/* tshark.c
+ *
+ * Text-mode variant of Wireshark, along the lines of tcpdump and snoop,
+ * by Gilbert Ramirez <gram@alumni.rice.edu> and Guy Harris <guy@alum.mit.edu>.
*
* $Id$
*
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
- * Text-mode variant, by Gilbert Ramirez <gram@alumni.rice.edu>
- * and Guy Harris <guy@alum.mit.edu>.
- *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
#include <glib.h>
#include <epan/epan.h>
#include <epan/filesystem.h>
-#include <epan/privileges.h>
-#include <wiretap/file_util.h>
+#include <wsutil/privileges.h>
#include "globals.h"
#include <epan/timestamp.h>
#include "clopts_common.h"
#include "cmdarg_err.h"
#include "version_info.h"
-#include <epan/conversation.h>
#include <epan/plugins.h>
#include "register.h"
-#include "conditions.h"
-#include "capture_stop_conditions.h"
-#include "ringbuffer.h"
-#include "capture_ui_utils.h"
#include <epan/epan_dissect.h>
#include <epan/tap.h>
#include <epan/stat_cmd_args.h>
#include <epan/ex-opt.h>
#ifdef HAVE_LIBPCAP
+#include "capture_ui_utils.h"
#include <pcap.h>
-#include <setjmp.h>
#include "capture-pcap-util.h"
-#include "pcapio.h"
-#include <wiretap/wtap-capture.h>
#ifdef _WIN32
#include "capture-wpcap.h"
#include "capture_errs.h"
#endif /* _WIN32 */
-#include "capture.h"
-#include "capture_loop.h"
#include "capture_sync.h"
#endif /* HAVE_LIBPCAP */
-#include "epan/emem.h"
#include "log.h"
#include <epan/funnel.h>
+
/*
* This is the template for the decode as option; it is shared between the
* various functions that output the usage for this parameter.
static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>";
static nstime_t first_ts;
-static nstime_t prev_ts;
+static nstime_t prev_dis_ts;
+static nstime_t prev_cap_ts;
static GString *comp_info_str, *runtime_info_str;
static gboolean print_packet_info; /* TRUE if we're to print packet information */
*/
typedef enum {
WRITE_TEXT, /* summary or detail text */
- WRITE_XML /* PDML or PSML */
+ WRITE_XML, /* PDML or PSML */
+ WRITE_FIELDS /* User defined list of fields */
/* Add CSV and the like here */
} output_action_e;
static output_action_e output_action;
static print_format_e print_format = PR_FMT_TEXT;
static print_stream_t *print_stream;
+static output_fields_t* output_fields = NULL;
+
/*
* Standard secondary message for unexpected errors.
*/
static gboolean print_packet_counts;
-static loop_data ld;
-
-#ifdef HAVE_LIBPCAP
-static capture_options capture_opts;
-
+static capture_options global_capture_opts;
#ifdef SIGINFO
static gboolean infodelay; /* if TRUE, don't print capture info in SIGINFO handler */
static gboolean infoprint; /* if TRUE, print capture info after clearing infodelay */
#endif /* SIGINFO */
-#endif /* HAVE_LIBPCAP */
-
static int capture(void);
-static void capture_pcap_cb(u_char *, const struct pcap_pkthdr *,
- const u_char *);
static void report_counts(void);
#ifdef _WIN32
static BOOL WINAPI capture_cleanup(DWORD);
#endif /* _WIN32 */
#endif /* HAVE_LIBPCAP */
-static int load_cap_file(capture_file *, char *, int);
-static gboolean process_packet(capture_file *cf, long offset,
+static int load_cap_file(capture_file *, char *, int, int, gint64);
+static gboolean process_packet(capture_file *cf, gint64 offset,
const struct wtap_pkthdr *whdr, union wtap_pseudo_header *pseudo_header,
- const guchar *pd);
+ const guchar *pd, gboolean filtering_tap_listeners, guint tap_flags);
static void show_capture_file_io_error(const char *, int, gboolean);
static void show_print_file_io_error(int err);
static gboolean write_preamble(capture_file *cf);
gboolean for_writing);
static void failure_message(const char *msg_format, va_list ap);
static void read_failure_message(const char *filename, int err);
+static void write_failure_message(const char *filename, int err);
capture_file cfile;
+/*
+ * Mark a particular frame.
+ * Copied from file.c
+ */
+void
+cf_mark_frame(capture_file *cf, frame_data *frame)
+{
+ if (! frame->flags.marked) {
+ frame->flags.marked = TRUE;
+ if (cf->count > cf->marked_count)
+ cf->marked_count++;
+ }
+}
+
+/*
+ * Unmark a particular frame.
+ * Copied from file.c
+ */
+void
+cf_unmark_frame(capture_file *cf, frame_data *frame)
+{
+ if (frame->flags.marked) {
+ frame->flags.marked = FALSE;
+ if (cf->marked_count > 0)
+ cf->marked_count--;
+ }
+}
+
static void list_capture_types(void) {
int i;
if (print_ver) {
output = stdout;
- fprintf(output,
+ fprintf(output,
"TShark " VERSION "%s\n"
"Dump and analyze network traffic.\n"
- "See http://www.wireshark.com for more information.\n"
+ "See http://www.wireshark.org for more information.\n"
"\n"
"%s",
- svnversion, get_copyright_info());
+ wireshark_svnversion, get_copyright_info());
} else {
output = stderr;
}
#ifdef HAVE_LIBPCAP
fprintf(output, "Capture interface:\n");
- fprintf(output, " -i <interface> name or idx of interface (def: first none loopback)\n");
+ fprintf(output, " -i <interface> name or idx of interface (def: first non-loopback)\n");
fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n");
fprintf(output, " -s <snaplen> packet snapshot length (def: 65535)\n");
fprintf(output, " -p don't capture in promiscuous mode\n");
/*fprintf(output, "\n");*/
fprintf(output, "Output:\n");
- fprintf(stderr, " -w <outfile|-> set the output filename (or '-' for stdout)\n");
- fprintf(stderr, " -F <output file type> set the output file type, default is libpcap\n");
- fprintf(stderr, " an empty \"-F\" option will list the file types\n");
+ fprintf(output, " -w <outfile|-> write packets to a pcap-format file named \"outfile\"\n");
+ fprintf(output, " (or to the standard output for \"-\")\n");
+ fprintf(output, " -C <config profile> start with specified configuration profile\n");
+ fprintf(output, " -F <output file type> set the output file type, default is libpcap\n");
+ fprintf(output, " an empty \"-F\" option will list the file types\n");
fprintf(output, " -V add output of packet tree (Packet Details)\n");
+ fprintf(output, " -S display packets even when writing to a file\n");
fprintf(output, " -x add output of hex and ASCII dump (Packet Bytes)\n");
- fprintf(output, " -T pdml|ps|psml|text output format of text output (def: text)\n");
- fprintf(output, " -t ad|a|r|d output format of time stamps (def: r: rel. to first)\n");
- fprintf(output, " -l flush output after each packet\n");
+ fprintf(output, " -T pdml|ps|psml|text|fields\n");
+ fprintf(output, " format of text output (def: text)\n");
+ fprintf(output, " -e <field> field to print if -Tfields selected (e.g. tcp.port);\n");
+ fprintf(output, " this option can be repeated to print multiple fields\n");
+ fprintf(output, " -E<fieldsoption>=<value> set options for output when -Tfields selected:\n");
+ fprintf(output, " header=y|n switch headers on and off\n");
+ fprintf(output, " separator=/t|/s|<char> select tab, space, printable character as separator\n");
+ fprintf(output, " quote=d|s|n select double, single, no quotes for values\n");
+ fprintf(output, " -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)\n");
+ fprintf(output, " -l flush standard output after each packet\n");
fprintf(output, " -q be more quiet on stdout (e.g. when using statistics)\n");
fprintf(output, " -X <key>:<value> eXtension options, see the man page for details\n");
fprintf(output, " -z <statistics> various statistics, see the man page for details\n");
fprintf(output, "\n");
- fprintf(stderr, "Miscellaneous:\n");
- fprintf(stderr, " -h display this help and exit\n");
- fprintf(stderr, " -v display version info and exit\n");
- fprintf(output, " -o <name>:<value> ... override preference setting\n");
+ fprintf(output, "Miscellaneous:\n");
+ fprintf(output, " -h display this help and exit\n");
+ fprintf(output, " -v display version info and exit\n");
+ fprintf(output, " -o <name>:<value> ... override preference setting\n");
+ fprintf(output, " -K <keytab> keytab file to use for kerberos decryption\n");
}
/*
* descriptive name.
*/
static void
-display_dissector_table_names(char *table_name, const char *ui_name,
+display_dissector_table_names(const char *table_name, const char *ui_name,
gpointer output)
{
fprintf((FILE *)output, "\t%s (%s)\n", table_name, ui_name);
ftenum_t dissector_table_selector_type;
struct protocol_name_search user_protocol_name;
-/* The following code will allocate and copy the command-line options in a string pointed by decoded_param */
+ /* The following code will allocate and copy the command-line options in a string pointed by decoded_param */
g_assert(cl_param);
- decoded_param = g_malloc( sizeof(gchar) * (strlen(cl_param) + 1) ); /* Allocate enough space to have a working copy of the command-line parameter */
+ decoded_param = g_strdup(cl_param);
g_assert(decoded_param);
- strcpy(decoded_param, cl_param);
/* The lines below will parse this string (modifying it) to extract all
/* Remove leading and trailing spaces from the table name */
while ( table_name[0] == ' ' )
- table_name++;
+ table_name++;
while ( table_name[strlen(table_name) - 1] == ' ' )
table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
}
if (!table_matching) {
- /* Display a list of supported layer types to help the user, if the
+ /* Display a list of supported layer types to help the user, if the
specified layer type was not found */
cmdarg_err("Valid layer types are:");
fprint_all_layer_types(stderr);
if (remaining_param == NULL || !table_matching) {
/* Exit if the layer type was not found, or if no '=' separator was found
(see above) */
- g_free(decoded_param);
+ g_free(decoded_param);
return FALSE;
}
-
+
if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */
cmdarg_err("WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"", table_name, remaining_param + 1);
}
case FT_STRING:
case FT_STRINGZ:
+ case FT_EBCDIC:
/* The selector for this table is a string. */
break;
/* Exit if no ',' separator was found (see above) */
cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name);
fprint_all_protocols_for_layer_types(stderr, table_name);
- g_free(decoded_param);
+ g_free(decoded_param);
return FALSE;
}
/* This section extracts a protocol filter name (dissector_str) from decoded_param */
dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */
-
+
/* Remove leading and trailing spaces from the dissector name */
while ( dissector_str[0] == ' ' )
- dissector_str++;
+ dissector_str++;
while ( dissector_str[strlen(dissector_str) - 1] == ' ' )
dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
dissector_matching = NULL;
-
+
/* We now have a pointer to the handle for the requested table inside the variable table_matching */
if ( ! (*dissector_str) ) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */
cmdarg_err("No protocol name specified"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */
user_protocol_name.nb_match = 0;
user_protocol_name.searched_name = dissector_str;
user_protocol_name.matched_handle = NULL;
-
+
dissector_table_foreach_handle(table_name, find_protocol_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */
-
+
if (user_protocol_name.nb_match != 0) {
dissector_matching = user_protocol_name.matched_handle;
if (user_protocol_name.nb_match > 1) {
if (!dissector_matching) {
cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name);
fprint_all_protocols_for_layer_types(stderr, table_name);
- g_free(decoded_param);
+ g_free(decoded_param);
return FALSE;
}
selector
dissector_matching
The above variables that are strings are still pointing to areas within
- decoded_parm. decoded_parm thus still needs to be kept allocated in
+ decoded_parm. decoded_parm thus still needs to be kept allocated in
until we stop needing these variables
decoded_param will be deallocated at each exit point of this function */
case FT_STRING:
case FT_STRINGZ:
+ case FT_EBCDIC:
/* The selector for this table is a string. */
dissector_change_string(table_name, selector_str, dissector_matching);
break;
}
static void
-log_func_ignore (const gchar *log_domain _U_, GLogLevelFlags log_level _U_,
- const gchar *message _U_, gpointer user_data _U_)
+tshark_log_handler (const gchar *log_domain, GLogLevelFlags log_level,
+ const gchar *message, gpointer user_data)
{
+ /* ignore log message, if log_level isn't interesting based
+ upon the console log preferences.
+ If the preferences haven't been loaded loaded yet, display the
+ message anyway.
+
+ The default console_log_level preference value is such that only
+ ERROR, CRITICAL and WARNING level messages are processed;
+ MESSAGE, INFO and DEBUG level messages are ignored.
+
+ XXX: Aug 07, 2009: Prior tshark g_log code was hardwired to process only
+ ERROR and CRITICAL level messages so the current code is a behavioral
+ change. The current behavior is the same as in Wireshark.
+ */
+ if((log_level & G_LOG_LEVEL_MASK & prefs.console_log_level) == 0 &&
+ prefs.console_log_level != 0) {
+ return;
+ }
+
+ g_log_default_handler(log_domain, log_level, message, user_data);
+
}
static char *
return save_file_string;
}
+static void
+print_current_user(void) {
+ gchar *cur_user, *cur_group;
+ if (started_with_special_privs()) {
+ cur_user = get_cur_username();
+ cur_group = get_cur_groupname();
+ fprintf(stderr, "Running as user \"%s\" and group \"%s\".",
+ cur_user, cur_group);
+ g_free(cur_user);
+ g_free(cur_group);
+ if (running_with_special_privs()) {
+ fprintf(stderr, " This could be dangerous.");
+ }
+ fprintf(stderr, "\n");
+ }
+}
+
+static void
+check_capture_privs(void) {
+#ifdef _WIN32
+ load_wpcap();
+ /* Warn the user if npf.sys isn't loaded. */
+ if (!npf_sys_is_running() && get_os_major_version() >= 6) {
+ fprintf(stderr, "The NPF driver isn't running. You may have trouble "
+ "capturing or\nlisting interfaces.\n");
+ }
+#endif
+}
+
+
+
int
main(int argc, char *argv[])
{
+ char *init_progfile_dir_error;
int opt, i;
extern char *optarg;
gboolean arg_error = FALSE;
int dp_open_errno, dp_read_errno;
int err;
#ifdef HAVE_LIBPCAP
- gboolean capture_filter_specified = FALSE;
gboolean list_link_layer_types = FALSE;
gboolean start_capture = FALSE;
+ int status;
#else
gboolean capture_option_specified = FALSE;
#endif
e_prefs *prefs;
char badopt;
GLogLevelFlags log_flags;
- int status;
+ int optind_initial;
-#define OPTSTRING_INIT "a:b:c:d:Df:F:hi:lLnN:o:pqr:R:s:St:T:vVw:xX:y:z:"
+#define OPTSTRING_INIT "a:b:c:C:d:De:E:f:F:G:hi:K:lLnN:o:pqr:R:s:St:T:vVw:xX:y:z:"
#ifdef HAVE_LIBPCAP
#ifdef _WIN32
#define OPTSTRING_WIN32 "B:"
*/
get_credential_info();
- /* nothing more than the standard GLib handler, but without a warning */
- log_flags =
+ /*
+ * Attempt to get the pathname of the executable file.
+ */
+ init_progfile_dir_error = init_progfile_dir(argv[0], main);
+ if (init_progfile_dir_error != NULL) {
+ fprintf(stderr, "tshark: Can't get pathname of tshark program: %s.\n",
+ init_progfile_dir_error);
+ }
+
+ /*
+ * In order to have the -X opts assigned before the wslua machine starts
+ * we need to call getopts before epan_init() gets called.
+ */
+ opterr = 0;
+ optind_initial = optind;
+
+ while ((opt = getopt(argc, argv, optstring)) != -1) {
+ switch (opt) {
+ case 'C': /* Configuration Profile */
+ if (profile_exists (optarg)) {
+ set_profile_name (optarg);
+ } else {
+ cmdarg_err("Configuration Profile \"%s\" does not exist", optarg);
+ exit(1);
+ }
+ break;
+ case 'X':
+ ex_opt_add(optarg);
+ break;
+ default:
+ break;
+ }
+ }
+
+ optind = optind_initial;
+ opterr = 1;
+
+
+
+/** Send All g_log messages to our own handler **/
+
+ log_flags =
G_LOG_LEVEL_ERROR|
G_LOG_LEVEL_CRITICAL|
G_LOG_LEVEL_WARNING|
g_log_set_handler(NULL,
log_flags,
- log_func_ignore, NULL /* user_data */);
+ tshark_log_handler, NULL /* user_data */);
+ g_log_set_handler(LOG_DOMAIN_MAIN,
+ log_flags,
+ tshark_log_handler, NULL /* user_data */);
+
+#ifdef HAVE_LIBPCAP
+ g_log_set_handler(LOG_DOMAIN_CAPTURE,
+ log_flags,
+ tshark_log_handler, NULL /* user_data */);
g_log_set_handler(LOG_DOMAIN_CAPTURE_CHILD,
log_flags,
- log_func_ignore, NULL /* user_data */);
+ tshark_log_handler, NULL /* user_data */);
+#endif
- /* initialize memory allocation subsystem */
- ep_init_chunk();
- se_init_chunk();
-
initialize_funnel_ops();
-
+
#ifdef HAVE_LIBPCAP
- capture_opts_init(&capture_opts, NULL /* cfile */);
+ capture_opts_init(&global_capture_opts, &cfile);
#endif
timestamp_set_type(TS_RELATIVE);
"-G" flag, as the "-G" flag dumps information registered by the
dissectors, and we must do it before we read the preferences, in
case any dissectors register preferences. */
- epan_init(PLUGIN_DIR,register_all_protocols,register_all_protocol_handoffs,
- failure_message,open_failure_message,read_failure_message);
+ epan_init(register_all_protocols, register_all_protocol_handoffs, NULL, NULL,
+ failure_message, open_failure_message, read_failure_message,
+ write_failure_message);
/* Register all tap listeners; we do this before we parse the arguments,
as the "-z" argument can specify a registered tap. */
-
+
/* we register the plugin taps before the other taps because
stats_tree taps plugins will be registered as tap listeners
by stats_tree_stat.c and need to registered before that */
If none of our build or other processes uses "-G" with no arguments,
we can just process it with the other arguments. */
if (argc >= 2 && strcmp(argv[1], "-G") == 0) {
+ proto_initialize_all_prefixes();
+
if (argc == 2)
proto_registrar_dump_fields(1);
else {
g_free(dp_path);
}
-#ifdef _WIN32
- /* Load Wpcap, if possible */
- load_wpcap();
-#endif
+ check_capture_privs();
init_cap_file(&cfile);
/* Assemble the compile-time version information string */
comp_info_str = g_string_new("Compiled ");
- get_compiled_version_info(comp_info_str);
+ get_compiled_version_info(comp_info_str, get_epan_compiled_version_info);
/* Assemble the run-time version information string */
runtime_info_str = g_string_new("Running ");
- get_runtime_version_info(runtime_info_str);
+ get_runtime_version_info(runtime_info_str, NULL);
/* Print format defaults to this. */
print_format = PR_FMT_TEXT;
+ output_fields = output_fields_new();
+
/* Now get our args */
while ((opt = getopt(argc, argv, optstring)) != -1) {
switch (opt) {
case 'a': /* autostop criteria */
case 'b': /* Ringbuffer option */
- case 'c': /* Capture xxx packets */
+ case 'c': /* Capture x packets */
case 'f': /* capture filter */
- case 'i': /* Use interface xxx */
+ case 'i': /* Use interface x */
case 'p': /* Don't capture in promiscuous mode */
case 's': /* Set the snapshot (capture) length */
- case 'w': /* Write to capture file xxx */
+ case 'w': /* Write to capture file x */
case 'y': /* Set the pcap data link type */
#ifdef _WIN32
case 'B': /* Buffer size */
#endif /* _WIN32 */
#ifdef HAVE_LIBPCAP
- status = capture_opts_add_opt(&capture_opts, opt, optarg, &start_capture);
+ status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture);
if(status != 0) {
exit(status);
}
arg_error = TRUE;
#endif
break;
+ case 'C':
+ /* Configuration profile settings were already processed just ignore them this time*/
+ break;
case 'd': /* Decode as rule */
if (!add_decode_as(optarg))
exit(1);
break;
+#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
+ case 'K': /* Kerberos keytab file */
+ read_keytab_file(optarg);
+ break;
+#endif
case 'D': /* Print a list of capture devices and exit */
#ifdef HAVE_LIBPCAP
- status = capture_opts_list_interfaces();
+ status = capture_opts_list_interfaces(FALSE);
exit(status);
#else
capture_option_specified = TRUE;
arg_error = TRUE;
#endif
break;
+ case 'e':
+ /* Field entry */
+ output_fields_add(output_fields, optarg);
+ break;
+ case 'E':
+ /* Field option */
+ if(!output_fields_set_option(output_fields, optarg)) {
+ cmdarg_err("\"%s\" is not a valid field output option=value pair.", optarg);
+ output_fields_list_options(stderr);
+ exit(1);
+ }
+ break;
case 'F':
out_file_type = wtap_short_string_to_file_type(optarg);
if (out_file_type < 0) {
case 'L': /* Print list of link-layer types and exit */
#ifdef HAVE_LIBPCAP
list_link_layer_types = TRUE;
- break;
#else
capture_option_specified = TRUE;
arg_error = TRUE;
g_resolv_flags = RESOLV_NONE;
badopt = string_to_name_resolve(optarg, &g_resolv_flags);
if (badopt != '\0') {
- cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+ cmdarg_err("-N specifies unknown resolving option '%c';",
badopt);
+ cmdarg_err_cont( " Valid options are 'm', 'n', 't', and 'C'");
exit(1);
}
break;
case 'o': /* Override preference from command line */
switch (prefs_set_pref(optarg)) {
+ case PREFS_SET_OK:
+ break;
+
case PREFS_SET_SYNTAX_ERR:
cmdarg_err("Invalid -o flag \"%s\"", optarg);
exit(1);
case 'q': /* Quiet */
quiet = TRUE;
break;
- case 'r': /* Read capture file xxx */
+ case 'r': /* Read capture file x */
cf_name = g_strdup(optarg);
break;
case 'R': /* Read file filter */
timestamp_set_type(TS_ABSOLUTE_WITH_DATE);
else if (strcmp(optarg, "d") == 0)
timestamp_set_type(TS_DELTA);
+ else if (strcmp(optarg, "dd") == 0)
+ timestamp_set_type(TS_DELTA_DIS);
+ else if (strcmp(optarg, "e") == 0)
+ timestamp_set_type(TS_EPOCH);
else {
cmdarg_err("Invalid time stamp type \"%s\"",
optarg);
} else if (strcmp(optarg, "psml") == 0) {
output_action = WRITE_XML;
verbose = FALSE;
+ } else if(strcmp(optarg, "fields") == 0) {
+ output_action = WRITE_FIELDS;
+ verbose = TRUE; /* Need full tree info */
} else {
cmdarg_err("Invalid -T parameter.");
- cmdarg_err_cont("It must be \"ps\", \"text\", \"pdml\", or \"psml\".");
+ cmdarg_err_cont("It must be \"ps\", \"text\", \"pdml\", \"psml\" or \"fields\".");
exit(1);
}
break;
"%s"
"\n"
"%s",
- svnversion, get_copyright_info(), comp_info_str->str,
+ wireshark_svnversion, get_copyright_info(), comp_info_str->str,
runtime_info_str->str);
exit(0);
break;
print_hex = TRUE;
break;
case 'X':
- ex_opt_add(optarg);
break;
case 'z':
/* We won't call the init function for the stat this soon
default:
case '?': /* Bad flag - print usage message */
switch(optopt) {
- case'F':
+ case 'F':
list_capture_types();
break;
default:
}
}
+ /* If we specified output fields, but not the output field type... */
+ if(WRITE_FIELDS != output_action && 0 != output_fields_num_fields(output_fields)) {
+ cmdarg_err("Output fields were specified with \"-e\", "
+ "but \"-Tfields\" was not specified.");
+ exit(1);
+ } else if(WRITE_FIELDS == output_action && 0 == output_fields_num_fields(output_fields)) {
+ cmdarg_err("\"-Tfields\" was specified, but no fields were "
+ "specified with \"-e\".");
+
+ exit(1);
+ }
+
/* If no capture filter or read filter has been specified, and there are
still command-line arguments, treat them as the tokens of a capture
filter (if no "-r" flag was specified) or a read filter (if a "-r"
rfilter = get_args_as_string(argc, argv, optind);
} else {
#ifdef HAVE_LIBPCAP
- if (capture_filter_specified) {
+ if (global_capture_opts.has_cfilter) {
cmdarg_err("Capture filters were specified both with \"-f\""
" and with additional command-line arguments");
exit(1);
}
- capture_opts.cfilter = get_args_as_string(argc, argv, optind);
+ global_capture_opts.has_cfilter = TRUE;
+ global_capture_opts.cfilter = get_args_as_string(argc, argv, optind);
#else
capture_option_specified = TRUE;
#endif
}
}
- if (!capture_opts.saving_to_file) {
+#ifdef HAVE_LIBPCAP
+ if (!global_capture_opts.saving_to_file) {
/* We're not saving the capture to a file; if "-q" wasn't specified,
we should print packet information */
if (!quiet)
output, reject the request. At best, we could redirect that
to the standard error; we *can't* write both to the standard
output and have either of them be useful. */
- if (strcmp(capture_opts.save_file, "-") == 0 && print_packet_info) {
+ if (strcmp(global_capture_opts.save_file, "-") == 0 && print_packet_info) {
cmdarg_err("You can't write both raw packet data and dissected packets"
" to the standard output.");
exit(1);
}
}
+#else
+ /* We're not saving the capture to a file; if "-q" wasn't specified,
+ we should print packet information */
+ if (!quiet)
+ print_packet_info = TRUE;
+#endif
#ifndef HAVE_LIBPCAP
if (capture_option_specified)
support in capture files we read). */
#ifdef HAVE_LIBPCAP
if (cf_name != NULL) {
- if (capture_filter_specified) {
+ if (global_capture_opts.has_cfilter) {
cmdarg_err("Only read filters, not capture filters, "
"can be specified when reading a capture file.");
exit(1);
exit(1);
}
/* No - did they specify a ring buffer option? */
- if (capture_opts.multi_files_on) {
+ if (global_capture_opts.multi_files_on) {
cmdarg_err("Ring buffer requested, but a capture isn't being done.");
exit(1);
}
} else {
- /* If they didn't specify a "-w" flag, but specified a maximum capture
- file size, tell them that this doesn't work, and exit. */
- if (capture_opts.has_autostop_filesize && capture_opts.save_file == NULL) {
- cmdarg_err("Maximum capture file size specified, but "
- "capture isn't being saved to a file.");
- exit(1);
- }
-
if (cf_name) {
/*
* "-r" was specified, so we're reading a capture file.
* Capture options don't apply here.
*/
- if (capture_opts.multi_files_on) {
+ if (global_capture_opts.multi_files_on) {
cmdarg_err("Multiple capture files requested, but "
"a capture isn't being done.");
exit(1);
}
- if (capture_opts.has_file_duration) {
+ if (global_capture_opts.has_file_duration) {
cmdarg_err("Switching capture files after a time interval was specified, but "
"a capture isn't being done.");
exit(1);
}
- if (capture_opts.has_ring_num_files) {
+ if (global_capture_opts.has_ring_num_files) {
cmdarg_err("A ring buffer of capture files was specified, but "
"a capture isn't being done.");
exit(1);
}
- if (capture_opts.has_autostop_files) {
+ if (global_capture_opts.has_autostop_files) {
cmdarg_err("A maximum number of capture files was specified, but "
"a capture isn't being done.");
exit(1);
}
- if (capture_opts.has_autostop_packets) {
- cmdarg_err("A maximum number of captured packets was specified, but "
- "a capture isn't being done.");
- exit(1);
- }
- if (capture_opts.has_autostop_filesize) {
- cmdarg_err("A maximum capture file size was specified, but "
- "a capture isn't being done.");
- exit(1);
- }
- if (capture_opts.has_autostop_duration) {
+
+ /* Note: TShark now allows the restriction of a _read_ file by packet count
+ * and byte count as well as a write file. Other autostop options remain valid
+ * only for a write file.
+ */
+ if (global_capture_opts.has_autostop_duration) {
cmdarg_err("A maximum capture time was specified, but "
"a capture isn't being done.");
exit(1);
/*
* "-r" wasn't specified, so we're doing a live capture.
*/
- if (capture_opts.saving_to_file) {
+ if (global_capture_opts.saving_to_file) {
/* They specified a "-w" flag, so we'll be saving to a capture file. */
-
+
/* When capturing, we only support writing libpcap format. */
if (out_file_type != WTAP_FILE_PCAP) {
cmdarg_err("Live captures can only be saved in libpcap format.");
exit(1);
}
- if (capture_opts.multi_files_on) {
- /* Multiple-file mode works only under certain conditions:
+ if (global_capture_opts.multi_files_on) {
+ /* Multiple-file mode doesn't work under certain conditions:
a) it doesn't work if you're writing to the standard output;
b) it doesn't work if you're writing to a pipe;
- c) it makes no sense if the maximum file size is set to "infinite"
- (XXX - shouldn't that be "if there is no stop criterion",
- as you might want to switch files based on a packet count
- or a time). */
- if (strcmp(capture_opts.save_file, "-") == 0) {
+ */
+ if (strcmp(global_capture_opts.save_file, "-") == 0) {
cmdarg_err("Multiple capture files requested, but "
"the capture is being written to the standard output.");
exit(1);
}
- if (capture_opts.output_to_pipe) {
+ if (global_capture_opts.output_to_pipe) {
cmdarg_err("Multiple capture files requested, but "
"the capture file is a pipe.");
exit(1);
}
- if (!capture_opts.has_autostop_filesize) {
+ if (!global_capture_opts.has_autostop_filesize &&
+ !global_capture_opts.has_file_duration) {
cmdarg_err("Multiple capture files requested, but "
- "no maximum capture file size was specified.");
+ "no maximum capture file size or duration was specified.");
exit(1);
}
}
/* They didn't specify a "-w" flag, so we won't be saving to a
capture file. Check for options that only make sense if
we're saving to a file. */
- if (capture_opts.has_autostop_filesize) {
+ if (global_capture_opts.has_autostop_filesize) {
cmdarg_err("Maximum capture file size specified, but "
"capture isn't being saved to a file.");
exit(1);
}
- if (capture_opts.multi_files_on) {
+ if (global_capture_opts.multi_files_on) {
cmdarg_err("Multiple capture files requested, but "
"the capture isn't being saved to a file.");
exit(1);
have a tap filter with one of MATE's late-registered fields as part
of the filter. We can now process all the "-z" arguments. */
start_requested_stats();
-
+
/* disabled protocols as per configuration file */
if (gdp_path == NULL && dp_path == NULL) {
set_disabled_protos_list();
for (i = 0; i < cfile.cinfo.num_cols; i++) {
cfile.cinfo.col_fmt[i] = get_column_format(i);
cfile.cinfo.col_title[i] = g_strdup(get_column_title(i));
+ if (cfile.cinfo.col_fmt[i] == COL_CUSTOM) {
+ cfile.cinfo.col_custom_field[i] = g_strdup(get_column_custom_field(i));
+ if(!dfilter_compile(cfile.cinfo.col_custom_field[i], &cfile.cinfo.col_custom_dfilter[i])) {
+ /* XXX: Should we issue a warning? */
+ g_free(cfile.cinfo.col_custom_field[i]);
+ cfile.cinfo.col_custom_field[i] = NULL;
+ cfile.cinfo.col_custom_dfilter[i] = NULL;
+ }
+ } else {
+ cfile.cinfo.col_custom_field[i] = NULL;
+ cfile.cinfo.col_custom_dfilter[i] = NULL;
+ }
cfile.cinfo.fmt_matx[i] = (gboolean *) g_malloc0(sizeof(gboolean) *
NUM_COL_FMTS);
get_column_format_matches(cfile.cinfo.fmt_matx[i], cfile.cinfo.col_fmt[i]);
else
cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
cfile.cinfo.col_fence[i] = 0;
- cfile.cinfo.col_expr[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
- cfile.cinfo.col_expr_val[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
+ cfile.cinfo.col_expr.col_expr[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
+ cfile.cinfo.col_expr.col_expr_val[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
}
for (i = 0; i < cfile.cinfo.num_cols; i++) {
for (j = 0; j < NUM_COL_FMTS; j++) {
if (!cfile.cinfo.fmt_matx[i][j])
continue;
-
+
if (cfile.cinfo.col_first[j] == -1)
cfile.cinfo.col_first[j] = i;
cfile.cinfo.col_last[j] = i;
}
#ifdef HAVE_LIBPCAP
- capture_opts_trim_snaplen(&capture_opts, MIN_PACKET_SIZE);
- capture_opts_trim_ring_num_files(&capture_opts);
+ capture_opts_trim_snaplen(&global_capture_opts, MIN_PACKET_SIZE);
+ capture_opts_trim_ring_num_files(&global_capture_opts);
#endif
if (rfilter != NULL) {
* can't open.
*/
relinquish_special_privs_perm();
+ print_current_user();
if (cf_open(&cfile, cf_name, FALSE, &err) != CF_OK) {
epan_cleanup();
}
/* Process the packets in the file */
- err = load_cap_file(&cfile, capture_opts.save_file, out_file_type);
+#ifdef HAVE_LIBPCAP
+ err = load_cap_file(&cfile, global_capture_opts.save_file, out_file_type,
+ global_capture_opts.has_autostop_packets ? global_capture_opts.autostop_packets : 0,
+ global_capture_opts.has_autostop_filesize ? global_capture_opts.autostop_filesize : 0);
+#else
+ err = load_cap_file(&cfile, NULL, out_file_type, 0, 0);
+#endif
if (err != 0) {
epan_cleanup();
exit(2);
#endif
/* trim the interface name and exit if that failed */
- if (!capture_opts_trim_iface(&capture_opts,
+ if (!capture_opts_trim_iface(&global_capture_opts,
(prefs->capture_device) ? get_if_name(prefs->capture_device) : NULL)) {
exit(2);
}
/* if requested, list the link layer types and exit */
if (list_link_layer_types) {
- status = capture_opts_list_link_layer_types(&capture_opts);
+ status = capture_opts_list_link_layer_types(&global_capture_opts, FALSE);
exit(status);
}
- if (!print_packet_info && !quiet) {
+ if (print_packet_info) {
+ if (!write_preamble(NULL)) {
+ err = errno;
+ show_print_file_io_error(err);
+ return err;
+ }
+ } else if (!quiet) {
/*
* We're not printing information for each packet, and the user
* didn't ask us not to print a count of packets as they arrive,
capture();
- if (capture_opts.multi_files_on) {
- ringbuf_free();
+ if (print_packet_info) {
+ if (!write_finale()) {
+ err = errno;
+ show_print_file_io_error(err);
+ }
}
#else
/* No - complain. */
funnel_dump_all_text_windows();
epan_cleanup();
+ output_fields_free(output_fields);
+ output_fields = NULL;
+
return 0;
}
-#ifdef HAVE_LIBPCAP
-/* Do the low-level work of a capture.
- Returns TRUE if it succeeds, FALSE otherwise. */
+/*#define USE_BROKEN_G_MAIN_LOOP*/
-static condition *volatile cnd_file_duration = NULL; /* this must be visible in process_packet */
+#ifdef USE_BROKEN_G_MAIN_LOOP
+ GMainLoop *loop;
+#else
+ gboolean loop_running = FALSE;
+#endif
+ guint32 packet_count = 0;
-static int
-capture(void)
-{
- int err = 0;
- int volatile volatile_err = 0;
- int volatile inpkts = 0;
- int pcap_cnt;
- condition *volatile cnd_autostop_size = NULL;
- condition *volatile cnd_autostop_duration = NULL;
- char *descr;
-#ifndef _WIN32
- void (*oldhandler)(int);
- guchar pcap_data[WTAP_MAX_PACKET_SIZE];
+
+/* XXX - move to the right position / file */
+/* read from a pipe (callback) */
+typedef gboolean (*pipe_input_cb_t) (gint source, gpointer user_data);
+
+typedef struct pipe_input_tag {
+ gint source;
+ gpointer user_data;
+ int *child_process;
+ pipe_input_cb_t input_cb;
+ guint pipe_input_id;
+#ifdef _WIN32
+ GStaticMutex callback_running;
#endif
- struct pcap_stat stats;
- gboolean write_ok;
- gboolean close_ok;
- gboolean cfilter_error = FALSE;
- char errmsg[1024+1];
- char secondary_errmsg[4096+1];
- int save_file_fd;
+} pipe_input_t;
- /* Initialize all data structures used for dissection. */
- init_dissection();
+static pipe_input_t pipe_input;
- ld.wtap_linktype = WTAP_ENCAP_UNKNOWN;
- ld.pdh = NULL;
- ld.packet_cb = capture_pcap_cb;
+#ifdef _WIN32
+/* The timer has expired, see if there's stuff to read from the pipe,
+ if so, do the callback */
+static gint
+pipe_timer_cb(gpointer data)
+{
+ HANDLE handle;
+ DWORD avail = 0;
+ gboolean result, result1;
+ DWORD childstatus;
+ pipe_input_t *pipe_input = data;
+ gint iterations = 0;
+
+
+ g_static_mutex_lock (&pipe_input->callback_running);
+
+ /* try to read data from the pipe only 5 times, to avoid blocking */
+ while(iterations < 5) {
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: new iteration");*/
+
+ /* Oddly enough although Named pipes don't work on win9x,
+ PeekNamedPipe does !!! */
+ handle = (HANDLE) _get_osfhandle (pipe_input->source);
+ result = PeekNamedPipe(handle, NULL, 0, NULL, &avail, NULL);
+
+ /* Get the child process exit status */
+ result1 = GetExitCodeProcess((HANDLE)*(pipe_input->child_process),
+ &childstatus);
+ /* If the Peek returned an error, or there are bytes to be read
+ or the childwatcher thread has terminated then call the normal
+ callback */
+ if (!result || avail > 0 || childstatus != STILL_ACTIVE) {
- /* open the "input file" from network interface or capture pipe */
- if (!capture_loop_open_input(&capture_opts, &ld, errmsg, sizeof(errmsg),
- secondary_errmsg, sizeof(secondary_errmsg))) {
- goto error;
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: data avail");*/
+
+ /* And call the real handler */
+ if (!pipe_input->input_cb(pipe_input->source, pipe_input->user_data)) {
+ g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: input pipe closed, iterations: %u", iterations);
+ /* pipe closed, return false so that the timer is stopped */
+ g_static_mutex_unlock (&pipe_input->callback_running);
+ return FALSE;
+ }
+ }
+ else {
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: no data avail");*/
+ /* No data, stop now */
+ break;
+ }
+
+ iterations++;
}
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: finished with iterations: %u, new timer", iterations);*/
+
+ g_static_mutex_unlock (&pipe_input->callback_running);
+
+ /* we didn't stopped the timer, so let it run */
+ return TRUE;
+}
+#endif
+
+
+void
+pipe_input_set_handler(gint source, gpointer user_data, int *child_process, pipe_input_cb_t input_cb)
+{
+
+ pipe_input.source = source;
+ pipe_input.child_process = child_process;
+ pipe_input.user_data = user_data;
+ pipe_input.input_cb = input_cb;
+
+#ifdef _WIN32
+ g_static_mutex_init(&pipe_input.callback_running);
+ /* Tricky to use pipes in win9x, as no concept of wait. NT can
+ do this but that doesn't cover all win32 platforms. GTK can do
+ this but doesn't seem to work over processes. Attempt to do
+ something similar here, start a timer and check for data on every
+ timeout. */
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_input_set_handler: new");*/
+ pipe_input.pipe_input_id = g_timeout_add(200, pipe_timer_cb, &pipe_input);
+#endif
+}
+
+
+#ifdef HAVE_LIBPCAP
+static int
+capture(void)
+{
+ gboolean ret;
+#ifdef USE_TSHARK_SELECT
+ fd_set readfds;
+#endif
+#ifndef _WIN32
+ struct sigaction action, oldaction;
+#endif
+
/*
+ * XXX - dropping privileges is still required, until code cleanup is done
+ *
+ * remove all dependencies to pcap specific code and using only dumpcap is almost done.
+ * when it's done, we don't need special privileges to run tshark at all,
+ * therefore we don't need to drop these privileges
+ * The only thing we might want to keep is a warning if tshark is run as root,
+ * as it's no longer necessary and potentially dangerous.
+ *
+ * THE FOLLOWING IS THE FORMER COMMENT WHICH IS NO LONGER REALLY VALID:
* We've opened the capture device, so we shouldn't need any special
* privileges any more; relinquish those privileges.
*
* not special privileges.
*/
relinquish_special_privs_perm();
+ print_current_user();
- /* init the input filter from the network interface (capture pipe will do nothing) */
- switch (capture_loop_init_filter(ld.pcap_h, ld.from_cap_pipe, capture_opts.iface, capture_opts.cfilter)) {
-
- case INITFILTER_NO_ERROR:
- break;
-
- case INITFILTER_BAD_FILTER:
- cfilter_error = TRUE;
- g_snprintf(errmsg, sizeof(errmsg), "%s", pcap_geterr(ld.pcap_h));
- *secondary_errmsg = '\0';
- goto error;
-
- case INITFILTER_OTHER_ERROR:
- g_snprintf(errmsg, sizeof(errmsg), "Can't install filter (%s).",
- pcap_geterr(ld.pcap_h));
- g_snprintf(secondary_errmsg, sizeof(secondary_errmsg), "%s", please_report);
- goto error;
- }
-
- if (capture_opts.saving_to_file) {
- /* open the output file (temporary/specified name/ringbuffer/named pipe/stdout) */
- if (!capture_loop_open_output(&capture_opts, &save_file_fd, errmsg, sizeof(errmsg))) {
- *secondary_errmsg = '\0';
- goto error;
- }
-
- /* set up to write to the already-opened capture output file/files */
- if(!capture_loop_init_output(&capture_opts, save_file_fd, &ld, errmsg, sizeof errmsg)) {
- *secondary_errmsg = '\0';
- goto error;
- }
-
- /* Save the capture file name. */
- ld.save_file = capture_opts.save_file;
- }
-
- ld.wtap_linktype = wtap_pcap_encap_to_wtap_encap(ld.linktype);
+ /* Initialize all data structures used for dissection. */
+ init_dissection();
#ifdef _WIN32
/* Catch a CTRL+C event and, if we get it, clean up and exit. */
SetConsoleCtrlHandler(capture_cleanup, TRUE);
#else /* _WIN32 */
/* Catch SIGINT and SIGTERM and, if we get either of them, clean up
- and exit.
- XXX - deal with signal semantics on various UNIX platforms. Or just
- use "sigaction()" and be done with it? */
- signal(SIGTERM, capture_cleanup);
- signal(SIGINT, capture_cleanup);
- if ((oldhandler = signal(SIGHUP, capture_cleanup)) != SIG_DFL)
- signal(SIGHUP, oldhandler);
+ and exit. */
+ action.sa_handler = capture_cleanup;
+ action.sa_flags = 0;
+ sigemptyset(&action.sa_mask);
+ sigaction(SIGTERM, &action, NULL);
+ sigaction(SIGINT, &action, NULL);
+ sigaction(SIGHUP, NULL, &oldaction);
+ if (oldaction.sa_handler == SIG_DFL)
+ sigaction(SIGHUP, &action, NULL);
#ifdef SIGINFO
/* Catch SIGINFO and, if we get it and we're capturing to a file in
quiet mode, report the number of packets we've captured. */
- signal(SIGINFO, report_counts_siginfo);
+ action.sa_handler = report_counts_siginfo;
+ action.sa_flags = 0;
+ sigemptyset(&action.sa_mask);
+ sigaction(SIGINFO, &action, NULL);
#endif /* SIGINFO */
#endif /* _WIN32 */
+ global_capture_opts.state = CAPTURE_PREPARING;
+
/* Let the user know what interface was chosen. */
- descr = get_interface_descriptive_name(capture_opts.iface);
- fprintf(stderr, "Capturing on %s\n", descr);
- g_free(descr);
-
- /* initialize capture stop conditions */
- init_capture_stop_conditions();
- /* create stop conditions */
- if (capture_opts.has_autostop_filesize)
- cnd_autostop_size = cnd_new((const char*)CND_CLASS_CAPTURESIZE,
- (long)capture_opts.autostop_filesize * 1024);
- if (capture_opts.has_autostop_duration)
- cnd_autostop_duration = cnd_new((const char*)CND_CLASS_TIMEOUT,
- (gint32)capture_opts.autostop_duration);
-
- if (capture_opts.multi_files_on && capture_opts.has_file_duration)
- cnd_file_duration = cnd_new(CND_CLASS_TIMEOUT, capture_opts.file_duration);
-
- if (!setjmp(ld.stopenv)) {
- ld.go = TRUE;
- ld.packet_count = 0;
- } else
- ld.go = FALSE;
-
- while (ld.go) {
- /* We need to be careful with automatic variables defined in the
- outer scope which are changed inside the loop. Most compilers
- don't try to roll them back to their original values after the
- longjmp which causes the loop to finish, but all that the
- standards say is that their values are indeterminate. If we
- don't want them to be rolled back, we should define them with the
- volatile attribute (paraphrasing W. Richard Stevens, Advanced
- Programming in the UNIX Environment, p. 178).
-
- The "err" variable causes a particular problem. If we give it
- the volatile attribute, then when we pass a reference to it (as
- in "&err") to a function, GCC warns: "passing arg <n> of
- <function> discards qualifiers from pointer target type".
- Therefore within the loop and just beyond we don't use "err".
- Within the loop we define "loop_err", and assign its value to
- "volatile_err", which is in the outer scope and is checked when
- the loop finishes.
-
- We also define "packet_count_prev" here to keep things tidy,
- since it's used only inside the loop. If it were defined in the
- outer scope, GCC would give a warning (unnecessary in this case)
- that it might be clobbered, and we'd need to give it the volatile
- attribute to suppress the warning. */
-
- int loop_err = 0;
- int packet_count_prev = 0;
-
- if (cnd_autostop_size == NULL && cnd_autostop_duration == NULL) {
- /* We're not stopping at a particular capture file size, and we're
- not stopping after some particular amount of time has expired,
- so either we have no stop condition or the only stop condition
- is a maximum packet count.
-
- If there's no maximum packet count, pass it -1, meaning "until
- you run out of packets in the bufferful you read". Otherwise,
- pass it the number of packets we have left to capture.
-
- We don't call "pcap_loop()" as, if we're saving to a file that's
- a FIFO, we want to flush the FIFO after we're done processing
- this libpcap bufferful of packets, so that the program
- reading the FIFO sees the packets immediately and doesn't get
- any partial packet, forcing it to block in the middle of reading
- that packet. */
- if (capture_opts.autostop_packets == 0)
- pcap_cnt = -1;
- else {
- if (ld.packet_count >= capture_opts.autostop_packets) {
- /* XXX do we need this test here? */
- /* It appears there's nothing more to capture. */
- break;
- }
- pcap_cnt = capture_opts.autostop_packets - ld.packet_count;
- }
- } else {
- /* We need to check the capture file size or the timeout after
- each packet. */
- pcap_cnt = 1;
- }
-#ifndef _WIN32
- if (ld.from_cap_pipe) {
- inpkts = cap_pipe_dispatch(&ld, pcap_data, errmsg, sizeof errmsg);
- } else
-#endif
- inpkts = pcap_dispatch(ld.pcap_h, pcap_cnt, ld.packet_cb, (u_char *) &ld);
- if (inpkts < 0) {
- /* Error from "pcap_dispatch()", or error or "no more packets" from
- "cap_pipe_dispatch(). */
- ld.go = FALSE;
- } else if (cnd_autostop_duration != NULL && cnd_eval(cnd_autostop_duration)) {
- /* The specified capture time has elapsed; stop the capture. */
- ld.go = FALSE;
- } else if (inpkts > 0) {
- if (capture_opts.autostop_packets != 0 &&
- ld.packet_count >= capture_opts.autostop_packets) {
- /* The specified number of packets have been captured and have
- passed both any capture filter in effect and any read filter
- in effect. */
- ld.go = FALSE;
- } else if (cnd_autostop_size != NULL &&
- cnd_eval(cnd_autostop_size, (guint32)ld.bytes_written)) {
- /* We're saving the capture to a file, and the capture file reached
- its maximum size. */
- if (capture_opts.multi_files_on) {
- /* Switch to the next ringbuffer file */
- if (ringbuf_switch_file(&ld.pdh, &capture_opts.save_file,
- &save_file_fd, &ld.bytes_written,
- &loop_err)) {
- /* File switch succeeded: reset the condition */
- cnd_reset(cnd_autostop_size);
- if (cnd_file_duration) {
- cnd_reset(cnd_file_duration);
- }
- } else {
- /* File switch failed: stop here */
- volatile_err = loop_err;
- ld.go = FALSE;
- }
- } else {
- /* No ringbuffer - just stop. */
- ld.go = FALSE;
- }
- }
- if (capture_opts.output_to_pipe) {
- if (ld.packet_count > packet_count_prev) {
- libpcap_dump_flush(ld.pdh, NULL);
- packet_count_prev = ld.packet_count;
- }
- }
- } /* inpkts > 0 */
- } /* while (ld.go) */
+ global_capture_opts.iface_descr = get_interface_descriptive_name(global_capture_opts.iface);
+ fprintf(stderr, "Capturing on %s\n", global_capture_opts.iface_descr);
- /* delete stop conditions */
- if (cnd_autostop_size != NULL)
- cnd_delete(cnd_autostop_size);
- if (cnd_autostop_duration != NULL)
- cnd_delete(cnd_autostop_duration);
- if (cnd_file_duration != NULL)
- cnd_delete(cnd_file_duration);
+ ret = sync_pipe_start(&global_capture_opts);
- if (print_packet_counts) {
- /* We're printing packet counts to stderr.
- Send a newline so that we move to the line after the packet count. */
- fprintf(stderr, "\n");
- }
+ if (!ret)
+ return FALSE;
- /* If we got an error while capturing, report it. */
- if (inpkts < 0) {
-#ifndef _WIN32
- if (ld.from_cap_pipe) {
- if (ld.cap_pipe_err == PIPERR) {
- cmdarg_err("Error while capturing packets: %s", errmsg);
- }
- } else
-#endif
- {
- cmdarg_err("Error while capturing packets: %s", pcap_geterr(ld.pcap_h));
- }
- }
+ /* the actual capture loop
+ *
+ * XXX - glib doesn't seem to provide any event based loop handling.
+ *
+ * XXX - for whatever reason,
+ * calling g_main_loop_new() ends up in 100% cpu load.
+ *
+ * But that doesn't matter: in UNIX we can use select() to find an input
+ * source with something to do.
+ *
+ * But that doesn't matter because we're in a CLI (that doesn't need to
+ * update a GUI or something at the same time) so it's OK if we block
+ * trying to read from the pipe.
+ *
+ * So all the stuff in USE_TSHARK_SELECT could be removed unless I'm
+ * wrong (but I leave it there in case I am...).
+ */
- if (volatile_err == 0)
- write_ok = TRUE;
- else {
- show_capture_file_io_error(capture_opts.save_file, volatile_err, FALSE);
- write_ok = FALSE;
- }
+#ifdef USE_TSHARK_SELECT
+ FD_ZERO(&readfds);
+ FD_SET(pipe_input.source, &readfds);
+#endif
- if (capture_opts.save_file != NULL) {
- /* We're saving to a file or files; close all files. */
- close_ok = capture_loop_close_output(&capture_opts, &ld, &err);
+ loop_running = TRUE;
- /* If we've displayed a message about a write error, there's no point
- in displaying another message about an error on close. */
- if (!close_ok && write_ok)
- show_capture_file_io_error(capture_opts.save_file, err, TRUE);
- }
+ while (loop_running)
+ {
+#ifdef USE_TSHARK_SELECT
+ ret = select(pipe_input.source+1, &readfds, NULL, NULL, NULL);
-#ifndef _WIN32
- if (ld.from_cap_pipe && ld.cap_pipe_fd >= 0)
- eth_close(ld.cap_pipe_fd);
- else
+ if (ret == -1)
+ {
+ perror("select()");
+ return TRUE;
+ } else if (ret == 1) {
#endif
- {
- /* Get the capture statistics, and, if any packets were dropped, report
- that. */
- if (pcap_stats(ld.pcap_h, &stats) >= 0) {
- if (stats.ps_drop != 0) {
- fprintf(stderr, "%u packets dropped\n", stats.ps_drop);
+ /* Call the real handler */
+ if (!pipe_input.input_cb(pipe_input.source, pipe_input.user_data)) {
+ g_log(NULL, G_LOG_LEVEL_DEBUG, "input pipe closed");
+ return FALSE;
}
- } else {
- cmdarg_err("Can't get packet-drop statistics: %s", pcap_geterr(ld.pcap_h));
+#ifdef USE_TSHARK_SELECT
}
- pcap_close(ld.pcap_h);
+#endif
}
- /* Report the number of captured packets if not reported during capture
- and we are saving to a file. */
- report_counts();
-
return TRUE;
+}
-error:
- if (capture_opts.multi_files_on) {
- ringbuf_error_cleanup();
- }
- g_free(capture_opts.save_file);
- capture_opts.save_file = NULL;
- if (cfilter_error) {
+
+/* XXX - move the call to main_window_update() out of capture_sync.c */
+/* dummy for capture_sync.c to make linker happy */
+void main_window_update(void)
+{
+}
+
+/* capture child detected an error */
+void
+capture_input_error_message(capture_options *capture_opts _U_, char *error_msg, char *secondary_error_msg)
+{
+ cmdarg_err("%s", error_msg);
+ cmdarg_err_cont("%s", secondary_error_msg);
+}
+
+
+/* capture child detected an capture filter related error */
+void
+capture_input_cfilter_error_message(capture_options *capture_opts, char *error_message)
+{
dfilter_t *rfcode = NULL;
- if (dfilter_compile(capture_opts.cfilter, &rfcode) && rfcode != NULL) {
+
+
+ if (dfilter_compile(capture_opts->cfilter, &rfcode) && rfcode != NULL) {
cmdarg_err(
"Invalid capture filter: \"%s\"!\n"
"\n"
"so you can't use most display filter expressions as capture filters.\n"
"\n"
"See the User's Guide for a description of the capture filter syntax.",
- capture_opts.cfilter, errmsg);
+ capture_opts->cfilter, error_message);
dfilter_free(rfcode);
} else {
cmdarg_err(
"\n"
"That string isn't a valid capture filter (%s).\n"
"See the User's Guide for a description of the capture filter syntax.",
- capture_opts.cfilter, errmsg);
+ capture_opts->cfilter, error_message);
}
- } else {
- cmdarg_err("%s", errmsg);
- if (*secondary_errmsg != '\0') {
- fprintf(stderr, "\n");
- cmdarg_err_cont("%s", secondary_errmsg);
+}
+
+
+/* capture child tells us we have a new (or the first) capture file */
+gboolean
+capture_input_new_file(capture_options *capture_opts, gchar *new_file)
+{
+ gboolean is_tempfile;
+ int err;
+
+
+ if(capture_opts->state == CAPTURE_PREPARING) {
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture started!");
+ }
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "File: \"%s\"", new_file);
+
+ g_assert(capture_opts->state == CAPTURE_PREPARING || capture_opts->state == CAPTURE_RUNNING);
+
+ /* free the old filename */
+ if (capture_opts->save_file != NULL) {
+
+ /* we start a new capture file, close the old one (if we had one before) */
+ if( ((capture_file *) capture_opts->cf)->state != FILE_CLOSED) {
+ if ( ((capture_file *) capture_opts->cf)->wth != NULL) {
+ wtap_close(((capture_file *) capture_opts->cf)->wth);
+ }
+ ((capture_file *) capture_opts->cf)->state = FILE_CLOSED;
}
+
+ g_free(capture_opts->save_file);
+ is_tempfile = FALSE;
+ } else {
+ /* we didn't had a save_file before, must be a tempfile */
+ is_tempfile = TRUE;
}
-#ifndef _WIN32
- if (ld.from_cap_pipe) {
- if (ld.cap_pipe_fd >= 0)
- eth_close(ld.cap_pipe_fd);
- } else
-#endif
- {
- if (ld.pcap_h != NULL)
- pcap_close(ld.pcap_h);
+
+ /* save the new filename */
+ capture_opts->save_file = g_strdup(new_file);
+
+ /* if we are in real-time mode, open the new file now */
+ if(do_dissection) {
+ /* Attempt to open the capture file and set up to read from it. */
+ switch(cf_open(capture_opts->cf, capture_opts->save_file, is_tempfile, &err)) {
+ case CF_OK:
+ break;
+ case CF_ERROR:
+ /* Don't unlink (delete) the save file - leave it around,
+ for debugging purposes. */
+ g_free(capture_opts->save_file);
+ capture_opts->save_file = NULL;
+ return FALSE;
+ }
}
- return FALSE;
+ capture_opts->state = CAPTURE_RUNNING;
+
+ return TRUE;
}
-static void
-capture_pcap_cb(u_char *user, const struct pcap_pkthdr *phdr,
- const u_char *pd)
+
+/* capture child tells us we have new packets to read */
+void
+capture_input_new_packets(capture_options *capture_opts, int to_read)
{
- struct wtap_pkthdr whdr;
- union wtap_pseudo_header pseudo_header;
- const guchar *wtap_pd;
- loop_data *ld = (loop_data *) user;
- int loop_err;
- int err;
- int save_file_fd;
- gboolean packet_accepted;
+ gboolean ret;
+ int err;
+ gchar *err_info;
+ gint64 data_offset;
+ capture_file *cf = capture_opts->cf;
+ gboolean filtering_tap_listeners;
+ guint tap_flags;
#ifdef SIGINFO
/*
infodelay = TRUE;
#endif /* SIGINFO */
- /* The current packet may have arrived after a very long silence,
- * way past the time to switch files. In order not to have
- * the first packet of a new series of events as the last
- * [or only] packet in the file, switch before writing!
- */
- if (cnd_file_duration != NULL && cnd_eval(cnd_file_duration)) {
- /* time elapsed for this ring file, switch to the next */
- if (ringbuf_switch_file(&ld->pdh, &ld->save_file, &save_file_fd,
- &ld->bytes_written, &loop_err)) {
- /* File switch succeeded: reset the condition */
- cnd_reset(cnd_file_duration);
- } else {
- /* File switch failed: stop here */
- /* XXX - we should do something with "loop_err" */
- ld->go = FALSE;
- }
- }
+ /* Do we have any tap listeners with filters? */
+ filtering_tap_listeners = have_filtering_tap_listeners();
- if (do_dissection) {
- /* We're goint to print packet information, run a read filter, or
- process taps. Use process_packet() to handle that; in order
- to do that, we need to convert from libpcap to Wiretap format.
- If that fails, ignore the packet (wtap_process_pcap_packet has
- written an error message). */
- wtap_pd = wtap_process_pcap_packet(ld->wtap_linktype, phdr, pd,
- &pseudo_header, &whdr, &err);
- if (wtap_pd == NULL)
- return;
-
- packet_accepted = process_packet(&cfile, 0, &whdr, &pseudo_header, wtap_pd);
- } else {
- /* We're just writing out packets. */
- packet_accepted = TRUE;
- }
+ /* Get the union of the flags for all tap listeners. */
+ tap_flags = union_of_tap_listener_flags();
- if (packet_accepted) {
- /* Count this packet. */
-#ifdef HAVE_LIBPCAP
- ld->packet_count++;
-#endif
-
- if (ld->pdh != NULL) {
- if (!libpcap_write_packet(ld->pdh, phdr, pd, &ld->bytes_written, &err)) {
- /* Error writing to a capture file */
- if (print_packet_counts) {
- /* We're printing counts of packets captured; move to the line after
- the count. */
- fprintf(stderr, "\n");
- }
- show_capture_file_io_error(ld->save_file, err, FALSE);
- pcap_close(ld->pcap_h);
- libpcap_dump_close(ld->pdh, &err);
- exit(2);
+ if(do_dissection) {
+ while (to_read-- && cf->wth) {
+ ret = wtap_read(cf->wth, &err, &err_info, &data_offset);
+ if(ret == FALSE) {
+ /* read from file failed, tell the capture child to stop */
+ sync_pipe_stop(capture_opts);
+ wtap_close(cf->wth);
+ cf->wth = NULL;
+ } else {
+ ret = process_packet(cf, data_offset, wtap_phdr(cf->wth),
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ filtering_tap_listeners, tap_flags);
+ }
+ if (ret != FALSE) {
+ /* packet sucessfully read and gone through the "Read Filter" */
+ packet_count++;
}
}
- if (print_packet_counts) {
+ } else {
+ /*
+ * Dumpcap's doing all the work; we're not doing any dissection.
+ * Count all the packets it wrote.
+ */
+ packet_count += to_read;
+ }
+
+ if (print_packet_counts) {
/* We're printing packet counts. */
- if (ld->packet_count != 0) {
- fprintf(stderr, "\r%u ", ld->packet_count);
+ if (packet_count != 0) {
+ fprintf(stderr, "\r%u ", packet_count);
/* stderr could be line buffered */
fflush(stderr);
}
- }
}
#ifdef SIGINFO
#endif /* SIGINFO */
}
+static void
+report_counts(void)
+{
+ if (!print_packet_counts) {
+ /* Report the count only if we aren't printing a packet count
+ as packets arrive. */
+ fprintf(stderr, "%u packet%s captured\n", packet_count,
+ plurality(packet_count, "", "s"));
+ }
+#ifdef SIGINFO
+ infoprint = FALSE; /* we just reported it */
+#endif /* SIGINFO */
+}
+
+#ifdef SIGINFO
+static void
+report_counts_siginfo(int signum _U_)
+{
+ int sav_errno = errno;
+ /* If we've been told to delay printing, just set a flag asking
+ that we print counts (if we're supposed to), otherwise print
+ the count of packets captured (if we're supposed to). */
+ if (infodelay)
+ infoprint = TRUE;
+ else
+ report_counts();
+ errno = sav_errno;
+}
+#endif /* SIGINFO */
+
+
+/* capture child detected any packet drops? */
+void
+capture_input_drops(capture_options *capture_opts _U_, guint32 dropped)
+{
+ if (print_packet_counts) {
+ /* We're printing packet counts to stderr.
+ Send a newline so that we move to the line after the packet count. */
+ fprintf(stderr, "\n");
+ }
+
+ if (dropped != 0) {
+ /* We're printing packet counts to stderr.
+ Send a newline so that we move to the line after the packet count. */
+ fprintf(stderr, "%u packet%s dropped\n", dropped, plurality(dropped, "", "s"));
+ }
+}
+
+
+/* capture child closed its side of the pipe, do the required cleanup */
+void
+capture_input_closed(capture_options *capture_opts)
+{
+ report_counts();
+
+ if(capture_opts->cf != NULL && ((capture_file *) capture_opts->cf)->wth != NULL) {
+ wtap_close(((capture_file *) capture_opts->cf)->wth);
+ }
+#ifdef USE_BROKEN_G_MAIN_LOOP
+ /*g_main_loop_quit(loop);*/
+ g_main_quit(loop);
+#else
+ loop_running = FALSE;
+#endif
+}
+
+
+
+
#ifdef _WIN32
static BOOL WINAPI
capture_cleanup(DWORD ctrltype _U_)
C++ (i.e., it's a property of the Cygwin console window or Bash;
it happens if TShark is not built with Cygwin - for all I know,
building it with Cygwin may make the problem go away). */
- ld.go = FALSE;
+
+ /* tell the capture child to stop */
+ sync_pipe_stop(&global_capture_opts);
+
+ /* don't stop our own loop already here, otherwise status messages and
+ * cleanup wouldn't be done properly. The child will indicate the stop of
+ * everything by calling capture_input_closed() later */
+
return TRUE;
}
#else
static void
capture_cleanup(int signum _U_)
{
- /* Longjmp back to the starting point; "pcap_dispatch()", on many
- UNIX platforms, just keeps looping if it gets EINTR, so if we set
- "ld.go" to FALSE and return, we won't break out of it and quit
- capturing. */
- longjmp(ld.stopenv, 1);
+ /* tell the capture child to stop */
+ sync_pipe_stop(&global_capture_opts);
}
#endif /* _WIN32 */
-
-static void
-report_counts(void)
-{
-#ifdef SIGINFO
- /* XXX - if we use sigaction, this doesn't have to be done.
- (Yes, this isn't necessary on BSD, but just in case a system
- where "signal()" has AT&T semantics adopts SIGINFO....) */
- signal(SIGINFO, report_counts_siginfo);
-#endif /* SIGINFO */
-
- if (!print_packet_counts) {
- /* Report the count only if we aren't printing a packet count
- as packets arrive. */
- fprintf(stderr, "%u packets captured\n", ld.packet_count);
- }
-#ifdef SIGINFO
- infoprint = FALSE; /* we just reported it */
-#endif /* SIGINFO */
-}
-
-#ifdef SIGINFO
-static void
-report_counts_siginfo(int signum _U_)
-{
- int sav_errno = errno;
- /* If we've been told to delay printing, just set a flag asking
- that we print counts (if we're supposed to), otherwise print
- the count of packets captured (if we're supposed to). */
- if (infodelay)
- infoprint = TRUE;
- else
- report_counts();
- errno = sav_errno;
-}
-#endif /* SIGINFO */
#endif /* HAVE_LIBPCAP */
static int
-load_cap_file(capture_file *cf, char *save_file, int out_file_type)
+load_cap_file(capture_file *cf, char *save_file, int out_file_type,
+ int max_packet_count, gint64 max_byte_count)
{
gint linktype;
int snapshot_length;
wtap_dumper *pdh;
int err;
gchar *err_info;
- long data_offset;
+ gint64 data_offset;
char *save_file_string = NULL;
+ gboolean filtering_tap_listeners;
+ guint tap_flags;
linktype = wtap_file_encap(cf->wth);
if (save_file != NULL) {
}
pdh = NULL;
}
+
+ /* Do we have any tap listeners with filters? */
+ filtering_tap_listeners = have_filtering_tap_listeners();
+
+ /* Get the union of the flags for all tap listeners. */
+ tap_flags = union_of_tap_listener_flags();
+
while (wtap_read(cf->wth, &err, &err_info, &data_offset)) {
if (process_packet(cf, data_offset, wtap_phdr(cf->wth),
- wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth))) {
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth),
+ filtering_tap_listeners, tap_flags)) {
/* Either there's no read filtering or this packet passed the
filter, so, if we're writing to a capture file, write
this packet out. */
exit(2);
}
}
+ /* Stop reading if we have the maximum number of packets;
+ * When the -c option has not been used, max_packet_count
+ * starts at 0, which practically means, never stop reading.
+ * (unless we roll over max_packet_count ?)
+ */
+ if( (--max_packet_count == 0) || (max_byte_count != 0 && data_offset >= max_byte_count)) {
+ err = 0; /* This is not an error */
+ break;
+ }
}
}
if (err != 0) {
case WTAP_ERR_UNSUPPORTED_ENCAP:
cmdarg_err("\"%s\" has a packet with a network type that TShark doesn't support.\n(%s)",
cf->filename, err_info);
+ g_free(err_info);
break;
case WTAP_ERR_CANT_READ:
case WTAP_ERR_BAD_RECORD:
cmdarg_err("\"%s\" appears to be damaged or corrupt.\n(%s)",
cf->filename, err_info);
+ g_free(err_info);
break;
default:
wtap_close(cf->wth);
cf->wth = NULL;
- if (save_file_string != NULL)
- g_free(save_file_string);
+ g_free(save_file_string);
return err;
}
static void
fill_in_fdata(frame_data *fdata, capture_file *cf,
- const struct wtap_pkthdr *phdr, long offset)
+ const struct wtap_pkthdr *phdr, gint64 offset)
{
fdata->next = NULL;
fdata->prev = NULL;
fdata->cap_len = phdr->caplen;
fdata->file_off = offset;
fdata->lnk_t = phdr->pkt_encap;
- fdata->abs_ts = *((nstime_t *) &phdr->ts);
+ fdata->abs_ts.secs = phdr->ts.secs;
+ fdata->abs_ts.nsecs = phdr->ts.nsecs;
fdata->flags.passed_dfilter = 0;
fdata->flags.encoding = CHAR_ASCII;
fdata->flags.visited = 0;
/* If we don't have the time stamp of the first packet in the
capture, it's because this is the first packet. Save the time
stamp of this packet as the time stamp of the first packet. */
- if (nstime_is_zero(&first_ts)) {
+ if (nstime_is_unset(&first_ts)) {
first_ts = fdata->abs_ts;
}
- /* If we don't have the time stamp of the previous displayed packet,
- it's because this is the first displayed packet. Save the time
- stamp of this packet as the time stamp of the previous displayed
+ /* If we don't have the time stamp of the previous captured packet,
+ it's because this is the first packet. Save the time
+ stamp of this packet as the time stamp of the previous captured
packet. */
- if (nstime_is_zero(&prev_ts)) {
- prev_ts = fdata->abs_ts;
+ if (nstime_is_unset(&prev_cap_ts)) {
+ prev_cap_ts = fdata->abs_ts;
}
/* Get the time elapsed between the first packet and this packet. */
cf->elapsed_time = fdata->rel_ts;
}
+ /* If we don't have the time stamp of the previous displayed packet,
+ it's because this is the first packet that's being displayed. Save the time
+ stamp of this packet as the time stamp of the previous displayed
+ packet. */
+ if (nstime_is_unset(&prev_dis_ts))
+ prev_dis_ts = fdata->abs_ts;
+
/* Get the time elapsed between the previous displayed packet and
this packet. */
- nstime_delta(&fdata->del_ts, &fdata->abs_ts, &prev_ts);
- prev_ts = fdata->abs_ts;
+ nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
+
+ /* Get the time elapsed between the previous captured packet and
+ this packet. */
+ nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &prev_cap_ts);
+ prev_cap_ts = fdata->abs_ts;
}
/* Free up all data attached to a "frame_data" structure. */
}
static gboolean
-process_packet(capture_file *cf, long offset, const struct wtap_pkthdr *whdr,
- union wtap_pseudo_header *pseudo_header, const guchar *pd)
+process_packet(capture_file *cf, gint64 offset, const struct wtap_pkthdr *whdr,
+ union wtap_pseudo_header *pseudo_header, const guchar *pd,
+ gboolean filtering_tap_listeners, guint tap_flags)
{
frame_data fdata;
gboolean create_proto_tree;
+ column_info *cinfo;
epan_dissect_t *edt;
gboolean passed;
if (print_packet_info) {
/* Grab any resolved addresses */
-
+
if (g_resolv_flags) {
host_name_lookup_process(NULL);
}
}
passed = TRUE;
- if (cf->rfcode || verbose || num_tap_filters!=0)
+ if (cf->rfcode || verbose || filtering_tap_listeners ||
+ (tap_flags & TL_REQUIRES_PROTO_TREE) || have_custom_cols(&cf->cinfo))
create_proto_tree = TRUE;
else
create_proto_tree = FALSE;
if (cf->rfcode)
epan_dissect_prime_dfilter(edt, cf->rfcode);
+ col_custom_prime_edt(edt, &cf->cinfo);
+
tap_queue_init(edt);
- /* We only need the columns if we're printing packet info but we're
- *not* verbose; in verbose mode, we print the protocol tree, not
- the protocol summary. */
- epan_dissect_run(edt, pseudo_header, pd, &fdata,
- (print_packet_info && !verbose) ? &cf->cinfo : NULL);
+ /* We only need the columns if either
+
+ 1) some tap needs the columns
+
+ or
+
+ 2) we're printing packet info but we're *not* verbose; in verbose
+ mode, we print the protocol tree, not the protocol summary. */
+ if ((tap_flags & TL_REQUIRES_COLUMNS) || (print_packet_info && !verbose))
+ cinfo = &cf->cinfo;
+ else
+ cinfo = NULL;
+ epan_dissect_run(edt, pseudo_header, pd, &fdata, cinfo);
tap_push_tapped_queue(edt);
}
if (passed) {
+ /* Keep the time of the current packet if the packet passed
+ the read filter so that the delta time since last displayed
+ packet can be calculated */
+ prev_dis_ts = fdata.abs_ts;
+
/* Process this packet. */
if (print_packet_info) {
/* We're printing packet information; print the information for
switch (output_action) {
case WRITE_TEXT:
- return print_preamble(print_stream, cf->filename);
- break;
+ return print_preamble(print_stream, cf ? cf->filename : NULL);
case WRITE_XML:
if (verbose)
write_psml_preamble(stdout);
return !ferror(stdout);
+ case WRITE_FIELDS:
+ write_fields_preamble(output_fields, stdout);
+ return !ferror(stdout);
+
default:
g_assert_not_reached();
return FALSE;
* the same time, sort of like an "Update list of packets
* in real time" capture in Wireshark.)
*/
- if (capture_opts.iface != NULL)
+ if (global_capture_opts.iface != NULL)
continue;
#endif
column_len = strlen(cf->cinfo.col_data[i]);
proto_tree_write_pdml(edt, stdout);
printf("\n");
return !ferror(stdout);
+ case WRITE_FIELDS:
+ proto_tree_write_fields(output_fields, edt, stdout);
+ printf("\n");
+ return !ferror(stdout);
}
} else {
/* Just fill in the columns. */
- epan_dissect_fill_in_columns(edt);
+ epan_dissect_fill_in_columns(edt, TRUE);
/* Now print them. */
switch (output_action) {
case WRITE_XML:
proto_tree_write_psml(edt, stdout);
return !ferror(stdout);
+ case WRITE_FIELDS: /*No non-verbose "fields" format */
+ g_assert_not_reached();
+ break;
}
}
if (print_hex) {
case WRITE_TEXT:
return print_finale(print_stream);
- break;
case WRITE_XML:
if (verbose)
write_psml_finale(stdout);
return !ferror(stdout);
+ case WRITE_FIELDS:
+ write_fields_finale(output_fields, stdout);
+ return !ferror(stdout);
+
default:
g_assert_not_reached();
return FALSE;
} else
cf->has_snap = TRUE;
nstime_set_zero(&cf->elapsed_time);
- nstime_set_zero(&first_ts);
- nstime_set_zero(&prev_ts);
+ nstime_set_unset(&first_ts);
+ nstime_set_unset(&prev_dis_ts);
+ nstime_set_unset(&prev_cap_ts);
+
+ cf->state = FILE_READ_IN_PROGRESS;
return CF_OK;
filename, strerror(err));
}
+/*
+ * Write errors are reported with an console message in TShark.
+ */
+static void
+write_failure_message(const char *filename, int err)
+{
+ cmdarg_err("An error occurred while writing to the file \"%s\": %s.",
+ filename, strerror(err));
+}
+
/*
* Report an error in command-line arguments.
*/
va_list ap;
va_start(ap, fmt);
- fprintf(stderr, "tshark: ");
- vfprintf(stderr, fmt, ap);
- fprintf(stderr, "\n");
+ failure_message(fmt, ap);
va_end(ap);
}
fprintf(stderr, "\n");
va_end(ap);
}
-
-
-/****************************************************************************************************************/
-/* indication report "dummies", needed for capture_loop.c */
-
-#ifdef HAVE_LIBPCAP
-
-/** Report a new capture file having been opened. */
-void
-report_new_capture_file(const char *filename)
-{
- /* shouldn't happen */
- g_assert_not_reached();
-}
-
-/** Report a number of new packets captured. */
-void
-report_packet_count(int packet_count)
-{
- /* shouldn't happen */
- g_assert_not_reached();
-}
-
-/** Report the packet drops once the capture finishes. */
-void
-report_packet_drops(int drops)
-{
- /* shouldn't happen */
- g_assert_not_reached();
-}
-
-/** Report an error in the capture. */
-void
-report_capture_error(const char *errmsg, const char *secondary_error_msg)
-{
- cmdarg_err(errmsg);
- cmdarg_err_cont(secondary_error_msg);
-}
-
-/** Report an error with a capture filter. */
-void
-report_cfilter_error(const char *cfilter, const char *errmsg)
-{
-
- cmdarg_err(
- "Invalid capture filter: \"%s\"!\n"
- "\n"
- "That string isn't a valid capture filter (%s).\n"
- "See the User's Guide for a description of the capture filter syntax.",
- cfilter, errmsg);
-}
-
-#endif /* HAVE_LIBPCAP */
-
-
-/****************************************************************************************************************/
-/* signal pipe "dummies", needed for capture_loop.c */
-
-#ifdef HAVE_LIBPCAP
-
-#ifdef _WIN32
-gboolean
-signal_pipe_check_running(void)
-{
- /* currently, no check required */
- return TRUE;
-}
-#endif /* _WIN32 */
-
-#endif /* HAVE_LIBPCAP */
git.samba.org / obnox / wireshark / wip.git / blobdiff