#include "wtap.h"
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#else
-#include "wsgetopt.h"
+#ifndef HAVE_GETOPT
+#include "wsutil/wsgetopt.h"
#endif
#ifdef _WIN32
+#include <wsutil/unicode-utils.h>
#include <process.h> /* getpid */
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#endif
#ifdef NEED_STRPTIME_H
-# include "strptime.h"
+# include "wsutil/strptime.h"
#endif
-#include "epan/crypt/crypt-md5.h"
+#include "epan/crypt/md5.h"
#include "epan/plugins.h"
#include "epan/report_err.h"
#include "epan/filesystem.h"
static struct select_item selectfrm[MAX_SELECTIONS];
static int max_selected = -1;
static int keep_em = 0;
-static int out_file_type = WTAP_FILE_PCAP; /* default to "libpcap" */
+#ifdef PCAP_NG_DEFAULT
+static int out_file_type = WTAP_FILE_PCAPNG; /* default to pcapng */
+#else
+static int out_file_type = WTAP_FILE_PCAP; /* default to pcap */
+#endif
static int out_frame_type = -2; /* Leave frame type alone */
static int verbose = 0; /* Not so verbose */
static struct time_adjustment time_adj = {{0, 0}, 0}; /* no adjustment */
static gboolean dup_detect = FALSE;
static gboolean dup_detect_by_time = FALSE;
+static int do_strict_time_adjustment = FALSE;
+static struct time_adjustment strict_time_adj = {{0, 0}, 0}; /* strict time adjustment */
+static nstime_t previous_time = {0, 0}; /* previous time */
+
static int find_dct2000_real_data(guint8 *buf);
static gchar *
{
struct tm *tmp;
gchar *buf = g_malloc(16);
-
+
#ifdef _MSC_VER
/* calling localtime() on MSVC 2005 with huge values causes it to crash */
/* XXX - find the exact value that still does work */
tmp->tm_min,
tmp->tm_sec);
} else
- strcpy(buf, "");
+ buf[0] = '\0';
return buf;
}
static gchar*
-fileset_get_filename_by_pattern(guint idx, const struct wtap_nstime *time_val,
- gchar *fprefix, gchar *fsuffix)
+fileset_get_filename_by_pattern(guint idx, const struct wtap_nstime *time_val,
+ gchar *fprefix, gchar *fsuffix)
{
gchar filenum[5+1];
gchar *timestr;
{
struct wtap_pkthdr* pkthdr = wtap_phdr(wth);
- return ( pkthdr->ts.secs >= starttime ) && ( pkthdr->ts.secs <= stoptime );
+ return ( pkthdr->ts.secs >= starttime ) && ( pkthdr->ts.secs < stoptime );
}
static void
time_adj.tv.tv_usec = val;
}
+static void
+set_strict_time_adj(char *optarg_str_p)
+{
+ char *frac, *end;
+ long val;
+ size_t frac_digits;
+
+ if (!optarg_str_p)
+ return;
+
+ /* skip leading whitespace */
+ while (*optarg_str_p == ' ' || *optarg_str_p == '\t') {
+ optarg_str_p++;
+ }
+
+ /*
+ * check for a negative adjustment
+ * A negative strict adjustment value is a flag
+ * to adjust all frames by the specifed delta time.
+ */
+ if (*optarg_str_p == '-') {
+ strict_time_adj.is_negative = 1;
+ optarg_str_p++;
+ }
+
+ /* collect whole number of seconds, if any */
+ if (*optarg_str_p == '.') { /* only fractional (i.e., .5 is ok) */
+ val = 0;
+ frac = optarg_str_p;
+ } else {
+ val = strtol(optarg_str_p, &frac, 10);
+ if (frac == NULL || frac == optarg_str_p || val == LONG_MIN || val == LONG_MAX) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+ optarg_str_p);
+ exit(1);
+ }
+ if (val < 0) { /* implies '--' since we caught '-' above */
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+ optarg_str_p);
+ exit(1);
+ }
+ }
+ strict_time_adj.tv.tv_sec = val;
+
+ /* now collect the partial seconds, if any */
+ if (*frac != '\0') { /* chars left, so get fractional part */
+ val = strtol(&(frac[1]), &end, 10);
+ /* if more than 6 fractional digits truncate to 6 */
+ if((end - &(frac[1])) > 6) {
+ frac[7] = 't'; /* 't' for truncate */
+ val = strtol(&(frac[1]), &end, 10);
+ }
+ if (*frac != '.' || end == NULL || end == frac
+ || val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
+ fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
+ optarg_str_p);
+ exit(1);
+ }
+ }
+ else {
+ return; /* no fractional digits */
+ }
+
+ /* adjust fractional portion from fractional to numerator
+ * e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
+ if (frac && end) { /* both are valid */
+ frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
+ while(frac_digits < 6) { /* this is frac of 10^6 */
+ val *= 10;
+ frac_digits++;
+ }
+ }
+ strict_time_adj.tv.tv_usec = val;
+}
+
static void
set_rel_time(char *optarg_str_p)
{
fprintf(output, "Editcap %s"
#ifdef SVNVERSION
- " (" SVNVERSION " from " SVNPATH ")"
+ " (" SVNVERSION " from " SVNPATH ")"
#endif
- "\n", VERSION);
+ "\n", VERSION);
fprintf(output, "Edit and/or translate the format of capture files.\n");
fprintf(output, "See http://www.wireshark.org for more information.\n");
fprintf(output, "\n");
fprintf(output, "\n");
fprintf(output, "Packet selection:\n");
fprintf(output, " -r keep the selected packets; default is to delete them.\n");
- fprintf(output, " -A <start time> don't output packets whose timestamp is before the\n");
- fprintf(output, " given time (format as YYYY-MM-DD hh:mm:ss).\n");
- fprintf(output, " -B <stop time> don't output packets whose timestamp is after the\n");
+ fprintf(output, " -A <start time> only output packets whose timestamp is after (or equal\n");
+ fprintf(output, " to) the given time (format as YYYY-MM-DD hh:mm:ss).\n");
+ fprintf(output, " -B <stop time> only output packets whose timestamp is before the\n");
fprintf(output, " given time (format as YYYY-MM-DD hh:mm:ss).\n");
fprintf(output, "\n");
fprintf(output, "Duplicate packet removal:\n");
fprintf(output, "\n");
fprintf(output, " NOTE: The use of the 'Duplicate packet removal' options with\n");
fprintf(output, " other editcap options except -v may not always work as expected.\n");
- fprintf(output, " Specifically the -r and -t options will very likely NOT have the\n");
+ fprintf(output, " Specifically the -r, -t or -S options will very likely NOT have the\n");
fprintf(output, " desired effect if combined with the -d, -D or -w.\n");
fprintf(output, "\n");
fprintf(output, "Packet manipulation:\n");
fprintf(output, " -s <snaplen> truncate each packet to max. <snaplen> bytes of data.\n");
- fprintf(output, " -C <choplen> chop each packet at the end by <choplen> bytes.\n");
+ fprintf(output, " -C <choplen> chop each packet by <choplen> bytes. Positive values\n");
+ fprintf(output, " chop at the packet beginning, negative values at the\n");
+ fprintf(output, " packet end.\n");
fprintf(output, " -t <time adjustment> adjust the timestamp of each packet;\n");
fprintf(output, " <time adjustment> is in relative seconds (e.g. -0.5).\n");
+ fprintf(output, " -S <strict adjustment> adjust timestamp of packets if necessary to insure\n");
+ fprintf(output, " strict chronological increasing order. The <strict\n");
+ fprintf(output, " adjustment> is specified in relative seconds with\n");
+ fprintf(output, " values of 0 or 0.000001 being the most reasonable.\n");
+ fprintf(output, " A negative adjustment value will modify timestamps so\n");
+ fprintf(output, " that each packet's delta time is the absolute value\n");
+ fprintf(output, " of the adjustment specified. A value of -0 will set\n");
+ fprintf(output, " all packets to the timestamp of the first packet.\n");
fprintf(output, " -E <error probability> set the probability (between 0.0 and 1.0 incl.)\n");
fprintf(output, " that a particular packet byte will be randomly changed.\n");
fprintf(output, "\n");
fprintf(output, " -i <seconds per file> split the packet output to different files\n");
fprintf(output, " based on uniform time intervals\n");
fprintf(output, " with a maximum of <seconds per file> each.\n");
- fprintf(output, " -F <capture type> set the output file type; default is libpcap.\n");
+ fprintf(output, " -F <capture type> set the output file type; default is pcapng.\n");
fprintf(output, " an empty \"-F\" option will list the file types.\n");
fprintf(output, " -T <encap type> set the output file encapsulation type;\n");
fprintf(output, " default is the same as the input file.\n");
fprintf(output, "\n");
}
+struct string_elem {
+ const char *sstr; /* The short string */
+ const char *lstr; /* The long string */
+};
+
+static gint
+string_compare(gconstpointer a, gconstpointer b)
+{
+ return strcmp(((const struct string_elem *)a)->sstr,
+ ((const struct string_elem *)b)->sstr);
+}
+
+static void
+string_elem_print(gpointer data, gpointer not_used _U_)
+{
+ fprintf(stderr, " %s - %s\n",
+ ((struct string_elem *)data)->sstr,
+ ((struct string_elem *)data)->lstr);
+}
+
static void
list_capture_types(void) {
int i;
+ struct string_elem *captypes;
+ GSList *list = NULL;
+ captypes = g_malloc(sizeof(struct string_elem) * WTAP_NUM_FILE_TYPES);
fprintf(stderr, "editcap: The available capture file types for the \"-F\" flag are:\n");
for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
- if (wtap_dump_can_open(i))
- fprintf(stderr, " %s - %s\n",
- wtap_file_type_short_string(i), wtap_file_type_string(i));
+ if (wtap_dump_can_open(i)) {
+ captypes[i].sstr = wtap_file_type_short_string(i);
+ captypes[i].lstr = wtap_file_type_string(i);
+ list = g_slist_insert_sorted(list, &captypes[i], string_compare);
+ }
}
+ g_slist_foreach(list, string_elem_print, NULL);
+ g_slist_free(list);
+ g_free(captypes);
}
static void
list_encap_types(void) {
int i;
- const char *string;
+ struct string_elem *encaps;
+ GSList *list = NULL;
+ encaps = g_malloc(sizeof(struct string_elem) * WTAP_NUM_ENCAP_TYPES);
fprintf(stderr, "editcap: The available encapsulation types for the \"-T\" flag are:\n");
for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
- string = wtap_encap_short_string(i);
- if (string != NULL)
- fprintf(stderr, " %s - %s\n",
- string, wtap_encap_string(i));
+ encaps[i].sstr = wtap_encap_short_string(i);
+ if (encaps[i].sstr != NULL) {
+ encaps[i].lstr = wtap_encap_string(i);
+ list = g_slist_insert_sorted(list, &encaps[i], string_compare);
+ }
}
+ g_slist_foreach(list, string_elem_print, NULL);
+ g_slist_free(list);
+ g_free(encaps);
}
#ifdef HAVE_PLUGINS
static void
failure_message(const char *msg_format _U_, va_list ap _U_)
{
- return;
+ return;
}
#endif
int i, j, err;
gchar *err_info;
int opt;
+
char *p;
- unsigned int snaplen = 0; /* No limit */
- unsigned int choplen = 0; /* No chop */
+ guint32 snaplen = 0; /* No limit */
+ int choplen = 0; /* No chop */
wtap_dumper *pdh = NULL;
int count = 1;
unsigned duplicate_count = 0;
const struct wtap_pkthdr *phdr;
int err_type;
guint8 *buf;
+ guint32 read_count = 0;
int split_packet_count = 0;
int written_count = 0;
char *filename = NULL;
- gboolean check_ts;
+ gboolean ts_okay = TRUE;
int secs_per_block = 0;
int block_cnt = 0;
nstime_t block_start;
char* init_progfile_dir_error;
#endif
+#ifdef _WIN32
+ arg_list_utf_16to8(argc, argv);
+#endif /* _WIN32 */
+
/*
* Get credential information for later use.
*/
- get_credential_info();
+ init_process_policies();
#ifdef HAVE_PLUGINS
/* Register wiretap plugins */
#endif
/* Process the options */
- while ((opt = getopt(argc, argv, "A:B:c:C:dD:E:F:hrs:i:t:T:vw:")) !=-1) {
+ while ((opt = getopt(argc, argv, "A:B:c:C:dD:E:F:hrs:i:t:S:T:vw:")) !=-1) {
switch (opt) {
dup_detect_by_time = FALSE;
dup_window = strtol(optarg, &p, 10);
if (p == optarg || *p != '\0') {
- fprintf(stderr, "editcap: \"%s\" isn't a valid dupicate window value\n",
+ fprintf(stderr, "editcap: \"%s\" isn't a valid duplicate window value\n",
optarg);
exit(1);
}
set_time_adjustment(optarg);
break;
+ case 'S':
+ set_strict_time_adj(optarg);
+ do_strict_time_adjustment = TRUE;
+ break;
+
case 'T':
out_frame_type = wtap_short_string_to_encap(optarg);
if (out_frame_type < 0) {
- fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
- optarg);
+ fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
+ optarg);
list_encap_types();
- exit(1);
+ exit(1);
}
break;
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
- case WTAP_ERR_BAD_RECORD:
+ case WTAP_ERR_BAD_FILE:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
}
while (wtap_read(wth, &err, &err_info, &data_offset)) {
+ read_count++;
+
phdr = wtap_phdr(wth);
+ buf = wtap_buf_ptr(wth);
if (nstime_is_unset(&block_start)) { /* should only be the first packet */
block_start.secs = phdr->ts.secs;
} else
filename = g_strdup(argv[optind+1]);
- pdh = wtap_dump_open(filename, out_file_type,
- out_frame_type, wtap_snapshot_length(wth),
- FALSE /* compressed */, &err);
- if (pdh == NULL) {
+ pdh = wtap_dump_open(filename, out_file_type, out_frame_type,
+ snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
+ FALSE /* compressed */, &err);
+ if (pdh == NULL) {
fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
wtap_strerror(err));
exit(2);
fprintf(stderr, "Continuing writing in file %s\n", filename);
}
- pdh = wtap_dump_open(filename, out_file_type,
- out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+ pdh = wtap_dump_open(filename, out_file_type, out_frame_type,
+ snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
+ FALSE /* compressed */, &err);
if (pdh == NULL) {
fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
if (split_packet_count > 0) {
/* time for the next file? */
- if (written_count > 0 &&
+ if (written_count > 0 &&
written_count % split_packet_count == 0) {
if (!wtap_dump_close(pdh, &err)) {
fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
fprintf(stderr, "Continuing writing in file %s\n", filename);
}
- pdh = wtap_dump_open(filename, out_file_type,
- out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+ pdh = wtap_dump_open(filename, out_file_type, out_frame_type,
+ snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
+ FALSE /* compressed */, &err);
if (pdh == NULL) {
fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
wtap_strerror(err));
}
}
- check_ts = check_timestamp(wth);
+ if (check_startstop)
+ ts_okay = check_timestamp(wth);
- if ( ((check_startstop && check_ts) || (!check_startstop && !check_ts)) && ((!selected(count) && !keep_em) ||
- (selected(count) && keep_em)) ) {
+ if ( ts_okay && ((!selected(count) && !keep_em) || (selected(count) && keep_em)) ) {
if (verbose && !dup_detect && !dup_detect_by_time)
printf("Packet: %u\n", count);
phdr = wtap_phdr(wth);
- if (choplen != 0 && phdr->caplen > choplen) {
+ if (snaplen != 0 && phdr->caplen > snaplen) {
snap_phdr = *phdr;
- snap_phdr.caplen -= choplen;
+ snap_phdr.caplen = snaplen;
phdr = &snap_phdr;
}
- if (snaplen != 0 && phdr->caplen > snaplen) {
+ if (choplen < 0) {
snap_phdr = *phdr;
- snap_phdr.caplen = snaplen;
+ if (((signed int) phdr->caplen + choplen) > 0)
+ snap_phdr.caplen += choplen;
+ else
+ snap_phdr.caplen = 0;
phdr = &snap_phdr;
+ } else if (choplen > 0) {
+ snap_phdr = *phdr;
+ if (phdr->caplen > (unsigned int) choplen) {
+ snap_phdr.caplen -= choplen;
+ buf += choplen;
+ } else
+ snap_phdr.caplen = 0;
+ phdr = &snap_phdr;
+ }
+
+ /*
+ * Do we adjust timestamps to insure strict chronologically order?
+ */
+
+ if (do_strict_time_adjustment) {
+ if (previous_time.secs || previous_time.nsecs) {
+ if (!strict_time_adj.is_negative) {
+ nstime_t current;
+ nstime_t delta;
+
+ current.secs = phdr->ts.secs;
+ current.nsecs = phdr->ts.nsecs;
+
+ nstime_delta(&delta, ¤t, &previous_time);
+
+ if (delta.secs < 0 || delta.nsecs < 0)
+ {
+ /*
+ * A negative delta indicates that the current packet
+ * has an absolute timestamp less than the previous packet
+ * that it is being compared to. This is NOT a normal
+ * situation since trace files usually have packets in
+ * chronological order (oldest to newest).
+ */
+ /* printf("++out of order, need to adjust this packet!\n"); */
+ snap_phdr = *phdr;
+ snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
+ snap_phdr.ts.nsecs = previous_time.nsecs;
+ if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
+ /* carry */
+ snap_phdr.ts.secs++;
+ snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
+ } else {
+ snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
+ }
+ phdr = &snap_phdr;
+ }
+ } else {
+ /*
+ * A negative strict time adjustment is requested.
+ * Unconditionally set each timestamp to previous
+ * packet's timestamp plus delta.
+ */
+ snap_phdr = *phdr;
+ snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
+ snap_phdr.ts.nsecs = previous_time.nsecs;
+ if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
+ /* carry */
+ snap_phdr.ts.secs++;
+ snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
+ } else {
+ snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
+ }
+ phdr = &snap_phdr;
+ }
+ }
+ previous_time.secs = phdr->ts.secs;
+ previous_time.nsecs = phdr->ts.nsecs;
}
/* assume that if the frame's tv_sec is 0, then
/* suppress duplicates by packet window */
if (dup_detect) {
- buf = wtap_buf_ptr(wth);
if (is_duplicate(buf, phdr->caplen)) {
if (verbose) {
fprintf(stdout, "Skipped: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
current.secs = phdr->ts.secs;
current.nsecs = phdr->ts.nsecs;
- buf = wtap_buf_ptr(wth);
-
if (is_duplicate_rel_time(buf, phdr->caplen, ¤t)) {
if (verbose) {
fprintf(stdout, "Skipped: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
/* Random error mutation */
if (err_prob > 0.0) {
int real_data_start = 0;
- buf = wtap_buf_ptr(wth);
/* Protect non-protocol data */
if (wtap_file_type(wth) == WTAP_FILE_CATAPULT_DCT2000) {
real_data_start = find_dct2000_real_data(buf);
if (err_type < ERR_WT_FMT) {
if ((unsigned int)i < phdr->caplen - 2)
- strncpy((char*) &buf[i], "%s", 2);
+ g_strlcpy((char*) &buf[i], "%s", 2);
err_type = ERR_WT_TOTAL;
} else {
err_type -= ERR_WT_FMT;
}
}
- if (!wtap_dump(pdh, phdr, wtap_pseudoheader(wth), wtap_buf_ptr(wth),
- &err)) {
- fprintf(stderr, "editcap: Error writing to %s: %s\n",
- filename, wtap_strerror(err));
+ if (!wtap_dump(pdh, phdr, wtap_pseudoheader(wth), buf, &err)) {
+ switch (err) {
+
+ case WTAP_ERR_UNSUPPORTED_ENCAP:
+ /*
+ * This is a problem with the particular frame we're writing;
+ * note that, and give the frame number.
+ */
+ fprintf(stderr, "editcap: Frame %u of \"%s\" has a network type that can't be saved in a file with that format\n.",
+ read_count, argv[optind]);
+ break;
+
+ default:
+ fprintf(stderr, "editcap: Error writing to %s: %s\n",
+ filename, wtap_strerror(err));
+ break;
+ }
exit(2);
}
written_count++;
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
- case WTAP_ERR_BAD_RECORD:
+ case WTAP_ERR_BAD_FILE:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
g_free (filename);
filename = g_strdup(argv[optind+1]);
- pdh = wtap_dump_open(filename, out_file_type,
- out_frame_type, wtap_snapshot_length(wth), FALSE /* compressed */, &err);
+ pdh = wtap_dump_open(filename, out_file_type, out_frame_type,
+ snaplen ? MIN(snaplen, wtap_snapshot_length(wth)): wtap_snapshot_length(wth),
+ FALSE /* compressed */, &err);
if (pdh == NULL) {
- fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
- wtap_strerror(err));
- exit(2);
+ fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
+ wtap_strerror(err));
+ exit(2);
}
}