int main(int argc, char *argv[]) { int opt; gboolean do_append = FALSE; gboolean verbose = FALSE; int in_file_count = 0; guint snaplen = 0; #ifdef PCAP_NG_DEFAULT int file_type = WTAP_FILE_PCAPNG; /* default to pcap format */ #else int file_type = WTAP_FILE_PCAP; /* default to pcapng format */ #endif int frame_type = -2; int out_fd; merge_in_file_t *in_files = NULL, *in_file; int i; struct wtap_pkthdr *phdr, snap_phdr; wtap_dumper *pdh; int open_err, read_err = 0, write_err, close_err; gchar *err_info; int err_fileno; char *out_filename = NULL; gboolean got_read_error = FALSE, got_write_error = FALSE; int count; #ifdef _WIN32 arg_list_utf_16to8(argc, argv); create_app_running_mutex(); #endif /* _WIN32 */ /* Process the options first */ while ((opt = getopt(argc, argv, "aF:hs:T:vw:")) != -1) { switch (opt) { case 'a': do_append = !do_append; break; case 'F': file_type = wtap_short_string_to_file_type(optarg); if (file_type < 0) { fprintf(stderr, "mergecap: \"%s\" isn't a valid capture file type\n", optarg); list_capture_types(); exit(1); } break; case 'h': usage(); exit(0); break; case 's': snaplen = get_positive_int(optarg, "snapshot length"); break; case 'T': frame_type = wtap_short_string_to_encap(optarg); if (frame_type < 0) { fprintf(stderr, "mergecap: \"%s\" isn't a valid encapsulation type\n", optarg); list_encap_types(); exit(1); } break; case 'v': verbose = TRUE; break; case 'w': out_filename = optarg; break; case '?': /* Bad options if GNU getopt */ switch(optopt) { case'F': list_capture_types(); break; case'T': list_encap_types(); break; default: usage(); } exit(1); break; } } /* check for proper args; at a minimum, must have an output * filename and one input file */ in_file_count = argc - optind; if (!out_filename) { fprintf(stderr, "mergecap: an output filename must be set with -w\n"); fprintf(stderr, " run with -h for help\n"); return 1; } if (in_file_count < 1) { fprintf(stderr, "mergecap: No input files were specified\n"); return 1; } /* open the input files */ if (!merge_open_in_files(in_file_count, &argv[optind], &in_files, &open_err, &err_info, &err_fileno)) { fprintf(stderr, "mergecap: Can't open %s: %s\n", argv[optind + err_fileno], wtap_strerror(open_err)); switch (open_err) { case WTAP_ERR_UNSUPPORTED: case WTAP_ERR_UNSUPPORTED_ENCAP: case WTAP_ERR_BAD_FILE: fprintf(stderr, "(%s)\n", err_info); g_free(err_info); break; } return 2; } if (verbose) { for (i = 0; i < in_file_count; i++) fprintf(stderr, "mergecap: %s is type %s.\n", argv[optind + i], wtap_file_type_string(wtap_file_type(in_files[i].wth))); } if (snaplen == 0) { /* * Snapshot length not specified - default to the maximum of the * snapshot lengths of the input files. */ snaplen = merge_max_snapshot_length(in_file_count, in_files); } /* set the outfile frame type */ if (frame_type == -2) { /* * Default to the appropriate frame type for the input files. */ frame_type = merge_select_frame_type(in_file_count, in_files); if (verbose) { if (frame_type == WTAP_ENCAP_PER_PACKET) { /* * Find out why we had to choose WTAP_ENCAP_PER_PACKET. */ int first_frame_type, this_frame_type; first_frame_type = wtap_file_encap(in_files[0].wth); for (i = 1; i < in_file_count; i++) { this_frame_type = wtap_file_encap(in_files[i].wth); if (first_frame_type != this_frame_type) { fprintf(stderr, "mergecap: multiple frame encapsulation types detected\n"); fprintf(stderr, " defaulting to WTAP_ENCAP_PER_PACKET\n"); fprintf(stderr, " %s had type %s (%s)\n", in_files[0].filename, wtap_encap_string(first_frame_type), wtap_encap_short_string(first_frame_type)); fprintf(stderr, " %s had type %s (%s)\n", in_files[i].filename, wtap_encap_string(this_frame_type), wtap_encap_short_string(this_frame_type)); break; } } } fprintf(stderr, "mergecap: selected frame_type %s (%s)\n", wtap_encap_string(frame_type), wtap_encap_short_string(frame_type)); } } /* open the outfile */ if (strncmp(out_filename, "-", 2) == 0) { /* use stdout as the outfile */ out_fd = 1 /*stdout*/; } else { /* open the outfile */ out_fd = ws_open(out_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644); if (out_fd == -1) { fprintf(stderr, "mergecap: Couldn't open output file %s: %s\n", out_filename, g_strerror(errno)); exit(1); } } /* prepare the outfile */ if(file_type == WTAP_FILE_PCAPNG ){ wtapng_section_t *shb_hdr; GString *comment_gstr; shb_hdr = g_new(wtapng_section_t,1); comment_gstr = g_string_new("File created by merging: \n"); for (i = 0; i < in_file_count; i++) { g_string_append_printf(comment_gstr, "File%d: %s \n",i+1,in_files[i].filename); } shb_hdr->section_length = -1; /* options */ shb_hdr->opt_comment = comment_gstr->str; /* NULL if not available */ shb_hdr->shb_hardware = NULL; /* NULL if not available, UTF-8 string containing the description of the hardware used to create this section. */ shb_hdr->shb_os = NULL; /* NULL if not available, UTF-8 string containing the name of the operating system used to create this section. */ shb_hdr->shb_user_appl = "mergecap"; /* NULL if not available, UTF-8 string containing the name of the application used to create this section. */ pdh = wtap_dump_fdopen_ng(out_fd, file_type, frame_type, snaplen, FALSE /* compressed */, shb_hdr, NULL /* wtapng_iface_descriptions_t *idb_inf */, &open_err); g_string_free(comment_gstr, TRUE); } else { pdh = wtap_dump_fdopen(out_fd, file_type, frame_type, snaplen, FALSE /* compressed */, &open_err); } if (pdh == NULL) { merge_close_in_files(in_file_count, in_files); g_free(in_files); fprintf(stderr, "mergecap: Can't open or create %s: %s\n", out_filename, wtap_strerror(open_err)); exit(1); } /* do the merge (or append) */ count = 1; for (;;) { if (do_append) in_file = merge_append_read_packet(in_file_count, in_files, &read_err, &err_info); else in_file = merge_read_packet(in_file_count, in_files, &read_err, &err_info); if (in_file == NULL) { /* EOF */ break; } if (read_err != 0) { /* I/O error reading from in_file */ got_read_error = TRUE; break; } if (verbose) fprintf(stderr, "Record: %u\n", count++); /* We simply write it, perhaps after truncating it; we could do other * things, like modify it. */ phdr = wtap_phdr(in_file->wth); if (snaplen != 0 && phdr->caplen > snaplen) { snap_phdr = *phdr; snap_phdr.caplen = snaplen; phdr = &snap_phdr; } if (!wtap_dump(pdh, phdr, wtap_buf_ptr(in_file->wth), &write_err)) { got_write_error = TRUE; break; } } merge_close_in_files(in_file_count, in_files); if (!got_read_error && !got_write_error) { if (!wtap_dump_close(pdh, &write_err)) got_write_error = TRUE; } else wtap_dump_close(pdh, &close_err); if (got_read_error) { /* * Find the file on which we got the error, and report the error. */ for (i = 0; i < in_file_count; i++) { if (in_files[i].state == GOT_ERROR) { fprintf(stderr, "mergecap: Error reading %s: %s\n", in_files[i].filename, wtap_strerror(read_err)); switch (read_err) { case WTAP_ERR_UNSUPPORTED: case WTAP_ERR_UNSUPPORTED_ENCAP: case WTAP_ERR_BAD_FILE: fprintf(stderr, "(%s)\n", err_info); g_free(err_info); break; } } } } if (got_write_error) { switch (write_err) { case WTAP_ERR_UNSUPPORTED_ENCAP: /* * This is a problem with the particular frame we're writing; * note that, and give the frame number. */ fprintf(stderr, "mergecap: Frame %u of \"%s\" has a network type that can't be saved in a file with that format\n.", in_file->packet_num, in_file->filename); break; default: fprintf(stderr, "mergecap: Error writing to outfile: %s\n", wtap_strerror(write_err)); break; } } g_free(in_files); return (!got_read_error && !got_write_error) ? 0 : 2; }
static int process_cap_file(wtap *wth, const char *filename) { int err; gchar *err_info; gint64 size; gint64 data_offset; guint32 packet = 0; gint64 bytes = 0; guint32 snaplen_min_inferred = 0xffffffff; guint32 snaplen_max_inferred = 0; const struct wtap_pkthdr *phdr; capture_info cf_info; gboolean have_times = TRUE; double start_time = 0; double stop_time = 0; double cur_time = 0; double prev_time = 0; gboolean know_order = FALSE; order_t order = IN_ORDER; cf_info.encap_counts = g_malloc0(WTAP_NUM_ENCAP_TYPES * sizeof(int)); /* Tally up data that we need to parse through the file to find */ while (wtap_read(wth, &err, &err_info, &data_offset)) { phdr = wtap_phdr(wth); if (phdr->presence_flags & WTAP_HAS_TS) { prev_time = cur_time; cur_time = secs_nsecs(&phdr->ts); if(packet==0) { start_time = cur_time; stop_time = cur_time; prev_time = cur_time; } if (cur_time < prev_time) { order = NOT_IN_ORDER; } if (cur_time < start_time) { start_time = cur_time; } if (cur_time > stop_time) { stop_time = cur_time; } } else { have_times = FALSE; /* at least one packet has no time stamp */ if (order != NOT_IN_ORDER) order = ORDER_UNKNOWN; } bytes+=phdr->len; packet++; /* If caplen < len for a rcd, then presumably */ /* 'Limit packet capture length' was done for this rcd. */ /* Keep track as to the min/max actual snapshot lengths */ /* seen for this file. */ if (phdr->caplen < phdr->len) { if (phdr->caplen < snaplen_min_inferred) snaplen_min_inferred = phdr->caplen; if (phdr->caplen > snaplen_max_inferred) snaplen_max_inferred = phdr->caplen; } /* Per-packet encapsulation */ if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) { if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) { cf_info.encap_counts[phdr->pkt_encap] += 1; } else { fprintf(stderr, "capinfos: Unknown per-packet encapsulation: %d [frame number: %d]\n", phdr->pkt_encap, packet); } } } /* while */ if (err != 0) { fprintf(stderr, "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n", packet, filename, wtap_strerror(err)); switch (err) { case WTAP_ERR_UNSUPPORTED: case WTAP_ERR_UNSUPPORTED_ENCAP: case WTAP_ERR_BAD_FILE: case WTAP_ERR_DECOMPRESS: fprintf(stderr, "(%s)\n", err_info); g_free(err_info); break; } g_free(cf_info.encap_counts); return 1; } /* File size */ size = wtap_file_size(wth, &err); if (size == -1) { fprintf(stderr, "capinfos: Can't get size of \"%s\": %s.\n", filename, g_strerror(err)); g_free(cf_info.encap_counts); return 1; } cf_info.filesize = size; /* File Type */ cf_info.file_type = wtap_file_type(wth); cf_info.iscompressed = wtap_iscompressed(wth); /* File Encapsulation */ cf_info.file_encap = wtap_file_encap(wth); /* Packet size limit (snaplen) */ cf_info.snaplen = wtap_snapshot_length(wth); if(cf_info.snaplen > 0) cf_info.snap_set = TRUE; else cf_info.snap_set = FALSE; cf_info.snaplen_min_inferred = snaplen_min_inferred; cf_info.snaplen_max_inferred = snaplen_max_inferred; /* # of packets */ cf_info.packet_count = packet; /* File Times */ cf_info.times_known = have_times; cf_info.start_time = start_time; cf_info.stop_time = stop_time; cf_info.duration = stop_time-start_time; cf_info.know_order = know_order; cf_info.order = order; /* Number of packet bytes */ cf_info.packet_bytes = bytes; cf_info.data_rate = 0.0; cf_info.packet_rate = 0.0; cf_info.packet_size = 0.0; if (packet > 0) { if (cf_info.duration > 0.0) { cf_info.data_rate = (double)bytes / (stop_time-start_time); /* Data rate per second */ cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */ } cf_info.packet_size = (double)bytes / packet; /* Avg packet size */ } if(long_report) { print_stats(filename, &cf_info); } else { print_stats_table(filename, &cf_info); } g_free(cf_info.encap_counts); return 0; }
cf_status_t cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err) { wtap *wth; gchar *err_info; //char err_msg[2048+1]; dprintf("%s: fname = %s\n", __FUNCTION__, fname); dprintf("%s: is_tempfile = %d err = %p\n", __FUNCTION__, is_tempfile, err); wth = wtap_open_offline(fname, err, &err_info, FALSE); dprintf("wth = %p\n", wth); if (wth == NULL) goto fail; /* The open succeeded. Fill in the information for this file. */ #if WIRESHARK_1_4_0 /* Cleanup all data structures used for dissection. */ cleanup_dissection(); #endif /* Initialize all data structures used for dissection. */ init_dissection(); cf->wth = wth; cf->f_datalen = 0; /* not used, but set it anyway */ /* Set the file name because we need it to set the follow stream filter. XXX - is that still true? We need it for other reasons, though, in any case. */ cf->filename = g_strdup(fname); /* Indicate whether it's a permanent or temporary file. */ cf->is_tempfile = is_tempfile; /* If it's a temporary capture buffer file, mark it as not saved. */ cf->user_saved = !is_tempfile; cf->cd_t = wtap_file_type(cf->wth); cf->count = 0; cf->drops_known = FALSE; cf->drops = 0; cf->snap = wtap_snapshot_length(cf->wth); if (cf->snap == 0) { /* Snapshot length not known. */ cf->has_snap = FALSE; cf->snap = WTAP_MAX_PACKET_SIZE; } else cf->has_snap = TRUE; nstime_set_zero(&cf->elapsed_time); nstime_set_unset(&first_ts); nstime_set_unset(&prev_dis_ts); nstime_set_unset(&prev_cap_ts); dprintf("%s: exiting\n", __FUNCTION__); return CF_OK; fail: g_snprintf(sharktools_errmsg, sizeof(sharktools_errmsg), cf_open_error_message(*err, err_info, cf->cd_t), fname); return CF_ERROR; }
bool CaptureFile::open() { //wtap *wth; gchar *err_info; int err; resetState(); wth = wtap_open_offline(filename.c_str(), &err, &err_info, TRUE); if (wth == NULL) { if (err != 0) { /* Print a message noting that the read failed somewhere along the line. */ switch (err) { case WTAP_ERR_UNSUPPORTED_ENCAP: { ostringstream s; s << "File " << filename << " has a packet with a network type that is not supported. (" << err_info << ")"; g_free(err_info); errorMessage = s.str(); break; } case WTAP_ERR_CANT_READ: { ostringstream s; s << "An attempt to read from file " << filename << " failed for some unknown reason."; errorMessage = s.str(); break; } case WTAP_ERR_SHORT_READ: { ostringstream s; s << "File " << filename << " appears to have been cut short in the middle of a packet."; errorMessage = s.str(); break; } case WTAP_ERR_BAD_RECORD: { ostringstream s; s << "File " << filename << " appears to be damaged or corrupt."; errorMessage = s.str(); g_free(err_info); break; } default: { ostringstream s; s << "An error occurred while reading" << " file " << filename << ": " << wtap_strerror(err); errorMessage = s.str(); break; } } } return false; } /* Initialize all data structures used for dissection. */ init_dissection(); /* We're about to start reading the file. */ state = FILE_READ_IN_PROGRESS; //wth = wth; f_datalen = 0; cd_t = wtap_file_type(wth); count = 0; displayed_count = 0; marked_count = 0; drops_known = FALSE; drops = 0; snap = wtap_snapshot_length(wth); if (snap == 0) { /* Snapshot length not known. */ has_snap = FALSE; snap = WTAP_MAX_PACKET_SIZE; } else has_snap = TRUE; nstime_set_zero(&elapsed_time); nstime_set_unset(&first_ts); nstime_set_unset(&prev_dis_ts); #if GLIB_CHECK_VERSION(2,10,0) #else /* memory chunks have been deprecated in favor of the slice allocator, * which has been added in 2.10 */ plist_chunk = g_mem_chunk_new("frame_data_chunk", sizeof (frame_data), FRAME_DATA_CHUNK_SIZE * sizeof (frame_data), G_ALLOC_AND_FREE); g_assert(plist_chunk); #endif /* change the time formats now, as we might have a new precision */ //cf_change_time_formats(cf);//FIXME ?? return true; }
int main(int argc, char *argv[]) { wtap *wth = NULL; wtap_dumper *pdh = NULL; int err; gchar *err_info; gint64 data_offset; const struct wtap_pkthdr *phdr; guint wrong_order_count = 0; gboolean write_output_regardless = TRUE; guint i; GPtrArray *frames; FrameRecord_t *prevFrame = NULL; int opt; int file_count; char *infile; char *outfile; /* Process the options first */ while ((opt = getopt(argc, argv, "n")) != -1) { switch (opt) { case 'n': write_output_regardless = FALSE; break; case '?': usage(); exit(1); } } /* Remaining args are file names */ file_count = argc - optind; if (file_count == 2) { infile = argv[optind]; outfile = argv[optind+1]; } else { usage(); exit(1); } /* Open infile */ wth = wtap_open_offline(infile, &err, &err_info, TRUE); if (wth == NULL) { printf("reorder: Can't open %s: %s\n", infile, wtap_strerror(err)); exit(1); } DEBUG_PRINT("file_type is %u\n", wtap_file_type(wth)); /* Open outfile (same filetype/encap as input file) */ pdh = wtap_dump_open(outfile, wtap_file_type(wth), wtap_file_encap(wth), 65535, FALSE, &err); if (pdh == NULL) { printf("Failed to open output file: (%s) - error %s\n", outfile, wtap_strerror(err)); exit(1); } /* Allocate the array of frame pointers. */ frames = g_ptr_array_new(); /* Read each frame from infile */ while (wtap_read(wth, &err, &err_info, &data_offset)) { FrameRecord_t *newFrameRecord; phdr = wtap_phdr(wth); newFrameRecord = g_slice_new(FrameRecord_t); newFrameRecord->num = frames->len + 1; newFrameRecord->offset = data_offset; newFrameRecord->length = phdr->len; newFrameRecord->time = phdr->ts; if (prevFrame && frames_compare(&newFrameRecord, &prevFrame) < 0) { wrong_order_count++; } g_ptr_array_add(frames, newFrameRecord); prevFrame = newFrameRecord; } printf("%u frames, %u out of order\n", frames->len, wrong_order_count); /* Sort the frames */ if (wrong_order_count > 0) { g_ptr_array_sort(frames, frames_compare); } /* Write out each sorted frame in turn */ for (i = 0; i < frames->len; i++) { FrameRecord_t *frame = frames->pdata[i]; /* Avoid writing if already sorted and configured to */ if (write_output_regardless || (wrong_order_count > 0)) { frame_write(frame, wth, pdh); } g_slice_free(FrameRecord_t, frame); } if (!write_output_regardless && (wrong_order_count == 0)) { printf("Not writing output file because input file is already in order!\n"); } /* Free the whole array */ g_ptr_array_free(frames, TRUE); /* Close outfile */ if (!wtap_dump_close(pdh, &err)) { printf("Error closing %s: %s\n", outfile, wtap_strerror(err)); exit(1); } /* Finally, close infile */ wtap_fdclose(wth); return 0; }