/* file.c
* File I/O routines
*
- * $Id: file.c,v 1.189 2000/05/19 23:06:06 gram Exp $
+ * $Id: file.c,v 1.286 2002/08/28 10:07:26 guy Exp $
*
* Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@zing.org>
+ * By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
- *
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
-#include <sys/stat.h>
#include <errno.h>
-#include <fcntl.h>
#include <signal.h>
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
#ifdef NEED_SNPRINTF_H
-# ifdef HAVE_STDARG_H
-# include <stdarg.h>
-# else
-# include <varargs.h>
-# endif
# include "snprintf.h"
#endif
#include "strerror.h"
#endif
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
+#include <epan/epan.h>
+#include <epan/filesystem.h>
#include "gtk/main.h"
+#include "color.h"
+#include "gtk/color_utils.h"
#include "column.h"
-#include "packet.h"
+#include <epan/packet.h>
#include "print.h"
#include "file.h"
#include "menu.h"
#include "util.h"
#include "simple_dialog.h"
+#include "progress_dlg.h"
#include "ui_util.h"
+#include "statusbar.h"
#include "prefs.h"
#include "gtk/proto_draw.h"
-#include "dfilter.h"
-#include "conversation.h"
+#include "gtk/packet_win.h"
+#include <epan/dfilter/dfilter.h>
+#include <epan/conversation.h>
#include "globals.h"
+#include "gtk/colors.h"
+#include <epan/epan_dissect.h>
-#include "plugins.h"
-
-extern GtkWidget *packet_list, *prog_bar, *info_bar, *byte_view, *tree_view;
-extern guint file_ctx;
+extern GtkWidget *packet_list, *byte_nb_ptr, *tree_view;
-gboolean auto_scroll_live = FALSE;
+#ifdef HAVE_LIBPCAP
+gboolean auto_scroll_live;
+#endif
static guint32 firstsec, firstusec;
static guint32 prevsec, prevusec;
-static void wtap_dispatch_cb(u_char *, const struct wtap_pkthdr *, int,
- union wtap_pseudo_header *, const u_char *);
+static void read_packet(capture_file *cf, long offset);
+
+static void rescan_packets(capture_file *cf, const char *action, const char *action_item,
+ gboolean refilter, gboolean redissect);
static void set_selected_row(int row);
static char *file_rename_error_message(int err);
static char *file_close_error_message(int err);
+static gboolean copy_binary_file(char *from_filename, char *to_filename);
/* Update the progress bar this many times when reading a file. */
#define N_PROGBAR_UPDATES 100
{
wtap *wth;
int err;
- FILE_T fh;
int fd;
struct stat cf_stat;
goto fail;
/* Find the size of the file. */
- fh = wtap_file(wth);
fd = wtap_fd(wth);
if (fstat(fd, &cf_stat) < 0) {
err = errno;
/* The open succeeded. Close whatever capture file we had open,
and fill in the information for this file. */
- close_cap_file(cf, info_bar);
+ close_cap_file(cf);
- /* Initialize the table of conversations. */
- conversation_init();
+ /* Initialize all data structures used for dissection. */
+ init_dissection();
- /* Initialize protocol-specific variables */
- init_all_protocols();
+ /* We're about to start reading the file. */
+ cf->state = FILE_READ_IN_PROGRESS;
cf->wth = wth;
cf->filed = fd;
cf->cd_t = wtap_file_type(cf->wth);
cf->count = 0;
+ cf->marked_count = 0;
+ cf->drops_known = FALSE;
cf->drops = 0;
cf->esec = 0;
cf->eusec = 0;
cf->snap = wtap_snapshot_length(cf->wth);
- cf->update_progbar = FALSE;
+ if (cf->snap == 0) {
+ /* Snapshot length not known. */
+ cf->has_snap = FALSE;
+ cf->snap = WTAP_MAX_PACKET_SIZE;
+ } else
+ cf->has_snap = TRUE;
cf->progbar_quantum = 0;
cf->progbar_nextstep = 0;
firstsec = 0, firstusec = 0;
sizeof(frame_data),
FRAME_DATA_CHUNK_SIZE * sizeof(frame_data),
G_ALLOC_AND_FREE);
+ g_assert(cf->plist_chunk);
return (0);
fail:
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_open_error_message(err, FALSE), fname);
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_open_error_message(err, FALSE, 0), fname);
return (err);
}
/* Reset everything to a pristine state */
void
-close_cap_file(capture_file *cf, void *w)
+close_cap_file(capture_file *cf)
{
+ /* Die if we're in the middle of reading a file. */
+ g_assert(cf->state != FILE_READ_IN_PROGRESS);
+
/* Destroy all popup packet windows, as they refer to packets in the
capture file we're closing. */
destroy_packet_wins();
cf->plist_chunk = NULL;
}
if (cf->rfcode != NULL) {
- dfilter_destroy(cf->rfcode);
+ dfilter_free(cf->rfcode);
cf->rfcode = NULL;
}
cf->plist = NULL;
/* Clear any file-related status bar messages.
XXX - should be "clear *ALL* file-related status bar messages;
will there ever be more than one on the stack? */
- gtk_statusbar_pop(GTK_STATUSBAR(w), file_ctx);
+ statusbar_pop_file_msg();
/* Restore the standard title bar message. */
set_main_window_name("The Ethereal Network Analyzer");
set_menus_for_captured_packets(FALSE);
set_menus_for_selected_packet(FALSE);
set_menus_for_capture_in_progress(FALSE);
+ set_menus_for_selected_tree_row(FALSE);
+
+ /* We have no file open. */
+ cf->state = FILE_CLOSED;
}
/* Set the file name in the status line, in the name for the main window,
{
gchar *name_ptr;
size_t msg_len;
- gchar *done_fmt = " File: %s Drops: %u";
+ static const gchar done_fmt_nodrops[] = " File: %s";
+ static const gchar done_fmt_drops[] = " File: %s Drops: %u";
gchar *done_msg;
gchar *win_name_fmt = "%s - Ethereal";
gchar *win_name;
name_ptr = "<capture>";
}
- msg_len = strlen(name_ptr) + strlen(done_fmt) + 64;
- done_msg = g_malloc(msg_len);
- snprintf(done_msg, msg_len, done_fmt, name_ptr, cf->drops);
- gtk_statusbar_push(GTK_STATUSBAR(info_bar), file_ctx, done_msg);
+ if (cf->drops_known) {
+ msg_len = strlen(name_ptr) + strlen(done_fmt_drops) + 64;
+ done_msg = g_malloc(msg_len);
+ snprintf(done_msg, msg_len, done_fmt_drops, name_ptr, cf->drops);
+ } else {
+ msg_len = strlen(name_ptr) + strlen(done_fmt_nodrops);
+ done_msg = g_malloc(msg_len);
+ snprintf(done_msg, msg_len, done_fmt_nodrops, name_ptr);
+ }
+ statusbar_push_file_msg(done_msg);
g_free(done_msg);
msg_len = strlen(name_ptr) + strlen(win_name_fmt) + 1;
g_free(win_name);
}
-int
-read_cap_file(capture_file *cf)
+read_status_t
+read_cap_file(capture_file *cf, int *err)
{
- gchar *name_ptr, *load_msg, *load_fmt = " Loading: %s...";
- int success;
- int err;
- size_t msg_len;
- char *errmsg;
- char errmsg_errno[1024+1];
- gchar err_str[2048+1];
+ gchar *name_ptr, *load_msg, *load_fmt = "%s";
+ size_t msg_len;
+ char *errmsg;
+ char errmsg_errno[1024+1];
+ gchar err_str[2048+1];
+ long data_offset;
+ progdlg_t *progbar = NULL;
+ gboolean stop_flag;
+ /*
+ * XXX - should be "off_t", but Wiretap would need more work to handle
+ * the full size of "off_t" on platforms where it's more than a "long"
+ * as well.
+ */
+ long file_pos;
+ float prog_val;
+ int fd;
+ struct stat cf_stat;
+ GTimeVal start_time;
+ gchar status_str[100];
name_ptr = get_basename(cf->filename);
msg_len = strlen(name_ptr) + strlen(load_fmt) + 2;
load_msg = g_malloc(msg_len);
snprintf(load_msg, msg_len, load_fmt, name_ptr);
- gtk_statusbar_push(GTK_STATUSBAR(info_bar), file_ctx, load_msg);
- g_free(load_msg);
+ statusbar_push_file_msg(load_msg);
- cf->update_progbar = TRUE;
/* Update the progress bar when it gets to this value. */
cf->progbar_nextstep = 0;
/* When we reach the value that triggers a progress bar update,
#endif
freeze_clist(cf);
- success = wtap_loop(cf->wth, 0, wtap_dispatch_cb, (u_char *) cf, &err);
+
+ stop_flag = FALSE;
+ g_get_current_time(&start_time);
+
+ while ((wtap_read(cf->wth, err, &data_offset))) {
+ /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
+ when we update it, we have to run the GTK+ main loop to get it
+ to repaint what's pending, and doing so may involve an "ioctl()"
+ to see if there's any pending input from an X server, and doing
+ that for every packet can be costly, especially on a big file. */
+ if (data_offset >= cf->progbar_nextstep) {
+ file_pos = lseek(cf->filed, 0, SEEK_CUR);
+ prog_val = (gfloat) file_pos / (gfloat) cf->f_len;
+ if (prog_val > 1.0) {
+ /* The file probably grew while we were reading it.
+ Update "cf->f_len", and try again. */
+ fd = wtap_fd(cf->wth);
+ if (fstat(fd, &cf_stat) >= 0) {
+ cf->f_len = cf_stat.st_size;
+ prog_val = (gfloat) file_pos / (gfloat) cf->f_len;
+ }
+ /* If it's still > 1, either the "fstat()" failed (in which
+ case there's not much we can do about it), or the file
+ *shrank* (in which case there's not much we can do about
+ it); just clip the progress value at 1.0. */
+ if (prog_val > 1.0)
+ prog_val = 1.0;
+ }
+ if (progbar == NULL) {
+ /* Create the progress bar if necessary */
+ progbar = delayed_create_progress_dlg("Loading", load_msg, "Stop",
+ &stop_flag, &start_time, prog_val);
+ if (progbar != NULL)
+ g_free(load_msg);
+ }
+ if (progbar != NULL) {
+ g_snprintf(status_str, sizeof(status_str),
+ "%luKB of %luKB", file_pos / 1024, cf->f_len / 1024);
+ update_progress_dlg(progbar, prog_val, status_str);
+ }
+ cf->progbar_nextstep += cf->progbar_quantum;
+ }
+
+ if (stop_flag) {
+ /* Well, the user decided to abort the read. Destroy the progress
+ bar, close the capture file, and return READ_ABORTED so our caller
+ can do whatever is appropriate when that happens. */
+ destroy_progress_dlg(progbar);
+ cf->state = FILE_READ_ABORTED; /* so that we're allowed to close it */
+ gtk_clist_thaw(GTK_CLIST(packet_list)); /* undo our freeze */
+ close_cap_file(cf);
+ return (READ_ABORTED);
+ }
+ read_packet(cf, data_offset);
+ }
+
+ /* We're done reading the file; destroy the progress bar if it was created. */
+ if (progbar == NULL)
+ g_free(load_msg);
+ else
+ destroy_progress_dlg(progbar);
+
+ /* We're done reading sequentially through the file. */
+ cf->state = FILE_READ_DONE;
+
+ /* Close the sequential I/O side, to free up memory it requires. */
+ wtap_sequential_close(cf->wth);
+
+ /* Allow the protocol dissectors to free up memory that they
+ * don't need after the sequential run-through of the packets. */
+ postseq_cleanup_all_protocols();
+
/* Set the file encapsulation type now; we don't know what it is until
we've looked at all the packets, as we don't know until then whether
there's more than one type (and thus whether it's
WTAP_ENCAP_PER_PACKET). */
-
- /* We're done reading sequentially through the file; close the
- sequential I/O side, to free up memory it requires. */
- wtap_sequential_close(cf->wth);
-
cf->lnk_t = wtap_file_encap(cf->wth);
+
cf->current_frame = cf->first_displayed;
thaw_clist(cf);
- gtk_progress_set_activity_mode(GTK_PROGRESS(prog_bar), FALSE);
- gtk_progress_set_value(GTK_PROGRESS(prog_bar), 0);
-
- gtk_statusbar_pop(GTK_STATUSBAR(info_bar), file_ctx);
+ statusbar_pop_file_msg();
set_display_filename(cf);
/* Enable menu items that make sense if you have a capture file you've
if (cf->first_displayed != NULL)
gtk_signal_emit_by_name(GTK_OBJECT(packet_list), "select_row", 0);
- if (!success) {
+ if (*err != 0) {
/* Put up a message box noting that the read failed somewhere along
the line. Don't throw out the stuff we managed to read, though,
if any. */
- switch (err) {
+ switch (*err) {
case WTAP_ERR_UNSUPPORTED_ENCAP:
errmsg = "The capture file is for a network type that Ethereal doesn't support.";
break;
default:
- sprintf(errmsg_errno, "An error occurred while reading the"
- " capture file: %s.", wtap_strerror(err));
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "An error occurred while reading the"
+ " capture file: %s.", wtap_strerror(*err));
errmsg = errmsg_errno;
break;
}
snprintf(err_str, sizeof err_str, errmsg);
- simple_dialog(ESD_TYPE_WARN, NULL, err_str);
- return (err);
+ simple_dialog(ESD_TYPE_CRIT, NULL, err_str);
+ return (READ_ERROR);
} else
- return (0);
+ return (READ_SUCCESS);
}
#ifdef HAVE_LIBPCAP
}
}
- gtk_statusbar_push(GTK_STATUSBAR(info_bar), file_ctx,
- " <live capture in progress>");
+ statusbar_push_file_msg(" <live capture in progress>");
}
return err;
}
-int
-continue_tail_cap_file(capture_file *cf, int to_read)
+read_status_t
+continue_tail_cap_file(capture_file *cf, int to_read, int *err)
{
- int err;
+ long data_offset = 0;
gtk_clist_freeze(GTK_CLIST(packet_list));
- wtap_loop(cf->wth, to_read, wtap_dispatch_cb, (u_char *) cf, &err);
+ while (to_read != 0 && (wtap_read(cf->wth, err, &data_offset))) {
+ if (cf->state == FILE_READ_ABORTED) {
+ /* Well, the user decided to exit Ethereal. Break out of the
+ loop, and let the code below (which is called even if there
+ aren't any packets left to read) exit. */
+ break;
+ }
+ read_packet(cf, data_offset);
+ to_read--;
+ }
gtk_clist_thaw(GTK_CLIST(packet_list));
if (auto_scroll_live && cf->plist_end != NULL)
gtk_clist_moveto(GTK_CLIST(packet_list),
GTK_CLIST(packet_list)->rows - 1, -1, 1.0, 1.0);
- return err;
+
+ if (cf->state == FILE_READ_ABORTED) {
+ /* Well, the user decided to exit Ethereal. Return READ_ABORTED
+ so that our caller can kill off the capture child process;
+ this will cause an EOF on the pipe from the child, so
+ "finish_tail_cap_file()" will be called, and it will clean up
+ and exit. */
+ return READ_ABORTED;
+ } else if (*err != 0) {
+ /* We got an error reading the capture file.
+ XXX - pop up a dialog box? */
+ return (READ_ERROR);
+ } else
+ return (READ_SUCCESS);
}
-int
-finish_tail_cap_file(capture_file *cf)
+read_status_t
+finish_tail_cap_file(capture_file *cf, int *err)
{
- int err;
+ long data_offset;
gtk_clist_freeze(GTK_CLIST(packet_list));
- wtap_loop(cf->wth, 0, wtap_dispatch_cb, (u_char *) cf, &err);
+ while ((wtap_read(cf->wth, err, &data_offset))) {
+ if (cf->state == FILE_READ_ABORTED) {
+ /* Well, the user decided to abort the read. Break out of the
+ loop, and let the code below (which is called even if there
+ aren't any packets left to read) exit. */
+ break;
+ }
+ read_packet(cf, data_offset);
+ }
+
+ if (cf->state == FILE_READ_ABORTED) {
+ /* Well, the user decided to abort the read. We're only called
+ when the child capture process closes the pipe to us (meaning
+ it's probably exited), so we can just close the capture
+ file; we return READ_ABORTED so our caller can do whatever
+ is appropriate when that happens. */
+ close_cap_file(cf);
+ return READ_ABORTED;
+ }
thaw_clist(cf);
if (auto_scroll_live && cf->plist_end != NULL)
gtk_clist_moveto(GTK_CLIST(packet_list),
GTK_CLIST(packet_list)->rows - 1, -1, 1.0, 1.0);
+ /* We're done reading sequentially through the file. */
+ cf->state = FILE_READ_DONE;
+
/* We're done reading sequentially through the file; close the
sequential I/O side, to free up memory it requires. */
wtap_sequential_close(cf->wth);
+ /* Allow the protocol dissectors to free up memory that they
+ * don't need after the sequential run-through of the packets. */
+ postseq_cleanup_all_protocols();
+
/* Set the file encapsulation type now; we don't know what it is until
we've looked at all the packets, as we don't know until then whether
there's more than one type (and thus whether it's
cf->lnk_t = wtap_file_encap(cf->wth);
/* Pop the "<live capture in progress>" message off the status bar. */
- gtk_statusbar_pop(GTK_STATUSBAR(info_bar), file_ctx);
+ statusbar_pop_file_msg();
set_display_filename(cf);
set_menus_for_capture_file(TRUE);
set_menus_for_unsaved_capture_file(!cf->user_saved);
- return err;
+ if (*err != 0) {
+ /* We got an error reading the capture file.
+ XXX - pop up a dialog box? */
+ return (READ_ERROR);
+ } else
+ return (READ_SUCCESS);
}
#endif /* HAVE_LIBPCAP */
typedef struct {
color_filter_t *colorf;
- proto_tree *protocol_tree;
- const guint8 *pd;
- frame_data *fdata;
+ epan_dissect_t *edt;
} apply_color_filter_args;
/*
apply_color_filter_args *args = argp;
if (colorf->c_colorfilter != NULL && args->colorf == NULL) {
- if (dfilter_apply(colorf->c_colorfilter, args->protocol_tree, args->pd, args->fdata->cap_len))
+ if (dfilter_apply_edt(colorf->c_colorfilter, args->edt))
args->colorf = colorf;
}
}
static int
add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
- union wtap_pseudo_header *pseudo_header, const u_char *buf)
+ union wtap_pseudo_header *pseudo_header, const guchar *buf,
+ gboolean refilter)
{
apply_color_filter_args args;
- gint i, row;
- proto_tree *protocol_tree = NULL;
+ gint row;
+ gboolean create_proto_tree = FALSE;
+ epan_dissect_t *edt;
+ GdkColor fg, bg;
/* We don't yet have a color filter to apply. */
args.colorf = NULL;
firstusec = fdata->abs_usecs;
}
- /* Get the time elapsed between the first packet and this packet. */
- cf->esec = fdata->abs_secs - firstsec;
- if (firstusec <= fdata->abs_usecs) {
- cf->eusec = fdata->abs_usecs - firstusec;
- } else {
- cf->eusec = (fdata->abs_usecs + 1000000) - firstusec;
- cf->esec--;
- }
+ /* If either
+
+ we have a display filter and are re-applying it;
+
+ we have a list of color filters;
- fdata->cinfo = &cf->cinfo;
- for (i = 0; i < fdata->cinfo->num_cols; i++) {
- fdata->cinfo->col_data[i][0] = '\0';
+ allocate a protocol tree root node, so that we'll construct
+ a protocol tree against which a filter expression can be
+ evaluated. */
+ if ((cf->dfcode != NULL && refilter) || filter_list != NULL)
+ create_proto_tree = TRUE;
+
+ /* Dissect the frame. */
+ edt = epan_dissect_new(create_proto_tree, FALSE);
+
+ if (cf->dfcode != NULL && refilter) {
+ epan_dissect_prime_dfilter(edt, cf->dfcode);
+ }
+ if (filter_list) {
+ filter_list_prime_edt(edt);
}
+ epan_dissect_run(edt, pseudo_header, buf, fdata, &cf->cinfo);
- /* Apply the filters */
- if (cf->dfcode != NULL || filter_list != NULL) {
- protocol_tree = proto_tree_create_root();
- dissect_packet(pseudo_header, buf, fdata, protocol_tree);
- if (cf->dfcode != NULL)
- fdata->flags.passed_dfilter = dfilter_apply(cf->dfcode, protocol_tree, buf, fdata->cap_len) ? 1 : 0;
- else
- fdata->flags.passed_dfilter = 1;
- /* Apply color filters, if we have any. */
+ /* If we have a display filter, apply it if we're refiltering, otherwise
+ leave the "passed_dfilter" flag alone.
+
+ If we don't have a display filter, set "passed_dfilter" to 1. */
+ if (cf->dfcode != NULL) {
+ if (refilter) {
+ if (cf->dfcode != NULL)
+ fdata->flags.passed_dfilter = dfilter_apply_edt(cf->dfcode, edt) ? 1 : 0;
+ else
+ fdata->flags.passed_dfilter = 1;
+ }
+ } else
+ fdata->flags.passed_dfilter = 1;
+
+ /* If we have color filters, and the frame is to be displayed, apply
+ the color filters. */
+ if (fdata->flags.passed_dfilter) {
if (filter_list != NULL) {
- args.protocol_tree = protocol_tree;
- args.pd = buf;
- args.fdata = fdata;
+ args.edt = edt;
g_slist_foreach(filter_list, apply_color_filter, &args);
}
- proto_tree_free(protocol_tree);
- }
- else {
-#ifdef HAVE_PLUGINS
- if (enabled_plugins_number > 0)
- protocol_tree = proto_tree_create_root();
-#endif
- dissect_packet(pseudo_header, buf, fdata, protocol_tree);
- fdata->flags.passed_dfilter = 1;
-#ifdef HAVE_PLUGINS
- if (protocol_tree)
- proto_tree_free(protocol_tree);
-#endif
}
+
if (fdata->flags.passed_dfilter) {
/* This frame passed the display filter, so add it to the clist. */
}
/* Get the time elapsed between the first packet and this packet. */
- fdata->rel_secs = cf->esec;
- fdata->rel_usecs = cf->eusec;
+ compute_timestamp_diff(&fdata->rel_secs, &fdata->rel_usecs,
+ fdata->abs_secs, fdata->abs_usecs, firstsec, firstusec);
+
+ /* If it's greater than the current elapsed time, set the elapsed time
+ to it (we check for "greater than" so as not to be confused by
+ time moving backwards). */
+ if ((gint32)cf->esec < fdata->rel_secs
+ || ((gint32)cf->esec == fdata->rel_secs && (gint32)cf->eusec < fdata->rel_usecs)) {
+ cf->esec = fdata->rel_secs;
+ cf->eusec = fdata->rel_usecs;
+ }
/* Get the time elapsed between the previous displayed packet and
this packet. */
- fdata->del_secs = fdata->abs_secs - prevsec;
- if (prevusec <= fdata->abs_usecs) {
- fdata->del_usecs = fdata->abs_usecs - prevusec;
- } else {
- fdata->del_usecs = (fdata->abs_usecs + 1000000) - prevusec;
- fdata->del_secs--;
- }
+ compute_timestamp_diff(&fdata->del_secs, &fdata->del_usecs,
+ fdata->abs_secs, fdata->abs_usecs, prevsec, prevusec);
prevsec = fdata->abs_secs;
prevusec = fdata->abs_usecs;
- fill_in_columns(fdata);
+ epan_dissect_fill_in_columns(edt);
/* If we haven't yet seen the first frame, this is it.
/* This is the last frame we've seen so far. */
cf->last_displayed = fdata;
- row = gtk_clist_append(GTK_CLIST(packet_list), fdata->cinfo->col_data);
+ row = gtk_clist_append(GTK_CLIST(packet_list), cf->cinfo.col_data);
gtk_clist_set_row_data(GTK_CLIST(packet_list), row, fdata);
- if (filter_list != NULL && (args.colorf != NULL)) {
- gtk_clist_set_background(GTK_CLIST(packet_list), row,
- &args.colorf->bg_color);
- gtk_clist_set_foreground(GTK_CLIST(packet_list), row,
- &args.colorf->fg_color);
+ if (fdata->flags.marked) {
+ color_t_to_gdkcolor(&bg, &prefs.gui_marked_bg);
+ color_t_to_gdkcolor(&fg, &prefs.gui_marked_fg);
+ } else if (filter_list != NULL && (args.colorf != NULL)) {
+ bg = args.colorf->bg_color;
+ fg = args.colorf->fg_color;
} else {
- gtk_clist_set_background(GTK_CLIST(packet_list), row, &WHITE);
- gtk_clist_set_foreground(GTK_CLIST(packet_list), row, &BLACK);
+ bg = WHITE;
+ fg = BLACK;
}
+ gtk_clist_set_background(GTK_CLIST(packet_list), row, &bg);
+ gtk_clist_set_foreground(GTK_CLIST(packet_list), row, &fg);
} else {
/* This frame didn't pass the display filter, so it's not being added
to the clist, and thus has no row. */
row = -1;
}
- fdata->cinfo = NULL;
+ epan_dissect_free(edt);
return row;
}
static void
-wtap_dispatch_cb(u_char *user, const struct wtap_pkthdr *phdr, int offset,
- union wtap_pseudo_header *pseudo_header, const u_char *buf)
+read_packet(capture_file *cf, long offset)
{
+ const struct wtap_pkthdr *phdr = wtap_phdr(cf->wth);
+ union wtap_pseudo_header *pseudo_header = wtap_pseudoheader(cf->wth);
+ const guchar *buf = wtap_buf_ptr(cf->wth);
frame_data *fdata;
- capture_file *cf = (capture_file *) user;
int passed;
- proto_tree *protocol_tree;
frame_data *plist_end;
- int file_pos;
- float prog_val;
-
- /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
- when we update it, we have to run the GTK+ main loop to get it
- to repaint what's pending, and doing so may involve an "ioctl()"
- to see if there's any pending input from an X server, and doing
- that for every packet can be costly, especially on a big file.
-
- Do so only if we were told to do so; when reading a capture file
- being updated by a live capture, we don't do so (as we're not
- "done" until the capture stops, so we don't know how close to
- "done" we are. */
-
- if (cf->update_progbar && offset >= cf->progbar_nextstep) {
- file_pos = lseek(cf->filed, 0, SEEK_CUR);
- prog_val = (gfloat) file_pos / (gfloat) cf->f_len;
- gtk_progress_bar_update(GTK_PROGRESS_BAR(prog_bar), prog_val);
- cf->progbar_nextstep += cf->progbar_quantum;
- while (gtk_events_pending())
- gtk_main_iteration();
- }
+ epan_dissect_t *edt;
/* Allocate the next list entry, and add it to the list. */
fdata = g_mem_chunk_alloc(cf->plist_chunk);
fdata->abs_usecs = phdr->ts.tv_usec;
fdata->flags.encoding = CHAR_ASCII;
fdata->flags.visited = 0;
- fdata->cinfo = NULL;
+ fdata->flags.marked = 0;
passed = TRUE;
if (cf->rfcode) {
- protocol_tree = proto_tree_create_root();
- dissect_packet(pseudo_header, buf, fdata, protocol_tree);
- passed = dfilter_apply(cf->rfcode, protocol_tree, buf, fdata->cap_len);
- proto_tree_free(protocol_tree);
+ edt = epan_dissect_new(TRUE, FALSE);
+ epan_dissect_prime_dfilter(edt, cf->rfcode);
+ epan_dissect_run(edt, pseudo_header, buf, fdata, NULL);
+ passed = dfilter_apply_edt(cf->rfcode, edt);
+ epan_dissect_free(edt);
}
if (passed) {
plist_end = cf->plist_end;
cf->count++;
fdata->num = cf->count;
- add_packet_to_packet_list(fdata, cf, pseudo_header, buf);
+ add_packet_to_packet_list(fdata, cf, pseudo_header, buf, TRUE);
} else {
/* XXX - if we didn't have read filters, or if we could avoid
allocating the "frame_data" structure until we knew whether
int
filter_packets(capture_file *cf, gchar *dftext)
{
- dfilter *dfcode;
+ dfilter_t *dfcode;
if (dftext == NULL) {
/* The new filter is an empty filter (i.e., display all packets). */
dfcode = NULL;
} else {
/*
- * We have a filter; try to compile it.
+ * We have a filter; make a copy of it (as we'll be saving it),
+ * and try to compile it.
*/
- if (dfilter_compile(dftext, &dfcode) != 0) {
+ dftext = g_strdup(dftext);
+ if (!dfilter_compile(dftext, &dfcode)) {
/* The attempt failed; report an error. */
- simple_dialog(ESD_TYPE_WARN, NULL, dfilter_error_msg);
+ simple_dialog(ESD_TYPE_CRIT, NULL, dfilter_error_msg);
return 0;
}
g_free(cf->dfilter);
cf->dfilter = dftext;
if (cf->dfcode != NULL)
- dfilter_destroy(cf->dfcode);
+ dfilter_free(cf->dfcode);
cf->dfcode = dfcode;
- /* Now go through the list of packets we've read from the capture file,
- applying the current display filter, and, if the packet passes the
- display filter, add it to the summary display, appropriately
- colored. (That's how we colorize the display - it's like filtering
- the display, only we don't install a new filter.) */
- colorize_packets(cf);
+ /* Now rescan the packet list, applying the new filter, but not
+ throwing away information constructed on a previous pass. */
+ if (dftext == NULL) {
+ rescan_packets(cf, "Resetting", "Filter", TRUE, FALSE);
+ } else {
+ rescan_packets(cf, "Filtering", dftext, TRUE, FALSE);
+ }
return 1;
}
void
colorize_packets(capture_file *cf)
+{
+ rescan_packets(cf, "Colorizing", "all frames", FALSE, FALSE);
+}
+
+void
+redissect_packets(capture_file *cf)
+{
+ rescan_packets(cf, "Reprocessing", "all frames", TRUE, TRUE);
+}
+
+/* Rescan the list of packets, reconstructing the CList.
+
+ "action" describes why we're doing this; it's used in the progress
+ dialog box.
+
+ "action_item" describes what we're doing; it's used in the progress
+ dialog box.
+
+ "refilter" is TRUE if we need to re-evaluate the filter expression.
+
+ "redissect" is TRUE if we need to make the dissectors reconstruct
+ any state information they have (because a preference that affects
+ some dissector has changed, meaning some dissector might construct
+ its state differently from the way it was constructed the last time). */
+static void
+rescan_packets(capture_file *cf, const char *action, const char *action_item,
+ gboolean refilter, gboolean redissect)
{
frame_data *fdata;
- guint32 progbar_quantum;
- guint32 progbar_nextstep;
- int count;
+ progdlg_t *progbar = NULL;
+ gboolean stop_flag;
+ int count;
+ int err;
frame_data *selected_frame;
- int selected_row;
- int row;
+ int selected_row;
+ int row;
+ float prog_val;
+ GTimeVal start_time;
+ gchar status_str[100];
/* Which frame, if any, is the currently selected frame?
XXX - should the selected frame or the focus frame be the "current"
rebuild the clist, however. */
selected_row = -1;
- /* We need to re-initialize all the state information that protocols
- keep, because we're making a fresh pass through all the packets. */
+ if (redissect) {
+ /* We need to re-initialize all the state information that protocols
+ keep, because some preference that controls a dissector has changed,
+ which might cause the state information to be constructed differently
+ by that dissector. */
- /* Initialize the table of conversations. */
- conversation_init();
-
- /* Initialize protocol-specific variables */
- init_all_protocols();
-
- gtk_progress_set_activity_mode(GTK_PROGRESS(prog_bar), FALSE);
+ /* Initialize all data structures used for dissection. */
+ init_dissection();
+ }
/* Freeze the packet list while we redo it, so we don't get any
screen updates while it happens. */
cf->first_displayed = NULL;
cf->last_displayed = NULL;
- /* Iterate through the list of packets, calling a routine
- to run the filter on the packet, see if it matches, and
- put it in the display list if so. */
+ /* Iterate through the list of frames. Call a routine for each frame
+ to check whether it should be displayed and, if so, add it to
+ the display list. */
firstsec = 0;
firstusec = 0;
prevsec = 0;
prevusec = 0;
/* Update the progress bar when it gets to this value. */
- progbar_nextstep = 0;
+ cf->progbar_nextstep = 0;
/* When we reach the value that triggers a progress bar update,
bump that value by this amount. */
- progbar_quantum = cf->count/N_PROGBAR_UPDATES;
+ cf->progbar_quantum = cf->count/N_PROGBAR_UPDATES;
/* Count of packets at which we've looked. */
count = 0;
- gtk_progress_bar_set_orientation(GTK_PROGRESS_BAR(prog_bar), GTK_PROGRESS_LEFT_TO_RIGHT);
+ stop_flag = FALSE;
+ g_get_current_time(&start_time);
for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
/* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
to repaint what's pending, and doing so may involve an "ioctl()"
to see if there's any pending input from an X server, and doing
that for every packet can be costly, especially on a big file. */
- if (count >= progbar_nextstep) {
+ if (count >= cf->progbar_nextstep) {
/* let's not divide by zero. I should never be started
* with count == 0, so let's assert that
*/
g_assert(cf->count > 0);
+ prog_val = (gfloat) count / cf->count;
+
+ if (progbar == NULL)
+ /* Create the progress bar if necessary */
+ progbar = delayed_create_progress_dlg(action, action_item, "Stop", &stop_flag,
+ &start_time, prog_val);
+
+ if (progbar != NULL) {
+ g_snprintf(status_str, sizeof(status_str),
+ "%4u of %u frames", count, cf->count);
+ update_progress_dlg(progbar, prog_val, status_str);
+ }
+
+ cf->progbar_nextstep += cf->progbar_quantum;
+ }
+
+ if (stop_flag) {
+ /* Well, the user decided to abort the filtering. Just stop.
- gtk_progress_bar_update(GTK_PROGRESS_BAR(prog_bar),
- (gfloat) count / cf->count);
+ XXX - go back to the previous filter? Users probably just
+ want not to wait for a filtering operation to finish;
+ unless we cancel by having no filter, reverting to the
+ previous filter will probably be even more expensive than
+ continuing the filtering, as it involves going back to the
+ beginning and filtering, and even with no filter we currently
+ have to re-generate the entire clist, which is also expensive.
- progbar_nextstep += progbar_quantum;
- while (gtk_events_pending())
- gtk_main_iteration();
+ I'm not sure what Network Monitor does, but it doesn't appear
+ to give you an unfiltered display if you cancel. */
+ break;
}
count++;
+ if (redissect) {
+ /* Since all state for the frame was destroyed, mark the frame
+ * as not visited, free the GSList referring to the state
+ * data (the per-frame data itself was freed by
+ * "init_dissection()"), and null out the GSList pointer. */
+ fdata->flags.visited = 0;
+ if (fdata->pfd) {
+ g_slist_free(fdata->pfd);
+ fdata->pfd = NULL;
+ }
+ }
+
+ /* XXX - do something with "err" */
wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
- cf->pd, fdata->cap_len);
+ cf->pd, fdata->cap_len, &err);
- row = add_packet_to_packet_list(fdata, cf, &cf->pseudo_header, cf->pd);
+ row = add_packet_to_packet_list(fdata, cf, &cf->pseudo_header, cf->pd,
+ refilter);
if (fdata == selected_frame)
selected_row = row;
}
- gtk_progress_bar_update(GTK_PROGRESS_BAR(prog_bar), 0);
+ if (redissect) {
+ /* Clear out what remains of the visited flags and per-frame data
+ pointers.
+
+ XXX - that may cause various forms of bogosity when dissecting
+ these frames, as they won't have been seen by this sequential
+ pass, but the only alternative I see is to keep scanning them
+ even though the user requested that the scan stop, and that
+ would leave the user stuck with an Ethereal grinding on
+ until it finishes. Should we just stick them with that? */
+ for (; fdata != NULL; fdata = fdata->next) {
+ fdata->flags.visited = 0;
+ if (fdata->pfd) {
+ g_slist_free(fdata->pfd);
+ fdata->pfd = NULL;
+ }
+ }
+ }
+
+ /* We're done filtering the packets; destroy the progress bar if it
+ was created. */
+ if (progbar != NULL)
+ destroy_progress_dlg(progbar);
/* Unfreeze the packet list. */
gtk_clist_thaw(GTK_CLIST(packet_list));
{
int i;
frame_data *fdata;
- guint32 progbar_quantum;
- guint32 progbar_nextstep;
- guint32 count;
- proto_tree *protocol_tree;
+ progdlg_t *progbar = NULL;
+ gboolean stop_flag;
+ int count;
+ int err;
gint *col_widths = NULL;
gint data_width;
gboolean print_separator;
char *cp;
int column_len;
int line_len;
+ epan_dissect_t *edt = NULL;
+ float prog_val;
+ GTimeVal start_time;
+ gchar status_str[100];
cf->print_fh = open_print_dest(print_args->to_file, print_args->dest);
if (cf->print_fh == NULL)
/* Make sure there's room in the line buffer for the column; if not,
double its length. */
- line_len += column_len + 1; /* "+1" for space or \n */
+ line_len += column_len + 1; /* "+1" for space */
if (line_len > line_buf_len) {
line_buf_len *= 2;
line_buf = g_realloc(line_buf, line_buf_len + 1);
else
sprintf(cp, "%-*s", col_widths[i], cf->cinfo.col_title[i]);
cp += column_len;
- if (i == cf->cinfo.num_cols - 1)
- *cp++ = '\n';
- else
+ if (i != cf->cinfo.num_cols - 1)
*cp++ = ' ';
}
*cp = '\0';
- print_line(cf->print_fh, print_args->format, line_buf);
+ print_line(cf->print_fh, 0, print_args->format, line_buf);
}
print_separator = FALSE;
- /* The protocol tree will be "visible", i.e., printed, only if we're
- not printing a summary. */
- proto_tree_is_visible = !print_args->print_summary;
-
/* Update the progress bar when it gets to this value. */
- progbar_nextstep = 0;
+ cf->progbar_nextstep = 0;
/* When we reach the value that triggers a progress bar update,
bump that value by this amount. */
- progbar_quantum = cf->count/N_PROGBAR_UPDATES;
+ cf->progbar_quantum = cf->count/N_PROGBAR_UPDATES;
/* Count of packets at which we've looked. */
count = 0;
- gtk_progress_bar_set_orientation(GTK_PROGRESS_BAR(prog_bar), GTK_PROGRESS_LEFT_TO_RIGHT);
+ stop_flag = FALSE;
+ g_get_current_time(&start_time);
/* Iterate through the list of packets, printing the packets that
were selected by the current display filter. */
to repaint what's pending, and doing so may involve an "ioctl()"
to see if there's any pending input from an X server, and doing
that for every packet can be costly, especially on a big file. */
- if (count >= progbar_nextstep) {
+ if (count >= cf->progbar_nextstep) {
/* let's not divide by zero. I should never be started
* with count == 0, so let's assert that
*/
g_assert(cf->count > 0);
+ prog_val = (gfloat) count / cf->count;
+
+ if (progbar == NULL)
+ /* Create the progress bar if necessary */
+ progbar = delayed_create_progress_dlg("Printing", "selected frames", "Stop", &stop_flag,
+ &start_time, prog_val);
- gtk_progress_bar_update(GTK_PROGRESS_BAR(prog_bar),
- (gfloat) count / cf->count);
- progbar_nextstep += progbar_quantum;
- while (gtk_events_pending())
- gtk_main_iteration();
+ if (progbar != NULL) {
+ g_snprintf(status_str, sizeof(status_str),
+ "%4u of %u frames", count, cf->count);
+ update_progress_dlg(progbar, prog_val, status_str);
+ }
+
+ cf->progbar_nextstep += cf->progbar_quantum;
}
- count++;
- if (fdata->flags.passed_dfilter) {
+ if (stop_flag) {
+ /* Well, the user decided to abort the printing. Just stop.
+
+ XXX - note that what got generated before they did that
+ will get printed, as we're piping to a print program; we'd
+ have to write to a file and then hand that to the print
+ program to make it actually not print anything. */
+ break;
+ }
+
+ count++;
+ /* Check to see if we are suppressing unmarked packets, if so,
+ * suppress them and then proceed to check for visibility.
+ */
+ if (((print_args->suppress_unmarked && fdata->flags.marked ) ||
+ !(print_args->suppress_unmarked)) && fdata->flags.passed_dfilter) {
+ /* XXX - do something with "err" */
wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
- cf->pd, fdata->cap_len);
+ cf->pd, fdata->cap_len, &err);
if (print_args->print_summary) {
/* Fill in the column information, but don't bother creating
the logical protocol tree. */
- fdata->cinfo = &cf->cinfo;
- for (i = 0; i < fdata->cinfo->num_cols; i++) {
- fdata->cinfo->col_data[i][0] = '\0';
- }
- dissect_packet(&cf->pseudo_header, cf->pd, fdata, NULL);
- fill_in_columns(fdata);
+ edt = epan_dissect_new(FALSE, FALSE);
+ epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, &cf->cinfo);
+ epan_dissect_fill_in_columns(edt);
cp = &line_buf[0];
line_len = 0;
for (i = 0; i < cf->cinfo.num_cols; i++) {
/* Make sure there's room in the line buffer for the column; if not,
double its length. */
- line_len += column_len + 1; /* "+1" for space or \n */
+ line_len += column_len + 1; /* "+1" for space */
if (line_len > line_buf_len) {
line_buf_len *= 2;
line_buf = g_realloc(line_buf, line_buf_len + 1);
else
sprintf(cp, "%-*s", col_widths[i], cf->cinfo.col_data[i]);
cp += column_len;
- if (i == cf->cinfo.num_cols - 1)
- *cp++ = '\n';
- else
+ if (i != cf->cinfo.num_cols - 1)
*cp++ = ' ';
}
*cp = '\0';
- print_line(cf->print_fh, print_args->format, line_buf);
+ print_line(cf->print_fh, 0, print_args->format, line_buf);
} else {
if (print_separator)
- print_line(cf->print_fh, print_args->format, "\n");
+ print_line(cf->print_fh, 0, print_args->format, "");
- /* Create the logical protocol tree. */
- protocol_tree = proto_tree_create_root();
- dissect_packet(&cf->pseudo_header, cf->pd, fdata, protocol_tree);
+ /* Create the logical protocol tree, complete with the display
+ representation of the items; we don't need the columns here,
+ however. */
+ edt = epan_dissect_new(TRUE, TRUE);
+ epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
/* Print the information in that tree. */
- proto_tree_print(FALSE, print_args, (GNode *)protocol_tree,
- cf->pd, fdata, cf->print_fh);
-
- proto_tree_free(protocol_tree);
+ proto_tree_print(print_args, edt, cf->print_fh);
if (print_args->print_hex) {
/* Print the full packet data as hex. */
- print_hex_data(cf->print_fh, print_args->format, cf->pd,
- fdata->cap_len, fdata->flags.encoding);
+ print_hex_data(cf->print_fh, print_args->format, edt);
}
/* Print a blank line if we print anything after this. */
print_separator = TRUE;
}
+ epan_dissect_free(edt);
}
}
+ /* We're done printing the packets; destroy the progress bar if
+ it was created. */
+ if (progbar != NULL)
+ destroy_progress_dlg(progbar);
+
if (col_widths != NULL)
g_free(col_widths);
if (line_buf != NULL)
close_print_dest(print_args->to_file, cf->print_fh);
- gtk_progress_bar_update(GTK_PROGRESS_BAR(prog_bar), 0);
-
cf->print_fh = NULL;
- proto_tree_is_visible = FALSE;
-
return TRUE;
}
change_time_formats(capture_file *cf)
{
frame_data *fdata;
- int row;
- int i;
- GtkStyle *pl_style;
+ progdlg_t *progbar = NULL;
+ gboolean stop_flag;
+ int count;
+ int row;
+ int i;
+ GtkStyle *pl_style;
+ float prog_val;
+ GTimeVal start_time;
+ gchar status_str[100];
+
+ /* Are there any columns with time stamps in the "command-line-specified"
+ format?
+
+ XXX - we have to force the "column is writable" flag on, as it
+ might be off from the last frame that was dissected. */
+ col_set_writable(&cf->cinfo, TRUE);
+ if (!check_col(&cf->cinfo, COL_CLS_TIME)) {
+ /* No, there aren't any columns in that format, so we have no work
+ to do. */
+ return;
+ }
/* Freeze the packet list while we redo it, so we don't get any
screen updates while it happens. */
freeze_clist(cf);
+ /* Update the progress bar when it gets to this value. */
+ cf->progbar_nextstep = 0;
+ /* When we reach the value that triggers a progress bar update,
+ bump that value by this amount. */
+ cf->progbar_quantum = cf->count/N_PROGBAR_UPDATES;
+ /* Count of packets at which we've looked. */
+ count = 0;
+
+ stop_flag = FALSE;
+ g_get_current_time(&start_time);
+
/* Iterate through the list of packets, checking whether the packet
is in a row of the summary list and, if so, whether there are
any columns that show the time in the "command-line-specified"
format and, if so, update that row. */
for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
+ /* Update the progress bar, but do it only N_PROGBAR_UPDATES times;
+ when we update it, we have to run the GTK+ main loop to get it
+ to repaint what's pending, and doing so may involve an "ioctl()"
+ to see if there's any pending input from an X server, and doing
+ that for every packet can be costly, especially on a big file. */
+ if (count >= cf->progbar_nextstep) {
+ /* let's not divide by zero. I should never be started
+ * with count == 0, so let's assert that
+ */
+ g_assert(cf->count > 0);
+
+ prog_val = (gfloat) count / cf->count;
+
+ if (progbar == NULL)
+ /* Create the progress bar if necessary */
+ progbar = delayed_create_progress_dlg("Changing", "time display", "Stop",
+ &stop_flag, &start_time, prog_val);
+
+ if (progbar != NULL) {
+ g_snprintf(status_str, sizeof(status_str),
+ "%4u of %u frames", count, cf->count);
+ update_progress_dlg(progbar, prog_val, status_str);
+ }
+
+ cf->progbar_nextstep += cf->progbar_quantum;
+ }
+
+ if (stop_flag) {
+ /* Well, the user decided to abort the redisplay. Just stop.
+
+ XXX - this leaves the time field in the old format in
+ frames we haven't yet processed. So it goes; should we
+ simply not offer them the option of stopping? */
+ break;
+ }
+
+ count++;
+
/* Find what row this packet is in. */
row = gtk_clist_find_row_from_data(GTK_CLIST(packet_list), fdata);
if (row != -1) {
/* This packet is in the summary list, on row "row". */
- /* XXX - there really should be a way of checking "cf->cinfo" for this;
- the answer isn't going to change from packet to packet, so we should
- simply skip all the "change_time_formats()" work if we're not
- changing anything. */
- fdata->cinfo = &cf->cinfo;
- if (check_col(fdata, COL_CLS_TIME)) {
- /* There are columns that show the time in the "command-line-specified"
- format; update them. */
- for (i = 0; i < cf->cinfo.num_cols; i++) {
- if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
- /* This is one of the columns that shows the time in
- "command-line-specified" format; update it. */
- cf->cinfo.col_data[i][0] = '\0';
- col_set_cls_time(fdata, i);
- gtk_clist_set_text(GTK_CLIST(packet_list), row, i,
- cf->cinfo.col_data[i]);
- }
+ for (i = 0; i < cf->cinfo.num_cols; i++) {
+ if (cf->cinfo.fmt_matx[i][COL_CLS_TIME]) {
+ /* This is one of the columns that shows the time in
+ "command-line-specified" format; update it. */
+ cf->cinfo.col_buf[i][0] = '\0';
+ col_set_cls_time(fdata, &cf->cinfo, i);
+ gtk_clist_set_text(GTK_CLIST(packet_list), row, i,
+ cf->cinfo.col_data[i]);
}
}
}
}
+ /* We're done redisplaying the packets; destroy the progress bar if it
+ was created. */
+ if (progbar != NULL)
+ destroy_progress_dlg(progbar);
+
/* Set the column widths of those columns that show the time in
"command-line-specified" format. */
pl_style = gtk_widget_get_style(packet_list);
thaw_clist(cf);
}
-static void
-clear_tree_and_hex_views(void)
-{
- /* Clear the hex dump. */
- gtk_text_freeze(GTK_TEXT(byte_view));
- gtk_text_set_point(GTK_TEXT(byte_view), 0);
- gtk_text_forward_delete(GTK_TEXT(byte_view),
- gtk_text_get_length(GTK_TEXT(byte_view)));
- gtk_text_thaw(GTK_TEXT(byte_view));
-
- /* Remove all nodes in ctree. This is how it's done in testgtk.c in GTK+ */
- gtk_clist_clear ( GTK_CLIST(tree_view) );
-
-}
-
gboolean
-find_packet(capture_file *cf, dfilter *sfcode)
+find_packet(capture_file *cf, dfilter_t *sfcode)
{
frame_data *start_fd;
frame_data *fdata;
frame_data *new_fd = NULL;
- guint32 progbar_quantum;
- guint32 progbar_nextstep;
- int count;
- proto_tree *protocol_tree;
- gboolean frame_matched;
- int row;
+ progdlg_t *progbar = NULL;
+ gboolean stop_flag;
+ int count;
+ int err;
+ gboolean frame_matched;
+ int row;
+ epan_dissect_t *edt;
+ float prog_val;
+ GTimeVal start_time;
+ gchar status_str[100];
start_fd = cf->current_frame;
if (start_fd != NULL) {
- gtk_progress_set_activity_mode(GTK_PROGRESS(prog_bar), FALSE);
-
/* Iterate through the list of packets, starting at the packet we've
picked, calling a routine to run the filter on the packet, see if
it matches, and stop if so. */
count = 0;
fdata = start_fd;
- /* Update the progress bar when it gets to this value. */
- progbar_nextstep = 0;
+ cf->progbar_nextstep = 0;
/* When we reach the value that triggers a progress bar update,
bump that value by this amount. */
- progbar_quantum = cf->count/N_PROGBAR_UPDATES;
- gtk_progress_bar_set_orientation(GTK_PROGRESS_BAR(prog_bar), GTK_PROGRESS_LEFT_TO_RIGHT);
+ cf->progbar_quantum = cf->count/N_PROGBAR_UPDATES;
+
+ stop_flag = FALSE;
+ g_get_current_time(&start_time);
fdata = start_fd;
for (;;) {
to repaint what's pending, and doing so may involve an "ioctl()"
to see if there's any pending input from an X server, and doing
that for every packet can be costly, especially on a big file. */
- if (count >= progbar_nextstep) {
+ if (count >= cf->progbar_nextstep) {
/* let's not divide by zero. I should never be started
* with count == 0, so let's assert that
*/
g_assert(cf->count > 0);
- gtk_progress_bar_update(GTK_PROGRESS_BAR(prog_bar),
- (gfloat) count / cf->count);
+ prog_val = (gfloat) count / cf->count;
+
+ /* Create the progress bar if necessary */
+ if (progbar == NULL)
+ progbar = delayed_create_progress_dlg("Searching", cf->sfilter, "Cancel",
+ &stop_flag, &start_time, prog_val);
+
+ if (progbar != NULL) {
+ g_snprintf(status_str, sizeof(status_str),
+ "%4u of %u frames", count, cf->count);
+ update_progress_dlg(progbar, prog_val, status_str);
+ }
- progbar_nextstep += progbar_quantum;
- while (gtk_events_pending())
- gtk_main_iteration();
+ cf->progbar_nextstep += cf->progbar_quantum;
+ }
+
+ if (stop_flag) {
+ /* Well, the user decided to abort the search. Go back to the
+ frame where we started. */
+ new_fd = start_fd;
+ break;
}
/* Go past the current frame. */
/* Is this packet in the display? */
if (fdata->flags.passed_dfilter) {
/* Yes. Does it match the search filter? */
- protocol_tree = proto_tree_create_root();
+ /* XXX - do something with "err" */
wtap_seek_read(cf->wth, fdata->file_off, &cf->pseudo_header,
- cf->pd, fdata->cap_len);
- dissect_packet(&cf->pseudo_header, cf->pd, fdata, protocol_tree);
- frame_matched = dfilter_apply(sfcode, protocol_tree, cf->pd, fdata->cap_len);
- proto_tree_free(protocol_tree);
+ cf->pd, fdata->cap_len, &err);
+ edt = epan_dissect_new(TRUE, FALSE);
+ epan_dissect_prime_dfilter(edt, sfcode);
+ epan_dissect_run(edt, &cf->pseudo_header, cf->pd, fdata, NULL);
+ frame_matched = dfilter_apply_edt(sfcode, edt);
+ epan_dissect_free(edt);
if (frame_matched) {
new_fd = fdata;
break; /* found it! */
}
}
- gtk_progress_bar_update(GTK_PROGRESS_BAR(prog_bar), 0);
+ /* We're done scanning the packets; destroy the progress bar if it
+ was created. */
+ if (progbar != NULL)
+ destroy_progress_dlg(progbar);
}
if (new_fd != NULL) {
select_packet(capture_file *cf, int row)
{
frame_data *fdata;
+ int err;
/* Get the frame data struct pointer for this frame */
fdata = (frame_data *) gtk_clist_get_row_data(GTK_CLIST(packet_list), row);
cf->current_frame = fdata;
/* Get the data in that frame. */
+ /* XXX - do something with "err" */
wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header,
- cf->pd, fdata->cap_len);
+ cf->pd, fdata->cap_len, &err);
/* Create the logical protocol tree. */
- if (cf->protocol_tree)
- proto_tree_free(cf->protocol_tree);
- cf->protocol_tree = proto_tree_create_root();
- proto_tree_is_visible = TRUE;
- dissect_packet(&cf->pseudo_header, cf->pd, cf->current_frame,
- cf->protocol_tree);
- proto_tree_is_visible = FALSE;
-
- /* Display the GUI protocol tree and hex dump. */
- clear_tree_and_hex_views();
- proto_tree_draw(cf->protocol_tree, tree_view);
- packet_hex_print(GTK_TEXT(byte_view), cf->pd, cf->current_frame->cap_len,
- -1, -1, cf->current_frame->flags.encoding);
+ if (cf->edt != NULL) {
+ epan_dissect_free(cf->edt);
+ cf->edt = NULL;
+ }
+ /* We don't need the columns here. */
+ cf->edt = epan_dissect_new(TRUE, TRUE);
+ epan_dissect_run(cf->edt, &cf->pseudo_header, cf->pd, cf->current_frame,
+ NULL);
+
+ /* Display the GUI protocol tree and hex dump.
+ XXX - why do we dump core if we call "proto_tree_draw()"
+ before calling "add_byte_views()"? */
+ add_byte_views(cf->edt, tree_view, byte_nb_ptr);
+ proto_tree_draw(cf->edt->tree, tree_view);
/* A packet is selected. */
set_menus_for_selected_packet(TRUE);
void
unselect_packet(capture_file *cf)
{
- /* Destroy the protocol tree for that packet. */
- if (cf->protocol_tree != NULL) {
- proto_tree_free(cf->protocol_tree);
- cf->protocol_tree = NULL;
+ /* Destroy the epan_dissect_t for the unselected packet. */
+ if (cf->edt != NULL) {
+ epan_dissect_free(cf->edt);
+ cf->edt = NULL;
}
- finfo_selected = NULL;
-
/* Clear out the display of that packet. */
clear_tree_and_hex_views();
/* No packet is selected. */
set_menus_for_selected_packet(FALSE);
+
+ /* No protocol tree means no selected field. */
+ unselect_field();
}
/* Set the selected row and the focus row of the packet list to the specified
gtk_clist_select_row(GTK_CLIST(packet_list), row, -1);
}
+/* Unset the selected protocol tree field, if any. */
+void
+unselect_field(void)
+{
+ statusbar_pop_field_msg();
+ finfo_selected = NULL;
+ set_menus_for_selected_tree_row(FALSE);
+}
+
+/*
+ * Mark a particular frame.
+ */
+void
+mark_frame(capture_file *cf, frame_data *frame)
+{
+ frame->flags.marked = TRUE;
+ cf->marked_count++;
+}
+
+/*
+ * Unmark a particular frame.
+ */
+void
+unmark_frame(capture_file *cf, frame_data *frame)
+{
+ frame->flags.marked = FALSE;
+ cf->marked_count--;
+}
+
static void
freeze_clist(capture_file *cf)
{
gtk_clist_set_column_resizeable(GTK_CLIST(packet_list), i, TRUE);
}
-int
+/*
+ * Save a capture to a file, in a particular format, saving either
+ * all packets, all currently-displayed packets, or all marked packets.
+ *
+ * Returns TRUE if it succeeds, FALSE otherwise; if it fails, it pops
+ * up a message box for the failure.
+ */
+gboolean
save_cap_file(char *fname, capture_file *cf, gboolean save_filtered,
- guint save_format)
+ gboolean save_marked, guint save_format)
{
gchar *from_filename;
gchar *name_ptr, *save_msg, *save_fmt = " Saving: %s...";
size_t msg_len;
int err;
gboolean do_copy;
- int from_fd, to_fd, nread, nwritten;
wtap_dumper *pdh;
frame_data *fdata;
struct wtap_pkthdr hdr;
union wtap_pseudo_header pseudo_header;
guint8 pd[65536];
+ struct stat infile, outfile;
name_ptr = get_basename(fname);
msg_len = strlen(name_ptr) + strlen(save_fmt) + 2;
save_msg = g_malloc(msg_len);
snprintf(save_msg, msg_len, save_fmt, name_ptr);
- gtk_statusbar_push(GTK_STATUSBAR(info_bar), file_ctx, save_msg);
+ statusbar_push_file_msg(save_msg);
g_free(save_msg);
- if (!save_filtered && save_format == cf->cd_t) {
+ /*
+ * Check that the from file is not the same as to file
+ * We do it here so we catch all cases ...
+ * Unfortunately, the file requester gives us an absolute file
+ * name and the read file name may be relative (if supplied on
+ * the command line). From Joerg Mayer.
+ */
+ infile.st_ino = 1; /* These prevent us from getting equality */
+ outfile.st_ino = 2; /* If one or other of the files is not accessible */
+ stat(cf->filename, &infile);
+ stat(fname, &outfile);
+ if (infile.st_ino == outfile.st_ino) {
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ "Can't save over current capture file: %s!",
+ cf->filename);
+ goto fail;
+ }
+
+ if (!save_filtered && !save_marked && save_format == cf->cd_t) {
/* We're not filtering packets, and we're saving it in the format
it's already in, so we can just move or copy the raw data. */
- /* In this branch, we set "err" only if we get an error, so we
- must first clear it. */
- err = 0;
if (cf->is_tempfile) {
/* The file being saved is a temporary file from a live
capture, so it doesn't need to stay around under that name;
be if we didn't have permission to remove the file from
the temporary directory, and that might be fixable - but
is it worth requiring the user to go off and fix it?) */
- err = errno;
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_rename_error_message(err), fname);
- goto done;
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_rename_error_message(errno), fname);
+ goto fail;
}
}
#else
do_copy = TRUE;
from_filename = cf->filename;
}
- /* Copy the file, if we haven't moved it. */
- if (do_copy) {
- /* Copy the raw bytes of the file. */
- from_fd = open(from_filename, O_RDONLY | O_BINARY);
- if (from_fd < 0) {
- err = errno;
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_open_error_message(err, TRUE), from_filename);
- goto done;
- }
-
- /* Use open() instead of creat() so that we can pass the O_BINARY
- flag, which is relevant on Win32; it appears that "creat()"
- may open the file in text mode, not binary mode, but we want
- to copy the raw bytes of the file, so we need the output file
- to be open in binary mode. */
- to_fd = open(fname, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
- if (to_fd < 0) {
- err = errno;
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_open_error_message(err, TRUE), fname);
- close(from_fd);
- goto done;
- }
- while ((nread = read(from_fd, pd, sizeof pd)) > 0) {
- nwritten = write(to_fd, pd, nread);
- if (nwritten < nread) {
- if (nwritten < 0)
- err = errno;
- else
- err = WTAP_ERR_SHORT_WRITE;
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_write_error_message(err), fname);
- close(from_fd);
- close(to_fd);
- goto done;
- }
- }
- if (nread < 0) {
- err = errno;
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_read_error_message(err), from_filename);
- close(from_fd);
- close(to_fd);
- goto done;
- }
- close(from_fd);
- if (close(to_fd) < 0) {
- err = errno;
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_close_error_message(err), fname);
- goto done;
- }
+ if (do_copy) {
+ /* Copy the file, if we haven't moved it. */
+ if (!copy_binary_file(from_filename, fname))
+ goto fail;
}
} else {
/* Either we're filtering packets, or we're saving in a different
we have to do it by writing the packets out in Wiretap. */
pdh = wtap_dump_open(fname, save_format, cf->lnk_t, cf->snap, &err);
if (pdh == NULL) {
- simple_dialog(ESD_TYPE_WARN, NULL,
- file_open_error_message(err, TRUE), fname);
- goto done;
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_open_error_message(err, TRUE, save_format), fname);
+ goto fail;
}
/* XXX - have a way to save only the packets currently selected by
- the display filter.
+ the display filter or the marked ones.
If we do that, should we make that file the current file? If so,
it means we can no longer get at the other packets. What does
NetMon do? */
for (fdata = cf->plist; fdata != NULL; fdata = fdata->next) {
/* XXX - do a progress bar */
- if (!save_filtered || fdata->flags.passed_dfilter) {
- /* Either we're saving all frames, or we're saving filtered frames
- and this one passed the display filter - save it. */
+ if ((!save_filtered && !save_marked) ||
+ (save_filtered && fdata->flags.passed_dfilter && !save_marked) ||
+ (save_marked && fdata->flags.marked && !save_filtered) ||
+ (save_filtered && save_marked && fdata->flags.passed_dfilter &&
+ fdata->flags.marked)) {
+ /* Either :
+ - we're saving all frames, or
+ - we're saving filtered frames and this one passed the display filter or
+ - we're saving marked frames (and it has been marked) or
+ - we're saving filtered _and_ marked frames,
+ save it. */
hdr.ts.tv_sec = fdata->abs_secs;
hdr.ts.tv_usec = fdata->abs_usecs;
hdr.caplen = fdata->cap_len;
hdr.len = fdata->pkt_len;
hdr.pkt_encap = fdata->lnk_t;
- wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
- pd, fdata->cap_len);
+ if (!wtap_seek_read(cf->wth, fdata->file_off, &pseudo_header,
+ pd, fdata->cap_len, &err)) {
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_read_error_message(err), cf->filename);
+ wtap_dump_close(pdh, &err);
+ goto fail;
+ }
if (!wtap_dump(pdh, &hdr, &pseudo_header, pd, &err)) {
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_CRIT, NULL,
file_write_error_message(err), fname);
- wtap_dump_close(pdh, &err);
- goto done;
+ wtap_dump_close(pdh, &err);
+ goto fail;
}
}
}
if (!wtap_dump_close(pdh, &err)) {
simple_dialog(ESD_TYPE_WARN, NULL,
file_close_error_message(err), fname);
- goto done;
+ goto fail;
}
}
-done:
-
/* Pop the "Saving:" message off the status bar. */
- gtk_statusbar_pop(GTK_STATUSBAR(info_bar), file_ctx);
- if (err == 0) {
- if (!save_filtered) {
- /* We saved the entire capture, not just some packets from it.
- Open and read the file we saved it to.
-
- XXX - this is somewhat of a waste; we already have the
- packets, all this gets us is updated file type information
- (which we could just stuff into "cf"), and having the new
- file be the one we have opened and from which we're reading
- the data, and it means we have to spend time opening and
- reading the file, which could be a significant amount of
- time if the file is large. */
- cf->user_saved = TRUE;
-
- if ((err = open_cap_file(fname, FALSE, cf)) == 0) {
- /* XXX - report errors if this fails? */
- err = read_cap_file(cf);
- set_menus_for_unsaved_capture_file(FALSE);
+ statusbar_pop_file_msg();
+ if (!save_filtered && !save_marked) {
+ /* We saved the entire capture, not just some packets from it.
+ Open and read the file we saved it to.
+
+ XXX - this is somewhat of a waste; we already have the
+ packets, all this gets us is updated file type information
+ (which we could just stuff into "cf"), and having the new
+ file be the one we have opened and from which we're reading
+ the data, and it means we have to spend time opening and
+ reading the file, which could be a significant amount of
+ time if the file is large. */
+ cf->user_saved = TRUE;
+
+ if ((err = open_cap_file(fname, FALSE, cf)) == 0) {
+ /* XXX - report errors if this fails?
+ What should we return if it fails or is aborted? */
+ switch (read_cap_file(cf, &err)) {
+
+ case READ_SUCCESS:
+ case READ_ERROR:
+ /* Just because we got an error, that doesn't mean we were unable
+ to read any of the file; we handle what we could get from the
+ file. */
+ break;
+
+ case READ_ABORTED:
+ /* The user bailed out of re-reading the capture file; the
+ capture file has been closed - just return (without
+ changing any menu settings; "close_cap_file()" set them
+ correctly for the "no capture file open" state). */
+ break;
}
+ set_menus_for_unsaved_capture_file(FALSE);
}
}
- return err;
+ return TRUE;
+
+fail:
+ /* Pop the "Saving:" message off the status bar. */
+ statusbar_pop_file_msg();
+ return FALSE;
}
char *
-file_open_error_message(int err, int for_writing)
+file_open_error_message(int err, gboolean for_writing, int file_type)
{
char *errmsg;
static char errmsg_errno[1024+1];
switch (err) {
case WTAP_ERR_NOT_REGULAR_FILE:
- errmsg = "The file \"%s\" is invalid.";
+ errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
+ break;
+
+ case WTAP_ERR_RANDOM_OPEN_PIPE:
+ /* Seen only when opening a capture file for reading. */
+ errmsg = "The file \"%s\" is a pipe or FIFO; Ethereal cannot read pipe or FIFO files.";
break;
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
errmsg = "The file \"%s\" is not a capture file in a format Ethereal understands.";
break;
+ case WTAP_ERR_CANT_WRITE_TO_PIPE:
+ /* Seen only when opening a capture file for writing. */
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" is a pipe, and %s capture files cannot be "
+ "written to a pipe.", wtap_file_type_string(file_type));
+ errmsg = errmsg_errno;
+ break;
+
case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
/* Seen only when opening a capture file for writing. */
errmsg = "Ethereal does not support writing capture files in that format.";
case WTAP_ERR_SHORT_READ:
errmsg = "The file \"%s\" appears to have been cut short"
- " in the middle of a packet.";
+ " in the middle of a packet or other data.";
break;
case WTAP_ERR_SHORT_WRITE:
errmsg = "You do not have permission to read the file \"%s\".";
break;
+ case EISDIR:
+ errmsg = "\"%s\" is a directory (folder), not a file.";
+ break;
+
default:
- sprintf(errmsg_errno, "The file \"%%s\" could not be opened: %s.",
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" could not be %s: %s.",
+ for_writing ? "created" : "opened",
wtap_strerror(err));
errmsg = errmsg_errno;
break;
break;
default:
- sprintf(errmsg_errno, "The file \"%%s\" could not be moved: %s.",
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" could not be moved: %s.",
wtap_strerror(err));
errmsg = errmsg_errno;
break;
{
static char errmsg_errno[1024+1];
- sprintf(errmsg_errno, "An error occurred while reading from the file \"%%s\": %s.",
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "An error occurred while reading from the file \"%%s\": %s.",
wtap_strerror(err));
return errmsg_errno;
}
#endif
default:
- sprintf(errmsg_errno, "An error occurred while writing to the file \"%%s\": %s.",
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "An error occurred while writing to the file \"%%s\": %s.",
wtap_strerror(err));
errmsg = errmsg_errno;
break;
break;
case WTAP_ERR_SHORT_WRITE:
- errmsg = "Not all the data could be written to the file \"%s\".";
+ errmsg = "Not all the packets could be written to the file \"%s\".";
break;
case ENOSPC:
#endif
default:
- sprintf(errmsg_errno, "An error occurred while closing the file \"%%s\": %s.",
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "An error occurred while closing the file \"%%s\": %s.",
wtap_strerror(err));
errmsg = errmsg_errno;
break;
}
return errmsg;
}
+
+
+/* Copies a file in binary mode, for those operating systems that care about
+ * such things.
+ * Returns TRUE on success, FALSE on failure. If a failure, it also
+ * displays a simple dialog window with the error message.
+ */
+static gboolean
+copy_binary_file(char *from_filename, char *to_filename)
+{
+ int from_fd, to_fd, nread, nwritten, err;
+ guint8 pd[65536]; /* XXX - Hmm, 64K here, 64K in save_cap_file(),
+ perhaps we should make just one 64K buffer. */
+
+ /* Copy the raw bytes of the file. */
+ from_fd = open(from_filename, O_RDONLY | O_BINARY);
+ if (from_fd < 0) {
+ err = errno;
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_open_error_message(err, TRUE, 0), from_filename);
+ goto done;
+ }
+
+ /* Use open() instead of creat() so that we can pass the O_BINARY
+ flag, which is relevant on Win32; it appears that "creat()"
+ may open the file in text mode, not binary mode, but we want
+ to copy the raw bytes of the file, so we need the output file
+ to be open in binary mode. */
+ to_fd = open(to_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
+ if (to_fd < 0) {
+ err = errno;
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_open_error_message(err, TRUE, 0), to_filename);
+ close(from_fd);
+ goto done;
+ }
+
+ while ((nread = read(from_fd, pd, sizeof pd)) > 0) {
+ nwritten = write(to_fd, pd, nread);
+ if (nwritten < nread) {
+ if (nwritten < 0)
+ err = errno;
+ else
+ err = WTAP_ERR_SHORT_WRITE;
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_write_error_message(err), to_filename);
+ close(from_fd);
+ close(to_fd);
+ goto done;
+ }
+ }
+ if (nread < 0) {
+ err = errno;
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_read_error_message(err), from_filename);
+ close(from_fd);
+ close(to_fd);
+ goto done;
+ }
+ close(from_fd);
+ if (close(to_fd) < 0) {
+ err = errno;
+ simple_dialog(ESD_TYPE_CRIT, NULL,
+ file_close_error_message(err), to_filename);
+ goto done;
+ }
+
+ return TRUE;
+
+ done:
+ return FALSE;
+}