From Dirk via bug #5771: Add heuristic dissector for images and HTTP
[obnox/wireshark/wip.git] / rawshark.c
index 23cff51cb566e7c913a38312654bc37552d4e8ba..27d4d7639de98e4be8d06bc1650b4bcb3ce0bf6b 100644 (file)
 #endif
 
 #ifdef NEED_STRERROR_H
-#include "strerror.h"
+#include "wsutil/strerror.h"
 #endif
 
 #ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #else
-#include "wsgetopt.h"
+#include "wsutil/wsgetopt.h"
 #endif
 
 #include <glib.h>
 #endif /* HAVE_LIBPCAP */
 #include "log.h"
 
+#ifdef _WIN32
+#include <shellapi.h>
+#endif /* _WIN32 */
+
 /*
  * This is the template for the decode as option; it is shared between the
  * various functions that output the usage for this parameter.
@@ -140,11 +144,7 @@ typedef enum {
 static gboolean line_buffered;
 static print_format_e print_format = PR_FMT_TEXT;
 
-/*
- * Standard secondary message for unexpected errors.
- */
-static const char please_report[] =
-    "Please report this to the Wireshark developers";
+static gboolean want_pcap_pkthdr;
 
 cf_status_t raw_cf_open(capture_file *cf, const char *fname);
 static int load_cap_file(capture_file *cf);
@@ -208,25 +208,26 @@ print_usage(gboolean print_ver)
 
     fprintf(output, "\n");
     fprintf(output, "Processing:\n");
-    fprintf(output, "  -R <read filter>         packet filter in Wireshark display filter syntax\n");
+    fprintf(output, "  -d <encap:dlt>|<proto:protoname>\n");
+    fprintf(output, "                           packet encapsulation or protocol\n");
     fprintf(output, "  -F <field>               field to display\n");
-    fprintf(output, "  -s                       skip PCAP header on input\n");
     fprintf(output, "  -n                       disable all name resolution (def: all enabled)\n");
     fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mntC\"\n");
-    fprintf(output, "  -d <encap:dlt>|<proto:protoname>\n");
-    fprintf(output, "                           packet encapsulation or protocol\n");
+    fprintf(output, "  -p                       use the system's packet header format (which may have 64-bit timestamps)\n");
+    fprintf(output, "  -R <read filter>         packet filter in Wireshark display filter syntax\n");
+    fprintf(output, "  -s                       skip PCAP header on input\n");
 
     /*fprintf(output, "\n");*/
     fprintf(output, "Output:\n");
+    fprintf(output, "  -l                       flush output after each packet\n");
     fprintf(output, "  -S                       format string for fields (%%D - name, %%S - stringval, %%N numval)\n");
     fprintf(output, "  -t ad|a|r|d|dd|e         output format of time stamps (def: r: rel. to first)\n");
-    fprintf(output, "  -l                       flush output after each packet\n");
 
     fprintf(output, "\n");
     fprintf(output, "Miscellaneous:\n");
     fprintf(output, "  -h                       display this help and exit\n");
-    fprintf(output, "  -v                       display version info and exit\n");
     fprintf(output, "  -o <name>:<value> ...    override preference setting\n");
+    fprintf(output, "  -v                       display version info and exit\n");
 }
 
 static void
@@ -433,7 +434,9 @@ main(int argc, char *argv[])
     gboolean             arg_error = FALSE;
 
 #ifdef _WIN32
-    WSADATA       wsaData;
+    WSADATA              wsaData;
+    LPWSTR              *wc_argv;
+    int                  wc_argc;
 #endif  /* _WIN32 */
 
     char                *gpf_path, *pf_path;
@@ -452,14 +455,24 @@ main(int argc, char *argv[])
     guint                fc;
     gboolean             skip_pcap_header = FALSE;
 
-#define OPTSTRING_INIT "d:F:hlnN:o:r:R:sS:t:v"
+#define OPTSTRING_INIT "d:F:hlnN:o:pr:R:sS:t:v"
 
     static const char    optstring[] = OPTSTRING_INIT;
 
+#ifdef _WIN32
+    /* Convert our arg list to UTF-8. */
+    wc_argv = CommandLineToArgvW(GetCommandLineW(), &wc_argc);
+    if (wc_argv && wc_argc == argc) {
+        for (i = 0; i < argc; i++) {
+            argv[i] = g_utf16_to_utf8(wc_argv[i], -1, NULL, NULL, NULL);
+        }
+    } /* XXX else bail because something is horribly, horribly wrong? */
+#endif /* _WIN32 */
+
     /*
      * Get credential information for later use.
      */
-    get_credential_info();
+    init_process_policies();
 
     /*
      * Clear the filters arrays
@@ -486,7 +499,7 @@ main(int argc, char *argv[])
     /*
      * Get credential information for later use.
      */
-    get_credential_info();
+    init_process_policies();
 
     /* nothing more than the standard GLib handler, but without a warning */
     log_flags =
@@ -547,7 +560,7 @@ main(int argc, char *argv[])
     }
 
     /* Set the name resolution code's flags from the preferences. */
-    g_resolv_flags = prefs_p->name_resolve;
+    gbl_resolv_flags = prefs_p->name_resolve;
 
     /* Read the disabled protocols file. */
     read_disabled_protos_list(&gdp_path, &gdp_open_errno, &gdp_read_errno,
@@ -623,12 +636,12 @@ main(int argc, char *argv[])
                 line_buffered = TRUE;
                 break;
             case 'n':        /* No name resolution */
-                g_resolv_flags = RESOLV_NONE;
+                gbl_resolv_flags = RESOLV_NONE;
                 break;
             case 'N':        /* Select what types of addresses/port #s to resolve */
-                if (g_resolv_flags == RESOLV_ALL)
-                    g_resolv_flags = RESOLV_NONE;
-                badopt = string_to_name_resolve(optarg, &g_resolv_flags);
+                if (gbl_resolv_flags == RESOLV_ALL)
+                    gbl_resolv_flags = RESOLV_NONE;
+                badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
                 if (badopt != '\0') {
                     cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
                                badopt);
@@ -653,6 +666,9 @@ main(int argc, char *argv[])
                         break;
                 }
                 break;
+            case 'p':        /* Expect pcap_pkthdr packet headers, which may have 64-bit timestamps */
+                want_pcap_pkthdr = TRUE;
+                break;
             case 'r':        /* Read capture file xxx */
                 pipe_name = g_strdup(optarg);
                 break;
@@ -701,7 +717,7 @@ main(int argc, char *argv[])
                 GString             *runtime_info_str;
                 /* Assemble the compile-time version information string */
                 comp_info_str = g_string_new("Compiled ");
-                get_compiled_version_info(comp_info_str, get_epan_compiled_version_info);
+                get_compiled_version_info(comp_info_str, NULL, epan_get_compiled_version_info);
 
                 /* Assemble the run-time version information string */
                 runtime_info_str = g_string_new("Running ");
@@ -882,12 +898,18 @@ main(int argc, char *argv[])
  */
 static gboolean
 raw_pipe_read(struct wtap_pkthdr *phdr, guchar * pd, int *err, const gchar **err_info, gint64 *data_offset) {
-    struct pcaprec_hdr hdr;
+    struct pcap_pkthdr mem_hdr;
+    struct pcaprec_hdr disk_hdr;
     int bytes_read = 0;
-    int bytes_needed = sizeof(struct pcaprec_hdr);
-    guchar *ptr = (guchar*)&hdr;
+    int bytes_needed = sizeof(disk_hdr);
+    guchar *ptr = (guchar*) &disk_hdr;
     static gchar err_str[100];
 
+    if (want_pcap_pkthdr) {
+        bytes_needed = sizeof(mem_hdr);
+        ptr = (guchar*) &mem_hdr;
+    }
+
     /* Copied from capture_loop.c */
     while (bytes_needed > 0) {
         bytes_read = read(fd, ptr, bytes_needed);
@@ -904,10 +926,18 @@ raw_pipe_read(struct wtap_pkthdr *phdr, guchar * pd, int *err, const gchar **err
         ptr += bytes_read;
     }
 
-    phdr->ts.secs = hdr.ts_sec;
-    phdr->ts.nsecs = hdr.ts_usec * 1000;
-    phdr->caplen = bytes_needed = hdr.incl_len;
-    phdr->len = hdr.orig_len;
+    if (want_pcap_pkthdr) {
+        phdr->ts.secs = mem_hdr.ts.tv_sec;
+        phdr->ts.nsecs = mem_hdr.ts.tv_usec * 1000;
+        phdr->caplen = bytes_needed = mem_hdr.caplen;
+        phdr->len = mem_hdr.len;
+    } else {
+        phdr->ts.secs = disk_hdr.ts_sec;
+        phdr->ts.nsecs = disk_hdr.ts_usec * 1000;
+        phdr->caplen = bytes_needed = disk_hdr.incl_len;
+        phdr->len = disk_hdr.orig_len;
+    }
+
     phdr->pkt_encap = encap;
 
 #if 0
@@ -1634,15 +1664,6 @@ cmdarg_err_cont(const char *fmt, ...)
 }
 
 
-/****************************************************************************************************************/
-/* other "dummies" */
-void
-cf_mark_frame(capture_file *cf _U_, frame_data *frame _U_)
-{
-    /* shouldn't happen */
-    g_assert_not_reached();
-}
-
 /*
  * Editor modelines
  *