-/* Edit capture files. We can delete records, adjust timestamps, or
+/* Edit capture files. We can delete packets, adjust timestamps, or
* simply convert from one format to another format.
*
* $Id$
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <glib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
+
+/*
+ * Just make sure we include the prototype for strptime as well
+ * (needed for glibc 2.2)
+ */
+#define __USE_XOPEN
+
#include <time.h>
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#include <process.h> /* getpid */
#endif
+#ifdef NEED_STRPTIME_H
+# include "strptime.h"
+#endif
+
+#include "svnversion.h"
+
/*
* Some globals so we can pass things to various routines
*/
static int verbose = 0; /* Not so verbose */
static struct time_adjustment time_adj = {{0, 0}, 0}; /* no adjustment */
static double err_prob = 0.0;
+static time_t starttime = 0;
+static time_t stoptime = 0;
+static gboolean check_startstop = FALSE;
/* Add a selection item, a simple parser for now */
}
-/* Was the record selected? */
+/* Was the packet selected? */
static int selected(int recno)
{
}
+/* is the packet in the selected timeframe */
+static gboolean check_timestamp(wtap *wth) {
+ struct wtap_pkthdr* pkthdr = wtap_phdr(wth);
+ return ( (time_t) pkthdr->ts.secs >= starttime ) && ( (time_t) pkthdr->ts.secs <= stoptime );
+}
+
static void
set_time_adjustment(char *optarg)
{
static void usage(void)
{
- int i;
- const char *string;
-
- fprintf(stderr, "Usage: editcap [-r] [-h] [-v] [-T <encap type>] [-E <probability>]\n");
- fprintf(stderr, " [-F <capture type>] [-s <snaplen>] [-t <time adjustment>]\n");
- fprintf(stderr, " <infile> <outfile> [ <record#>[-<record#>] ... ]\n");
- fprintf(stderr, " where\n");
- fprintf(stderr, " \t-E <probability> specifies the probability (between 0 and 1)\n");
- fprintf(stderr, " \t that a particular byte will will have an error.\n");
- fprintf(stderr, " \t-F <capture type> specifies the capture file type to write:\n");
- for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
- if (wtap_dump_can_open(i))
- fprintf(stderr, " \t %s - %s\n",
- wtap_file_type_short_string(i), wtap_file_type_string(i));
- }
- fprintf(stderr, " \t default is libpcap\n");
- fprintf(stderr, " \t-h produces this help listing.\n");
- fprintf(stderr, " \t-r specifies that the records specified should be kept, not deleted, \n");
- fprintf(stderr, " default is to delete\n");
- fprintf(stderr, " \t-s <snaplen> specifies that packets should be truncated to\n");
- fprintf(stderr, " \t <snaplen> bytes of data\n");
- fprintf(stderr, " \t-t <time adjustment> specifies the time adjustment\n");
- fprintf(stderr, " \t to be applied to selected packets\n");
- fprintf(stderr, " \t-T <encap type> specifies the encapsulation type to use:\n");
- for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
- string = wtap_encap_short_string(i);
- if (string != NULL)
- fprintf(stderr, " \t %s - %s\n",
- string, wtap_encap_string(i));
- }
- fprintf(stderr, " \t default is the same as the input file\n");
- fprintf(stderr, " \t-v specifies verbose operation, default is silent\n");
- fprintf(stderr, "\n \t A range of records can be specified as well\n");
+ fprintf(stderr, "Editcap %s"
+#ifdef SVNVERSION
+ " (" SVNVERSION ")"
+#endif
+ "\n", VERSION);
+ fprintf(stderr, "Edit and/or translate the format of capture files.\n");
+ fprintf(stderr, "See http://www.ethereal.com for more information.\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "A single packet or a range of packets can be selected.\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Packets:\n");
+ fprintf(stderr, " -C <choplen> chop each packet at the end by <choplen> bytes\n");
+ fprintf(stderr, " -E <error probability> set the probability (between 0.0 and 1.0 incl.)\n");
+ fprintf(stderr, " that a particular packet byte will be randomly changed\n");
+ fprintf(stderr, " -r keep the selected packets, default is to delete them\n");
+ fprintf(stderr, " -s <snaplen> truncate packets to max. <snaplen> bytes of data\n");
+ fprintf(stderr, " -t <time adjustment> adjust the timestamp of selected packets,\n");
+ fprintf(stderr, " <time adjustment> is in relative seconds (e.g. -0.5)\n");
+ fprintf(stderr, " -A <start time> don't output packets whose timestamp is before the\n");
+ fprintf(stderr, " given time (format as YYYY-MM-DD hh:mm:ss)\n");
+ fprintf(stderr, " -B <stop time> don't output packets whose timestamp is after the\n");
+ fprintf(stderr, " given time (format as YYYY-MM-DD hh:mm:ss)\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Output File(s):\n");
+ fprintf(stderr, " -c <packets per file> split the packet output to different files,\n");
+ fprintf(stderr, " with a maximum of <packets per file> each\n");
+ fprintf(stderr, " -F <capture type> set the output file type, default is libpcap\n");
+ fprintf(stderr, " an empty \"-F\" option will list the file types\n");
+ fprintf(stderr, " -T <encap type> set the output file encapsulation type,\n");
+ fprintf(stderr, " default is the same as the input file\n");
+ fprintf(stderr, " an empty \"-T\" option will list the encapsulation types\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Miscellaneous:\n");
+ fprintf(stderr, " -h display this help and exit\n");
+ fprintf(stderr, " -v verbose output\n");
+ fprintf(stderr, "\n");
+}
+
+static void list_capture_types(void) {
+ int i;
+
+ fprintf(stderr, "editcap: The available capture file types for \"F\":\n");
+ for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
+ if (wtap_dump_can_open(i))
+ fprintf(stderr, " %s - %s\n",
+ wtap_file_type_short_string(i), wtap_file_type_string(i));
+ }
+}
+
+static void list_encap_types(void) {
+ int i;
+ const char *string;
+
+ fprintf(stderr, "editcap: The available encapsulation types for \"T\":\n");
+ for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
+ string = wtap_encap_short_string(i);
+ if (string != NULL)
+ fprintf(stderr, " %s - %s\n",
+ string, wtap_encap_string(i));
+ }
}
int main(int argc, char *argv[])
int opt;
char *p;
unsigned int snaplen = 0; /* No limit */
+ unsigned int choplen = 0; /* No chop */
wtap_dumper *pdh;
int count = 1;
long data_offset;
const struct wtap_pkthdr *phdr;
int err_type;
guint8 *buf;
+ int split_packet_count = 0;
+ int written_count = 0;
+ char *filename;
/* Process the options first */
- while ((opt = getopt(argc, argv, "E:F:hrs:t:T:v")) !=-1) {
+ while ((opt = getopt(argc, argv, "A:B:c:C:E:F:hrs:t:T:v")) !=-1) {
switch (opt) {
case 'F':
out_file_type = wtap_short_string_to_file_type(optarg);
if (out_file_type < 0) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n",
+ fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n\n",
+ optarg);
+ list_capture_types();
+ exit(1);
+ }
+ break;
+
+ case 'c':
+ split_packet_count = strtol(optarg, &p, 10);
+ if (p == optarg || *p != '\0') {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid packet count\n",
+ optarg);
+ exit(1);
+ }
+ if (split_packet_count <= 0) {
+ fprintf(stderr, "editcap: \"%d\" packet count must be larger than zero\n",
+ split_packet_count);
+ exit(1);
+ }
+ break;
+
+ case 'C':
+ choplen = strtol(optarg, &p, 10);
+ if (p == optarg || *p != '\0') {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid chop length\n",
optarg);
exit(1);
}
break;
- case 'h':
case '?': /* Bad options if GNU getopt */
+ switch(optopt) {
+ case'F':
+ list_capture_types();
+ break;
+ case'T':
+ list_encap_types();
+ break;
+ default:
+ usage();
+ }
+ exit(1);
+ break;
+
+ case 'h':
usage();
exit(1);
break;
case 'T':
out_frame_type = wtap_short_string_to_encap(optarg);
if (out_frame_type < 0) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n",
+ fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
optarg);
+ list_encap_types();
exit(1);
}
break;
verbose = !verbose; /* Just invert */
break;
+ case 'A':
+ {
+ struct tm starttm;
+
+ memset(&starttm,0,sizeof(struct tm));
+
+ if(!strptime(optarg,"%F %T",&starttm)) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n",
+ optarg);
+ exit(1);
+ }
+
+ check_startstop = TRUE;
+ starttime = mktime(&starttm);
+ break;
+ }
+ case 'B':
+ {
+ struct tm stoptm;
+
+ memset(&stoptm,0,sizeof(struct tm));
+
+ if(!strptime(optarg,"%F %T",&stoptm)) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n",
+ optarg);
+ exit(1);
+ }
+ check_startstop = TRUE;
+ stoptime = mktime(&stoptm);
+ break;
+ }
}
}
-
+
#ifdef DEBUG
printf("Optind = %i, argc = %i\n", optind, argc);
#endif
}
+ if (check_startstop && !stoptime) {
+ struct tm stoptm;
+ /* XXX: will work until 2035 */
+ memset(&stoptm,0,sizeof(struct tm));
+ stoptm.tm_year = 135;
+ stoptm.tm_mday = 31;
+ stoptm.tm_mon = 11;
+
+ stoptime = mktime(&stoptm);
+ }
+
+ if (starttime > stoptime) {
+ fprintf(stderr, "editcap: start time is after the stop time\n");
+ exit(1);
+ }
+
wth = wtap_open_offline(argv[optind], &err, &err_info, FALSE);
if (!wth) {
if (out_frame_type == -2)
out_frame_type = wtap_file_encap(wth);
- pdh = wtap_dump_open(argv[optind + 1], out_file_type,
- out_frame_type, wtap_snapshot_length(wth), &err);
+ if (split_packet_count > 0) {
+ filename = (char *) malloc(strlen(argv[optind+1]) + 20);
+ if (!filename) {
+ exit(5);
+ }
+ sprintf(filename, "%s-%05d", argv[optind+1], 0);
+ } else {
+ filename = argv[optind+1];
+ }
+
+ pdh = wtap_dump_open(filename, out_file_type,
+ out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
if (pdh == NULL) {
- fprintf(stderr, "editcap: Can't open or create %s: %s\n", argv[optind+1],
+ fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
wtap_strerror(err));
exit(1);
while (wtap_read(wth, &err, &err_info, &data_offset)) {
- if ((!selected(count) && !keep_em) ||
- (selected(count) && keep_em)) {
+ if (split_packet_count > 0 && (written_count % split_packet_count == 0)) {
+ if (!wtap_dump_close(pdh, &err)) {
+
+ fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
+ wtap_strerror(err));
+ exit(1);
+ }
+
+ sprintf(filename, "%s-%05d",argv[optind+1], count / split_packet_count);
+
+ if (verbose) {
+ fprintf(stderr, "Continuing writing in file %s\n", filename);
+ }
+
+ pdh = wtap_dump_open(filename, out_file_type,
+ out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+ if (pdh == NULL) {
+
+ fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
+ wtap_strerror(err));
+ exit(1);
+
+ }
+ }
+
+ if ( ((check_startstop && check_timestamp(wth)) || (!check_startstop && !check_timestamp(wth))) && ((!selected(count) && !keep_em) ||
+ (selected(count) && keep_em)) ) {
if (verbose)
- printf("Record: %u\n", count);
+ printf("Packet: %u\n", count);
/* We simply write it, perhaps after truncating it; we could do other
things, like modify it. */
phdr = wtap_phdr(wth);
+ if (choplen != 0 && phdr->caplen > choplen) {
+ snap_phdr = *phdr;
+ snap_phdr.caplen -= choplen;
+ phdr = &snap_phdr;
+ }
+
if (snaplen != 0 && phdr->caplen > snaplen) {
snap_phdr = *phdr;
snap_phdr.caplen = snaplen;
if (err_type < ERR_WT_FMT) {
if ((unsigned int)i < phdr->caplen - 2)
- strcpy(&buf[i], "%s");
+ strcpy((char*) &buf[i], "%s");
err_type = ERR_WT_TOTAL;
} else {
err_type -= ERR_WT_FMT;
&err)) {
fprintf(stderr, "editcap: Error writing to %s: %s\n",
- argv[optind + 1], wtap_strerror(err));
+ filename, wtap_strerror(err));
exit(1);
}
+ written_count++;
+
}
count++;
if (!wtap_dump_close(pdh, &err)) {
- fprintf(stderr, "editcap: Error writing to %s: %s\n", argv[optind + 1],
+ fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
wtap_strerror(err));
exit(1);
git.samba.org / obnox / wireshark / wip.git / blobdiff