QString PacketList::allPacketComments()
{
guint32 framenum;
frame_data *fdata;
QString buf_str;
if (!cap_file_) return buf_str;
for (framenum = 1; framenum <= cap_file_->count ; framenum++) {
fdata = frame_data_sequence_find(cap_file_->frames, framenum);
char *pkt_comment = cf_get_comment(cap_file_, fdata);
if (pkt_comment) {
buf_str.append(QString(tr("Frame %1: %2 \n\n")).arg(framenum).arg(pkt_comment));
g_free(pkt_comment);
}
if (buf_str.length() > max_comments_to_fetch_) {
buf_str.append(QString(tr("[ Comment text exceeds %1. Stopping. ]"))
.arg(format_size(max_comments_to_fetch_, format_size_unit_bytes|format_size_prefix_si)));
return buf_str;
}
}
return buf_str;
}
/* (re-)calculate the user specified packet range counts */
static void packet_range_calc_user(packet_range_t *range) {
guint32 framenum;
frame_data *packet;
range->user_range_cnt = 0L;
range->ignored_user_range_cnt = 0L;
range->displayed_user_range_cnt = 0L;
range->displayed_ignored_user_range_cnt = 0L;
/* This doesn't work unless you have a full set of frame_data
* structures for all packets in the capture, which is not,
* for example, the case when TShark is doing a one-pass
* read of a file or a live capture.
*/
if (cfile.frames != NULL) {
for(framenum = 1; framenum <= cfile.count; framenum++) {
packet = frame_data_sequence_find(cfile.frames, framenum);
if (value_is_in_range(range->user_range, framenum)) {
range->user_range_cnt++;
if (packet->flags.ignored) {
range->ignored_user_range_cnt++;
}
if (packet->flags.passed_dfilter) {
range->displayed_user_range_cnt++;
if (packet->flags.ignored) {
range->displayed_ignored_user_range_cnt++;
}
}
}
}
}
}
const gchar *
time_shift_settime(capture_file *cf, guint packet_num, const gchar *time_text)
{
nstime_t set_time, diff_time, packet_time;
frame_data *fd, *packetfd;
guint32 i;
const gchar *err_str;
if (!cf || !time_text)
return "Nothing to work with.";
if (packet_num < 1 || packet_num > cf->count)
return "Packet out of range.";
/*
* Get a copy of the real time (abs_ts - shift_offset) do we can find out the
* difference between the specified time and the original packet
*/
if ((packetfd = frame_data_sequence_find(cf->frames, packet_num)) == NULL)
return "No packets found.";
nstime_delta(&packet_time, &(packetfd->abs_ts), &(packetfd->shift_offset));
if ((err_str = time_string_to_nstime(time_text, &packet_time, &set_time)) != NULL)
return err_str;
/* Calculate difference between packet time and requested time */
nstime_delta(&diff_time, &set_time, &packet_time);
/* Up to here nothing is changed */
if ((fd = frame_data_sequence_find(cf->frames, 1)) == NULL)
return "No frames found."; /* Shouldn't happen */
modify_time_init(fd);
/* Set everything back to the original time */
for (i = 1; i <= cf->count; i++) {
if ((fd = frame_data_sequence_find(cf->frames, i)) == NULL)
continue; /* Shouldn't happen */
modify_time_perform(fd, SHIFT_POS, &diff_time, SHIFT_SETTOZERO);
}
packet_list_queue_draw();
return NULL;
}
const gchar *
time_shift_all(capture_file *cf, const gchar *offset_text)
{
nstime_t offset;
long double offset_float = 0;
guint32 i;
frame_data *fd;
gboolean neg;
int h, m;
long double f;
const gchar *err_str;
if (!cf || !offset_text)
return "Nothing to work with.";
if ((err_str = time_string_parse(offset_text, NULL, NULL, NULL, &neg, &h, &m, &f)) != NULL)
return err_str;
offset_float = h * 3600 + m * 60 + f;
if (offset_float == 0)
return "Offset is zero.";
nstime_set_zero(&offset);
offset.secs = (time_t)floorl(offset_float);
offset_float -= offset.secs;
offset.nsecs = (int)(offset_float * 1000000000);
if ((fd = frame_data_sequence_find(cf->frames, 1)) == NULL)
return "No frames found."; /* Shouldn't happen */
modify_time_init(fd);
for (i = 1; i <= cf->count; i++) {
if ((fd = frame_data_sequence_find(cf->frames, i)) == NULL)
continue; /* Shouldn't happen */
modify_time_perform(fd, neg ? SHIFT_NEG : SHIFT_POS, &offset, SHIFT_KEEPOFFSET);
}
packet_list_queue_draw();
return NULL;
}
const gchar *
time_shift_undo(capture_file *cf)
{
guint32 i;
frame_data *fd;
nstime_t nulltime;
if (!cf)
return "Nothing to work with.";
nulltime.secs = nulltime.nsecs = 0;
if (!frame_data_sequence_find(cf->frames, 1))
return "No frames found."; /* Shouldn't happen */
for (i = 1; i <= cf->count; i++) {
if ((fd = frame_data_sequence_find(cf->frames, i)) == NULL)
continue; /* Shouldn't happen */
modify_time_perform(fd, SHIFT_NEG, &nulltime, SHIFT_SETTOZERO);
}
packet_list_queue_draw();
return NULL;
}
void PacketList::ignoreAllDisplayedFrames(bool set)
{
guint32 framenum;
frame_data *fdata;
if (!cap_file_ || !packet_list_model_) return;
for (framenum = 1; framenum <= cap_file_->count; framenum++) {
fdata = frame_data_sequence_find(cap_file_->frames, framenum);
if (!set || fdata->flags.passed_dfilter)
setFrameIgnore(set, fdata);
}
emit packetDissectionChanged();
}
void PacketList::markAllDisplayedFrames(bool set)
{
guint32 framenum;
frame_data *fdata;
if (!cap_file_ || !packet_list_model_) return;
for (framenum = 1; framenum <= cap_file_->count; framenum++) {
fdata = frame_data_sequence_find(cap_file_->frames, framenum);
if (fdata->flags.passed_dfilter)
setFrameMark(set, fdata);
}
markFramesReady();
}
/* (re-)calculate the user specified packet range counts */
static void packet_range_calc_user(packet_range_t *range) {
guint32 framenum;
frame_data *packet;
range->user_range_cnt = 0;
range->ignored_user_range_cnt = 0;
range->displayed_user_range_cnt = 0;
range->displayed_ignored_user_range_cnt = 0;
g_assert(range->cf != NULL);
/* XXX - this doesn't work unless you have a full set of frame_data
* structures for all packets in the capture, which is not,
* for example, the case when TShark is doing a one-pass
* read of a file or a live capture.
*
* It's also horribly slow on large captures, causing it to
* take a long time for the Save As dialog to pop up, for
* example. This obviously can't be kept in the capture_file
* structure and recalculated whenever we filter the display
* or mark frames as ignored, as the results of this depend
* on what the user specifies. In some cases, limiting the
* frame_data structures at which we look to the ones specified
* by the user might help, but if most of the frames are in
* the range, that won't help. In that case, if we could
* examine the *complement* of the range, and *subtract* them
* from the statistics for the capture as a whole, that might
* help, but if the user specified about *half* the packets in
* the range, that won't help, either.
*/
if (range->cf->frames != NULL) {
for(framenum = 1; framenum <= range->cf->count; framenum++) {
packet = frame_data_sequence_find(range->cf->frames, framenum);
if (value_is_in_range(range->user_range, framenum)) {
range->user_range_cnt++;
if (packet->flags.ignored) {
range->ignored_user_range_cnt++;
}
if (packet->flags.passed_dfilter) {
range->displayed_user_range_cnt++;
if (packet->flags.ignored) {
range->displayed_ignored_user_range_cnt++;
}
}
}
}
}
}
void PacketList::unsetAllTimeReferences()
{
if (!cap_file_) return;
/* XXX: we might need a progressbar here */
guint32 framenum;
frame_data *fdata;
for (framenum = 1; framenum <= cap_file_->count && cap_file_->ref_time_count > 0; framenum++) {
fdata = frame_data_sequence_find(cap_file_->frames, framenum);
if (fdata->flags.ref_time == 1) {
setFrameReftime(FALSE, fdata);
}
}
redrawVisiblePackets();
}
static void lbm_uimflow_get_analysis(capture_file * cfile, seq_analysis_info_t * seq_info)
{
GList * list = NULL;
gchar time_str[COL_MAX_LEN];
register_tap_listener("lbm_uim", (void *)seq_info, NULL, TL_REQUIRES_COLUMNS, NULL, lbm_uimflow_tap_packet, NULL);
cf_retap_packets(cfile);
remove_tap_listener((void *)seq_info);
/* Fill in the timestamps. */
list = g_queue_peek_nth_link(seq_info->items, 0);
while (list != NULL)
{
seq_analysis_item_t * seq_item = (seq_analysis_item_t *)list->data;
set_fd_time(cfile->epan, frame_data_sequence_find(cfile->frames, seq_item->frame_number), time_str);
seq_item->time_str = g_strdup(time_str);
list = g_list_next(list);
}
}
void WirelessTimeline::mouseReleaseEvent(QMouseEvent *event)
{
QPointF localPos = event->localPos();
qreal offset = localPos.x() - start_x;
/* if this was a drag, ignore it */
if (std::abs(offset) > 3)
return;
/* this was a click */
guint num = find_packet(localPos.x());
if (num == 0)
return;
frame_data *fdata = frame_data_sequence_find(cfile.provider.frames, num);
if (!fdata->passed_dfilter && fdata->prev_dis_num > 0)
num = fdata->prev_dis_num;
cf_goto_frame(&cfile, num);
}
ph_stats_t*
ph_stats_new(capture_file *cf)
{
ph_stats_t *ps;
guint32 framenum;
frame_data *frame;
guint tot_packets, tot_bytes;
progdlg_t *progbar = NULL;
gboolean stop_flag;
int count;
float progbar_val;
GTimeVal start_time;
gchar status_str[100];
int progbar_nextstep;
int progbar_quantum;
if (!cf) return NULL;
/* Initialize the data */
ps = g_new(ph_stats_t, 1);
ps->tot_packets = 0;
ps->tot_bytes = 0;
ps->stats_tree = g_node_new(NULL);
ps->first_time = 0.0;
ps->last_time = 0.0;
/* Update the progress bar when it gets to this value. */
progbar_nextstep = 0;
/* When we reach the value that triggers a progress bar update,
bump that value by this amount. */
progbar_quantum = cf->count/N_PROGBAR_UPDATES;
/* Count of packets at which we've looked. */
count = 0;
/* Progress so far. */
progbar_val = 0.0f;
stop_flag = FALSE;
g_get_current_time(&start_time);
tot_packets = 0;
tot_bytes = 0;
for (framenum = 1; framenum <= cf->count; framenum++) {
frame = frame_data_sequence_find(cf->frames, framenum);
/* Create the progress bar if necessary.
We check on every iteration of the loop, so that
it takes no longer than the standard time to create
it (otherwise, for a large file, we might take
considerably longer than that standard time in order
to get to the next progress bar step). */
if (progbar == NULL)
progbar = delayed_create_progress_dlg(
cf->window, "Computing",
"protocol hierarchy statistics",
TRUE, &stop_flag, &start_time, progbar_val);
/* Update the progress bar, but do it only N_PROGBAR_UPDATES
times; when we update it, we have to run the GTK+ main
loop to get it to repaint what's pending, and doing so
may involve an "ioctl()" to see if there's any pending
input from an X server, and doing that for every packet
can be costly, especially on a big file. */
if (count >= progbar_nextstep) {
/* let's not divide by zero. I should never be started
* with count == 0, so let's assert that
*/
g_assert(cf->count > 0);
progbar_val = (gfloat) count / cf->count;
if (progbar != NULL) {
g_snprintf(status_str, sizeof(status_str),
"%4u of %u frames", count, cf->count);
update_progress_dlg(progbar, progbar_val, status_str);
}
progbar_nextstep += progbar_quantum;
}
if (stop_flag) {
/* Well, the user decided to abort the statistics.
computation process Just stop. */
break;
}
/* Skip frames that are hidden due to the display filter.
XXX - should the progress bar count only packets that
passed the display filter? If so, it should
probably do so for other loops (see "file.c") that
look only at those packets. */
if (frame->flags.passed_dfilter) {
if (frame->flags.has_ts) {
if (tot_packets == 0) {
double cur_time = nstime_to_sec(&frame->abs_ts);
ps->first_time = cur_time;
ps->last_time = cur_time;
}
}
/* we don't care about colinfo */
if (!process_record(cf, frame, NULL, ps)) {
/*
* Give up, and set "stop_flag" so we
* just abort rather than popping up
* the statistics window.
*/
stop_flag = TRUE;
break;
}
tot_packets++;
tot_bytes += frame->pkt_len;
}
count++;
}
/* We're done calculating the statistics; destroy the progress bar
if it was created. */
if (progbar != NULL)
destroy_progress_dlg(progbar);
if (stop_flag) {
/*
* We quit in the middle; throw away the statistics
* and return NULL, so our caller doesn't pop up a
* window with the incomplete statistics.
*/
ph_stats_free(ps);
return NULL;
}
ps->tot_packets = tot_packets;
ps->tot_bytes = tot_bytes;
return ps;
}
void
summary_fill_in(capture_file *cf, summary_tally *st)
{
frame_data *first_frame, *cur_frame;
guint32 framenum;
wtapng_section_t* shb_inf;
iface_options iface;
guint i;
wtapng_iface_descriptions_t* idb_info;
wtapng_if_descr_t wtapng_if_descr;
wtapng_if_stats_t *if_stats;
st->packet_count_ts = 0;
st->start_time = 0;
st->stop_time = 0;
st->bytes = 0;
st->filtered_count = 0;
st->filtered_count_ts = 0;
st->filtered_start = 0;
st->filtered_stop = 0;
st->filtered_bytes = 0;
st->marked_count = 0;
st->marked_count_ts = 0;
st->marked_start = 0;
st->marked_stop = 0;
st->marked_bytes = 0;
st->ignored_count = 0;
/* initialize the tally */
if (cf->count != 0) {
first_frame = frame_data_sequence_find(cf->frames, 1);
st->start_time = nstime_to_sec(&first_frame->abs_ts);
st->stop_time = nstime_to_sec(&first_frame->abs_ts);
for (framenum = 1; framenum <= cf->count; framenum++) {
cur_frame = frame_data_sequence_find(cf->frames, framenum);
tally_frame_data(cur_frame, st);
}
}
st->filename = cf->filename;
st->file_length = cf->f_datalen;
st->file_type = cf->cd_t;
st->iscompressed = cf->iscompressed;
st->is_tempfile = cf->is_tempfile;
st->file_encap_type = cf->lnk_t;
st->packet_encap_types = cf->linktypes;
st->has_snap = cf->has_snap;
st->snap = cf->snap;
st->elapsed_time = nstime_to_sec(&cf->elapsed_time);
st->packet_count = cf->count;
st->drops_known = cf->drops_known;
st->drops = cf->drops;
st->dfilter = cf->dfilter;
/* Get info from SHB */
shb_inf = wtap_file_get_shb_info(cf->wth);
if(shb_inf == NULL){
st->opt_comment = NULL;
st->shb_hardware = NULL;
st->shb_os = NULL;
st->shb_user_appl = NULL;
}else{
st->opt_comment = shb_inf->opt_comment;
st->shb_hardware = shb_inf->shb_hardware;
st->shb_os = shb_inf->shb_os;
st->shb_user_appl = shb_inf->shb_user_appl;
g_free(shb_inf);
}
st->ifaces = g_array_new(FALSE, FALSE, sizeof(iface_options));
idb_info = wtap_file_get_idb_info(cf->wth);
for (i = 0; i < idb_info->interface_data->len; i++) {
wtapng_if_descr = g_array_index(idb_info->interface_data, wtapng_if_descr_t, i);
iface.cfilter = g_strdup(wtapng_if_descr.if_filter_str);
iface.name = g_strdup(wtapng_if_descr.if_name);
iface.descr = g_strdup(wtapng_if_descr.if_description);
iface.drops_known = FALSE;
iface.drops = 0;
iface.snap = wtapng_if_descr.snap_len;
iface.has_snap = (iface.snap != 65535);
iface.encap_type = wtapng_if_descr.wtap_encap;
if(wtapng_if_descr.num_stat_entries == 1){
/* dumpcap only writes one ISB, only handle that for now */
if_stats = &g_array_index(wtapng_if_descr.interface_statistics, wtapng_if_stats_t, 0);
iface.drops_known = TRUE;
iface.drops = if_stats->isb_ifdrop;
iface.isb_comment = if_stats->opt_comment;
}
g_array_append_val(st->ifaces, iface);
}
g_free(idb_info);
}
/* (re-)calculate the packet counts (except the user specified range) */
static void packet_range_calc(packet_range_t *range) {
guint32 framenum;
guint32 mark_low;
guint32 mark_high;
guint32 displayed_mark_low;
guint32 displayed_mark_high;
frame_data *packet;
range->selected_packet = 0;
mark_low = 0;
mark_high = 0;
range->mark_range_cnt = 0;
range->ignored_cnt = 0;
range->ignored_marked_cnt = 0;
range->ignored_mark_range_cnt = 0;
range->ignored_user_range_cnt = 0;
displayed_mark_low = 0;
displayed_mark_high = 0;
range->displayed_cnt = 0;
range->displayed_marked_cnt = 0;
range->displayed_mark_range_cnt = 0;
range->displayed_plus_dependents_cnt = 0;
range->displayed_ignored_cnt = 0;
range->displayed_ignored_marked_cnt = 0;
range->displayed_ignored_mark_range_cnt = 0;
range->displayed_ignored_user_range_cnt = 0;
g_assert(range->cf != NULL);
/* XXX - this doesn't work unless you have a full set of frame_data
* structures for all packets in the capture, which is not,
* for example, the case when TShark is doing a one-pass
* read of a file or a live capture.
*
* It's also horribly slow on large captures, causing it to
* take a long time for the Save As dialog to pop up, for
* example. We should really keep these statistics in
* the capture_file structure, updating them whenever we
* filter the display, etc..
*/
if (range->cf->frames != NULL) {
/* The next for-loop is used to obtain the amount of packets
* to be processed and is used to present the information in
* the Save/Print As widget.
* We have different types of ranges: All the packets, the number
* of packets of a marked range, a single packet, and a user specified
* packet range. The last one is not calculated here since this
* data must be entered in the widget by the user.
*/
for(framenum = 1; framenum <= range->cf->count; framenum++) {
packet = frame_data_sequence_find(range->cf->frames, framenum);
if (range->cf->current_frame == packet) {
range->selected_packet = framenum;
}
if (packet->flags.passed_dfilter) {
range->displayed_cnt++;
}
if (packet->flags.passed_dfilter ||
packet->flags.dependent_of_displayed) {
range->displayed_plus_dependents_cnt++;
}
if (packet->flags.marked) {
if (packet->flags.ignored) {
range->ignored_marked_cnt++;
}
if (packet->flags.passed_dfilter) {
range->displayed_marked_cnt++;
if (packet->flags.ignored) {
range->displayed_ignored_marked_cnt++;
}
if (displayed_mark_low == 0) {
displayed_mark_low = framenum;
}
if (framenum > displayed_mark_high) {
displayed_mark_high = framenum;
}
}
if (mark_low == 0) {
mark_low = framenum;
}
if (framenum > mark_high) {
mark_high = framenum;
}
}
if (packet->flags.ignored) {
range->ignored_cnt++;
if (packet->flags.passed_dfilter) {
range->displayed_ignored_cnt++;
}
}
}
for(framenum = 1; framenum <= range->cf->count; framenum++) {
packet = frame_data_sequence_find(range->cf->frames, framenum);
if (framenum >= mark_low &&
framenum <= mark_high)
{
range->mark_range_cnt++;
if (packet->flags.ignored) {
range->ignored_mark_range_cnt++;
}
}
if (framenum >= displayed_mark_low &&
framenum <= displayed_mark_high)
{
if (packet->flags.passed_dfilter) {
range->displayed_mark_range_cnt++;
if (packet->flags.ignored) {
range->displayed_ignored_mark_range_cnt++;
}
}
}
}
#if 0
/* in case we marked just one packet, we add 1. */
if (range->cf->marked_count != 0) {
range->mark_range = mark_high - mark_low + 1;
}
/* in case we marked just one packet, we add 1. */
if (range->displayed_marked_cnt != 0) {
range->displayed_mark_range = displayed_mark_high - displayed_mark_low + 1;
}
#endif
}
}
const gchar *
time_shift_adjtime(capture_file *cf, guint packet1_num, const gchar *time1_text, guint packet2_num, const gchar *time2_text)
{
nstime_t nt1, nt2, ot1, ot2, nt3;
nstime_t dnt, dot, d3t;
frame_data *fd, *packet1fd, *packet2fd;
guint32 i;
const gchar *err_str;
if (!cf || !time1_text || !time2_text)
return "Nothing to work with.";
if (packet1_num < 1 || packet1_num > cf->count || packet2_num < 1 || packet2_num > cf->count)
return "Packet out of range.";
/*
* The following time format is allowed:
* [YYYY-MM-DD] hh:mm:ss(.decimals)?
*
* Since Wireshark doesn't support regular expressions (please prove me
* wrong :-) we will have to figure it out ourselves in the
* following order:
*
* 1. YYYY-MM-DD hh:mm:ss.decimals
* 2. hh:mm:ss.decimals
*
*/
/*
* Get a copy of the real time (abs_ts - shift_offset) do we can find out the
* difference between the specified time and the original packet
*/
if ((packet1fd = frame_data_sequence_find(cf->frames, packet1_num)) == NULL)
return "No frames found.";
nstime_copy(&ot1, &(packet1fd->abs_ts));
nstime_subtract(&ot1, &(packet1fd->shift_offset));
if ((err_str = time_string_to_nstime(time1_text, &ot1, &nt1)) != NULL)
return err_str;
/*
* Get a copy of the real time (abs_ts - shift_offset) do we can find out the
* difference between the specified time and the original packet
*/
if ((packet2fd = frame_data_sequence_find(cf->frames, packet2_num)) == NULL)
return "No frames found.";
nstime_copy(&ot2, &(packet2fd->abs_ts));
nstime_subtract(&ot2, &(packet2fd->shift_offset));
if ((err_str = time_string_to_nstime(time2_text, &ot2, &nt2)) != NULL)
return err_str;
nstime_copy(&dot, &ot2);
nstime_subtract(&dot, &ot1);
nstime_copy(&dnt, &nt2);
nstime_subtract(&dnt, &nt1);
/* Up to here nothing is changed */
if (!frame_data_sequence_find(cf->frames, 1))
return "No frames found."; /* Shouldn't happen */
for (i = 1; i <= cf->count; i++) {
if ((fd = frame_data_sequence_find(cf->frames, i)) == NULL)
continue; /* Shouldn't happen */
/* Set everything back to the original time */
nstime_subtract(&(fd->abs_ts), &(fd->shift_offset));
nstime_set_zero(&(fd->shift_offset));
/* Add the difference to each packet */
calcNT3(&ot1, &(fd->abs_ts), &nt1, &nt3, &dot, &dnt);
nstime_copy(&d3t, &nt3);
nstime_subtract(&d3t, &(fd->abs_ts));
modify_time_perform(fd, SHIFT_POS, &d3t, SHIFT_SETTOZERO);
}
packet_list_queue_draw();
return NULL;
}
void
summary_fill_in(capture_file *cf, summary_tally *st)
{
frame_data *first_frame, *cur_frame;
guint32 framenum;
wtapng_section_t* shb_inf;
st->packet_count_ts = 0;
st->start_time = 0;
st->stop_time = 0;
st->bytes = 0;
st->filtered_count = 0;
st->filtered_count_ts = 0;
st->filtered_start = 0;
st->filtered_stop = 0;
st->filtered_bytes = 0;
st->marked_count = 0;
st->marked_count_ts = 0;
st->marked_start = 0;
st->marked_stop = 0;
st->marked_bytes = 0;
st->ignored_count = 0;
/* initialize the tally */
if (cf->count != 0) {
first_frame = frame_data_sequence_find(cf->frames, 1);
st->start_time = nstime_to_sec(&first_frame->abs_ts);
st->stop_time = nstime_to_sec(&first_frame->abs_ts);
for (framenum = 1; framenum <= cf->count; framenum++) {
cur_frame = frame_data_sequence_find(cf->frames, framenum);
tally_frame_data(cur_frame, st);
}
}
st->filename = cf->filename;
st->file_length = cf->f_datalen;
st->file_type = cf->cd_t;
st->is_tempfile = cf->is_tempfile;
st->encap_type = cf->lnk_t;
st->has_snap = cf->has_snap;
st->snap = cf->snap;
st->elapsed_time = nstime_to_sec(&cf->elapsed_time);
st->packet_count = cf->count;
st->drops_known = cf->drops_known;
st->drops = cf->drops;
st->dfilter = cf->dfilter;
/* Get info from SHB */
shb_inf = wtap_file_get_shb_info(cf->wth);
if(shb_inf == NULL){
st->opt_comment = NULL;
st->shb_hardware = NULL;
st->shb_os = NULL;
st->shb_user_appl = NULL;
}else{
st->opt_comment = shb_inf->opt_comment;
st->shb_hardware = shb_inf->shb_hardware;
st->shb_os = shb_inf->shb_os;
st->shb_user_appl = shb_inf->shb_user_appl;
g_free(shb_inf);
}
st->ifaces = g_array_new(FALSE, FALSE, sizeof(iface_options));
}
