3 * $Id: tethereal.c,v 1.153 2002/08/28 21:00:41 jmayer Exp $
5 * Ethereal - Network traffic analyzer
6 * By Gerald Combs <gerald@ethereal.com>
7 * Copyright 1998 Gerald Combs
9 * Text-mode variant, by Gilbert Ramirez <gram@alumni.rice.edu>
10 * and Guy Harris <guy@alum.mit.edu>.
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
56 #include <zlib.h> /* to get the libz version number */
59 #ifdef NEED_SNPRINTF_H
60 # include "snprintf.h"
63 #ifdef HAVE_UCD_SNMP_VERSION_H
64 #include <ucd-snmp/version.h>
65 #endif /* HAVE_UCD_SNMP_VERSION_H */
67 #ifdef NEED_STRERROR_H
76 #include <epan/epan.h>
77 #include <epan/filesystem.h>
80 #include <epan/timestamp.h>
81 #include <epan/packet.h>
86 #include <epan/resolv.h>
89 #include "pcap-util.h"
91 #include <epan/conversation.h>
92 #include <epan/plugins.h>
94 #include "conditions.h"
95 #include "capture_stop_conditions.h"
96 #include "ringbuffer.h"
97 #include <epan/epan_dissect.h>
100 #include <wiretap/wtap-capture.h>
104 #include "capture-wpcap.h"
107 static guint32 firstsec, firstusec;
108 static guint32 prevsec, prevusec;
109 static GString *comp_info_str;
110 static gboolean quiet;
111 static gboolean decode;
112 static gboolean verbose;
113 static gboolean print_hex;
114 static gboolean line_buffered;
117 typedef struct _loop_data {
118 gboolean go; /* TRUE as long as we're supposed to keep capturing */
123 gboolean output_to_pipe;
129 static int capture(int);
130 static void capture_pcap_cb(guchar *, const struct pcap_pkthdr *,
133 static BOOL WINAPI capture_cleanup(DWORD);
135 static void capture_cleanup(int);
137 #endif /* HAVE_LIBPCAP */
144 static int load_cap_file(capture_file *, int);
145 static void wtap_dispatch_cb_write(guchar *, const struct wtap_pkthdr *, long,
146 union wtap_pseudo_header *, const guchar *);
147 static void show_capture_file_io_error(const char *, int, gboolean);
148 static void wtap_dispatch_cb_print(guchar *, const struct wtap_pkthdr *, long,
149 union wtap_pseudo_header *, const guchar *);
152 ts_type timestamp_type = RELATIVE;
155 int snaplen; /* Maximum captured packet length */
156 int promisc_mode; /* Capture in promiscuous mode */
157 int autostop_count; /* Maximum packet count */
158 gboolean has_autostop_duration; /* TRUE if maximum capture duration
160 gint32 autostop_duration; /* Maximum capture duration */
161 gboolean has_autostop_filesize; /* TRUE if maximum capture file size
163 gint32 autostop_filesize; /* Maximum capture file size */
164 gboolean ringbuffer_on; /* TRUE if ring buffer in use */
165 guint32 ringbuffer_num_files; /* Number of ring buffer files */
168 static capture_options capture_opts = {
169 WTAP_MAX_PACKET_SIZE, /* snapshot length - default is
170 infinite, in effect */
171 TRUE, /* promiscuous mode is the default */
172 0, /* max packet count - default is 0,
174 FALSE, /* maximum capture duration not
175 specified by default */
176 0, /* maximum capture duration */
177 FALSE, /* maximum capture file size not
178 specified by default */
179 0, /* maximum capture file size */
180 FALSE, /* ring buffer off by default */
181 RINGBUFFER_MIN_NUM_FILES /* default number of ring buffer
187 print_usage(gboolean print_ver)
192 fprintf(stderr, "This is GNU t%s %s, compiled %s\n", PACKAGE, VERSION,
196 fprintf(stderr, "\nt%s [ -DvVhqSlp ] [ -a <capture autostop condition> ] ...\n",
198 fprintf(stderr, "\t[ -b <number of ring buffer files> ] [ -c <count> ]\n");
199 fprintf(stderr, "\t[ -f <capture filter> ] [ -F <output file type> ]\n");
200 fprintf(stderr, "\t[ -i <interface> ] [ -n ] [ -N <resolving> ]\n");
201 fprintf(stderr, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
202 fprintf(stderr, "\t[ -s <snaplen> ] [ -t <time stamp format> ] [ -w <savefile> ] [ -x ]\n");
204 fprintf(stderr, "\nt%s [ -vVhl ] [ -F <output file type> ] [ -n ] [ -N <resolving> ]\n", PACKAGE);
205 fprintf(stderr, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
206 fprintf(stderr, "\t[ -t <time stamp format> ] [ -w <savefile> ] [ -x ]\n");
208 fprintf(stderr, "Valid file type arguments to the \"-F\" flag:\n");
209 for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
210 if (wtap_dump_can_open(i))
211 fprintf(stderr, "\t%s - %s\n",
212 wtap_file_type_short_string(i), wtap_file_type_string(i));
214 fprintf(stderr, "\tdefault is libpcap\n");
219 get_positive_int(const char *string, const char *name)
224 number = strtol(string, &p, 10);
225 if (p == string || *p != '\0') {
226 fprintf(stderr, "tethereal: The specified %s \"%s\" is not a decimal number\n",
231 fprintf(stderr, "tethereal: The specified %s is a negative number\n",
236 fprintf(stderr, "tethereal: The specified %s is zero\n",
240 if (number > INT_MAX) {
241 fprintf(stderr, "tethereal: The specified %s is too large (greater than %d)\n",
249 * Given a string of the form "<autostop criterion>:<value>", as might appear
250 * as an argument to a "-a" option, parse it and set the criterion in
251 * question. Return an indication of whether it succeeded or failed
255 set_autostop_criterion(const char *autostoparg)
259 colonp = strchr(autostoparg, ':');
267 * Skip over any white space (there probably won't be any, but
268 * as we allow it in the preferences file, we might as well
275 * Put the colon back, so if our caller uses, in an
276 * error message, the string they passed us, the message
282 if (strcmp(autostoparg,"duration") == 0) {
283 capture_opts.has_autostop_duration = TRUE;
284 capture_opts.autostop_duration = get_positive_int(p,"autostop duration");
285 } else if (strcmp(autostoparg,"filesize") == 0) {
286 capture_opts.has_autostop_filesize = TRUE;
287 capture_opts.autostop_filesize = get_positive_int(p,"autostop filesize");
291 *colonp = ':'; /* put the colon back */
297 main(int argc, char *argv[])
301 gboolean arg_error = FALSE;
303 #ifdef HAVE_PCAP_VERSION
304 extern char pcap_version[];
305 #endif /* HAVE_PCAP_VERSION */
306 #endif /* HAVE_LIBPCAP */
314 int gpf_open_errno, pf_open_errno;
317 gboolean capture_filter_specified = FALSE;
318 GList *if_list, *if_entry;
319 gchar err_str[PCAP_ERRBUF_SIZE];
321 gboolean capture_option_specified = FALSE;
323 int out_file_type = WTAP_FILE_PCAP;
324 gchar *cf_name = NULL, *rfilter = NULL;
328 dfilter_t *rfcode = NULL;
332 /* Register all dissectors; we must do this before checking for the
333 "-G" flag, as the "-G" flag dumps information registered by the
334 dissectors, and we must do it before we read the preferences, in
335 case any dissectors register preferences. */
336 epan_init(PLUGIN_DIR,register_all_protocols,register_all_protocol_handoffs);
338 /* Now register the preferences for any non-dissector modules.
339 We must do that before we read the preferences as well. */
340 prefs_register_modules();
342 /* If invoked with the "-G" flag, we dump out information based on
343 the argument to the "-G" flag; if no argument is specified,
344 for backwards compatibility we dump out a glossary of display
347 We do this here to mirror what happens in the GTK+ version, although
348 it's not necessary here. */
349 if (argc >= 2 && strcmp(argv[1], "-G") == 0) {
351 proto_registrar_dump_fields();
353 if (strcmp(argv[2], "fields") == 0)
354 proto_registrar_dump_fields();
355 else if (strcmp(argv[2], "protocols") == 0)
356 proto_registrar_dump_protocols();
358 fprintf(stderr, "tethereal: Invalid \"%s\" option for -G flag\n",
366 /* Set the C-language locale to the native environment. */
367 setlocale(LC_ALL, "");
369 prefs = read_prefs(&gpf_open_errno, &gpf_path, &pf_open_errno, &pf_path);
370 if (gpf_path != NULL) {
371 fprintf(stderr, "Can't open global preferences file \"%s\": %s.\n", pf_path,
372 strerror(gpf_open_errno));
374 if (pf_path != NULL) {
375 fprintf(stderr, "Can't open your preferences file \"%s\": %s.\n", pf_path,
376 strerror(pf_open_errno));
381 /* Set the name resolution code's flags from the preferences. */
382 g_resolv_flags = prefs->name_resolve;
385 /* Load Wpcap, if possible */
389 /* Initialize the capture file struct */
391 cfile.plist_end = NULL;
393 cfile.filename = NULL;
394 cfile.user_saved = FALSE;
395 cfile.is_tempfile = FALSE;
397 cfile.dfilter = NULL;
400 cfile.cfilter = g_strdup("");
403 cfile.save_file = NULL;
404 cfile.save_file_fd = -1;
405 cfile.has_snap = FALSE;
406 cfile.snap = WTAP_MAX_PACKET_SIZE;
409 /* Assemble the compile-time options */
410 comp_info_str = g_string_new("");
412 g_string_append(comp_info_str, "with ");
413 g_string_sprintfa(comp_info_str,
414 #ifdef GLIB_MAJOR_VERSION
415 "GLib %d.%d.%d", GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION,
418 "GLib (version unknown)");
422 g_string_append(comp_info_str, ", with libpcap ");
423 #ifdef HAVE_PCAP_VERSION
424 g_string_append(comp_info_str, pcap_version);
425 #else /* HAVE_PCAP_VERSION */
426 g_string_append(comp_info_str, "(version unknown)");
427 #endif /* HAVE_PCAP_VERSION */
428 #else /* HAVE_LIBPCAP */
429 g_string_append(comp_info_str, ", without libpcap");
430 #endif /* HAVE_LIBPCAP */
433 g_string_append(comp_info_str, ", with libz ");
435 g_string_append(comp_info_str, ZLIB_VERSION);
436 #else /* ZLIB_VERSION */
437 g_string_append(comp_info_str, "(version unknown)");
438 #endif /* ZLIB_VERSION */
439 #else /* HAVE_LIBZ */
440 g_string_append(comp_info_str, ", without libz");
441 #endif /* HAVE_LIBZ */
443 /* Oh, this is pretty */
445 g_string_append(comp_info_str, ", with UCD SNMP ");
446 #ifdef HAVE_UCD_SNMP_VERSION_H
447 g_string_append(comp_info_str, VersionInfo);
448 #else /* HAVE_UCD_SNMP_VERSION_H */
449 g_string_append(comp_info_str, "(version unknown)");
450 #endif /* HAVE_UCD_SNMP_VERSION_H */
451 #else /* no SNMP library */
452 g_string_append(comp_info_str, ", without UCD SNMP");
455 /* Now get our args */
456 while ((opt = getopt(argc, argv, "a:b:c:Df:F:hi:lnN:o:pqr:R:s:St:vw:Vx")) != -1) {
458 case 'a': /* autostop criteria */
460 if (set_autostop_criterion(optarg) == FALSE) {
461 fprintf(stderr, "ethereal: Invalid or unknown -a flag \"%s\"\n", optarg);
465 capture_option_specified = TRUE;
469 case 'b': /* Ringbuffer option */
471 capture_opts.ringbuffer_on = TRUE;
472 capture_opts.ringbuffer_num_files =
473 get_positive_int(optarg, "number of ring buffer files");
475 capture_option_specified = TRUE;
479 case 'c': /* Capture xxx packets */
481 capture_opts.autostop_count =
482 get_positive_int(optarg, "packet count");
484 capture_option_specified = TRUE;
488 case 'D': /* Print a list of capture devices */
490 if_list = get_interface_list(&err, err_str);
491 if (if_list == NULL) {
494 case CANT_GET_INTERFACE_LIST:
495 fprintf(stderr, "tethereal: Can't get list of interfaces: %s\n",
499 case NO_INTERFACES_FOUND:
500 fprintf(stderr, "tethereal: There are no interfaces on which a capture can be done\n");
505 for (if_entry = g_list_first(if_list); if_entry != NULL;
506 if_entry = g_list_next(if_entry))
507 printf("%s\n", (char *)if_entry->data);
508 free_interface_list(if_list);
511 capture_option_specified = TRUE;
517 capture_filter_specified = TRUE;
519 g_free(cfile.cfilter);
520 cfile.cfilter = g_strdup(optarg);
522 capture_option_specified = TRUE;
527 out_file_type = wtap_short_string_to_file_type(optarg);
528 if (out_file_type < 0) {
529 fprintf(stderr, "tethereal: \"%s\" is not a valid capture file type\n",
534 case 'h': /* Print help and exit */
538 case 'i': /* Use interface xxx */
540 cfile.iface = g_strdup(optarg);
542 capture_option_specified = TRUE;
546 case 'l': /* "Line-buffer" standard output */
547 /* This isn't line-buffering, strictly speaking, it's just
548 flushing the standard output after the information for
549 each packet is printed; however, that should be good
550 enough for all the purposes to which "-l" is put.
552 See the comment in "wtap_dispatch_cb_print()" for an
553 explanation of why we do that, and why we don't just
554 use "setvbuf()" to make the standard output line-buffered
555 (short version: in Windows, "line-buffered" is the same
556 as "fully-buffered", and the output buffer is only flushed
557 when it fills up). */
558 line_buffered = TRUE;
560 case 'n': /* No name resolution */
561 g_resolv_flags = RESOLV_NONE;
563 case 'N': /* Select what types of addresses/port #s to resolve */
564 if (g_resolv_flags == RESOLV_ALL)
565 g_resolv_flags = RESOLV_NONE;
566 badopt = string_to_name_resolve(optarg, &g_resolv_flags);
567 if (badopt != '\0') {
568 fprintf(stderr, "tethereal: -N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'\n",
573 case 'o': /* Override preference from command line */
574 switch (prefs_set_pref(optarg)) {
576 case PREFS_SET_SYNTAX_ERR:
577 fprintf(stderr, "tethereal: Invalid -o flag \"%s\"\n", optarg);
581 case PREFS_SET_NO_SUCH_PREF:
582 case PREFS_SET_OBSOLETE:
583 fprintf(stderr, "tethereal: -o flag \"%s\" specifies unknown preference\n",
589 case 'p': /* Don't capture in promiscuous mode */
591 capture_opts.promisc_mode = FALSE;
593 capture_option_specified = TRUE;
597 case 'q': /* Quiet */
600 case 'r': /* Read capture file xxx */
601 cf_name = g_strdup(optarg);
603 case 'R': /* Read file filter */
606 case 's': /* Set the snapshot (capture) length */
608 capture_opts.snaplen = get_positive_int(optarg, "snapshot length");
610 capture_option_specified = TRUE;
614 case 'S': /* show packets in real time */
617 case 't': /* Time stamp type */
618 if (strcmp(optarg, "r") == 0)
619 timestamp_type = RELATIVE;
620 else if (strcmp(optarg, "a") == 0)
621 timestamp_type = ABSOLUTE;
622 else if (strcmp(optarg, "ad") == 0)
623 timestamp_type = ABSOLUTE_WITH_DATE;
624 else if (strcmp(optarg, "d") == 0)
625 timestamp_type = DELTA;
627 fprintf(stderr, "tethereal: Invalid time stamp type \"%s\"\n",
629 fprintf(stderr, "It must be \"r\" for relative, \"a\" for absolute,\n");
630 fprintf(stderr, "\"ad\" for absolute with date, or \"d\" for delta.\n");
634 case 'v': /* Show version and exit */
635 printf("t%s %s, %s\n", PACKAGE, VERSION, comp_info_str->str);
638 case 'w': /* Write to capture file xxx */
639 cfile.save_file = g_strdup(optarg);
641 case 'V': /* Verbose */
644 case 'x': /* Print packet data in hex (and ASCII) */
648 case '?': /* Bad flag - print usage message */
654 /* If no capture filter or read filter has been specified, and there are
655 still command-line arguments, treat them as the tokens of a capture
656 filter (if no "-r" flag was specified) or a read filter (if a "-r"
657 flag was specified. */
659 if (cf_name != NULL) {
660 if (rfilter != NULL) {
662 "tethereal: Read filters were specified both with \"-R\" and with additional command-line arguments\n");
665 rfilter = get_args_as_string(argc, argv, optind);
668 if (capture_filter_specified) {
670 "tethereal: Capture filters were specified both with \"-f\" and with additional command-line arguments\n");
673 cfile.cfilter = get_args_as_string(argc, argv, optind);
675 capture_option_specified = TRUE;
680 /* See if we're writing a capture file and the file is a pipe */
682 ld.output_to_pipe = FALSE;
684 if (cfile.save_file != NULL) {
685 if (!strcmp(cfile.save_file, "-")) {
687 g_free(cfile.save_file);
688 cfile.save_file = g_strdup("");
690 ld.output_to_pipe = TRUE;
695 err = test_for_fifo(cfile.save_file);
698 case ENOENT: /* it doesn't exist, so we'll be creating it,
699 and it won't be a FIFO */
700 case 0: /* found it, but it's not a FIFO */
703 case ESPIPE: /* it is a FIFO */
704 ld.output_to_pipe = TRUE;
707 default: /* couldn't stat it */
709 "tethereal: Error testing whether capture file is a pipe: %s\n",
718 /* If they didn't specify a "-w" flag, but specified a maximum capture
719 file size, tell them that this doesn't work, and exit. */
720 if (capture_opts.has_autostop_filesize && cfile.save_file == NULL) {
721 fprintf(stderr, "tethereal: Maximum capture file size specified, but "
722 "capture isn't being saved to a file.\n");
726 if (capture_opts.ringbuffer_on) {
727 /* Ring buffer works only under certain conditions:
728 a) ring buffer does not work if you're not saving the capture to
730 b) ring buffer only works if you're saving in libpcap format;
731 c) it makes no sense to enable the ring buffer if the maximum
732 file size is set to "infinite";
733 d) file must not be a pipe. */
734 if (cfile.save_file == NULL) {
735 fprintf(stderr, "tethereal: Ring buffer requested, but "
736 "capture isn't being saved to a file.\n");
739 if (out_file_type != WTAP_FILE_PCAP) {
740 fprintf(stderr, "tethereal: Ring buffer requested, but "
741 "capture isn't being saved in libpcap format.\n");
744 if (!capture_opts.has_autostop_filesize) {
745 fprintf(stderr, "tethereal: Ring buffer requested, but "
746 "no maximum capture file size was specified.\n");
749 if (ld.output_to_pipe) {
750 fprintf(stderr, "tethereal: Ring buffer requested, but "
751 "capture file is a pipe.\n");
758 /* Start windows sockets */
759 WSAStartup( MAKEWORD( 1, 1 ), &wsaData );
762 /* Notify all registered modules that have had any of their preferences
763 changed either from one of the preferences file or from the command
764 line that their preferences have changed. */
768 if (capture_option_specified)
769 fprintf(stderr, "This version of Tethereal was not built with support for capturing packets.\n");
776 /* Build the column format array */
777 col_init(&cfile.cinfo, prefs->num_cols);
778 for (i = 0; i < cfile.cinfo.num_cols; i++) {
779 cfile.cinfo.col_fmt[i] = get_column_format(i);
780 cfile.cinfo.col_title[i] = g_strdup(get_column_title(i));
781 cfile.cinfo.fmt_matx[i] = (gboolean *) g_malloc0(sizeof(gboolean) *
783 get_column_format_matches(cfile.cinfo.fmt_matx[i], cfile.cinfo.col_fmt[i]);
784 cfile.cinfo.col_data[i] = NULL;
785 if (cfile.cinfo.col_fmt[i] == COL_INFO)
786 cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_INFO_LEN);
788 cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
790 cfile.cinfo.col_expr[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
791 cfile.cinfo.col_expr_val[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
795 if (capture_opts.snaplen < 1)
796 capture_opts.snaplen = WTAP_MAX_PACKET_SIZE;
797 else if (capture_opts.snaplen < MIN_PACKET_SIZE)
798 capture_opts.snaplen = MIN_PACKET_SIZE;
800 /* Check the value range of the ringbuffer_num_files parameter */
801 if (capture_opts.ringbuffer_num_files < RINGBUFFER_MIN_NUM_FILES)
802 capture_opts.ringbuffer_num_files = RINGBUFFER_MIN_NUM_FILES;
803 else if (capture_opts.ringbuffer_num_files > RINGBUFFER_MAX_NUM_FILES)
804 capture_opts.ringbuffer_num_files = RINGBUFFER_MAX_NUM_FILES;
807 if (rfilter != NULL) {
808 if (!dfilter_compile(rfilter, &rfcode)) {
809 fprintf(stderr, "tethereal: %s\n", dfilter_error_msg);
814 cfile.rfcode = rfcode;
816 err = open_cap_file(cf_name, FALSE, &cfile);
821 err = load_cap_file(&cfile, out_file_type);
828 /* No capture file specified, so we're supposed to do a live capture;
829 do we have support for live captures? */
834 fprintf(stderr, "tethereal: Could not load wpcap.dll.\n");
839 /* Yes; did the user specify an interface to use? */
840 if (cfile.iface == NULL) {
841 /* No - is a default specified in the preferences file? */
842 if (prefs->capture_device != NULL) {
844 if_text = strrchr(prefs->capture_device, ' ');
845 if (if_text == NULL) {
846 cfile.iface = g_strdup(prefs->capture_device);
848 cfile.iface = g_strdup(if_text + 1); /* Skip over space */
851 /* No - pick the first one from the list of interfaces. */
852 if_list = get_interface_list(&err, err_str);
853 if (if_list == NULL) {
856 case CANT_GET_INTERFACE_LIST:
857 fprintf(stderr, "tethereal: Can't get list of interfaces: %s\n",
861 case NO_INTERFACES_FOUND:
862 fprintf(stderr, "tethereal: There are no interfaces on which a capture can be done\n");
867 if_text = strrchr(if_list->data, ' '); /* first interface */
868 if (if_text == NULL) {
869 cfile.iface = g_strdup(if_list->data);
871 cfile.iface = g_strdup(if_text + 1); /* Skip over space */
873 free_interface_list(if_list);
876 capture(out_file_type);
878 if (capture_opts.ringbuffer_on) {
883 fprintf(stderr, "This version of Tethereal was not built with support for capturing packets.\n");
894 /* Do the low-level work of a capture.
895 Returns TRUE if it succeeds, FALSE otherwise. */
897 capture(int out_file_type)
899 gchar open_err_str[PCAP_ERRBUF_SIZE];
900 gchar lookup_net_err_str[PCAP_ERRBUF_SIZE];
901 bpf_u_int32 netnum, netmask;
902 struct bpf_program fcode;
903 void (*oldhandler)(int);
905 int volatile volatile_err = 0;
906 int volatile inpkts = 0;
909 condition *volatile cnd_stop_capturesize = NULL;
910 condition *volatile cnd_stop_timeout = NULL;
912 static const char ppamsg[] = "can't find PPA for ";
915 struct pcap_stat stats;
919 /* Initialize all data structures used for dissection. */
922 ld.linktype = WTAP_ENCAP_UNKNOWN;
925 /* Open the network interface to capture from it.
926 Some versions of libpcap may put warnings into the error buffer
927 if they succeed; to tell if that's happened, we have to clear
928 the error buffer, and check if it's still a null string. */
929 open_err_str[0] = '\0';
930 ld.pch = pcap_open_live(cfile.iface, capture_opts.snaplen,
931 capture_opts.promisc_mode, 1000, open_err_str);
933 if (ld.pch == NULL) {
934 /* Well, we couldn't start the capture. */
936 /* On Win32 OSes, the capture devices are probably available to all
937 users; don't warn about permissions problems.
939 Do, however, warn that Token Ring and PPP devices aren't supported. */
940 snprintf(errmsg, sizeof errmsg,
941 "The capture session could not be initiated (%s).\n"
942 "Please check that you have the proper interface specified.\n"
944 "Note that the driver Tethereal uses for packet capture on Windows\n"
945 "doesn't support capturing on Token Ring interfaces, and doesn't\n"
946 "support capturing on PPP/WAN interfaces in Windows NT/2000.\n",
949 /* If we got a "can't find PPA for XXX" message, warn the user (who
950 is running Ethereal on HP-UX) that they don't have a version
951 of libpcap that properly handles HP-UX (libpcap 0.6.x and later
952 versions, which properly handle HP-UX, say "can't find /dev/dlpi
953 PPA for XXX" rather than "can't find PPA for XXX"). */
954 if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
957 "You are running Tethereal with a version of the libpcap library\n"
958 "that doesn't handle HP-UX network devices well; this means that\n"
959 "Tethereal may not be able to capture packets.\n"
961 "To fix this, you should install libpcap 0.6.2, or a later version\n"
962 "of libpcap, rather than libpcap 0.4 or 0.5.x. It is available in\n"
963 "packaged binary form from the Software Porting And Archive Centre\n"
964 "for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
965 "at the URL lists a number of mirror sites.";
968 snprintf(errmsg, sizeof errmsg,
969 "The capture session could not be initiated (%s).\n"
970 "Please check to make sure you have sufficient permissions, and that\n"
971 "you have the proper interface specified.%s", open_err_str, libpcap_warn);
977 /* A capture filter was specified; set it up. */
978 if (pcap_lookupnet(cfile.iface, &netnum, &netmask, lookup_net_err_str) < 0) {
980 * Well, we can't get the netmask for this interface; it's used
981 * only for filters that check for broadcast IP addresses, so
982 * we just warn the user, and punt and use 0.
985 "Warning: Couldn't obtain netmask info (%s).\n", lookup_net_err_str);
988 if (pcap_compile(ld.pch, &fcode, cfile.cfilter, 1, netmask) < 0) {
989 snprintf(errmsg, sizeof errmsg, "Unable to parse filter string (%s).",
990 pcap_geterr(ld.pch));
993 if (pcap_setfilter(ld.pch, &fcode) < 0) {
994 snprintf(errmsg, sizeof errmsg, "Can't install filter (%s).",
995 pcap_geterr(ld.pch));
1000 ld.linktype = wtap_pcap_encap_to_wtap_encap(get_pcap_linktype(ld.pch,
1002 if (cfile.save_file != NULL) {
1003 /* Set up to write to the capture file. */
1004 if (ld.linktype == WTAP_ENCAP_UNKNOWN) {
1005 strcpy(errmsg, "The network you're capturing from is of a type"
1006 " that Tethereal doesn't support.");
1009 if (capture_opts.ringbuffer_on) {
1010 cfile.save_file_fd = ringbuf_init(cfile.save_file,
1011 capture_opts.ringbuffer_num_files);
1012 if (cfile.save_file_fd != -1) {
1013 ld.pdh = ringbuf_init_wtap_dump_fdopen(out_file_type, ld.linktype,
1014 pcap_snapshot(ld.pch), &err);
1016 err = errno; /* "ringbuf_init()" failed */
1020 ld.pdh = wtap_dump_open(cfile.save_file, out_file_type,
1021 ld.linktype, pcap_snapshot(ld.pch), &err);
1024 if (ld.pdh == NULL) {
1025 snprintf(errmsg, sizeof errmsg,
1026 file_open_error_message(err, TRUE, out_file_type),
1027 *cfile.save_file == '\0' ? "stdout" : cfile.save_file);
1032 /* Does "open_err_str" contain a non-empty string? If so, "pcap_open_live()"
1033 returned a warning; print it, but keep capturing. */
1034 if (open_err_str[0] != '\0')
1035 fprintf(stderr, "tethereal: WARNING: %s.\n", open_err_str);
1038 /* Catch a CTRL+C event and, if we get it, clean up and exit. */
1039 SetConsoleCtrlHandler(capture_cleanup, TRUE);
1041 /* Catch SIGINT and SIGTERM and, if we get either of them, clean up
1043 XXX - deal with signal semantics on various UNIX platforms. Or just
1044 use "sigaction()" and be done with it? */
1045 signal(SIGTERM, capture_cleanup);
1046 signal(SIGINT, capture_cleanup);
1047 if ((oldhandler = signal(SIGHUP, capture_cleanup)) != SIG_DFL)
1048 signal(SIGHUP, oldhandler);
1051 /* Let the user know what interface was chosen. */
1052 fprintf(stderr, "Capturing on %s\n", cfile.iface);
1054 /* initialize capture stop conditions */
1055 init_capture_stop_conditions();
1056 /* create stop conditions */
1057 if (capture_opts.has_autostop_filesize)
1058 cnd_stop_capturesize = cnd_new((char*)CND_CLASS_CAPTURESIZE,
1059 (long)capture_opts.autostop_filesize * 1000);
1060 if (capture_opts.has_autostop_duration)
1061 cnd_stop_timeout = cnd_new((char*)CND_CLASS_TIMEOUT,
1062 (gint32)capture_opts.autostop_duration);
1064 if (!setjmp(ld.stopenv))
1068 ld.packet_count = 0;
1070 /* We need to be careful with automatic variables defined in the
1071 outer scope which are changed inside the loop. Most compilers
1072 don't try to roll them back to their original values after the
1073 longjmp which causes the loop to finish, but all that the
1074 standards say is that their values are indeterminate. If we
1075 don't want them to be rolled back, we should define them with the
1076 volatile attribute (paraphrasing W. Richard Stevens, Advanced
1077 Programming in the UNIX Environment, p. 178).
1079 The "err" variable causes a particular problem. If we give it
1080 the volatile attribute, then when we pass a reference to it (as
1081 in "&err") to a function, GCC warns: "passing arg <n> of
1082 <function> discards qualifiers from pointer target type".
1083 Therefore within the loop and just beyond we don't use "err".
1084 Within the loop we define "loop_err", and assign its value to
1085 "volatile_err", which is in the outer scope and is checked when
1088 We also define "packet_count_prev" here to keep things tidy,
1089 since it's used only inside the loop. If it were defined in the
1090 outer scope, GCC would give a warning (unnecessary in this case)
1091 that it might be clobbered, and we'd need to give it the volatile
1092 attribute to suppress the warning. */
1095 int packet_count_prev = 0;
1097 if (cnd_stop_capturesize == NULL && cnd_stop_timeout == NULL) {
1098 /* We're not stopping at a particular capture file size, and we're
1099 not stopping after some particular amount of time has expired,
1100 so either we have no stop condition or the only stop condition
1101 is a maximum packet count.
1103 If there's no maximum packet count, pass it -1, meaning "until
1104 you run out of packets in the bufferful you read". Otherwise,
1105 pass it the number of packets we have left to capture.
1107 We don't call "pcap_loop()" as, if we're saving to a file that's
1108 a FIFO, we want to flush the FIFO after we're done processing
1109 this libpcap bufferful of packets, so that the program
1110 reading the FIFO sees the packets immediately and doesn't get
1111 any partial packet, forcing it to block in the middle of reading
1113 if (capture_opts.autostop_count == 0)
1116 if (ld.packet_count >= capture_opts.autostop_count) {
1117 /* XXX do we need this test here? */
1118 /* It appears there's nothing more to capture. */
1121 pcap_cnt = capture_opts.autostop_count - ld.packet_count;
1124 /* We need to check the capture file size or the timeout after
1128 inpkts = pcap_dispatch(ld.pch, pcap_cnt, capture_pcap_cb, (guchar *) &ld);
1130 /* Error from "pcap_dispatch()". */
1132 } else if (cnd_stop_timeout != NULL && cnd_eval(cnd_stop_timeout)) {
1133 /* The specified capture time has elapsed; stop the capture. */
1135 } else if (inpkts > 0) {
1136 if (capture_opts.autostop_count != 0 &&
1137 ld.packet_count >= capture_opts.autostop_count) {
1138 /* The specified number of packets have been captured and have
1139 passed both any capture filter in effect and any read filter
1142 } else if (cnd_stop_capturesize != NULL &&
1143 cnd_eval(cnd_stop_capturesize,
1144 (guint32)wtap_get_bytes_dumped(ld.pdh))) {
1145 /* We're saving the capture to a file, and the capture file reached
1146 its maximum size. */
1147 if (capture_opts.ringbuffer_on) {
1148 /* Switch to the next ringbuffer file */
1149 if (ringbuf_switch_file(&cfile, &ld.pdh, &loop_err)) {
1150 /* File switch succeeded: reset the condition */
1151 cnd_reset(cnd_stop_capturesize);
1153 /* File switch failed: stop here */
1154 volatile_err = loop_err;
1158 /* No ringbuffer - just stop. */
1162 if (ld.output_to_pipe) {
1163 if (ld.packet_count > packet_count_prev) {
1164 if (fflush(wtap_dump_file(ld.pdh))) {
1165 volatile_err = errno;
1168 packet_count_prev = ld.packet_count;
1172 } /* while (ld.go) */
1174 /* delete stop conditions */
1175 if (cnd_stop_capturesize != NULL)
1176 cnd_delete(cnd_stop_capturesize);
1177 if (cnd_stop_timeout != NULL)
1178 cnd_delete(cnd_stop_timeout);
1180 if ((cfile.save_file != NULL) && !quiet) {
1181 /* We're saving to a file, which means we're printing packet counts
1182 to stderr if we are not running silent and deep.
1183 Send a newline so that we move to the line after the packet count. */
1184 fprintf(stderr, "\n");
1187 /* If we got an error while capturing, report it. */
1189 fprintf(stderr, "tethereal: Error while capturing packets: %s\n",
1190 pcap_geterr(ld.pch));
1193 if (volatile_err == 0)
1196 show_capture_file_io_error(cfile.save_file, volatile_err, FALSE);
1200 if (cfile.save_file != NULL) {
1201 /* We're saving to a file or files; close all files. */
1202 if (capture_opts.ringbuffer_on) {
1203 dump_ok = ringbuf_wtap_dump_close(&cfile, &err);
1205 dump_ok = wtap_dump_close(ld.pdh, &err);
1207 /* If we've displayed a message about a write error, there's no point
1208 in displaying another message about an error on close. */
1209 if (!dump_ok && !write_err)
1210 show_capture_file_io_error(cfile.save_file, err, TRUE);
1213 /* Get the capture statistics, and, if any packets were dropped, report
1215 if (pcap_stats(ld.pch, &stats) >= 0) {
1216 if (stats.ps_drop != 0) {
1217 fprintf(stderr, "%u packets dropped\n", stats.ps_drop);
1220 fprintf(stderr, "tethereal: Can't get packet-drop statistics: %s\n",
1221 pcap_geterr(ld.pch));
1223 /* Report the number of captured packets if not reported during capture
1224 and we are saving to a file. */
1225 if (quiet && (cfile.save_file != NULL)) {
1226 fprintf(stderr, "%u packets captured\n", ld.packet_count);
1234 if (capture_opts.ringbuffer_on) {
1235 ringbuf_error_cleanup();
1237 g_free(cfile.save_file);
1238 cfile.save_file = NULL;
1239 fprintf(stderr, "tethereal: %s\n", errmsg);
1247 capture_pcap_cb(guchar *user, const struct pcap_pkthdr *phdr,
1250 struct wtap_pkthdr whdr;
1251 union wtap_pseudo_header pseudo_header;
1252 loop_data *ld = (loop_data *) user;
1256 /* Convert from libpcap to Wiretap format.
1257 If that fails, ignore the packet (wtap_process_pcap_packet has
1258 written an error message). */
1259 pd = wtap_process_pcap_packet(ld->linktype, phdr, pd, &pseudo_header,
1268 wtap_dispatch_cb_write((guchar *)&args, &whdr, 0, &pseudo_header, pd);
1269 /* Report packet capture count if not quiet */
1272 if (ld->packet_count != 0) {
1273 fprintf(stderr, "\r%u ", ld->packet_count);
1274 /* stderr could be line buffered */
1278 wtap_dispatch_cb_print((guchar *)&args, &whdr, 0,
1279 &pseudo_header, pd);
1283 wtap_dispatch_cb_print((guchar *)&args, &whdr, 0, &pseudo_header, pd);
1289 capture_cleanup(DWORD ctrltype _U_)
1291 /* CTRL_C_EVENT is sort of like SIGINT, CTRL_BREAK_EVENT is unique to
1292 Windows, CTRL_CLOSE_EVENT is sort of like SIGHUP, CTRL_LOGOFF_EVENT
1293 is also sort of like SIGHUP, and CTRL_SHUTDOWN_EVENT is sort of
1294 like SIGTERM at least when the machine's shutting down.
1296 For now, we handle them all as indications that we should clean up
1297 and quit, just as we handle SIGINT, SIGHUP, and SIGTERM in that
1300 However, as handlers run in a new thread, we can't just longjmp
1301 out; we have to set "ld.go" to FALSE, and must return TRUE so that
1302 no other handler - such as one that would terminate the process -
1305 XXX - for some reason, typing ^C to Tethereal, if you run this in
1306 a Cygwin console window in at least some versions of Cygwin,
1307 causes Tethereal to terminate immediately; this routine gets
1308 called, but the main loop doesn't get a chance to run and
1309 exit cleanly, at least if this is compiled with Microsoft Visual
1310 C++ (i.e., it's a property of the Cygwin console window or Bash;
1311 it happens if Tethereal is not built with Cygwin - for all I know,
1312 building it with Cygwin may make the problem go away). */
1318 capture_cleanup(int signum _U_)
1320 /* Longjmp back to the starting point; "pcap_dispatch()", on many
1321 UNIX platforms, just keeps looping if it gets EINTR, so if we set
1322 "ld.go" to FALSE and return, we won't break out of it and quit
1324 longjmp(ld.stopenv, 1);
1327 #endif /* HAVE_LIBPCAP */
1330 load_cap_file(capture_file *cf, int out_file_type)
1333 int snapshot_length;
1339 linktype = wtap_file_encap(cf->wth);
1340 if (cf->save_file != NULL) {
1341 /* Set up to write to the capture file. */
1342 snapshot_length = wtap_snapshot_length(cf->wth);
1343 if (snapshot_length == 0) {
1344 /* Snapshot length of input file not known. */
1345 snapshot_length = WTAP_MAX_PACKET_SIZE;
1347 pdh = wtap_dump_open(cf->save_file, out_file_type,
1348 linktype, snapshot_length, &err);
1351 /* We couldn't set up to write to the capture file. */
1354 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
1356 "tethereal: Capture files can't be written in that format.\n");
1359 case WTAP_ERR_UNSUPPORTED_ENCAP:
1360 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
1362 "tethereal: The capture file being read cannot be written in "
1366 case WTAP_ERR_CANT_OPEN:
1368 "tethereal: The file \"%s\" couldn't be created for some "
1369 "unknown reason.\n",
1370 *cf->save_file == '\0' ? "stdout" : cf->save_file);
1373 case WTAP_ERR_SHORT_WRITE:
1375 "tethereal: A full header couldn't be written to the file \"%s\".\n",
1376 *cf->save_file == '\0' ? "stdout" : cf->save_file);
1381 "tethereal: The file \"%s\" could not be created: %s\n.",
1382 *cf->save_file == '\0' ? "stdout" : cf->save_file,
1383 wtap_strerror(err));
1390 success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_write, (guchar *) &args,
1393 /* Now close the capture file. */
1394 if (!wtap_dump_close(pdh, &err))
1395 show_capture_file_io_error(cfile.save_file, err, TRUE);
1399 success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_print, (guchar *) &args,
1403 /* Print up a message box noting that the read failed somewhere along
1407 case WTAP_ERR_UNSUPPORTED_ENCAP:
1409 "tethereal: \"%s\" is a capture file is for a network type that Tethereal doesn't support.\n",
1413 case WTAP_ERR_CANT_READ:
1415 "tethereal: An attempt to read from \"%s\" failed for some unknown reason.\n",
1419 case WTAP_ERR_SHORT_READ:
1421 "tethereal: \"%s\" appears to have been cut short in the middle of a packet.\n",
1425 case WTAP_ERR_BAD_RECORD:
1427 "tethereal: \"%s\" appears to be damaged or corrupt.\n",
1433 "tethereal: An error occurred while reading \"%s\": %s.\n",
1434 cf->filename, wtap_strerror(err));
1440 wtap_close(cf->wth);
1447 fill_in_fdata(frame_data *fdata, capture_file *cf,
1448 const struct wtap_pkthdr *phdr, long offset)
1453 fdata->num = cf->count;
1454 fdata->pkt_len = phdr->len;
1455 fdata->cap_len = phdr->caplen;
1456 fdata->file_off = offset;
1457 fdata->lnk_t = phdr->pkt_encap;
1458 fdata->abs_secs = phdr->ts.tv_sec;
1459 fdata->abs_usecs = phdr->ts.tv_usec;
1460 fdata->flags.passed_dfilter = 0;
1461 fdata->flags.encoding = CHAR_ASCII;
1462 fdata->flags.visited = 0;
1463 fdata->flags.marked = 0;
1465 /* If we don't have the time stamp of the first packet in the
1466 capture, it's because this is the first packet. Save the time
1467 stamp of this packet as the time stamp of the first packet. */
1468 if (!firstsec && !firstusec) {
1469 firstsec = fdata->abs_secs;
1470 firstusec = fdata->abs_usecs;
1473 /* If we don't have the time stamp of the previous displayed packet,
1474 it's because this is the first displayed packet. Save the time
1475 stamp of this packet as the time stamp of the previous displayed
1477 if (!prevsec && !prevusec) {
1478 prevsec = fdata->abs_secs;
1479 prevusec = fdata->abs_usecs;
1482 /* Get the time elapsed between the first packet and this packet. */
1483 compute_timestamp_diff(&fdata->rel_secs, &fdata->rel_usecs,
1484 fdata->abs_secs, fdata->abs_usecs, firstsec, firstusec);
1486 /* If it's greater than the current elapsed time, set the elapsed time
1487 to it (we check for "greater than" so as not to be confused by
1488 time moving backwards). */
1489 if ((gint32)cf->esec < fdata->rel_secs
1490 || ((gint32)cf->esec == fdata->rel_secs && (gint32)cf->eusec < fdata->rel_usecs)) {
1491 cf->esec = fdata->rel_secs;
1492 cf->eusec = fdata->rel_usecs;
1495 /* Get the time elapsed between the previous displayed packet and
1497 compute_timestamp_diff(&fdata->del_secs, &fdata->del_usecs,
1498 fdata->abs_secs, fdata->abs_usecs, prevsec, prevusec);
1499 prevsec = fdata->abs_secs;
1500 prevusec = fdata->abs_usecs;
1503 /* Free up all data attached to a "frame_data" structure. */
1505 clear_fdata(frame_data *fdata)
1508 g_slist_free(fdata->pfd);
1512 wtap_dispatch_cb_write(guchar *user, const struct wtap_pkthdr *phdr,
1513 long offset, union wtap_pseudo_header *pseudo_header, const guchar *buf)
1515 cb_args_t *args = (cb_args_t *) user;
1516 capture_file *cf = args->cf;
1517 wtap_dumper *pdh = args->pdh;
1521 epan_dissect_t *edt;
1525 fill_in_fdata(&fdata, cf, phdr, offset);
1526 edt = epan_dissect_new(TRUE, FALSE);
1527 epan_dissect_prime_dfilter(edt, cf->rfcode);
1528 epan_dissect_run(edt, pseudo_header, buf, &fdata, NULL);
1529 passed = dfilter_apply_edt(cf->rfcode, edt);
1535 /* The packet passed the read filter. */
1539 if (!wtap_dump(pdh, phdr, pseudo_header, buf, &err)) {
1541 if (ld.pch != NULL && !quiet) {
1542 /* We're capturing packets, so (if -q not specified) we're printing
1543 a count of packets captured; move to the line after the count. */
1544 fprintf(stderr, "\n");
1547 show_capture_file_io_error(cf->save_file, err, FALSE);
1552 wtap_dump_close(pdh, &err);
1557 epan_dissect_free(edt);
1559 clear_fdata(&fdata);
1563 show_capture_file_io_error(const char *fname, int err, gboolean is_close)
1572 "tethereal: Not all the packets could be written to \"%s\" because there is "
1573 "no space left on the file system.\n",
1580 "tethereal: Not all the packets could be written to \"%s\" because you are "
1581 "too close to, or over your disk quota.\n",
1586 case WTAP_ERR_CANT_CLOSE:
1588 "tethereal: \"%s\" couldn't be closed for some unknown reason.\n",
1592 case WTAP_ERR_SHORT_WRITE:
1594 "tethereal: Not all the packets could be written to \"%s\".\n",
1601 "tethereal: \"%s\" could not be closed: %s.\n",
1602 fname, wtap_strerror(err));
1605 "tethereal: An error occurred while writing to \"%s\": %s.\n",
1606 fname, wtap_strerror(err));
1613 wtap_dispatch_cb_print(guchar *user, const struct wtap_pkthdr *phdr,
1614 long offset, union wtap_pseudo_header *pseudo_header, const guchar *buf)
1616 cb_args_t *args = (cb_args_t *) user;
1617 capture_file *cf = args->cf;
1620 print_args_t print_args;
1621 epan_dissect_t *edt;
1622 gboolean create_proto_tree;
1627 fill_in_fdata(&fdata, cf, phdr, offset);
1630 if (cf->rfcode || verbose)
1631 create_proto_tree = TRUE;
1633 create_proto_tree = FALSE;
1634 /* The protocol tree will be "visible", i.e., printed, only if we're
1635 not printing a summary.
1637 We only need the columns if we're *not* verbose; in verbose mode,
1638 we print the protocol tree, not the protocol summary. */
1639 edt = epan_dissect_new(create_proto_tree, verbose);
1641 epan_dissect_prime_dfilter(edt, cf->rfcode);
1643 epan_dissect_run(edt, pseudo_header, buf, &fdata, verbose ? NULL : &cf->cinfo);
1645 passed = dfilter_apply_edt(cf->rfcode, edt);
1648 /* The packet passed the read filter. */
1653 /* Print the information in the protocol tree. */
1654 print_args.to_file = TRUE;
1655 print_args.format = PR_FMT_TEXT;
1656 print_args.print_summary = FALSE;
1657 print_args.print_hex = print_hex;
1658 print_args.expand_all = TRUE;
1659 print_args.suppress_unmarked = FALSE;
1660 proto_tree_print(&print_args, edt, stdout);
1662 /* "print_hex_data()" will put out a leading blank line, as well
1663 as a trailing one; print one here, to separate the packets,
1664 only if "print_hex_data()" won't be called. */
1668 /* Just fill in the columns. */
1669 epan_dissect_fill_in_columns(edt);
1671 /* Now print them. */
1672 for (i = 0; i < cf->cinfo.num_cols; i++) {
1673 switch (cf->cinfo.col_fmt[i]) {
1676 * Don't print this if we're doing a live capture from a network
1677 * interface - if we're doing a live capture, you won't be
1678 * able to look at the capture in the future (it's not being
1679 * saved anywhere), so the frame numbers are unlikely to be
1682 * (XXX - it might be nice to be able to save and print at
1683 * the same time, sort of like an "Update list of packets
1684 * in real time" capture in Ethereal.)
1686 if (cf->iface != NULL)
1688 printf("%3s", cf->cinfo.col_data[i]);
1694 case COL_ABS_DATE_TIME: /* XXX - wider */
1695 printf("%10s", cf->cinfo.col_data[i]);
1701 case COL_DEF_DL_SRC:
1702 case COL_RES_DL_SRC:
1703 case COL_UNRES_DL_SRC:
1704 case COL_DEF_NET_SRC:
1705 case COL_RES_NET_SRC:
1706 case COL_UNRES_NET_SRC:
1707 printf("%12s", cf->cinfo.col_data[i]);
1713 case COL_DEF_DL_DST:
1714 case COL_RES_DL_DST:
1715 case COL_UNRES_DL_DST:
1716 case COL_DEF_NET_DST:
1717 case COL_RES_NET_DST:
1718 case COL_UNRES_NET_DST:
1719 printf("%-12s", cf->cinfo.col_data[i]);
1723 printf("%s", cf->cinfo.col_data[i]);
1726 if (i != cf->cinfo.num_cols - 1) {
1728 * This isn't the last column, so we need to print a
1729 * separator between this column and the next.
1731 * If we printed a network source and are printing a
1732 * network destination of the same type next, separate
1733 * them with "->"; if we printed a network destination
1734 * and are printing a network source of the same type
1735 * next, separate them with "<-"; otherwise separate them
1738 switch (cf->cinfo.col_fmt[i]) {
1743 switch (cf->cinfo.col_fmt[i + 1]) {
1757 case COL_DEF_DL_SRC:
1758 case COL_RES_DL_SRC:
1759 case COL_UNRES_DL_SRC:
1760 switch (cf->cinfo.col_fmt[i + 1]) {
1762 case COL_DEF_DL_DST:
1763 case COL_RES_DL_DST:
1764 case COL_UNRES_DL_DST:
1774 case COL_DEF_NET_SRC:
1775 case COL_RES_NET_SRC:
1776 case COL_UNRES_NET_SRC:
1777 switch (cf->cinfo.col_fmt[i + 1]) {
1779 case COL_DEF_NET_DST:
1780 case COL_RES_NET_DST:
1781 case COL_UNRES_NET_DST:
1794 switch (cf->cinfo.col_fmt[i + 1]) {
1808 case COL_DEF_DL_DST:
1809 case COL_RES_DL_DST:
1810 case COL_UNRES_DL_DST:
1811 switch (cf->cinfo.col_fmt[i + 1]) {
1813 case COL_DEF_DL_SRC:
1814 case COL_RES_DL_SRC:
1815 case COL_UNRES_DL_SRC:
1825 case COL_DEF_NET_DST:
1826 case COL_RES_NET_DST:
1827 case COL_UNRES_NET_DST:
1828 switch (cf->cinfo.col_fmt[i + 1]) {
1830 case COL_DEF_NET_SRC:
1831 case COL_RES_NET_SRC:
1832 case COL_UNRES_NET_SRC:
1851 print_hex_data(stdout, print_args.format, edt);
1856 /* The ANSI C standard does not appear to *require* that a line-buffered
1857 stream be flushed to the host environment whenever a newline is
1858 written, it just says that, on such a stream, characters "are
1859 intended to be transmitted to or from the host environment as a
1860 block when a new-line character is encountered".
1862 The Visual C++ 6.0 C implementation doesn't do what is intended;
1863 even if you set a stream to be line-buffered, it still doesn't
1864 flush the buffer at the end of every line.
1866 So, if the "-l" flag was specified, we flush the standard output
1867 at the end of a packet. This will do the right thing if we're
1868 printing packet summary lines, and, as we print the entire protocol
1869 tree for a single packet without waiting for anything to happen,
1870 it should be as good as line-buffered mode if we're printing
1871 protocol trees. (The whole reason for the "-l" flag in either
1872 tcpdump or Tethereal is to allow the output of a live capture to
1873 be piped to a program or script and to have that script see the
1874 information for the packet as soon as it's printed, rather than
1875 having to wait until a standard I/O buffer fills up. */
1879 epan_dissect_free(edt);
1881 clear_fdata(&fdata);
1885 file_open_error_message(int err, gboolean for_writing, int file_type)
1888 static char errmsg_errno[1024+1];
1892 case WTAP_ERR_NOT_REGULAR_FILE:
1893 errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
1896 case WTAP_ERR_FILE_UNKNOWN_FORMAT:
1897 case WTAP_ERR_UNSUPPORTED:
1898 /* Seen only when opening a capture file for reading. */
1899 errmsg = "The file \"%s\" is not a capture file in a format Tethereal understands.";
1902 case WTAP_ERR_CANT_WRITE_TO_PIPE:
1903 /* Seen only when opening a capture file for writing. */
1904 snprintf(errmsg_errno, sizeof(errmsg_errno),
1905 "The file \"%%s\" is a pipe, and %s capture files cannot be "
1906 "written to a pipe.", wtap_file_type_string(file_type));
1907 errmsg = errmsg_errno;
1910 case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
1911 /* Seen only when opening a capture file for writing. */
1912 errmsg = "Tethereal does not support writing capture files in that format.";
1915 case WTAP_ERR_UNSUPPORTED_ENCAP:
1916 case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
1918 errmsg = "Tethereal cannot save this capture in that format.";
1920 errmsg = "The file \"%s\" is a capture for a network type that Tethereal doesn't support.";
1923 case WTAP_ERR_BAD_RECORD:
1924 errmsg = "The file \"%s\" appears to be damaged or corrupt.";
1927 case WTAP_ERR_CANT_OPEN:
1929 errmsg = "The file \"%s\" could not be created for some unknown reason.";
1931 errmsg = "The file \"%s\" could not be opened for some unknown reason.";
1934 case WTAP_ERR_SHORT_READ:
1935 errmsg = "The file \"%s\" appears to have been cut short"
1936 " in the middle of a packet or other data.";
1939 case WTAP_ERR_SHORT_WRITE:
1940 errmsg = "A full header couldn't be written to the file \"%s\".";
1945 errmsg = "The path to the file \"%s\" does not exist.";
1947 errmsg = "The file \"%s\" does not exist.";
1952 errmsg = "You do not have permission to create or write to the file \"%s\".";
1954 errmsg = "You do not have permission to read the file \"%s\".";
1958 errmsg = "\"%s\" is a directory (folder), not a file.";
1962 snprintf(errmsg_errno, sizeof(errmsg_errno),
1963 "The file \"%%s\" could not be %s: %s.",
1964 for_writing ? "created" : "opened",
1965 wtap_strerror(err));
1966 errmsg = errmsg_errno;
1973 open_cap_file(char *fname, gboolean is_tempfile, capture_file *cf)
1977 char err_msg[2048+1];
1979 wth = wtap_open_offline(fname, &err, FALSE);
1983 /* The open succeeded. Fill in the information for this file. */
1985 /* Initialize all data structures used for dissection. */
1989 cf->filed = -1; /* not used, but set it anyway */
1990 cf->f_len = 0; /* not used, but set it anyway */
1992 /* Set the file name because we need it to set the follow stream filter.
1993 XXX - is that still true? We need it for other reasons, though,
1995 cf->filename = g_strdup(fname);
1997 /* Indicate whether it's a permanent or temporary file. */
1998 cf->is_tempfile = is_tempfile;
2000 /* If it's a temporary capture buffer file, mark it as not saved. */
2001 cf->user_saved = !is_tempfile;
2003 cf->cd_t = wtap_file_type(cf->wth);
2005 cf->drops_known = FALSE;
2009 cf->snap = wtap_snapshot_length(cf->wth);
2010 if (cf->snap == 0) {
2011 /* Snapshot length not known. */
2012 cf->has_snap = FALSE;
2013 cf->snap = WTAP_MAX_PACKET_SIZE;
2015 cf->has_snap = TRUE;
2016 cf->progbar_quantum = 0;
2017 cf->progbar_nextstep = 0;
2018 firstsec = 0, firstusec = 0;
2019 prevsec = 0, prevusec = 0;
2024 snprintf(err_msg, sizeof err_msg, file_open_error_message(err, FALSE, 0),
2026 fprintf(stderr, "tethereal: %s\n", err_msg);