bool CaptureFile::open() { //wtap *wth; gchar *err_info; int err; resetState(); wth = wtap_open_offline(filename.c_str(), &err, &err_info, TRUE); if (wth == NULL) { if (err != 0) { /* Print a message noting that the read failed somewhere along the line. */ switch (err) { case WTAP_ERR_UNSUPPORTED_ENCAP: { ostringstream s; s << "File " << filename << " has a packet with a network type that is not supported. (" << err_info << ")"; g_free(err_info); errorMessage = s.str(); break; } case WTAP_ERR_CANT_READ: { ostringstream s; s << "An attempt to read from file " << filename << " failed for some unknown reason."; errorMessage = s.str(); break; } case WTAP_ERR_SHORT_READ: { ostringstream s; s << "File " << filename << " appears to have been cut short in the middle of a packet."; errorMessage = s.str(); break; } case WTAP_ERR_BAD_RECORD: { ostringstream s; s << "File " << filename << " appears to be damaged or corrupt."; errorMessage = s.str(); g_free(err_info); break; } default: { ostringstream s; s << "An error occurred while reading" << " file " << filename << ": " << wtap_strerror(err); errorMessage = s.str(); break; } } } return false; } /* Initialize all data structures used for dissection. */ init_dissection(); /* We're about to start reading the file. */ state = FILE_READ_IN_PROGRESS; //wth = wth; f_datalen = 0; cd_t = wtap_file_type(wth); count = 0; displayed_count = 0; marked_count = 0; drops_known = FALSE; drops = 0; snap = wtap_snapshot_length(wth); if (snap == 0) { /* Snapshot length not known. */ has_snap = FALSE; snap = WTAP_MAX_PACKET_SIZE; } else has_snap = TRUE; nstime_set_zero(&elapsed_time); nstime_set_unset(&first_ts); nstime_set_unset(&prev_dis_ts); #if GLIB_CHECK_VERSION(2,10,0) #else /* memory chunks have been deprecated in favor of the slice allocator, * which has been added in 2.10 */ plist_chunk = g_mem_chunk_new("frame_data_chunk", sizeof (frame_data), FRAME_DATA_CHUNK_SIZE * sizeof (frame_data), G_ALLOC_AND_FREE); g_assert(plist_chunk); #endif /* change the time formats now, as we might have a new precision */ //cf_change_time_formats(cf);//FIXME ?? return true; }
cf_status_t cf_open(capture_file *cf, const char *fname, gboolean is_tempfile, int *err) { wtap *wth; gchar *err_info; //char err_msg[2048+1]; dprintf("%s: fname = %s\n", __FUNCTION__, fname); dprintf("%s: is_tempfile = %d err = %p\n", __FUNCTION__, is_tempfile, err); wth = wtap_open_offline(fname, err, &err_info, FALSE); dprintf("wth = %p\n", wth); if (wth == NULL) goto fail; /* The open succeeded. Fill in the information for this file. */ #if WIRESHARK_1_4_0 /* Cleanup all data structures used for dissection. */ cleanup_dissection(); #endif /* Initialize all data structures used for dissection. */ init_dissection(); cf->wth = wth; cf->f_datalen = 0; /* not used, but set it anyway */ /* Set the file name because we need it to set the follow stream filter. XXX - is that still true? We need it for other reasons, though, in any case. */ cf->filename = g_strdup(fname); /* Indicate whether it's a permanent or temporary file. */ cf->is_tempfile = is_tempfile; /* If it's a temporary capture buffer file, mark it as not saved. */ cf->user_saved = !is_tempfile; cf->cd_t = wtap_file_type(cf->wth); cf->count = 0; cf->drops_known = FALSE; cf->drops = 0; cf->snap = wtap_snapshot_length(cf->wth); if (cf->snap == 0) { /* Snapshot length not known. */ cf->has_snap = FALSE; cf->snap = WTAP_MAX_PACKET_SIZE; } else cf->has_snap = TRUE; nstime_set_zero(&cf->elapsed_time); nstime_set_unset(&first_ts); nstime_set_unset(&prev_dis_ts); nstime_set_unset(&prev_cap_ts); dprintf("%s: exiting\n", __FUNCTION__); return CF_OK; fail: g_snprintf(sharktools_errmsg, sizeof(sharktools_errmsg), cf_open_error_message(*err, err_info, cf->cd_t), fname); return CF_ERROR; }
void add_conversation_table_data_with_conv_id( conv_hash_t *ch, const address *src, const address *dst, guint32 src_port, guint32 dst_port, conv_id_t conv_id, int num_frames, int num_bytes, nstime_t *ts, nstime_t *abs_ts, ct_dissector_info_t *ct_info, port_type ptype) { const address *addr1, *addr2; guint32 port1, port2; conv_item_t *conv_item = NULL; unsigned int conversation_idx = 0; if (src_port > dst_port) { addr1 = src; addr2 = dst; port1 = src_port; port2 = dst_port; } else if (src_port < dst_port) { addr2 = src; addr1 = dst; port2 = src_port; port1 = dst_port; } else if (CMP_ADDRESS(src, dst) < 0) { addr1 = src; addr2 = dst; port1 = src_port; port2 = dst_port; } else { addr2 = src; addr1 = dst; port2 = src_port; port1 = dst_port; } /* if we dont have any entries at all yet */ if (ch->conv_array == NULL) { ch->conv_array = g_array_sized_new(FALSE, FALSE, sizeof(conv_item_t), 10000); ch->hashtable = g_hash_table_new_full(conversation_hash, conversation_equal, /* key_equal_func */ g_free, /* key_destroy_func */ NULL); /* value_destroy_func */ } else { /* try to find it among the existing known conversations */ conv_key_t existing_key; existing_key.addr1 = *addr1; existing_key.addr2 = *addr2; existing_key.port1 = port1; existing_key.port2 = port2; existing_key.conv_id = conv_id; if (g_hash_table_lookup_extended(ch->hashtable, &existing_key, NULL, (gpointer *) &conversation_idx)) { conv_item = &g_array_index(ch->conv_array, conv_item_t, conversation_idx); } } /* if we still dont know what conversation this is it has to be a new one and we have to allocate it and append it to the end of the list */ if (conv_item == NULL) { conv_key_t *new_key; conv_item_t new_conv_item; COPY_ADDRESS(&new_conv_item.src_address, addr1); COPY_ADDRESS(&new_conv_item.dst_address, addr2); new_conv_item.dissector_info = ct_info; new_conv_item.ptype = ptype; new_conv_item.src_port = port1; new_conv_item.dst_port = port2; new_conv_item.conv_id = conv_id; new_conv_item.rx_frames = 0; new_conv_item.tx_frames = 0; new_conv_item.rx_bytes = 0; new_conv_item.tx_bytes = 0; new_conv_item.modified = TRUE; if (ts) { memcpy(&new_conv_item.start_time, ts, sizeof(new_conv_item.start_time)); memcpy(&new_conv_item.stop_time, ts, sizeof(new_conv_item.stop_time)); memcpy(&new_conv_item.start_abs_time, abs_ts, sizeof(new_conv_item.start_abs_time)); } else { nstime_set_unset(&new_conv_item.start_abs_time); nstime_set_unset(&new_conv_item.start_time); nstime_set_unset(&new_conv_item.stop_time); } g_array_append_val(ch->conv_array, new_conv_item); conversation_idx = ch->conv_array->len - 1; conv_item = &g_array_index(ch->conv_array, conv_item_t, conversation_idx); /* ct->conversations address is not a constant but src/dst_address.data are */ new_key = g_new(conv_key_t, 1); SET_ADDRESS(&new_key->addr1, conv_item->src_address.type, conv_item->src_address.len, conv_item->src_address.data); SET_ADDRESS(&new_key->addr2, conv_item->dst_address.type, conv_item->dst_address.len, conv_item->dst_address.data); new_key->port1 = port1; new_key->port2 = port2; new_key->conv_id = conv_id; g_hash_table_insert(ch->hashtable, new_key, GUINT_TO_POINTER(conversation_idx)); } /* update the conversation struct */ conv_item->modified = TRUE; if ( (!CMP_ADDRESS(src, addr1)) && (!CMP_ADDRESS(dst, addr2)) && (src_port==port1) && (dst_port==port2) ) { conv_item->tx_frames += num_frames; conv_item->tx_bytes += num_bytes; } else { conv_item->rx_frames += num_frames; conv_item->rx_bytes += num_bytes; } if (ts) { if (nstime_cmp(ts, &conv_item->stop_time) > 0) { memcpy(&conv_item->stop_time, ts, sizeof(conv_item->stop_time)); } else if (nstime_cmp(ts, &conv_item->start_time) < 0) { memcpy(&conv_item->start_time, ts, sizeof(conv_item->start_time)); memcpy(&conv_item->start_abs_time, abs_ts, sizeof(conv_item->start_abs_time)); } } }
/** Initializes global time variables */ void hf_init_timestructs() { nstime_set_unset(&first_ts); nstime_set_unset(&prev_dis_ts); nstime_set_unset(&prev_cap_ts); }
int main(int argc, char *argv[]) { wtap *wth = NULL; wtap_dumper *pdh = NULL; Buffer buf; int err; gchar *err_info; gint64 data_offset; const struct wtap_pkthdr *phdr; guint wrong_order_count = 0; gboolean write_output_regardless = TRUE; guint i; wtapng_section_t *shb_hdr; wtapng_iface_descriptions_t *idb_inf; GPtrArray *frames; FrameRecord_t *prevFrame = NULL; int opt; int file_count; char *infile; char *outfile; /* Process the options first */ while ((opt = getopt(argc, argv, "hn")) != -1) { switch (opt) { case 'n': write_output_regardless = FALSE; break; case 'h': usage(FALSE); exit(0); case '?': usage(TRUE); exit(1); } } /* Remaining args are file names */ file_count = argc - optind; if (file_count == 2) { infile = argv[optind]; outfile = argv[optind+1]; } else { usage(TRUE); exit(1); } /* Open infile */ /* TODO: if reordercap is ever changed to give the user a choice of which open_routine reader to use, then the following needs to change. */ wth = wtap_open_offline(infile, WTAP_TYPE_AUTO, &err, &err_info, TRUE); if (wth == NULL) { fprintf(stderr, "reordercap: Can't open %s: %s\n", infile, wtap_strerror(err)); switch (err) { case WTAP_ERR_UNSUPPORTED: case WTAP_ERR_UNSUPPORTED_ENCAP: case WTAP_ERR_BAD_FILE: fprintf(stderr, "(%s)\n", err_info); g_free(err_info); break; } exit(1); } DEBUG_PRINT("file_type_subtype is %u\n", wtap_file_type_subtype(wth)); shb_hdr = wtap_file_get_shb_info(wth); idb_inf = wtap_file_get_idb_info(wth); /* Open outfile (same filetype/encap as input file) */ pdh = wtap_dump_open_ng(outfile, wtap_file_type_subtype(wth), wtap_file_encap(wth), 65535, FALSE, shb_hdr, idb_inf, &err); g_free(idb_inf); if (pdh == NULL) { fprintf(stderr, "reordercap: Failed to open output file: (%s) - error %s\n", outfile, wtap_strerror(err)); g_free(shb_hdr); exit(1); } /* Allocate the array of frame pointers. */ frames = g_ptr_array_new(); /* Read each frame from infile */ while (wtap_read(wth, &err, &err_info, &data_offset)) { FrameRecord_t *newFrameRecord; phdr = wtap_phdr(wth); newFrameRecord = g_slice_new(FrameRecord_t); newFrameRecord->num = frames->len + 1; newFrameRecord->offset = data_offset; if (phdr->presence_flags & WTAP_HAS_TS) { newFrameRecord->time = phdr->ts; } else { nstime_set_unset(&newFrameRecord->time); } if (prevFrame && frames_compare(&newFrameRecord, &prevFrame) < 0) { wrong_order_count++; } g_ptr_array_add(frames, newFrameRecord); prevFrame = newFrameRecord; } if (err != 0) { /* Print a message noting that the read failed somewhere along the line. */ fprintf(stderr, "reordercap: An error occurred while reading \"%s\": %s.\n", infile, wtap_strerror(err)); switch (err) { case WTAP_ERR_UNSUPPORTED: case WTAP_ERR_UNSUPPORTED_ENCAP: case WTAP_ERR_BAD_FILE: fprintf(stderr, "(%s)\n", err_info); g_free(err_info); break; } } printf("%u frames, %u out of order\n", frames->len, wrong_order_count); /* Sort the frames */ if (wrong_order_count > 0) { g_ptr_array_sort(frames, frames_compare); } /* Write out each sorted frame in turn */ buffer_init(&buf, 1500); for (i = 0; i < frames->len; i++) { FrameRecord_t *frame = (FrameRecord_t *)frames->pdata[i]; /* Avoid writing if already sorted and configured to */ if (write_output_regardless || (wrong_order_count > 0)) { frame_write(frame, wth, pdh, &buf, infile); } g_slice_free(FrameRecord_t, frame); } buffer_free(&buf); if (!write_output_regardless && (wrong_order_count == 0)) { printf("Not writing output file because input file is already in order!\n"); } /* Free the whole array */ g_ptr_array_free(frames, TRUE); /* Close outfile */ if (!wtap_dump_close(pdh, &err)) { fprintf(stderr, "reordercap: Error closing %s: %s\n", outfile, wtap_strerror(err)); g_free(shb_hdr); exit(1); } g_free(shb_hdr); /* Finally, close infile */ wtap_fdclose(wth); return 0; }
int main(int argc, char *argv[]) { GString *comp_info_str; GString *runtime_info_str; char *init_progfile_dir_error; wtap *wth = NULL; wtap_dumper *pdh = NULL; wtap_rec dump_rec; Buffer buf; int err; gchar *err_info; gint64 data_offset; const wtap_rec *rec; guint wrong_order_count = 0; gboolean write_output_regardless = TRUE; guint i; GArray *shb_hdrs = NULL; wtapng_iface_descriptions_t *idb_inf = NULL; GArray *nrb_hdrs = NULL; int ret = EXIT_SUCCESS; GPtrArray *frames; FrameRecord_t *prevFrame = NULL; int opt; static const struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"version", no_argument, NULL, 'v'}, {0, 0, 0, 0 } }; int file_count; char *infile; const char *outfile; cmdarg_err_init(failure_warning_message, failure_message_cont); /* Get the compile-time version information string */ comp_info_str = get_compiled_version_info(NULL, NULL); /* Get the run-time version information string */ runtime_info_str = get_runtime_version_info(NULL); /* Add it to the information to be reported on a crash. */ ws_add_crash_info("Reordercap (Wireshark) %s\n" "\n" "%s" "\n" "%s", get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str); g_string_free(comp_info_str, TRUE); g_string_free(runtime_info_str, TRUE); /* * Get credential information for later use. */ init_process_policies(); /* * Attempt to get the pathname of the directory containing the * executable file. */ init_progfile_dir_error = init_progfile_dir(argv[0]); if (init_progfile_dir_error != NULL) { fprintf(stderr, "reordercap: Can't get pathname of directory containing the reordercap program: %s.\n", init_progfile_dir_error); g_free(init_progfile_dir_error); } init_report_message(failure_warning_message, failure_warning_message, NULL, NULL, NULL); wtap_init(TRUE); /* Process the options first */ while ((opt = getopt_long(argc, argv, "hnv", long_options, NULL)) != -1) { switch (opt) { case 'n': write_output_regardless = FALSE; break; case 'h': printf("Reordercap (Wireshark) %s\n" "Reorder timestamps of input file frames into output file.\n" "See https://www.wireshark.org for more information.\n", get_ws_vcs_version_info()); print_usage(stdout); goto clean_exit; case 'v': comp_info_str = get_compiled_version_info(NULL, NULL); runtime_info_str = get_runtime_version_info(NULL); show_version("Reordercap (Wireshark)", comp_info_str, runtime_info_str); g_string_free(comp_info_str, TRUE); g_string_free(runtime_info_str, TRUE); goto clean_exit; case '?': print_usage(stderr); ret = INVALID_OPTION; goto clean_exit; } } /* Remaining args are file names */ file_count = argc - optind; if (file_count == 2) { infile = argv[optind]; outfile = argv[optind+1]; } else { print_usage(stderr); ret = INVALID_OPTION; goto clean_exit; } /* Open infile */ /* TODO: if reordercap is ever changed to give the user a choice of which open_routine reader to use, then the following needs to change. */ wth = wtap_open_offline(infile, WTAP_TYPE_AUTO, &err, &err_info, TRUE); if (wth == NULL) { cfile_open_failure_message("reordercap", infile, err, err_info); ret = OPEN_ERROR; goto clean_exit; } DEBUG_PRINT("file_type_subtype is %d\n", wtap_file_type_subtype(wth)); shb_hdrs = wtap_file_get_shb_for_new_file(wth); idb_inf = wtap_file_get_idb_info(wth); nrb_hdrs = wtap_file_get_nrb_for_new_file(wth); /* Open outfile (same filetype/encap as input file) */ if (strcmp(outfile, "-") == 0) { pdh = wtap_dump_open_stdout_ng(wtap_file_type_subtype(wth), wtap_file_encap(wth), wtap_snapshot_length(wth), FALSE, shb_hdrs, idb_inf, nrb_hdrs, &err); } else { pdh = wtap_dump_open_ng(outfile, wtap_file_type_subtype(wth), wtap_file_encap(wth), wtap_snapshot_length(wth), FALSE, shb_hdrs, idb_inf, nrb_hdrs, &err); } g_free(idb_inf); idb_inf = NULL; if (pdh == NULL) { cfile_dump_open_failure_message("reordercap", outfile, err, wtap_file_type_subtype(wth)); wtap_block_array_free(shb_hdrs); wtap_block_array_free(nrb_hdrs); ret = OUTPUT_FILE_ERROR; goto clean_exit; } /* Allocate the array of frame pointers. */ frames = g_ptr_array_new(); /* Read each frame from infile */ while (wtap_read(wth, &err, &err_info, &data_offset)) { FrameRecord_t *newFrameRecord; rec = wtap_get_rec(wth); newFrameRecord = g_slice_new(FrameRecord_t); newFrameRecord->num = frames->len + 1; newFrameRecord->offset = data_offset; if (rec->presence_flags & WTAP_HAS_TS) { newFrameRecord->frame_time = rec->ts; } else { nstime_set_unset(&newFrameRecord->frame_time); } if (prevFrame && frames_compare(&newFrameRecord, &prevFrame) < 0) { wrong_order_count++; } g_ptr_array_add(frames, newFrameRecord); prevFrame = newFrameRecord; } if (err != 0) { /* Print a message noting that the read failed somewhere along the line. */ cfile_read_failure_message("reordercap", infile, err, err_info); } printf("%u frames, %u out of order\n", frames->len, wrong_order_count); /* Sort the frames */ if (wrong_order_count > 0) { g_ptr_array_sort(frames, frames_compare); } /* Write out each sorted frame in turn */ wtap_rec_init(&dump_rec); ws_buffer_init(&buf, 1500); for (i = 0; i < frames->len; i++) { FrameRecord_t *frame = (FrameRecord_t *)frames->pdata[i]; /* Avoid writing if already sorted and configured to */ if (write_output_regardless || (wrong_order_count > 0)) { frame_write(frame, wth, pdh, &dump_rec, &buf, infile, outfile); } g_slice_free(FrameRecord_t, frame); } wtap_rec_cleanup(&dump_rec); ws_buffer_free(&buf); if (!write_output_regardless && (wrong_order_count == 0)) { printf("Not writing output file because input file is already in order.\n"); } /* Free the whole array */ g_ptr_array_free(frames, TRUE); /* Close outfile */ if (!wtap_dump_close(pdh, &err)) { cfile_close_failure_message(outfile, err); wtap_block_array_free(shb_hdrs); wtap_block_array_free(nrb_hdrs); ret = OUTPUT_FILE_ERROR; goto clean_exit; } wtap_block_array_free(shb_hdrs); wtap_block_array_free(nrb_hdrs); /* Finally, close infile and release resources. */ wtap_close(wth); clean_exit: wtap_cleanup(); free_progdirs(); return ret; }