X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=rawshark.c;h=73131c5b1de855aab0a40601b0f972930eefd045;hp=7b23e847ac6c1d341f11d530abf0c93228fa13a0;hb=dbde655a4385c6ee70c9f10d04784caf734c849f;hpb=e3a174e55ee8ecfb5cc8dc86ad3a98420e1fae2d diff --git a/rawshark.c b/rawshark.c index 7b23e847ac..73131c5b1d 100644 --- a/rawshark.c +++ b/rawshark.c @@ -31,7 +31,7 @@ * - Opens a specified file or named pipe * - Applies a specfied DLT or "decode as" encapsulation * - Reads frames prepended with a libpcap packet header. - * - Prints a status line, followed by fields from a specified list. + * - Prints a status line, followed by fields from a specified list. */ #ifdef HAVE_CONFIG_H @@ -61,19 +61,15 @@ # include #endif -#ifdef NEED_STRERROR_H -#include "strerror.h" -#endif - -#ifdef NEED_GETOPT_H -#include "getopt.h" +#ifndef HAVE_GETOPT +#include "wsutil/wsgetopt.h" #endif #include #include #include -#include -#include +#include +#include #include "globals.h" #include @@ -83,11 +79,10 @@ #include #include "print.h" #include -#include "util.h" +#include "ui/util.h" #include "clopts_common.h" #include "cmdarg_err.h" #include "version_info.h" -#include #include #include "register.h" #include "conditions.h" @@ -96,79 +91,78 @@ #include #include #include -#include +#include #include "epan/column-utils.h" #include "epan/proto.h" #include -#include -#include +#include +#include +#include #ifdef HAVE_LIBPCAP -#include #include #include "capture-pcap-util.h" #include "pcapio.h" #ifdef _WIN32 #include "capture-wpcap.h" -#include "capture_errs.h" #endif /* _WIN32 */ #endif /* HAVE_LIBPCAP */ -#include "epan/emem.h" #include "log.h" +#ifdef _WIN32 +#include +#endif /* _WIN32 */ + /* * This is the template for the decode as option; it is shared between the * various functions that output the usage for this parameter. */ static const gchar decode_as_arg_template[] = "==,"; +static guint32 cum_bytes; static nstime_t first_ts; static nstime_t prev_dis_ts; static nstime_t prev_cap_ts; -static GString *comp_info_str, *runtime_info_str; /* * The way the packet decode is to be written. */ typedef enum { - WRITE_TEXT, /* summary or detail text */ - WRITE_XML /* PDML or PSML */ - /* Add CSV and the like here */ + WRITE_TEXT, /* summary or detail text */ + WRITE_XML /* PDML or PSML */ + /* Add CSV and the like here */ } output_action_e; + static gboolean line_buffered; -static guint32 cum_bytes = 0; static print_format_e print_format = PR_FMT_TEXT; -/* - * Standard secondary message for unexpected errors. - */ -static const char please_report[] = - "Please report this to the Wireshark developers"; +static gboolean want_pcap_pkthdr; cf_status_t raw_cf_open(capture_file *cf, const char *fname); static int load_cap_file(capture_file *cf); static gboolean process_packet(capture_file *cf, gint64 offset, - const struct wtap_pkthdr *whdr, const guchar *pd); + const struct wtap_pkthdr *whdr, const guchar *pd); static void show_print_file_io_error(int err); static void open_failure_message(const char *filename, int err, - gboolean for_writing); + gboolean for_writing); static void failure_message(const char *msg_format, va_list ap); static void read_failure_message(const char *filename, int err); +static void write_failure_message(const char *filename, int err); static void protocolinfo_init(char *field); static gboolean parse_field_string_format(char *format); typedef enum { - SF_NONE, /* No format (placeholder) */ - SF_NAME, /* %D Field name / description */ - SF_NUMVAL, /* %N Numeric value */ - SF_STRVAL /* %S String value */ + SF_NONE, /* No format (placeholder) */ + SF_NAME, /* %D Field name / description */ + SF_NUMVAL, /* %N Numeric value */ + SF_STRVAL /* %S String value */ } string_fmt_e; typedef struct string_fmt_s { - gchar *plain; - string_fmt_e format; /* Valid if plain is NULL */ + gchar *plain; + string_fmt_e format; /* Valid if plain is NULL */ } string_fmt_t; capture_file cfile; @@ -184,52 +178,56 @@ GPtrArray *string_fmts; static void print_usage(gboolean print_ver) { - FILE *output; - - if (print_ver) { - output = stdout; - fprintf(output, - "Rawshark " VERSION "%s\n" - "Dump and analyze network traffic.\n" - "See http://www.wireshark.org for more information.\n" - "\n" - "%s", - wireshark_svnversion, get_copyright_info()); - } else { - output = stderr; - } - fprintf(output, "\n"); - fprintf(output, "Usage: rawshark [options] ...\n"); - fprintf(output, "\n"); - - fprintf(output, "Input file:\n"); - fprintf(output, " -r set the pipe or file name to read from\n"); - - fprintf(output, "\n"); - fprintf(output, "Processing:\n"); - fprintf(output, " -R packet filter in Wireshark display filter syntax\n"); - fprintf(output, " -F field to display\n"); - fprintf(output, " -n disable all name resolution (def: all enabled)\n"); - fprintf(output, " -N enable specific name resolution(s): \"mntC\"\n"); - fprintf(output, " -d |\n"); - fprintf(output, " packet encapsulation or protocol\n"); - - /*fprintf(output, "\n");*/ - fprintf(output, "Output:\n"); - fprintf(output, " -S format string for fields (%%D - name, %%S - stringval, %%N numval\n"); - fprintf(output, " -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)\n"); - fprintf(output, " -l flush output after each packet\n"); - - fprintf(output, "\n"); - fprintf(output, "Miscellaneous:\n"); - fprintf(output, " -h display this help and exit\n"); - fprintf(output, " -v display version info and exit\n"); - fprintf(output, " -o : ... override preference setting\n"); + FILE *output; + + if (print_ver) { + output = stdout; + fprintf(output, + "Rawshark " VERSION "%s\n" + "Dump and analyze network traffic.\n" + "See http://www.wireshark.org for more information.\n" + "\n" + "%s", + wireshark_svnversion, get_copyright_info()); + } else { + output = stderr; + } + fprintf(output, "\n"); + fprintf(output, "Usage: rawshark [options] ...\n"); + fprintf(output, "\n"); + + fprintf(output, "Input file:\n"); + fprintf(output, " -r set the pipe or file name to read from\n"); + + fprintf(output, "\n"); + fprintf(output, "Processing:\n"); + fprintf(output, " -d |\n"); + fprintf(output, " packet encapsulation or protocol\n"); + fprintf(output, " -F field to display\n"); + fprintf(output, " -n disable all name resolution (def: all enabled)\n"); + fprintf(output, " -N enable specific name resolution(s): \"mntC\"\n"); + fprintf(output, " -p use the system's packet header format\n"); + fprintf(output, " (which may have 64-bit timestamps)\n"); + fprintf(output, " -R packet filter in Wireshark display filter syntax\n"); + fprintf(output, " -s skip PCAP header on input\n"); + + fprintf(output, "\n"); + fprintf(output, "Output:\n"); + fprintf(output, " -l flush output after each packet\n"); + fprintf(output, " -S format string for fields\n"); + fprintf(output, " (%%D - name, %%S - stringval, %%N numval)\n"); + fprintf(output, " -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)\n"); + + fprintf(output, "\n"); + fprintf(output, "Miscellaneous:\n"); + fprintf(output, " -h display this help and exit\n"); + fprintf(output, " -o : ... override preference setting\n"); + fprintf(output, " -v display version info and exit\n"); } static void log_func_ignore (const gchar *log_domain _U_, GLogLevelFlags log_level _U_, - const gchar *message _U_, gpointer user_data _U_) + const gchar *message _U_, gpointer user_data _U_) { } @@ -244,120 +242,114 @@ static int raw_pipe_open(const char *pipe_name) { #ifndef _WIN32 - struct stat pipe_stat; + ws_statb64 pipe_stat; #else - char *pncopy, *pos; - wchar_t *err_str; - HANDLE hPipe = NULL; + char *pncopy, *pos; + DWORD err; + wchar_t *err_str; + HANDLE hPipe = NULL; #endif - int rfd; + int rfd; - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "open_raw_pipe: %s", pipe_name); + g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "open_raw_pipe: %s", pipe_name); - /* - * XXX Rawshark blocks until we return - */ - if (strcmp(pipe_name, "-") == 0) { - rfd = 0; /* read from stdin */ -#ifdef _WIN32 /* - * This is needed to set the stdin pipe into binary mode, otherwise - * CR/LF are mangled... + * XXX Rawshark blocks until we return */ - _setmode(0, _O_BINARY); -#endif /* _WIN32 */ - } else { -#ifndef _WIN32 - if (eth_stat(pipe_name, &pipe_stat) < 0) { - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, - "The capture session could not be initiated " - "due to error on pipe: %s", strerror(errno)); - return -1; - } - if (! S_ISFIFO(pipe_stat.st_mode)) { - if (S_ISCHR(pipe_stat.st_mode)) { + if (strcmp(pipe_name, "-") == 0) { + rfd = 0; /* read from stdin */ +#ifdef _WIN32 /* - * Assume the user specified an interface on a system where - * interfaces are in /dev. Pretend we haven't seen it. + * This is needed to set the stdin pipe into binary mode, otherwise + * CR/LF are mangled... */ - } else - { - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, - "The capture session could not be initiated because\n" - "\"%s\" is neither an interface nor a pipe", pipe_name); - } - return -1; - } - rfd = eth_open(pipe_name, O_RDONLY | O_NONBLOCK, 0000 /* no creation so don't matter */); - if (rfd == -1) { - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, - "The capture session could not be initiated " - "due to error on pipe open: %s", strerror(errno)); - return -1; - } + _setmode(0, _O_BINARY); +#endif /* _WIN32 */ + } else { +#ifndef _WIN32 + if (ws_stat64(pipe_name, &pipe_stat) < 0) { + fprintf(stderr, "rawshark: The pipe %s could not be checked: %s\n", + pipe_name, g_strerror(errno)); + return -1; + } + if (! S_ISFIFO(pipe_stat.st_mode)) { + if (S_ISCHR(pipe_stat.st_mode)) { + /* + * Assume the user specified an interface on a system where + * interfaces are in /dev. Pretend we haven't seen it. + */ + } else + { + fprintf(stderr, "rawshark: \"%s\" is neither an interface nor a pipe\n", + pipe_name); + } + return -1; + } + rfd = ws_open(pipe_name, O_RDONLY | O_NONBLOCK, 0000 /* no creation so don't matter */); + if (rfd == -1) { + fprintf(stderr, "rawshark: \"%s\" could not be opened: %s\n", + pipe_name, g_strerror(errno)); + return -1; + } #else /* _WIN32 */ #define PIPE_STR "\\pipe\\" - /* Under Windows, named pipes _must_ have the form - * "\\\pipe\". may be "." for localhost. - */ - pncopy = g_strdup(pipe_name); - if (strstr(pncopy, "\\\\") == pncopy) { - pos = strchr(pncopy + 3, '\\'); - if (pos && g_ascii_strncasecmp(pos, PIPE_STR, strlen(PIPE_STR)) != 0) - pos = NULL; - } + /* Under Windows, named pipes _must_ have the form + * "\\\pipe\". may be "." for localhost. + */ + pncopy = g_strdup(pipe_name); + if (strstr(pncopy, "\\\\") == pncopy) { + pos = strchr(pncopy + 3, '\\'); + if (pos && g_ascii_strncasecmp(pos, PIPE_STR, strlen(PIPE_STR)) != 0) + pos = NULL; + } - g_free(pncopy); + g_free(pncopy); - if (!pos) { - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, - "The capture session could not be initiated because\n" - "\"%s\" is neither an interface nor a pipe", pipe_name); - return -1; - } + if (!pos) { + fprintf(stderr, "rawshark: \"%s\" is neither an interface nor a pipe\n", + pipe_name); + return -1; + } - /* Wait for the pipe to appear */ - while (1) { - hPipe = CreateFile(utf_8to16(pipe_name), GENERIC_READ, 0, NULL, - OPEN_EXISTING, 0, NULL); - - if (hPipe != INVALID_HANDLE_VALUE) - break; - - if (GetLastError() != ERROR_PIPE_BUSY) { - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER, - NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL); - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, - "The capture session on \"%s\" could not be initiated " - "due to error on pipe open: pipe busy: %s (error %d)", - pipe_name, utf_16to8(err_str), GetLastError()); - LocalFree(err_str); - return -1; - } - - if (!WaitNamedPipe(utf_8to16(pipe_name), 30 * 1000)) { - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER, - NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL); - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, - "The capture session could not be initiated " - "due to error on pipe open: %s (error %d)", - utf_16to8(err_str), GetLastError()); - LocalFree(err_str); - return -1; - } - } + /* Wait for the pipe to appear */ + while (1) { + hPipe = CreateFile(utf_8to16(pipe_name), GENERIC_READ, 0, NULL, + OPEN_EXISTING, 0, NULL); + + if (hPipe != INVALID_HANDLE_VALUE) + break; + + err = GetLastError(); + if (err != ERROR_PIPE_BUSY) { + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER, + NULL, err, 0, (LPTSTR) &err_str, 0, NULL); + fprintf(stderr, "rawshark: \"%s\" could not be opened: %s (error %d)\n", + pipe_name, utf_16to8(err_str), err); + LocalFree(err_str); + return -1; + } + + if (!WaitNamedPipe(utf_8to16(pipe_name), 30 * 1000)) { + err = GetLastError(); + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER, + NULL, err, 0, (LPTSTR) &err_str, 0, NULL); + fprintf(stderr, "rawshark: \"%s\" could not be waited for: %s (error %d)\n", + pipe_name, utf_16to8(err_str), err); + LocalFree(err_str); + return -1; + } + } - rfd = _open_osfhandle((long) hPipe, _O_RDONLY); - if (rfd == -1) { - g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, - "The capture session could not be initiated " - "due to error on pipe open: %s", strerror(errno)); - return -1; - } + rfd = _open_osfhandle((long) hPipe, _O_RDONLY); + if (rfd == -1) { + fprintf(stderr, "rawshark: \"%s\" could not be opened: %s\n", + pipe_name, g_strerror(errno)); + return -1; + } #endif /* _WIN32 */ - } + } - return rfd; + return rfd; } /** @@ -368,505 +360,520 @@ raw_pipe_open(const char *pipe_name) */ static gboolean set_link_type(const char *lt_arg) { - char *spec_ptr = strchr(lt_arg, ':'); - int dlt_val; - dissector_handle_t dhandle; - GString *pref_str; + char *spec_ptr = strchr(lt_arg, ':'); + char *p; + int dlt_val; + long val; + dissector_handle_t dhandle; + GString *pref_str; + + if (!spec_ptr) + return FALSE; - if (!spec_ptr) + spec_ptr++; + + if (strncmp(lt_arg, "encap:", strlen("encap:")) == 0) { + dlt_val = linktype_name_to_val(spec_ptr); + if (dlt_val == -1) { + errno = 0; + val = strtol(spec_ptr, &p, 10); + if (p == spec_ptr || *p != '\0' || errno != 0 || val > INT_MAX) { + return FALSE; + } + dlt_val = (int)val; + } + encap = wtap_pcap_encap_to_wtap_encap(dlt_val); + if (encap == WTAP_ENCAP_UNKNOWN) { + return FALSE; + } + return TRUE; + } else if (strncmp(lt_arg, "proto:", strlen("proto:")) == 0) { + dhandle = find_dissector(spec_ptr); + if (dhandle) { + encap = WTAP_ENCAP_USER0; + pref_str = g_string_new("uat:user_dlts:"); + /* This must match the format used in the user_dlts file */ + g_string_append_printf(pref_str, + "\"User 0 (DLT=147)\",\"%s\",\"0\",\"\",\"0\",\"\"", + spec_ptr); + if (prefs_set_pref(pref_str->str) != PREFS_SET_OK) { + g_string_free(pref_str, TRUE); + return FALSE; + } + g_string_free(pref_str, TRUE); + return TRUE; + } + } return FALSE; +} - spec_ptr++; - - if (strncmp(lt_arg, "encap:", strlen("encap:")) == 0) { -#ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL - dlt_val = linktype_name_to_val(spec_ptr); - if (dlt_val >= 0) { - encap = dlt_val; - return TRUE; - } -#endif - dlt_val = strtol(spec_ptr, NULL, 10); - if (errno != EINVAL && dlt_val >= 0) { - encap = wtap_pcap_encap_to_wtap_encap(dlt_val); - if (encap == WTAP_ENCAP_UNKNOWN) { - return FALSE; - } - return TRUE; - } - } else if (strncmp(lt_arg, "proto:", strlen("proto:")) == 0) { - dhandle = find_dissector(spec_ptr); - if (dhandle) { - encap = WTAP_ENCAP_USER0; - pref_str = g_string_new("uat:user_dlts:"); - /* This must match the format used in the user_dlts file */ - g_string_append_printf(pref_str, - "\"User 0 (DLT=147)\",\"%s\",\"0\",\"\",\"0\",\"\"", - spec_ptr); - if (prefs_set_pref(pref_str->str) != PREFS_SET_OK) { - g_string_free(pref_str, TRUE); - return FALSE; - } - g_string_free(pref_str, TRUE); - return TRUE; - } - } - return FALSE; +static void +show_version(GString *comp_info_str, GString *runtime_info_str) +{ + printf("Rawshark " VERSION "%s\n" + "\n" + "%s" + "\n" + "%s" + "\n" + "%s", + wireshark_svnversion, get_copyright_info(), comp_info_str->str, + runtime_info_str->str); } int main(int argc, char *argv[]) { - char *init_progfile_dir_error; - int opt, i; - extern char *optarg; - gboolean arg_error = FALSE; + char *init_progfile_dir_error; + int opt, i; + gboolean arg_error = FALSE; #ifdef _WIN32 - WSADATA wsaData; -#endif /* _WIN32 */ - - char *gpf_path, *pf_path; - char *gdp_path, *dp_path; - int gpf_open_errno, gpf_read_errno; - int pf_open_errno, pf_read_errno; - int gdp_open_errno, gdp_read_errno; - int dp_open_errno, dp_read_errno; - int err; - gchar *pipe_name = NULL; - gchar *rfilters[64]; - e_prefs *prefs; - char badopt; - GLogLevelFlags log_flags; - GPtrArray *disp_fields = g_ptr_array_new(); - guint fc; - - #define OPTSTRING_INIT "d:F:hlnN:o:r:R:S:t:v" - - static const char optstring[] = OPTSTRING_INIT; - - /* - * Get credential information for later use. - */ - get_credential_info(); - - /* - * Clear the filters arrays - */ - memset(rfilters, 0, sizeof(rfilters)); - memset(rfcodes, 0, sizeof(rfcodes)); - n_rfilters = 0; - n_rfcodes = 0; - - /* - * Initialize our string format - */ - string_fmts = g_ptr_array_new(); - - /* - * Attempt to get the pathname of the executable file. - */ - init_progfile_dir_error = init_progfile_dir(argv[0]); - if (init_progfile_dir_error != NULL) { - fprintf(stderr, "rawshark: Can't get pathname of rawshark program: %s.\n", - init_progfile_dir_error); - } - - /* - * Get credential information for later use. - */ - get_credential_info(); - - /* nothing more than the standard GLib handler, but without a warning */ - log_flags = - G_LOG_LEVEL_WARNING | - G_LOG_LEVEL_MESSAGE | - G_LOG_LEVEL_INFO | - G_LOG_LEVEL_DEBUG; - - g_log_set_handler(NULL, - log_flags, - log_func_ignore, NULL /* user_data */); - g_log_set_handler(LOG_DOMAIN_CAPTURE_CHILD, - log_flags, - log_func_ignore, NULL /* user_data */); - - timestamp_set_type(TS_RELATIVE); - timestamp_set_precision(TS_PREC_AUTO); - - /* Register all dissectors; we must do this before checking for the - "-G" flag, as the "-G" flag dumps information registered by the - dissectors, and we must do it before we read the preferences, in - case any dissectors register preferences. */ - epan_init(register_all_protocols, register_all_protocol_handoffs, NULL, NULL, - failure_message, open_failure_message, read_failure_message); - - /* Now register the preferences for any non-dissector modules. - We must do that before we read the preferences as well. */ - prefs_register_modules(); - - /* Set the C-language locale to the native environment. */ - setlocale(LC_ALL, ""); - - prefs = read_prefs(&gpf_open_errno, &gpf_read_errno, &gpf_path, - &pf_open_errno, &pf_read_errno, &pf_path); - if (gpf_path != NULL) { - if (gpf_open_errno != 0) { - cmdarg_err("Can't open global preferences file \"%s\": %s.", - pf_path, strerror(gpf_open_errno)); - } - if (gpf_read_errno != 0) { - cmdarg_err("I/O error reading global preferences file \"%s\": %s.", - pf_path, strerror(gpf_read_errno)); - } - } - if (pf_path != NULL) { - if (pf_open_errno != 0) { - cmdarg_err("Can't open your preferences file \"%s\": %s.", pf_path, - strerror(pf_open_errno)); - } - if (pf_read_errno != 0) { - cmdarg_err("I/O error reading your preferences file \"%s\": %s.", - pf_path, strerror(pf_read_errno)); - } - g_free(pf_path); - pf_path = NULL; - } - - /* Set the name resolution code's flags from the preferences. */ - g_resolv_flags = prefs->name_resolve; - - /* Read the disabled protocols file. */ - read_disabled_protos_list(&gdp_path, &gdp_open_errno, &gdp_read_errno, - &dp_path, &dp_open_errno, &dp_read_errno); - if (gdp_path != NULL) { - if (gdp_open_errno != 0) { - cmdarg_err("Could not open global disabled protocols file\n\"%s\": %s.", - gdp_path, strerror(gdp_open_errno)); - } - if (gdp_read_errno != 0) { - cmdarg_err("I/O error reading global disabled protocols file\n\"%s\": %s.", - gdp_path, strerror(gdp_read_errno)); - } - g_free(gdp_path); - } - if (dp_path != NULL) { - if (dp_open_errno != 0) { - cmdarg_err( - "Could not open your disabled protocols file\n\"%s\": %s.", dp_path, - strerror(dp_open_errno)); - } - if (dp_read_errno != 0) { - cmdarg_err( - "I/O error reading your disabled protocols file\n\"%s\": %s.", dp_path, - strerror(dp_read_errno)); - } - g_free(dp_path); - } + WSADATA wsaData; +#endif /* _WIN32 */ -#ifdef _WIN32 - /* Load Wpcap, if possible */ - load_wpcap(); -#endif + char *gpf_path, *pf_path; + char *gdp_path, *dp_path; + int gpf_open_errno, gpf_read_errno; + int pf_open_errno, pf_read_errno; + int gdp_open_errno, gdp_read_errno; + int dp_open_errno, dp_read_errno; + int err; + gchar *pipe_name = NULL; + gchar *rfilters[64]; + e_prefs *prefs_p; + char badopt; + GLogLevelFlags log_flags; + GPtrArray *disp_fields = g_ptr_array_new(); + guint fc; + gboolean skip_pcap_header = FALSE; + +#define OPTSTRING_INIT "d:F:hlnN:o:pr:R:sS:t:v" + + static const char optstring[] = OPTSTRING_INIT; - init_cap_file(&cfile); +#ifdef _WIN32 + arg_list_utf_16to8(argc, argv); +#endif /* _WIN32 */ - /* Assemble the compile-time version information string */ - comp_info_str = g_string_new("Compiled "); - get_compiled_version_info(comp_info_str, get_epan_compiled_version_info); + /* + * Get credential information for later use. + */ + init_process_policies(); - /* Assemble the run-time version information string */ - runtime_info_str = g_string_new("Running "); - get_runtime_version_info(runtime_info_str, NULL); + /* + * Clear the filters arrays + */ + memset(rfilters, 0, sizeof(rfilters)); + memset(rfcodes, 0, sizeof(rfcodes)); + n_rfilters = 0; + n_rfcodes = 0; - /* Print format defaults to this. */ - print_format = PR_FMT_TEXT; + /* + * Initialize our string format + */ + string_fmts = g_ptr_array_new(); - /* Initialize our encapsulation type */ - encap = WTAP_ENCAP_UNKNOWN; + /* + * Attempt to get the pathname of the executable file. + */ + init_progfile_dir_error = init_progfile_dir(argv[0], main); + if (init_progfile_dir_error != NULL) { + fprintf(stderr, "rawshark: Can't get pathname of rawshark program: %s.\n", + init_progfile_dir_error); + } - /* Now get our args */ - /* XXX - We should probably have an option to dump libpcap link types */ - while ((opt = getopt(argc, argv, optstring)) != -1) { - switch (opt) { - case 'd': /* Payload type */ - if (!set_link_type(optarg)) { - cmdarg_err("Invalid link type or protocol \"%s\"", optarg); - exit(1); + /* + * Get credential information for later use. + */ + init_process_policies(); + + /* nothing more than the standard GLib handler, but without a warning */ + log_flags = + G_LOG_LEVEL_WARNING | + G_LOG_LEVEL_MESSAGE | + G_LOG_LEVEL_INFO | + G_LOG_LEVEL_DEBUG; + + g_log_set_handler(NULL, + log_flags, + log_func_ignore, NULL /* user_data */); + g_log_set_handler(LOG_DOMAIN_CAPTURE_CHILD, + log_flags, + log_func_ignore, NULL /* user_data */); + + timestamp_set_type(TS_RELATIVE); + timestamp_set_precision(TS_PREC_AUTO); + timestamp_set_seconds_type(TS_SECONDS_DEFAULT); + + /* Register all dissectors; we must do this before checking for the + "-G" flag, as the "-G" flag dumps information registered by the + dissectors, and we must do it before we read the preferences, in + case any dissectors register preferences. */ + epan_init(register_all_protocols, register_all_protocol_handoffs, NULL, NULL, + failure_message, open_failure_message, read_failure_message, + write_failure_message); + + /* Now register the preferences for any non-dissector modules. + We must do that before we read the preferences as well. */ + prefs_register_modules(); + + /* Set the C-language locale to the native environment. */ + setlocale(LC_ALL, ""); + + prefs_p = read_prefs(&gpf_open_errno, &gpf_read_errno, &gpf_path, + &pf_open_errno, &pf_read_errno, &pf_path); + if (gpf_path != NULL) { + if (gpf_open_errno != 0) { + cmdarg_err("Can't open global preferences file \"%s\": %s.", + pf_path, g_strerror(gpf_open_errno)); } - break; - case 'F': /* Read field to display */ - g_ptr_array_add(disp_fields, g_strdup(optarg)); - break; - case 'h': /* Print help and exit */ - print_usage(TRUE); - exit(0); - break; - case 'l': /* "Line-buffer" standard output */ - /* This isn't line-buffering, strictly speaking, it's just - flushing the standard output after the information for - each packet is printed; however, that should be good - enough for all the purposes to which "-l" is put (and - is probably actually better for "-V", as it does fewer - writes). - - See the comment in "process_packet()" for an explanation of - why we do that, and why we don't just use "setvbuf()" to - make the standard output line-buffered (short version: in - Windows, "line-buffered" is the same as "fully-buffered", - and the output buffer is only flushed when it fills up). */ - line_buffered = TRUE; - break; - case 'n': /* No name resolution */ - g_resolv_flags = RESOLV_NONE; - break; - case 'N': /* Select what types of addresses/port #s to resolve */ - if (g_resolv_flags == RESOLV_ALL) - g_resolv_flags = RESOLV_NONE; - badopt = string_to_name_resolve(optarg, &g_resolv_flags); - if (badopt != '\0') { - cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'", - badopt); - exit(1); + if (gpf_read_errno != 0) { + cmdarg_err("I/O error reading global preferences file \"%s\": %s.", + pf_path, g_strerror(gpf_read_errno)); } - break; - case 'o': /* Override preference from command line */ - switch (prefs_set_pref(optarg)) { - - case PREFS_SET_OK: - break; - - case PREFS_SET_SYNTAX_ERR: - cmdarg_err("Invalid -o flag \"%s\"", optarg); - exit(1); - break; - - case PREFS_SET_NO_SUCH_PREF: - case PREFS_SET_OBSOLETE: - cmdarg_err("-o flag \"%s\" specifies unknown preference", optarg); - exit(1); - break; + } + if (pf_path != NULL) { + if (pf_open_errno != 0) { + cmdarg_err("Can't open your preferences file \"%s\": %s.", pf_path, + g_strerror(pf_open_errno)); } - break; - case 'r': /* Read capture file xxx */ - pipe_name = g_strdup(optarg); - break; - case 'R': /* Read file filter */ - if(n_rfilters < (int) sizeof(rfilters) / (int) sizeof(rfilters[0])) { - rfilters[n_rfilters++] = optarg; + if (pf_read_errno != 0) { + cmdarg_err("I/O error reading your preferences file \"%s\": %s.", + pf_path, g_strerror(pf_read_errno)); } - else { - cmdarg_err("Too many display filters"); - exit(1); + g_free(pf_path); + pf_path = NULL; + } + + /* Set the name resolution code's flags from the preferences. */ + gbl_resolv_flags = prefs_p->name_resolve; + + /* Read the disabled protocols file. */ + read_disabled_protos_list(&gdp_path, &gdp_open_errno, &gdp_read_errno, + &dp_path, &dp_open_errno, &dp_read_errno); + if (gdp_path != NULL) { + if (gdp_open_errno != 0) { + cmdarg_err("Could not open global disabled protocols file\n\"%s\": %s.", + gdp_path, g_strerror(gdp_open_errno)); + } + if (gdp_read_errno != 0) { + cmdarg_err("I/O error reading global disabled protocols file\n\"%s\": %s.", + gdp_path, g_strerror(gdp_read_errno)); } - break; - case 'S': /* Print string representations */ - if (!parse_field_string_format(optarg)) { - cmdarg_err("Invalid field string format"); - exit(1); + g_free(gdp_path); + } + if (dp_path != NULL) { + if (dp_open_errno != 0) { + cmdarg_err( + "Could not open your disabled protocols file\n\"%s\": %s.", dp_path, + g_strerror(dp_open_errno)); } - break; - case 't': /* Time stamp type */ - if (strcmp(optarg, "r") == 0) - timestamp_set_type(TS_RELATIVE); - else if (strcmp(optarg, "a") == 0) - timestamp_set_type(TS_ABSOLUTE); - else if (strcmp(optarg, "ad") == 0) - timestamp_set_type(TS_ABSOLUTE_WITH_DATE); - else if (strcmp(optarg, "d") == 0) - timestamp_set_type(TS_DELTA); - else if (strcmp(optarg, "dd") == 0) - timestamp_set_type(TS_DELTA_DIS); - else if (strcmp(optarg, "e") == 0) - timestamp_set_type(TS_EPOCH); - else { - cmdarg_err("Invalid time stamp type \"%s\"", - optarg); - cmdarg_err_cont("It must be \"r\" for relative, \"a\" for absolute,"); - cmdarg_err_cont("\"ad\" for absolute with date, or \"d\" for delta."); - exit(1); + if (dp_read_errno != 0) { + cmdarg_err( + "I/O error reading your disabled protocols file\n\"%s\": %s.", dp_path, + g_strerror(dp_read_errno)); } - break; - case 'v': /* Show version and exit */ - printf("Rawshark " VERSION "%s\n" - "\n" - "%s" - "\n" - "%s" - "\n" - "%s", - wireshark_svnversion, get_copyright_info(), comp_info_str->str, - runtime_info_str->str); - exit(0); - break; - - default: - case '?': /* Bad flag - print usage message */ - print_usage(TRUE); - exit(1); - break; + g_free(dp_path); } - } - - /* Initialize our display fields */ - for (fc = 0; fc < disp_fields->len; fc++) { - protocolinfo_init(g_ptr_array_index(disp_fields, fc)); - } - g_ptr_array_free(disp_fields, TRUE); - printf("\n"); - fflush(stdout); - - /* If no capture filter or read filter has been specified, and there are - still command-line arguments, treat them as the tokens of a capture - filter (if no "-r" flag was specified) or a read filter (if a "-r" - flag was specified. */ - if (optind < argc) { - if (pipe_name != NULL) { - if (n_rfilters != 0) { - cmdarg_err("Read filters were specified both with \"-R\" " - "and with additional command-line arguments"); - exit(1); - } - rfilters[n_rfilters] = get_args_as_string(argc, argv, optind); + +#ifdef _WIN32 + /* Load Wpcap, if possible */ + load_wpcap(); +#endif + + cap_file_init(&cfile); + + /* Print format defaults to this. */ + print_format = PR_FMT_TEXT; + + /* Initialize our encapsulation type */ + encap = WTAP_ENCAP_UNKNOWN; + + /* Now get our args */ + /* XXX - We should probably have an option to dump libpcap link types */ + while ((opt = getopt(argc, argv, optstring)) != -1) { + switch (opt) { + case 'd': /* Payload type */ + if (!set_link_type(optarg)) { + cmdarg_err("Invalid link type or protocol \"%s\"", optarg); + exit(1); + } + break; + case 'F': /* Read field to display */ + g_ptr_array_add(disp_fields, g_strdup(optarg)); + break; + case 'h': /* Print help and exit */ + print_usage(TRUE); + exit(0); + break; + case 'l': /* "Line-buffer" standard output */ + /* This isn't line-buffering, strictly speaking, it's just + flushing the standard output after the information for + each packet is printed; however, that should be good + enough for all the purposes to which "-l" is put (and + is probably actually better for "-V", as it does fewer + writes). + + See the comment in "process_packet()" for an explanation of + why we do that, and why we don't just use "setvbuf()" to + make the standard output line-buffered (short version: in + Windows, "line-buffered" is the same as "fully-buffered", + and the output buffer is only flushed when it fills up). */ + line_buffered = TRUE; + break; + case 'n': /* No name resolution */ + gbl_resolv_flags = RESOLV_NONE; + break; + case 'N': /* Select what types of addresses/port #s to resolve */ + if (gbl_resolv_flags == RESOLV_ALL) + gbl_resolv_flags = RESOLV_NONE; + badopt = string_to_name_resolve(optarg, &gbl_resolv_flags); + if (badopt != '\0') { + cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'", + badopt); + exit(1); + } + break; + case 'o': /* Override preference from command line */ + switch (prefs_set_pref(optarg)) { + + case PREFS_SET_OK: + break; + + case PREFS_SET_SYNTAX_ERR: + cmdarg_err("Invalid -o flag \"%s\"", optarg); + exit(1); + break; + + case PREFS_SET_NO_SUCH_PREF: + case PREFS_SET_OBSOLETE: + cmdarg_err("-o flag \"%s\" specifies unknown preference", optarg); + exit(1); + break; + } + break; + case 'p': /* Expect pcap_pkthdr packet headers, which may have 64-bit timestamps */ + want_pcap_pkthdr = TRUE; + break; + case 'r': /* Read capture file xxx */ + pipe_name = g_strdup(optarg); + break; + case 'R': /* Read file filter */ + if(n_rfilters < (int) sizeof(rfilters) / (int) sizeof(rfilters[0])) { + rfilters[n_rfilters++] = optarg; + } + else { + cmdarg_err("Too many display filters"); + exit(1); + } + break; + case 's': /* Skip PCAP header */ + skip_pcap_header = TRUE; + break; + case 'S': /* Print string representations */ + if (!parse_field_string_format(optarg)) { + cmdarg_err("Invalid field string format"); + exit(1); + } + break; + case 't': /* Time stamp type */ + if (strcmp(optarg, "r") == 0) + timestamp_set_type(TS_RELATIVE); + else if (strcmp(optarg, "a") == 0) + timestamp_set_type(TS_ABSOLUTE); + else if (strcmp(optarg, "ad") == 0) + timestamp_set_type(TS_ABSOLUTE_WITH_DATE); + else if (strcmp(optarg, "d") == 0) + timestamp_set_type(TS_DELTA); + else if (strcmp(optarg, "dd") == 0) + timestamp_set_type(TS_DELTA_DIS); + else if (strcmp(optarg, "e") == 0) + timestamp_set_type(TS_EPOCH); + else if (strcmp(optarg, "u") == 0) + timestamp_set_type(TS_UTC); + else if (strcmp(optarg, "ud") == 0) + timestamp_set_type(TS_UTC_WITH_DATE); + else { + cmdarg_err("Invalid time stamp type \"%s\"", + optarg); + cmdarg_err_cont("It must be \"r\" for relative, \"a\" for absolute,"); + cmdarg_err_cont("\"ad\" for absolute with date, or \"d\" for delta."); + exit(1); + } + break; + case 'v': /* Show version and exit */ + { + GString *comp_info_str; + GString *runtime_info_str; + /* Assemble the compile-time version information string */ + comp_info_str = g_string_new("Compiled "); + get_compiled_version_info(comp_info_str, NULL, epan_get_compiled_version_info); + + /* Assemble the run-time version information string */ + runtime_info_str = g_string_new("Running "); + get_runtime_version_info(runtime_info_str, NULL); + show_version(comp_info_str, runtime_info_str); + g_string_free(comp_info_str, TRUE); + g_string_free(runtime_info_str, TRUE); + exit(0); + break; + } + default: + case '?': /* Bad flag - print usage message */ + print_usage(TRUE); + exit(1); + break; + } } - } - /* Make sure we got a dissector handle for our payload. */ - if (encap == WTAP_ENCAP_UNKNOWN) { - cmdarg_err("No valid payload dissector specified."); - exit(1); - } + /* Notify all registered modules that have had any of their preferences + changed either from one of the preferences file or from the command + line that their preferences have changed. + Initialize preferences before display filters, otherwise modules + like MATE won't work. */ + prefs_apply_all(); - if (arg_error) { - print_usage(FALSE); - exit(1); - } + /* Initialize our display fields */ + for (fc = 0; fc < disp_fields->len; fc++) { + protocolinfo_init((char *)g_ptr_array_index(disp_fields, fc)); + } + g_ptr_array_free(disp_fields, TRUE); + printf("\n"); + fflush(stdout); + + /* If no capture filter or read filter has been specified, and there are + still command-line arguments, treat them as the tokens of a capture + filter (if no "-r" flag was specified) or a read filter (if a "-r" + flag was specified. */ + if (optind < argc) { + if (pipe_name != NULL) { + if (n_rfilters != 0) { + cmdarg_err("Read filters were specified both with \"-R\" " + "and with additional command-line arguments"); + exit(1); + } + rfilters[n_rfilters] = get_args_as_string(argc, argv, optind); + } + } + + /* Make sure we got a dissector handle for our payload. */ + if (encap == WTAP_ENCAP_UNKNOWN) { + cmdarg_err("No valid payload dissector specified."); + exit(1); + } + + if (arg_error) { + print_usage(FALSE); + exit(1); + } #ifdef _WIN32 - /* Start windows sockets */ - WSAStartup( MAKEWORD( 1, 1 ), &wsaData ); + /* Start windows sockets */ + WSAStartup( MAKEWORD( 1, 1 ), &wsaData ); #endif /* _WIN32 */ - /* Notify all registered modules that have had any of their preferences - changed either from one of the preferences file or from the command - line that their preferences have changed. */ - prefs_apply_all(); - - /* At this point MATE will have registered its field array so we can - have a tap filter with one of MATE's late-registered fields as part - of the filter. We can now process all the "-z" arguments. */ - start_requested_stats(); - - /* disabled protocols as per configuration file */ - if (gdp_path == NULL && dp_path == NULL) { - set_disabled_protos_list(); - } - - /* Build the column format array */ - col_setup(&cfile.cinfo, prefs->num_cols); - for (i = 0; i < cfile.cinfo.num_cols; i++) { - cfile.cinfo.col_fmt[i] = get_column_format(i); - cfile.cinfo.col_title[i] = g_strdup(get_column_title(i)); - cfile.cinfo.fmt_matx[i] = (gboolean *) g_malloc0(sizeof(gboolean) * - NUM_COL_FMTS); - get_column_format_matches(cfile.cinfo.fmt_matx[i], cfile.cinfo.col_fmt[i]); - cfile.cinfo.col_data[i] = NULL; - if (cfile.cinfo.col_fmt[i] == COL_INFO) - cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_INFO_LEN); - else - cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN); - cfile.cinfo.col_fence[i] = 0; - cfile.cinfo.col_expr.col_expr[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN); - cfile.cinfo.col_expr.col_expr_val[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN); - } - - for (i = 0; i < cfile.cinfo.num_cols; i++) { - int j; - - for (j = 0; j < NUM_COL_FMTS; j++) { - if (!cfile.cinfo.fmt_matx[i][j]) - continue; - - if (cfile.cinfo.col_first[j] == -1) - cfile.cinfo.col_first[j] = i; - cfile.cinfo.col_last[j] = i; - } - } - - if (n_rfilters != 0) { - for (i = 0; i < n_rfilters; i++) { - if (!dfilter_compile(rfilters[i], &rfcodes[n_rfcodes])) { - cmdarg_err("%s", dfilter_error_msg); - epan_cleanup(); - exit(2); - } - n_rfcodes++; + /* At this point MATE will have registered its field array so we can + have a tap filter with one of MATE's late-registered fields as part + of the filter. We can now process all the "-z" arguments. */ + start_requested_stats(); + + /* disabled protocols as per configuration file */ + if (gdp_path == NULL && dp_path == NULL) { + set_disabled_protos_list(); } - } - if (pipe_name) { - /* - * We're reading a pipe (or capture file). - */ + /* Build the column format array */ + build_column_format_array(&cfile.cinfo, prefs_p->num_cols, TRUE); + + if (n_rfilters != 0) { + for (i = 0; i < n_rfilters; i++) { + if (!dfilter_compile(rfilters[i], &rfcodes[n_rfcodes])) { + cmdarg_err("%s", dfilter_error_msg); + epan_cleanup(); + exit(2); + } + n_rfcodes++; + } + } - /* - * Immediately relinquish any special privileges we have; we must not - * be allowed to read any capture files the user running Rawshark - * can't open. - */ - relinquish_special_privs_perm(); + if (pipe_name) { + /* + * We're reading a pipe (or capture file). + */ - if (raw_cf_open(&cfile, pipe_name) != CF_OK) { - epan_cleanup(); - exit(2); - } + /* + * Immediately relinquish any special privileges we have; we must not + * be allowed to read any capture files the user running Rawshark + * can't open. + */ + relinquish_special_privs_perm(); + + if (raw_cf_open(&cfile, pipe_name) != CF_OK) { + epan_cleanup(); + exit(2); + } + + /* Do we need to PCAP header and magic? */ + if (skip_pcap_header) { + guint bytes_left = sizeof(struct pcap_hdr) + sizeof(guint32); + gchar buf[sizeof(struct pcap_hdr) + sizeof(guint32)]; + while (bytes_left > 0) { + guint bytes = read(fd, buf, bytes_left); + if (bytes <= 0) { + cmdarg_err("Not enough bytes for pcap header."); + exit(2); + } + bytes_left -= bytes; + } + } - /* Set timestamp precision; there should arguably be a command-line - option to let the user set this. */ + /* Set timestamp precision; there should arguably be a command-line + option to let the user set this. */ #if 0 - switch(wtap_file_tsprecision(cfile.wth)) { - case(WTAP_FILE_TSPREC_SEC): - timestamp_set_precision(TS_PREC_AUTO_SEC); - break; - case(WTAP_FILE_TSPREC_DSEC): - timestamp_set_precision(TS_PREC_AUTO_DSEC); - break; - case(WTAP_FILE_TSPREC_CSEC): - timestamp_set_precision(TS_PREC_AUTO_CSEC); - break; - case(WTAP_FILE_TSPREC_MSEC): - timestamp_set_precision(TS_PREC_AUTO_MSEC); - break; - case(WTAP_FILE_TSPREC_USEC): - timestamp_set_precision(TS_PREC_AUTO_USEC); - break; - case(WTAP_FILE_TSPREC_NSEC): - timestamp_set_precision(TS_PREC_AUTO_NSEC); - break; - default: - g_assert_not_reached(); - } + switch(wtap_file_tsprecision(cfile.wth)) { + case(WTAP_FILE_TSPREC_SEC): + timestamp_set_precision(TS_PREC_AUTO_SEC); + break; + case(WTAP_FILE_TSPREC_DSEC): + timestamp_set_precision(TS_PREC_AUTO_DSEC); + break; + case(WTAP_FILE_TSPREC_CSEC): + timestamp_set_precision(TS_PREC_AUTO_CSEC); + break; + case(WTAP_FILE_TSPREC_MSEC): + timestamp_set_precision(TS_PREC_AUTO_MSEC); + break; + case(WTAP_FILE_TSPREC_USEC): + timestamp_set_precision(TS_PREC_AUTO_USEC); + break; + case(WTAP_FILE_TSPREC_NSEC): + timestamp_set_precision(TS_PREC_AUTO_NSEC); + break; + default: + g_assert_not_reached(); + } #else - timestamp_set_precision(TS_PREC_AUTO_USEC); + timestamp_set_precision(TS_PREC_AUTO_USEC); #endif - /* Process the packets in the file */ - err = load_cap_file(&cfile); + /* Process the packets in the file */ + err = load_cap_file(&cfile); - if (err != 0) { - epan_cleanup(); - exit(2); + if (err != 0) { + epan_cleanup(); + exit(2); + } + } else { + /* If you want to capture live packets, use TShark. */ + cmdarg_err("Input file or pipe name not specified."); + exit(2); } - } else { - /* If you want to capture live packets, use TShark. */ - cmdarg_err("Input file or pipe name not specified."); - exit(2); - } - epan_cleanup(); + epan_cleanup(); - return 0; + return 0; } /** @@ -881,403 +888,364 @@ main(int argc, char *argv[]) * @return TRUE on success, FALSE on failure. */ static gboolean -raw_pipe_read(struct wtap_pkthdr *phdr, guchar * pd, int *err, gchar **err_info, gint64 *data_offset) { - struct pcap_pkthdr hdr; - int bytes_read = 0; - int bytes_needed = sizeof(struct pcap_pkthdr); - gchar err_str[1024+1]; - - /* Copied from capture_loop.c */ - while (bytes_needed > 0) { - bytes_read = read(fd, &hdr, bytes_needed); - if (bytes_read == 0) { - *err = 0; - return FALSE; - } else if (bytes_read < 0) { - *err = WTAP_ERR_CANT_READ; - *err_info = "Error reading header from pipe"; - return FALSE; +raw_pipe_read(struct wtap_pkthdr *phdr, guchar * pd, int *err, const gchar **err_info, gint64 *data_offset) { + struct pcap_pkthdr mem_hdr; + struct pcaprec_hdr disk_hdr; + int bytes_read = 0; + int bytes_needed = sizeof(disk_hdr); + guchar *ptr = (guchar*) &disk_hdr; + static gchar err_str[100]; + + if (want_pcap_pkthdr) { + bytes_needed = sizeof(mem_hdr); + ptr = (guchar*) &mem_hdr; + } + + /* Copied from capture_loop.c */ + while (bytes_needed > 0) { + bytes_read = read(fd, ptr, bytes_needed); + if (bytes_read == 0) { + *err = 0; + return FALSE; + } else if (bytes_read < 0) { + *err = WTAP_ERR_CANT_READ; + *err_info = "Error reading header from pipe"; + return FALSE; + } + bytes_needed -= bytes_read; + *data_offset += bytes_read; + ptr += bytes_read; } - bytes_needed -= bytes_read; - *data_offset += bytes_read; - } - bytes_read = 0; - phdr->ts.secs = hdr.ts.tv_sec; - phdr->ts.nsecs = hdr.ts.tv_usec * 1000; - phdr->caplen = bytes_needed = hdr.caplen; - phdr->len = hdr.len; - phdr->pkt_encap = encap; + if (want_pcap_pkthdr) { + phdr->ts.secs = mem_hdr.ts.tv_sec; + phdr->ts.nsecs = mem_hdr.ts.tv_usec * 1000; + phdr->caplen = bytes_needed = mem_hdr.caplen; + phdr->len = mem_hdr.len; + } else { + phdr->ts.secs = disk_hdr.ts_sec; + phdr->ts.nsecs = disk_hdr.ts_usec * 1000; + phdr->caplen = bytes_needed = disk_hdr.incl_len; + phdr->len = disk_hdr.orig_len; + } + + phdr->pkt_encap = encap; #if 0 - printf("tv_sec: %d (%04x)\n", hdr.ts.tv_sec, hdr.ts.tv_sec); - printf("tv_usec: %d (%04x)\n", hdr.ts.tv_usec, hdr.ts.tv_usec); - printf("caplen: %d (%04x)\n", hdr.caplen, hdr.caplen); - printf("len: %d (%04x)\n", hdr.len, hdr.len); + printf("tv_sec: %d (%04x)\n", hdr.ts.tv_sec, hdr.ts.tv_sec); + printf("tv_usec: %d (%04x)\n", hdr.ts.tv_usec, hdr.ts.tv_usec); + printf("caplen: %d (%04x)\n", hdr.caplen, hdr.caplen); + printf("len: %d (%04x)\n", hdr.len, hdr.len); #endif - if (bytes_needed > WTAP_MAX_PACKET_SIZE) { - *err = WTAP_ERR_BAD_RECORD; - g_snprintf(err_str, 1024, "Bad packet length: %d (%04x)", bytes_needed, bytes_needed); - *err_info = err_str; - return FALSE; - } - - while (bytes_needed > 0) { - bytes_read = read(fd, pd, bytes_needed); - if (bytes_read == 0) { - *err = WTAP_ERR_SHORT_READ; - *err_info = "Got zero bytes reading data from pipe"; - return FALSE; - } else if (bytes_read < 0) { - *err = WTAP_ERR_CANT_READ; - *err_info = "Error reading data from pipe"; - return FALSE; + if (bytes_needed > WTAP_MAX_PACKET_SIZE) { + *err = WTAP_ERR_BAD_FILE; + g_snprintf(err_str, 100, "Bad packet length: %d (%04x)", bytes_needed, bytes_needed); + *err_info = err_str; + return FALSE; } - bytes_needed -= bytes_read; - *data_offset += bytes_read; - } - return TRUE; + + ptr = pd; + while (bytes_needed > 0) { + bytes_read = read(fd, ptr, bytes_needed); + if (bytes_read == 0) { + *err = WTAP_ERR_SHORT_READ; + *err_info = "Got zero bytes reading data from pipe"; + return FALSE; + } else if (bytes_read < 0) { + *err = WTAP_ERR_CANT_READ; + *err_info = "Error reading data from pipe"; + return FALSE; + } + bytes_needed -= bytes_read; + *data_offset += bytes_read; + ptr += bytes_read; + } + return TRUE; } static int load_cap_file(capture_file *cf) { - int err; - gchar *err_info; - gint64 data_offset = 0; - char *save_file_string = NULL; - struct wtap_pkthdr phdr; - guchar pd[WTAP_MAX_PACKET_SIZE]; - - while (raw_pipe_read(&phdr, pd, &err, &err_info, &data_offset)) { - process_packet(cf, data_offset, &phdr, pd); - } - - if (err != 0) { - /* Print a message noting that the read failed somewhere along the line. */ - switch (err) { - - case WTAP_ERR_UNSUPPORTED_ENCAP: - cmdarg_err("\"%s\" has a packet with a network type that Rawshark doesn't support.\n(%s)", - cf->filename, err_info); - break; - - case WTAP_ERR_CANT_READ: - cmdarg_err("An attempt to read from \"%s\" failed for some unknown reason.", - cf->filename); - break; - - case WTAP_ERR_SHORT_READ: - cmdarg_err("\"%s\" appears to have been cut short in the middle of a packet.", - cf->filename); - break; - - case WTAP_ERR_BAD_RECORD: - cmdarg_err("\"%s\" appears to be damaged or corrupt.\n(%s)", - cf->filename, err_info); - break; - - default: - cmdarg_err("An error occurred while reading \"%s\": %s.", - cf->filename, wtap_strerror(err)); - break; + int err; + const gchar *err_info; + gint64 data_offset = 0; + struct wtap_pkthdr phdr; + guchar pd[WTAP_MAX_PACKET_SIZE]; + + while (raw_pipe_read(&phdr, pd, &err, &err_info, &data_offset)) { + process_packet(cf, data_offset, &phdr, pd); } - } - - if (save_file_string != NULL) - g_free(save_file_string); - return err; -} - -static void -fill_in_fdata(frame_data *fdata, capture_file *cf, - const struct wtap_pkthdr *phdr, gint64 offset) -{ - fdata->next = NULL; - fdata->prev = NULL; - fdata->pfd = NULL; - fdata->num = cf->count; - fdata->pkt_len = phdr->len; - cum_bytes += phdr->len; - fdata->cum_bytes = cum_bytes; - fdata->cap_len = phdr->caplen; - fdata->file_off = offset; - fdata->lnk_t = phdr->pkt_encap; - fdata->abs_ts.secs = phdr->ts.secs; - fdata->abs_ts.nsecs = phdr->ts.nsecs; - fdata->flags.passed_dfilter = 0; - fdata->flags.encoding = CHAR_ASCII; - fdata->flags.visited = 0; - fdata->flags.marked = 0; - fdata->flags.ref_time = 0; - fdata->color_filter = NULL; - - /* If we don't have the time stamp of the first packet in the - capture, it's because this is the first packet. Save the time - stamp of this packet as the time stamp of the first packet. */ - if (nstime_is_unset(&first_ts)) { - first_ts = fdata->abs_ts; - } - - /* If we don't have the time stamp of the previous captured packet, - it's because this is the first packet. Save the time - stamp of this packet as the time stamp of the previous captured - packet. */ - if (nstime_is_unset(&prev_cap_ts)) { - prev_cap_ts = fdata->abs_ts; - } - - /* Get the time elapsed between the first packet and this packet. */ - nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts); - - /* If it's greater than the current elapsed time, set the elapsed time - to it (we check for "greater than" so as not to be confused by - time moving backwards). */ - if ((gint32)cf->elapsed_time.secs < fdata->rel_ts.secs - || ((gint32)cf->elapsed_time.secs == fdata->rel_ts.secs && (gint32)cf->elapsed_time.nsecs < fdata->rel_ts.nsecs)) { - cf->elapsed_time = fdata->rel_ts; - } - - /* If we don't have the time stamp of the previous displayed packet, - it's because this is the first packet that's being displayed. Save the time - stamp of this packet as the time stamp of the previous displayed - packet. */ - if (nstime_is_unset(&prev_dis_ts)) - prev_dis_ts = fdata->abs_ts; - - /* Get the time elapsed between the previous displayed packet and - this packet. */ - nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts); - - /* Get the time elapsed between the previous captured packet and - this packet. */ - nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &prev_cap_ts); - prev_cap_ts = fdata->abs_ts; -} + if (err != 0) { + /* Print a message noting that the read failed somewhere along the line. */ + switch (err) { + + case WTAP_ERR_UNSUPPORTED_ENCAP: + cmdarg_err("The file \"%s\" has a packet with a network type that Rawshark doesn't support.\n(%s)", + cf->filename, err_info); + break; + + case WTAP_ERR_CANT_READ: + cmdarg_err("An attempt to read from the file \"%s\" failed for some unknown reason.", + cf->filename); + break; + + case WTAP_ERR_SHORT_READ: + cmdarg_err("The file \"%s\" appears to have been cut short in the middle of a packet.", + cf->filename); + break; + + case WTAP_ERR_BAD_FILE: + cmdarg_err("The file \"%s\" appears to be damaged or corrupt.\n(%s)", + cf->filename, err_info); + break; + + case WTAP_ERR_DECOMPRESS: + cmdarg_err("The compressed file \"%s\" appears to be damaged or corrupt.\n(%s)", + cf->filename, err_info); + break; + + default: + cmdarg_err("An error occurred while reading the file \"%s\": %s.", + cf->filename, wtap_strerror(err)); + break; + } + } -/* Free up all data attached to a "frame_data" structure. */ -static void -clear_fdata(frame_data *fdata) -{ - if (fdata->pfd) - g_slist_free(fdata->pfd); + return err; } static gboolean process_packet(capture_file *cf, gint64 offset, const struct wtap_pkthdr *whdr, const guchar *pd) { - frame_data fdata; - gboolean create_proto_tree; - epan_dissect_t *edt; - gboolean passed; - union wtap_pseudo_header pseudo_header; - int i; - - if(whdr->len == 0) - { - /* The user sends an empty packet when he wants to get output from us even if we don't currently have - packets to process. We spit out a line with the timestamp and the text "void" - */ - printf("%lu %lu %lu void -\n", (unsigned long int)cf->count, - (unsigned long int)whdr->ts.secs, - (unsigned long int)whdr->ts.nsecs); - - fflush(stdout); - - return FALSE; - } - - memset(&pseudo_header, 0, sizeof(pseudo_header)); - - /* Count this packet. */ - cf->count++; - - /* If we're going to print packet information, or we're going to - run a read filter, or we're going to process taps, set up to - do a dissection and do so. */ - fill_in_fdata(&fdata, cf, whdr, offset); - - passed = TRUE; - create_proto_tree = TRUE; - - /* The protocol tree will be "visible", i.e., printed, only if we're - printing packet details, which is true if we're in verbose mode ("verbose" - is true). */ - edt = epan_dissect_new(create_proto_tree, FALSE); - - /* If we're running a read filter, prime the epan_dissect_t with that - filter. */ - if (n_rfilters > 0) { - for(i = 0; i < n_rfcodes; i++) { - epan_dissect_prime_dfilter(edt, rfcodes[i]); + frame_data fdata; + gboolean create_proto_tree; + epan_dissect_t edt; + gboolean passed; + union wtap_pseudo_header pseudo_header; + int i; + + if(whdr->len == 0) + { + /* The user sends an empty packet when he wants to get output from us even if we don't currently have + packets to process. We spit out a line with the timestamp and the text "void" + */ + printf("%lu %lu %lu void -\n", (unsigned long int)cf->count, + (unsigned long int)whdr->ts.secs, + (unsigned long int)whdr->ts.nsecs); + + fflush(stdout); + + return FALSE; } - } - tap_queue_init(edt); + memset(&pseudo_header, 0, sizeof(pseudo_header)); + + /* Count this packet. */ + cf->count++; + + /* If we're going to print packet information, or we're going to + run a read filter, or we're going to process taps, set up to + do a dissection and do so. */ + frame_data_init(&fdata, cf->count, whdr, offset, cum_bytes); + + passed = TRUE; + create_proto_tree = TRUE; - printf("%lu", (unsigned long int)cf->count); + /* The protocol tree will be "visible", i.e., printed, only if we're + printing packet details, which is true if we're in verbose mode ("verbose" + is true). */ + epan_dissect_init(&edt, create_proto_tree, FALSE); - /* We only need the columns if we're printing packet info but we're + /* If we're running a read filter, prime the epan_dissect_t with that + filter. */ + if (n_rfilters > 0) { + for(i = 0; i < n_rfcodes; i++) { + epan_dissect_prime_dfilter(&edt, rfcodes[i]); + } + } + + tap_queue_init(&edt); + + printf("%lu", (unsigned long int) cf->count); + + frame_data_set_before_dissect(&fdata, &cf->elapsed_time, + &first_ts, &prev_dis_ts, &prev_cap_ts); + + /* We only need the columns if we're printing packet info but we're *not* verbose; in verbose mode, we print the protocol tree, not the protocol summary. */ - epan_dissect_run(edt, &pseudo_header, pd, &fdata, &cf->cinfo); - - tap_push_tapped_queue(edt); - - for(i = 0; i < n_rfilters; i++) { - /* Run the read filter if we have one. */ - if (rfcodes[i]) - passed = dfilter_apply_edt(rfcodes[i], edt); - else - passed = TRUE; - - /* Print a one-line summary */ - printf(" %u", passed ? 1 : 0); - } - - printf(" -\n"); - - /* The ANSI C standard does not appear to *require* that a line-buffered - stream be flushed to the host environment whenever a newline is - written, it just says that, on such a stream, characters "are - intended to be transmitted to or from the host environment as a - block when a new-line character is encountered". - - The Visual C++ 6.0 C implementation doesn't do what is intended; - even if you set a stream to be line-buffered, it still doesn't - flush the buffer at the end of every line. - - So, if the "-l" flag was specified, we flush the standard output - at the end of a packet. This will do the right thing if we're - printing packet summary lines, and, as we print the entire protocol - tree for a single packet without waiting for anything to happen, - it should be as good as line-buffered mode if we're printing - protocol trees. (The whole reason for the "-l" flag in either - tcpdump or Rawshark is to allow the output of a live capture to - be piped to a program or script and to have that script see the - information for the packet as soon as it's printed, rather than - having to wait until a standard I/O buffer fills up. */ - if (line_buffered) - fflush(stdout); + epan_dissect_run(&edt, &pseudo_header, pd, &fdata, &cf->cinfo); - if (ferror(stdout)) { - show_print_file_io_error(errno); - exit(2); - } + tap_push_tapped_queue(&edt); + + frame_data_set_after_dissect(&fdata, &cum_bytes, &prev_dis_ts); + + for(i = 0; i < n_rfilters; i++) { + /* Run the read filter if we have one. */ + if (rfcodes[i]) + passed = dfilter_apply_edt(rfcodes[i], &edt); + else + passed = TRUE; + + /* Print a one-line summary */ + printf(" %u", passed ? 1 : 0); + } + + printf(" -\n"); + + /* The ANSI C standard does not appear to *require* that a line-buffered + stream be flushed to the host environment whenever a newline is + written, it just says that, on such a stream, characters "are + intended to be transmitted to or from the host environment as a + block when a new-line character is encountered". + + The Visual C++ 6.0 C implementation doesn't do what is intended; + even if you set a stream to be line-buffered, it still doesn't + flush the buffer at the end of every line. + + So, if the "-l" flag was specified, we flush the standard output + at the end of a packet. This will do the right thing if we're + printing packet summary lines, and, as we print the entire protocol + tree for a single packet without waiting for anything to happen, + it should be as good as line-buffered mode if we're printing + protocol trees. (The whole reason for the "-l" flag in either + tcpdump or Rawshark is to allow the output of a live capture to + be piped to a program or script and to have that script see the + information for the packet as soon as it's printed, rather than + having to wait until a standard I/O buffer fills up. */ + if (line_buffered) + fflush(stdout); + + if (ferror(stdout)) { + show_print_file_io_error(errno); + exit(2); + } - epan_dissect_free(edt); - clear_fdata(&fdata); + epan_dissect_cleanup(&edt); + frame_data_cleanup(&fdata); - return passed; + return passed; } /**************************************************************************************** * FIELD EXTRACTION ROUTINES ****************************************************************************************/ typedef struct _pci_t { - char *filter; - int hf_index; - int cmd_line_index; + char *filter; + int hf_index; + int cmd_line_index; } pci_t; -char* ftenum_to_string(header_field_info *hfi) +static const char* ftenum_to_string(header_field_info *hfi) { - if (!hfi) { - return "n.a."; - } - - if (string_fmts->len > 0 && hfi->strings) { - return "FT_STRING"; - } - - switch(hfi->type) { - case FT_NONE: - return "FT_NONE"; - case FT_PROTOCOL: - return "FT_PROTOCOL"; - case FT_BOOLEAN: - return "FT_BOOLEAN"; - case FT_UINT8: - return "FT_UINT8"; - case FT_UINT16: - return "FT_UINT16"; - case FT_UINT24: - return "FT_UINT24"; - case FT_UINT32: - return "FT_UINT32"; - case FT_UINT64: - return "FT_UINT64"; - case FT_INT8: - return "FT_INT8"; - case FT_INT16: - return "FT_INT16"; - case FT_INT24: - return "FT_INT24"; - case FT_INT32: - return "FT_INT32"; - case FT_INT64: - return "FT_INT64"; - case FT_FLOAT: - return "FT_FLOAT"; - case FT_DOUBLE: - return "FT_DOUBLE"; - case FT_ABSOLUTE_TIME: - return "FT_ABSOLUTE_TIME"; - case FT_RELATIVE_TIME: - return "FT_RELATIVE_TIME"; - case FT_STRING: - return "FT_STRING"; - case FT_STRINGZ: - return "FT_STRINGZ"; - case FT_UINT_STRING: - return "FT_UINT_STRING"; - case FT_ETHER: - return "FT_ETHER"; - case FT_BYTES: - return "FT_BYTES"; - case FT_UINT_BYTES: - return "FT_UINT_BYTES"; - case FT_IPv4: - return "FT_IPv4"; - case FT_IPv6: - return "FT_IPv6"; - case FT_IPXNET: - return "FT_IPXNET"; - case FT_FRAMENUM: - return "FT_FRAMENUM"; - case FT_PCRE: - return "FT_PCRE"; - case FT_GUID: - return "FT_GUID"; - case FT_OID: - return "FT_OID"; - case FT_NUM_TYPES: - return "FT_NUM_TYPES"; - default: - return "n.a."; - }; + if (!hfi) { + return "n.a."; + } + + if (string_fmts->len > 0 && hfi->strings) { + return "FT_STRING"; + } + + switch(hfi->type) { + case FT_NONE: + return "FT_NONE"; + case FT_PROTOCOL: + return "FT_PROTOCOL"; + case FT_BOOLEAN: + return "FT_BOOLEAN"; + case FT_UINT8: + return "FT_UINT8"; + case FT_UINT16: + return "FT_UINT16"; + case FT_UINT24: + return "FT_UINT24"; + case FT_UINT32: + return "FT_UINT32"; + case FT_UINT64: + return "FT_UINT64"; + case FT_INT8: + return "FT_INT8"; + case FT_INT16: + return "FT_INT16"; + case FT_INT24: + return "FT_INT24"; + case FT_INT32: + return "FT_INT32"; + case FT_INT64: + return "FT_INT64"; + case FT_FLOAT: + return "FT_FLOAT"; + case FT_DOUBLE: + return "FT_DOUBLE"; + case FT_ABSOLUTE_TIME: + return "FT_ABSOLUTE_TIME"; + case FT_RELATIVE_TIME: + return "FT_RELATIVE_TIME"; + case FT_STRING: + return "FT_STRING"; + case FT_STRINGZ: + return "FT_STRINGZ"; + case FT_UINT_STRING: + return "FT_UINT_STRING"; + case FT_ETHER: + return "FT_ETHER"; + case FT_BYTES: + return "FT_BYTES"; + case FT_UINT_BYTES: + return "FT_UINT_BYTES"; + case FT_IPv4: + return "FT_IPv4"; + case FT_IPv6: + return "FT_IPv6"; + case FT_IPXNET: + return "FT_IPXNET"; + case FT_FRAMENUM: + return "FT_FRAMENUM"; + case FT_PCRE: + return "FT_PCRE"; + case FT_GUID: + return "FT_GUID"; + case FT_OID: + return "FT_OID"; + case FT_NUM_TYPES: + return "FT_NUM_TYPES"; + default: + return "n.a."; + }; +} + +static const char* absolute_time_display_e_to_string(absolute_time_display_e atd) +{ + switch(atd) { + case ABSOLUTE_TIME_LOCAL: + return "ABSOLUTE_TIME_LOCAL"; + case ABSOLUTE_TIME_UTC: + return "ABSOLUTE_TIME_UTC"; + default: + return "n.a."; + } } -char* base_display_e_to_string(base_display_e bd) +static const char* base_display_e_to_string(base_display_e bd) { - switch(bd) { - case BASE_NONE: - return "BASE_NONE"; - case BASE_DEC: - return "BASE_DEC"; - case BASE_HEX: - return "BASE_HEX"; - case BASE_OCT: - return "BASE_OCT"; - case BASE_DEC_HEX: - return "BASE_DEC_HEX"; - case BASE_HEX_DEC: - return "BASE_HEX_DEC"; - default: - return "n.a."; - } + switch(bd) { + case BASE_NONE: + return "BASE_NONE"; + case BASE_DEC: + return "BASE_DEC"; + case BASE_HEX: + return "BASE_HEX"; + case BASE_OCT: + return "BASE_OCT"; + case BASE_DEC_HEX: + return "BASE_DEC_HEX"; + case BASE_HEX_DEC: + return "BASE_HEX_DEC"; + default: + return "n.a."; + } } /* @@ -1287,143 +1255,148 @@ char* base_display_e_to_string(base_display_e bd) #define cVALS(x) (const value_string*)(x) static gboolean print_field_value(field_info *finfo, int cmd_line_index) { - header_field_info *hfinfo; - static char *fs_buf = NULL; - char *fs_ptr = fs_buf; - static GString *label_s = NULL; - int fs_buf_len = FIELD_STR_INIT_LEN, fs_len; - guint i; - string_fmt_t *sf; - guint32 uvalue; - gint32 svalue; - const true_false_string *tfstring = &tfs_true_false; - - hfinfo = finfo->hfinfo; - - if (!fs_buf) { - fs_buf = g_malloc(fs_buf_len + 1); - fs_ptr = fs_buf; - } - - if (!label_s) { - label_s = g_string_new(""); - } - - if(finfo->value.ftype->val_to_string_repr) - { - /* - * this field has an associated value, - * e.g: ip.hdr_len - */ - fs_len = fvalue_string_repr_len(&finfo->value, FTREPR_DFILTER); - while (fs_buf_len < fs_len) { - fs_buf_len *= 2; - fs_buf = g_realloc(fs_buf, fs_buf_len + 1); - fs_ptr = fs_buf; - } - fvalue_to_string_repr(&finfo->value, - FTREPR_DFILTER, - fs_buf); - - /* String types are quoted. Remove them. */ - if ((finfo->value.ftype->ftype == FT_STRING || finfo->value.ftype->ftype == FT_STRINGZ) && fs_len > 2) { - fs_buf[fs_len - 1] = '\0'; - fs_ptr++; - } - } - - if (string_fmts->len > 0 && finfo->hfinfo->strings) { - g_string_truncate(label_s, 0); - for (i = 0; i < string_fmts->len; i++) { - sf = g_ptr_array_index(string_fmts, i); - if (sf->plain) { - g_string_append(label_s, sf->plain); - } else { - switch (sf->format) { - case SF_NAME: - g_string_append(label_s, hfinfo->name); - break; - case SF_NUMVAL: - g_string_append(label_s, fs_ptr); - break; - case SF_STRVAL: - switch(hfinfo->type) { - case FT_BOOLEAN: - uvalue = fvalue_get_uinteger(&finfo->value); - tfstring = (const struct true_false_string*) hfinfo->strings; - g_string_append(label_s, uvalue ? tfstring->true_string : tfstring->false_string); - break; - case FT_INT8: - case FT_INT16: - case FT_INT24: - case FT_INT32: - DISSECTOR_ASSERT(!hfinfo->bitmask); - svalue = fvalue_get_sinteger(&finfo->value); - if (hfinfo->display & BASE_RANGE_STRING) { - g_string_append(label_s, rval_to_str(svalue, hfinfo->strings, "Unknown")); - } else { - g_string_append(label_s, val_to_str(svalue, cVALS(hfinfo->strings), "Unknown")); - } - case FT_UINT8: - case FT_UINT16: - case FT_UINT24: - case FT_UINT32: - uvalue = fvalue_get_uinteger(&finfo->value); - if (!hfinfo->bitmask && hfinfo->display & BASE_RANGE_STRING) { - g_string_append(label_s, rval_to_str(uvalue, hfinfo->strings, "Unknown")); - } else { - g_string_append(label_s, val_to_str(uvalue, cVALS(hfinfo->strings), "Unknown")); - } - break; - default: - break; - } - break; - default: - break; - } - } - } - printf(" %u=\"%s\"", cmd_line_index, label_s->str); - return TRUE; - } - - if(finfo->value.ftype->val_to_string_repr) - { - printf(" %u=\"%s\"", cmd_line_index, fs_ptr); - return TRUE; - } - - /* - * This field doesn't have an associated value, - * e.g. http - * We return n.a. - */ - printf(" %u=\"n.a.\"", cmd_line_index); - return TRUE; + header_field_info *hfinfo; + static char *fs_buf = NULL; + char *fs_ptr = fs_buf; + static GString *label_s = NULL; + int fs_buf_len = FIELD_STR_INIT_LEN, fs_len; + guint i; + string_fmt_t *sf; + guint32 uvalue; + gint32 svalue; + const true_false_string *tfstring = &tfs_true_false; + + hfinfo = finfo->hfinfo; + + if (!fs_buf) { + fs_buf = (char *)g_malloc(fs_buf_len + 1); + fs_ptr = fs_buf; + } + + if (!label_s) { + label_s = g_string_new(""); + } + + if(finfo->value.ftype->val_to_string_repr) + { + /* + * this field has an associated value, + * e.g: ip.hdr_len + */ + fs_len = fvalue_string_repr_len(&finfo->value, FTREPR_DFILTER); + while (fs_buf_len < fs_len) { + fs_buf_len *= 2; + fs_buf = (char *)g_realloc(fs_buf, fs_buf_len + 1); + fs_ptr = fs_buf; + } + fvalue_to_string_repr(&finfo->value, + FTREPR_DFILTER, + fs_buf); + + /* String types are quoted. Remove them. */ + if ((finfo->value.ftype->ftype == FT_STRING || finfo->value.ftype->ftype == FT_STRINGZ) && fs_len > 2) { + fs_buf[fs_len - 1] = '\0'; + fs_ptr++; + } + } + + if (string_fmts->len > 0 && finfo->hfinfo->strings) { + g_string_truncate(label_s, 0); + for (i = 0; i < string_fmts->len; i++) { + sf = (string_fmt_t *)g_ptr_array_index(string_fmts, i); + if (sf->plain) { + g_string_append(label_s, sf->plain); + } else { + switch (sf->format) { + case SF_NAME: + g_string_append(label_s, hfinfo->name); + break; + case SF_NUMVAL: + g_string_append(label_s, fs_ptr); + break; + case SF_STRVAL: + switch(hfinfo->type) { + case FT_BOOLEAN: + uvalue = fvalue_get_uinteger(&finfo->value); + tfstring = (const struct true_false_string*) hfinfo->strings; + g_string_append(label_s, uvalue ? tfstring->true_string : tfstring->false_string); + break; + case FT_INT8: + case FT_INT16: + case FT_INT24: + case FT_INT32: + DISSECTOR_ASSERT(!hfinfo->bitmask); + svalue = fvalue_get_sinteger(&finfo->value); + if (hfinfo->display & BASE_RANGE_STRING) { + g_string_append(label_s, rval_to_str(svalue, RVALS(hfinfo->strings), "Unknown")); + } else if (hfinfo->display & BASE_EXT_STRING) { + g_string_append(label_s, val_to_str_ext(svalue, (value_string_ext *) hfinfo->strings, "Unknown")); + } else { + g_string_append(label_s, val_to_str(svalue, cVALS(hfinfo->strings), "Unknown")); + } + break; + case FT_UINT8: + case FT_UINT16: + case FT_UINT24: + case FT_UINT32: + uvalue = fvalue_get_uinteger(&finfo->value); + if (!hfinfo->bitmask && hfinfo->display & BASE_RANGE_STRING) { + g_string_append(label_s, rval_to_str(uvalue, RVALS(hfinfo->strings), "Unknown")); + } else if (hfinfo->display & BASE_EXT_STRING) { + g_string_append(label_s, val_to_str_ext(uvalue, (value_string_ext *) hfinfo->strings, "Unknown")); + } else { + g_string_append(label_s, val_to_str(uvalue, cVALS(hfinfo->strings), "Unknown")); + } + break; + default: + break; + } + break; + default: + break; + } + } + } + printf(" %u=\"%s\"", cmd_line_index, label_s->str); + return TRUE; + } + + if(finfo->value.ftype->val_to_string_repr) + { + printf(" %u=\"%s\"", cmd_line_index, fs_ptr); + return TRUE; + } + + /* + * This field doesn't have an associated value, + * e.g. http + * We return n.a. + */ + printf(" %u=\"n.a.\"", cmd_line_index); + return TRUE; } static int protocolinfo_packet(void *prs, packet_info *pinfo _U_, epan_dissect_t *edt, const void *dummy _U_) { - pci_t *rs=prs; - GPtrArray *gp; - guint i; - - gp=proto_get_finfo_ptr_array(edt->tree, rs->hf_index); - if(!gp){ - printf(" n.a."); - return 0; - } - - /* - * Print each occurrence of the field - */ - for (i = 0; i < gp->len; i++) { - print_field_value(gp->pdata[i], rs->cmd_line_index); - } - - return 0; + pci_t *rs=(pci_t *)prs; + GPtrArray *gp; + guint i; + + gp=proto_get_finfo_ptr_array(edt->tree, rs->hf_index); + if(!gp){ + printf(" n.a."); + return 0; + } + + /* + * Print each occurrence of the field + */ + for (i = 0; i < gp->len; i++) { + print_field_value((field_info *)gp->pdata[i], rs->cmd_line_index); + } + + return 0; } int g_cmd_line_index = 0; @@ -1434,39 +1407,52 @@ int g_cmd_line_index = 0; static void protocolinfo_init(char *field) { - pci_t *rs; - header_field_info *hfi; - GString *error_string; - - hfi=proto_registrar_get_byname(field); - if(!hfi){ - fprintf(stderr, "rawshark: Field \"%s\" doesn't exist.\n", field); - exit(1); - } - - printf("%u %s %s - ", - g_cmd_line_index, - ftenum_to_string(hfi), - base_display_e_to_string(hfi->display)); - - rs=g_malloc(sizeof(pci_t)); - rs->hf_index=hfi->id; - rs->filter=field; - rs->cmd_line_index = g_cmd_line_index++; - - error_string=register_tap_listener("frame", rs, rs->filter, NULL, protocolinfo_packet, NULL); - if(error_string){ - /* error, we failed to attach to the tap. complain and clean up */ - fprintf(stderr, "rawshark: Couldn't register field extraction tap: %s\n", - error_string->str); - g_string_free(error_string, TRUE); - if(rs->filter){ - g_free(rs->filter); - } - g_free(rs); - - exit(1); - } + pci_t *rs; + header_field_info *hfi; + GString *error_string; + + hfi=proto_registrar_get_byname(field); + if(!hfi){ + fprintf(stderr, "rawshark: Field \"%s\" doesn't exist.\n", field); + exit(1); + } + + switch (hfi->type) { + + case FT_ABSOLUTE_TIME: + printf("%u %s %s - ", + g_cmd_line_index, + ftenum_to_string(hfi), + absolute_time_display_e_to_string(hfi->display)); + break; + break; + + default: + printf("%u %s %s - ", + g_cmd_line_index, + ftenum_to_string(hfi), + base_display_e_to_string(hfi->display)); + break; + } + + rs=(pci_t *)g_malloc(sizeof(pci_t)); + rs->hf_index=hfi->id; + rs->filter=field; + rs->cmd_line_index = g_cmd_line_index++; + + error_string=register_tap_listener("frame", rs, rs->filter, TL_REQUIRES_PROTO_TREE, NULL, protocolinfo_packet, NULL); + if(error_string){ + /* error, we failed to attach to the tap. complain and clean up */ + fprintf(stderr, "rawshark: Couldn't register field extraction tap: %s\n", + error_string->str); + g_string_free(error_string, TRUE); + if(rs->filter){ + g_free(rs->filter); + } + g_free(rs); + + exit(1); + } } /* @@ -1476,65 +1462,65 @@ protocolinfo_init(char *field) static void add_string_fmt(string_fmt_e format, gchar *plain) { - string_fmt_t *sf = g_malloc(sizeof(string_fmt_t)); + string_fmt_t *sf = (string_fmt_t *)g_malloc(sizeof(string_fmt_t)); - sf->format = format; - sf->plain = g_strdup(plain); + sf->format = format; + sf->plain = g_strdup(plain); - g_ptr_array_add(string_fmts, sf); + g_ptr_array_add(string_fmts, sf); } static gboolean parse_field_string_format(gchar *format) { - GString *plain_s = g_string_new(""); - int len; - int pos = 0; - - if (!format) { - return FALSE; - } - - len = strlen(format); - g_ptr_array_set_size(string_fmts, 0); - - while (pos < len) { - if (format[pos] == '%') { - if (pos >= len) { /* There should always be a following character */ - return FALSE; - } - pos++; - if (plain_s->len > 0) { - add_string_fmt(SF_NONE, plain_s->str); - g_string_truncate(plain_s, 0); - } - switch (format[pos]) { - case 'D': - add_string_fmt(SF_NAME, NULL); - break; - case 'N': - add_string_fmt(SF_NUMVAL, NULL); - break; - case 'S': - add_string_fmt(SF_STRVAL, NULL); - break; - case '%': - g_string_append_c(plain_s, '%'); - break; - default: /* Invalid format */ - return FALSE; - } - } else { - g_string_append_c(plain_s, format[pos]); - } - pos++; - } - - if (plain_s->len > 0) { - add_string_fmt(SF_NONE, plain_s->str); - } - g_string_free(plain_s, TRUE); - - return TRUE; + GString *plain_s = g_string_new(""); + size_t len; + size_t pos = 0; + + if (!format) { + return FALSE; + } + + len = strlen(format); + g_ptr_array_set_size(string_fmts, 0); + + while (pos < len) { + if (format[pos] == '%') { + if (pos >= len) { /* There should always be a following character */ + return FALSE; + } + pos++; + if (plain_s->len > 0) { + add_string_fmt(SF_NONE, plain_s->str); + g_string_truncate(plain_s, 0); + } + switch (format[pos]) { + case 'D': + add_string_fmt(SF_NAME, NULL); + break; + case 'N': + add_string_fmt(SF_NUMVAL, NULL); + break; + case 'S': + add_string_fmt(SF_STRVAL, NULL); + break; + case '%': + g_string_append_c(plain_s, '%'); + break; + default: /* Invalid format */ + return FALSE; + } + } else { + g_string_append_c(plain_s, format[pos]); + } + pos++; + } + + if (plain_s->len > 0) { + add_string_fmt(SF_NONE, plain_s->str); + } + g_string_free(plain_s, TRUE); + + return TRUE; } /**************************************************************************************** * END OF FIELD EXTRACTION ROUTINES @@ -1543,25 +1529,25 @@ parse_field_string_format(gchar *format) { static void show_print_file_io_error(int err) { - switch (err) { + switch (err) { - case ENOSPC: - cmdarg_err("Not all the packets could be printed because there is " -"no space left on the file system."); - break; + case ENOSPC: + cmdarg_err("Not all the packets could be printed because there is " + "no space left on the file system."); + break; #ifdef EDQUOT - case EDQUOT: - cmdarg_err("Not all the packets could be printed because you are " -"too close to, or over your disk quota."); - break; + case EDQUOT: + cmdarg_err("Not all the packets could be printed because you are " + "too close to, or over your disk quota."); + break; #endif - default: - cmdarg_err("An error occurred while printing packets: %s.", - strerror(err)); - break; - } + default: + cmdarg_err("An error occurred while printing packets: %s.", + g_strerror(err)); + break; + } } /* @@ -1570,48 +1556,50 @@ show_print_file_io_error(int err) static void open_failure_message(const char *filename, int err, gboolean for_writing) { - fprintf(stderr, "rawshark: "); - fprintf(stderr, file_open_error_message(err, for_writing), filename); - fprintf(stderr, "\n"); + fprintf(stderr, "rawshark: "); + fprintf(stderr, file_open_error_message(err, for_writing), filename); + fprintf(stderr, "\n"); } cf_status_t raw_cf_open(capture_file *cf, const char *fname) { - if ((fd = raw_pipe_open(fname)) < 0) - return CF_ERROR; - - /* The open succeeded. Fill in the information for this file. */ - - /* Initialize all data structures used for dissection. */ - init_dissection(); - - cf->wth = NULL; - cf->f_datalen = 0; /* not used, but set it anyway */ - - /* Set the file name because we need it to set the follow stream filter. - XXX - is that still true? We need it for other reasons, though, - in any case. */ - cf->filename = g_strdup(fname); - - /* Indicate whether it's a permanent or temporary file. */ - cf->is_tempfile = FALSE; - - /* If it's a temporary capture buffer file, mark it as not saved. */ - cf->user_saved = FALSE; - - cf->cd_t = WTAP_FILE_UNKNOWN; - cf->count = 0; - cf->drops_known = FALSE; - cf->drops = 0; - cf->has_snap = FALSE; - cf->snap = WTAP_MAX_PACKET_SIZE; - nstime_set_zero(&cf->elapsed_time); - nstime_set_unset(&first_ts); - nstime_set_unset(&prev_dis_ts); - nstime_set_unset(&prev_cap_ts); - - return CF_OK; + if ((fd = raw_pipe_open(fname)) < 0) + return CF_ERROR; + + /* The open succeeded. Fill in the information for this file. */ + + /* Cleanup all data structures used for dissection. */ + cleanup_dissection(); + /* Initialize all data structures used for dissection. */ + init_dissection(); + + cf->wth = NULL; + cf->f_datalen = 0; /* not used, but set it anyway */ + + /* Set the file name because we need it to set the follow stream filter. + XXX - is that still true? We need it for other reasons, though, + in any case. */ + cf->filename = g_strdup(fname); + + /* Indicate whether it's a permanent or temporary file. */ + cf->is_tempfile = FALSE; + + /* If it's a temporary capture buffer file, mark it as not saved. */ + cf->user_saved = FALSE; + + cf->cd_t = WTAP_FILE_UNKNOWN; + cf->count = 0; + cf->drops_known = FALSE; + cf->drops = 0; + cf->has_snap = FALSE; + cf->snap = WTAP_MAX_PACKET_SIZE; + nstime_set_zero(&cf->elapsed_time); + nstime_set_unset(&first_ts); + nstime_set_unset(&prev_dis_ts); + nstime_set_unset(&prev_cap_ts); + + return CF_OK; } @@ -1621,9 +1609,9 @@ raw_cf_open(capture_file *cf, const char *fname) static void failure_message(const char *msg_format, va_list ap) { - fprintf(stderr, "rawshark: "); - vfprintf(stderr, msg_format, ap); - fprintf(stderr, "\n"); + fprintf(stderr, "rawshark: "); + vfprintf(stderr, msg_format, ap); + fprintf(stderr, "\n"); } /* @@ -1632,8 +1620,18 @@ failure_message(const char *msg_format, va_list ap) static void read_failure_message(const char *filename, int err) { - cmdarg_err("An error occurred while reading from the file \"%s\": %s.", - filename, strerror(err)); + cmdarg_err("An error occurred while reading from the file \"%s\": %s.", + filename, g_strerror(err)); +} + +/* + * Write errors are reported with an console message in Rawshark. + */ +static void +write_failure_message(const char *filename, int err) +{ + cmdarg_err("An error occurred while writing to the file \"%s\": %s.", + filename, g_strerror(err)); } /* @@ -1642,13 +1640,13 @@ read_failure_message(const char *filename, int err) void cmdarg_err(const char *fmt, ...) { - va_list ap; + va_list ap; - va_start(ap, fmt); - fprintf(stderr, "rawshark: "); - vfprintf(stderr, fmt, ap); - fprintf(stderr, "\n"); - va_end(ap); + va_start(ap, fmt); + fprintf(stderr, "rawshark: "); + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); + va_end(ap); } /* @@ -1657,33 +1655,24 @@ cmdarg_err(const char *fmt, ...) void cmdarg_err_cont(const char *fmt, ...) { - va_list ap; + va_list ap; - va_start(ap, fmt); - vfprintf(stderr, fmt, ap); - fprintf(stderr, "\n"); - va_end(ap); + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); + va_end(ap); } -/****************************************************************************************************************/ -/* other "dummies" */ -void -cf_mark_frame(capture_file *cf _U_, frame_data *frame _U_) -{ - /* shouldn't happen */ - g_assert_not_reached(); -} - /* * Editor modelines * * Local Variables: * c-basic-offset: 4 - * tab-width: 4 - * indent-tabs-mode: tabs + * tab-width: 8 + * indent-tabs-mode: nil * End: * - * ex: set shiftwidth=4 tabstop=4 noexpandtab - * :indentSize=4:tabSize=4:noTabs=false: + * ex: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: */