static int process_cap_file(wtap *wth, const char *filename) { int err; gchar *err_info; gint64 size; gint64 data_offset; guint32 packet = 0; gint64 bytes = 0; guint32 snaplen_min_inferred = 0xffffffff; guint32 snaplen_max_inferred = 0; const struct wtap_pkthdr *phdr; capture_info cf_info; gboolean have_times = TRUE; double start_time = 0; double stop_time = 0; double cur_time = 0; double prev_time = 0; gboolean know_order = FALSE; order_t order = IN_ORDER; cf_info.encap_counts = g_malloc0(WTAP_NUM_ENCAP_TYPES * sizeof(int)); /* Tally up data that we need to parse through the file to find */ while (wtap_read(wth, &err, &err_info, &data_offset)) { phdr = wtap_phdr(wth); if (phdr->presence_flags & WTAP_HAS_TS) { prev_time = cur_time; cur_time = secs_nsecs(&phdr->ts); if(packet==0) { start_time = cur_time; stop_time = cur_time; prev_time = cur_time; } if (cur_time < prev_time) { order = NOT_IN_ORDER; } if (cur_time < start_time) { start_time = cur_time; } if (cur_time > stop_time) { stop_time = cur_time; } } else { have_times = FALSE; /* at least one packet has no time stamp */ if (order != NOT_IN_ORDER) order = ORDER_UNKNOWN; } bytes+=phdr->len; packet++; /* If caplen < len for a rcd, then presumably */ /* 'Limit packet capture length' was done for this rcd. */ /* Keep track as to the min/max actual snapshot lengths */ /* seen for this file. */ if (phdr->caplen < phdr->len) { if (phdr->caplen < snaplen_min_inferred) snaplen_min_inferred = phdr->caplen; if (phdr->caplen > snaplen_max_inferred) snaplen_max_inferred = phdr->caplen; } /* Per-packet encapsulation */ if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) { if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) { cf_info.encap_counts[phdr->pkt_encap] += 1; } else { fprintf(stderr, "capinfos: Unknown per-packet encapsulation: %d [frame number: %d]\n", phdr->pkt_encap, packet); } } } /* while */ if (err != 0) { fprintf(stderr, "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n", packet, filename, wtap_strerror(err)); switch (err) { case WTAP_ERR_UNSUPPORTED: case WTAP_ERR_UNSUPPORTED_ENCAP: case WTAP_ERR_BAD_FILE: case WTAP_ERR_DECOMPRESS: fprintf(stderr, "(%s)\n", err_info); g_free(err_info); break; } g_free(cf_info.encap_counts); return 1; } /* File size */ size = wtap_file_size(wth, &err); if (size == -1) { fprintf(stderr, "capinfos: Can't get size of \"%s\": %s.\n", filename, g_strerror(err)); g_free(cf_info.encap_counts); return 1; } cf_info.filesize = size; /* File Type */ cf_info.file_type = wtap_file_type(wth); cf_info.iscompressed = wtap_iscompressed(wth); /* File Encapsulation */ cf_info.file_encap = wtap_file_encap(wth); /* Packet size limit (snaplen) */ cf_info.snaplen = wtap_snapshot_length(wth); if(cf_info.snaplen > 0) cf_info.snap_set = TRUE; else cf_info.snap_set = FALSE; cf_info.snaplen_min_inferred = snaplen_min_inferred; cf_info.snaplen_max_inferred = snaplen_max_inferred; /* # of packets */ cf_info.packet_count = packet; /* File Times */ cf_info.times_known = have_times; cf_info.start_time = start_time; cf_info.stop_time = stop_time; cf_info.duration = stop_time-start_time; cf_info.know_order = know_order; cf_info.order = order; /* Number of packet bytes */ cf_info.packet_bytes = bytes; cf_info.data_rate = 0.0; cf_info.packet_rate = 0.0; cf_info.packet_size = 0.0; if (packet > 0) { if (cf_info.duration > 0.0) { cf_info.data_rate = (double)bytes / (stop_time-start_time); /* Data rate per second */ cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */ } cf_info.packet_size = (double)bytes / packet; /* Avg packet size */ } if(long_report) { print_stats(filename, &cf_info); } else { print_stats_table(filename, &cf_info); } g_free(cf_info.encap_counts); return 0; }
/** * This function processes a specified capture file with the specified fields of interest * and display filter. This function calls the appropriate language-specific callback * function in <cb> to manipulate data structures in the caller's scope. * * @param filename valid pcap file * @param nfields a positive integer describing the number of fields * @param fields an array of strings * @return 0 on success, else error. */ glong sharktools_get_cb(gchar *filename, gulong nfields, const gchar **fields, gchar *dfilterorig, sharktools_callbacks *cb) { gsize i; capture_file cfile; gchar *cf_name = NULL; char *dfilter; dfilter_t *rfcode = NULL; // Create an stdata struct on the stack st_data_t stdata; dprintf("%s: entering...\n", __FUNCTION__); dprintf("%s: dfilterorig: %s\n", __FUNCTION__, dfilterorig); dfilter = strdup(dfilterorig); dprintf("%s: dfilter: %s\n", __FUNCTION__, dfilter); if(!dfilter_compile(dfilter, &rfcode)) { sprintf(errmsg, "%s", dfilter_error_msg); printf("errmsg"); if(rfcode) dfilter_free(rfcode); return -1; } // Defined in cfile.c, looks easy enough to use cap_file_init(&cfile); cf_name = filename; // Open pcap file int err; if(cf_open(&cfile, cf_name, FALSE, &err) != CF_OK) { //sprintf(errmsg, "%s", dfilter_error_msg); if(rfcode) dfilter_free(rfcode); return -1; } dprintf("nfields = %ld\n", nfields); stdata_init(&stdata, nfields); stdata_add_fields(&stdata, fields, nfields); dprintf("stdata.fields->len = %d\n", stdata.fields->len); dprintf("stdata.field_types = %lX\n", (glong)stdata.field_types); dprintf("%s: opened file\n", __FUNCTION__); cfile.rfcode = rfcode; gchar *err_info; gint64 data_offset; // Read and process each packet one at a time while(wtap_read(cfile.wth, &err, &err_info, &data_offset)) { dprintf("*******************************\n"); // (Re)-set all the stdata.field_{values,types} fields for(i = 0; i < nfields; i++) { stdata.field_types[i] = FT_NONE; } gboolean passed = FALSE; passed = process_packet(&cfile, data_offset, &stdata); if(passed) { dprintf("found!\n)"); gpointer row = cb->row_new(cb); for(i = 0; i < nfields; i++) { gpointer key; key = cb->keys[i]; dprintf("key = %p\n", key); dprintf("types[%ld] = %ld\n", i, stdata.field_types[i]); cb->row_set(cb, row, key, stdata.field_types[i], g_ptr_array_index( stdata.tree_values, i) ); } cb->row_add(cb, row); //reset tree_values g_ptr_array_free( stdata.tree_values, TRUE); stdata.tree_values = g_ptr_array_new(); for(i = 0; i < nfields; i++) { g_ptr_array_add( stdata.tree_values, g_ptr_array_new() ); } } } if(rfcode) dfilter_free(rfcode); wtap_close(cfile.wth); cfile.wth = NULL; stdata_cleanup(&stdata); dprintf("%s: ...leaving.\n", __FUNCTION__); return 0; }
/** * This function returns the number of packets in <filename> that would * pass through the filter <dfilter>. This was necessary to mitigate memory * usage in Matlab, where dynamically-growing or shrinking data structures * (apparently) don't exist. If it looks hacky, it is :-) * * NB: there is a race condition between running sharktools_count() and * sharktools_get_cb(), since we close and reopen the pcap file in between. */ glong sharktools_count(char *filename, char *dfilter) { capture_file cfile; gchar *cf_name = NULL; dfilter_t *rfcode = NULL; glong count = 0; dprintf("%s: entering...\n", __FUNCTION__); dprintf("%s: dfilter: %s\n", __FUNCTION__, dfilter); if(!dfilter_compile(dfilter, &rfcode)) { sprintf(errmsg, "%s", dfilter_error_msg); printf("errmsg"); if(rfcode) dfilter_free(rfcode); return -1; } // Defined in cfile.c, looks easy enough to use cap_file_init(&cfile); cf_name = filename; // Open pcap file int err; if(cf_open(&cfile, cf_name, FALSE, &err) != CF_OK) { //sprintf(errmsg, "%s", dfilter_error_msg); if(rfcode) dfilter_free(rfcode); return -1; } dprintf("%s: opened file\n", __FUNCTION__); cfile.rfcode = rfcode; gchar *err_info; gint64 data_offset; // Read and process each packet one at a time while(wtap_read(cfile.wth, &err, &err_info, &data_offset)) { gboolean passed = TRUE; // Only process packets if there's a display filter specified if(dfilter != NULL && *dfilter != '\0') { // Passing in NULL for st_data_t means we're just counting passed = process_packet(&cfile, data_offset, NULL); } if(passed) { count++; //dprintf("count! %d\n", count); } } if(rfcode) dfilter_free(rfcode); wtap_close(cfile.wth); cfile.wth = NULL; return count; }
int main(int argc, char *argv[]) { int ser_fd; GError *err = NULL; int werr; gchar *err_info; gint64 data_offset; wtap *w; GOptionContext *opt_ctxt; gint64 ts_start_us = 0; gint64 time_start_us = 0; opt_ctxt = g_option_context_new ("FILE"); g_option_context_add_main_entries(opt_ctxt, app_options, NULL); if (!g_option_context_parse(opt_ctxt, &argc, &argv, &err)) { g_printerr("Failed to parse options: %s\n", err->message); return EXIT_FAILURE; } g_option_context_free(opt_ctxt); w = wtap_open_offline(argv[1], WTAP_TYPE_AUTO, &werr, &err_info, FALSE); if (!w) { g_printerr("Failed to open packet file: %d\n", werr); return EXIT_FAILURE; } if (pseudo) { ser_fd = open_pseudo_terminal(&err); if (ser_fd < 0) { g_printerr("Failed open pseudo terminal: %s\n", err->message); return EXIT_FAILURE; } } else { ser_fd = profibus_serial_open(device, speed, &err); if (ser_fd < 0) { g_printerr("Failed open serial port: %s\n", err->message); return EXIT_FAILURE; } } while(TRUE) { guint8 *data; struct wtap_pkthdr *hdr; if (!wtap_read(w, &werr, &err_info, &data_offset)) { if (err == 0) break; g_printerr("Failed to read packet file: %d\n", werr); return EXIT_FAILURE; } hdr = wtap_phdr(w); data = wtap_buf_ptr(w); if (timing) { if (time_start_us == 0) { ts_start_us = hdr->ts.secs * 1000000LL + hdr->ts.nsecs / 1000; time_start_us = g_get_monotonic_time(); } else { gint64 ts = hdr->ts.secs * 1000000LL + hdr->ts.nsecs / 1000; gint64 next = time_start_us + (ts - ts_start_us); gint64 now = g_get_monotonic_time(); gint64 delay = next - now; if (delay > 0) { poll(NULL, 0, delay / 1000); } } } if (write(ser_fd, data, hdr->len) != hdr->len) { g_printerr("Failed to write to serial device: %s\n", strerror(errno)); break; } /* g_debug("Write %d", hdr->len); */ } wtap_close(w); g_message("EOF"); close(ser_fd); return EXIT_SUCCESS; }
static int process_cap_file(wtap *wth, const char *filename) { int status = 0; int err; gchar *err_info; gint64 size; gint64 data_offset; guint32 packet = 0; gint64 bytes = 0; guint32 snaplen_min_inferred = 0xffffffff; guint32 snaplen_max_inferred = 0; const struct wtap_pkthdr *phdr; capture_info cf_info; gboolean have_times = TRUE; double start_time = 0; double stop_time = 0; double cur_time = 0; double prev_time = 0; gboolean know_order = FALSE; order_t order = IN_ORDER; wtapng_section_t *shb_inf; gchar *p; cf_info.encap_counts = g_new0(int,WTAP_NUM_ENCAP_TYPES); /* Tally up data that we need to parse through the file to find */ while (wtap_read(wth, &err, &err_info, &data_offset)) { phdr = wtap_phdr(wth); if (phdr->presence_flags & WTAP_HAS_TS) { prev_time = cur_time; cur_time = nstime_to_sec(&phdr->ts); if (packet == 0) { start_time = cur_time; stop_time = cur_time; prev_time = cur_time; } if (cur_time < prev_time) { order = NOT_IN_ORDER; } if (cur_time < start_time) { start_time = cur_time; } if (cur_time > stop_time) { stop_time = cur_time; } } else { have_times = FALSE; /* at least one packet has no time stamp */ if (order != NOT_IN_ORDER) order = ORDER_UNKNOWN; } if (phdr->rec_type == REC_TYPE_PACKET) { bytes+=phdr->len; packet++; /* If caplen < len for a rcd, then presumably */ /* 'Limit packet capture length' was done for this rcd. */ /* Keep track as to the min/max actual snapshot lengths */ /* seen for this file. */ if (phdr->caplen < phdr->len) { if (phdr->caplen < snaplen_min_inferred) snaplen_min_inferred = phdr->caplen; if (phdr->caplen > snaplen_max_inferred) snaplen_max_inferred = phdr->caplen; } /* Per-packet encapsulation */ if (wtap_file_encap(wth) == WTAP_ENCAP_PER_PACKET) { if ((phdr->pkt_encap > 0) && (phdr->pkt_encap < WTAP_NUM_ENCAP_TYPES)) { cf_info.encap_counts[phdr->pkt_encap] += 1; } else { fprintf(stderr, "capinfos: Unknown per-packet encapsulation: %d [frame number: %d]\n", phdr->pkt_encap, packet); } } } } /* while */ if (err != 0) { fprintf(stderr, "capinfos: An error occurred after reading %u packets from \"%s\": %s.\n", packet, filename, wtap_strerror(err)); switch (err) { case WTAP_ERR_SHORT_READ: status = 1; fprintf(stderr, " (will continue anyway, checksums might be incorrect)\n"); break; case WTAP_ERR_UNSUPPORTED: case WTAP_ERR_UNSUPPORTED_ENCAP: case WTAP_ERR_BAD_FILE: case WTAP_ERR_DECOMPRESS: fprintf(stderr, "(%s)\n", err_info); g_free(err_info); /* fallthrough */ default: g_free(cf_info.encap_counts); return 1; } } /* File size */ size = wtap_file_size(wth, &err); if (size == -1) { fprintf(stderr, "capinfos: Can't get size of \"%s\": %s.\n", filename, g_strerror(err)); g_free(cf_info.encap_counts); return 1; } cf_info.filesize = size; /* File Type */ cf_info.file_type = wtap_file_type_subtype(wth); cf_info.iscompressed = wtap_iscompressed(wth); /* File Encapsulation */ cf_info.file_encap = wtap_file_encap(wth); /* Packet size limit (snaplen) */ cf_info.snaplen = wtap_snapshot_length(wth); if (cf_info.snaplen > 0) cf_info.snap_set = TRUE; else cf_info.snap_set = FALSE; cf_info.snaplen_min_inferred = snaplen_min_inferred; cf_info.snaplen_max_inferred = snaplen_max_inferred; /* # of packets */ cf_info.packet_count = packet; /* File Times */ cf_info.times_known = have_times; cf_info.start_time = start_time; cf_info.stop_time = stop_time; cf_info.duration = stop_time-start_time; cf_info.know_order = know_order; cf_info.order = order; /* Number of packet bytes */ cf_info.packet_bytes = bytes; cf_info.data_rate = 0.0; cf_info.packet_rate = 0.0; cf_info.packet_size = 0.0; if (packet > 0) { if (cf_info.duration > 0.0) { cf_info.data_rate = (double)bytes / (stop_time-start_time); /* Data rate per second */ cf_info.packet_rate = (double)packet / (stop_time-start_time); /* packet rate per second */ } cf_info.packet_size = (double)bytes / packet; /* Avg packet size */ } cf_info.comment = NULL; shb_inf = wtap_file_get_shb_info(wth); if (shb_inf) { /* opt_comment is always 0-terminated by pcapng_read_section_header_block */ cf_info.comment = g_strdup(shb_inf->opt_comment); } g_free(shb_inf); if (cf_info.comment) { /* multi-line comments would conflict with the formatting that capinfos uses we replace linefeeds with spaces */ p = cf_info.comment; while (*p != '\0') { if (*p == '\n') *p = ' '; p++; } } if (long_report) { print_stats(filename, &cf_info); } else { print_stats_table(filename, &cf_info); } g_free(cf_info.encap_counts); g_free(cf_info.comment); return status; }
int main(int argc, char *argv[]) { GString *comp_info_str; GString *runtime_info_str; char *init_progfile_dir_error; wtap *wth = NULL; wtap_dumper *pdh = NULL; wtap_rec dump_rec; Buffer buf; int err; gchar *err_info; gint64 data_offset; const wtap_rec *rec; guint wrong_order_count = 0; gboolean write_output_regardless = TRUE; guint i; GArray *shb_hdrs = NULL; wtapng_iface_descriptions_t *idb_inf = NULL; GArray *nrb_hdrs = NULL; int ret = EXIT_SUCCESS; GPtrArray *frames; FrameRecord_t *prevFrame = NULL; int opt; static const struct option long_options[] = { {"help", no_argument, NULL, 'h'}, {"version", no_argument, NULL, 'v'}, {0, 0, 0, 0 } }; int file_count; char *infile; const char *outfile; cmdarg_err_init(failure_warning_message, failure_message_cont); /* Get the compile-time version information string */ comp_info_str = get_compiled_version_info(NULL, NULL); /* Get the run-time version information string */ runtime_info_str = get_runtime_version_info(NULL); /* Add it to the information to be reported on a crash. */ ws_add_crash_info("Reordercap (Wireshark) %s\n" "\n" "%s" "\n" "%s", get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str); g_string_free(comp_info_str, TRUE); g_string_free(runtime_info_str, TRUE); /* * Get credential information for later use. */ init_process_policies(); /* * Attempt to get the pathname of the directory containing the * executable file. */ init_progfile_dir_error = init_progfile_dir(argv[0]); if (init_progfile_dir_error != NULL) { fprintf(stderr, "reordercap: Can't get pathname of directory containing the reordercap program: %s.\n", init_progfile_dir_error); g_free(init_progfile_dir_error); } init_report_message(failure_warning_message, failure_warning_message, NULL, NULL, NULL); wtap_init(TRUE); /* Process the options first */ while ((opt = getopt_long(argc, argv, "hnv", long_options, NULL)) != -1) { switch (opt) { case 'n': write_output_regardless = FALSE; break; case 'h': printf("Reordercap (Wireshark) %s\n" "Reorder timestamps of input file frames into output file.\n" "See https://www.wireshark.org for more information.\n", get_ws_vcs_version_info()); print_usage(stdout); goto clean_exit; case 'v': comp_info_str = get_compiled_version_info(NULL, NULL); runtime_info_str = get_runtime_version_info(NULL); show_version("Reordercap (Wireshark)", comp_info_str, runtime_info_str); g_string_free(comp_info_str, TRUE); g_string_free(runtime_info_str, TRUE); goto clean_exit; case '?': print_usage(stderr); ret = INVALID_OPTION; goto clean_exit; } } /* Remaining args are file names */ file_count = argc - optind; if (file_count == 2) { infile = argv[optind]; outfile = argv[optind+1]; } else { print_usage(stderr); ret = INVALID_OPTION; goto clean_exit; } /* Open infile */ /* TODO: if reordercap is ever changed to give the user a choice of which open_routine reader to use, then the following needs to change. */ wth = wtap_open_offline(infile, WTAP_TYPE_AUTO, &err, &err_info, TRUE); if (wth == NULL) { cfile_open_failure_message("reordercap", infile, err, err_info); ret = OPEN_ERROR; goto clean_exit; } DEBUG_PRINT("file_type_subtype is %d\n", wtap_file_type_subtype(wth)); shb_hdrs = wtap_file_get_shb_for_new_file(wth); idb_inf = wtap_file_get_idb_info(wth); nrb_hdrs = wtap_file_get_nrb_for_new_file(wth); /* Open outfile (same filetype/encap as input file) */ if (strcmp(outfile, "-") == 0) { pdh = wtap_dump_open_stdout_ng(wtap_file_type_subtype(wth), wtap_file_encap(wth), wtap_snapshot_length(wth), FALSE, shb_hdrs, idb_inf, nrb_hdrs, &err); } else { pdh = wtap_dump_open_ng(outfile, wtap_file_type_subtype(wth), wtap_file_encap(wth), wtap_snapshot_length(wth), FALSE, shb_hdrs, idb_inf, nrb_hdrs, &err); } g_free(idb_inf); idb_inf = NULL; if (pdh == NULL) { cfile_dump_open_failure_message("reordercap", outfile, err, wtap_file_type_subtype(wth)); wtap_block_array_free(shb_hdrs); wtap_block_array_free(nrb_hdrs); ret = OUTPUT_FILE_ERROR; goto clean_exit; } /* Allocate the array of frame pointers. */ frames = g_ptr_array_new(); /* Read each frame from infile */ while (wtap_read(wth, &err, &err_info, &data_offset)) { FrameRecord_t *newFrameRecord; rec = wtap_get_rec(wth); newFrameRecord = g_slice_new(FrameRecord_t); newFrameRecord->num = frames->len + 1; newFrameRecord->offset = data_offset; if (rec->presence_flags & WTAP_HAS_TS) { newFrameRecord->frame_time = rec->ts; } else { nstime_set_unset(&newFrameRecord->frame_time); } if (prevFrame && frames_compare(&newFrameRecord, &prevFrame) < 0) { wrong_order_count++; } g_ptr_array_add(frames, newFrameRecord); prevFrame = newFrameRecord; } if (err != 0) { /* Print a message noting that the read failed somewhere along the line. */ cfile_read_failure_message("reordercap", infile, err, err_info); } printf("%u frames, %u out of order\n", frames->len, wrong_order_count); /* Sort the frames */ if (wrong_order_count > 0) { g_ptr_array_sort(frames, frames_compare); } /* Write out each sorted frame in turn */ wtap_rec_init(&dump_rec); ws_buffer_init(&buf, 1500); for (i = 0; i < frames->len; i++) { FrameRecord_t *frame = (FrameRecord_t *)frames->pdata[i]; /* Avoid writing if already sorted and configured to */ if (write_output_regardless || (wrong_order_count > 0)) { frame_write(frame, wth, pdh, &dump_rec, &buf, infile, outfile); } g_slice_free(FrameRecord_t, frame); } wtap_rec_cleanup(&dump_rec); ws_buffer_free(&buf); if (!write_output_regardless && (wrong_order_count == 0)) { printf("Not writing output file because input file is already in order.\n"); } /* Free the whole array */ g_ptr_array_free(frames, TRUE); /* Close outfile */ if (!wtap_dump_close(pdh, &err)) { cfile_close_failure_message(outfile, err); wtap_block_array_free(shb_hdrs); wtap_block_array_free(nrb_hdrs); ret = OUTPUT_FILE_ERROR; goto clean_exit; } wtap_block_array_free(shb_hdrs); wtap_block_array_free(nrb_hdrs); /* Finally, close infile and release resources. */ wtap_close(wth); clean_exit: wtap_cleanup(); free_progdirs(); return ret; }