/*
* Alert box for a failed attempt to write to a file.
* "err" is assumed to be a UNIX-style errno if positive and a
* Wiretap error if negative.
*
* XXX - add explanatory secondary text for at least some of the errors;
* various HIGs suggest that you should, for example, suggest that the
* user remove files if the file system is full. Perhaps that's because
* they're providing guidelines for people less sophisticated than the
* typical Wireshark user is, but....
*/
void
write_failure_alert_box(const char *filename, int err)
{
gchar *display_basename;
display_basename = g_filename_display_basename(filename);
if (err < 0) {
switch (err) {
case WTAP_ERR_SHORT_WRITE:
simple_message_box(ESD_TYPE_ERROR, NULL, NULL,
"A full write couldn't be done to the file \"%s\".",
display_basename);
break;
default:
simple_message_box(ESD_TYPE_ERROR, NULL, NULL,
"An error occurred while writing to the file \"%s\": %s.",
display_basename, wtap_strerror(err));
break;
}
} else {
simple_message_box(ESD_TYPE_ERROR, NULL, NULL,
file_write_error_message(err), display_basename);
}
g_free(display_basename);
}
static void
frame_write(FrameRecord_t *frame, wtap *wth, wtap_dumper *pdh)
{
int err;
gchar *errinfo;
struct wtap_pkthdr phdr;
guint8 buf[65535];
DEBUG_PRINT("\nDumping frame (offset=%" G_GINT64_MODIFIER "u, length=%u)\n",
frame->offset, frame->length);
/* Re-read the first frame from the stored location */
wtap_seek_read(wth,
frame->offset,
&phdr,
buf,
frame->length,
&err,
&errinfo);
DEBUG_PRINT("re-read: err is %d, buf is (%s)\n", err, buf);
/* Copy, and set length and timestamp from item. */
/* TODO: remove when wtap_seek_read() will read phdr */
phdr.ts = frame->time;
/* Dump frame to outfile */
if (!wtap_dump(pdh, &phdr, buf, &err)) {
printf("Error (%s) writing frame to outfile\n", wtap_strerror(err));
exit(1);
}
}
/*
* Alert box for a failed attempt to close a capture file.
* "err" is assumed to be a UNIX-style errno or a WTAP_ERR_ value.
*
* When closing a capture file:
*
* some information in the file that can't be determined until
* all packets have been written might be written to the file
* (such as a table of the file offsets of all packets);
*
* data buffered in the low-level file writing code might be
* flushed to the file;
*
* for remote file systems, data written to the file but not
* yet sent to the server might be sent to the server or, if
* that data was sent asynchronously, "out of space", "disk
* quota exceeded", or "I/O error" indications might have
* been received but not yet delivered, and the close operation
* could deliver them;
*
* so we have to check for write errors here.
*
* XXX - add explanatory secondary text for at least some of the errors;
* various HIGs suggest that you should, for example, suggest that the
* user remove files if the file system is full. Perhaps that's because
* they're providing guidelines for people less sophisticated than the
* typical Wireshark user is, but....
*/
void
cfile_close_failure_alert_box(const char *filename, int err)
{
gchar *display_basename;
if (err < 0) {
/* Wiretap error. */
display_basename = g_filename_display_basename(filename);
switch (err) {
case WTAP_ERR_CANT_CLOSE:
simple_error_message_box(
"The file \"%s\" couldn't be closed for some unknown reason.",
display_basename);
break;
case WTAP_ERR_SHORT_WRITE:
simple_error_message_box(
"A full write couldn't be done to the file \"%s\".",
display_basename);
break;
default:
simple_error_message_box(
"An error occurred while closing the file \"%s\": %s.",
display_basename, wtap_strerror(err));
break;
}
g_free(display_basename);
} else {
/* OS error.
We assume that a close error from the OS is really a write error. */
write_failure_alert_box(filename, err);
}
}
static void
frame_write(FrameRecord_t *frame, wtap *wth, wtap_dumper *pdh, Buffer *buf,
const char *infile)
{
int err;
gchar *err_info;
struct wtap_pkthdr phdr;
memset(&phdr, 0, sizeof(struct wtap_pkthdr));
DEBUG_PRINT("\nDumping frame (offset=%" G_GINT64_MODIFIER "u)\n",
frame->offset);
/* Re-read the first frame from the stored location */
if (!wtap_seek_read(wth, frame->offset, &phdr, buf, &err, &err_info)) {
if (err != 0) {
/* Print a message noting that the read failed somewhere along the line. */
fprintf(stderr,
"reordercap: An error occurred while re-reading \"%s\": %s.\n",
infile, wtap_strerror(err));
switch (err) {
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
case WTAP_ERR_BAD_FILE:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
}
exit(1);
}
}
/* Copy, and set length and timestamp from item. */
/* TODO: remove when wtap_seek_read() will read phdr */
phdr.ts = frame->time;
/* Dump frame to outfile */
if (!wtap_dump(pdh, &phdr, buffer_start_ptr(buf), &err)) {
fprintf(stderr, "reordercap: Error (%s) writing frame to outfile\n",
wtap_strerror(err));
exit(1);
}
}
WSLUA_METHOD File_seek(lua_State* L) {
/* Seeks in the File, similar to Lua's `file:seek()`. See Lua 5.x ref manual for `file:seek()`. */
static const int mode[] = { SEEK_SET, SEEK_CUR, SEEK_END };
static const char *const modenames[] = {"set", "cur", "end", NULL};
File f = checkFile(L,1);
int op = luaL_checkoption(L, 2, "cur", modenames);
gint64 offset = (gint64) luaL_optlong(L, 3, 0);
int err = WTAP_ERR_INTERNAL;
if (file_is_reader(f)) {
offset = file_seek(f->file, offset, mode[op], &err);
if (offset < 0) {
lua_pushnil(L); /* error */
lua_pushstring(L, wtap_strerror(err));
return 2;
}
lua_pushnumber(L, (lua_Number)(file_tell(f->file)));
}
else {
offset = wtap_dump_file_seek(f->wdh, offset, mode[op], &err);
if (offset < 0) {
lua_pushnil(L); /* error */
lua_pushstring(L, wtap_strerror(err));
return 2;
}
offset = wtap_dump_file_tell(f->wdh, &err);
if (offset < 0) {
lua_pushnil(L); /* error */
lua_pushstring(L, wtap_strerror(err));
return 2;
}
lua_pushnumber(L, (lua_Number)(offset));
}
WSLUA_RETURN(1); /* The current file cursor position as a number. */
}
static void
frame_write(FrameRecord_t *frame, wtap *wth, wtap_dumper *pdh,
struct wtap_pkthdr *phdr, Buffer *buf, const char *infile)
{
int err;
gchar *err_info;
DEBUG_PRINT("\nDumping frame (offset=%" G_GINT64_MODIFIER "u)\n",
frame->offset);
/* Re-read the frame from the stored location */
if (!wtap_seek_read(wth, frame->offset, phdr, buf, &err, &err_info)) {
if (err != 0) {
/* Print a message noting that the read failed somewhere along the line. */
fprintf(stderr,
"reordercap: An error occurred while re-reading \"%s\": %s.\n",
infile, wtap_strerror(err));
if (err_info != NULL) {
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
}
exit(1);
}
}
/* Copy, and set length and timestamp from item. */
/* TODO: remove when wtap_seek_read() fills in phdr,
including time stamps, for all file types */
phdr->ts = frame->frame_time;
/* Dump frame to outfile */
if (!wtap_dump(pdh, phdr, ws_buffer_start_ptr(buf), &err, &err_info)) {
fprintf(stderr, "reordercap: Error (%s) writing frame to outfile\n",
wtap_strerror(err));
if (err_info != NULL) {
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
}
exit(1);
}
}
gboolean randpkt_example_close(randpkt_example* example)
{
int err;
if (!wtap_dump_close(example->dump, &err)) {
fprintf(stderr, "Error writing to %s: %s\n",
example->filename, wtap_strerror(err));
return FALSE;
}
return TRUE;
}
static int
load_cap_file(capture_file *cf)
{
int err;
gchar *err_info;
gint64 data_offset = 0;
struct wtap_pkthdr phdr;
guchar pd[WTAP_MAX_PACKET_SIZE];
while (raw_pipe_read(&phdr, pd, &err, &err_info, &data_offset)) {
process_packet(cf, data_offset, &phdr, pd);
}
if (err != 0) {
/* Print a message noting that the read failed somewhere along the line. */
switch (err) {
case WTAP_ERR_UNSUPPORTED_ENCAP:
cmdarg_err("\"%s\" has a packet with a network type that Rawshark doesn't support.\n(%s)",
cf->filename, err_info);
break;
case WTAP_ERR_CANT_READ:
cmdarg_err("An attempt to read from \"%s\" failed for some unknown reason.",
cf->filename);
break;
case WTAP_ERR_SHORT_READ:
cmdarg_err("\"%s\" appears to have been cut short in the middle of a packet.",
cf->filename);
break;
case WTAP_ERR_BAD_RECORD:
cmdarg_err("\"%s\" appears to be damaged or corrupt.\n(%s)",
cf->filename, err_info);
break;
default:
cmdarg_err("An error occurred while reading \"%s\": %s.",
cf->filename, wtap_strerror(err));
break;
}
}
return err;
}
/*
* Alert box for a failed attempt to write to a file.
* "err" is assumed to be a UNIX-style errno if positive and a
* Wiretap error if negative.
*
* XXX - add explanatory secondary text for at least some of the errors;
* various HIGs suggest that you should, for example, suggest that the
* user remove files if the file system is full. Perhaps that's because
* they're providing guidelines for people less sophisticated than the
* typical Wireshark user is, but....
*/
void
write_failure_alert_box(const char *filename, int err)
{
if (err < 0) {
switch (err) {
case WTAP_ERR_SHORT_WRITE:
simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"A full write couldn't be done to the file \"%s\".",
filename);
break;
default:
simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"An error occurred while writing to the file \"%s\": %s.",
filename, wtap_strerror(err));
break;
}
} else {
simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
file_write_error_message(err), filename);
}
}
/*
* Alert box for a failed attempt to write to a capture file.
* "in_filename" is the name of the file from which the record being
* written came; "out_filename" is the name of the file to which we're
* writing; "err" is assumed "err" is assumed to be a UNIX-style errno
* or a WTAP_ERR_ value; "err_info" is assumed to be a string giving
* further information for some WTAP_ERR_ values; "framenum" is the frame
* number of the record on which the error occurred; "file_type_subtype"
* is a WTAP_FILE_TYPE_SUBTYPE_ value for the type and subtype of file
* being written.
*/
void
cfile_write_failure_alert_box(const char *in_filename, const char *out_filename,
int err, gchar *err_info, guint32 framenum,
int file_type_subtype)
{
char *in_file_string;
char *out_display_basename;
if (err < 0) {
/* Wiretap error. */
if (in_filename == NULL)
in_file_string = g_strdup("");
else
in_file_string = g_strdup_printf(" of file \"%s\"", in_filename);
switch (err) {
case WTAP_ERR_UNWRITABLE_ENCAP:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're writing; note that, and report
* the frame number and file type/subtype.
*/
simple_error_message_box(
"Frame %u%s has a network type that can't be saved in a \"%s\" file.",
framenum, in_file_string,
wtap_file_type_subtype_string(file_type_subtype));
break;
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're writing; note that, and report
* the frame number and file type/subtype.
*/
simple_error_message_box(
"Frame %u%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
framenum, in_file_string,
wtap_file_type_subtype_string(file_type_subtype));
break;
case WTAP_ERR_PACKET_TOO_LARGE:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're writing; note that, and report
* the frame number and file type/subtype.
*/
simple_error_message_box(
"Frame %u%s is larger than Wireshark supports in a \"%s\" file.",
framenum, in_file_string,
wtap_file_type_subtype_string(file_type_subtype));
break;
case WTAP_ERR_UNWRITABLE_REC_TYPE:
/*
* This is a problem with the particular record we're writing and
* the file type and subtype we're writing; note that, and report
* the record number and file type/subtype.
*/
simple_error_message_box(
"Record %u%s has a record type that can't be saved in a \"%s\" file.",
framenum, in_file_string,
wtap_file_type_subtype_string(file_type_subtype));
break;
case WTAP_ERR_UNWRITABLE_REC_DATA:
/*
* This is a problem with the particular record we're writing and
* the file type and subtype we're writing; note that, and report
* the record number and file type/subtype.
*/
simple_error_message_box(
"Record %u%s has data that can't be saved in a \"%s\" file.\n"
"(%s)",
framenum, in_file_string,
wtap_file_type_subtype_string(file_type_subtype),
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_SHORT_WRITE:
out_display_basename = g_filename_display_basename(out_filename);
simple_error_message_box(
"A full write couldn't be done to the file \"%s\".",
out_display_basename);
g_free(out_display_basename);
break;
default:
out_display_basename = g_filename_display_basename(out_filename);
simple_error_message_box(
"An error occurred while writing to the file \"%s\": %s.",
out_display_basename, wtap_strerror(err));
g_free(out_display_basename);
break;
}
g_free(in_file_string);
} else {
/* OS error. */
write_failure_alert_box(out_filename, err);
}
}
static gchar*
get_write_error_string(const merge_in_file_t *in_file, const int file_type,
const gchar* out_filename, const int *err, gchar **err_info)
{
GString *err_message = g_string_new("");
gchar *display_basename = NULL;
int write_err;
/* in_file may be NULL */
g_assert(err != NULL);
g_assert(err_info != NULL);
if (*err_info == NULL) {
*err_info = g_strdup("no information supplied");
}
write_err = *err;
display_basename = g_filename_display_basename(in_file ? in_file->filename : "UNKNOWN");
if (write_err < 0) {
switch (write_err) {
case WTAP_ERR_UNWRITABLE_ENCAP:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're wwriting; note that, and
* report the frame number and file type/subtype.
*/
g_string_printf(err_message,
"Frame %u of \"%s\" has a network type that can't be saved in a \"%s\" file.\n",
in_file ? in_file->packet_num : 0, display_basename,
wtap_file_type_subtype_string(file_type));
break;
case WTAP_ERR_PACKET_TOO_LARGE:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're writing; note that, and report
* the frame number and file type/subtype.
*/
g_string_printf(err_message,
"Frame %u of \"%s\" is too large for a \"%s\" file.",
in_file ? in_file->packet_num : 0, display_basename,
wtap_file_type_subtype_string(file_type));
break;
case WTAP_ERR_UNWRITABLE_REC_TYPE:
/*
* This is a problem with the particular record we're writing and
* the file type and subtype we're writing; note that, and report
* the record number and file type/subtype.
*/
g_string_printf(err_message,
"Record %u of \"%s\" has a record type that can't be saved in a \"%s\" file.",
in_file ? in_file->packet_num : 0, display_basename,
wtap_file_type_subtype_string(file_type));
break;
case WTAP_ERR_UNWRITABLE_REC_DATA:
/*
* This is a problem with the particular record we're writing and
* the file type and subtype we're writing; note that, and report
* the frame number and file type/subtype.
*/
g_string_printf(err_message,
"Record %u of \"%s\" has data that can't be saved in a \"%s\" file.\n(%s)",
in_file ? in_file->packet_num : 0, display_basename,
wtap_file_type_subtype_string(file_type), *err_info);
break;
default:
g_string_printf(err_message,
"An error occurred while writing to the file \"%s\": %s.",
out_filename, wtap_strerror(write_err));
break;
}
}
else {
/* OS error. */
g_string_printf(err_message, file_write_error_message(write_err), out_filename);
}
g_free(display_basename);
g_free(*err_info);
*err_info = g_string_free(err_message, FALSE);
return *err_info;
}
/*
* Alert box for a failed attempt to open a capture file for writing.
* "filename" is the name of the file being opened; "err" is assumed
* to be a UNIX-style errno or a WTAP_ERR_ value; "file_type_subtype"
* is a WTAP_FILE_TYPE_SUBTYPE_ value for the type and subtype of file
* being opened.
*
* XXX - add explanatory secondary text for at least some of the errors;
* various HIGs suggest that you should, for example, suggest that the
* user remove files if the file system is full. Perhaps that's because
* they're providing guidelines for people less sophisticated than the
* typical Wireshark user is, but....
*/
void
cfile_dump_open_failure_alert_box(const char *filename, int err,
int file_type_subtype)
{
gchar *display_basename;
if (err < 0) {
/* Wiretap error. */
display_basename = g_filename_display_basename(filename);
switch (err) {
case WTAP_ERR_NOT_REGULAR_FILE:
simple_error_message_box(
"The file \"%s\" is a \"special file\" or socket or other non-regular file.",
display_basename);
break;
case WTAP_ERR_CANT_WRITE_TO_PIPE:
simple_error_message_box(
"The file \"%s\" is a pipe, and %s capture files can't be "
"written to a pipe.",
display_basename, wtap_file_type_subtype_string(file_type_subtype));
break;
case WTAP_ERR_UNWRITABLE_FILE_TYPE:
simple_error_message_box(
"Wireshark doesn't support writing capture files in that format.");
break;
case WTAP_ERR_UNWRITABLE_ENCAP:
simple_error_message_box("Wireshark can't save this capture in that format.");
break;
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
simple_error_message_box(
"Wireshark can't save this capture in that format.");
break;
case WTAP_ERR_CANT_OPEN:
simple_error_message_box(
"The file \"%s\" could not be created for some unknown reason.",
display_basename);
break;
case WTAP_ERR_SHORT_WRITE:
simple_error_message_box(
"A full header couldn't be written to the file \"%s\".",
display_basename);
break;
case WTAP_ERR_COMPRESSION_NOT_SUPPORTED:
simple_error_message_box(
"This file type cannot be written as a compressed file.");
break;
default:
simple_error_message_box(
"The file \"%s\" could not be created: %s.",
display_basename,
wtap_strerror(err));
break;
}
g_free(display_basename);
} else {
/* OS error. */
open_failure_alert_box(filename, err, TRUE);
}
}
/*
* Alert box for a failed attempt to read from a capture file.
* "err" is assumed to be a UNIX-style errno or a WTAP_ERR_ value;
* "err_info" is assumed to be a string giving further information for
* some WTAP_ERR_ values.
*/
void
cfile_read_failure_alert_box(const char *filename, int err, gchar *err_info)
{
gchar *display_name;
if (filename == NULL)
display_name = g_strdup("capture file");
else {
gchar *display_basename;
display_basename = g_filename_display_basename(filename);
display_name = g_strdup_printf("capture file \"%s\"", display_basename);
g_free(display_basename);
}
switch (err) {
case WTAP_ERR_UNSUPPORTED:
simple_error_message_box(
"The %s contains record data that Wireshark doesn't support.\n"
"(%s)",
display_name,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_SHORT_READ:
simple_error_message_box(
"The %s appears to have been cut short in the middle of a packet.",
display_name);
break;
case WTAP_ERR_BAD_FILE:
simple_error_message_box(
"The %s appears to be damaged or corrupt.\n"
"(%s)",
display_name,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_DECOMPRESS:
simple_error_message_box(
"The %s cannot be decompressed; it may be damaged or corrupt.\n"
"(%s)",
display_name,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED:
simple_error_message_box(
"The %s cannot be decompressed; it is compressed in a way that we don't support.\n"
"(%s)",
display_name,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
default:
simple_error_message_box(
"An error occurred while reading the %s: %s.",
display_name,
wtap_strerror(err));
break;
}
g_free(display_name);
}
static int
process_cap_file(wtap *wth, const char *filename)
{
int err;
gchar *err_info;
gint64 size;
gint64 data_offset;
guint32 packet = 0;
gint64 bytes = 0;
guint32 snaplen_min_inferred = 0xffffffff;
guint32 snaplen_max_inferred = 0;
const struct wtap_pkthdr *phdr;
capture_info cf_info;
gboolean have_times = TRUE;
double start_time = 0;
double stop_time = 0;
double cur_time = 0;
double prev_time = 0;
gboolean know_order = FALSE;
order_t order = IN_ORDER;
cf_info.encap_counts = g_malloc0(WTAP_NUM_ENCAP_TYPES * sizeof(int));
/* Tally up data that we need to parse through the file to find */
while (wtap_read(wth, &err, &err_info, &data_offset)) {
phdr = wtap_phdr(wth);
if (phdr->presence_flags & WTAP_HAS_TS) {
prev_time = cur_time;
cur_time = secs_nsecs(&phdr->ts);
if(packet==0) {
start_time = cur_time;
stop_time = cur_time;
prev_time = cur_time;
}
if (cur_time < prev_time) {
order = NOT_IN_ORDER;
}
if (cur_time < start_time) {
start_time = cur_time;
}
if (cur_time > stop_time) {
stop_time = cur_time;
}
} else {
have_times = FALSE; /* at least one packet has no time stamp */
if (order != NOT_IN_ORDER)
order = ORDER_UNKNOWN;
}
bytes+=phdr->len;
packet++;
/* If caplen < len for a rcd, then presumably */
/* 'Limit packet capture length' was done for this rcd. */
/* Keep track as to the min/max actual snapshot lengths */
/* seen for this file. */
if (phdr->caplen < phdr->len) {
if (phdr->caplen < snaplen_min_inferred)
snaplen_min_inferred = phdr->caplen;
if (phdr->caplen > snaplen_max_inferred)
snaplen_max_inferred = phdr->caplen;
}
/* Per-packet encapsulation */
if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) {
if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) {
cf_info.encap_counts[phdr->pkt_encap] += 1;
} else {
fprintf(stderr, "capinfos: Unknown per-packet encapsulation: %d [frame number: %d]\n", phdr->pkt_encap, packet);
}
}
} /* while */
if (err != 0) {
fprintf(stderr,
"capinfos: An error occurred after reading %u packets from \"%s\": %s.\n",
packet, filename, wtap_strerror(err));
switch (err) {
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
case WTAP_ERR_BAD_FILE:
case WTAP_ERR_DECOMPRESS:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
}
g_free(cf_info.encap_counts);
return 1;
}
/* File size */
size = wtap_file_size(wth, &err);
if (size == -1) {
fprintf(stderr,
"capinfos: Can't get size of \"%s\": %s.\n",
filename, g_strerror(err));
g_free(cf_info.encap_counts);
return 1;
}
cf_info.filesize = size;
/* File Type */
cf_info.file_type = wtap_file_type(wth);
cf_info.iscompressed = wtap_iscompressed(wth);
/* File Encapsulation */
cf_info.file_encap = wtap_file_encap(wth);
/* Packet size limit (snaplen) */
cf_info.snaplen = wtap_snapshot_length(wth);
if(cf_info.snaplen > 0)
cf_info.snap_set = TRUE;
else
cf_info.snap_set = FALSE;
cf_info.snaplen_min_inferred = snaplen_min_inferred;
cf_info.snaplen_max_inferred = snaplen_max_inferred;
/* # of packets */
cf_info.packet_count = packet;
/* File Times */
cf_info.times_known = have_times;
cf_info.start_time = start_time;
cf_info.stop_time = stop_time;
cf_info.duration = stop_time-start_time;
cf_info.know_order = know_order;
cf_info.order = order;
/* Number of packet bytes */
cf_info.packet_bytes = bytes;
cf_info.data_rate = 0.0;
cf_info.packet_rate = 0.0;
cf_info.packet_size = 0.0;
if (packet > 0) {
if (cf_info.duration > 0.0) {
cf_info.data_rate = (double)bytes / (stop_time-start_time); /* Data rate per second */
cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */
}
cf_info.packet_size = (double)bytes / packet; /* Avg packet size */
}
if(long_report) {
print_stats(filename, &cf_info);
} else {
print_stats_table(filename, &cf_info);
}
g_free(cf_info.encap_counts);
return 0;
}
int
main(int argc, char *argv[])
{
int opt;
gboolean do_append = FALSE;
gboolean verbose = FALSE;
int in_file_count = 0;
guint snaplen = 0;
#ifdef PCAP_NG_DEFAULT
int file_type = WTAP_FILE_PCAPNG; /* default to pcap format */
#else
int file_type = WTAP_FILE_PCAP; /* default to pcapng format */
#endif
int frame_type = -2;
int out_fd;
merge_in_file_t *in_files = NULL, *in_file;
int i;
struct wtap_pkthdr *phdr, snap_phdr;
wtap_dumper *pdh;
int open_err, read_err = 0, write_err, close_err;
gchar *err_info;
int err_fileno;
char *out_filename = NULL;
gboolean got_read_error = FALSE, got_write_error = FALSE;
int count;
#ifdef _WIN32
arg_list_utf_16to8(argc, argv);
create_app_running_mutex();
#endif /* _WIN32 */
/* Process the options first */
while ((opt = getopt(argc, argv, "aF:hs:T:vw:")) != -1) {
switch (opt) {
case 'a':
do_append = !do_append;
break;
case 'F':
file_type = wtap_short_string_to_file_type(optarg);
if (file_type < 0) {
fprintf(stderr, "mergecap: \"%s\" isn't a valid capture file type\n",
optarg);
list_capture_types();
exit(1);
}
break;
case 'h':
usage();
exit(0);
break;
case 's':
snaplen = get_positive_int(optarg, "snapshot length");
break;
case 'T':
frame_type = wtap_short_string_to_encap(optarg);
if (frame_type < 0) {
fprintf(stderr, "mergecap: \"%s\" isn't a valid encapsulation type\n",
optarg);
list_encap_types();
exit(1);
}
break;
case 'v':
verbose = TRUE;
break;
case 'w':
out_filename = optarg;
break;
case '?': /* Bad options if GNU getopt */
switch(optopt) {
case'F':
list_capture_types();
break;
case'T':
list_encap_types();
break;
default:
usage();
}
exit(1);
break;
}
}
/* check for proper args; at a minimum, must have an output
* filename and one input file
*/
in_file_count = argc - optind;
if (!out_filename) {
fprintf(stderr, "mergecap: an output filename must be set with -w\n");
fprintf(stderr, " run with -h for help\n");
return 1;
}
if (in_file_count < 1) {
fprintf(stderr, "mergecap: No input files were specified\n");
return 1;
}
/* open the input files */
if (!merge_open_in_files(in_file_count, &argv[optind], &in_files,
&open_err, &err_info, &err_fileno)) {
fprintf(stderr, "mergecap: Can't open %s: %s\n", argv[optind + err_fileno],
wtap_strerror(open_err));
switch (open_err) {
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
case WTAP_ERR_BAD_FILE:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
}
return 2;
}
if (verbose) {
for (i = 0; i < in_file_count; i++)
fprintf(stderr, "mergecap: %s is type %s.\n", argv[optind + i],
wtap_file_type_string(wtap_file_type(in_files[i].wth)));
}
if (snaplen == 0) {
/*
* Snapshot length not specified - default to the maximum of the
* snapshot lengths of the input files.
*/
snaplen = merge_max_snapshot_length(in_file_count, in_files);
}
/* set the outfile frame type */
if (frame_type == -2) {
/*
* Default to the appropriate frame type for the input files.
*/
frame_type = merge_select_frame_type(in_file_count, in_files);
if (verbose) {
if (frame_type == WTAP_ENCAP_PER_PACKET) {
/*
* Find out why we had to choose WTAP_ENCAP_PER_PACKET.
*/
int first_frame_type, this_frame_type;
first_frame_type = wtap_file_encap(in_files[0].wth);
for (i = 1; i < in_file_count; i++) {
this_frame_type = wtap_file_encap(in_files[i].wth);
if (first_frame_type != this_frame_type) {
fprintf(stderr, "mergecap: multiple frame encapsulation types detected\n");
fprintf(stderr, " defaulting to WTAP_ENCAP_PER_PACKET\n");
fprintf(stderr, " %s had type %s (%s)\n",
in_files[0].filename,
wtap_encap_string(first_frame_type),
wtap_encap_short_string(first_frame_type));
fprintf(stderr, " %s had type %s (%s)\n",
in_files[i].filename,
wtap_encap_string(this_frame_type),
wtap_encap_short_string(this_frame_type));
break;
}
}
}
fprintf(stderr, "mergecap: selected frame_type %s (%s)\n",
wtap_encap_string(frame_type),
wtap_encap_short_string(frame_type));
}
}
/* open the outfile */
if (strncmp(out_filename, "-", 2) == 0) {
/* use stdout as the outfile */
out_fd = 1 /*stdout*/;
} else {
/* open the outfile */
out_fd = ws_open(out_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
if (out_fd == -1) {
fprintf(stderr, "mergecap: Couldn't open output file %s: %s\n",
out_filename, g_strerror(errno));
exit(1);
}
}
/* prepare the outfile */
if(file_type == WTAP_FILE_PCAPNG ){
wtapng_section_t *shb_hdr;
GString *comment_gstr;
shb_hdr = g_new(wtapng_section_t,1);
comment_gstr = g_string_new("File created by merging: \n");
for (i = 0; i < in_file_count; i++) {
g_string_append_printf(comment_gstr, "File%d: %s \n",i+1,in_files[i].filename);
}
shb_hdr->section_length = -1;
/* options */
shb_hdr->opt_comment = comment_gstr->str; /* NULL if not available */
shb_hdr->shb_hardware = NULL; /* NULL if not available, UTF-8 string containing the description of the hardware used to create this section. */
shb_hdr->shb_os = NULL; /* NULL if not available, UTF-8 string containing the name of the operating system used to create this section. */
shb_hdr->shb_user_appl = "mergecap"; /* NULL if not available, UTF-8 string containing the name of the application used to create this section. */
pdh = wtap_dump_fdopen_ng(out_fd, file_type, frame_type, snaplen,
FALSE /* compressed */, shb_hdr, NULL /* wtapng_iface_descriptions_t *idb_inf */, &open_err);
g_string_free(comment_gstr, TRUE);
} else {
pdh = wtap_dump_fdopen(out_fd, file_type, frame_type, snaplen, FALSE /* compressed */, &open_err);
}
if (pdh == NULL) {
merge_close_in_files(in_file_count, in_files);
g_free(in_files);
fprintf(stderr, "mergecap: Can't open or create %s: %s\n", out_filename,
wtap_strerror(open_err));
exit(1);
}
/* do the merge (or append) */
count = 1;
for (;;) {
if (do_append)
in_file = merge_append_read_packet(in_file_count, in_files, &read_err,
&err_info);
else
in_file = merge_read_packet(in_file_count, in_files, &read_err,
&err_info);
if (in_file == NULL) {
/* EOF */
break;
}
if (read_err != 0) {
/* I/O error reading from in_file */
got_read_error = TRUE;
break;
}
if (verbose)
fprintf(stderr, "Record: %u\n", count++);
/* We simply write it, perhaps after truncating it; we could do other
* things, like modify it. */
phdr = wtap_phdr(in_file->wth);
if (snaplen != 0 && phdr->caplen > snaplen) {
snap_phdr = *phdr;
snap_phdr.caplen = snaplen;
phdr = &snap_phdr;
}
if (!wtap_dump(pdh, phdr, wtap_buf_ptr(in_file->wth), &write_err)) {
got_write_error = TRUE;
break;
}
}
merge_close_in_files(in_file_count, in_files);
if (!got_read_error && !got_write_error) {
if (!wtap_dump_close(pdh, &write_err))
got_write_error = TRUE;
} else
wtap_dump_close(pdh, &close_err);
if (got_read_error) {
/*
* Find the file on which we got the error, and report the error.
*/
for (i = 0; i < in_file_count; i++) {
if (in_files[i].state == GOT_ERROR) {
fprintf(stderr, "mergecap: Error reading %s: %s\n",
in_files[i].filename, wtap_strerror(read_err));
switch (read_err) {
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
case WTAP_ERR_BAD_FILE:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
}
}
}
}
if (got_write_error) {
switch (write_err) {
case WTAP_ERR_UNSUPPORTED_ENCAP:
/*
* This is a problem with the particular frame we're writing;
* note that, and give the frame number.
*/
fprintf(stderr, "mergecap: Frame %u of \"%s\" has a network type that can't be saved in a file with that format\n.",
in_file->packet_num, in_file->filename);
break;
default:
fprintf(stderr, "mergecap: Error writing to outfile: %s\n",
wtap_strerror(write_err));
break;
}
}
g_free(in_files);
return (!got_read_error && !got_write_error) ? 0 : 2;
}
static int
process_cap_file(wtap *wth, const char *filename)
{
int status = 0;
int err;
gchar *err_info;
gint64 size;
gint64 data_offset;
guint32 packet = 0;
gint64 bytes = 0;
guint32 snaplen_min_inferred = 0xffffffff;
guint32 snaplen_max_inferred = 0;
const struct wtap_pkthdr *phdr;
capture_info cf_info;
gboolean have_times = TRUE;
double start_time = 0;
double stop_time = 0;
double cur_time = 0;
double prev_time = 0;
gboolean know_order = FALSE;
order_t order = IN_ORDER;
wtapng_section_t *shb_inf;
gchar *p;
cf_info.encap_counts = g_new0(int,WTAP_NUM_ENCAP_TYPES);
/* Tally up data that we need to parse through the file to find */
while (wtap_read(wth, &err, &err_info, &data_offset)) {
phdr = wtap_phdr(wth);
if (phdr->presence_flags & WTAP_HAS_TS) {
prev_time = cur_time;
cur_time = nstime_to_sec(&phdr->ts);
if (packet == 0) {
start_time = cur_time;
stop_time = cur_time;
prev_time = cur_time;
}
if (cur_time < prev_time) {
order = NOT_IN_ORDER;
}
if (cur_time < start_time) {
start_time = cur_time;
}
if (cur_time > stop_time) {
stop_time = cur_time;
}
} else {
have_times = FALSE; /* at least one packet has no time stamp */
if (order != NOT_IN_ORDER)
order = ORDER_UNKNOWN;
}
if (phdr->rec_type == REC_TYPE_PACKET) {
bytes+=phdr->len;
packet++;
/* If caplen < len for a rcd, then presumably */
/* 'Limit packet capture length' was done for this rcd. */
/* Keep track as to the min/max actual snapshot lengths */
/* seen for this file. */
if (phdr->caplen < phdr->len) {
if (phdr->caplen < snaplen_min_inferred)
snaplen_min_inferred = phdr->caplen;
if (phdr->caplen > snaplen_max_inferred)
snaplen_max_inferred = phdr->caplen;
}
/* Per-packet encapsulation */
if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) {
if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) {
cf_info.encap_counts[phdr->pkt_encap] += 1;
} else {
fprintf(stderr, "capinfos: Unknown per-packet encapsulation: %d [frame number: %d]\n", phdr->pkt_encap, packet);
}
}
}
} /* while */
if (err != 0) {
fprintf(stderr,
"capinfos: An error occurred after reading %u packets from \"%s\": %s.\n",
packet, filename, wtap_strerror(err));
switch (err) {
case WTAP_ERR_SHORT_READ:
status = 1;
fprintf(stderr,
" (will continue anyway, checksums might be incorrect)\n");
break;
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
case WTAP_ERR_BAD_FILE:
case WTAP_ERR_DECOMPRESS:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
/* fallthrough */
default:
g_free(cf_info.encap_counts);
return 1;
}
}
/* File size */
size = wtap_file_size(wth, &err);
if (size == -1) {
fprintf(stderr,
"capinfos: Can't get size of \"%s\": %s.\n",
filename, g_strerror(err));
g_free(cf_info.encap_counts);
return 1;
}
cf_info.filesize = size;
/* File Type */
cf_info.file_type = wtap_file_type_subtype(wth);
cf_info.iscompressed = wtap_iscompressed(wth);
/* File Encapsulation */
cf_info.file_encap = wtap_file_encap(wth);
/* Packet size limit (snaplen) */
cf_info.snaplen = wtap_snapshot_length(wth);
if (cf_info.snaplen > 0)
cf_info.snap_set = TRUE;
else
cf_info.snap_set = FALSE;
cf_info.snaplen_min_inferred = snaplen_min_inferred;
cf_info.snaplen_max_inferred = snaplen_max_inferred;
/* # of packets */
cf_info.packet_count = packet;
/* File Times */
cf_info.times_known = have_times;
cf_info.start_time = start_time;
cf_info.stop_time = stop_time;
cf_info.duration = stop_time-start_time;
cf_info.know_order = know_order;
cf_info.order = order;
/* Number of packet bytes */
cf_info.packet_bytes = bytes;
cf_info.data_rate = 0.0;
cf_info.packet_rate = 0.0;
cf_info.packet_size = 0.0;
if (packet > 0) {
if (cf_info.duration > 0.0) {
cf_info.data_rate = (double)bytes / (stop_time-start_time); /* Data rate per second */
cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */
}
cf_info.packet_size = (double)bytes / packet; /* Avg packet size */
}
cf_info.comment = NULL;
shb_inf = wtap_file_get_shb_info(wth);
if (shb_inf) {
/* opt_comment is always 0-terminated by pcapng_read_section_header_block */
cf_info.comment = g_strdup(shb_inf->opt_comment);
}
g_free(shb_inf);
if (cf_info.comment) {
/* multi-line comments would conflict with the formatting that capinfos uses
we replace linefeeds with spaces */
p = cf_info.comment;
while (*p != '\0') {
if (*p == '\n')
*p = ' ';
p++;
}
}
if (long_report) {
print_stats(filename, &cf_info);
} else {
print_stats_table(filename, &cf_info);
}
g_free(cf_info.encap_counts);
g_free(cf_info.comment);
return status;
}
bool CaptureFile::open() {
//wtap *wth;
gchar *err_info;
int err;
resetState();
wth = wtap_open_offline(filename.c_str(), &err, &err_info, TRUE);
if (wth == NULL) {
if (err != 0) {
/* Print a message noting that the read failed somewhere along the line. */
switch (err) {
case WTAP_ERR_UNSUPPORTED_ENCAP:
{
ostringstream s;
s << "File " << filename << " has a packet with a network type that is not supported. (" << err_info << ")";
g_free(err_info);
errorMessage = s.str();
break;
}
case WTAP_ERR_CANT_READ:
{
ostringstream s;
s << "An attempt to read from file " << filename << " failed for some unknown reason.";
errorMessage = s.str();
break;
}
case WTAP_ERR_SHORT_READ:
{
ostringstream s;
s << "File " << filename << " appears to have been cut short in the middle of a packet.";
errorMessage = s.str();
break;
}
case WTAP_ERR_BAD_RECORD:
{
ostringstream s;
s << "File " << filename << " appears to be damaged or corrupt.";
errorMessage = s.str();
g_free(err_info);
break;
}
default:
{
ostringstream s;
s << "An error occurred while reading" << " file " << filename << ": " << wtap_strerror(err);
errorMessage = s.str();
break;
}
}
}
return false;
}
/* Initialize all data structures used for dissection. */
init_dissection();
/* We're about to start reading the file. */
state = FILE_READ_IN_PROGRESS;
//wth = wth;
f_datalen = 0;
cd_t = wtap_file_type(wth);
count = 0;
displayed_count = 0;
marked_count = 0;
drops_known = FALSE;
drops = 0;
snap = wtap_snapshot_length(wth);
if (snap == 0) {
/* Snapshot length not known. */
has_snap = FALSE;
snap = WTAP_MAX_PACKET_SIZE;
} else
has_snap = TRUE;
nstime_set_zero(&elapsed_time);
nstime_set_unset(&first_ts);
nstime_set_unset(&prev_dis_ts);
#if GLIB_CHECK_VERSION(2,10,0)
#else
/* memory chunks have been deprecated in favor of the slice allocator,
* which has been added in 2.10
*/
plist_chunk = g_mem_chunk_new("frame_data_chunk",
sizeof (frame_data),
FRAME_DATA_CHUNK_SIZE * sizeof (frame_data),
G_ALLOC_AND_FREE);
g_assert(plist_chunk);
#endif
/* change the time formats now, as we might have a new precision */
//cf_change_time_formats(cf);//FIXME ??
return true;
}
static const char *cf_open_error_message(int err, gchar *err_info, int file_type)
{
const char *errmsg;
static char errmsg_errno[1024+1];
if (err < 0)
{
/* Wiretap error. */
switch (err)
{
case WTAP_ERR_NOT_REGULAR_FILE:
errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
break;
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
/* Seen only when opening a capture file for reading. */
errmsg = "The file \"%s\" isn't a capture file in a format Sharktools understands.";
break;
case WTAP_ERR_UNSUPPORTED:
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" isn't a capture file in a format Sharktools understands.\n"
"(%s)", err_info);
g_free(err_info);
errmsg = errmsg_errno;
break;
case WTAP_ERR_CANT_WRITE_TO_PIPE:
/* Seen only when opening a capture file for writing. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" is a pipe, and %s capture files can't be "
"written to a pipe.", wtap_file_type_string(file_type));
errmsg = errmsg_errno;
break;
case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
/* Seen only when opening a capture file for writing. */
errmsg = "Sharktools doesn't support writing capture files in that format.";
break;
case WTAP_ERR_UNSUPPORTED_ENCAP:
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" is a capture for a network type that Sharktools doesn't support.\n"
"(%s)", err_info);
g_free(err_info);
errmsg = errmsg_errno;
break;
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
errmsg = "The file \"%s\" is a capture for a network type that Sharktools doesn't support.";
break;
case WTAP_ERR_BAD_RECORD:
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" appears to be damaged or corrupt.\n"
"(%s)", err_info);
g_free(err_info);
errmsg = errmsg_errno;
break;
case WTAP_ERR_CANT_OPEN:
errmsg = "The file \"%s\" could not be opened for some unknown reason.";
break;
case WTAP_ERR_SHORT_READ:
errmsg = "The file \"%s\" appears to have been cut short"
" in the middle of a packet or other data.";
break;
case WTAP_ERR_SHORT_WRITE:
errmsg = "A full header couldn't be written to the file \"%s\".";
break;
default:
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" could not be opened: %s.",
wtap_strerror(err));
errmsg = errmsg_errno;
break;
}
}
else
// FALSE == for_writing == FALSE
errmsg = file_open_error_message(err, FALSE);
return errmsg;
}
void randpkt_loop(randpkt_example* example, guint64 produce_count)
{
guint i;
int j;
int err;
int len_random;
int len_this_pkt;
gchar* err_info;
union wtap_pseudo_header* ps_header;
guint8 buffer[65536];
struct wtap_pkthdr* pkthdr;
pkthdr = g_new0(struct wtap_pkthdr, 1);
pkthdr->rec_type = REC_TYPE_PACKET;
pkthdr->presence_flags = WTAP_HAS_TS;
pkthdr->pkt_encap = example->sample_wtap_encap;
memset(pkthdr, 0, sizeof(struct wtap_pkthdr));
memset(buffer, 0, sizeof(buffer));
ps_header = &pkthdr->pseudo_header;
/* Load the sample pseudoheader into our pseudoheader buffer */
if (example->pseudo_buffer)
memcpy(ps_header, example->pseudo_buffer, example->pseudo_length);
/* Load the sample into our buffer */
if (example->sample_buffer)
memcpy(buffer, example->sample_buffer, example->sample_length);
/* Produce random packets */
for (i = 0; i < produce_count; i++) {
if (example->produce_max_bytes > 0) {
len_random = (rand() % example->produce_max_bytes + 1);
}
else {
len_random = 0;
}
len_this_pkt = example->sample_length + len_random;
pkthdr->caplen = len_this_pkt;
pkthdr->len = len_this_pkt;
pkthdr->ts.secs = i; /* just for variety */
for (j = example->pseudo_length; j < (int) sizeof(*ps_header); j++) {
((guint8*)ps_header)[j] = (rand() % 0x100);
}
for (j = example->sample_length; j < len_this_pkt; j++) {
/* Add format strings here and there */
if ((int) (100.0*rand()/(RAND_MAX+1.0)) < 3 && j < (len_random - 3)) {
memcpy(&buffer[j], "%s", 3);
j += 2;
} else {
buffer[j] = (rand() % 0x100);
}
}
if (!wtap_dump(example->dump, pkthdr, buffer, &err, &err_info)) {
fprintf(stderr, "randpkt: Error writing to %s: %s\n",
example->filename, wtap_strerror(err));
switch (err) {
case WTAP_ERR_UNWRITABLE_ENCAP:
/*
* This is a problem with the particular
* frame we're writing and the file type
* and subtype we're writing; note that,
* and report the file type/subtype.
*/
fprintf(stderr,
"Frame has a network type that can't be saved in a \"%s\" file.\n",
wtap_file_type_subtype_short_string(WTAP_FILE_TYPE_SUBTYPE_PCAP));
break;
case WTAP_ERR_PACKET_TOO_LARGE:
/*
* This is a problem with the particular
* frame we're writing and the file type
* and subtype we're writing; note that,
* and report the file type/subtype.
*/
fprintf(stderr,
"Frame is too large for a \"%s\" file.\n",
wtap_file_type_subtype_short_string(WTAP_FILE_TYPE_SUBTYPE_PCAP));
break;
case WTAP_ERR_UNWRITABLE_REC_TYPE:
/*
* This is a problem with the particular
* record we're writing and the file type
* and subtype we're writing; note that,
* and report the file type/subtype.
*/
fprintf(stderr,
"Record has a record type that can't be saved in a \"%s\" file.\n",
wtap_file_type_subtype_short_string(WTAP_FILE_TYPE_SUBTYPE_PCAP));
break;
case WTAP_ERR_UNWRITABLE_REC_DATA:
/*
* This is a problem with the particular
* record we're writing and the file type
* and subtype we're writing; note that,
* and report the file type/subtype.
*/
fprintf(stderr,
"Record has data that can't be saved in a \"%s\" file.\n(%s)\n",
wtap_file_type_subtype_short_string(WTAP_FILE_TYPE_SUBTYPE_PCAP),
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
default:
break;
}
}
}
g_free(pkthdr);
}
int
main(int argc, char *argv[])
{
GString *comp_info_str;
GString *runtime_info_str;
int opt;
DIAG_OFF(cast-qual)
static const struct option long_options[] = {
{(char *)"help", no_argument, NULL, 'h'},
{(char *)"version", no_argument, NULL, 'V'},
{0, 0, 0, 0 }
};
DIAG_ON(cast-qual)
gboolean do_append = FALSE;
gboolean verbose = FALSE;
int in_file_count = 0;
guint snaplen = 0;
#ifdef PCAP_NG_DEFAULT
int file_type = WTAP_FILE_TYPE_SUBTYPE_PCAPNG; /* default to pcap format */
#else
int file_type = WTAP_FILE_TYPE_SUBTYPE_PCAP; /* default to pcapng format */
#endif
int frame_type = -2;
int out_fd;
merge_in_file_t *in_files = NULL, *in_file;
int i;
struct wtap_pkthdr *phdr, snap_phdr;
wtap_dumper *pdh;
int open_err, read_err = 0, write_err, close_err;
gchar *err_info, *write_err_info = NULL;
int err_fileno;
char *out_filename = NULL;
gboolean got_read_error = FALSE, got_write_error = FALSE;
int count;
cmdarg_err_init(mergecap_cmdarg_err, mergecap_cmdarg_err_cont);
#ifdef _WIN32
arg_list_utf_16to8(argc, argv);
create_app_running_mutex();
#endif /* _WIN32 */
/* Get the compile-time version information string */
comp_info_str = get_compiled_version_info(NULL, get_mergecap_compiled_info);
/* Get the run-time version information string */
runtime_info_str = get_runtime_version_info(get_mergecap_runtime_info);
/* Add it to the information to be reported on a crash. */
ws_add_crash_info("Mergecap (Wireshark) %s\n"
"\n"
"%s"
"\n"
"%s",
get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str);
/* Process the options first */
while ((opt = getopt_long(argc, argv, "aF:hs:T:vVw:", long_options, NULL)) != -1) {
switch (opt) {
case 'a':
do_append = !do_append;
break;
case 'F':
file_type = wtap_short_string_to_file_type_subtype(optarg);
if (file_type < 0) {
fprintf(stderr, "mergecap: \"%s\" isn't a valid capture file type\n",
optarg);
list_capture_types();
exit(1);
}
break;
case 'h':
printf("Mergecap (Wireshark) %s\n"
"Merge two or more capture files into one.\n"
"See http://www.wireshark.org for more information.\n",
get_ws_vcs_version_info());
print_usage(stdout);
exit(0);
break;
case 's':
snaplen = get_positive_int(optarg, "snapshot length");
break;
case 'T':
frame_type = wtap_short_string_to_encap(optarg);
if (frame_type < 0) {
fprintf(stderr, "mergecap: \"%s\" isn't a valid encapsulation type\n",
optarg);
list_encap_types();
exit(1);
}
break;
case 'v':
verbose = TRUE;
break;
case 'V':
show_version("Mergecap (Wireshark)", comp_info_str, runtime_info_str);
g_string_free(comp_info_str, TRUE);
g_string_free(runtime_info_str, TRUE);
exit(0);
break;
case 'w':
out_filename = optarg;
break;
case '?': /* Bad options if GNU getopt */
switch(optopt) {
case'F':
list_capture_types();
break;
case'T':
list_encap_types();
break;
default:
print_usage(stderr);
}
exit(1);
break;
}
}
/* check for proper args; at a minimum, must have an output
* filename and one input file
*/
in_file_count = argc - optind;
if (!out_filename) {
fprintf(stderr, "mergecap: an output filename must be set with -w\n");
fprintf(stderr, " run with -h for help\n");
return 1;
}
if (in_file_count < 1) {
fprintf(stderr, "mergecap: No input files were specified\n");
return 1;
}
/* open the input files */
if (!merge_open_in_files(in_file_count, &argv[optind], &in_files,
&open_err, &err_info, &err_fileno)) {
fprintf(stderr, "mergecap: Can't open %s: %s\n", argv[optind + err_fileno],
wtap_strerror(open_err));
if (err_info != NULL) {
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
}
return 2;
}
if (verbose) {
for (i = 0; i < in_file_count; i++)
fprintf(stderr, "mergecap: %s is type %s.\n", argv[optind + i],
wtap_file_type_subtype_string(wtap_file_type_subtype(in_files[i].wth)));
}
if (snaplen == 0) {
/*
* Snapshot length not specified - default to the maximum of the
* snapshot lengths of the input files.
*/
snaplen = merge_max_snapshot_length(in_file_count, in_files);
}
/* set the outfile frame type */
if (frame_type == -2) {
/*
* Default to the appropriate frame type for the input files.
*/
frame_type = merge_select_frame_type(in_file_count, in_files);
if (verbose) {
if (frame_type == WTAP_ENCAP_PER_PACKET) {
/*
* Find out why we had to choose WTAP_ENCAP_PER_PACKET.
*/
int first_frame_type, this_frame_type;
first_frame_type = wtap_file_encap(in_files[0].wth);
for (i = 1; i < in_file_count; i++) {
this_frame_type = wtap_file_encap(in_files[i].wth);
if (first_frame_type != this_frame_type) {
fprintf(stderr, "mergecap: multiple frame encapsulation types detected\n");
fprintf(stderr, " defaulting to WTAP_ENCAP_PER_PACKET\n");
fprintf(stderr, " %s had type %s (%s)\n",
in_files[0].filename,
wtap_encap_string(first_frame_type),
wtap_encap_short_string(first_frame_type));
fprintf(stderr, " %s had type %s (%s)\n",
in_files[i].filename,
wtap_encap_string(this_frame_type),
wtap_encap_short_string(this_frame_type));
break;
}
}
}
fprintf(stderr, "mergecap: selected frame_type %s (%s)\n",
wtap_encap_string(frame_type),
wtap_encap_short_string(frame_type));
}
}
/* open the outfile */
if (strncmp(out_filename, "-", 2) == 0) {
/* use stdout as the outfile */
out_fd = 1 /*stdout*/;
} else {
/* open the outfile */
out_fd = ws_open(out_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
if (out_fd == -1) {
fprintf(stderr, "mergecap: Couldn't open output file %s: %s\n",
out_filename, g_strerror(errno));
exit(1);
}
}
/* prepare the outfile */
if(file_type == WTAP_FILE_TYPE_SUBTYPE_PCAPNG ){
wtapng_section_t *shb_hdr;
GString *comment_gstr;
shb_hdr = g_new(wtapng_section_t,1);
comment_gstr = g_string_new("File created by merging: \n");
for (i = 0; i < in_file_count; i++) {
g_string_append_printf(comment_gstr, "File%d: %s \n",i+1,in_files[i].filename);
}
shb_hdr->section_length = -1;
/* options */
shb_hdr->opt_comment = comment_gstr->str; /* NULL if not available */
shb_hdr->shb_hardware = NULL; /* NULL if not available, UTF-8 string containing the description of the hardware used to create this section. */
shb_hdr->shb_os = NULL; /* NULL if not available, UTF-8 string containing the name of the operating system used to create this section. */
shb_hdr->shb_user_appl = g_strdup("mergecap"); /* NULL if not available, UTF-8 string containing the name of the application used to create this section. */
pdh = wtap_dump_fdopen_ng(out_fd, file_type, frame_type, snaplen,
FALSE /* compressed */, shb_hdr, NULL /* wtapng_iface_descriptions_t *idb_inf */, &open_err);
g_string_free(comment_gstr, TRUE);
} else {
pdh = wtap_dump_fdopen(out_fd, file_type, frame_type, snaplen, FALSE /* compressed */, &open_err);
}
if (pdh == NULL) {
merge_close_in_files(in_file_count, in_files);
g_free(in_files);
fprintf(stderr, "mergecap: Can't open or create %s: %s\n", out_filename,
wtap_strerror(open_err));
exit(1);
}
/* do the merge (or append) */
count = 1;
for (;;) {
if (do_append)
in_file = merge_append_read_packet(in_file_count, in_files, &read_err,
&err_info);
else
in_file = merge_read_packet(in_file_count, in_files, &read_err,
&err_info);
if (in_file == NULL) {
/* EOF */
break;
}
if (read_err != 0) {
/* I/O error reading from in_file */
got_read_error = TRUE;
break;
}
if (verbose)
fprintf(stderr, "Record: %d\n", count++);
/* We simply write it, perhaps after truncating it; we could do other
* things, like modify it. */
phdr = wtap_phdr(in_file->wth);
if (snaplen != 0 && phdr->caplen > snaplen) {
snap_phdr = *phdr;
snap_phdr.caplen = snaplen;
phdr = &snap_phdr;
}
if (!wtap_dump(pdh, phdr, wtap_buf_ptr(in_file->wth), &write_err, &write_err_info)) {
got_write_error = TRUE;
break;
}
}
merge_close_in_files(in_file_count, in_files);
if (!got_write_error) {
if (!wtap_dump_close(pdh, &write_err))
got_write_error = TRUE;
} else {
/*
* We already got a write error; no need to report another
* write error on close.
*
* Don't overwrite the earlier write error.
*/
(void)wtap_dump_close(pdh, &close_err);
}
if (got_read_error) {
/*
* Find the file on which we got the error, and report the error.
*/
for (i = 0; i < in_file_count; i++) {
if (in_files[i].state == GOT_ERROR) {
fprintf(stderr, "mergecap: Error reading %s: %s\n",
in_files[i].filename, wtap_strerror(read_err));
if (err_info != NULL) {
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
}
}
}
}
if (got_write_error) {
switch (write_err) {
case WTAP_ERR_UNWRITABLE_ENCAP:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're wwriting; note that, and
* report the frame number and file type/subtype.
*/
fprintf(stderr, "mergecap: Frame %u of \"%s\" has a network type that can't be saved in a \"%s\" file.\n",
in_file ? in_file->packet_num : 0, in_file ? in_file->filename : "UNKNOWN",
wtap_file_type_subtype_string(file_type));
break;
case WTAP_ERR_PACKET_TOO_LARGE:
/*
* This is a problem with the particular frame we're writing and
* the file type and subtype we're wwriting; note that, and
* report the frame number and file type/subtype.
*/
fprintf(stderr, "mergecap: Frame %u of \"%s\" is too large for a \"%s\" file.\n",
in_file ? in_file->packet_num : 0, in_file ? in_file->filename : "UNKNOWN",
wtap_file_type_subtype_string(file_type));
break;
case WTAP_ERR_UNWRITABLE_REC_TYPE:
/*
* This is a problem with the particular record we're writing and
* the file type and subtype we're wwriting; note that, and
* report the record number and file type/subtype.
*/
fprintf(stderr, "mergecap: Record %u of \"%s\" has a record type that can't be saved in a \"%s\" file.\n",
in_file ? in_file->packet_num : 0, in_file ? in_file->filename : "UNKNOWN",
wtap_file_type_subtype_string(file_type));
break;
case WTAP_ERR_UNWRITABLE_REC_DATA:
/*
* This is a problem with the particular record we're writing and
* the file type and subtype we're wwriting; note that, and
* report the record number and file type/subtype.
*/
fprintf(stderr, "mergecap: Record %u of \"%s\" has data that can't be saved in a \"%s\" file.\n(%s)\n",
in_file ? in_file->packet_num : 0, in_file ? in_file->filename : "UNKNOWN",
wtap_file_type_subtype_string(file_type),
write_err_info != NULL ? write_err_info : "no information supplied");
g_free(write_err_info);
break;
default:
fprintf(stderr, "mergecap: Error writing to outfile: %s\n",
wtap_strerror(write_err));
break;
}
}
g_free(in_files);
return (!got_read_error && !got_write_error) ? 0 : 2;
}
static const char *
cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
int file_type)
{
const char *errmsg;
static char errmsg_errno[1024+1];
if (err < 0) {
/* Wiretap error. */
switch (err) {
case WTAP_ERR_NOT_REGULAR_FILE:
errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
break;
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
/* Seen only when opening a capture file for reading. */
errmsg = "The file \"%s\" isn't a capture file in a format Wireshark understands.";
break;
case WTAP_ERR_UNSUPPORTED:
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" contains record data that Wireshark doesn't support.\n"
"(%s)", err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
errmsg = errmsg_errno;
break;
case WTAP_ERR_CANT_WRITE_TO_PIPE:
/* Seen only when opening a capture file for writing. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" is a pipe, and %s capture files can't be "
"written to a pipe.", wtap_file_type_subtype_string(file_type));
errmsg = errmsg_errno;
break;
case WTAP_ERR_UNWRITABLE_FILE_TYPE:
/* Seen only when opening a capture file for writing. */
errmsg = "Wireshark doesn't support writing capture files in that format.";
break;
case WTAP_ERR_UNWRITABLE_ENCAP:
/* Seen only when opening a capture file for writing. */
errmsg = "Wireshark can't save this capture in that format.";
break;
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
if (for_writing)
errmsg = "Wireshark can't save this capture in that format.";
else
errmsg = "The file \"%s\" is a capture for a network type that Wireshark doesn't support.";
break;
case WTAP_ERR_BAD_FILE:
/* Seen only when opening a capture file for reading. */
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" appears to be damaged or corrupt.\n"
"(%s)", err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
errmsg = errmsg_errno;
break;
case WTAP_ERR_CANT_OPEN:
if (for_writing)
errmsg = "The file \"%s\" could not be created for some unknown reason.";
else
errmsg = "The file \"%s\" could not be opened for some unknown reason.";
break;
case WTAP_ERR_SHORT_READ:
errmsg = "The file \"%s\" appears to have been cut short"
" in the middle of a packet or other data.";
break;
case WTAP_ERR_SHORT_WRITE:
errmsg = "A full header couldn't be written to the file \"%s\".";
break;
case WTAP_ERR_DECOMPRESS:
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The compressed file \"%%s\" appears to be damaged or corrupt.\n"
"(%s)", err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
errmsg = errmsg_errno;
break;
default:
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
"The file \"%%s\" could not be %s: %s.",
for_writing ? "created" : "opened",
wtap_strerror(err));
errmsg = errmsg_errno;
break;
}
} else
errmsg = file_open_error_message(err, for_writing);
return errmsg;
}
static gchar*
get_read_error_string(const merge_in_file_t *in_files, const guint in_file_count,
const int *err, gchar **err_info)
{
GString *err_message = g_string_new("");
gchar *display_basename = NULL;
guint i;
g_assert(in_files != NULL);
g_assert(err != NULL);
g_assert(err_info != NULL);
if (*err_info == NULL) {
*err_info = g_strdup("no information supplied");
}
/*
* Find the file on which we got the error, and report the error.
*/
for (i = 0; i < in_file_count; i++) {
if (in_files[i].state == GOT_ERROR) {
display_basename = g_filename_display_basename(in_files[i].filename);
switch (*err) {
case WTAP_ERR_SHORT_READ:
g_string_printf(err_message,
"The capture file %s appears to have been cut short"
" in the middle of a packet.", display_basename);
break;
case WTAP_ERR_BAD_FILE:
g_string_printf(err_message,
"The capture file %s appears to be damaged or corrupt.\n(%s)",
display_basename, *err_info);
break;
case WTAP_ERR_DECOMPRESS:
g_string_printf(err_message,
"The compressed capture file %s appears to be damaged or corrupt.\n"
"(%s)", display_basename, *err_info);
break;
default:
g_string_printf(err_message,
"An error occurred while reading the"
" capture file %s: %s.",
display_basename, wtap_strerror(*err));
break;
}
g_free(display_basename);
break;
}
}
g_free(*err_info);
*err_info = g_string_free(err_message, FALSE);
return *err_info;
}
int
main(int argc, char *argv[])
{
GString *comp_info_str;
GString *runtime_info_str;
wtap *wth;
int err;
gchar *err_info;
int i;
int opt;
int overall_error_status;
static const struct option long_options[] = {
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'v'},
{0, 0, 0, 0 }
};
#ifdef HAVE_PLUGINS
char *init_progfile_dir_error;
#endif
/* Set the C-language locale to the native environment. */
setlocale(LC_ALL, "");
/* Get the compile-time version information string */
comp_info_str = get_compiled_version_info(NULL, NULL);
/* Get the run-time version information string */
runtime_info_str = get_runtime_version_info(NULL);
/* Add it to the information to be reported on a crash. */
ws_add_crash_info("Captype (Wireshark) %s\n"
"\n"
"%s"
"\n"
"%s",
get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str);
g_string_free(comp_info_str, TRUE);
g_string_free(runtime_info_str, TRUE);
#ifdef _WIN32
arg_list_utf_16to8(argc, argv);
create_app_running_mutex();
#endif /* _WIN32 */
/*
* Get credential information for later use.
*/
init_process_policies();
init_open_routines();
#ifdef HAVE_PLUGINS
if ((init_progfile_dir_error = init_progfile_dir(argv[0], main))) {
g_warning("captype: init_progfile_dir(): %s", init_progfile_dir_error);
g_free(init_progfile_dir_error);
} else {
/* Register all the plugin types we have. */
wtap_register_plugin_types(); /* Types known to libwiretap */
init_report_err(failure_message,NULL,NULL,NULL);
/* Scan for plugins. This does *not* call their registration routines;
that's done later.
Don't report failures to load plugins because most (non-wiretap)
plugins *should* fail to load (because we're not linked against
libwireshark and dissector plugins need libwireshark). */
scan_plugins(DONT_REPORT_LOAD_FAILURE);
/* Register all libwiretap plugin modules. */
register_all_wiretap_modules();
}
#endif
/* Process the options */
while ((opt = getopt_long(argc, argv, "hv", long_options, NULL)) !=-1) {
switch (opt) {
case 'h':
printf("Captype (Wireshark) %s\n"
"Print the file types of capture files.\n"
"See https://www.wireshark.org for more information.\n",
get_ws_vcs_version_info());
print_usage(stdout);
exit(0);
break;
case 'v':
comp_info_str = get_compiled_version_info(NULL, NULL);
runtime_info_str = get_runtime_version_info(NULL);
show_version("Captype (Wireshark)", comp_info_str, runtime_info_str);
g_string_free(comp_info_str, TRUE);
g_string_free(runtime_info_str, TRUE);
exit(0);
break;
case '?': /* Bad flag - print usage message */
print_usage(stderr);
exit(1);
break;
}
}
if (argc < 2) {
print_usage(stderr);
return 1;
}
overall_error_status = 0;
for (i = 1; i < argc; i++) {
wth = wtap_open_offline(argv[i], WTAP_TYPE_AUTO, &err, &err_info, FALSE);
if(wth) {
printf("%s: %s\n", argv[i], wtap_file_type_subtype_short_string(wtap_file_type_subtype(wth)));
wtap_close(wth);
} else {
if (err == WTAP_ERR_FILE_UNKNOWN_FORMAT)
printf("%s: unknown\n", argv[i]);
else {
fprintf(stderr, "captype: Can't open %s: %s\n", argv[i],
wtap_strerror(err));
if (err_info != NULL) {
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
}
overall_error_status = 1; /* remember that an error has occurred */
}
}
}
return overall_error_status;
}
int main(int argc, char *argv[])
{
wtap *wth = NULL;
wtap_dumper *pdh = NULL;
int err;
gchar *err_info;
gint64 data_offset;
const struct wtap_pkthdr *phdr;
guint wrong_order_count = 0;
gboolean write_output_regardless = TRUE;
guint i;
GPtrArray *frames;
FrameRecord_t *prevFrame = NULL;
int opt;
int file_count;
char *infile;
char *outfile;
/* Process the options first */
while ((opt = getopt(argc, argv, "n")) != -1) {
switch (opt) {
case 'n':
write_output_regardless = FALSE;
break;
case '?':
usage();
exit(1);
}
}
/* Remaining args are file names */
file_count = argc - optind;
if (file_count == 2) {
infile = argv[optind];
outfile = argv[optind+1];
}
else {
usage();
exit(1);
}
/* Open infile */
wth = wtap_open_offline(infile, &err, &err_info, TRUE);
if (wth == NULL) {
printf("reorder: Can't open %s: %s\n", infile, wtap_strerror(err));
exit(1);
}
DEBUG_PRINT("file_type is %u\n", wtap_file_type(wth));
/* Open outfile (same filetype/encap as input file) */
pdh = wtap_dump_open(outfile, wtap_file_type(wth), wtap_file_encap(wth), 65535, FALSE, &err);
if (pdh == NULL) {
printf("Failed to open output file: (%s) - error %s\n", outfile, wtap_strerror(err));
exit(1);
}
/* Allocate the array of frame pointers. */
frames = g_ptr_array_new();
/* Read each frame from infile */
while (wtap_read(wth, &err, &err_info, &data_offset)) {
FrameRecord_t *newFrameRecord;
phdr = wtap_phdr(wth);
newFrameRecord = g_slice_new(FrameRecord_t);
newFrameRecord->num = frames->len + 1;
newFrameRecord->offset = data_offset;
newFrameRecord->length = phdr->len;
newFrameRecord->time = phdr->ts;
if (prevFrame && frames_compare(&newFrameRecord, &prevFrame) < 0) {
wrong_order_count++;
}
g_ptr_array_add(frames, newFrameRecord);
prevFrame = newFrameRecord;
}
printf("%u frames, %u out of order\n", frames->len, wrong_order_count);
/* Sort the frames */
if (wrong_order_count > 0) {
g_ptr_array_sort(frames, frames_compare);
}
/* Write out each sorted frame in turn */
for (i = 0; i < frames->len; i++) {
FrameRecord_t *frame = frames->pdata[i];
/* Avoid writing if already sorted and configured to */
if (write_output_regardless || (wrong_order_count > 0)) {
frame_write(frame, wth, pdh);
}
g_slice_free(FrameRecord_t, frame);
}
if (!write_output_regardless && (wrong_order_count == 0)) {
printf("Not writing output file because input file is already in order!\n");
}
/* Free the whole array */
g_ptr_array_free(frames, TRUE);
/* Close outfile */
if (!wtap_dump_close(pdh, &err)) {
printf("Error closing %s: %s\n", outfile, wtap_strerror(err));
exit(1);
}
/* Finally, close infile */
wtap_fdclose(wth);
return 0;
}
/*
* Alert box for a failed attempt to open a capture file for reading.
* "filename" is the name of the file being opened; "err" is assumed
* to be a UNIX-style errno or a WTAP_ERR_ value; "err_info" is assumed
* to be a string giving further information for some WTAP_ERR_ values..
*
* XXX - add explanatory secondary text for at least some of the errors;
* various HIGs suggest that you should, for example, suggest that the
* user remove files if the file system is full. Perhaps that's because
* they're providing guidelines for people less sophisticated than the
* typical Wireshark user is, but....
*/
void
cfile_open_failure_alert_box(const char *filename, int err, gchar *err_info)
{
gchar *display_basename;
if (err < 0) {
/* Wiretap error. */
display_basename = g_filename_display_basename(filename);
switch (err) {
case WTAP_ERR_NOT_REGULAR_FILE:
simple_error_message_box(
"The file \"%s\" is a \"special file\" or socket or other non-regular file.",
display_basename);
break;
case WTAP_ERR_RANDOM_OPEN_PIPE:
simple_error_message_box(
"The file \"%s\" is a pipe or FIFO; Wireshark can't read pipe or FIFO files.\n"
"To capture from a pipe or FIFO use wireshark -i -",
display_basename);
break;
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
simple_error_message_box(
"The file \"%s\" isn't a capture file in a format Wireshark understands.",
display_basename);
break;
case WTAP_ERR_UNSUPPORTED:
simple_error_message_box(
"The file \"%s\" contains record data that Wireshark doesn't support.\n"
"(%s)",
display_basename,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
simple_error_message_box(
"The file \"%s\" is a capture for a network type that Wireshark doesn't support.",
display_basename);
break;
case WTAP_ERR_BAD_FILE:
simple_error_message_box(
"The file \"%s\" appears to be damaged or corrupt.\n"
"(%s)",
display_basename,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_CANT_OPEN:
simple_error_message_box(
"The file \"%s\" could not be opened for some unknown reason.",
display_basename);
break;
case WTAP_ERR_SHORT_READ:
simple_error_message_box(
"The file \"%s\" appears to have been cut short"
" in the middle of a packet or other data.",
display_basename);
break;
case WTAP_ERR_DECOMPRESS:
simple_error_message_box(
"The file \"%s\" cannot be decompressed; it may be damaged or corrupt.\n"
"(%s)", display_basename,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
case WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED:
simple_error_message_box(
"The file \"%s\" cannot be decompressed; it is compressed in a way that we don't support.\n"
"(%s)", display_basename,
err_info != NULL ? err_info : "no information supplied");
g_free(err_info);
break;
default:
simple_error_message_box(
"The file \"%s\" could not be opened: %s.",
display_basename,
wtap_strerror(err));
break;
}
g_free(display_basename);
} else {
/* OS error. */
open_failure_alert_box(filename, err, FALSE);
}
}
int main(int argc, char *argv[])
{
wtap *wth = NULL;
wtap_dumper *pdh = NULL;
Buffer buf;
int err;
gchar *err_info;
gint64 data_offset;
const struct wtap_pkthdr *phdr;
guint wrong_order_count = 0;
gboolean write_output_regardless = TRUE;
guint i;
wtapng_section_t *shb_hdr;
wtapng_iface_descriptions_t *idb_inf;
GPtrArray *frames;
FrameRecord_t *prevFrame = NULL;
int opt;
int file_count;
char *infile;
char *outfile;
/* Process the options first */
while ((opt = getopt(argc, argv, "hn")) != -1) {
switch (opt) {
case 'n':
write_output_regardless = FALSE;
break;
case 'h':
usage(FALSE);
exit(0);
case '?':
usage(TRUE);
exit(1);
}
}
/* Remaining args are file names */
file_count = argc - optind;
if (file_count == 2) {
infile = argv[optind];
outfile = argv[optind+1];
}
else {
usage(TRUE);
exit(1);
}
init_open_routines();
/* Open infile */
wth = wtap_open_offline(infile, WTAP_TYPE_AUTO, &err, &err_info, TRUE);
if (wth == NULL) {
fprintf(stderr, "reordercap: Can't open %s: %s\n", infile,
wtap_strerror(err));
switch (err) {
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
case WTAP_ERR_BAD_FILE:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
}
exit(1);
}
DEBUG_PRINT("file_type_subtype is %u\n", wtap_file_type_subtype(wth));
shb_hdr = wtap_file_get_shb_info(wth);
idb_inf = wtap_file_get_idb_info(wth);
/* Open outfile (same filetype/encap as input file) */
pdh = wtap_dump_open_ng(outfile, wtap_file_type_subtype(wth), wtap_file_encap(wth),
65535, FALSE, shb_hdr, idb_inf, &err);
g_free(idb_inf);
if (pdh == NULL) {
fprintf(stderr, "reordercap: Failed to open output file: (%s) - error %s\n",
outfile, wtap_strerror(err));
g_free(shb_hdr);
exit(1);
}
/* Allocate the array of frame pointers. */
frames = g_ptr_array_new();
/* Read each frame from infile */
while (wtap_read(wth, &err, &err_info, &data_offset)) {
FrameRecord_t *newFrameRecord;
phdr = wtap_phdr(wth);
newFrameRecord = g_slice_new(FrameRecord_t);
newFrameRecord->num = frames->len + 1;
newFrameRecord->offset = data_offset;
newFrameRecord->time = phdr->ts;
if (prevFrame && frames_compare(&newFrameRecord, &prevFrame) < 0) {
wrong_order_count++;
}
g_ptr_array_add(frames, newFrameRecord);
prevFrame = newFrameRecord;
}
if (err != 0) {
/* Print a message noting that the read failed somewhere along the line. */
fprintf(stderr,
"reordercap: An error occurred while reading \"%s\": %s.\n",
infile, wtap_strerror(err));
switch (err) {
case WTAP_ERR_UNSUPPORTED:
case WTAP_ERR_UNSUPPORTED_ENCAP:
case WTAP_ERR_BAD_FILE:
fprintf(stderr, "(%s)\n", err_info);
g_free(err_info);
break;
}
}
printf("%u frames, %u out of order\n", frames->len, wrong_order_count);
/* Sort the frames */
if (wrong_order_count > 0) {
g_ptr_array_sort(frames, frames_compare);
}
/* Write out each sorted frame in turn */
buffer_init(&buf, 1500);
for (i = 0; i < frames->len; i++) {
FrameRecord_t *frame = (FrameRecord_t *)frames->pdata[i];
/* Avoid writing if already sorted and configured to */
if (write_output_regardless || (wrong_order_count > 0)) {
frame_write(frame, wth, pdh, &buf, infile);
}
g_slice_free(FrameRecord_t, frame);
}
buffer_free(&buf);
if (!write_output_regardless && (wrong_order_count == 0)) {
printf("Not writing output file because input file is already in order!\n");
}
/* Free the whole array */
g_ptr_array_free(frames, TRUE);
/* Close outfile */
if (!wtap_dump_close(pdh, &err)) {
fprintf(stderr, "reordercap: Error closing %s: %s\n", outfile,
wtap_strerror(err));
g_free(shb_hdr);
exit(1);
}
g_free(shb_hdr);
/* Finally, close infile */
wtap_fdclose(wth);
return 0;
}
