/* tshark.c
+ *
+ * Text-mode variant of Wireshark, along the lines of tcpdump and snoop,
+ * by Gilbert Ramirez <gram@alumni.rice.edu> and Guy Harris <guy@alum.mit.edu>.
*
* $Id$
*
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
- * Text-mode variant, by Gilbert Ramirez <gram@alumni.rice.edu>
- * and Guy Harris <guy@alum.mit.edu>.
- *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
static int load_cap_file(capture_file *, char *, int, int, gint64);
static gboolean process_packet(capture_file *cf, gint64 offset,
const struct wtap_pkthdr *whdr, union wtap_pseudo_header *pseudo_header,
- const guchar *pd);
+ const guchar *pd, gboolean filtering_tap_listeners, guint tap_flags);
static void show_capture_file_io_error(const char *, int, gboolean);
static void show_print_file_io_error(int err);
static gboolean write_preamble(capture_file *cf);
gboolean for_writing);
static void failure_message(const char *msg_format, va_list ap);
static void read_failure_message(const char *filename, int err);
+static void write_failure_message(const char *filename, int err);
capture_file cfile;
/*fprintf(output, "\n");*/
fprintf(output, "Output:\n");
- fprintf(output, " -w <outfile|-> set the output filename (or '-' for stdout)\n");
+ fprintf(output, " -w <outfile|-> write packets to a pcap-format file named \"outfile\"\n");
+ fprintf(output, " (or to the standard output for \"-\")\n");
fprintf(output, " -C <config profile> start with specified configuration profile\n");
fprintf(output, " -F <output file type> set the output file type, default is libpcap\n");
fprintf(output, " an empty \"-F\" option will list the file types\n");
}
static void
-log_func_ignore (const gchar *log_domain _U_, GLogLevelFlags log_level _U_,
- const gchar *message _U_, gpointer user_data _U_)
+tshark_log_handler (const gchar *log_domain, GLogLevelFlags log_level,
+ const gchar *message, gpointer user_data)
{
+ /* ignore log message, if log_level isn't interesting based
+ upon the console log preferences.
+ If the preferences haven't been loaded loaded yet, display the
+ message anyway.
+
+ The default console_log_level preference value is such that only
+ ERROR, CRITICAL and WARNING level messages are processed;
+ MESSAGE, INFO and DEBUG level messages are ignored.
+
+ XXX: Aug 07, 2009: Prior tshark g_log code was hardwired to process only
+ ERROR and CRITICAL level messages so the current code is a behavioral
+ change. The current behavior is the same as in Wireshark.
+ */
+ if((log_level & G_LOG_LEVEL_MASK & prefs.console_log_level) == 0 &&
+ prefs.console_log_level != 0) {
+ return;
+ }
+
+ g_log_default_handler(log_domain, log_level, message, user_data);
+
}
static char *
/*
* Attempt to get the pathname of the executable file.
*/
- init_progfile_dir_error = init_progfile_dir(argv[0]);
+ init_progfile_dir_error = init_progfile_dir(argv[0], main);
if (init_progfile_dir_error != NULL) {
fprintf(stderr, "tshark: Can't get pathname of tshark program: %s.\n",
init_progfile_dir_error);
optind = optind_initial;
opterr = 1;
- /* nothing more than the standard GLib handler, but without a warning */
+
+
+/** Send All g_log messages to our own handler **/
+
log_flags =
+ G_LOG_LEVEL_ERROR|
+ G_LOG_LEVEL_CRITICAL|
G_LOG_LEVEL_WARNING|
G_LOG_LEVEL_MESSAGE|
G_LOG_LEVEL_INFO|
- G_LOG_LEVEL_DEBUG;
+ G_LOG_LEVEL_DEBUG|
+ G_LOG_FLAG_FATAL|G_LOG_FLAG_RECURSION;
g_log_set_handler(NULL,
log_flags,
- log_func_ignore, NULL /* user_data */);
+ tshark_log_handler, NULL /* user_data */);
+ g_log_set_handler(LOG_DOMAIN_MAIN,
+ log_flags,
+ tshark_log_handler, NULL /* user_data */);
+
+#ifdef HAVE_LIBPCAP
g_log_set_handler(LOG_DOMAIN_CAPTURE,
log_flags,
- log_func_ignore, NULL /* user_data */);
+ tshark_log_handler, NULL /* user_data */);
+ g_log_set_handler(LOG_DOMAIN_CAPTURE_CHILD,
+ log_flags,
+ tshark_log_handler, NULL /* user_data */);
+#endif
initialize_funnel_ops();
#ifdef HAVE_LIBPCAP
- capture_opts_init(&global_capture_opts, NULL /* cfile */);
+ capture_opts_init(&global_capture_opts, &cfile);
#endif
timestamp_set_type(TS_RELATIVE);
dissectors, and we must do it before we read the preferences, in
case any dissectors register preferences. */
epan_init(register_all_protocols, register_all_protocol_handoffs, NULL, NULL,
- failure_message, open_failure_message, read_failure_message);
+ failure_message, open_failure_message, read_failure_message,
+ write_failure_message);
/* Register all tap listeners; we do this before we parse the arguments,
as the "-z" argument can specify a registered tap. */
cfile.cinfo.col_title[i] = g_strdup(get_column_title(i));
if (cfile.cinfo.col_fmt[i] == COL_CUSTOM) {
cfile.cinfo.col_custom_field[i] = g_strdup(get_column_custom_field(i));
+ if(!dfilter_compile(cfile.cinfo.col_custom_field[i], &cfile.cinfo.col_custom_dfilter[i])) {
+ /* XXX: Should we issue a warning? */
+ g_free(cfile.cinfo.col_custom_field[i]);
+ cfile.cinfo.col_custom_field[i] = NULL;
+ cfile.cinfo.col_custom_dfilter[i] = NULL;
+ }
} else {
cfile.cinfo.col_custom_field[i] = NULL;
+ cfile.cinfo.col_custom_dfilter[i] = NULL;
}
cfile.cinfo.fmt_matx[i] = (gboolean *) g_malloc0(sizeof(gboolean) *
NUM_COL_FMTS);
g_assert(capture_opts->state == CAPTURE_PREPARING || capture_opts->state == CAPTURE_RUNNING);
- capture_opts->cf = &cfile;
-
/* free the old filename */
- if(capture_opts->save_file != NULL) {
+ if (capture_opts->save_file != NULL) {
+
/* we start a new capture file, close the old one (if we had one before) */
if( ((capture_file *) capture_opts->cf)->state != FILE_CLOSED) {
- if(capture_opts->cf != NULL && ((capture_file *) capture_opts->cf)->wth != NULL) {
- wtap_close(((capture_file *) capture_opts->cf)->wth);
- }
+ if ( ((capture_file *) capture_opts->cf)->wth != NULL) {
+ wtap_close(((capture_file *) capture_opts->cf)->wth);
+ }
+ ((capture_file *) capture_opts->cf)->state = FILE_CLOSED;
}
+
g_free(capture_opts->save_file);
is_tempfile = FALSE;
} else {
gchar *err_info;
gint64 data_offset;
capture_file *cf = capture_opts->cf;
-
+ gboolean filtering_tap_listeners;
+ guint tap_flags;
#ifdef SIGINFO
/*
infodelay = TRUE;
#endif /* SIGINFO */
+ /* Do we have any tap listeners with filters? */
+ filtering_tap_listeners = have_filtering_tap_listeners();
+
+ /* Get the union of the flags for all tap listeners. */
+ tap_flags = union_of_tap_listener_flags();
+
if(do_dissection) {
while (to_read-- && cf->wth) {
ret = wtap_read(cf->wth, &err, &err_info, &data_offset);
cf->wth = NULL;
} else {
ret = process_packet(cf, data_offset, wtap_phdr(cf->wth),
- wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth));
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ filtering_tap_listeners, tap_flags);
}
if (ret != FALSE) {
/* packet sucessfully read and gone through the "Read Filter" */
gchar *err_info;
gint64 data_offset;
char *save_file_string = NULL;
+ gboolean filtering_tap_listeners;
+ guint tap_flags;
linktype = wtap_file_encap(cf->wth);
if (save_file != NULL) {
}
pdh = NULL;
}
+
+ /* Do we have any tap listeners with filters? */
+ filtering_tap_listeners = have_filtering_tap_listeners();
+
+ /* Get the union of the flags for all tap listeners. */
+ tap_flags = union_of_tap_listener_flags();
+
while (wtap_read(cf->wth, &err, &err_info, &data_offset)) {
if (process_packet(cf, data_offset, wtap_phdr(cf->wth),
- wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth))) {
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ filtering_tap_listeners, tap_flags)) {
/* Either there's no read filtering or this packet passed the
filter, so, if we're writing to a capture file, write
this packet out. */
wtap_close(cf->wth);
cf->wth = NULL;
- if (save_file_string != NULL)
- g_free(save_file_string);
+ g_free(save_file_string);
return err;
}
static gboolean
process_packet(capture_file *cf, gint64 offset, const struct wtap_pkthdr *whdr,
- union wtap_pseudo_header *pseudo_header, const guchar *pd)
+ union wtap_pseudo_header *pseudo_header, const guchar *pd,
+ gboolean filtering_tap_listeners, guint tap_flags)
{
frame_data fdata;
gboolean create_proto_tree;
+ column_info *cinfo;
epan_dissect_t *edt;
gboolean passed;
}
passed = TRUE;
- if (cf->rfcode || verbose || num_tap_filters!=0 || have_custom_cols(&cf->cinfo))
+ if (cf->rfcode || verbose || filtering_tap_listeners ||
+ (tap_flags & TL_REQUIRES_PROTO_TREE) || have_custom_cols(&cf->cinfo))
create_proto_tree = TRUE;
else
create_proto_tree = FALSE;
tap_queue_init(edt);
- /* We only need the columns if we're printing packet info but we're
- *not* verbose; in verbose mode, we print the protocol tree, not
- the protocol summary. */
- epan_dissect_run(edt, pseudo_header, pd, &fdata,
- (print_packet_info && !verbose) ? &cf->cinfo : NULL);
+ /* We only need the columns if either
+
+ 1) some tap needs the columns
+
+ or
+
+ 2) we're printing packet info but we're *not* verbose; in verbose
+ mode, we print the protocol tree, not the protocol summary. */
+ if ((tap_flags & TL_REQUIRES_COLUMNS) || (print_packet_info && !verbose))
+ cinfo = &cf->cinfo;
+ else
+ cinfo = NULL;
+ epan_dissect_run(edt, pseudo_header, pd, &fdata, cinfo);
tap_push_tapped_queue(edt);
}
} else {
/* Just fill in the columns. */
- epan_dissect_fill_in_columns(edt);
+ epan_dissect_fill_in_columns(edt, TRUE);
/* Now print them. */
switch (output_action) {
nstime_set_unset(&prev_dis_ts);
nstime_set_unset(&prev_cap_ts);
+ cf->state = FILE_READ_IN_PROGRESS;
+
return CF_OK;
fail:
filename, strerror(err));
}
+/*
+ * Write errors are reported with an console message in TShark.
+ */
+static void
+write_failure_message(const char *filename, int err)
+{
+ cmdarg_err("An error occurred while writing to the file \"%s\": %s.",
+ filename, strerror(err));
+}
+
/*
* Report an error in command-line arguments.
*/