/* tethereal.c
*
- * $Id: tethereal.c,v 1.23 2000/04/04 06:46:29 guy Exp $
+ * $Id: tethereal.c,v 1.97 2001/11/09 07:44:48 guy Exp $
*
* Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@zing.org>
+ * By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* Text-mode variant, by Gilbert Ramirez <gram@xiexie.org>.
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <locale.h>
+#include <limits.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <errno.h>
+
+#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
#include <fcntl.h>
+#endif
+
#include <signal.h>
+#ifdef HAVE_LIBPCAP
+#include <pcap.h>
+#endif
+
+#ifdef HAVE_LIBZ
+#include <zlib.h> /* to get the libz version number */
+#endif
+
#ifdef NEED_SNPRINTF_H
-# ifdef HAVE_STDARG_H
-# include <stdarg.h>
-# else
-# include <varargs.h>
-# endif
# include "snprintf.h"
#endif
#include "getopt.h"
#endif
+#include <glib.h>
+#include <epan.h>
+
#include "globals.h"
#include "timestamp.h"
#include "packet.h"
#include "column.h"
#include "print.h"
#include "resolv.h"
-#include "follow.h"
#include "util.h"
-#include "ui_util.h"
+#ifdef HAVE_LIBPCAP
+#include "pcap-util.h"
+#endif
#include "conversation.h"
+#include "reassemble.h"
#include "plugins.h"
+#include "register.h"
+
+#ifdef WIN32
+#include "capture-wpcap.h"
+#endif
static guint32 firstsec, firstusec;
static guint32 prevsec, prevusec;
-static gchar comp_info_str[256];
+static GString *comp_info_str;
static gboolean verbose;
static gboolean print_hex;
+static gboolean line_buffered;
#ifdef HAVE_LIBPCAP
typedef struct _loop_data {
} cb_args_t;
static int load_cap_file(capture_file *, int);
-static void wtap_dispatch_cb_write(u_char *, const struct wtap_pkthdr *, int,
- const u_char *);
-static void wtap_dispatch_cb_print(u_char *, const struct wtap_pkthdr *, int,
- const u_char *);
-static gchar *col_info(frame_data *, gint);
+static void wtap_dispatch_cb_write(u_char *, const struct wtap_pkthdr *, long,
+ union wtap_pseudo_header *, const u_char *);
+static void show_capture_file_io_error(const char *, int, gboolean);
+static void wtap_dispatch_cb_print(u_char *, const struct wtap_pkthdr *, long,
+ union wtap_pseudo_header *, const u_char *);
packet_info pi;
-capture_file cf;
+capture_file cfile;
FILE *data_out_file = NULL;
-guint main_ctx, file_ctx;
ts_type timestamp_type = RELATIVE;
-
-/* call initialization routines at program startup time */
-static void
-ethereal_proto_init(void) {
- proto_init();
- dfilter_init();
-#ifdef HAVE_PLUGINS
- init_plugins();
+#ifdef HAVE_LIBPCAP
+static int promisc_mode = TRUE;
#endif
-}
-
-static void
-ethereal_proto_cleanup(void) {
- proto_cleanup();
- dfilter_cleanup();
-}
static void
print_usage(void)
{
int i;
- fprintf(stderr, "This is GNU t%s %s, compiled with %s\n", PACKAGE,
- VERSION, comp_info_str);
+ fprintf(stderr, "This is GNU t%s %s, compiled %s\n", PACKAGE, VERSION,
+ comp_info_str->str);
#ifdef HAVE_LIBPCAP
- fprintf(stderr, "t%s [ -vVh ] [ -c count ] [ -D ] [ -f <filter expression> ]\n", PACKAGE);
- fprintf(stderr, "\t[ -F <capture file type> ] [ -i iface ] [ -n ] [ -r infile ]\n");
- fprintf(stderr, "\t[ -R <filter expression> ] [ -s snaplen ] [ -t <time stamp format> ]\n");
- fprintf(stderr, "\t[ -w savefile ] [ -x ]\n");
+ fprintf(stderr, "t%s [ -DvVhlp ] [ -c <count> ] [ -f <capture filter> ]\n", PACKAGE);
+ fprintf(stderr, "\t[ -F <capture file type> ] [ -i <interface> ] [ -n ] [ -N <resolving> ]\n");
+ fprintf(stderr, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
+ fprintf(stderr, "\t[ -s <snaplen> ] [ -t <time stamp format> ] [ -w <savefile> ] [ -x ]\n");
#else
- fprintf(stderr, "t%s [ -vVh ] [ -D ] [ -F <capture file type> ] [ -n ] [ -r infile ]\n", PACKAGE);
- fprintf(stderr, "\t[ -R <filter expression> ] [ -t <time stamp format> ] [ -w savefile ]\n");
- fprintf(stderr, "\t[ -x ]\n");
+ fprintf(stderr, "t%s [ -vVhl ] [ -F <capture file type> ] [ -n ] [ -N <resolving> ]\n", PACKAGE);
+ fprintf(stderr, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
+ fprintf(stderr, "\t[ -t <time stamp format> ] [ -w <savefile> ] [ -x ]\n");
#endif
fprintf(stderr, "Valid file type arguments to the \"-F\" flag:\n");
for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
fprintf(stderr, "\tdefault is libpcap\n");
}
+int
+get_positive_int(const char *string, const char *name)
+{
+ long number;
+ char *p;
+
+ number = strtol(string, &p, 10);
+ if (p == string || *p != '\0') {
+ fprintf(stderr, "tethereal: The specified %s \"%s\" is not a decimal number\n",
+ name, string);
+ exit(1);
+ }
+ if (number < 0) {
+ fprintf(stderr, "tethereal: The specified %s \"%s\" is a negative number\n",
+ name, string);
+ exit(1);
+ }
+ if (number > INT_MAX) {
+ fprintf(stderr, "tethereal: The specified %s \"%s\" is too large (greater than %d)\n",
+ name, string, INT_MAX);
+ exit(1);
+ }
+ return number;
+}
+
int
main(int argc, char *argv[])
{
extern char *optarg;
gboolean arg_error = FALSE;
#ifdef HAVE_LIBPCAP
-#ifdef WIN32
- char pcap_version[] = "0.4a6";
-#else
+#ifdef HAVE_PCAP_VERSION
extern char pcap_version[];
+#endif /* HAVE_PCAP_VERSION */
+#endif /* HAVE_LIBPCAP */
+
+#ifdef WIN32
+ WSADATA wsaData;
#endif
-#endif
- char *pf_path;
+
+ char *gpf_path;
+ const char *pf_path;
+ int gpf_open_errno, pf_open_errno;
int err;
#ifdef HAVE_LIBPCAP
gboolean capture_filter_specified = FALSE;
int packet_count = 0;
- GList *if_list;
+ GList *if_list, *if_entry;
gchar err_str[PCAP_ERRBUF_SIZE];
#else
gboolean capture_option_specified = FALSE;
#endif
- int out_file_type = WTAP_FILE_PCAP;
+ int out_file_type = WTAP_FILE_PCAP;
gchar *cf_name = NULL, *rfilter = NULL;
- dfilter *rfcode = NULL;
+ dfilter_t *rfcode = NULL;
e_prefs *prefs;
+ char badopt;
+
+ /* Register all dissectors; we must do this before checking for the
+ "-G" flag, as the "-G" flag dumps a list of fields registered
+ by the dissectors, and we must do it before we read the preferences,
+ in case any dissectors register preferences. */
+ epan_init(PLUGIN_DIR,register_all_protocols,register_all_protocol_handoffs);
+
+ /* Now register the preferences for any non-dissector modules.
+ We must do that before we read the preferences as well. */
+ prefs_register_modules();
/* If invoked with the "-G" flag, we dump out a glossary of
display filter symbols.
We do this here to mirror what happens in the GTK+ version, although
it's not necessary here. */
if (argc >= 2 && strcmp(argv[1], "-G") == 0) {
- ethereal_proto_init();
proto_registrar_dump();
exit(0);
}
- prefs = read_prefs(&pf_path);
+ /* Set the C-language locale to the native environment. */
+ setlocale(LC_ALL, "");
+
+ prefs = read_prefs(&gpf_open_errno, &gpf_path, &pf_open_errno, &pf_path);
+ if (gpf_path != NULL) {
+ fprintf(stderr, "Can't open global preferences file \"%s\": %s.\n", pf_path,
+ strerror(gpf_open_errno));
+ }
if (pf_path != NULL) {
- fprintf(stderr, "Can't open preferences file \"%s\": %s.\n", pf_path,
- strerror(errno));
+ fprintf(stderr, "Can't open your preferences file \"%s\": %s.\n", pf_path,
+ strerror(pf_open_errno));
}
+
+#ifdef WIN32
+ /* Load Wpcap, if possible */
+ load_wpcap();
+#endif
/* Initialize the capture file struct */
- cf.plist = NULL;
- cf.plist_end = NULL;
- cf.wth = NULL;
- cf.fh = NULL;
- cf.filename = NULL;
- cf.user_saved = FALSE;
- cf.is_tempfile = FALSE;
- cf.rfcode = NULL;
- cf.dfilter = NULL;
- cf.dfcode = NULL;
+ cfile.plist = NULL;
+ cfile.plist_end = NULL;
+ cfile.wth = NULL;
+ cfile.filename = NULL;
+ cfile.user_saved = FALSE;
+ cfile.is_tempfile = FALSE;
+ cfile.rfcode = NULL;
+ cfile.dfilter = NULL;
+ cfile.dfcode = NULL;
#ifdef HAVE_LIBPCAP
- cf.cfilter = g_strdup("");
+ cfile.cfilter = g_strdup("");
#endif
- cf.iface = NULL;
- cf.save_file = NULL;
- cf.save_file_fd = -1;
- cf.snap = WTAP_MAX_PACKET_SIZE;
- cf.count = 0;
- cf.cinfo.num_cols = prefs->num_cols;
- cf.cinfo.col_fmt = (gint *) g_malloc(sizeof(gint) * cf.cinfo.num_cols);
- cf.cinfo.fmt_matx = (gboolean **) g_malloc(sizeof(gboolean *) * cf.cinfo.num_cols);
- cf.cinfo.col_width = (gint *) g_malloc(sizeof(gint) * cf.cinfo.num_cols);
- cf.cinfo.col_title = (gchar **) g_malloc(sizeof(gchar *) * cf.cinfo.num_cols);
- cf.cinfo.col_data = (gchar **) g_malloc(sizeof(gchar *) * cf.cinfo.num_cols);
+ cfile.iface = NULL;
+ cfile.save_file = NULL;
+ cfile.save_file_fd = -1;
+ cfile.snap = WTAP_MAX_PACKET_SIZE;
+ cfile.count = 0;
+ col_init(&cfile.cinfo, prefs->num_cols);
/* Assemble the compile-time options */
- snprintf(comp_info_str, 256,
-#ifdef GTK_MAJOR_VERSION
- "GTK+ %d.%d.%d, %s%s, %s%s, %s%s", GTK_MAJOR_VERSION, GTK_MINOR_VERSION,
- GTK_MICRO_VERSION,
+ comp_info_str = g_string_new("");
+
+ g_string_append(comp_info_str, "with ");
+ g_string_sprintfa(comp_info_str,
+#ifdef GLIB_MAJOR_VERSION
+ "GLib %d.%d.%d", GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION,
+ GLIB_MICRO_VERSION);
#else
- "GTK+ (version unknown), %s%s, %s%s, %s%s",
+ "GLib (version unknown)");
#endif
#ifdef HAVE_LIBPCAP
- "with libpcap ", pcap_version,
-#else
- "without libpcap", "",
-#endif
+ g_string_append(comp_info_str, ", with libpcap ");
+#ifdef HAVE_PCAP_VERSION
+ g_string_append(comp_info_str, pcap_version);
+#else /* HAVE_PCAP_VERSION */
+ g_string_append(comp_info_str, "(version unknown)");
+#endif /* HAVE_PCAP_VERSION */
+#else /* HAVE_LIBPCAP */
+ g_string_append(comp_info_str, ", without libpcap");
+#endif /* HAVE_LIBPCAP */
#ifdef HAVE_LIBZ
+ g_string_append(comp_info_str, ", with libz ");
#ifdef ZLIB_VERSION
- "with libz ", ZLIB_VERSION,
+ g_string_append(comp_info_str, ZLIB_VERSION);
#else /* ZLIB_VERSION */
- "with libz ", "(version unknown)",
+ g_string_append(comp_info_str, "(version unknown)");
#endif /* ZLIB_VERSION */
#else /* HAVE_LIBZ */
- "without libz", "",
+ g_string_append(comp_info_str, ", without libz");
#endif /* HAVE_LIBZ */
/* Oh, this is pretty */
#if defined(HAVE_UCD_SNMP_SNMP_H)
+ g_string_append(comp_info_str, ", with UCD SNMP ");
#ifdef HAVE_UCD_SNMP_VERSION_H
- "with UCD SNMP ", VersionInfo
+ g_string_append(comp_info_str, VersionInfo);
#else /* HAVE_UCD_SNMP_VERSION_H */
- "with UCD SNMP ", "(version unknown)"
+ g_string_append(comp_info_str, "(version unknown)");
#endif /* HAVE_UCD_SNMP_VERSION_H */
#elif defined(HAVE_SNMP_SNMP_H)
+ g_string_append(comp_info_str, ", with CMU SNMP ");
#ifdef HAVE_SNMP_VERSION_H
- "with CMU SNMP ", snmp_Version()
+ g_string_append(comp_info_str, snmp_Version());
#else /* HAVE_SNMP_VERSION_H */
- "with CMU SNMP ", "(version unknown)"
+ g_string_append(comp_info_str, "(version unknown)");
#endif /* HAVE_SNMP_VERSION_H */
#else /* no SNMP */
- "without SNMP", ""
+ g_string_append(comp_info_str, ", without SNMP");
#endif
- );
/* Now get our args */
- while ((opt = getopt(argc, argv, "c:Df:F:hi:nr:R:s:t:vw:Vx")) != EOF) {
+ while ((opt = getopt(argc, argv, "c:Df:F:hi:lnN:o:pr:R:s:t:vw:Vx")) != EOF) {
switch (opt) {
case 'c': /* Capture xxx packets */
#ifdef HAVE_LIBPCAP
- packet_count = atoi(optarg);
+ packet_count = get_positive_int(optarg, "packet count");
+#else
+ capture_option_specified = TRUE;
+ arg_error = TRUE;
+#endif
+ break;
+ case 'D': /* Print a list of capture devices */
+#ifdef HAVE_LIBPCAP
+ if_list = get_interface_list(&err, err_str);
+ if (if_list == NULL) {
+ switch (err) {
+
+ case CANT_GET_INTERFACE_LIST:
+ fprintf(stderr, "tethereal: Can't get list of interfaces: %s\n",
+ err_str);
+ break;
+
+ case NO_INTERFACES_FOUND:
+ fprintf(stderr, "tethereal: There are no interfaces on which a capture can be done\n");
+ break;
+ }
+ exit(2);
+ }
+ for (if_entry = g_list_first(if_list); if_entry != NULL;
+ if_entry = g_list_next(if_entry))
+ printf("%s\n", (char *)if_entry->data);
+ free_interface_list(if_list);
+ exit(0);
#else
capture_option_specified = TRUE;
arg_error = TRUE;
#endif
break;
- case 'D': /* Turn off DSCP printing */
- g_ip_dscp_actif = FALSE;
- break;
case 'f':
#ifdef HAVE_LIBPCAP
capture_filter_specified = TRUE;
- cf.cfilter = g_strdup(optarg);
+ cfile.cfilter = g_strdup(optarg);
#else
capture_option_specified = TRUE;
arg_error = TRUE;
break;
case 'i': /* Use interface xxx */
#ifdef HAVE_LIBPCAP
- cf.iface = g_strdup(optarg);
+ cfile.iface = g_strdup(optarg);
#else
capture_option_specified = TRUE;
arg_error = TRUE;
#endif
break;
+ case 'l': /* "Line-buffer" standard output */
+ /* This isn't line-buffering, strictly speaking, it's just
+ flushing the standard output after the information for
+ each packet is printed; however, that should be good
+ enough for all the purposes to which "-l" is put.
+
+ See the comment in "wtap_dispatch_cb_print()" for an
+ explanation of why we do that, and why we don't just
+ use "setvbuf()" to make the standard output line-buffered
+ (short version: in Windows, "line-buffered" is the same
+ as "fully-buffered", and the output buffer is only flushed
+ when it fills up). */
+ line_buffered = TRUE;
+ break;
case 'n': /* No name resolution */
- g_resolving_actif = 0;
+ prefs->name_resolve = PREFS_RESOLV_NONE;
+ break;
+ case 'N': /* Select what types of addresses/port #s to resolve */
+ if (prefs->name_resolve == PREFS_RESOLV_ALL)
+ prefs->name_resolve = PREFS_RESOLV_NONE;
+ badopt = string_to_name_resolve(optarg, &prefs->name_resolve);
+ if (badopt != '\0') {
+ fprintf(stderr, "tethereal: -N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'\n",
+ badopt);
+ exit(1);
+ }
+ break;
+ case 'o': /* Override preference from command line */
+ switch (prefs_set_pref(optarg)) {
+
+ case PREFS_SET_SYNTAX_ERR:
+ fprintf(stderr, "tethereal: Invalid -o flag \"%s\"\n", optarg);
+ exit(1);
+ break;
+
+ case PREFS_SET_NO_SUCH_PREF:
+ case PREFS_SET_OBSOLETE:
+ fprintf(stderr, "tethereal: -o flag \"%s\" specifies unknown preference\n",
+ optarg);
+ exit(1);
+ break;
+ }
+ break;
+ case 'p': /* Don't capture in promiscuous mode */
+#ifdef HAVE_LIBPCAP
+ promisc_mode = 0;
+#else
+ capture_option_specified = TRUE;
+ arg_error = TRUE;
+#endif
break;
case 'r': /* Read capture file xxx */
cf_name = g_strdup(optarg);
break;
case 's': /* Set the snapshot (capture) length */
#ifdef HAVE_LIBPCAP
- cf.snap = atoi(optarg);
+ cfile.snap = get_positive_int(optarg, "snapshot length");
#else
capture_option_specified = TRUE;
arg_error = TRUE;
timestamp_type = RELATIVE;
else if (strcmp(optarg, "a") == 0)
timestamp_type = ABSOLUTE;
+ else if (strcmp(optarg, "ad") == 0)
+ timestamp_type = ABSOLUTE_WITH_DATE;
else if (strcmp(optarg, "d") == 0)
timestamp_type = DELTA;
else {
fprintf(stderr, "tethereal: Invalid time stamp type \"%s\"\n",
optarg);
fprintf(stderr, "It must be \"r\" for relative, \"a\" for absolute,\n");
- fprintf(stderr, "or \"d\" for delta.\n");
+ fprintf(stderr, "\"ad\" for absolute with date, or \"d\" for delta.\n");
exit(1);
}
break;
case 'v': /* Show version and exit */
- printf("t%s %s, with %s\n", PACKAGE, VERSION, comp_info_str);
+ printf("t%s %s, %s\n", PACKAGE, VERSION, comp_info_str->str);
exit(0);
break;
case 'w': /* Write to capture file xxx */
- cf.save_file = g_strdup(optarg);
+ cfile.save_file = g_strdup(optarg);
break;
case 'V': /* Verbose */
verbose = TRUE;
"tethereal: Capture filters were specified both with \"-f\" and with additional command-line arguments\n");
exit(2);
}
- cf.cfilter = get_args_as_string(argc, argv, optind);
+ cfile.cfilter = get_args_as_string(argc, argv, optind);
#else
capture_option_specified = TRUE;
#endif
}
}
+#ifdef WIN32
+ /* Start windows sockets */
+ WSAStartup( MAKEWORD( 1, 1 ), &wsaData );
+#endif
+
+ /* Notify all registered modules that have had any of their preferences
+ changed either from one of the preferences file or from the command
+ line that its preferences have changed. */
+ prefs_apply_all();
+
#ifndef HAVE_LIBPCAP
if (capture_option_specified)
fprintf(stderr, "This version of Tethereal was not built with support for capturing packets.\n");
print_usage();
/* Build the column format array */
- for (i = 0; i < cf.cinfo.num_cols; i++) {
- cf.cinfo.col_fmt[i] = get_column_format(i);
- cf.cinfo.col_title[i] = g_strdup(get_column_title(i));
- cf.cinfo.fmt_matx[i] = (gboolean *) g_malloc0(sizeof(gboolean) *
+ for (i = 0; i < cfile.cinfo.num_cols; i++) {
+ cfile.cinfo.col_fmt[i] = get_column_format(i);
+ cfile.cinfo.col_title[i] = g_strdup(get_column_title(i));
+ cfile.cinfo.fmt_matx[i] = (gboolean *) g_malloc0(sizeof(gboolean) *
NUM_COL_FMTS);
- get_column_format_matches(cf.cinfo.fmt_matx[i], cf.cinfo.col_fmt[i]);
- if (cf.cinfo.col_fmt[i] == COL_INFO)
- cf.cinfo.col_data[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_INFO_LEN);
+ get_column_format_matches(cfile.cinfo.fmt_matx[i], cfile.cinfo.col_fmt[i]);
+ cfile.cinfo.col_data[i] = NULL;
+ if (cfile.cinfo.col_fmt[i] == COL_INFO)
+ cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_INFO_LEN);
else
- cf.cinfo.col_data[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
+ cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
}
- if (cf.snap < 1)
- cf.snap = WTAP_MAX_PACKET_SIZE;
- else if (cf.snap < MIN_PACKET_SIZE)
- cf.snap = MIN_PACKET_SIZE;
+ if (cfile.snap < 1)
+ cfile.snap = WTAP_MAX_PACKET_SIZE;
+ else if (cfile.snap < MIN_PACKET_SIZE)
+ cfile.snap = MIN_PACKET_SIZE;
- ethereal_proto_init(); /* Init anything that needs initializing */
-
if (rfilter != NULL) {
- if (dfilter_compile(rfilter, &rfcode) != 0) {
+ if (!dfilter_compile(rfilter, &rfcode)) {
fprintf(stderr, "tethereal: %s\n", dfilter_error_msg);
- ethereal_proto_cleanup();
+ epan_cleanup();
exit(2);
}
}
- cf.rfcode = rfcode;
+ cfile.rfcode = rfcode;
if (cf_name) {
- err = open_cap_file(cf_name, FALSE, &cf);
+ err = open_cap_file(cf_name, FALSE, &cfile);
if (err != 0) {
- ethereal_proto_cleanup();
+ epan_cleanup();
exit(2);
}
- err = load_cap_file(&cf, out_file_type);
+ err = load_cap_file(&cfile, out_file_type);
if (err != 0) {
- ethereal_proto_cleanup();
+ epan_cleanup();
exit(2);
}
cf_name[0] = '\0';
/* No capture file specified, so we're supposed to do a live capture;
do we have support for live captures? */
#ifdef HAVE_LIBPCAP
+
+#ifdef _WIN32
+ if (!has_wpcap) {
+ fprintf(stderr, "tethereal: Could not load wpcap.dll.\n");
+ exit(2);
+ }
+#endif
+
/* Yes; did the user specify an interface to use? */
- if (cf.iface == NULL) {
+ if (cfile.iface == NULL) {
/* No - pick the first one from the list of interfaces. */
if_list = get_interface_list(&err, err_str);
if (if_list == NULL) {
}
exit(2);
}
- cf.iface = g_strdup(if_list->data); /* first interface */
+ cfile.iface = g_strdup(if_list->data); /* first interface */
free_interface_list(if_list);
}
capture(packet_count, out_file_type);
#endif
}
- ethereal_proto_cleanup();
+ epan_cleanup();
- exit(0);
+ return 0;
}
#ifdef HAVE_LIBPCAP
static int
capture(int packet_count, int out_file_type)
{
- gchar err_str[PCAP_ERRBUF_SIZE];
+ gchar open_err_str[PCAP_ERRBUF_SIZE];
+ gchar lookup_net_err_str[PCAP_ERRBUF_SIZE];
bpf_u_int32 netnum, netmask;
+ struct bpf_program fcode;
void (*oldhandler)(int);
int err, inpkts;
char errmsg[1024+1];
+#ifndef _WIN32
+ static const char ppamsg[] = "can't find PPA for ";
+ char *libpcap_warn;
+#endif
+ struct pcap_stat stats;
/* Initialize the table of conversations. */
- conversation_init();
+ epan_conversation_init();
/* Initialize protocol-specific variables */
init_all_protocols();
+ /* Initialize the common data structures for fragment reassembly.
+ Must be done *after* "init_all_protocols()", as "init_all_protocols()"
+ may free up space for fragments, which it finds by using the
+ data structures that "reassemble_init()" frees. */
+ reassemble_init();
+
ld.linktype = WTAP_ENCAP_UNKNOWN;
ld.pdh = NULL;
- /* Open the network interface to capture from it. */
- ld.pch = pcap_open_live(cf.iface, cf.snap, 1, 1000, err_str);
+ /* Open the network interface to capture from it.
+ Some versions of libpcap may put warnings into the error buffer
+ if they succeed; to tell if that's happened, we have to clear
+ the error buffer, and check if it's still a null string. */
+ open_err_str[0] = '\0';
+ ld.pch = pcap_open_live(cfile.iface, cfile.snap, promisc_mode, 1000,
+ open_err_str);
if (ld.pch == NULL) {
- /* Well, we couldn't start the capture.
- If this is a child process that does the capturing in sync
- mode or fork mode, it shouldn't do any UI stuff until we pop up the
- capture-progress window, and, since we couldn't start the
- capture, we haven't popped it up. */
+ /* Well, we couldn't start the capture. */
+#ifdef _WIN32
+ /* On Win32 OSes, the capture devices are probably available to all
+ users; don't warn about permissions problems.
+
+ Do, however, warn that Token Ring and PPP devices aren't supported. */
+ snprintf(errmsg, sizeof errmsg,
+ "The capture session could not be initiated (%s).\n"
+ "Please check that you have the proper interface specified.\n"
+ "\n"
+ "Note that the driver Tethereal uses for packet capture on Windows\n"
+ "doesn't support capturing on Token Ring interfaces, and doesn't\n"
+ "support capturing on PPP/WAN interfaces in Windows NT/2000.\n",
+ open_err_str);
+#else
+ /* If we got a "can't find PPA for XXX" message, warn the user (who
+ is running Ethereal on HP-UX) that they don't have a version
+ of libpcap that properly handles HP-UX (libpcap 0.6.x and later
+ versions, which properly handle HP-UX, say "can't find /dev/dlpi
+ PPA for XXX" rather than "can't find PPA for XXX"). */
+ if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
+ libpcap_warn =
+ "\n\n"
+ "You are running Tethereal with a version of the libpcap library\n"
+ "that doesn't handle HP-UX network devices well; this means that\n"
+ "Tethereal may not be able to capture packets.\n"
+ "\n"
+ "To fix this, you should install libpcap 0.6.2, or a later version\n"
+ "of libpcap, rather than libpcap 0.4 or 0.5.x. It is available in\n"
+ "packaged binary form from the Software Porting And Archive Centre\n"
+ "for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
+ "at the URL lists a number of mirror sites.";
+ else
+ libpcap_warn = "";
snprintf(errmsg, sizeof errmsg,
"The capture session could not be initiated (%s).\n"
"Please check to make sure you have sufficient permissions, and that\n"
- "you have the proper interface specified.", err_str);
+ "you have the proper interface specified.%s", open_err_str, libpcap_warn);
+#endif
goto error;
}
- if (cf.cfilter) {
+ if (cfile.cfilter) {
/* A capture filter was specified; set it up. */
- if (pcap_lookupnet (cf.iface, &netnum, &netmask, err_str) < 0) {
- snprintf(errmsg, sizeof errmsg,
- "Can't use filter: Couldn't obtain netmask info (%s).", err_str);
- goto error;
+ if (pcap_lookupnet(cfile.iface, &netnum, &netmask, lookup_net_err_str) < 0) {
+ /*
+ * Well, we can't get the netmask for this interface; it's used
+ * only for filters that check for broadcast IP addresses, so
+ * we just warn the user, and punt and use 0.
+ */
+ fprintf(stderr,
+ "Warning: Couldn't obtain netmask info (%s)\n.", lookup_net_err_str);
+ netmask = 0;
}
- if (pcap_compile(ld.pch, &cf.fcode, cf.cfilter, 1, netmask) < 0) {
+ if (pcap_compile(ld.pch, &fcode, cfile.cfilter, 1, netmask) < 0) {
snprintf(errmsg, sizeof errmsg, "Unable to parse filter string (%s).",
pcap_geterr(ld.pch));
goto error;
}
- if (pcap_setfilter(ld.pch, &cf.fcode) < 0) {
+ if (pcap_setfilter(ld.pch, &fcode) < 0) {
snprintf(errmsg, sizeof errmsg, "Can't install filter (%s).",
pcap_geterr(ld.pch));
goto error;
}
}
- ld.linktype = wtap_pcap_encap_to_wtap_encap(pcap_datalink(ld.pch));
- if (cf.save_file != NULL) {
+ ld.linktype = wtap_pcap_encap_to_wtap_encap(get_pcap_linktype(ld.pch,
+ cfile.iface));
+ if (cfile.save_file != NULL) {
/* Set up to write to the capture file. */
if (ld.linktype == WTAP_ENCAP_UNKNOWN) {
strcpy(errmsg, "The network you're capturing from is of a type"
" that Tethereal doesn't support.");
goto error;
}
- ld.pdh = wtap_dump_open(cf.save_file, out_file_type,
+ ld.pdh = wtap_dump_open(cfile.save_file, out_file_type,
ld.linktype, pcap_snapshot(ld.pch), &err);
if (ld.pdh == NULL) {
- /* We couldn't set up to write to the capture file. */
- switch (err) {
-
- case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
- strcpy(errmsg, "Tethereal does not support writing capture files in that format.");
- break;
-
- case WTAP_ERR_UNSUPPORTED_ENCAP:
- case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
- strcpy(errmsg, "Tethereal cannot save this capture in that format.");
- break;
-
- case WTAP_ERR_CANT_OPEN:
- strcpy(errmsg, "The file to which the capture would be written"
- " couldn't be created for some unknown reason.");
- break;
-
- case WTAP_ERR_SHORT_WRITE:
- strcpy(errmsg, "A full header couldn't be written to the file"
- " to which the capture would be written.");
- break;
-
- default:
- if (err < 0) {
- sprintf(errmsg, "The file to which the capture would be"
- " written (\"%s\") could not be opened: Error %d.",
- cf.save_file, err);
- } else {
- sprintf(errmsg, "The file to which the capture would be"
- " written (\"%s\") could not be opened: %s.",
- cf.save_file, strerror(err));
- }
- break;
- }
+ snprintf(errmsg, sizeof errmsg, file_open_error_message(errno, TRUE),
+ cfile.save_file);
goto error;
}
}
+ /* Does "open_err_str" contain a non-empty string? If so, "pcap_open_live()"
+ returned a warning; print it, but keep capturing. */
+ if (open_err_str[0] != '\0')
+ fprintf(stderr, "tethereal: WARNING: %s.\n", open_err_str);
+
/* Catch SIGINT and SIGTERM and, if we get either of them, clean up
and exit.
XXX - deal with signal semantics on various platforms. Or just
#endif
/* Let the user know what interface was chosen. */
- printf("Capturing on %s\n", cf.iface);
+ fprintf(stderr, "Capturing on %s\n", cfile.iface);
+ fflush(stderr);
inpkts = pcap_loop(ld.pch, packet_count, capture_pcap_cb, (u_char *) &ld);
+
+ if (cfile.save_file != NULL) {
+ /* We're saving to a file, which means we're printing packet counts
+ to the standard output. Send a newline so that we move to the
+ line after the packet count. */
+ fprintf(stderr, "\n");
+ }
+
+ /* If we got an error while capturing, report it. */
+ if (inpkts < 0) {
+ fprintf(stderr, "tethereal: Error while capturing packets: %s\n",
+ pcap_geterr(ld.pch));
+ }
+
+ /* Get the capture statistics, and, if any packets were dropped, report
+ that. */
+ if (pcap_stats(ld.pch, &stats) >= 0) {
+ if (stats.ps_drop != 0) {
+ fprintf(stderr, "%u packets dropped\n", stats.ps_drop);
+ }
+ } else {
+ fprintf(stderr, "tethereal: Can't get packet-drop statistics: %s\n",
+ pcap_geterr(ld.pch));
+ }
pcap_close(ld.pch);
+ if (cfile.save_file != NULL) {
+ /* We're saving to a file; close the file. */
+ if (!wtap_dump_close(ld.pdh, &err))
+ show_capture_file_io_error(cfile.save_file, err, TRUE);
+ }
+
return TRUE;
error:
- g_free(cf.save_file);
- cf.save_file = NULL;
+ g_free(cfile.save_file);
+ cfile.save_file = NULL;
fprintf(stderr, "tethereal: %s\n", errmsg);
if (ld.pch != NULL)
pcap_close(ld.pch);
whdr.len = phdr->len;
whdr.pkt_encap = ld->linktype;
- args.cf = &cf;
+ args.cf = &cfile;
args.pdh = ld->pdh;
if (ld->pdh) {
- wtap_dispatch_cb_write((u_char *)&args, &whdr, 0, pd);
- cf.count++;
- printf("\r%u ", cf.count);
+ wtap_dispatch_cb_write((u_char *)&args, &whdr, 0, NULL, pd);
+ fprintf(stderr, "\r%u ", cfile.count);
fflush(stdout);
} else {
- wtap_dispatch_cb_print((u_char *)&args, &whdr, 0, pd);
+ wtap_dispatch_cb_print((u_char *)&args, &whdr, 0, NULL, pd);
}
}
{
int err;
- printf("\n");
+ fprintf(stderr, "\n");
pcap_close(ld.pch);
- if (ld.pdh != NULL)
- wtap_dump_close(ld.pdh, &err);
- /* XXX - complain if this fails */
+ if (ld.pdh != NULL) {
+ if (!wtap_dump_close(ld.pdh, &err)) {
+ show_capture_file_io_error(cfile.save_file, err, TRUE);
+ exit(2);
+ }
+ }
exit(0);
}
#endif /* HAVE_LIBPCAP */
args.pdh = pdh;
success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_write, (u_char *) &args,
&err);
+
+ /* Now close the capture file. */
+ if (!wtap_dump_close(pdh, &err))
+ show_capture_file_io_error(cfile.save_file, err, TRUE);
} else {
args.cf = cf;
args.pdh = NULL;
case WTAP_ERR_UNSUPPORTED_ENCAP:
fprintf(stderr,
-"tethereal: The capture file is for a network type that Tethereal doesn't support.\n");
+"tethereal: \"%s\" is a capture file is for a network type that Tethereal doesn't support.\n",
+ cf->filename);
break;
case WTAP_ERR_CANT_READ:
fprintf(stderr,
-"tethereal: An attempt to read from the file failed for some unknown reason.\n");
+"tethereal: An attempt to read from \"%s\" failed for some unknown reason.\n",
+ cf->filename);
break;
case WTAP_ERR_SHORT_READ:
fprintf(stderr,
-"tethereal: The capture file appears to have been cut short in the middle of a packet.\n");
+"tethereal: \"%s\" appears to have been cut short in the middle of a packet.\n",
+ cf->filename);
break;
case WTAP_ERR_BAD_RECORD:
fprintf(stderr,
-"tethereal: The capture file appears to be damaged or corrupt.\n");
+"tethereal: \"%s\" appears to be damaged or corrupt.\n",
+ cf->filename);
break;
default:
fprintf(stderr,
-"tethereal: An error occurred while reading the capture file: %s.\n",
- wtap_strerror(err));
+"tethereal: An error occurred while reading \"%s\": %s.\n",
+ cf->filename, wtap_strerror(err));
break;
}
}
static void
fill_in_fdata(frame_data *fdata, capture_file *cf,
- const struct wtap_pkthdr *phdr, int offset)
+ const struct wtap_pkthdr *phdr,
+ const union wtap_pseudo_header *pseudo_header, long offset)
{
int i;
fdata->next = NULL;
fdata->prev = NULL;
- fdata->pkt_len = phdr->len;
- fdata->cap_len = phdr->caplen;
+ fdata->pfd = NULL;
+ fdata->data_src = NULL;
+ fdata->num = cf->count;
+ fdata->pkt_len = phdr->len;
+ fdata->cap_len = phdr->caplen;
fdata->file_off = offset;
+ fdata->cinfo = NULL;
fdata->lnk_t = phdr->pkt_encap;
fdata->abs_secs = phdr->ts.tv_sec;
fdata->abs_usecs = phdr->ts.tv_usec;
- fdata->encoding = CHAR_ASCII;
- fdata->pseudo_header = phdr->pseudo_header;
- fdata->cinfo = NULL;
-
- fdata->num = cf->count;
+ fdata->flags.passed_dfilter = 0;
+ fdata->flags.encoding = CHAR_ASCII;
+ fdata->flags.visited = 0;
+ fdata->flags.marked = 0;
/* If we don't have the time stamp of the first packet in the
capture, it's because this is the first packet. Save the time
firstusec = fdata->abs_usecs;
}
- /* Get the time elapsed between the first packet and this packet. */
- cf->esec = fdata->abs_secs - firstsec;
- if (firstusec <= fdata->abs_usecs) {
- cf->eusec = fdata->abs_usecs - firstusec;
- } else {
- cf->eusec = (fdata->abs_usecs + 1000000) - firstusec;
- cf->esec--;
- }
-
/* If we don't have the time stamp of the previous displayed packet,
it's because this is the first displayed packet. Save the time
stamp of this packet as the time stamp of the previous displayed
}
/* Get the time elapsed between the first packet and this packet. */
- fdata->rel_secs = cf->esec;
- fdata->rel_usecs = cf->eusec;
+ compute_timestamp_diff(&fdata->rel_secs, &fdata->rel_usecs,
+ fdata->abs_secs, fdata->abs_usecs, firstsec, firstusec);
+
+ /* If it's greater than the current elapsed time, set the elapsed time
+ to it (we check for "greater than" so as not to be confused by
+ time moving backwards). */
+ if ((gint32)cf->esec < fdata->rel_secs
+ || ((gint32)cf->esec == fdata->rel_secs && (gint32)cf->eusec < fdata->rel_usecs)) {
+ cf->esec = fdata->rel_secs;
+ cf->eusec = fdata->rel_usecs;
+ }
/* Get the time elapsed between the previous displayed packet and
this packet. */
- fdata->del_secs = fdata->abs_secs - prevsec;
- if (prevusec <= fdata->abs_usecs) {
- fdata->del_usecs = fdata->abs_usecs - prevusec;
- } else {
- fdata->del_usecs = (fdata->abs_usecs + 1000000) - prevusec;
- fdata->del_secs--;
- }
+ compute_timestamp_diff(&fdata->del_secs, &fdata->del_usecs,
+ fdata->abs_secs, fdata->abs_usecs, prevsec, prevusec);
prevsec = fdata->abs_secs;
prevusec = fdata->abs_usecs;
fdata->cinfo = &cf->cinfo;
for (i = 0; i < fdata->cinfo->num_cols; i++) {
- fdata->cinfo->col_data[i][0] = '\0';
+ fdata->cinfo->col_buf[i][0] = '\0';
+ fdata->cinfo->col_data[i] = fdata->cinfo->col_buf[i];
}
}
+/* Free up all data attached to a "frame_data" structure. */
static void
-wtap_dispatch_cb_write(u_char *user, const struct wtap_pkthdr *phdr, int offset,
- const u_char *buf)
+clear_fdata(frame_data *fdata)
+{
+ if (fdata->pfd)
+ g_slist_free(fdata->pfd);
+ if (fdata->data_src)
+ g_slist_free(fdata->data_src);
+}
+
+static void
+wtap_dispatch_cb_write(u_char *user, const struct wtap_pkthdr *phdr,
+ long offset, union wtap_pseudo_header *pseudo_header, const u_char *buf)
{
cb_args_t *args = (cb_args_t *) user;
capture_file *cf = args->cf;
proto_tree *protocol_tree;
int err;
gboolean passed;
+ epan_dissect_t *edt;
cf->count++;
if (cf->rfcode) {
- fill_in_fdata(&fdata, cf, phdr, offset);
+ fill_in_fdata(&fdata, cf, phdr, pseudo_header, offset);
protocol_tree = proto_tree_create_root();
- dissect_packet(buf, &fdata, protocol_tree);
- passed = dfilter_apply(cf->rfcode, protocol_tree, buf);
+ edt = epan_dissect_new(pseudo_header, buf, &fdata, protocol_tree);
+ passed = dfilter_apply_edt(cf->rfcode, edt);
} else {
protocol_tree = NULL;
passed = TRUE;
+ edt = NULL;
}
if (passed) {
- /* XXX - do something if this fails */
- wtap_dump(pdh, phdr, buf, &err);
+ if (!wtap_dump(pdh, phdr, pseudo_header, buf, &err)) {
+#ifdef HAVE_LIBPCAP
+ if (ld.pch != NULL) {
+ /* We're capturing packets, so we're printing a count of packets
+ captured; move to the line after the count. */
+ fprintf(stderr, "\n");
+ }
+#endif
+ show_capture_file_io_error(cf->save_file, err, FALSE);
+#ifdef HAVE_LIBPCAP
+ if (ld.pch != NULL)
+ pcap_close(ld.pch);
+#endif
+ wtap_dump_close(pdh, &err);
+ exit(2);
+ }
}
if (protocol_tree != NULL)
proto_tree_free(protocol_tree);
+ if (edt != NULL)
+ epan_dissect_free(edt);
+ if (cf->rfcode)
+ clear_fdata(&fdata);
+}
+
+static void
+show_capture_file_io_error(const char *fname, int err, gboolean is_close)
+{
+ switch (err) {
+
+ case ENOSPC:
+ fprintf(stderr,
+"tethereal: Not all the packets could be written to \"%s\" because there is "
+"no space left on the file system.\n",
+ fname);
+ break;
+
+#ifdef EDQUOT
+ case EDQUOT:
+ fprintf(stderr,
+"tethereal: Not all the packets could be written to \"%s\" because you are "
+"too close to, or over your disk quota.\n",
+ fname);
+ break;
+#endif
+
+ case WTAP_ERR_CANT_CLOSE:
+ fprintf(stderr,
+"tethereal: \"%s\" couldn't be closed for some unknown reason.\n",
+ fname);
+ break;
+
+ case WTAP_ERR_SHORT_WRITE:
+ fprintf(stderr,
+"tethereal: Not all the packets could be written to \"%s\".\n",
+ fname);
+ break;
+
+ default:
+ if (is_close) {
+ fprintf(stderr,
+"tethereal: \"%s\" could not be closed: %s.\n",
+ fname, wtap_strerror(err));
+ } else {
+ fprintf(stderr,
+"tethereal: An error occurred while writing to \"%s\": %s.\n",
+ fname, wtap_strerror(err));
+ }
+ break;
+ }
}
static void
-wtap_dispatch_cb_print(u_char *user, const struct wtap_pkthdr *phdr, int offset,
- const u_char *buf)
+wtap_dispatch_cb_print(u_char *user, const struct wtap_pkthdr *phdr,
+ long offset, union wtap_pseudo_header *pseudo_header, const u_char *buf)
{
cb_args_t *args = (cb_args_t *) user;
capture_file *cf = args->cf;
frame_data fdata;
proto_tree *protocol_tree;
gboolean passed;
- print_args_t print_args;
+ print_args_t print_args;
+ epan_dissect_t *edt;
+ int i;
cf->count++;
- fill_in_fdata(&fdata, cf, phdr, offset);
+ /* The protocol tree will be "visible", i.e., printed, only if we're
+ not printing a summary. */
+ proto_tree_is_visible = verbose;
+
+ fill_in_fdata(&fdata, cf, phdr, pseudo_header, offset);
passed = TRUE;
if (cf->rfcode || verbose)
protocol_tree = proto_tree_create_root();
else
protocol_tree = NULL;
- dissect_packet(buf, &fdata, protocol_tree);
+ edt = epan_dissect_new(pseudo_header, buf, &fdata, protocol_tree);
if (cf->rfcode)
- passed = dfilter_apply(cf->rfcode, protocol_tree, buf);
+ passed = dfilter_apply_edt(cf->rfcode, edt);
if (passed) {
/* The packet passed the read filter. */
if (verbose) {
print_args.print_summary = FALSE;
print_args.print_hex = print_hex;
print_args.expand_all = TRUE;
+ print_args.suppress_unmarked = FALSE;
proto_tree_print(FALSE, &print_args, (GNode *)protocol_tree,
- buf, &fdata, stdout);
+ &fdata, stdout);
if (!print_hex) {
/* "print_hex_data()" will put out a leading blank line, as well
as a trailing one; print one here, to separate the packets,
} else {
/* Just fill in the columns. */
fill_in_columns(&fdata);
- if (cf->iface == NULL) {
- printf("%3s %10s %12s -> %-12s %s %s\n",
- col_info(&fdata, COL_NUMBER),
- col_info(&fdata, COL_CLS_TIME),
- col_info(&fdata, COL_DEF_SRC),
- col_info(&fdata, COL_DEF_DST),
- col_info(&fdata, COL_PROTOCOL),
- col_info(&fdata, COL_INFO));
- } else {
- printf("%12s -> %-12s %s %s\n",
- col_info(&fdata, COL_DEF_SRC),
- col_info(&fdata, COL_DEF_DST),
- col_info(&fdata, COL_PROTOCOL),
- col_info(&fdata, COL_INFO));
+
+ /* Now print them. */
+ for (i = 0; i < cf->cinfo.num_cols; i++) {
+ switch (cf->cinfo.col_fmt[i]) {
+ case COL_NUMBER:
+ /*
+ * Don't print this if we're doing a live capture from a network
+ * interface - if we're doing a live capture, you won't be
+ * able to look at the capture in the future (it's not being
+ * saved anywhere), so the frame numbers are unlikely to be
+ * useful.
+ *
+ * (XXX - it might be nice to be able to save and print at
+ * the same time, sort of like an "Update list of packets
+ * in real time" capture in Ethereal.)
+ */
+ if (cf->iface != NULL)
+ continue;
+ printf("%3s", cf->cinfo.col_data[i]);
+ break;
+
+ case COL_CLS_TIME:
+ case COL_REL_TIME:
+ case COL_ABS_TIME:
+ case COL_ABS_DATE_TIME: /* XXX - wider */
+ printf("%10s", cf->cinfo.col_data[i]);
+ break;
+
+ case COL_DEF_SRC:
+ case COL_RES_SRC:
+ case COL_UNRES_SRC:
+ case COL_DEF_DL_SRC:
+ case COL_RES_DL_SRC:
+ case COL_UNRES_DL_SRC:
+ case COL_DEF_NET_SRC:
+ case COL_RES_NET_SRC:
+ case COL_UNRES_NET_SRC:
+ printf("%12s", cf->cinfo.col_data[i]);
+ break;
+
+ case COL_DEF_DST:
+ case COL_RES_DST:
+ case COL_UNRES_DST:
+ case COL_DEF_DL_DST:
+ case COL_RES_DL_DST:
+ case COL_UNRES_DL_DST:
+ case COL_DEF_NET_DST:
+ case COL_RES_NET_DST:
+ case COL_UNRES_NET_DST:
+ printf("%-12s", cf->cinfo.col_data[i]);
+ break;
+
+ default:
+ printf("%s", cf->cinfo.col_data[i]);
+ break;
+ }
+ if (i != cf->cinfo.num_cols - 1) {
+ /*
+ * This isn't the last column, so we need to print a
+ * separator between this column and the next.
+ *
+ * If we printed a network source and are printing a
+ * network destination of the same type next, separate
+ * them with "->"; if we printed a network destination
+ * and are printing a network source of the same type
+ * next, separate them with "<-"; otherwise separate them
+ * with a space.
+ */
+ switch (cf->cinfo.col_fmt[i]) {
+
+ case COL_DEF_SRC:
+ case COL_RES_SRC:
+ case COL_UNRES_SRC:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_DST:
+ case COL_RES_DST:
+ case COL_UNRES_DST:
+ printf(" -> ");
+ break;
+
+ default:
+ putchar(' ');
+ break;
+ }
+ break;
+
+ case COL_DEF_DL_SRC:
+ case COL_RES_DL_SRC:
+ case COL_UNRES_DL_SRC:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_DL_DST:
+ case COL_RES_DL_DST:
+ case COL_UNRES_DL_DST:
+ printf(" -> ");
+ break;
+
+ default:
+ putchar(' ');
+ break;
+ }
+ break;
+
+ case COL_DEF_NET_SRC:
+ case COL_RES_NET_SRC:
+ case COL_UNRES_NET_SRC:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_NET_DST:
+ case COL_RES_NET_DST:
+ case COL_UNRES_NET_DST:
+ printf(" -> ");
+ break;
+
+ default:
+ putchar(' ');
+ break;
+ }
+ break;
+
+ case COL_DEF_DST:
+ case COL_RES_DST:
+ case COL_UNRES_DST:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_SRC:
+ case COL_RES_SRC:
+ case COL_UNRES_SRC:
+ printf(" <- ");
+ break;
+
+ default:
+ putchar(' ');
+ break;
+ }
+ break;
+
+ case COL_DEF_DL_DST:
+ case COL_RES_DL_DST:
+ case COL_UNRES_DL_DST:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_DL_SRC:
+ case COL_RES_DL_SRC:
+ case COL_UNRES_DL_SRC:
+ printf(" <- ");
+ break;
+
+ default:
+ putchar(' ');
+ break;
+ }
+ break;
+
+ case COL_DEF_NET_DST:
+ case COL_RES_NET_DST:
+ case COL_UNRES_NET_DST:
+ switch (cf->cinfo.col_fmt[i + 1]) {
+
+ case COL_DEF_NET_SRC:
+ case COL_RES_NET_SRC:
+ case COL_UNRES_NET_SRC:
+ printf(" <- ");
+ break;
+
+ default:
+ putchar(' ');
+ break;
+ }
+ break;
+
+ default:
+ putchar(' ');
+ break;
+ }
+ }
}
+ putchar('\n');
}
if (print_hex) {
- print_hex_data(stdout, print_args.format, buf,
- fdata.cap_len, fdata.encoding);
- printf("\n");
+ print_hex_data(stdout, print_args.format, &fdata);
+ putchar('\n');
}
fdata.cinfo = NULL;
}
+
+ /* The ANSI C standard does not appear to *require* that a line-buffered
+ stream be flushed to the host environment whenever a newline is
+ written, it just says that, on such a stream, characters "are
+ intended to be transmitted to or from the host environment as a
+ block when a new-line character is encountered".
+
+ The Visual C++ 6.0 C implementation doesn't do what is intended;
+ even if you set a stream to be line-buffered, it still doesn't
+ flush the buffer at the end of every line.
+
+ So, if the "-l" flag was specified, we flush the standard output
+ at the end of a packet. This will do the right thing if we're
+ printing packet summary lines, and, as we print the entire protocol
+ tree for a single packet without waiting for anything to happen,
+ it should be as good as line-buffered mode if we're printing
+ protocol trees. (The whole reason for the "-l" flag in either
+ tcpdump or Tethereal is to allow the output of a live capture to
+ be piped to a program or script and to have that script see the
+ information for the packet as soon as it's printed, rather than
+ having to wait until a standard I/O buffer fills up. */
+ if (line_buffered)
+ fflush(stdout);
if (protocol_tree != NULL)
proto_tree_free(protocol_tree);
+
+ epan_dissect_free(edt);
+
+ clear_fdata(&fdata);
+
+ proto_tree_is_visible = FALSE;
}
char *
-file_open_error_message(int err, int for_writing)
+file_open_error_message(int err, gboolean for_writing)
{
char *errmsg;
static char errmsg_errno[1024+1];
switch (err) {
case WTAP_ERR_NOT_REGULAR_FILE:
- errmsg = "The file \"%s\" is invalid.";
+ errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
break;
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
errmsg = "You do not have permission to read the file \"%s\".";
break;
+ case EISDIR:
+ errmsg = "\"%s\" is a directory (folder), not a file.";
+ break;
+
default:
- sprintf(errmsg_errno, "The file \"%%s\" could not be opened: %s.",
- wtap_strerror(err));
+ snprintf(errmsg_errno, sizeof(errmsg_errno),
+ "The file \"%%s\" could not be opened: %s.",
+ wtap_strerror(err));
errmsg = errmsg_errno;
break;
}
{
wtap *wth;
int err;
- FILE_T fh;
int fd;
struct stat cf_stat;
char err_msg[2048+1];
- wth = wtap_open_offline(fname, &err);
+ wth = wtap_open_offline(fname, &err, FALSE);
if (wth == NULL)
goto fail;
/* Find the size of the file. */
- fh = wtap_file(wth);
fd = wtap_fd(wth);
if (fstat(fd, &cf_stat) < 0) {
err = errno;
/* The open succeeded. Fill in the information for this file. */
/* Initialize the table of conversations. */
- conversation_init();
+ epan_conversation_init();
/* Initialize protocol-specific variables */
init_all_protocols();
+ /* Initialize the common data structures for fragment reassembly.
+ Must be done *after* "init_all_protocols()", as "init_all_protocols()"
+ may free up space for fragments, which it finds by using the
+ data structures that "reassemble_init()" frees. */
+ reassemble_init();
+
cf->wth = wth;
- cf->fh = fh;
cf->filed = fd;
cf->f_len = cf_stat.st_size;
cf->cd_t = wtap_file_type(cf->wth);
cf->count = 0;
+ cf->drops_known = FALSE;
cf->drops = 0;
cf->esec = 0;
cf->eusec = 0;
cf->snap = wtap_snapshot_length(cf->wth);
- cf->update_progbar = FALSE;
cf->progbar_quantum = 0;
cf->progbar_nextstep = 0;
firstsec = 0, firstusec = 0;
fprintf(stderr, "tethereal: %s\n", err_msg);
return (err);
}
-
-/* Get the text in a given column */
-static gchar *
-col_info(frame_data *fd, gint el) {
- int i;
-
- if (fd->cinfo) {
- for (i = 0; i < fd->cinfo->num_cols; i++) {
- if (fd->cinfo->fmt_matx[i][el])
- return fd->cinfo->col_data[i];
- }
- }
- return NULL;
-}
git.samba.org / obnox / wireshark / wip.git / blobdiff