode, &cf->pseudo_header, cf->pd,
1614 /* If this frame is displayed, and this is the first frame we've
1615 seen displayed after the selected frame, remember this frame -
1616 it's the closest one we've yet seen at or after the selected
1618 if (row != -1 && selected_frame_seen && following_row == -1) {
1619 following_row = row;
1620 following_frame = fdata;
1622 if (fdata == selected_frame) {
1624 selected_frame_seen = TRUE;
1627 /* Remember this row/frame - it'll be the previous row/frame
1628 on the next pass through the loop. */
1633 /* Re-sort the list using the previously selected order */
1634 packet_list_set_sort_column();
1637 /* Clear out what remains of the visited flags and per-frame data
1640 XXX - that may cause various forms of bogosity when dissecting
1641 these frames, as they won't have been seen by this sequential
1642 pass, but the only alternative I see is to keep scanning them
1643 even though the user requested that the scan stop, and that
1644 would leave the user stuck with an Wireshark grinding on
1645 until it finishes. Should we just stick them with that? */
1646 for (; fdata != NULL; fdata = fdata->next) {
1647 fdata->flags.visited = 0;
1649 g_slist_free(fdata->pfd);
1655 /* We're done filtering the packets; destroy the progress bar if it
1657 if (progbar != NULL)
1658 destroy_progress_dlg(progbar);
1660 /* Unfreeze the packet list. */
1663 if (selected_row == -1) {
1664 /* The selected frame didn't pass the filter. */
1665 if (selected_frame == NULL) {
1666 /* That's because there *was* no selected frame. Make the first
1667 displayed frame the current frame. */
1670 /* Find the nearest displayed frame to the selected frame (whether
1671 it's before or after that frame) and make that the current frame.
1672 If the next and previous displayed frames are equidistant from the
1673 selected frame, choose the next one. */
1674 g_assert(following_frame == NULL ||
1675 following_frame->num >= selected_frame->num);
1676 g_assert(preceding_frame == NULL ||
1677 preceding_frame->num <= selected_frame->num);
1678 if (following_frame == NULL) {
1679 /* No frame after the selected frame passed the filter, so we
1680 have to select the last displayed frame before the selected
1682 selected_row = preceding_row;
1683 } else if (preceding_frame == NULL) {
1684 /* No frame before the selected frame passed the filter, so we
1685 have to select the first displayed frame after the selected
1687 selected_row = following_row;
1689 /* Frames before and after the selected frame passed the filter, so
1690 we'll select the previous frame */
1691 selected_row = preceding_row;
1696 if (selected_row == -1) {
1697 /* There are no frames displayed at all. */
1698 cf_unselect_packet(cf);
1700 /* Either the frame that was selected passed the filter, or we've
1701 found the nearest displayed frame to that frame. Select it, make
1702 it the focus row, and make it visible. */
1703 packet_list_set_selected_row(selected_row);
1706 /* Cleanup and release all dfilter resources */
1707 if (dfcode != NULL){
1708 dfilter_free(dfcode);
1719 process_specified_packets(capture_file *cf, packet_range_t *range,
1720 const char *string1, const char *string2, gboolean terminate_is_stop,
1721 gboolean (*callback)(capture_file *, frame_data *,
1722 union wtap_pseudo_header *, const guint8 *, void *),
1723 void *callback_args)
1728 union wtap_pseudo_header pseudo_header;
1729 guint8 pd[WTAP_MAX_PACKET_SIZE+1];
1730 psp_return_t ret = PSP_FINISHED;
1732 progdlg_t *progbar = NULL;
1735 gboolean progbar_stop_flag;
1736 GTimeVal progbar_start_time;
1737 gchar progbar_status_str[100];
1738 int progbar_nextstep;
1739 int progbar_quantum;
1740 range_process_e process_this;
1742 /* Update the progress bar when it gets to this value. */
1743 progbar_nextstep = 0;
1744 /* When we reach the value that triggers a progress bar update,
1745 bump that value by this amount. */
1746 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
1747 /* Count of packets at which we've looked. */
1749 /* Progress so far. */
1752 progbar_stop_flag = FALSE;
1753 g_get_current_time(&progbar_start_time);
1755 packet_range_process_init(range);
1757 /* Iterate through the list of packets, printing the packets that
1758 were selected by the current display filter. */
1759 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
1760 /* Create the progress bar if necessary.
1761 We check on every iteration of the loop, so that it takes no
1762 longer than the standard time to create it (otherwise, for a
1763 large file, we might take considerably longer than that standard
1764 time in order to get to the next progress bar step). */
1765 if (progbar == NULL)
1766 progbar = delayed_create_progress_dlg(string1, string2,
1769 &progbar_start_time,
1772 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
1773 when we update it, we have to run the GTK+ main loop to get it
1774 to repaint what's pending, and doing so may involve an "ioctl()"
1775 to see if there's any pending input from an X server, and doing
1776 that for every packet can be costly, especially on a big file. */
1777 if (progbar_count >= progbar_nextstep) {
1778 /* let's not divide by zero. I should never be started
1779 * with count == 0, so let's assert that
1781 g_assert(cf->count > 0);
1782 progbar_val = (gfloat) progbar_count / cf->count;
1784 if (progbar != NULL) {
1785 g_snprintf(progbar_status_str, sizeof(progbar_status_str),
1786 "%4u of %u packets", progbar_count, cf->count);
1787 update_progress_dlg(progbar, progbar_val, progbar_status_str);
1790 progbar_nextstep += progbar_quantum;
1793 if (progbar_stop_flag) {
1794 /* Well, the user decided to abort the operation. Just stop,
1795 and arrange to return PSP_STOPPED to our caller, so they know
1796 it was stopped explicitly. */
1803 /* do we have to process this packet? */
1804 process_this = packet_range_process_packet(range, fdata);
1805 if (process_this == range_process_next) {
1806 /* this packet uninteresting, continue with next one */
1808 } else if (process_this == range_processing_finished) {
1809 /* all interesting packets processed, stop the loop */
1813 /* Get the packet */
1814 if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
1815 pd, fdata->cap_len, &err, &err_info)) {
1816 /* Attempt to get the packet failed. */
1817 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
1818 cf_read_error_message(err, err_info), cf->filename);
1822 /* Process the packet */
1823 if (!callback(cf, fdata, &pseudo_header, pd, callback_args)) {
1824 /* Callback failed. We assume it reported the error appropriately. */
1830 /* We're done printing the packets; destroy the progress bar if
1832 if (progbar != NULL)
1833 destroy_progress_dlg(progbar);
1839 retap_packet(capture_file *cf _U_, frame_data *fdata,
1840 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1843 column_info *cinfo = argsp;
1844 epan_dissect_t *edt;
1846 /* If we have tap listeners, allocate a protocol tree root node, so that
1847 we'll construct a protocol tree against which a filter expression can
1849 edt = epan_dissect_new(num_tap_filters != 0, FALSE);
1850 tap_queue_init(edt);
1851 epan_dissect_run(edt, pseudo_header, pd, fdata, cinfo);
1852 tap_push_tapped_queue(edt);
1853 epan_dissect_free(edt);
1859 cf_retap_packets(capture_file *cf, gboolean do_columns)
1861 packet_range_t range;
1863 /* Reset the tap listeners. */
1864 reset_tap_listeners();
1866 /* Iterate through the list of packets, dissecting all packets and
1867 re-running the taps. */
1868 packet_range_init(&range);
1869 packet_range_process_init(&range);
1870 switch (process_specified_packets(cf, &range, "Refiltering statistics on",
1871 "all packets", TRUE, retap_packet,
1872 do_columns ? &cf->cinfo : NULL)) {
1874 /* Completed successfully. */
1878 /* Well, the user decided to abort the refiltering.
1879 Return CF_READ_ABORTED so our caller knows they did that. */
1880 return CF_READ_ABORTED;
1883 /* Error while retapping. */
1884 return CF_READ_ERROR;
1887 g_assert_not_reached();
1892 print_args_t *print_args;
1893 gboolean print_header_line;
1894 char *header_line_buf;
1895 int header_line_buf_len;
1896 gboolean print_formfeed;
1897 gboolean print_separator;
1901 } print_callback_args_t;
1904 print_packet(capture_file *cf, frame_data *fdata,
1905 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
1908 print_callback_args_t *args = argsp;
1909 epan_dissect_t *edt;
1915 gboolean proto_tree_needed;
1916 char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
1917 char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
1919 /* Create the protocol tree, and make it visible, if we're printing
1920 the dissection or the hex data.
1921 XXX - do we need it if we're just printing the hex data? */
1923 args->print_args->print_dissections != print_dissections_none || args->print_args->print_hex;
1924 edt = epan_dissect_new(proto_tree_needed, proto_tree_needed);
1926 /* Fill in the column information if we're printing the summary
1928 if (args->print_args->print_summary) {
1929 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
1930 epan_dissect_fill_in_columns(edt);
1932 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
1934 if (args->print_formfeed) {
1935 if (!new_page(args->print_args->stream))
1938 if (args->print_separator) {
1939 if (!print_line(args->print_args->stream, 0, ""))
1945 * We generate bookmarks, if the output format supports them.
1946 * The name is "__frameN__".
1948 g_snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
1950 if (args->print_args->print_summary) {
1951 if (args->print_header_line) {
1952 if (!print_line(args->print_args->stream, 0, args->header_line_buf))
1954 args->print_header_line = FALSE; /* we might not need to print any more */
1956 cp = &args->line_buf[0];
1958 for (i = 0; i < cf->cinfo.num_cols; i++) {
1959 /* Find the length of the string for this column. */
1960 column_len = strlen(cf->cinfo.col_data[i]);
1961 if (args->col_widths[i] > column_len)
1962 column_len = args->col_widths[i];
1964 /* Make sure there's room in the line buffer for the column; if not,
1965 double its length. */
1966 line_len += column_len + 1; /* "+1" for space */
1967 if (line_len > args->line_buf_len) {
1968 cp_off = cp - args->line_buf;
1969 args->line_buf_len = 2 * line_len;
1970 args->line_buf = g_realloc(args->line_buf, args->line_buf_len + 1);
1971 cp = args->line_buf + cp_off;
1974 /* Right-justify the packet number column. */
1975 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
1976 sprintf(cp, "%*s", args->col_widths[i], cf->cinfo.col_data[i]);
1978 sprintf(cp, "%-*s", args->col_widths[i], cf->cinfo.col_data[i]);
1980 if (i != cf->cinfo.num_cols - 1)
1986 * Generate a bookmark, using the summary line as the title.
1988 if (!print_bookmark(args->print_args->stream, bookmark_name,
1992 if (!print_line(args->print_args->stream, 0, args->line_buf))
1996 * Generate a bookmark, using "Frame N" as the title, as we're not
1997 * printing the summary line.
1999 g_snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
2000 if (!print_bookmark(args->print_args->stream, bookmark_name,
2003 } /* if (print_summary) */
2005 if (args->print_args->print_dissections != print_dissections_none) {
2006 if (args->print_args->print_summary) {
2007 /* Separate the summary line from the tree with a blank line. */
2008 if (!print_line(args->print_args->stream, 0, ""))
2012 /* Print the information in that tree. */
2013 if (!proto_tree_print(args->print_args, edt, args->print_args->stream))
2016 /* Print a blank line if we print anything after this (aka more than one packet). */
2017 args->print_separator = TRUE;
2019 /* Print a header line if we print any more packet summaries */
2020 args->print_header_line = TRUE;
2023 if (args->print_args->print_hex) {
2024 /* Print the full packet data as hex. */
2025 if (!print_hex_data(args->print_args->stream, edt))
2028 /* Print a blank line if we print anything after this (aka more than one packet). */
2029 args->print_separator = TRUE;
2031 /* Print a header line if we print any more packet summaries */
2032 args->print_header_line = TRUE;
2033 } /* if (args->print_args->print_dissections != print_dissections_none) */
2035 epan_dissect_free(edt);
2037 /* do we want to have a formfeed between each packet from now on? */
2038 if(args->print_args->print_formfeed) {
2039 args->print_formfeed = TRUE;
2045 epan_dissect_free(edt);
2050 cf_print_packets(capture_file *cf, print_args_t *print_args)
2053 print_callback_args_t callback_args;
2061 callback_args.print_args = print_args;
2062 callback_args.print_header_line = TRUE;
2063 callback_args.header_line_buf = NULL;
2064 callback_args.header_line_buf_len = 256;
2065 callback_args.print_formfeed = FALSE;
2066 callback_args.print_separator = FALSE;
2067 callback_args.line_buf = NULL;
2068 callback_args.line_buf_len = 256;
2069 callback_args.col_widths = NULL;
2071 if (!print_preamble(print_args->stream, cf->filename)) {
2072 destroy_print_stream(print_args->stream);
2073 return CF_PRINT_WRITE_ERROR;
2076 if (print_args->print_summary) {
2077 /* We're printing packet summaries. Allocate the header line buffer
2078 and get the column widths. */
2079 callback_args.header_line_buf = g_malloc(callback_args.header_line_buf_len + 1);
2081 /* Find the widths for each of the columns - maximum of the
2082 width of the title and the width of the data - and construct
2083 a buffer with a line containing the column titles. */
2084 callback_args.col_widths = (gint *) g_malloc(sizeof(gint) * cf->cinfo.num_cols);
2085 cp = &callback_args.header_line_buf[0];
2087 for (i = 0; i < cf->cinfo.num_cols; i++) {
2088 /* Don't pad the last column. */
2089 if (i == cf->cinfo.num_cols - 1)
2090 callback_args.col_widths[i] = 0;
2092 callback_args.col_widths[i] = strlen(cf->cinfo.col_title[i]);
2093 data_width = get_column_char_width(get_column_format(i));
2094 if (data_width > callback_args.col_widths[i])
2095 callback_args.col_widths[i] = data_width;
2098 /* Find the length of the string for this column. */
2099 column_len = strlen(cf->cinfo.col_title[i]);
2100 if (callback_args.col_widths[i] > column_len)
2101 column_len = callback_args.col_widths[i];
2103 /* Make sure there's room in the line buffer for the column; if not,
2104 double its length. */
2105 line_len += column_len + 1; /* "+1" for space */
2106 if (line_len > callback_args.header_line_buf_len) {
2107 cp_off = cp - callback_args.header_line_buf;
2108 callback_args.header_line_buf_len = 2 * line_len;
2109 callback_args.header_line_buf = g_realloc(callback_args.header_line_buf,
2110 callback_args.header_line_buf_len + 1);
2111 cp = callback_args.header_line_buf + cp_off;
2114 /* Right-justify the packet number column. */
2115 /* if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2116 sprintf(cp, "%*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2118 sprintf(cp, "%-*s", callback_args.col_widths[i], cf->cinfo.col_title[i]);
2120 if (i != cf->cinfo.num_cols - 1)
2125 /* Now start out the main line buffer with the same length as the
2126 header line buffer. */
2127 callback_args.line_buf_len = callback_args.header_line_buf_len;
2128 callback_args.line_buf = g_malloc(callback_args.line_buf_len + 1);
2129 } /* if (print_summary) */
2131 /* Iterate through the list of packets, printing the packets we were
2133 ret = process_specified_packets(cf, &print_args->range, "Printing",
2134 "selected packets", TRUE, print_packet,
2137 if (callback_args.header_line_buf != NULL)
2138 g_free(callback_args.header_line_buf);
2139 if (callback_args.line_buf != NULL)
2140 g_free(callback_args.line_buf);
2141 if (callback_args.col_widths != NULL)
2142 g_free(callback_args.col_widths);
2147 /* Completed successfully. */
2151 /* Well, the user decided to abort the printing.
2153 XXX - note that what got generated before they did that
2154 will get printed if we're piping to a print program; we'd
2155 have to write to a file and then hand that to the print
2156 program to make it actually not print anything. */
2160 /* Error while printing.
2162 XXX - note that what got generated before they did that
2163 will get printed if we're piping to a print program; we'd
2164 have to write to a file and then hand that to the print
2165 program to make it actually not print anything. */
2166 destroy_print_stream(print_args->stream);
2167 return CF_PRINT_WRITE_ERROR;
2170 if (!print_finale(print_args->stream)) {
2171 destroy_print_stream(print_args->stream);
2172 return CF_PRINT_WRITE_ERROR;
2175 if (!destroy_print_stream(print_args->stream))
2176 return CF_PRINT_WRITE_ERROR;
2182 write_pdml_packet(capture_file *cf _U_, frame_data *fdata,
2183 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2187 epan_dissect_t *edt;
2189 /* Create the protocol tree, but don't fill in the column information. */
2190 edt = epan_dissect_new(TRUE, TRUE);
2191 epan_dissect_run(edt, pseudo_header, pd, fdata, NULL);
2193 /* Write out the information in that tree. */
2194 proto_tree_write_pdml(edt, fh);
2196 epan_dissect_free(edt);
2202 cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
2207 fh = eth_fopen(print_args->file, "w");
2209 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2211 write_pdml_preamble(fh);
2214 return CF_PRINT_WRITE_ERROR;
2217 /* Iterate through the list of packets, printing the packets we were
2219 ret = process_specified_packets(cf, &print_args->range, "Writing PDML",
2220 "selected packets", TRUE,
2221 write_pdml_packet, fh);
2226 /* Completed successfully. */
2230 /* Well, the user decided to abort the printing. */
2234 /* Error while printing. */
2236 return CF_PRINT_WRITE_ERROR;
2239 write_pdml_finale(fh);
2242 return CF_PRINT_WRITE_ERROR;
2245 /* XXX - check for an error */
2252 write_psml_packet(capture_file *cf, frame_data *fdata,
2253 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2257 epan_dissect_t *edt;
2259 /* Fill in the column information, but don't create the protocol tree. */
2260 edt = epan_dissect_new(FALSE, FALSE);
2261 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2262 epan_dissect_fill_in_columns(edt);
2264 /* Write out the information in that tree. */
2265 proto_tree_write_psml(edt, fh);
2267 epan_dissect_free(edt);
2273 cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
2278 fh = eth_fopen(print_args->file, "w");
2280 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2282 write_psml_preamble(fh);
2285 return CF_PRINT_WRITE_ERROR;
2288 /* Iterate through the list of packets, printing the packets we were
2290 ret = process_specified_packets(cf, &print_args->range, "Writing PSML",
2291 "selected packets", TRUE,
2292 write_psml_packet, fh);
2297 /* Completed successfully. */
2301 /* Well, the user decided to abort the printing. */
2305 /* Error while printing. */
2307 return CF_PRINT_WRITE_ERROR;
2310 write_psml_finale(fh);
2313 return CF_PRINT_WRITE_ERROR;
2316 /* XXX - check for an error */
2323 write_csv_packet(capture_file *cf, frame_data *fdata,
2324 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
2328 epan_dissect_t *edt;
2330 /* Fill in the column information, but don't create the protocol tree. */
2331 edt = epan_dissect_new(FALSE, FALSE);
2332 epan_dissect_run(edt, pseudo_header, pd, fdata, &cf->cinfo);
2333 epan_dissect_fill_in_columns(edt);
2335 /* Write out the information in that tree. */
2336 proto_tree_write_csv(edt, fh);
2338 epan_dissect_free(edt);
2344 cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
2349 fh = eth_fopen(print_args->file, "w");
2351 return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
2353 write_csv_preamble(fh);
2356 return CF_PRINT_WRITE_ERROR;
2359 /* Iterate through the list of packets, printing the packets we were
2361 ret = process_specified_packets(cf, &print_args->range, "Writing CSV",
2362 "selected packets", TRUE,
2363 write_csv_packet, fh);
2368 /* Completed successfully. */
2372 /* Well, the user decided to abort the printing. */
2376 /* Error while printing. */
2378 return CF_PRINT_WRITE_ERROR;
2381 write_csv_finale(fh);
2384 return CF_PRINT_WRITE_ERROR;
2387 /* XXX - check for an error */
2393 /* Scan through the packet list and change all columns that use the
2394 "command-line-specified" time stamp format to use the current
2395 value of that format. */
2397 cf_change_time_formats(capture_file *cf)
2400 progdlg_t *progbar = NULL;
2406 GTimeVal start_time;
2407 gchar status_str[100];
2408 int progbar_nextstep;
2409 int progbar_quantum;
2411 gboolean sorted_by_frame_column;
2414 /* adjust timestamp precision if auto is selected */
2415 cf_timestamp_auto_precision(cf);
2417 /* Are there any columns with time stamps in the "command-line-specified"
2420 XXX - we have to force the "column is writable" flag on, as it
2421 might be off from the last frame that was dissected. */
2422 col_set_writable(&cf->cinfo, TRUE);
2423 if (!check_col(&cf->cinfo, COL_CLS_TIME)) {
2424 /* No, there aren't any columns in that format, so we have no work
2428 first = cf->cinfo.col_first[COL_CLS_TIME];
2429 g_assert(first >= 0);
2430 last = cf->cinfo.col_last[COL_CLS_TIME];
2432 /* Freeze the packet list while we redo it, so we don't get any
2433 screen updates while it happens. */
2434 packet_list_freeze();
2436 /* Update the progress bar when it gets to this value. */
2437 progbar_nextstep = 0;
2438 /* When we reach the value that triggers a progress bar update,
2439 bump that value by this amount. */
2440 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2441 /* Count of packets at which we've looked. */
2443 /* Progress so far. */
2446 /* If the rows are currently sorted by the frame column then we know
2447 * the row number of each packet: it's the row number of the previously
2448 * displayed packet + 1.
2450 * Otherwise, if the display is sorted by a different column then we have
2451 * to use the O(N) packet_list_find_row_from_data() (thus making the job
2452 * of changing the time display format O(N**2)).
2454 * (XXX - In fact it's still O(N**2) because gtk_clist_set_text() takes
2455 * the row number and walks that many elements down the clist to find
2456 * the appropriate element.)
2458 sorted_by_frame_column = FALSE;
2459 for (i = 0; i < cf->cinfo.num_cols; i++) {
2460 if (cf->cinfo.col_fmt[i] == COL_NUMBER)
2462 sorted_by_frame_column = (i == packet_list_get_sort_column());
2468 g_get_current_time(&start_time);
2470 /* Iterate through the list of packets, checking whether the packet
2471 is in a row of the summary list and, if so, whether there are
2472 any columns that show the time in the "command-line-specified"
2473 format and, if so, update that row. */
2474 for (fdata = cf->plist, row = -1; fdata != NULL; fdata = fdata->next) {
2475 /* Create the progress bar if necessary.
2476 We check on every iteration of the loop, so that it takes no
2477 longer than the standard time to create it (otherwise, for a
2478 large file, we might take considerably longer than that standard
2479 time in order to get to the next progress bar step). */
2480 if (progbar == NULL)
2481 progbar = delayed_create_progress_dlg("Changing", "time display",
2482 TRUE, &stop_flag, &start_time, progbar_val);
2484 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2485 when we update it, we have to run the GTK+ main loop to get it
2486 to repaint what's pending, and doing so may involve an "ioctl()"
2487 to see if there's any pending input from an X server, and doing
2488 that for every packet can be costly, especially on a big file. */
2489 if (count >= progbar_nextstep) {
2490 /* let's not divide by zero. I should never be started
2491 * with count == 0, so let's assert that
2493 g_assert(cf->count > 0);
2495 progbar_val = (gfloat) count / cf->count;
2497 if (progbar != NULL) {
2498 g_snprintf(status_str, sizeof(status_str),
2499 "%4u of %u packets", count, cf->count);
2500 update_progress_dlg(progbar, progbar_val, status_str);
2503 progbar_nextstep += progbar_quantum;
2507 /* Well, the user decided to abort the redisplay. Just stop.
2509 XXX - this leaves the time field in the old format in
2510 frames we haven't yet processed. So it goes; should we
2511 simply not offer them the option of stopping? */
2517 /* Find what row this packet is in. */
2518 if (!sorted_by_frame_column) {
2519 /* This function is O(N), so we try to avoid using it... */
2520 row = packet_list_find_row_from_data(fdata);
2522 /* ...which we do by maintaining a count of packets that are
2523 being displayed (i.e., that have passed the display filter),
2524 and using the current value of that count as the row number
2525 (which is why we can only do it when the display is sorted
2526 by the frame number). */
2527 if (fdata->flags.passed_dfilter)
2534 /* This packet is in the summary list, on row "row". */
2536 for (i = first; i <= last; i++) {
2537 if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
2538 /* This is one of the columns that shows the time in
2539 "command-line-specified" format; update it. */
2540 cf->cinfo.col_buf[i][0] = '\0';
2541 col_set_cls_time(fdata, &cf->cinfo, i);
2542 packet_list_set_text(row, i, cf->cinfo.col_data[i]);
2548 /* We're done redisplaying the packets; destroy the progress bar if it
2550 if (progbar != NULL)
2551 destroy_progress_dlg(progbar);
2553 /* Set the column widths of those columns that show the time in
2554 "command-line-specified" format. */
2555 for (i = first; i <= last; i++) {
2556 if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
2557 packet_list_set_cls_time_width(i);
2561 /* Unfreeze the packet list. */
2569 gboolean frame_matched;
2573 cf_find_packet_protocol_tree(capture_file *cf, const char *string)
2577 mdata.string = string;
2578 mdata.string_len = strlen(string);
2579 return find_packet(cf, match_protocol_tree, &mdata);
2583 match_protocol_tree(capture_file *cf, frame_data *fdata, void *criterion)
2585 match_data *mdata = criterion;
2586 epan_dissect_t *edt;
2588 /* Construct the protocol tree, including the displayed text */
2589 edt = epan_dissect_new(TRUE, TRUE);
2590 /* We don't need the column information */
2591 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
2593 /* Iterate through all the nodes, seeing if they have text that matches. */
2595 mdata->frame_matched = FALSE;
2596 proto_tree_children_foreach(edt->tree, match_subtree_text, mdata);
2597 epan_dissect_free(edt);
2598 return mdata->frame_matched;
2602 match_subtree_text(proto_node *node, gpointer data)
2604 match_data *mdata = (match_data*) data;
2605 const gchar *string = mdata->string;
2606 size_t string_len = mdata->string_len;
2607 capture_file *cf = mdata->cf;
2608 field_info *fi = PITEM_FINFO(node);
2609 gchar label_str[ITEM_LABEL_LENGTH];
2616 if (mdata->frame_matched) {
2617 /* We already had a match; don't bother doing any more work. */
2621 /* Don't match invisible entries. */
2622 if (PROTO_ITEM_IS_HIDDEN(node))
2625 /* was a free format label produced? */
2627 label_ptr = fi->rep->representation;
2629 /* no, make a generic label */
2630 label_ptr = label_str;
2631 proto_item_fill_label(fi, label_str);
2634 /* Does that label match? */
2635 label_len = strlen(label_ptr);
2636 for (i = 0; i < label_len; i++) {
2637 c_char = label_ptr[i];
2639 c_char = toupper(c_char);
2640 if (c_char == string[c_match]) {
2642 if (c_match == string_len) {
2643 /* No need to look further; we have a match */
2644 mdata->frame_matched = TRUE;
2651 /* Recurse into the subtree, if it exists */
2652 if (node->first_child != NULL)
2653 proto_tree_children_foreach(node, match_subtree_text, mdata);
2657 cf_find_packet_summary_line(capture_file *cf, const char *string)
2661 mdata.string = string;
2662 mdata.string_len = strlen(string);
2663 return find_packet(cf, match_summary_line, &mdata);
2667 match_summary_line(capture_file *cf, frame_data *fdata, void *criterion)
2669 match_data *mdata = criterion;
2670 const gchar *string = mdata->string;
2671 size_t string_len = mdata->string_len;
2672 epan_dissect_t *edt;
2673 const char *info_column;
2674 size_t info_column_len;
2675 gboolean frame_matched = FALSE;
2681 /* Don't bother constructing the protocol tree */
2682 edt = epan_dissect_new(FALSE, FALSE);
2683 /* Get the column information */
2684 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
2686 /* Find the Info column */
2687 for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
2688 if (cf->cinfo.fmt_matx[colx][COL_INFO]) {
2689 /* Found it. See if we match. */
2690 info_column = edt->pi.cinfo->col_data[colx];
2691 info_column_len = strlen(info_column);
2692 for (i = 0; i < info_column_len; i++) {
2693 c_char = info_column[i];
2695 c_char = toupper(c_char);
2696 if (c_char == string[c_match]) {
2698 if (c_match == string_len) {
2699 frame_matched = TRUE;
2708 epan_dissect_free(edt);
2709 return frame_matched;
2715 } cbs_t; /* "Counted byte string" */
2718 cf_find_packet_data(capture_file *cf, const guint8 *string, size_t string_size)
2723 info.data_len = string_size;
2725 /* String or hex search? */
2727 /* String search - what type of string? */
2728 switch (cf->scs_type) {
2730 case SCS_ASCII_AND_UNICODE:
2731 return find_packet(cf, match_ascii_and_unicode, &info);
2734 return find_packet(cf, match_ascii, &info);
2737 return find_packet(cf, match_unicode, &info);
2740 g_assert_not_reached();
2744 return find_packet(cf, match_binary, &info);
2748 match_ascii_and_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2750 cbs_t *info = criterion;
2751 const char *ascii_text = info->data;
2752 size_t textlen = info->data_len;
2753 gboolean frame_matched;
2759 frame_matched = FALSE;
2760 buf_len = fdata->pkt_len;
2761 for (i = 0; i < buf_len; i++) {
2764 c_char = toupper(c_char);
2766 if (c_char == ascii_text[c_match]) {
2768 if (c_match == textlen) {
2769 frame_matched = TRUE;
2770 cf->search_pos = i; /* Save the position of the last character
2771 for highlighting the field. */
2778 return frame_matched;
2782 match_ascii(capture_file *cf, frame_data *fdata, void *criterion)
2784 cbs_t *info = criterion;
2785 const char *ascii_text = info->data;
2786 size_t textlen = info->data_len;
2787 gboolean frame_matched;
2793 frame_matched = FALSE;
2794 buf_len = fdata->pkt_len;
2795 for (i = 0; i < buf_len; i++) {
2798 c_char = toupper(c_char);
2799 if (c_char == ascii_text[c_match]) {
2801 if (c_match == textlen) {
2802 frame_matched = TRUE;
2803 cf->search_pos = i; /* Save the position of the last character
2804 for highlighting the field. */
2810 return frame_matched;
2814 match_unicode(capture_file *cf, frame_data *fdata, void *criterion)
2816 cbs_t *info = criterion;
2817 const char *ascii_text = info->data;
2818 size_t textlen = info->data_len;
2819 gboolean frame_matched;
2825 frame_matched = FALSE;
2826 buf_len = fdata->pkt_len;
2827 for (i = 0; i < buf_len; i++) {
2830 c_char = toupper(c_char);
2831 if (c_char == ascii_text[c_match]) {
2834 if (c_match == textlen) {
2835 frame_matched = TRUE;
2836 cf->search_pos = i; /* Save the position of the last character
2837 for highlighting the field. */
2843 return frame_matched;
2847 match_binary(capture_file *cf, frame_data *fdata, void *criterion)
2849 cbs_t *info = criterion;
2850 const guint8 *binary_data = info->data;
2851 size_t datalen = info->data_len;
2852 gboolean frame_matched;
2857 frame_matched = FALSE;
2858 buf_len = fdata->pkt_len;
2859 for (i = 0; i < buf_len; i++) {
2860 if (cf->pd[i] == binary_data[c_match]) {
2862 if (c_match == datalen) {
2863 frame_matched = TRUE;
2864 cf->search_pos = i; /* Save the position of the last character
2865 for highlighting the field. */
2871 return frame_matched;
2875 cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode)
2877 return find_packet(cf, match_dfilter, sfcode);
2881 match_dfilter(capture_file *cf, frame_data *fdata, void *criterion)
2883 dfilter_t *sfcode = criterion;
2884 epan_dissect_t *edt;
2885 gboolean frame_matched;
2887 edt = epan_dissect_new(TRUE, FALSE);
2888 epan_dissect_prime_dfilter(edt, sfcode);
2889 epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
2890 frame_matched = dfilter_apply_edt(sfcode, edt);
2891 epan_dissect_free(edt);
2892 return frame_matched;
2896 find_packet(capture_file *cf,
2897 gboolean (*match_function)(capture_file *, frame_data *, void *),
2900 frame_data *start_fd;
2902 frame_data *new_fd = NULL;
2903 progdlg_t *progbar = NULL;
2910 GTimeVal start_time;
2911 gchar status_str[100];
2912 int progbar_nextstep;
2913 int progbar_quantum;
2916 start_fd = cf->current_frame;
2917 if (start_fd != NULL) {
2918 /* Iterate through the list of packets, starting at the packet we've
2919 picked, calling a routine to run the filter on the packet, see if
2920 it matches, and stop if so. */
2924 /* Update the progress bar when it gets to this value. */
2925 progbar_nextstep = 0;
2926 /* When we reach the value that triggers a progress bar update,
2927 bump that value by this amount. */
2928 progbar_quantum = cf->count/N_PROGBAR_UPDATES;
2929 /* Progress so far. */
2933 g_get_current_time(&start_time);
2936 title = cf->sfilter?cf->sfilter:"";
2938 /* Create the progress bar if necessary.
2939 We check on every iteration of the loop, so that it takes no
2940 longer than the standard time to create it (otherwise, for a
2941 large file, we might take considerably longer than that standard
2942 time in order to get to the next progress bar step). */
2943 if (progbar == NULL)
2944 progbar = delayed_create_progress_dlg("Searching", title,
2945 FALSE, &stop_flag, &start_time, progbar_val);
2947 /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
2948 when we update it, we have to run the GTK+ main loop to get it
2949 to repaint what's pending, and doing so may involve an "ioctl()"
2950 to see if there's any pending input from an X server, and doing
2951 that for every packet can be costly, especially on a big file. */
2952 if (count >= progbar_nextstep) {
2953 /* let's not divide by zero. I should never be started
2954 * with count == 0, so let's assert that
2956 g_assert(cf->count > 0);
2958 progbar_val = (gfloat) count / cf->count;
2960 if (progbar != NULL) {
2961 g_snprintf(status_str, sizeof(status_str),
2962 "%4u of %u packets", count, cf->count);
2963 update_progress_dlg(progbar, progbar_val, status_str);
2966 progbar_nextstep += progbar_quantum;
2970 /* Well, the user decided to abort the search. Go back to the
2971 frame where we started. */
2976 /* Go past the current frame. */
2977 if (cf->sbackward) {
2978 /* Go on to the previous frame. */
2979 fdata = fdata->prev;
2980 if (fdata == NULL) {
2982 * XXX - other apps have a bit more of a detailed message
2983 * for this, and instead of offering "OK" and "Cancel",
2984 * they offer things such as "Continue" and "Cancel";
2985 * we need an API for popping up alert boxes with
2986 * {Verb} and "Cancel".
2989 if (prefs.gui_find_wrap)
2991 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
2992 "%sBeginning of capture exceeded!%s\n\n"
2993 "Search is continued from the end of the capture.",
2994 simple_dialog_primary_start(), simple_dialog_primary_end());
2995 fdata = cf->plist_end; /* wrap around */
2999 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3000 "%sBeginning of capture exceeded!%s\n\n"
3001 "Try searching forwards.",
3002 simple_dialog_primary_start(), simple_dialog_primary_end());
3003 fdata = start_fd; /* stay on previous packet */
3007 /* Go on to the next frame. */
3008 fdata = fdata->next;
3009 if (fdata == NULL) {
3010 if (prefs.gui_find_wrap)
3012 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3013 "%sEnd of capture exceeded!%s\n\n"
3014 "Search is continued from the start of the capture.",
3015 simple_dialog_primary_start(), simple_dialog_primary_end());
3016 fdata = cf->plist; /* wrap around */
3020 simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
3021 "%sEnd of capture exceeded!%s\n\n"
3022 "Try searching backwards.",
3023 simple_dialog_primary_start(), simple_dialog_primary_end());
3024 fdata = start_fd; /* stay on previous packet */
3031 /* Is this packet in the display? */
3032 if (fdata->flags.passed_dfilter) {
3033 /* Yes. Load its data. */
3034 if (!wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
3035 cf->pd, fdata->cap_len, &err, &err_info)) {
3036 /* Read error. Report the error, and go back to the frame
3037 where we started. */
3038 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3039 cf_read_error_message(err, err_info), cf->filename);
3044 /* Does it match the search criterion? */
3045 if ((*match_function)(cf, fdata, criterion)) {
3047 break; /* found it! */
3051 if (fdata == start_fd) {
3052 /* We're back to the frame we were on originally, and that frame
3053 doesn't match the search filter. The search failed. */
3058 /* We're done scanning the packets; destroy the progress bar if it
3060 if (progbar != NULL)
3061 destroy_progress_dlg(progbar);
3064 if (new_fd != NULL) {
3065 /* We found a frame. Find what row it's in. */
3066 row = packet_list_find_row_from_data(new_fd);
3067 g_assert(row != -1);
3069 /* Select that row, make it the focus row, and make it visible. */
3070 packet_list_set_selected_row(row);
3071 return TRUE; /* success */
3073 return FALSE; /* failure */
3077 cf_goto_frame(capture_file *cf, guint fnumber)
3082 for (fdata = cf->plist; fdata != NULL && fdata->num < fnumber; fdata = fdata->next)
3085 if (fdata == NULL) {
3086 /* we didn't find a packet with that packet number */
3087 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3088 "There is no packet with the packet number %u.", fnumber);
3089 return FALSE; /* we failed to go to that packet */
3091 if (!fdata->flags.passed_dfilter) {
3092 /* that packet currently isn't displayed */
3093 /* XXX - add it to the set of displayed packets? */
3094 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3095 "The packet number %u isn't currently being displayed.", fnumber);
3096 return FALSE; /* we failed to go to that packet */
3099 /* We found that packet, and it's currently being displayed.
3100 Find what row it's in. */
3101 row = packet_list_find_row_from_data(fdata);
3102 g_assert(row != -1);
3104 /* Select that row, make it the focus row, and make it visible. */
3105 packet_list_set_selected_row(row);
3106 return TRUE; /* we got to that packet */
3110 cf_goto_top_frame(capture_file *cf)
3114 frame_data *lowest_fdata = NULL;
3116 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3117 if (fdata->flags.passed_dfilter) {
3118 lowest_fdata = fdata;
3123 if (lowest_fdata == NULL) {
3127 /* We found that packet, and it's currently being displayed.
3128 Find what row it's in. */
3129 row = packet_list_find_row_from_data(lowest_fdata);
3130 g_assert(row != -1);
3132 /* Select that row, make it the focus row, and make it visible. */
3133 packet_list_set_selected_row(row);
3134 return TRUE; /* we got to that packet */
3138 cf_goto_bottom_frame(capture_file *cf)
3142 frame_data *highest_fdata = NULL;
3144 for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
3145 if (fdata->flags.passed_dfilter) {
3146 highest_fdata = fdata;
3150 if (highest_fdata == NULL) {
3154 /* We found that packet, and it's currently being displayed.
3155 Find what row it's in. */
3156 row = packet_list_find_row_from_data(highest_fdata);
3157 g_assert(row != -1);
3159 /* Select that row, make it the focus row, and make it visible. */
3160 packet_list_set_selected_row(row);
3161 return TRUE; /* we got to that packet */
3165 * Go to frame specified by currently selected protocol tree item.
3168 cf_goto_framenum(capture_file *cf)
3170 header_field_info *hfinfo;
3173 if (cf->finfo_selected) {
3174 hfinfo = cf->finfo_selected->hfinfo;
3176 if (hfinfo->type == FT_FRAMENUM) {
3177 framenum = fvalue_get_uinteger(&cf->finfo_selected->value);
3179 return cf_goto_frame(cf, framenum);
3186 /* Select the packet on a given row. */
3188 cf_select_packet(capture_file *cf, int row)
3194 /* Get the frame data struct pointer for this frame */
3195 fdata = (frame_data *)packet_list_get_row_data(row);
3197 if (fdata == NULL) {
3198 /* XXX - if a GtkCList's selection mode is GTK_SELECTION_BROWSE, when
3199 the first entry is added to it by "real_insert_row()", that row
3200 is selected (see "real_insert_row()", in "gtk/gtkclist.c", in both
3201 our version and the vanilla GTK+ version).
3203 This means that a "select-row" signal is emitted; this causes
3204 "packet_list_select_cb()" to be called, which causes "cf_select_packet()"
3207 "cf_select_packet()" fetches, above, the data associated with the
3208 row that was selected; however, as "gtk_clist_append()", which
3209 called "real_insert_row()", hasn't yet returned, we haven't yet
3210 associated any data with that row, so we get back a null pointer.
3212 We can't assume that there's only one frame in the frame list,
3213 either, as we may be filtering the display.
3215 We therefore assume that, if "row" is 0, i.e. the first row
3216 is being selected, and "cf->first_displayed" equals
3217 "cf->last_displayed", i.e. there's only one frame being
3218 displayed, that frame is the frame we want.
3220 This means we have to set "cf->first_displayed" and
3221 "cf->last_displayed" before adding the row to the
3222 GtkCList; see the comment in "add_packet_to_packet_list()". */
3224 if (row == 0 && cf->first_displayed == cf->last_displayed)
3225 fdata = cf->first_displayed;
3228 /* If fdata _still_ isn't set simply give up. */
3229 if (fdata == NULL) {
3233 /* Get the data in that frame. */
3234 if (!wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
3235 cf->pd, fdata->cap_len, &err, &err_info)) {
3236 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3237 cf_read_error_message(err, err_info), cf->filename);
3241 /* Record that this frame is the current frame. */
3242 cf->current_frame = fdata;
3244 /* Create the logical protocol tree. */
3245 if (cf->edt != NULL) {
3246 epan_dissect_free(cf->edt);
3249 /* We don't need the columns here. */
3250 cf->edt = epan_dissect_new(TRUE, TRUE);
3252 epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
3255 dfilter_macro_build_ftv_cache(cf->edt->tree);
3257 cf_callback_invoke(cf_cb_packet_selected, cf);
3260 /* Unselect the selected packet, if any. */
3262 cf_unselect_packet(capture_file *cf)
3264 /* Destroy the epan_dissect_t for the unselected packet. */
3265 if (cf->edt != NULL) {
3266 epan_dissect_free(cf->edt);
3270 /* No packet is selected. */
3271 cf->current_frame = NULL;
3273 cf_callback_invoke(cf_cb_packet_unselected, cf);
3275 /* No protocol tree means no selected field. */
3276 cf_unselect_field(cf);
3279 /* Unset the selected protocol tree field, if any. */
3281 cf_unselect_field(capture_file *cf)
3283 cf->finfo_selected = NULL;
3285 cf_callback_invoke(cf_cb_field_unselected, cf);
3289 * Mark a particular frame.
3292 cf_mark_frame(capture_file *cf, frame_data *frame)
3294 if (! frame->flags.marked) {
3295 frame->flags.marked = TRUE;
3296 if (cf->count > cf->marked_count)
3302 * Unmark a particular frame.
3305 cf_unmark_frame(capture_file *cf, frame_data *frame)
3307 if (frame->flags.marked) {
3308 frame->flags.marked = FALSE;
3309 if (cf->marked_count > 0)
3317 } save_callback_args_t;
3320 * Save a capture to a file, in a particular format, saving either
3321 * all packets, all currently-displayed packets, or all marked packets.
3323 * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
3324 * up a message box for the failure.
3327 save_packet(capture_file *cf _U_, frame_data *fdata,
3328 union wtap_pseudo_header *pseudo_header, const guint8 *pd,
3331 save_callback_args_t *args = argsp;
3332 struct wtap_pkthdr hdr;
3335 /* init the wtap header for saving */
3336 hdr.ts.secs = fdata->abs_ts.secs;
3337 hdr.ts.nsecs = fdata->abs_ts.nsecs;
3338 hdr.caplen = fdata->cap_len;
3339 hdr.len = fdata->pkt_len;
3340 hdr.pkt_encap = fdata->lnk_t;
3342 /* and save the packet */
3343 if (!wtap_dump(args->pdh, &hdr, pseudo_header, pd, &err)) {
3344 cf_write_failure_alert_box(args->fname, err);
3351 * Can this capture file be saved in any format except by copying the raw data?
3354 cf_can_save_as(capture_file *cf)
3358 for (ft = 0; ft < WTAP_NUM_FILE_TYPES; ft++) {
3359 /* To save a file with Wiretap, Wiretap has to handle that format,
3360 and its code to handle that format must be able to write a file
3361 with this file's encapsulation type. */
3362 if (wtap_dump_can_open(ft) && wtap_dump_can_write_encap(ft, cf->lnk_t)) {
3363 /* OK, we can write it out in this type. */
3368 /* No, we couldn't save it in any format. */
3373 cf_save(capture_file *cf, const char *fname, packet_range_t *range, guint save_format, gboolean compressed)
3375 gchar *from_filename;
3379 save_callback_args_t callback_args;
3381 cf_callback_invoke(cf_cb_file_safe_started, (gpointer) fname);
3383 /* don't write over an existing file. */
3384 /* this should've been already checked by our caller, just to be sure... */
3385 if (file_exists(fname)) {
3386 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3387 "%sCapture file: \"%s\" already exists!%s\n\n"
3388 "Please choose a different filename.",
3389 simple_dialog_primary_start(), fname, simple_dialog_primary_end());
3393 packet_range_process_init(range);
3396 if (packet_range_process_all(range) && save_format == cf->cd_t) {
3397 /* We're not filtering packets, and we're saving it in the format
3398 it's already in, so we can just move or copy the raw data. */
3400 if (cf->is_tempfile) {
3401 /* The file being saved is a temporary file from a live
3402 capture, so it doesn't need to stay around under that name;
3403 first, try renaming the capture buffer file to the new name. */
3405 if (eth_rename(cf->filename, fname) == 0) {
3406 /* That succeeded - there's no need to copy the source file. */
3407 from_filename = NULL;
3410 if (errno == EXDEV) {
3411 /* They're on different file systems, so we have to copy the
3414 from_filename = cf->filename;
3416 /* The rename failed, but not because they're on different
3417 file systems - put up an error message. (Or should we
3418 just punt and try to copy? The only reason why I'd
3419 expect the rename to fail and the copy to succeed would
3420 be if we didn't have permission to remove the file from
3421 the temporary directory, and that might be fixable - but
3422 is it worth requiring the user to go off and fix it?) */
3423 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3424 file_rename_error_message(errno), fname);
3430 from_filename = cf->filename;
3433 /* It's a permanent file, so we should copy it, and not remove the
3436 from_filename = cf->filename;
3440 /* Copy the file, if we haven't moved it. */
3441 if (!copy_binary_file(from_filename, fname))
3445 /* Either we're filtering packets, or we're saving in a different
3446 format; we can't do that by copying or moving the capture file,
3447 we have to do it by writing the packets out in Wiretap. */
3448 pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap,
3451 cf_open_failure_alert_box(fname, err, NULL, TRUE, save_format);
3455 /* XXX - we let the user save a subset of the packets.
3457 If we do that, should we make that file the current file? If so,
3458 it means we can no longer get at the other packets. What does
3461 /* Iterate through the list of packets, processing the packets we were
3464 XXX - we've already called "packet_range_process_init(range)", but
3465 "process_specified_packets()" will do it again. Fortunately,
3466 that's harmless in this case, as we haven't done anything to
3467 "range" since we initialized it. */
3468 callback_args.pdh = pdh;
3469 callback_args.fname = fname;
3470 switch (process_specified_packets(cf, range, "Saving", "selected packets",
3471 TRUE, save_packet, &callback_args)) {
3474 /* Completed successfully. */
3478 /* The user decided to abort the saving.
3479 XXX - remove the output file? */
3483 /* Error while saving. */
3484 wtap_dump_close(pdh, &err);
3488 if (!wtap_dump_close(pdh, &err)) {
3489 cf_close_failure_alert_box(fname, err);
3494 cf_callback_invoke(cf_cb_file_safe_finished, NULL);
3496 if (packet_range_process_all(range)) {
3497 /* We saved the entire capture, not just some packets from it.
3498 Open and read the file we saved it to.
3500 XXX - this is somewhat of a waste; we already have the
3501 packets, all this gets us is updated file type information
3502 (which we could just stuff into "cf"), and having the new
3503 file be the one we have opened and from which we're reading
3504 the data, and it means we have to spend time opening and
3505 reading the file, which could be a significant amount of
3506 time if the file is large. */
3507 cf->user_saved = TRUE;
3509 if ((cf_open(cf, fname, FALSE, &err)) == CF_OK) {
3510 /* XXX - report errors if this fails?
3511 What should we return if it fails or is aborted? */
3512 switch (cf_read(cf)) {
3516 /* Just because we got an error, that doesn't mean we were unable
3517 to read any of the file; we handle what we could get from the
3521 case CF_READ_ABORTED:
3522 /* The user bailed out of re-reading the capture file; the
3523 capture file has been closed - just return (without
3524 changing any menu settings; "cf_close()" set them
3525 correctly for the "no capture file open" state). */
3528 cf_callback_invoke(cf_cb_file_safe_reload_finished, NULL);
3534 cf_callback_invoke(cf_cb_file_safe_failed, NULL);
3539 cf_open_failure_alert_box(const char *filename, int err, gchar *err_info,
3540 gboolean for_writing, int file_type)
3543 /* Wiretap error. */
3546 case WTAP_ERR_NOT_REGULAR_FILE:
3547 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3548 "The file \"%s\" is a \"special file\" or socket or other non-regular file.",
3552 case WTAP_ERR_RANDOM_OPEN_PIPE:
3553 /* Seen only when opening a capture file for reading. */
3554 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3555 "The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.",
3559 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
3560 /* Seen only when opening a capture file for reading. */
3561 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3562 "The file \"%s\" isn't a capture file in a format Wireshark understands.",
3566 case WTAP_ERR_UNSUPPORTED:
3567 /* Seen only when opening a capture file for reading. */
3568 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3569 "The file \"%s\" isn't a capture file in a format Wireshark understands.\n"
3571 filename, err_info);
3575 case WTAP_ERR_CANT_WRITE_TO_PIPE:
3576 /* Seen only when opening a capture file for writing. */
3577 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3578 "The file \"%s\" is a pipe, and %s capture files can't be "
3579 "written to a pipe.",
3580 filename, wtap_file_type_string(file_type));
3583 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
3584 /* Seen only when opening a capture file for writing. */
3585 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3586 "Wireshark doesn't support writing capture files in that format.");
3589 case WTAP_ERR_UNSUPPORTED_ENCAP:
3591 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3592 "Wireshark can't save this capture in that format.");
3594 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3595 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.\n"
3597 filename, err_info);
3602 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
3604 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3605 "Wireshark can't save this capture in that format.");
3607 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3608 "The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
3613 case WTAP_ERR_BAD_RECORD:
3614 /* Seen only when opening a capture file for reading. */
3615 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3616 "The file \"%s\" appears to be damaged or corrupt.\n"
3618 filename, err_info);
3622 case WTAP_ERR_CANT_OPEN:
3624 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3625 "The file \"%s\" could not be created for some unknown reason.",
3628 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3629 "The file \"%s\" could not be opened for some unknown reason.",
3634 case WTAP_ERR_SHORT_READ:
3635 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3636 "The file \"%s\" appears to have been cut short"
3637 " in the middle of a packet or other data.",
3641 case WTAP_ERR_SHORT_WRITE:
3642 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3643 "A full header couldn't be written to the file \"%s\".",
3647 case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
3648 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3649 "Gzip compression not supported by this file type.");
3653 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3654 "The file \"%s\" could not be %s: %s.",
3656 for_writing ? "created" : "opened",
3657 wtap_strerror(err));
3662 open_failure_alert_box(filename, err, for_writing);
3667 file_rename_error_message(int err)
3670 static char errmsg_errno[1024+1];
3675 errmsg = "The path to the file \"%s\" doesn't exist.";
3679 errmsg = "You don't have permission to move the capture file to \"%s\".";
3683 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3684 "The file \"%%s\" could not be moved: %s.",
3685 wtap_strerror(err));
3686 errmsg = errmsg_errno;
3693 cf_read_error_message(int err, const gchar *err_info)
3695 static char errmsg_errno[1024+1];
3699 case WTAP_ERR_UNSUPPORTED_ENCAP:
3700 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3701 "The file \"%%s\" has a packet with a network type that Wireshark doesn't support.\n(%s)",
3705 case WTAP_ERR_BAD_RECORD:
3706 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3707 "An error occurred while reading from the file \"%%s\": %s.\n(%s)",
3708 wtap_strerror(err), err_info);
3712 g_snprintf(errmsg_errno, sizeof(errmsg_errno),
3713 "An error occurred while reading from the file \"%%s\": %s.",
3714 wtap_strerror(err));
3717 return errmsg_errno;
3721 cf_write_failure_alert_box(const char *filename, int err)
3724 /* Wiretap error. */
3725 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3726 "An error occurred while writing to the file \"%s\": %s.",
3727 filename, wtap_strerror(err));
3730 write_failure_alert_box(filename, err);
3734 /* Check for write errors - if the file is being written to an NFS server,
3735 a write error may not show up until the file is closed, as NFS clients
3736 might not send writes to the server until the "write()" call finishes,
3737 so that the write may fail on the server but the "write()" may succeed. */
3739 cf_close_failure_alert_box(const char *filename, int err)
3742 /* Wiretap error. */
3745 case WTAP_ERR_CANT_CLOSE:
3746 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3747 "The file \"%s\" couldn't be closed for some unknown reason.",
3751 case WTAP_ERR_SHORT_WRITE:
3752 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3753 "Not all the packets could be written to the file \"%s\".",
3758 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3759 "An error occurred while closing the file \"%s\": %s.",
3760 filename, wtap_strerror(err));
3765 We assume that a close error from the OS is really a write error. */
3766 write_failure_alert_box(filename, err);
3770 /* Reload the current capture file. */
3772 cf_reload(capture_file *cf) {
3774 gboolean is_tempfile;
3777 /* If the file could be opened, "cf_open()" calls "cf_close()"
3778 to get rid of state for the old capture file before filling in state
3779 for the new capture file. "cf_close()" will remove the file if
3780 it's a temporary file; we don't want that to happen (for one thing,
3781 it'd prevent subsequent reopens from working). Remember whether it's
3782 a temporary file, mark it as not being a temporary file, and then
3783 reopen it as the type of file it was.
3785 Also, "cf_close()" will free "cf->filename", so we must make
3786 a copy of it first. */
3787 filename = g_strdup(cf->filename);
3788 is_tempfile = cf->is_tempfile;
3789 cf->is_tempfile = FALSE;
3790 if (cf_open(cf, filename, is_tempfile, &err) == CF_OK) {
3791 switch (cf_read(cf)) {
3795 /* Just because we got an error, that doesn't mean we were unable
3796 to read any of the file; we handle what we could get from the
3800 case CF_READ_ABORTED:
3801 /* The user bailed out of re-reading the capture file; the
3802 capture file has been closed - just free the capture file name
3803 string and return (without changing the last containing
3809 /* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
3810 Instead, the file was left open, so we should restore "cf->is_tempfile"
3813 XXX - change the menu? Presumably "cf_open()" will do that;
3814 make sure it does! */
3815 cf->is_tempfile = is_tempfile;
3817 /* "cf_open()" made a copy of the file name we handed it, so
3818 we should free up our copy. */
3822 /* Copies a file in binary mode, for those operating systems that care about
3824 * Returns TRUE on success, FALSE on failure. If a failure, it also
3825 * displays a simple dialog window with the error message.
3828 copy_binary_file(const char *from_filename, const char *to_filename)
3830 int from_fd, to_fd, nread, nwritten, err;
3833 /* Copy the raw bytes of the file. */
3834 from_fd = eth_open(from_filename, O_RDONLY | O_BINARY, 0000 /* no creation so don't matter */);
3836 open_failure_alert_box(from_filename, errno, FALSE);
3840 /* Use open() instead of creat() so that we can pass the O_BINARY
3841 flag, which is relevant on Win32; it appears that "creat()"
3842 may open the file in text mode, not binary mode, but we want
3843 to copy the raw bytes of the file, so we need the output file
3844 to be open in binary mode. */
3845 to_fd = eth_open(to_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
3847 open_failure_alert_box(to_filename, errno, TRUE);
3852 while ((nread = eth_read(from_fd, pd, sizeof pd)) > 0) {
3853 nwritten = eth_write(to_fd, pd, nread);
3854 if (nwritten < nread) {
3858 err = WTAP_ERR_SHORT_WRITE;
3859 write_failure_alert_box(to_filename, err);
3867 simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
3868 "An error occurred while reading from the file \"%s\": %s.",
3869 from_filename, strerror(err));
3875 if (eth_close(to_fd) < 0) {
3876 write_failure_alert_box(to_filename, errno);