1 /* Combine two dump files, either by appending or by merging by timestamp
3 * $Id: mergecap.c,v 1.8 2002/03/31 20:59:47 guy Exp $
5 * Written by Scott Renfro <scott@renfro.org> based on
6 * editcap by Richard Sharpe and Guy Harris
22 #ifdef HAVE_SYS_TIME_H
41 static int verbose = 0; /* Not so verbose */
44 * Structures to manage our files
46 typedef struct in_file_t {
54 typedef struct out_file_t {
62 static out_file_t out_file;
65 * Routine to write frame to output file
68 write_frame(u_char *user, const struct wtap_pkthdr *phdr, long offset _U_,
69 union wtap_pseudo_header *pseudo_header, const u_char *buf)
71 wtap_dumper *pdh = (wtap_dumper*)user;
73 struct wtap_pkthdr snap_phdr;
76 printf("Record: %u\n", out_file.count++);
78 /* We simply write it, perhaps after truncating it; we could do other
79 * things, like modify it. */
80 if (out_file.snaplen != 0 && phdr->caplen > out_file.snaplen) {
82 snap_phdr.caplen = out_file.snaplen;
86 if (!wtap_dump(pdh, phdr, pseudo_header, buf, &err)) {
87 fprintf(stderr, "mergecap: Error writing to %s: %s\n",
88 out_file.filename, wtap_strerror(err));
95 * routine to concatenate files
98 append(int count, in_file_t in_files[], out_file_t *out_file)
103 for (i = 0; i < count; i++) {
104 if (!wtap_loop(in_files[i].wth, 0, write_frame,
105 (u_char*)out_file->pdh, &err)) {
106 fprintf(stderr, "mergecap: Error appending from %s to %s: %s\n",
107 in_files[i].filename, out_file->filename, wtap_strerror(err));
114 * returns TRUE if first argument is earlier than second
117 is_earlier(struct timeval *l, struct timeval *r) {
118 if (l->tv_sec > r->tv_sec) { /* left is later */
120 } else if (l->tv_sec < r->tv_sec) { /* left is earlier */
122 } else if (l->tv_usec > r->tv_usec) { /* tv_sec equal, l.usec later */
125 /* either one < two or one == two
126 * either way, return one
133 * returns index of earliest timestamp in set of input files
134 * or -1 if no valid files remain
137 earliest(int count, in_file_t in_files[]) {
140 struct timeval tv = {LONG_MAX, LONG_MAX};
142 for (i = 0; i < count; i++) {
143 struct wtap_pkthdr *phdr = wtap_phdr(in_files[i].wth);
145 if (in_files[i].ok && is_earlier(&(phdr->ts), &tv)) {
154 * actually merge the files
157 merge(int count, in_file_t in_files[], out_file_t *out_file)
161 /* prime the pump (read in first frame from each file) */
162 for (i = 0; i < count; i++) {
163 in_files[i].ok = wtap_read(in_files[i].wth, &(in_files[i].err),
164 &(in_files[i].data_offset));
167 /* now keep writing the earliest frame until we're out of frames */
168 while ( -1 != (i = earliest(count, in_files))) {
170 /* write out earliest frame, and fetch another from its
173 write_frame((u_char*)out_file->pdh,
174 wtap_phdr(in_files[i].wth),
175 in_files[i].data_offset,
176 wtap_pseudoheader(in_files[i].wth),
177 wtap_buf_ptr(in_files[i].wth));
178 in_files[i].ok = wtap_read(in_files[i].wth, &(in_files[i].err),
179 &(in_files[i].data_offset));
185 * Select an output frame type based on the input files
186 * From Guy: If all files have the same frame type, then use that.
187 * Otherwise select WTAP_ENCAP_PER_PACKET. If the selected
188 * output file type doesn't support per packet frame types,
189 * then the wtap_dump_open call will fail with a reasonable
193 select_frame_type(int count, in_file_t files[])
196 int selected_frame_type;
198 selected_frame_type = wtap_file_encap(files[0].wth);
200 for (i = 1; i < count; i++) {
201 int this_frame_type = wtap_file_encap(files[i].wth);
202 if (selected_frame_type != this_frame_type) {
203 selected_frame_type = WTAP_ENCAP_PER_PACKET;
205 fprintf(stderr, "mergecap: multiple frame encapsulation types detected\n");
206 fprintf(stderr, " defaulting to WTAP_ENCAP_PER_PACKET\n");
207 fprintf(stderr, " %s had type %s (%s)\n",
209 wtap_encap_string(selected_frame_type),
210 wtap_encap_short_string(selected_frame_type));
211 fprintf(stderr, " %s had type %s (%s)\n",
213 wtap_encap_string(this_frame_type),
214 wtap_encap_short_string(this_frame_type));
221 fprintf(stderr, "mergecap: selected frame_type %s (%s)\n",
222 wtap_encap_string(selected_frame_type),
223 wtap_encap_short_string(selected_frame_type));
226 return selected_frame_type;
231 * Close the output file
234 close_outfile(out_file_t *out_file)
237 if (!wtap_dump_close(out_file->pdh, &err)) {
238 fprintf(stderr, "mergecap: Error closing file %s: %s\n",
239 out_file->filename, wtap_strerror(err));
246 * Open the output file
248 * Return FALSE if file cannot be opened (so caller can clean up)
251 open_outfile(out_file_t *out_file, int snapshot_len)
255 fprintf(stderr, "mergecap: internal error (null out_file)\n");
259 out_file->pdh = wtap_dump_open(out_file->filename, out_file->file_type,
260 out_file->frame_type, snapshot_len, &err);
261 if (!out_file->pdh) {
262 fprintf(stderr, "mergecap: Can't open/create %s:\n", out_file->filename);
263 fprintf(stderr, " %s\n", wtap_strerror(err));
271 * Scan through input files and find maximum snapshot length
274 max_snapshot_length(int count, in_file_t in_files[])
277 int max_snapshot = 0;
280 for (i = 0; i < count; i++) {
281 snapshot_length = wtap_snapshot_length(in_files[i].wth);
282 if (snapshot_length == 0) {
283 /* Snapshot length of input file not known. */
284 snapshot_length = WTAP_MAX_PACKET_SIZE;
286 if (snapshot_length > max_snapshot)
287 max_snapshot = snapshot_length;
294 * Scan through and close each input file
297 close_in_files(int count, in_file_t in_files[])
300 for (i = 0; i < count; i++) {
301 wtap_close(in_files[i].wth);
307 * Scan through the arguments and open the input files
310 open_in_files(int argc, char *argv[], in_file_t *in_files[])
316 int files_size = argc * sizeof(in_file_t);
319 files = malloc(files_size);
321 fprintf(stderr, "mergecap: error allocating %d bytes of memory\n",
327 for (i = 0; i < argc; i++) {
328 files[count].filename = argv[i];
329 files[count].wth = wtap_open_offline(argv[i], &err, FALSE);
330 files[count].err = 0;
331 files[count].data_offset = 0;
332 files[count].ok = TRUE;
333 if (!files[count].wth) {
334 fprintf(stderr, "mergecap: skipping %s: %s\n", argv[i],
338 fprintf(stderr, "mergecap: %s is type %s.\n", argv[i],
339 wtap_file_type_string(wtap_file_type(files[count].wth)));
345 fprintf(stderr, "mergecap: opened %d of %d input files\n", count,
361 fprintf(stderr, "Usage: mergecap [-hva] [-s <snaplen>] [-T <encap type>]\n");
362 fprintf(stderr, " [-F <capture type>] -w <outfile> <infile> [...]\n\n");
363 fprintf(stderr, " where\t-h produces this help listing.\n");
364 fprintf(stderr, " \t-v verbose operation, default is silent\n");
365 fprintf(stderr, " \t-a files should be concatenated, not merged\n");
366 fprintf(stderr, " \t Default merges based on frame timestamps\n");
367 fprintf(stderr, " \t-s <snaplen>: truncate packets to <snaplen> bytes of data\n");
368 fprintf(stderr, " \t-w <outfile>: sets output filename to <outfile>\n");
369 fprintf(stderr, " \t-T <encap type> encapsulation type to use:\n");
370 for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
371 string = wtap_encap_short_string(i);
373 fprintf(stderr, " \t %s - %s\n",
374 string, wtap_encap_string(i));
376 fprintf(stderr, " \t default is the same as the first input file\n");
377 fprintf(stderr, " \t-F <capture type> capture file type to write:\n");
378 for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
379 if (wtap_dump_can_open(i))
380 fprintf(stderr, " \t %s - %s\n",
381 wtap_file_type_short_string(i), wtap_file_type_string(i));
383 fprintf(stderr, " \t default is libpcap\n");
389 main(int argc, char *argv[])
395 gboolean do_append = FALSE;
396 int in_file_count = 0;
397 in_file_t *in_files = NULL;
399 /* initialize out_file */
400 out_file.filename = NULL;
401 out_file.pdh = NULL; /* wiretap dumpfile */
402 out_file.file_type = WTAP_FILE_PCAP; /* default to "libpcap" */
403 out_file.frame_type = -2; /* leave type alone */
404 out_file.snaplen = 0; /* no limit */
405 out_file.count = 1; /* frames output */
407 /* Process the options first */
408 while ((opt = getopt(argc, argv, "hvas:T:F:w:")) != -1) {
412 out_file.filename = optarg;
416 do_append = !do_append;
420 out_file.frame_type = wtap_short_string_to_encap(optarg);
421 if (out_file.frame_type < 0) {
422 fprintf(stderr, "mergecap: \"%s\" is not a valid encapsulation type\n",
429 out_file.file_type = wtap_short_string_to_file_type(optarg);
430 if (out_file.file_type < 0) {
431 fprintf(stderr, "mergecap: \"%s\" is not a valid capture file type\n",
438 verbose = !verbose; /* Just invert */
442 out_file.snaplen = strtol(optarg, &p, 10);
443 if (p == optarg || *p != '\0') {
444 fprintf(stderr, "mergecap: \"%s\" is not a valid snapshot length\n",
451 fprintf(stderr, "mergecap version %s\n", VERSION);
456 case '?': /* Bad options if GNU getopt */
465 /* check for proper args; at a minimum, must have an output
466 * filename and one input file
468 in_file_count = argc - optind;
469 if (!out_file.filename) {
470 fprintf(stderr, "mergecap: an output filename must be set with -w\n");
475 /* open the input files */
476 in_file_count = open_in_files(in_file_count, &argv[optind], &in_files);
477 if (in_file_count < 1) {
478 fprintf(stderr, "mergecap: No valid input files\n");
482 /* set the outfile frame type */
483 if (out_file.frame_type == -2)
484 out_file.frame_type = select_frame_type(in_file_count, in_files);
486 /* open the outfile */
487 if (!open_outfile(&out_file, max_snapshot_length(in_file_count, in_files))) {
488 close_in_files(in_file_count, in_files);
492 /* do the merge (or append) */
494 append(in_file_count, in_files, &out_file);
496 merge(in_file_count, in_files, &out_file);
498 close_in_files(in_file_count, in_files);
499 close_outfile(&out_file);