2006-01-09 21:14:32 +00:00
|
|
|
/* Edit capture files. We can delete packets, adjust timestamps, or
|
2001-07-12 08:16:45 +00:00
|
|
|
* simply convert from one format to another format.
|
1999-12-04 21:42:56 +00:00
|
|
|
*
|
1999-12-04 12:53:52 +00:00
|
|
|
* Originally written by Richard Sharpe.
|
|
|
|
|
* Improved by Guy Harris.
|
2000-01-17 20:21:40 +00:00
|
|
|
* Further improved by Richard Sharpe.
|
2013-01-14 15:25:49 +00:00
|
|
|
*
|
|
|
|
|
* Copyright 2013, Richard Sharpe <realrichardsharpe[AT]gmail.com>
|
|
|
|
|
*
|
|
|
|
|
* $Id$
|
|
|
|
|
*
|
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
1999-12-04 12:53:52 +00:00
|
|
|
*/
|
|
|
|
|
|
2000-04-12 21:52:11 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
|
2012-02-24 05:17:46 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
|
|
2007-01-16 19:13:09 +00:00
|
|
|
/*
|
|
|
|
|
* Just make sure we include the prototype for strptime as well
|
2007-04-22 20:04:34 +00:00
|
|
|
* (needed for glibc 2.2) but make sure we do this only if not
|
|
|
|
|
* yet defined.
|
2007-01-16 19:13:09 +00:00
|
|
|
*/
|
|
|
|
|
|
2007-04-22 20:04:34 +00:00
|
|
|
#ifndef __USE_XOPEN
|
|
|
|
|
# define __USE_XOPEN
|
|
|
|
|
#endif
|
|
|
|
|
|
2007-01-16 19:13:09 +00:00
|
|
|
#include <time.h>
|
1999-12-04 12:53:52 +00:00
|
|
|
#include <glib.h>
|
2000-04-12 21:52:11 +00:00
|
|
|
|
|
|
|
|
#ifdef HAVE_UNISTD_H
|
1999-12-04 12:53:52 +00:00
|
|
|
#include <unistd.h>
|
2000-04-12 21:52:11 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TIME_H
|
1999-12-04 12:53:52 +00:00
|
|
|
#include <sys/time.h>
|
2000-04-12 21:52:11 +00:00
|
|
|
#endif
|
|
|
|
|
|
1999-12-04 12:53:52 +00:00
|
|
|
#include "wtap.h"
|
|
|
|
|
|
2011-08-09 21:02:10 +00:00
|
|
|
#ifndef HAVE_GETOPT
|
2010-05-28 20:19:55 +00:00
|
|
|
#include "wsutil/wsgetopt.h"
|
2000-04-12 21:52:11 +00:00
|
|
|
#endif
|
|
|
|
|
|
2005-07-26 09:34:49 +00:00
|
|
|
#ifdef _WIN32
|
2013-02-20 01:19:42 +00:00
|
|
|
#include <wsutil/file_util.h>
|
2011-05-24 00:07:56 +00:00
|
|
|
#include <wsutil/unicode-utils.h>
|
2005-07-26 09:34:49 +00:00
|
|
|
#include <process.h> /* getpid */
|
2008-10-24 00:42:09 +00:00
|
|
|
#ifdef HAVE_WINSOCK2_H
|
|
|
|
|
#include <winsock2.h>
|
|
|
|
|
#endif
|
2005-07-26 09:34:49 +00:00
|
|
|
#endif
|
|
|
|
|
|
2006-03-13 22:20:07 +00:00
|
|
|
#ifdef NEED_STRPTIME_H
|
2010-05-28 20:19:55 +00:00
|
|
|
# include "wsutil/strptime.h"
|
2006-03-13 22:20:07 +00:00
|
|
|
#endif
|
|
|
|
|
|
2013-03-07 17:20:12 +00:00
|
|
|
#include <wsutil/privileges.h>
|
2013-07-16 01:16:50 +00:00
|
|
|
#include <wsutil/report_err.h>
|
|
|
|
|
#include <wsutil/strnatcmp.h>
|
2013-08-01 23:34:47 +00:00
|
|
|
#include <wsutil/md5.h>
|
2013-03-07 17:20:12 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The symbols declared in the below are exported from libwireshark,
|
|
|
|
|
* but we don't want to link whole libwireshark to editcap.
|
|
|
|
|
* We link the object directly instead and this needs a little trick
|
|
|
|
|
* with the WS_BUILD_DLL #define.
|
|
|
|
|
*/
|
|
|
|
|
#define WS_BUILD_DLL
|
|
|
|
|
#define RESET_SYMBOL_EXPORT /* wsutil/wsgetopt.h set export behavior above. */
|
2007-05-25 17:22:32 +00:00
|
|
|
#include "epan/plugins.h"
|
|
|
|
|
#include "epan/filesystem.h"
|
2013-03-07 17:20:12 +00:00
|
|
|
#undef WS_BUILD_DLL
|
|
|
|
|
#define RESET_SYMBOL_EXPORT
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2006-01-10 21:37:36 +00:00
|
|
|
#include "svnversion.h"
|
|
|
|
|
|
2012-10-15 08:40:43 +00:00
|
|
|
#include "ringbuffer.h" /* For RINGBUFFER_MAX_NUM_FILES */
|
|
|
|
|
|
1999-12-04 12:53:52 +00:00
|
|
|
/*
|
|
|
|
|
* Some globals so we can pass things to various routines
|
|
|
|
|
*/
|
|
|
|
|
|
2000-01-17 08:06:03 +00:00
|
|
|
struct select_item {
|
|
|
|
|
|
|
|
|
|
int inclusive;
|
|
|
|
|
int first, second;
|
|
|
|
|
|
2002-03-14 04:32:35 +00:00
|
|
|
};
|
2000-01-17 08:06:03 +00:00
|
|
|
|
2006-07-27 17:53:29 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Duplicate frame detection
|
|
|
|
|
*/
|
|
|
|
|
typedef struct _fd_hash_t {
|
|
|
|
|
md5_byte_t digest[16];
|
|
|
|
|
guint32 len;
|
2009-04-17 15:21:46 +00:00
|
|
|
nstime_t time;
|
2006-07-27 17:53:29 +00:00
|
|
|
} fd_hash_t;
|
|
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
#define DEFAULT_DUP_DEPTH 5 /* Used with -d */
|
|
|
|
|
#define MAX_DUP_DEPTH 1000000 /* the maximum window (and actual size of fd_hash[]) for de-duplication */
|
|
|
|
|
|
|
|
|
|
fd_hash_t fd_hash[MAX_DUP_DEPTH];
|
|
|
|
|
int dup_window = DEFAULT_DUP_DEPTH;
|
|
|
|
|
int cur_dup_entry = 0;
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2001-07-12 08:16:45 +00:00
|
|
|
#define ONE_MILLION 1000000
|
2009-04-17 15:21:46 +00:00
|
|
|
#define ONE_BILLION 1000000000
|
2001-07-12 08:16:45 +00:00
|
|
|
|
2005-04-10 23:12:48 +00:00
|
|
|
/* Weights of different errors we can introduce */
|
|
|
|
|
/* We should probably make these command-line arguments */
|
|
|
|
|
/* XXX - Should we add a bit-level error? */
|
2005-05-30 16:49:47 +00:00
|
|
|
#define ERR_WT_BIT 5 /* Flip a random bit */
|
2005-04-10 23:12:48 +00:00
|
|
|
#define ERR_WT_BYTE 5 /* Substitute a random byte */
|
|
|
|
|
#define ERR_WT_ALNUM 5 /* Substitute a random character in [A-Za-z0-9] */
|
|
|
|
|
#define ERR_WT_FMT 2 /* Substitute "%s" */
|
|
|
|
|
#define ERR_WT_AA 1 /* Fill the remainder of the buffer with 0xAA */
|
2005-05-30 16:49:47 +00:00
|
|
|
#define ERR_WT_TOTAL (ERR_WT_BIT + ERR_WT_BYTE + ERR_WT_ALNUM + ERR_WT_FMT + ERR_WT_AA)
|
2005-04-10 23:12:48 +00:00
|
|
|
|
|
|
|
|
#define ALNUM_CHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
|
|
|
|
|
#define ALNUM_LEN (sizeof(ALNUM_CHARS) - 1)
|
|
|
|
|
|
|
|
|
|
|
2001-07-12 08:16:45 +00:00
|
|
|
struct time_adjustment {
|
|
|
|
|
struct timeval tv;
|
|
|
|
|
int is_negative;
|
|
|
|
|
};
|
|
|
|
|
|
2007-06-20 20:02:52 +00:00
|
|
|
#define MAX_SELECTIONS 512
|
|
|
|
|
static struct select_item selectfrm[MAX_SELECTIONS];
|
2002-06-30 20:28:54 +00:00
|
|
|
static int max_selected = -1;
|
1999-12-04 12:53:52 +00:00
|
|
|
static int keep_em = 0;
|
2011-06-20 23:31:26 +00:00
|
|
|
#ifdef PCAP_NG_DEFAULT
|
|
|
|
|
static int out_file_type = WTAP_FILE_PCAPNG; /* default to pcapng */
|
|
|
|
|
#else
|
|
|
|
|
static int out_file_type = WTAP_FILE_PCAP; /* default to pcap */
|
|
|
|
|
#endif
|
1999-12-12 21:04:29 +00:00
|
|
|
static int out_frame_type = -2; /* Leave frame type alone */
|
|
|
|
|
static int verbose = 0; /* Not so verbose */
|
2001-07-12 08:16:45 +00:00
|
|
|
static struct time_adjustment time_adj = {{0, 0}, 0}; /* no adjustment */
|
2009-04-17 15:21:46 +00:00
|
|
|
static nstime_t relative_time_window = {0, 0}; /* de-dup time window */
|
2005-04-10 23:12:48 +00:00
|
|
|
static double err_prob = 0.0;
|
2006-03-15 20:52:37 +00:00
|
|
|
static time_t starttime = 0;
|
2006-03-16 19:45:02 +00:00
|
|
|
static time_t stoptime = 0;
|
2006-03-13 22:20:07 +00:00
|
|
|
static gboolean check_startstop = FALSE;
|
2006-07-27 17:53:29 +00:00
|
|
|
static gboolean dup_detect = FALSE;
|
2009-04-17 15:21:46 +00:00
|
|
|
static gboolean dup_detect_by_time = FALSE;
|
1999-12-04 12:53:52 +00:00
|
|
|
|
2010-06-02 00:30:25 +00:00
|
|
|
static int do_strict_time_adjustment = FALSE;
|
|
|
|
|
static struct time_adjustment strict_time_adj = {{0, 0}, 0}; /* strict time adjustment */
|
|
|
|
|
static nstime_t previous_time = {0, 0}; /* previous time */
|
|
|
|
|
|
2008-02-20 14:13:15 +00:00
|
|
|
static int find_dct2000_real_data(guint8 *buf);
|
|
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
static gchar *
|
|
|
|
|
abs_time_to_str_with_sec_resolution(const struct wtap_nstime *abs_time)
|
|
|
|
|
{
|
|
|
|
|
struct tm *tmp;
|
2013-03-05 22:15:20 +00:00
|
|
|
gchar *buf = (gchar *)g_malloc(16);
|
2010-05-28 20:19:55 +00:00
|
|
|
|
2013-01-04 14:56:27 +00:00
|
|
|
#if (defined _WIN32) && (_MSC_VER < 1500)
|
2009-05-23 07:59:23 +00:00
|
|
|
/* calling localtime() on MSVC 2005 with huge values causes it to crash */
|
|
|
|
|
/* XXX - find the exact value that still does work */
|
|
|
|
|
/* XXX - using _USE_32BIT_TIME_T might be another way to circumvent this problem */
|
|
|
|
|
if(abs_time->secs > 2000000000) {
|
|
|
|
|
tmp = NULL;
|
|
|
|
|
} else
|
|
|
|
|
#endif
|
|
|
|
|
tmp = localtime(&abs_time->secs);
|
|
|
|
|
if (tmp) {
|
|
|
|
|
g_snprintf(buf, 16, "%d%02d%02d%02d%02d%02d",
|
|
|
|
|
tmp->tm_year + 1900,
|
|
|
|
|
tmp->tm_mon+1,
|
|
|
|
|
tmp->tm_mday,
|
|
|
|
|
tmp->tm_hour,
|
|
|
|
|
tmp->tm_min,
|
|
|
|
|
tmp->tm_sec);
|
|
|
|
|
} else
|
2011-04-12 18:43:44 +00:00
|
|
|
buf[0] = '\0';
|
2009-05-23 07:59:23 +00:00
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static gchar*
|
2010-05-28 20:19:55 +00:00
|
|
|
fileset_get_filename_by_pattern(guint idx, const struct wtap_nstime *time_val,
|
2010-11-01 14:33:14 +00:00
|
|
|
gchar *fprefix, gchar *fsuffix)
|
2009-05-23 07:59:23 +00:00
|
|
|
{
|
|
|
|
|
gchar filenum[5+1];
|
|
|
|
|
gchar *timestr;
|
|
|
|
|
gchar *abs_str;
|
|
|
|
|
|
2010-01-29 16:09:25 +00:00
|
|
|
timestr = abs_time_to_str_with_sec_resolution(time_val);
|
2012-10-15 08:40:43 +00:00
|
|
|
g_snprintf(filenum, sizeof(filenum), "%05u", idx % RINGBUFFER_MAX_NUM_FILES);
|
2009-05-23 07:59:23 +00:00
|
|
|
abs_str = g_strconcat(fprefix, "_", filenum, "_", timestr, fsuffix, NULL);
|
|
|
|
|
g_free(timestr);
|
|
|
|
|
|
|
|
|
|
return abs_str;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
|
fileset_extract_prefix_suffix(const char *fname, gchar **fprefix, gchar **fsuffix)
|
|
|
|
|
{
|
|
|
|
|
char *pfx, *last_pathsep;
|
|
|
|
|
gchar *save_file;
|
|
|
|
|
|
|
|
|
|
save_file = g_strdup(fname);
|
2009-05-23 20:29:12 +00:00
|
|
|
if (save_file == NULL) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Out of memory\n");
|
2009-05-23 20:29:12 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
2009-05-23 07:59:23 +00:00
|
|
|
|
|
|
|
|
last_pathsep = strrchr(save_file, G_DIR_SEPARATOR);
|
|
|
|
|
pfx = strrchr(save_file,'.');
|
|
|
|
|
if (pfx != NULL && (last_pathsep == NULL || pfx > last_pathsep)) {
|
|
|
|
|
/* The pathname has a "." in it, and it's in the last component
|
|
|
|
|
of the pathname (because there is either only one component,
|
|
|
|
|
i.e. last_pathsep is null as there are no path separators,
|
|
|
|
|
or the "." is after the path separator before the last
|
|
|
|
|
component.
|
|
|
|
|
|
|
|
|
|
Treat it as a separator between the rest of the file name and
|
|
|
|
|
the file name suffix, and arrange that the names given to the
|
|
|
|
|
ring buffer files have the specified suffix, i.e. put the
|
|
|
|
|
changing part of the name *before* the suffix. */
|
|
|
|
|
pfx[0] = '\0';
|
|
|
|
|
*fprefix = g_strdup(save_file);
|
|
|
|
|
pfx[0] = '.'; /* restore capfile_name */
|
|
|
|
|
*fsuffix = g_strdup(pfx);
|
|
|
|
|
} else {
|
|
|
|
|
/* Either there's no "." in the pathname, or it's in a directory
|
|
|
|
|
component, so the last component has no suffix. */
|
|
|
|
|
*fprefix = g_strdup(save_file);
|
|
|
|
|
*fsuffix = NULL;
|
|
|
|
|
}
|
|
|
|
|
g_free(save_file);
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2000-01-17 08:06:03 +00:00
|
|
|
/* Add a selection item, a simple parser for now */
|
2007-06-20 20:02:52 +00:00
|
|
|
static gboolean
|
|
|
|
|
add_selection(char *sel)
|
2000-01-17 08:06:03 +00:00
|
|
|
{
|
|
|
|
|
char *locn;
|
|
|
|
|
char *next;
|
|
|
|
|
|
2007-06-20 20:02:52 +00:00
|
|
|
if (++max_selected >= MAX_SELECTIONS) {
|
|
|
|
|
/* Let the user know we stopped selecting */
|
2012-02-24 05:17:46 +00:00
|
|
|
printf("Out of room for packet selections!\n");
|
2007-06-20 20:02:52 +00:00
|
|
|
return(FALSE);
|
|
|
|
|
}
|
2000-01-17 08:06:03 +00:00
|
|
|
|
2012-02-24 05:17:46 +00:00
|
|
|
printf("Add_Selected: %s\n", sel);
|
2000-01-17 08:06:03 +00:00
|
|
|
|
2000-01-17 20:21:40 +00:00
|
|
|
if ((locn = strchr(sel, '-')) == NULL) { /* No dash, so a single number? */
|
2000-01-17 08:06:03 +00:00
|
|
|
|
2012-02-24 05:17:46 +00:00
|
|
|
printf("Not inclusive ...");
|
2000-01-17 08:06:03 +00:00
|
|
|
|
|
|
|
|
selectfrm[max_selected].inclusive = 0;
|
|
|
|
|
selectfrm[max_selected].first = atoi(sel);
|
|
|
|
|
|
2012-02-24 05:17:46 +00:00
|
|
|
printf(" %i\n", selectfrm[max_selected].first);
|
2000-01-17 08:06:03 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
|
2012-02-24 05:17:46 +00:00
|
|
|
printf("Inclusive ...");
|
2000-01-17 08:06:03 +00:00
|
|
|
|
|
|
|
|
next = locn + 1;
|
|
|
|
|
selectfrm[max_selected].inclusive = 1;
|
|
|
|
|
selectfrm[max_selected].first = atoi(sel);
|
|
|
|
|
selectfrm[max_selected].second = atoi(next);
|
|
|
|
|
|
2012-02-24 05:17:46 +00:00
|
|
|
printf(" %i, %i\n", selectfrm[max_selected].first, selectfrm[max_selected].second);
|
2000-01-17 08:06:03 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2007-06-20 20:02:52 +00:00
|
|
|
return(TRUE);
|
2000-01-17 08:06:03 +00:00
|
|
|
}
|
|
|
|
|
|
2006-01-09 21:14:32 +00:00
|
|
|
/* Was the packet selected? */
|
1999-12-04 12:53:52 +00:00
|
|
|
|
2007-06-20 20:02:52 +00:00
|
|
|
static int
|
|
|
|
|
selected(int recno)
|
1999-12-04 12:53:52 +00:00
|
|
|
{
|
|
|
|
|
int i = 0;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i<= max_selected; i++) {
|
|
|
|
|
|
2000-01-17 08:06:03 +00:00
|
|
|
if (selectfrm[i].inclusive) {
|
|
|
|
|
if (selectfrm[i].first <= recno && selectfrm[i].second >= recno)
|
2008-02-20 14:13:15 +00:00
|
|
|
return 1;
|
2000-01-17 08:06:03 +00:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if (recno == selectfrm[i].first)
|
2008-02-20 14:13:15 +00:00
|
|
|
return 1;
|
2000-01-17 08:06:03 +00:00
|
|
|
}
|
1999-12-04 12:53:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2006-03-13 22:20:07 +00:00
|
|
|
/* is the packet in the selected timeframe */
|
2007-09-30 22:13:38 +00:00
|
|
|
static gboolean
|
|
|
|
|
check_timestamp(wtap *wth)
|
|
|
|
|
{
|
|
|
|
|
struct wtap_pkthdr* pkthdr = wtap_phdr(wth);
|
|
|
|
|
|
2010-11-16 20:22:20 +00:00
|
|
|
return ( pkthdr->ts.secs >= starttime ) && ( pkthdr->ts.secs < stoptime );
|
2006-03-13 22:20:07 +00:00
|
|
|
}
|
|
|
|
|
|
2001-07-12 08:16:45 +00:00
|
|
|
static void
|
2010-01-29 16:09:25 +00:00
|
|
|
set_time_adjustment(char *optarg_str_p)
|
2001-07-12 08:16:45 +00:00
|
|
|
{
|
|
|
|
|
char *frac, *end;
|
|
|
|
|
long val;
|
2009-04-16 04:05:39 +00:00
|
|
|
size_t frac_digits;
|
2001-07-12 08:16:45 +00:00
|
|
|
|
2010-01-29 16:09:25 +00:00
|
|
|
if (!optarg_str_p)
|
2001-07-12 08:16:45 +00:00
|
|
|
return;
|
|
|
|
|
|
2001-07-13 07:55:13 +00:00
|
|
|
/* skip leading whitespace */
|
2010-01-29 16:09:25 +00:00
|
|
|
while (*optarg_str_p == ' ' || *optarg_str_p == '\t') {
|
|
|
|
|
optarg_str_p++;
|
2001-07-12 08:16:45 +00:00
|
|
|
}
|
2001-07-13 07:55:13 +00:00
|
|
|
|
|
|
|
|
/* check for a negative adjustment */
|
2010-01-29 16:09:25 +00:00
|
|
|
if (*optarg_str_p == '-') {
|
2001-07-13 07:55:13 +00:00
|
|
|
time_adj.is_negative = 1;
|
2010-01-29 16:09:25 +00:00
|
|
|
optarg_str_p++;
|
2001-07-13 07:55:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* collect whole number of seconds, if any */
|
2010-01-29 16:09:25 +00:00
|
|
|
if (*optarg_str_p == '.') { /* only fractional (i.e., .5 is ok) */
|
2001-07-13 07:55:13 +00:00
|
|
|
val = 0;
|
2010-01-29 16:09:25 +00:00
|
|
|
frac = optarg_str_p;
|
2001-07-13 07:55:13 +00:00
|
|
|
} else {
|
2010-01-29 16:09:25 +00:00
|
|
|
val = strtol(optarg_str_p, &frac, 10);
|
|
|
|
|
if (frac == NULL || frac == optarg_str_p || val == LONG_MIN || val == LONG_MAX) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
|
2010-01-29 16:09:25 +00:00
|
|
|
optarg_str_p);
|
2001-07-13 07:55:13 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (val < 0) { /* implies '--' since we caught '-' above */
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
|
2010-01-29 16:09:25 +00:00
|
|
|
optarg_str_p);
|
2001-07-13 07:55:13 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
2001-07-12 08:16:45 +00:00
|
|
|
}
|
|
|
|
|
time_adj.tv.tv_sec = val;
|
|
|
|
|
|
|
|
|
|
/* now collect the partial seconds, if any */
|
2001-07-13 07:55:13 +00:00
|
|
|
if (*frac != '\0') { /* chars left, so get fractional part */
|
2001-07-12 08:16:45 +00:00
|
|
|
val = strtol(&(frac[1]), &end, 10);
|
2009-10-25 20:18:24 +00:00
|
|
|
/* if more than 6 fractional digits truncate to 6 */
|
|
|
|
|
if((end - &(frac[1])) > 6) {
|
|
|
|
|
frac[7] = 't'; /* 't' for truncate */
|
|
|
|
|
val = strtol(&(frac[1]), &end, 10);
|
|
|
|
|
}
|
2001-07-12 08:16:45 +00:00
|
|
|
if (*frac != '.' || end == NULL || end == frac
|
|
|
|
|
|| val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
|
2010-01-29 16:09:25 +00:00
|
|
|
optarg_str_p);
|
2001-07-12 08:16:45 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return; /* no fractional digits */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* adjust fractional portion from fractional to numerator
|
|
|
|
|
* e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
|
|
|
|
|
if (frac && end) { /* both are valid */
|
|
|
|
|
frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
|
|
|
|
|
while(frac_digits < 6) { /* this is frac of 10^6 */
|
|
|
|
|
val *= 10;
|
|
|
|
|
frac_digits++;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-12-26 05:57:06 +00:00
|
|
|
time_adj.tv.tv_usec = (int)val;
|
2001-07-12 08:16:45 +00:00
|
|
|
}
|
|
|
|
|
|
2010-06-02 00:30:25 +00:00
|
|
|
static void
|
2010-06-03 19:14:18 +00:00
|
|
|
set_strict_time_adj(char *optarg_str_p)
|
2010-06-02 00:30:25 +00:00
|
|
|
{
|
|
|
|
|
char *frac, *end;
|
|
|
|
|
long val;
|
|
|
|
|
size_t frac_digits;
|
|
|
|
|
|
2010-06-03 19:14:18 +00:00
|
|
|
if (!optarg_str_p)
|
2010-06-02 00:30:25 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* skip leading whitespace */
|
2010-06-03 19:14:18 +00:00
|
|
|
while (*optarg_str_p == ' ' || *optarg_str_p == '\t') {
|
|
|
|
|
optarg_str_p++;
|
2010-06-02 00:30:25 +00:00
|
|
|
}
|
|
|
|
|
|
2010-09-16 19:20:06 +00:00
|
|
|
/*
|
|
|
|
|
* check for a negative adjustment
|
|
|
|
|
* A negative strict adjustment value is a flag
|
2010-06-02 00:30:25 +00:00
|
|
|
* to adjust all frames by the specifed delta time.
|
|
|
|
|
*/
|
2010-06-03 19:14:18 +00:00
|
|
|
if (*optarg_str_p == '-') {
|
2010-06-02 00:30:25 +00:00
|
|
|
strict_time_adj.is_negative = 1;
|
2010-06-03 19:14:18 +00:00
|
|
|
optarg_str_p++;
|
2010-06-02 00:30:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* collect whole number of seconds, if any */
|
2010-06-03 19:14:18 +00:00
|
|
|
if (*optarg_str_p == '.') { /* only fractional (i.e., .5 is ok) */
|
2010-06-02 00:30:25 +00:00
|
|
|
val = 0;
|
2010-06-03 19:14:18 +00:00
|
|
|
frac = optarg_str_p;
|
2010-06-02 00:30:25 +00:00
|
|
|
} else {
|
2010-06-03 19:14:18 +00:00
|
|
|
val = strtol(optarg_str_p, &frac, 10);
|
|
|
|
|
if (frac == NULL || frac == optarg_str_p || val == LONG_MIN || val == LONG_MAX) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
|
2010-06-03 19:14:18 +00:00
|
|
|
optarg_str_p);
|
2010-06-02 00:30:25 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (val < 0) { /* implies '--' since we caught '-' above */
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
|
2010-06-03 19:14:18 +00:00
|
|
|
optarg_str_p);
|
2010-06-02 00:30:25 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
strict_time_adj.tv.tv_sec = val;
|
|
|
|
|
|
|
|
|
|
/* now collect the partial seconds, if any */
|
|
|
|
|
if (*frac != '\0') { /* chars left, so get fractional part */
|
|
|
|
|
val = strtol(&(frac[1]), &end, 10);
|
|
|
|
|
/* if more than 6 fractional digits truncate to 6 */
|
|
|
|
|
if((end - &(frac[1])) > 6) {
|
|
|
|
|
frac[7] = 't'; /* 't' for truncate */
|
|
|
|
|
val = strtol(&(frac[1]), &end, 10);
|
|
|
|
|
}
|
|
|
|
|
if (*frac != '.' || end == NULL || end == frac
|
|
|
|
|
|| val < 0 || val > ONE_MILLION || val == LONG_MIN || val == LONG_MAX) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time adjustment\n",
|
2010-06-03 19:14:18 +00:00
|
|
|
optarg_str_p);
|
2010-06-02 00:30:25 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return; /* no fractional digits */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* adjust fractional portion from fractional to numerator
|
|
|
|
|
* e.g., in "1.5" from 5 to 500000 since .5*10^6 = 500000 */
|
|
|
|
|
if (frac && end) { /* both are valid */
|
|
|
|
|
frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
|
|
|
|
|
while(frac_digits < 6) { /* this is frac of 10^6 */
|
|
|
|
|
val *= 10;
|
|
|
|
|
frac_digits++;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-12-26 05:57:06 +00:00
|
|
|
strict_time_adj.tv.tv_usec = (int)val;
|
2010-06-02 00:30:25 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
static void
|
2010-01-29 16:09:25 +00:00
|
|
|
set_rel_time(char *optarg_str_p)
|
2009-04-17 15:21:46 +00:00
|
|
|
{
|
|
|
|
|
char *frac, *end;
|
|
|
|
|
long val;
|
2009-04-17 16:21:33 +00:00
|
|
|
size_t frac_digits;
|
2009-04-17 15:21:46 +00:00
|
|
|
|
2010-01-29 16:09:25 +00:00
|
|
|
if (!optarg_str_p)
|
2009-04-17 15:21:46 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* skip leading whitespace */
|
2010-01-29 16:09:25 +00:00
|
|
|
while (*optarg_str_p == ' ' || *optarg_str_p == '\t') {
|
|
|
|
|
optarg_str_p++;
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ignore negative adjustment */
|
2010-01-29 16:09:25 +00:00
|
|
|
if (*optarg_str_p == '-') {
|
|
|
|
|
optarg_str_p++;
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* collect whole number of seconds, if any */
|
2010-01-29 16:09:25 +00:00
|
|
|
if (*optarg_str_p == '.') { /* only fractional (i.e., .5 is ok) */
|
2009-04-17 15:21:46 +00:00
|
|
|
val = 0;
|
2010-01-29 16:09:25 +00:00
|
|
|
frac = optarg_str_p;
|
2009-04-17 15:21:46 +00:00
|
|
|
} else {
|
2010-01-29 16:09:25 +00:00
|
|
|
val = strtol(optarg_str_p, &frac, 10);
|
|
|
|
|
if (frac == NULL || frac == optarg_str_p || val == LONG_MIN || val == LONG_MAX) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "1: editcap: \"%s\" isn't a valid rel time value\n",
|
2010-01-29 16:09:25 +00:00
|
|
|
optarg_str_p);
|
2009-04-17 15:21:46 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (val < 0) { /* implies '--' since we caught '-' above */
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "2: editcap: \"%s\" isn't a valid rel time value\n",
|
2010-01-29 16:09:25 +00:00
|
|
|
optarg_str_p);
|
2009-04-17 15:21:46 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
relative_time_window.secs = val;
|
|
|
|
|
|
|
|
|
|
/* now collect the partial seconds, if any */
|
|
|
|
|
if (*frac != '\0') { /* chars left, so get fractional part */
|
|
|
|
|
val = strtol(&(frac[1]), &end, 10);
|
2009-10-25 20:18:24 +00:00
|
|
|
/* if more than 9 fractional digits truncate to 9 */
|
|
|
|
|
if((end - &(frac[1])) > 9) {
|
|
|
|
|
frac[10] = 't'; /* 't' for truncate */
|
|
|
|
|
val = strtol(&(frac[1]), &end, 10);
|
|
|
|
|
}
|
2009-04-17 15:21:46 +00:00
|
|
|
if (*frac != '.' || end == NULL || end == frac
|
|
|
|
|
|| val < 0 || val > ONE_BILLION || val == LONG_MIN || val == LONG_MAX) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "3: editcap: \"%s\" isn't a valid rel time value\n",
|
2010-01-29 16:09:25 +00:00
|
|
|
optarg_str_p);
|
2009-04-17 15:21:46 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return; /* no fractional digits */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* adjust fractional portion from fractional to numerator
|
|
|
|
|
* e.g., in "1.5" from 5 to 500000000 since .5*10^9 = 500000000 */
|
|
|
|
|
if (frac && end) { /* both are valid */
|
|
|
|
|
frac_digits = end - frac - 1; /* fractional digit count (remember '.') */
|
|
|
|
|
while(frac_digits < 9) { /* this is frac of 10^9 */
|
|
|
|
|
val *= 10;
|
|
|
|
|
frac_digits++;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-12-26 05:57:06 +00:00
|
|
|
relative_time_window.nsecs = (int)val;
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
|
|
|
|
|
2006-07-27 17:53:29 +00:00
|
|
|
static gboolean
|
|
|
|
|
is_duplicate(guint8* fd, guint32 len) {
|
|
|
|
|
int i;
|
|
|
|
|
md5_state_t ms;
|
|
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
cur_dup_entry++;
|
|
|
|
|
if (cur_dup_entry >= dup_window)
|
|
|
|
|
cur_dup_entry = 0;
|
2006-07-27 17:53:29 +00:00
|
|
|
|
|
|
|
|
/* Calculate our digest */
|
|
|
|
|
md5_init(&ms);
|
|
|
|
|
md5_append(&ms, fd, len);
|
2009-04-17 15:21:46 +00:00
|
|
|
md5_finish(&ms, fd_hash[cur_dup_entry].digest);
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
fd_hash[cur_dup_entry].len = len;
|
2006-07-27 17:53:29 +00:00
|
|
|
|
|
|
|
|
/* Look for duplicates */
|
2009-04-17 15:21:46 +00:00
|
|
|
for (i = 0; i < dup_window; i++) {
|
|
|
|
|
if (i == cur_dup_entry)
|
2006-07-27 17:53:29 +00:00
|
|
|
continue;
|
|
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
if (fd_hash[i].len == fd_hash[cur_dup_entry].len &&
|
|
|
|
|
memcmp(fd_hash[i].digest, fd_hash[cur_dup_entry].digest, 16) == 0) {
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static gboolean
|
|
|
|
|
is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) {
|
|
|
|
|
int i;
|
|
|
|
|
md5_state_t ms;
|
|
|
|
|
|
|
|
|
|
cur_dup_entry++;
|
|
|
|
|
if (cur_dup_entry >= dup_window)
|
|
|
|
|
cur_dup_entry = 0;
|
|
|
|
|
|
|
|
|
|
/* Calculate our digest */
|
|
|
|
|
md5_init(&ms);
|
|
|
|
|
md5_append(&ms, fd, len);
|
|
|
|
|
md5_finish(&ms, fd_hash[cur_dup_entry].digest);
|
|
|
|
|
|
|
|
|
|
fd_hash[cur_dup_entry].len = len;
|
|
|
|
|
fd_hash[cur_dup_entry].time.secs = current->secs;
|
|
|
|
|
fd_hash[cur_dup_entry].time.nsecs = current->nsecs;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Look for relative time related duplicates.
|
|
|
|
|
* This is hopefully a reasonably efficient mechanism for
|
|
|
|
|
* finding duplicates by rel time in the fd_hash[] cache.
|
|
|
|
|
* We check starting from the most recently added hash
|
|
|
|
|
* entries and work backwards towards older packets.
|
|
|
|
|
* This approach allows the dup test to be terminated
|
|
|
|
|
* when the relative time of a cached entry is found to
|
|
|
|
|
* be beyond the dup time window.
|
|
|
|
|
*
|
|
|
|
|
* Of course this assumes that the input trace file is
|
|
|
|
|
* "well-formed" in the sense that the packet timestamps are
|
|
|
|
|
* in strict chronologically increasing order (which is NOT
|
|
|
|
|
* always the case!!).
|
|
|
|
|
*
|
|
|
|
|
* The fd_hash[] table was deliberatly created large (1,000,000).
|
|
|
|
|
* Looking for time related duplicates in large trace files with
|
|
|
|
|
* non-fractional dup time window values can potentially take
|
|
|
|
|
* a long time to complete.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
for (i = cur_dup_entry - 1;; i--) {
|
|
|
|
|
nstime_t delta;
|
|
|
|
|
int cmp;
|
|
|
|
|
|
|
|
|
|
if (i < 0) {
|
|
|
|
|
i = dup_window - 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (i == cur_dup_entry) {
|
|
|
|
|
/*
|
|
|
|
|
* We've decremented back to where we started.
|
|
|
|
|
* Check no more!
|
|
|
|
|
*/
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (nstime_is_unset(&(fd_hash[i].time))) {
|
|
|
|
|
/*
|
|
|
|
|
* We've decremented to an unused fd_hash[] entry.
|
|
|
|
|
* Check no more!
|
|
|
|
|
*/
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nstime_delta(&delta, current, &fd_hash[i].time);
|
|
|
|
|
|
|
|
|
|
if(delta.secs < 0 || delta.nsecs < 0)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* A negative delta implies that the current packet
|
|
|
|
|
* has an absolute timestamp less than the cached packet
|
|
|
|
|
* that it is being compared to. This is NOT a normal
|
|
|
|
|
* situation since trace files usually have packets in
|
|
|
|
|
* chronological order (oldest to newest).
|
|
|
|
|
*
|
|
|
|
|
* There are several possible ways to deal with this:
|
|
|
|
|
* 1. 'continue' dup checking with the next cached frame.
|
|
|
|
|
* 2. 'break' from looking for a duplicate of the current frame.
|
|
|
|
|
* 3. Take the absolute value of the delta and see if that
|
|
|
|
|
* falls within the specifed dup time window.
|
|
|
|
|
*
|
|
|
|
|
* Currently this code does option 1. But it would pretty
|
|
|
|
|
* easy to add yet-another-editcap-option to select one of
|
|
|
|
|
* the other behaviors for dealing with out-of-sequence
|
|
|
|
|
* packets.
|
|
|
|
|
*/
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmp = nstime_cmp(&delta, &relative_time_window);
|
|
|
|
|
|
|
|
|
|
if(cmp > 0) {
|
|
|
|
|
/*
|
|
|
|
|
* The delta time indicates that we are now looking at
|
|
|
|
|
* cached packets beyond the specified dup time window.
|
|
|
|
|
* Check no more!
|
|
|
|
|
*/
|
|
|
|
|
break;
|
|
|
|
|
} else if (fd_hash[i].len == fd_hash[cur_dup_entry].len &&
|
|
|
|
|
memcmp(fd_hash[i].digest, fd_hash[cur_dup_entry].digest, 16) == 0) {
|
2006-07-27 17:53:29 +00:00
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2008-03-16 00:32:12 +00:00
|
|
|
static void
|
2009-12-29 21:04:40 +00:00
|
|
|
usage(gboolean is_error)
|
1999-12-04 12:53:52 +00:00
|
|
|
{
|
2009-12-29 21:04:40 +00:00
|
|
|
FILE *output;
|
|
|
|
|
|
|
|
|
|
if (!is_error)
|
|
|
|
|
output = stdout;
|
|
|
|
|
else
|
|
|
|
|
output = stderr;
|
|
|
|
|
|
|
|
|
|
fprintf(output, "Editcap %s"
|
2006-01-10 21:37:36 +00:00
|
|
|
#ifdef SVNVERSION
|
2011-05-31 15:31:34 +00:00
|
|
|
" (" SVNVERSION " from " SVNPATH ")"
|
2006-01-10 21:37:36 +00:00
|
|
|
#endif
|
2011-05-31 15:31:34 +00:00
|
|
|
"\n", VERSION);
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(output, "Edit and/or translate the format of capture files.\n");
|
|
|
|
|
fprintf(output, "See http://www.wireshark.org for more information.\n");
|
|
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, "Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]\n");
|
|
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, "<infile> and <outfile> must both be present.\n");
|
|
|
|
|
fprintf(output, "A single packet or a range of packets can be selected.\n");
|
|
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, "Packet selection:\n");
|
|
|
|
|
fprintf(output, " -r keep the selected packets; default is to delete them.\n");
|
|
|
|
|
fprintf(output, " -A <start time> only output packets whose timestamp is after (or equal\n");
|
|
|
|
|
fprintf(output, " to) the given time (format as YYYY-MM-DD hh:mm:ss).\n");
|
|
|
|
|
fprintf(output, " -B <stop time> only output packets whose timestamp is before the\n");
|
|
|
|
|
fprintf(output, " given time (format as YYYY-MM-DD hh:mm:ss).\n");
|
|
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, "Duplicate packet removal:\n");
|
|
|
|
|
fprintf(output, " -d remove packet if duplicate (window == %d).\n", DEFAULT_DUP_DEPTH);
|
|
|
|
|
fprintf(output, " -D <dup window> remove packet if duplicate; configurable <dup window>\n");
|
|
|
|
|
fprintf(output, " Valid <dup window> values are 0 to %d.\n", MAX_DUP_DEPTH);
|
|
|
|
|
fprintf(output, " NOTE: A <dup window> of 0 with -v (verbose option) is\n");
|
|
|
|
|
fprintf(output, " useful to print MD5 hashes.\n");
|
|
|
|
|
fprintf(output, " -w <dup time window> remove packet if duplicate packet is found EQUAL TO OR\n");
|
|
|
|
|
fprintf(output, " LESS THAN <dup time window> prior to current packet.\n");
|
|
|
|
|
fprintf(output, " A <dup time window> is specified in relative seconds\n");
|
|
|
|
|
fprintf(output, " (e.g. 0.000001).\n");
|
|
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, " NOTE: The use of the 'Duplicate packet removal' options with\n");
|
|
|
|
|
fprintf(output, " other editcap options except -v may not always work as expected.\n");
|
|
|
|
|
fprintf(output, " Specifically the -r, -t or -S options will very likely NOT have the\n");
|
|
|
|
|
fprintf(output, " desired effect if combined with the -d, -D or -w.\n");
|
|
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, "Packet manipulation:\n");
|
|
|
|
|
fprintf(output, " -s <snaplen> truncate each packet to max. <snaplen> bytes of data.\n");
|
2013-09-08 20:29:26 +00:00
|
|
|
fprintf(output, " -C [offset:]<choplen> chop each packet by <choplen> bytes. Positive values\n");
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(output, " chop at the packet beginning, negative values at the\n");
|
2013-09-08 20:29:26 +00:00
|
|
|
fprintf(output, " packet end. If an optional offset precedes the length,\n");
|
|
|
|
|
fprintf(output, " then the bytes chopped will be offset from that value.\n");
|
2013-09-09 01:04:13 +00:00
|
|
|
fprintf(output, " Positive offsets are from the packet beginning,\n");
|
|
|
|
|
fprintf(output, " negative offsets are from the packet end. You can use\n");
|
|
|
|
|
fprintf(output, " this option more than once.\n");
|
2013-07-10 20:02:45 +00:00
|
|
|
fprintf(output, " -L adjust the frame length when chopping and/or snapping\n");
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(output, " -t <time adjustment> adjust the timestamp of each packet;\n");
|
|
|
|
|
fprintf(output, " <time adjustment> is in relative seconds (e.g. -0.5).\n");
|
|
|
|
|
fprintf(output, " -S <strict adjustment> adjust timestamp of packets if necessary to insure\n");
|
|
|
|
|
fprintf(output, " strict chronological increasing order. The <strict\n");
|
|
|
|
|
fprintf(output, " adjustment> is specified in relative seconds with\n");
|
|
|
|
|
fprintf(output, " values of 0 or 0.000001 being the most reasonable.\n");
|
|
|
|
|
fprintf(output, " A negative adjustment value will modify timestamps so\n");
|
|
|
|
|
fprintf(output, " that each packet's delta time is the absolute value\n");
|
|
|
|
|
fprintf(output, " of the adjustment specified. A value of -0 will set\n");
|
|
|
|
|
fprintf(output, " all packets to the timestamp of the first packet.\n");
|
2013-07-12 17:14:19 +00:00
|
|
|
fprintf(output, " -E <error probability> set the probability (between 0.0 and 1.0 incl.) that\n");
|
|
|
|
|
fprintf(output, " a particular packet byte will be randomly changed.\n");
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, "Output File(s):\n");
|
2013-07-12 17:14:19 +00:00
|
|
|
fprintf(output, " -c <packets per file> split the packet output to different files based on\n");
|
|
|
|
|
fprintf(output, " uniform packet counts with a maximum of\n");
|
|
|
|
|
fprintf(output, " <packets per file> each.\n");
|
|
|
|
|
fprintf(output, " -i <seconds per file> split the packet output to different files based on\n");
|
|
|
|
|
fprintf(output, " uniform time intervals with a maximum of\n");
|
|
|
|
|
fprintf(output, " <seconds per file> each.\n");
|
|
|
|
|
fprintf(output, " -F <capture type> set the output file type; default is pcapng. An empty\n");
|
|
|
|
|
fprintf(output, " \"-F\" option will list the file types.\n");
|
|
|
|
|
fprintf(output, " -T <encap type> set the output file encapsulation type; default is the\n");
|
|
|
|
|
fprintf(output, " same as the input file. An empty \"-T\" option will\n");
|
|
|
|
|
fprintf(output, " list the encapsulation types.\n");
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(output, "\n");
|
|
|
|
|
fprintf(output, "Miscellaneous:\n");
|
|
|
|
|
fprintf(output, " -h display this help and exit.\n");
|
|
|
|
|
fprintf(output, " -v verbose output.\n");
|
|
|
|
|
fprintf(output, " If -v is used with any of the 'Duplicate Packet\n");
|
|
|
|
|
fprintf(output, " Removal' options (-d, -D or -w) then Packet lengths\n");
|
|
|
|
|
fprintf(output, " and MD5 hashes are printed to standard-out.\n");
|
|
|
|
|
fprintf(output, "\n");
|
2006-01-10 21:37:36 +00:00
|
|
|
}
|
|
|
|
|
|
2010-11-24 16:24:44 +00:00
|
|
|
struct string_elem {
|
|
|
|
|
const char *sstr; /* The short string */
|
|
|
|
|
const char *lstr; /* The long string */
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static gint
|
2010-11-24 17:10:48 +00:00
|
|
|
string_compare(gconstpointer a, gconstpointer b)
|
2010-11-24 16:24:44 +00:00
|
|
|
{
|
2011-06-15 19:23:58 +00:00
|
|
|
return strcmp(((const struct string_elem *)a)->sstr,
|
|
|
|
|
((const struct string_elem *)b)->sstr);
|
2011-05-24 00:07:56 +00:00
|
|
|
}
|
2010-11-24 16:24:44 +00:00
|
|
|
|
2013-07-10 16:18:37 +00:00
|
|
|
static gint
|
|
|
|
|
string_nat_compare(gconstpointer a, gconstpointer b)
|
|
|
|
|
{
|
|
|
|
|
return strnatcmp(((const struct string_elem *)a)->sstr,
|
|
|
|
|
((const struct string_elem *)b)->sstr);
|
|
|
|
|
}
|
|
|
|
|
|
2010-11-24 16:24:44 +00:00
|
|
|
static void
|
2010-11-24 17:10:48 +00:00
|
|
|
string_elem_print(gpointer data, gpointer not_used _U_)
|
2011-05-24 00:07:56 +00:00
|
|
|
{
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, " %s - %s\n",
|
2010-11-24 17:10:48 +00:00
|
|
|
((struct string_elem *)data)->sstr,
|
|
|
|
|
((struct string_elem *)data)->lstr);
|
2010-11-24 16:24:44 +00:00
|
|
|
}
|
|
|
|
|
|
2008-03-16 00:32:12 +00:00
|
|
|
static void
|
|
|
|
|
list_capture_types(void) {
|
2006-01-10 22:00:37 +00:00
|
|
|
int i;
|
2010-11-24 16:24:44 +00:00
|
|
|
struct string_elem *captypes;
|
|
|
|
|
GSList *list = NULL;
|
2006-01-10 21:37:36 +00:00
|
|
|
|
2013-03-05 22:15:20 +00:00
|
|
|
captypes = g_new(struct string_elem,WTAP_NUM_FILE_TYPES);
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: The available capture file types for the \"-F\" flag are:\n");
|
2006-01-10 21:37:36 +00:00
|
|
|
for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
|
2010-11-24 16:24:44 +00:00
|
|
|
if (wtap_dump_can_open(i)) {
|
|
|
|
|
captypes[i].sstr = wtap_file_type_short_string(i);
|
|
|
|
|
captypes[i].lstr = wtap_file_type_string(i);
|
|
|
|
|
list = g_slist_insert_sorted(list, &captypes[i], string_compare);
|
|
|
|
|
}
|
2006-01-10 21:37:36 +00:00
|
|
|
}
|
2010-11-24 16:24:44 +00:00
|
|
|
g_slist_foreach(list, string_elem_print, NULL);
|
|
|
|
|
g_slist_free(list);
|
|
|
|
|
g_free(captypes);
|
2006-01-10 22:00:37 +00:00
|
|
|
}
|
|
|
|
|
|
2008-03-16 00:32:12 +00:00
|
|
|
static void
|
|
|
|
|
list_encap_types(void) {
|
2006-01-10 22:00:37 +00:00
|
|
|
int i;
|
2010-11-24 16:24:44 +00:00
|
|
|
struct string_elem *encaps;
|
|
|
|
|
GSList *list = NULL;
|
2006-01-10 22:00:37 +00:00
|
|
|
|
2013-03-20 01:18:10 +00:00
|
|
|
encaps = (struct string_elem *)g_malloc(sizeof(struct string_elem) * WTAP_NUM_ENCAP_TYPES);
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: The available encapsulation types for the \"-T\" flag are:\n");
|
2006-01-10 21:37:36 +00:00
|
|
|
for (i = 0; i < WTAP_NUM_ENCAP_TYPES; i++) {
|
2010-11-24 16:24:44 +00:00
|
|
|
encaps[i].sstr = wtap_encap_short_string(i);
|
|
|
|
|
if (encaps[i].sstr != NULL) {
|
|
|
|
|
encaps[i].lstr = wtap_encap_string(i);
|
2013-07-10 16:18:37 +00:00
|
|
|
list = g_slist_insert_sorted(list, &encaps[i], string_nat_compare);
|
2010-11-24 16:24:44 +00:00
|
|
|
}
|
2006-01-10 21:37:36 +00:00
|
|
|
}
|
2010-11-24 16:24:44 +00:00
|
|
|
g_slist_foreach(list, string_elem_print, NULL);
|
|
|
|
|
g_slist_free(list);
|
|
|
|
|
g_free(encaps);
|
1999-12-04 12:53:52 +00:00
|
|
|
}
|
|
|
|
|
|
2008-12-18 19:24:34 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2008-03-16 00:58:15 +00:00
|
|
|
/*
|
|
|
|
|
* Don't report failures to load plugins because most (non-wiretap) plugins
|
|
|
|
|
* *should* fail to load (because we're not linked against libwireshark and
|
|
|
|
|
* dissector plugins need libwireshark).
|
|
|
|
|
*/
|
2007-05-25 17:22:32 +00:00
|
|
|
static void
|
2008-03-16 00:58:15 +00:00
|
|
|
failure_message(const char *msg_format _U_, va_list ap _U_)
|
2007-05-25 17:22:32 +00:00
|
|
|
{
|
2011-05-31 15:31:34 +00:00
|
|
|
return;
|
2007-05-25 17:22:32 +00:00
|
|
|
}
|
2008-12-18 19:24:34 +00:00
|
|
|
#endif
|
2007-05-25 17:22:32 +00:00
|
|
|
|
2008-03-16 00:32:12 +00:00
|
|
|
int
|
|
|
|
|
main(int argc, char *argv[])
|
1999-12-04 12:53:52 +00:00
|
|
|
{
|
|
|
|
|
wtap *wth;
|
2005-04-10 23:12:48 +00:00
|
|
|
int i, j, err;
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
gchar *err_info;
|
2002-02-24 01:26:45 +00:00
|
|
|
int opt;
|
2011-01-06 23:28:58 +00:00
|
|
|
|
2000-04-27 00:31:30 +00:00
|
|
|
char *p;
|
2011-05-31 15:31:34 +00:00
|
|
|
guint32 snaplen = 0; /* No limit */
|
2013-07-12 17:14:19 +00:00
|
|
|
int choplen_begin = 0; /* No chop at beginning */
|
|
|
|
|
int choplen_end = 0; /* No chop at end */
|
2013-09-09 01:04:13 +00:00
|
|
|
int chopoff_begin_pos = 0, chopoff_begin_neg = 0;/* Offsets for chopping from beginning */
|
|
|
|
|
int chopoff_end_pos = 0, chopoff_end_neg = 0; /* Offset for chopping from end */
|
2013-07-10 20:02:45 +00:00
|
|
|
gboolean adjlen = FALSE;
|
2009-05-23 08:57:20 +00:00
|
|
|
wtap_dumper *pdh = NULL;
|
2012-09-09 14:23:38 +00:00
|
|
|
unsigned int count = 1;
|
2012-10-09 08:40:02 +00:00
|
|
|
unsigned int duplicate_count = 0;
|
2006-11-05 22:46:44 +00:00
|
|
|
gint64 data_offset;
|
2005-04-03 11:00:49 +00:00
|
|
|
struct wtap_pkthdr snap_phdr;
|
|
|
|
|
const struct wtap_pkthdr *phdr;
|
2005-04-10 23:12:48 +00:00
|
|
|
int err_type;
|
2012-03-03 00:14:16 +00:00
|
|
|
wtapng_section_t *shb_hdr;
|
|
|
|
|
wtapng_iface_descriptions_t *idb_inf;
|
2005-04-10 23:12:48 +00:00
|
|
|
guint8 *buf;
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
guint32 read_count = 0;
|
2005-12-16 16:37:03 +00:00
|
|
|
int split_packet_count = 0;
|
|
|
|
|
int written_count = 0;
|
2009-05-23 07:59:23 +00:00
|
|
|
char *filename = NULL;
|
2011-06-09 18:27:11 +00:00
|
|
|
gboolean ts_okay = TRUE;
|
2008-06-21 09:45:21 +00:00
|
|
|
int secs_per_block = 0;
|
|
|
|
|
int block_cnt = 0;
|
|
|
|
|
nstime_t block_start;
|
2009-05-23 07:59:23 +00:00
|
|
|
gchar *fprefix = NULL;
|
|
|
|
|
gchar *fsuffix = NULL;
|
2012-03-13 09:13:27 +00:00
|
|
|
char appname[100];
|
2008-06-21 09:45:21 +00:00
|
|
|
|
2007-06-17 04:58:16 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2007-05-25 17:22:32 +00:00
|
|
|
char* init_progfile_dir_error;
|
2008-03-16 00:32:12 +00:00
|
|
|
#endif
|
|
|
|
|
|
2011-01-06 23:28:58 +00:00
|
|
|
#ifdef _WIN32
|
2011-05-24 00:07:56 +00:00
|
|
|
arg_list_utf_16to8(argc, argv);
|
2013-02-20 01:19:42 +00:00
|
|
|
create_app_running_mutex();
|
2011-01-06 23:28:58 +00:00
|
|
|
#endif /* _WIN32 */
|
|
|
|
|
|
2008-03-16 00:32:12 +00:00
|
|
|
/*
|
|
|
|
|
* Get credential information for later use.
|
|
|
|
|
*/
|
2010-09-16 19:20:06 +00:00
|
|
|
init_process_policies();
|
2007-11-09 20:05:44 +00:00
|
|
|
|
2008-03-16 00:32:12 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2007-05-25 17:22:32 +00:00
|
|
|
/* Register wiretap plugins */
|
2009-03-22 06:53:17 +00:00
|
|
|
if ((init_progfile_dir_error = init_progfile_dir(argv[0], main))) {
|
2012-07-16 02:37:42 +00:00
|
|
|
g_warning("editcap: init_progfile_dir(): %s", init_progfile_dir_error);
|
2008-02-20 14:13:15 +00:00
|
|
|
g_free(init_progfile_dir_error);
|
|
|
|
|
} else {
|
2009-02-15 21:47:57 +00:00
|
|
|
init_report_err(failure_message,NULL,NULL,NULL);
|
2008-02-20 14:13:15 +00:00
|
|
|
init_plugins();
|
|
|
|
|
}
|
2007-06-17 04:58:16 +00:00
|
|
|
#endif
|
2007-11-09 20:05:44 +00:00
|
|
|
|
2007-05-25 17:22:32 +00:00
|
|
|
/* Process the options */
|
2013-07-10 20:02:45 +00:00
|
|
|
while ((opt = getopt(argc, argv, "A:B:c:C:dD:E:F:hi:Lrs:S:t:T:vw:")) !=-1) {
|
1999-12-04 12:53:52 +00:00
|
|
|
switch (opt) {
|
2013-07-10 20:02:45 +00:00
|
|
|
case 'A':
|
|
|
|
|
{
|
|
|
|
|
struct tm starttm;
|
1999-12-04 12:53:52 +00:00
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
memset(&starttm,0,sizeof(struct tm));
|
|
|
|
|
|
|
|
|
|
if(!strptime(optarg,"%Y-%m-%d %T",&starttm)) {
|
|
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n", optarg);
|
2008-02-20 14:13:15 +00:00
|
|
|
exit(1);
|
1999-12-05 01:27:14 +00:00
|
|
|
}
|
2013-07-10 20:02:45 +00:00
|
|
|
|
|
|
|
|
check_startstop = TRUE;
|
|
|
|
|
starttm.tm_isdst = -1;
|
|
|
|
|
|
|
|
|
|
starttime = mktime(&starttm);
|
1999-12-04 12:53:52 +00:00
|
|
|
break;
|
2013-07-10 20:02:45 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
case 'B':
|
|
|
|
|
{
|
|
|
|
|
struct tm stoptm;
|
|
|
|
|
|
|
|
|
|
memset(&stoptm,0,sizeof(struct tm));
|
|
|
|
|
|
|
|
|
|
if(!strptime(optarg,"%Y-%m-%d %T",&stoptm)) {
|
|
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time format\n\n", optarg);
|
2008-02-20 14:13:15 +00:00
|
|
|
exit(1);
|
1999-12-04 21:42:56 +00:00
|
|
|
}
|
2013-07-10 20:02:45 +00:00
|
|
|
check_startstop = TRUE;
|
|
|
|
|
stoptm.tm_isdst = -1;
|
|
|
|
|
stoptime = mktime(&stoptm);
|
1999-12-04 12:53:52 +00:00
|
|
|
break;
|
2013-07-10 20:02:45 +00:00
|
|
|
}
|
1999-12-04 12:53:52 +00:00
|
|
|
|
2005-12-16 16:37:03 +00:00
|
|
|
case 'c':
|
2012-12-26 05:57:06 +00:00
|
|
|
split_packet_count = (int)strtol(optarg, &p, 10);
|
2005-12-16 16:37:03 +00:00
|
|
|
if (p == optarg || *p != '\0') {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid packet count\n",
|
2008-02-20 14:13:15 +00:00
|
|
|
optarg);
|
|
|
|
|
exit(1);
|
2005-12-16 16:37:03 +00:00
|
|
|
}
|
|
|
|
|
if (split_packet_count <= 0) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%d\" packet count must be larger than zero\n",
|
2008-02-20 14:13:15 +00:00
|
|
|
split_packet_count);
|
|
|
|
|
exit(1);
|
2005-12-16 16:37:03 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2006-01-09 21:14:32 +00:00
|
|
|
case 'C':
|
2013-07-12 17:14:19 +00:00
|
|
|
{
|
2013-09-08 20:29:26 +00:00
|
|
|
int choplen = 0, chopoff = 0;
|
|
|
|
|
|
|
|
|
|
switch (sscanf(optarg, "%d:%d", &chopoff, &choplen)) {
|
|
|
|
|
case 1: /* only the chop length was specififed */
|
|
|
|
|
choplen = chopoff;
|
|
|
|
|
chopoff = 0;
|
|
|
|
|
break;
|
2013-09-08 21:35:24 +00:00
|
|
|
|
2013-09-09 01:04:13 +00:00
|
|
|
case 2: /* both an offset and chop length was specified */
|
2013-09-08 20:29:26 +00:00
|
|
|
break;
|
2013-09-09 01:04:13 +00:00
|
|
|
|
2013-09-08 20:29:26 +00:00
|
|
|
default:
|
|
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid chop length or offset:length\n",
|
2008-02-20 14:13:15 +00:00
|
|
|
optarg);
|
2013-09-08 20:29:26 +00:00
|
|
|
exit(1);
|
|
|
|
|
break;
|
2006-01-09 21:14:32 +00:00
|
|
|
}
|
2013-09-08 20:29:26 +00:00
|
|
|
|
2013-09-09 01:04:13 +00:00
|
|
|
if (choplen > 0) {
|
2013-07-12 17:14:19 +00:00
|
|
|
choplen_begin += choplen;
|
2013-09-09 01:04:13 +00:00
|
|
|
if (chopoff > 0)
|
|
|
|
|
chopoff_begin_pos += chopoff;
|
|
|
|
|
else
|
|
|
|
|
chopoff_begin_neg += chopoff;
|
|
|
|
|
} else if (choplen < 0) {
|
2013-07-12 17:14:19 +00:00
|
|
|
choplen_end += choplen;
|
2013-09-09 01:04:13 +00:00
|
|
|
if (chopoff > 0)
|
|
|
|
|
chopoff_end_pos += chopoff;
|
|
|
|
|
else
|
|
|
|
|
chopoff_end_neg += chopoff;
|
|
|
|
|
}
|
2006-01-09 21:14:32 +00:00
|
|
|
break;
|
2013-07-12 17:14:19 +00:00
|
|
|
}
|
2006-01-09 21:14:32 +00:00
|
|
|
|
2006-07-27 17:53:29 +00:00
|
|
|
case 'd':
|
|
|
|
|
dup_detect = TRUE;
|
2009-04-17 15:21:46 +00:00
|
|
|
dup_detect_by_time = FALSE;
|
|
|
|
|
dup_window = DEFAULT_DUP_DEPTH;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'D':
|
|
|
|
|
dup_detect = TRUE;
|
|
|
|
|
dup_detect_by_time = FALSE;
|
2012-12-26 05:57:06 +00:00
|
|
|
dup_window = (int)strtol(optarg, &p, 10);
|
2009-04-17 15:21:46 +00:00
|
|
|
if (p == optarg || *p != '\0') {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid duplicate window value\n",
|
2009-04-17 15:21:46 +00:00
|
|
|
optarg);
|
|
|
|
|
exit(1);
|
2006-07-27 17:53:29 +00:00
|
|
|
}
|
2009-04-17 15:21:46 +00:00
|
|
|
if (dup_window < 0 || dup_window > MAX_DUP_DEPTH) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%d\" duplicate window value must be between 0 and %d inclusive.\n",
|
2009-04-17 15:21:46 +00:00
|
|
|
dup_window, MAX_DUP_DEPTH);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
case 'E':
|
|
|
|
|
err_prob = strtod(optarg, &p);
|
|
|
|
|
if (p == optarg || err_prob < 0.0 || err_prob > 1.0) {
|
|
|
|
|
fprintf(stderr, "editcap: probability \"%s\" must be between 0.0 and 1.0\n",
|
|
|
|
|
optarg);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
srand( (unsigned int) (time(NULL) + getpid()) );
|
2006-07-27 17:53:29 +00:00
|
|
|
break;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
case 'F':
|
|
|
|
|
out_file_type = wtap_short_string_to_file_type(optarg);
|
|
|
|
|
if (out_file_type < 0) {
|
|
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid capture file type\n\n",
|
|
|
|
|
optarg);
|
2006-01-10 22:00:37 +00:00
|
|
|
list_capture_types();
|
2013-07-10 20:02:45 +00:00
|
|
|
exit(1);
|
2006-01-10 22:00:37 +00:00
|
|
|
}
|
2006-01-10 21:37:36 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'h':
|
2009-12-29 21:04:40 +00:00
|
|
|
usage(FALSE);
|
2005-04-10 23:12:48 +00:00
|
|
|
exit(1);
|
1999-12-12 21:04:29 +00:00
|
|
|
break;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
case 'i': /* break capture file based on time interval */
|
|
|
|
|
secs_per_block = atoi(optarg);
|
|
|
|
|
if(secs_per_block <= 0) {
|
|
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid time interval\n\n", optarg);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'L':
|
|
|
|
|
adjlen = TRUE;
|
|
|
|
|
break;
|
|
|
|
|
|
1999-12-04 12:53:52 +00:00
|
|
|
case 'r':
|
|
|
|
|
keep_em = !keep_em; /* Just invert */
|
|
|
|
|
break;
|
|
|
|
|
|
2000-04-27 00:31:30 +00:00
|
|
|
case 's':
|
2012-12-26 05:57:06 +00:00
|
|
|
snaplen = (guint32)strtol(optarg, &p, 10);
|
2000-04-27 00:31:30 +00:00
|
|
|
if (p == optarg || *p != '\0') {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid snapshot length\n",
|
2008-02-20 14:13:15 +00:00
|
|
|
optarg);
|
|
|
|
|
exit(1);
|
2000-04-27 00:31:30 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2010-06-02 00:30:25 +00:00
|
|
|
case 'S':
|
|
|
|
|
set_strict_time_adj(optarg);
|
|
|
|
|
do_strict_time_adjustment = TRUE;
|
|
|
|
|
break;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
case 't':
|
|
|
|
|
set_time_adjustment(optarg);
|
|
|
|
|
break;
|
|
|
|
|
|
2005-04-10 23:12:48 +00:00
|
|
|
case 'T':
|
|
|
|
|
out_frame_type = wtap_short_string_to_encap(optarg);
|
|
|
|
|
if (out_frame_type < 0) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: \"%s\" isn't a valid encapsulation type\n\n",
|
2011-05-31 15:31:34 +00:00
|
|
|
optarg);
|
2006-01-10 22:00:37 +00:00
|
|
|
list_encap_types();
|
2011-05-31 15:31:34 +00:00
|
|
|
exit(1);
|
2005-04-10 23:12:48 +00:00
|
|
|
}
|
1999-12-12 21:04:29 +00:00
|
|
|
break;
|
|
|
|
|
|
2005-04-10 23:12:48 +00:00
|
|
|
case 'v':
|
|
|
|
|
verbose = !verbose; /* Just invert */
|
1999-12-04 12:53:52 +00:00
|
|
|
break;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
case 'w':
|
|
|
|
|
dup_detect = FALSE;
|
|
|
|
|
dup_detect_by_time = TRUE;
|
|
|
|
|
dup_window = MAX_DUP_DEPTH;
|
|
|
|
|
set_rel_time(optarg);
|
2007-09-30 22:13:38 +00:00
|
|
|
break;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
case '?': /* Bad options if GNU getopt */
|
|
|
|
|
switch(optopt) {
|
|
|
|
|
case'F':
|
|
|
|
|
list_capture_types();
|
|
|
|
|
break;
|
|
|
|
|
case'T':
|
|
|
|
|
list_encap_types();
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
usage(TRUE);
|
2007-09-30 22:13:38 +00:00
|
|
|
}
|
2013-07-10 20:02:45 +00:00
|
|
|
exit(1);
|
2007-09-30 22:13:38 +00:00
|
|
|
break;
|
|
|
|
|
}
|
1999-12-04 12:53:52 +00:00
|
|
|
}
|
2006-07-27 17:53:29 +00:00
|
|
|
|
1999-12-12 21:04:29 +00:00
|
|
|
#ifdef DEBUG
|
2012-02-24 05:17:46 +00:00
|
|
|
printf("Optind = %i, argc = %i\n", optind, argc);
|
1999-12-12 21:04:29 +00:00
|
|
|
#endif
|
1999-12-04 12:53:52 +00:00
|
|
|
|
1999-12-12 21:04:29 +00:00
|
|
|
if ((argc - optind) < 1) {
|
1999-12-04 12:53:52 +00:00
|
|
|
|
2009-12-29 21:04:40 +00:00
|
|
|
usage(TRUE);
|
1999-12-04 12:53:52 +00:00
|
|
|
exit(1);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2006-03-16 19:45:02 +00:00
|
|
|
if (check_startstop && !stoptime) {
|
2007-09-30 22:13:38 +00:00
|
|
|
struct tm stoptm;
|
|
|
|
|
/* XXX: will work until 2035 */
|
|
|
|
|
memset(&stoptm,0,sizeof(struct tm));
|
|
|
|
|
stoptm.tm_year = 135;
|
|
|
|
|
stoptm.tm_mday = 31;
|
|
|
|
|
stoptm.tm_mon = 11;
|
|
|
|
|
|
|
|
|
|
stoptime = mktime(&stoptm);
|
2006-03-16 19:45:02 +00:00
|
|
|
}
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
nstime_set_unset(&block_start);
|
|
|
|
|
|
2006-03-13 22:20:07 +00:00
|
|
|
if (starttime > stoptime) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: start time is after the stop time\n");
|
2007-09-30 22:13:38 +00:00
|
|
|
exit(1);
|
2006-03-13 22:20:07 +00:00
|
|
|
}
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2008-06-21 09:45:21 +00:00
|
|
|
if (split_packet_count > 0 && secs_per_block > 0) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: can't split on both packet count and time interval\n");
|
|
|
|
|
fprintf(stderr, "editcap: at the same time\n");
|
2008-06-21 09:45:21 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
wth = wtap_open_offline(argv[optind], &err, &err_info, FALSE);
|
1999-12-04 12:53:52 +00:00
|
|
|
|
|
|
|
|
if (!wth) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Can't open %s: %s\n", argv[optind],
|
1999-12-04 12:53:52 +00:00
|
|
|
wtap_strerror(err));
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
switch (err) {
|
|
|
|
|
|
|
|
|
|
case WTAP_ERR_UNSUPPORTED:
|
|
|
|
|
case WTAP_ERR_UNSUPPORTED_ENCAP:
|
2011-12-13 09:53:50 +00:00
|
|
|
case WTAP_ERR_BAD_FILE:
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "(%s)\n", err_info);
|
2004-01-25 22:21:39 +00:00
|
|
|
g_free(err_info);
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
1999-12-04 12:53:52 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-12 21:04:29 +00:00
|
|
|
if (verbose) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "File %s is a %s capture file.\n", argv[optind],
|
2008-02-20 14:13:15 +00:00
|
|
|
wtap_file_type_string(wtap_file_type(wth)));
|
1999-12-04 12:53:52 +00:00
|
|
|
}
|
|
|
|
|
|
2012-03-03 00:14:16 +00:00
|
|
|
shb_hdr = wtap_file_get_shb_info(wth);
|
|
|
|
|
idb_inf = wtap_file_get_idb_info(wth);
|
|
|
|
|
|
1999-12-12 21:04:29 +00:00
|
|
|
/*
|
|
|
|
|
* Now, process the rest, if any ... we only write if there is an extra
|
|
|
|
|
* argument or so ...
|
|
|
|
|
*/
|
1999-12-04 12:53:52 +00:00
|
|
|
|
1999-12-12 21:04:29 +00:00
|
|
|
if ((argc - optind) >= 2) {
|
1999-12-04 12:53:52 +00:00
|
|
|
|
1999-12-12 21:04:29 +00:00
|
|
|
if (out_frame_type == -2)
|
|
|
|
|
out_frame_type = wtap_file_encap(wth);
|
1999-12-04 12:53:52 +00:00
|
|
|
|
1999-12-12 21:04:29 +00:00
|
|
|
for (i = optind + 2; i < argc; i++)
|
2007-06-20 20:02:52 +00:00
|
|
|
if (add_selection(argv[i]) == FALSE)
|
2008-01-24 17:14:01 +00:00
|
|
|
break;
|
1999-12-12 21:04:29 +00:00
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
if (dup_detect || dup_detect_by_time) {
|
|
|
|
|
for (i = 0; i < dup_window; i++) {
|
|
|
|
|
memset(&fd_hash[i].digest, 0, 16);
|
|
|
|
|
fd_hash[i].len = 0;
|
|
|
|
|
nstime_set_unset(&fd_hash[i].time);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-03 11:00:49 +00:00
|
|
|
while (wtap_read(wth, &err, &err_info, &data_offset)) {
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
read_count++;
|
|
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
phdr = wtap_phdr(wth);
|
2011-02-04 21:09:55 +00:00
|
|
|
buf = wtap_buf_ptr(wth);
|
2005-04-03 11:00:49 +00:00
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
if (nstime_is_unset(&block_start)) { /* should only be the first packet */
|
|
|
|
|
block_start.secs = phdr->ts.secs;
|
|
|
|
|
block_start.nsecs = phdr->ts.nsecs;
|
2008-06-21 09:45:21 +00:00
|
|
|
|
2009-05-23 20:22:42 +00:00
|
|
|
if (split_packet_count > 0 || secs_per_block > 0) {
|
|
|
|
|
if (!fileset_extract_prefix_suffix(argv[optind+1], &fprefix, &fsuffix))
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
2009-05-23 07:59:23 +00:00
|
|
|
|
2009-05-23 20:22:42 +00:00
|
|
|
filename = fileset_get_filename_by_pattern(block_cnt++, &phdr->ts, fprefix, fsuffix);
|
|
|
|
|
} else
|
|
|
|
|
filename = g_strdup(argv[optind+1]);
|
2008-06-21 09:45:21 +00:00
|
|
|
|
2012-03-13 09:13:27 +00:00
|
|
|
/* If we don't have an application name add Editcap */
|
2012-03-13 14:11:08 +00:00
|
|
|
if(shb_hdr->shb_user_appl == NULL) {
|
2012-03-13 09:13:27 +00:00
|
|
|
g_snprintf(appname, sizeof(appname), "Editcap " VERSION);
|
2012-03-13 14:11:08 +00:00
|
|
|
shb_hdr->shb_user_appl = appname;
|
|
|
|
|
}
|
2012-03-13 09:13:27 +00:00
|
|
|
|
2012-03-03 00:14:16 +00:00
|
|
|
pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
|
2011-05-31 15:31:34 +00:00
|
|
|
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
|
2012-03-03 00:14:16 +00:00
|
|
|
FALSE /* compressed */, shb_hdr, idb_inf, &err);
|
2012-03-14 01:08:09 +00:00
|
|
|
|
2010-05-28 20:19:55 +00:00
|
|
|
if (pdh == NULL) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
|
2009-05-23 07:59:23 +00:00
|
|
|
wtap_strerror(err));
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
2009-05-23 07:59:23 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
g_assert(filename);
|
|
|
|
|
|
|
|
|
|
if (secs_per_block > 0) {
|
2009-04-17 16:21:33 +00:00
|
|
|
while ((phdr->ts.secs - block_start.secs > secs_per_block) ||
|
2009-05-23 07:59:23 +00:00
|
|
|
(phdr->ts.secs - block_start.secs == secs_per_block &&
|
2008-06-21 09:45:21 +00:00
|
|
|
phdr->ts.nsecs >= block_start.nsecs )) { /* time for the next file */
|
|
|
|
|
|
|
|
|
|
if (!wtap_dump_close(pdh, &err)) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
|
2008-06-21 09:45:21 +00:00
|
|
|
wtap_strerror(err));
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
2009-05-23 07:59:23 +00:00
|
|
|
}
|
2008-06-21 09:45:21 +00:00
|
|
|
block_start.secs = block_start.secs + secs_per_block; /* reset for next interval */
|
2009-05-23 07:59:23 +00:00
|
|
|
g_free(filename);
|
|
|
|
|
filename = fileset_get_filename_by_pattern(block_cnt++, &phdr->ts, fprefix, fsuffix);
|
|
|
|
|
g_assert(filename);
|
2008-06-21 09:45:21 +00:00
|
|
|
|
|
|
|
|
if (verbose) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "Continuing writing in file %s\n", filename);
|
2009-05-23 07:59:23 +00:00
|
|
|
}
|
2008-06-21 09:45:21 +00:00
|
|
|
|
2012-06-15 12:27:21 +00:00
|
|
|
pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
|
2011-05-31 15:31:34 +00:00
|
|
|
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
|
2012-06-15 12:27:21 +00:00
|
|
|
FALSE /* compressed */, shb_hdr, idb_inf, &err);
|
2008-06-21 09:45:21 +00:00
|
|
|
|
|
|
|
|
if (pdh == NULL) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
|
2008-06-21 09:45:21 +00:00
|
|
|
wtap_strerror(err));
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
2008-06-21 09:45:21 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
if (split_packet_count > 0) {
|
2005-12-16 16:37:03 +00:00
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
/* time for the next file? */
|
2010-05-28 20:19:55 +00:00
|
|
|
if (written_count > 0 &&
|
2009-05-23 07:59:23 +00:00
|
|
|
written_count % split_packet_count == 0) {
|
|
|
|
|
if (!wtap_dump_close(pdh, &err)) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
|
2009-05-23 07:59:23 +00:00
|
|
|
wtap_strerror(err));
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
2009-05-23 07:59:23 +00:00
|
|
|
}
|
2005-12-16 16:37:03 +00:00
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
g_free(filename);
|
|
|
|
|
filename = fileset_get_filename_by_pattern(block_cnt++, &phdr->ts, fprefix, fsuffix);
|
|
|
|
|
g_assert(filename);
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
if (verbose) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "Continuing writing in file %s\n", filename);
|
2009-05-23 07:59:23 +00:00
|
|
|
}
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2012-06-15 12:27:21 +00:00
|
|
|
pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
|
2011-05-31 15:31:34 +00:00
|
|
|
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)) : wtap_snapshot_length(wth),
|
2012-06-15 12:27:21 +00:00
|
|
|
FALSE /* compressed */, shb_hdr, idb_inf, &err);
|
2009-05-23 07:59:23 +00:00
|
|
|
if (pdh == NULL) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
|
2009-05-23 07:59:23 +00:00
|
|
|
wtap_strerror(err));
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
2009-05-23 07:59:23 +00:00
|
|
|
}
|
2008-01-24 17:14:01 +00:00
|
|
|
}
|
2005-12-16 16:37:03 +00:00
|
|
|
}
|
2007-11-09 20:05:44 +00:00
|
|
|
|
2011-06-09 18:27:11 +00:00
|
|
|
if (check_startstop)
|
|
|
|
|
ts_okay = check_timestamp(wth);
|
2007-11-09 20:05:44 +00:00
|
|
|
|
2011-06-09 18:27:11 +00:00
|
|
|
if ( ts_okay && ((!selected(count) && !keep_em) || (selected(count) && keep_em)) ) {
|
2005-04-03 11:00:49 +00:00
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
if (verbose && !dup_detect && !dup_detect_by_time)
|
2012-02-24 05:17:46 +00:00
|
|
|
printf("Packet: %u\n", count);
|
2005-04-03 11:00:49 +00:00
|
|
|
|
|
|
|
|
/* We simply write it, perhaps after truncating it; we could do other
|
|
|
|
|
things, like modify it. */
|
|
|
|
|
|
|
|
|
|
phdr = wtap_phdr(wth);
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
if (snaplen != 0) {
|
|
|
|
|
if (phdr->caplen > snaplen) {
|
|
|
|
|
snap_phdr = *phdr;
|
|
|
|
|
snap_phdr.caplen = snaplen;
|
|
|
|
|
phdr = &snap_phdr;
|
|
|
|
|
}
|
|
|
|
|
if (adjlen && phdr->len > snaplen) {
|
|
|
|
|
snap_phdr = *phdr;
|
|
|
|
|
snap_phdr.len = snaplen;
|
|
|
|
|
phdr = &snap_phdr;
|
|
|
|
|
}
|
2011-02-04 21:09:55 +00:00
|
|
|
}
|
|
|
|
|
|
2013-09-08 20:29:26 +00:00
|
|
|
/* CHOP */
|
|
|
|
|
/* If we're not chopping anything from one side, then the offset for
|
|
|
|
|
* that side is meaningless. */
|
|
|
|
|
if (choplen_begin == 0)
|
2013-09-09 01:04:13 +00:00
|
|
|
chopoff_begin_pos = chopoff_begin_neg = 0;
|
2013-09-08 20:29:26 +00:00
|
|
|
if (choplen_end == 0)
|
2013-09-09 01:04:13 +00:00
|
|
|
chopoff_end_pos = chopoff_end_neg = 0;
|
|
|
|
|
|
|
|
|
|
if (chopoff_begin_neg < 0) {
|
|
|
|
|
chopoff_begin_pos += phdr->caplen + chopoff_begin_neg;
|
|
|
|
|
chopoff_begin_neg = 0;
|
|
|
|
|
}
|
|
|
|
|
if (chopoff_end_pos > 0) {
|
|
|
|
|
chopoff_end_neg += chopoff_end_pos - phdr->caplen;
|
|
|
|
|
chopoff_end_pos = 0;
|
|
|
|
|
}
|
2013-09-08 20:29:26 +00:00
|
|
|
|
|
|
|
|
/* Make sure we don't chop off more than we have available */
|
2013-09-09 01:04:13 +00:00
|
|
|
if (phdr->caplen < (guint32)(chopoff_begin_pos - chopoff_end_neg)) {
|
2013-09-08 20:29:26 +00:00
|
|
|
choplen_begin = 0;
|
|
|
|
|
choplen_end = 0;
|
|
|
|
|
}
|
|
|
|
|
if ((guint32)(choplen_begin - choplen_end) >
|
2013-09-09 01:04:13 +00:00
|
|
|
(phdr->caplen - (guint32)(chopoff_begin_pos - chopoff_end_neg))) {
|
|
|
|
|
choplen_begin = phdr->caplen - (chopoff_begin_pos - chopoff_end_neg);
|
2013-09-08 20:29:26 +00:00
|
|
|
choplen_end = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Handle chopping from the beginning. Note that if a beginning offset
|
|
|
|
|
* was specified, we need to keep that piece */
|
|
|
|
|
if (choplen_begin > 0) {
|
2006-01-09 21:14:32 +00:00
|
|
|
snap_phdr = *phdr;
|
2013-09-08 20:29:26 +00:00
|
|
|
|
2013-09-09 01:04:13 +00:00
|
|
|
if (chopoff_begin_pos > 0) {
|
|
|
|
|
memmove(&buf[chopoff_begin_pos], &buf[chopoff_begin_pos + choplen_begin],
|
2013-09-08 20:29:26 +00:00
|
|
|
snap_phdr.caplen - choplen_begin);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
buf += choplen_begin;
|
|
|
|
|
}
|
|
|
|
|
snap_phdr.caplen -= choplen_begin;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
if (adjlen) {
|
2013-09-08 20:29:26 +00:00
|
|
|
if (phdr->len > (guint32)choplen_begin) {
|
|
|
|
|
snap_phdr.len -= choplen_begin;
|
|
|
|
|
} else {
|
2013-07-10 20:02:45 +00:00
|
|
|
snap_phdr.len = 0;
|
2013-09-08 20:29:26 +00:00
|
|
|
}
|
2013-07-10 20:02:45 +00:00
|
|
|
}
|
2006-01-09 21:14:32 +00:00
|
|
|
phdr = &snap_phdr;
|
2013-07-12 17:14:19 +00:00
|
|
|
}
|
|
|
|
|
|
2013-09-08 20:29:26 +00:00
|
|
|
/* Handle chopping from the end. Note that if an ending offset
|
|
|
|
|
* was specified, we need to keep that piece */
|
|
|
|
|
if (choplen_end < 0) {
|
2005-04-03 11:00:49 +00:00
|
|
|
snap_phdr = *phdr;
|
2013-09-08 20:29:26 +00:00
|
|
|
|
2013-09-09 01:04:13 +00:00
|
|
|
if (chopoff_end_neg < 0) {
|
|
|
|
|
memmove(&buf[(gint)snap_phdr.caplen + (choplen_end + chopoff_end_neg)],
|
|
|
|
|
&buf[(gint)snap_phdr.caplen + chopoff_end_neg], -chopoff_end_neg);
|
2013-09-08 20:29:26 +00:00
|
|
|
}
|
|
|
|
|
snap_phdr.caplen += choplen_end;
|
|
|
|
|
|
2013-07-10 20:02:45 +00:00
|
|
|
if (adjlen) {
|
2013-09-08 20:29:26 +00:00
|
|
|
if (((signed int) phdr->len + choplen_end) > 0) {
|
|
|
|
|
snap_phdr.len += choplen_end;
|
|
|
|
|
} else {
|
2013-07-10 20:02:45 +00:00
|
|
|
snap_phdr.len = 0;
|
2013-09-08 20:29:26 +00:00
|
|
|
}
|
2013-07-10 20:02:45 +00:00
|
|
|
}
|
2005-04-03 11:00:49 +00:00
|
|
|
phdr = &snap_phdr;
|
|
|
|
|
}
|
|
|
|
|
|
2010-06-02 00:30:25 +00:00
|
|
|
/*
|
|
|
|
|
* Do we adjust timestamps to insure strict chronologically order?
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (do_strict_time_adjustment) {
|
|
|
|
|
if (previous_time.secs || previous_time.nsecs) {
|
|
|
|
|
if (!strict_time_adj.is_negative) {
|
|
|
|
|
nstime_t current;
|
|
|
|
|
nstime_t delta;
|
|
|
|
|
|
|
|
|
|
current.secs = phdr->ts.secs;
|
|
|
|
|
current.nsecs = phdr->ts.nsecs;
|
|
|
|
|
|
|
|
|
|
nstime_delta(&delta, ¤t, &previous_time);
|
|
|
|
|
|
|
|
|
|
if (delta.secs < 0 || delta.nsecs < 0)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* A negative delta indicates that the current packet
|
|
|
|
|
* has an absolute timestamp less than the previous packet
|
|
|
|
|
* that it is being compared to. This is NOT a normal
|
|
|
|
|
* situation since trace files usually have packets in
|
|
|
|
|
* chronological order (oldest to newest).
|
|
|
|
|
*/
|
2012-02-24 05:17:46 +00:00
|
|
|
/* printf("++out of order, need to adjust this packet!\n"); */
|
2010-06-02 00:30:25 +00:00
|
|
|
snap_phdr = *phdr;
|
|
|
|
|
snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
|
|
|
|
|
snap_phdr.ts.nsecs = previous_time.nsecs;
|
|
|
|
|
if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
|
|
|
|
|
/* carry */
|
|
|
|
|
snap_phdr.ts.secs++;
|
|
|
|
|
snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
|
|
|
|
|
} else {
|
|
|
|
|
snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
|
|
|
|
|
}
|
|
|
|
|
phdr = &snap_phdr;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2010-09-16 19:20:06 +00:00
|
|
|
/*
|
|
|
|
|
* A negative strict time adjustment is requested.
|
|
|
|
|
* Unconditionally set each timestamp to previous
|
2010-06-02 00:30:25 +00:00
|
|
|
* packet's timestamp plus delta.
|
|
|
|
|
*/
|
|
|
|
|
snap_phdr = *phdr;
|
|
|
|
|
snap_phdr.ts.secs = previous_time.secs + strict_time_adj.tv.tv_sec;
|
|
|
|
|
snap_phdr.ts.nsecs = previous_time.nsecs;
|
|
|
|
|
if (snap_phdr.ts.nsecs + strict_time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
|
|
|
|
|
/* carry */
|
|
|
|
|
snap_phdr.ts.secs++;
|
|
|
|
|
snap_phdr.ts.nsecs += (strict_time_adj.tv.tv_usec - ONE_MILLION) * 1000;
|
|
|
|
|
} else {
|
|
|
|
|
snap_phdr.ts.nsecs += strict_time_adj.tv.tv_usec * 1000;
|
|
|
|
|
}
|
|
|
|
|
phdr = &snap_phdr;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
previous_time.secs = phdr->ts.secs;
|
|
|
|
|
previous_time.nsecs = phdr->ts.nsecs;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-03 11:00:49 +00:00
|
|
|
/* assume that if the frame's tv_sec is 0, then
|
|
|
|
|
* the timestamp isn't supported */
|
2005-08-24 22:27:21 +00:00
|
|
|
if (phdr->ts.secs > 0 && time_adj.tv.tv_sec != 0) {
|
2005-04-03 11:00:49 +00:00
|
|
|
snap_phdr = *phdr;
|
|
|
|
|
if (time_adj.is_negative)
|
2005-08-24 22:27:21 +00:00
|
|
|
snap_phdr.ts.secs -= time_adj.tv.tv_sec;
|
2005-04-03 11:00:49 +00:00
|
|
|
else
|
2005-08-24 22:27:21 +00:00
|
|
|
snap_phdr.ts.secs += time_adj.tv.tv_sec;
|
2005-04-03 11:00:49 +00:00
|
|
|
phdr = &snap_phdr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* assume that if the frame's tv_sec is 0, then
|
|
|
|
|
* the timestamp isn't supported */
|
2005-08-24 22:27:21 +00:00
|
|
|
if (phdr->ts.secs > 0 && time_adj.tv.tv_usec != 0) {
|
2005-04-03 11:00:49 +00:00
|
|
|
snap_phdr = *phdr;
|
|
|
|
|
if (time_adj.is_negative) { /* subtract */
|
2005-08-24 22:27:21 +00:00
|
|
|
if (snap_phdr.ts.nsecs/1000 < time_adj.tv.tv_usec) { /* borrow */
|
|
|
|
|
snap_phdr.ts.secs--;
|
|
|
|
|
snap_phdr.ts.nsecs += ONE_MILLION * 1000;
|
2005-04-03 11:00:49 +00:00
|
|
|
}
|
2005-08-24 22:27:21 +00:00
|
|
|
snap_phdr.ts.nsecs -= time_adj.tv.tv_usec * 1000;
|
2005-04-03 11:00:49 +00:00
|
|
|
} else { /* add */
|
2005-08-24 22:27:21 +00:00
|
|
|
if (snap_phdr.ts.nsecs + time_adj.tv.tv_usec * 1000 > ONE_MILLION * 1000) {
|
2005-04-03 11:00:49 +00:00
|
|
|
/* carry */
|
2005-08-24 22:27:21 +00:00
|
|
|
snap_phdr.ts.secs++;
|
|
|
|
|
snap_phdr.ts.nsecs += (time_adj.tv.tv_usec - ONE_MILLION) * 1000;
|
2005-04-03 11:00:49 +00:00
|
|
|
} else {
|
2005-08-24 22:27:21 +00:00
|
|
|
snap_phdr.ts.nsecs += time_adj.tv.tv_usec * 1000;
|
2005-04-03 11:00:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
phdr = &snap_phdr;
|
|
|
|
|
}
|
|
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
/* suppress duplicates by packet window */
|
2008-01-24 17:14:01 +00:00
|
|
|
if (dup_detect) {
|
|
|
|
|
if (is_duplicate(buf, phdr->caplen)) {
|
2009-04-17 15:21:46 +00:00
|
|
|
if (verbose) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "Skipped: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
|
2009-04-17 15:21:46 +00:00
|
|
|
for (i = 0; i < 16; i++) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "%02x", (unsigned char)fd_hash[cur_dup_entry].digest[i]);
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "\n");
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
|
|
|
|
duplicate_count++;
|
|
|
|
|
count++;
|
|
|
|
|
continue;
|
|
|
|
|
} else {
|
|
|
|
|
if (verbose) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "Packet: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
|
2009-04-17 15:21:46 +00:00
|
|
|
for (i = 0; i < 16; i++) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "%02x", (unsigned char)fd_hash[cur_dup_entry].digest[i]);
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "\n");
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* suppress duplicates by time window */
|
|
|
|
|
if (dup_detect_by_time) {
|
|
|
|
|
nstime_t current;
|
|
|
|
|
|
|
|
|
|
current.secs = phdr->ts.secs;
|
|
|
|
|
current.nsecs = phdr->ts.nsecs;
|
|
|
|
|
|
|
|
|
|
if (is_duplicate_rel_time(buf, phdr->caplen, ¤t)) {
|
|
|
|
|
if (verbose) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "Skipped: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
|
2009-04-17 15:21:46 +00:00
|
|
|
for (i = 0; i < 16; i++) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "%02x", (unsigned char)fd_hash[cur_dup_entry].digest[i]);
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "\n");
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
|
|
|
|
duplicate_count++;
|
2006-07-27 17:53:29 +00:00
|
|
|
count++;
|
2008-01-24 17:14:01 +00:00
|
|
|
continue;
|
2009-04-17 15:21:46 +00:00
|
|
|
} else {
|
|
|
|
|
if (verbose) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "Packet: %u, Len: %u, MD5 Hash: ", count, phdr->caplen);
|
2009-04-17 15:21:46 +00:00
|
|
|
for (i = 0; i < 16; i++) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "%02x", (unsigned char)fd_hash[cur_dup_entry].digest[i]);
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "\n");
|
2009-04-17 15:21:46 +00:00
|
|
|
}
|
2006-07-27 17:53:29 +00:00
|
|
|
}
|
2008-01-24 17:14:01 +00:00
|
|
|
}
|
2006-07-27 17:53:29 +00:00
|
|
|
|
2008-01-24 17:14:01 +00:00
|
|
|
/* Random error mutation */
|
2005-04-10 23:12:48 +00:00
|
|
|
if (err_prob > 0.0) {
|
2008-02-20 14:13:15 +00:00
|
|
|
int real_data_start = 0;
|
|
|
|
|
/* Protect non-protocol data */
|
|
|
|
|
if (wtap_file_type(wth) == WTAP_FILE_CATAPULT_DCT2000) {
|
|
|
|
|
real_data_start = find_dct2000_real_data(buf);
|
|
|
|
|
}
|
|
|
|
|
for (i = real_data_start; i < (int) phdr->caplen; i++) {
|
2005-04-10 23:12:48 +00:00
|
|
|
if (rand() <= err_prob * RAND_MAX) {
|
|
|
|
|
err_type = rand() / (RAND_MAX / ERR_WT_TOTAL + 1);
|
|
|
|
|
|
2005-05-30 16:49:47 +00:00
|
|
|
if (err_type < ERR_WT_BIT) {
|
|
|
|
|
buf[i] ^= 1 << (rand() / (RAND_MAX / 8 + 1));
|
|
|
|
|
err_type = ERR_WT_TOTAL;
|
|
|
|
|
} else {
|
|
|
|
|
err_type -= ERR_WT_BYTE;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-10 23:12:48 +00:00
|
|
|
if (err_type < ERR_WT_BYTE) {
|
|
|
|
|
buf[i] = rand() / (RAND_MAX / 255 + 1);
|
|
|
|
|
err_type = ERR_WT_TOTAL;
|
|
|
|
|
} else {
|
|
|
|
|
err_type -= ERR_WT_BYTE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (err_type < ERR_WT_ALNUM) {
|
|
|
|
|
buf[i] = ALNUM_CHARS[rand() / (RAND_MAX / ALNUM_LEN + 1)];
|
|
|
|
|
err_type = ERR_WT_TOTAL;
|
|
|
|
|
} else {
|
|
|
|
|
err_type -= ERR_WT_ALNUM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (err_type < ERR_WT_FMT) {
|
2005-07-26 09:34:49 +00:00
|
|
|
if ((unsigned int)i < phdr->caplen - 2)
|
2011-06-23 13:50:07 +00:00
|
|
|
g_strlcpy((char*) &buf[i], "%s", 2);
|
2005-04-10 23:12:48 +00:00
|
|
|
err_type = ERR_WT_TOTAL;
|
|
|
|
|
} else {
|
|
|
|
|
err_type -= ERR_WT_FMT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (err_type < ERR_WT_AA) {
|
|
|
|
|
for (j = i; j < (int) phdr->caplen; j++) {
|
|
|
|
|
buf[j] = 0xAA;
|
|
|
|
|
}
|
|
|
|
|
i = phdr->caplen;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-16 21:50:57 +00:00
|
|
|
if (!wtap_dump(pdh, phdr, buf, &err)) {
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
switch (err) {
|
|
|
|
|
|
|
|
|
|
case WTAP_ERR_UNSUPPORTED_ENCAP:
|
|
|
|
|
/*
|
|
|
|
|
* This is a problem with the particular frame we're writing;
|
|
|
|
|
* note that, and give the frame number.
|
|
|
|
|
*/
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Frame %u of \"%s\" has a network type that can't be saved in a file with that format\n.",
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
read_count, argv[optind]);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Error writing to %s: %s\n",
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
filename, wtap_strerror(err));
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
2008-01-24 17:14:01 +00:00
|
|
|
}
|
|
|
|
|
written_count++;
|
2005-04-03 11:00:49 +00:00
|
|
|
}
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-15 12:27:21 +00:00
|
|
|
|
2009-05-23 07:59:23 +00:00
|
|
|
g_free(fprefix);
|
|
|
|
|
g_free(fsuffix);
|
|
|
|
|
|
2005-04-03 11:00:49 +00:00
|
|
|
if (err != 0) {
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
/* Print a message noting that the read failed somewhere along the line. */
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr,
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
"editcap: An error occurred while reading \"%s\": %s.\n",
|
2008-02-20 14:13:15 +00:00
|
|
|
argv[optind], wtap_strerror(err));
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
switch (err) {
|
|
|
|
|
|
|
|
|
|
case WTAP_ERR_UNSUPPORTED:
|
|
|
|
|
case WTAP_ERR_UNSUPPORTED_ENCAP:
|
2011-12-13 09:53:50 +00:00
|
|
|
case WTAP_ERR_BAD_FILE:
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "(%s)\n", err_info);
|
2008-05-30 02:44:02 +00:00
|
|
|
g_free(err_info);
|
2008-01-24 17:14:01 +00:00
|
|
|
break;
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
}
|
|
|
|
|
}
|
1999-12-12 21:04:29 +00:00
|
|
|
|
2009-06-02 23:14:19 +00:00
|
|
|
if (!pdh) {
|
|
|
|
|
/* No valid packages found, open the outfile so we can write an empty header */
|
|
|
|
|
g_free (filename);
|
|
|
|
|
filename = g_strdup(argv[optind+1]);
|
|
|
|
|
|
2012-06-15 12:27:21 +00:00
|
|
|
pdh = wtap_dump_open_ng(filename, out_file_type, out_frame_type,
|
2011-05-31 15:31:34 +00:00
|
|
|
snaplen ? MIN(snaplen, wtap_snapshot_length(wth)): wtap_snapshot_length(wth),
|
2012-06-15 12:27:21 +00:00
|
|
|
FALSE /* compressed */, shb_hdr, idb_inf, &err);
|
2009-06-02 23:14:19 +00:00
|
|
|
if (pdh == NULL) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Can't open or create %s: %s\n", filename,
|
2011-05-31 15:31:34 +00:00
|
|
|
wtap_strerror(err));
|
|
|
|
|
exit(2);
|
2009-06-02 23:14:19 +00:00
|
|
|
}
|
|
|
|
|
}
|
1999-12-12 21:04:29 +00:00
|
|
|
|
2012-06-15 12:27:21 +00:00
|
|
|
g_free(idb_inf);
|
|
|
|
|
idb_inf = NULL;
|
|
|
|
|
|
2009-06-02 23:14:19 +00:00
|
|
|
if (!wtap_dump_close(pdh, &err)) {
|
|
|
|
|
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stderr, "editcap: Error writing to %s: %s\n", filename,
|
2008-02-20 14:13:15 +00:00
|
|
|
wtap_strerror(err));
|
2009-05-23 20:29:12 +00:00
|
|
|
exit(2);
|
1999-12-12 21:04:29 +00:00
|
|
|
|
|
|
|
|
}
|
2012-03-12 14:18:04 +00:00
|
|
|
g_free(shb_hdr);
|
2009-06-02 23:14:19 +00:00
|
|
|
g_free(filename);
|
1999-12-04 12:53:52 +00:00
|
|
|
}
|
1999-12-12 21:04:29 +00:00
|
|
|
|
2009-04-17 15:21:46 +00:00
|
|
|
if (dup_detect) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "%u packet%s seen, %u packet%s skipped with duplicate window of %u packets.\n",
|
2009-04-17 15:21:46 +00:00
|
|
|
count - 1, plurality(count - 1, "", "s"),
|
|
|
|
|
duplicate_count, plurality(duplicate_count, "", "s"), dup_window);
|
|
|
|
|
} else if (dup_detect_by_time) {
|
2012-02-24 05:17:46 +00:00
|
|
|
fprintf(stdout, "%u packet%s seen, %u packet%s skipped with duplicate time window equal to or less than %ld.%09ld seconds.\n",
|
2009-04-17 15:21:46 +00:00
|
|
|
count - 1, plurality(count - 1, "", "s"),
|
|
|
|
|
duplicate_count, plurality(duplicate_count, "", "s"),
|
|
|
|
|
(long)relative_time_window.secs, (long int)relative_time_window.nsecs);
|
|
|
|
|
}
|
|
|
|
|
|
2001-04-20 22:35:19 +00:00
|
|
|
return 0;
|
1999-12-04 12:53:52 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2008-02-20 14:13:15 +00:00
|
|
|
/* Skip meta-information read from file to return offset of real
|
|
|
|
|
protocol data */
|
|
|
|
|
static int find_dct2000_real_data(guint8 *buf)
|
|
|
|
|
{
|
|
|
|
|
int n=0;
|
|
|
|
|
|
|
|
|
|
for (n=0; buf[n] != '\0'; n++); /* Context name */
|
|
|
|
|
n++;
|
|
|
|
|
n++; /* Context port number */
|
|
|
|
|
for (; buf[n] != '\0'; n++); /* Timestamp */
|
|
|
|
|
n++;
|
|
|
|
|
for (; buf[n] != '\0'; n++); /* Protocol name */
|
|
|
|
|
n++;
|
|
|
|
|
for (; buf[n] != '\0'; n++); /* Variant number (as string) */
|
|
|
|
|
n++;
|
|
|
|
|
for (; buf[n] != '\0'; n++); /* Outhdr (as string) */
|
|
|
|
|
n++;
|
|
|
|
|
n += 2; /* Direction & encap */
|
|
|
|
|
|
|
|
|
|
return n;
|
|
|
|
|
}
|