2014-05-09 05:18:49 +00:00
|
|
|
/* Combine multiple dump files, either by appending or by merging by timestamp
|
2004-06-17 21:53:26 +00:00
|
|
|
*
|
|
|
|
* Written by Scott Renfro <scott@renfro.org> based on
|
|
|
|
* editcap by Richard Sharpe and Guy Harris
|
|
|
|
*
|
2013-01-15 02:17:16 +00:00
|
|
|
* Copyright 2013, Scott Renfro <scott[AT]renfro.org>
|
|
|
|
*
|
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2004-06-17 21:53:26 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
2004-10-29 00:36:52 +00:00
|
|
|
#include <errno.h>
|
2004-06-17 21:53:26 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_UNISTD_H
|
|
|
|
#include <unistd.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <string.h>
|
2004-06-18 10:01:59 +00:00
|
|
|
#include "merge.h"
|
2004-06-17 21:53:26 +00:00
|
|
|
|
|
|
|
/*
|
2004-10-28 01:06:11 +00:00
|
|
|
* Scan through the arguments and open the input files
|
2004-06-17 21:53:26 +00:00
|
|
|
*/
|
2004-10-28 01:06:11 +00:00
|
|
|
gboolean
|
|
|
|
merge_open_in_files(int in_file_count, char *const *in_file_names,
|
|
|
|
merge_in_file_t **in_files, int *err, gchar **err_info,
|
|
|
|
int *err_fileno)
|
|
|
|
{
|
2014-07-23 10:26:05 +00:00
|
|
|
gint i;
|
|
|
|
gint j;
|
2009-10-05 15:20:22 +00:00
|
|
|
size_t files_size = in_file_count * sizeof(merge_in_file_t);
|
2004-10-28 01:06:11 +00:00
|
|
|
merge_in_file_t *files;
|
2005-08-19 19:40:00 +00:00
|
|
|
gint64 size;
|
2004-06-17 21:53:26 +00:00
|
|
|
|
2010-03-27 18:24:05 +00:00
|
|
|
files = (merge_in_file_t *)g_malloc(files_size);
|
2004-10-28 01:06:11 +00:00
|
|
|
*in_files = files;
|
|
|
|
|
|
|
|
for (i = 0; i < in_file_count; i++) {
|
|
|
|
files[i].filename = in_file_names[i];
|
2014-05-09 05:18:49 +00:00
|
|
|
files[i].wth = wtap_open_offline(in_file_names[i], WTAP_TYPE_AUTO, err, err_info, FALSE);
|
2004-10-28 01:06:11 +00:00
|
|
|
files[i].data_offset = 0;
|
2004-10-29 00:36:52 +00:00
|
|
|
files[i].state = PACKET_NOT_PRESENT;
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
files[i].packet_num = 0;
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!files[i].wth) {
|
2004-10-28 01:06:11 +00:00
|
|
|
/* Close the files we've already opened. */
|
|
|
|
for (j = 0; j < i; j++)
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_close(files[j].wth);
|
2004-10-28 01:06:11 +00:00
|
|
|
*err_fileno = i;
|
|
|
|
return FALSE;
|
|
|
|
}
|
2014-05-09 05:18:49 +00:00
|
|
|
size = wtap_file_size(files[i].wth, err);
|
2005-08-19 19:40:00 +00:00
|
|
|
if (size == -1) {
|
2014-07-23 10:26:05 +00:00
|
|
|
for (j = 0; j + 1 > j && j <= i; j++)
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_close(files[j].wth);
|
2004-10-29 00:36:52 +00:00
|
|
|
*err_fileno = i;
|
|
|
|
return FALSE;
|
|
|
|
}
|
2005-08-19 19:40:00 +00:00
|
|
|
files[i].size = size;
|
2004-10-28 01:06:11 +00:00
|
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|
2004-06-17 21:53:26 +00:00
|
|
|
|
|
|
|
/*
|
2004-10-28 01:06:11 +00:00
|
|
|
* Scan through and close each input file
|
2004-06-17 21:53:26 +00:00
|
|
|
*/
|
2004-10-28 01:06:11 +00:00
|
|
|
void
|
|
|
|
merge_close_in_files(int count, merge_in_file_t in_files[])
|
2004-06-17 21:53:26 +00:00
|
|
|
{
|
2004-10-28 01:06:11 +00:00
|
|
|
int i;
|
|
|
|
for (i = 0; i < count; i++) {
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_close(in_files[i].wth);
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
2004-10-28 01:06:11 +00:00
|
|
|
}
|
2004-06-17 21:53:26 +00:00
|
|
|
|
2004-10-28 01:06:11 +00:00
|
|
|
/*
|
|
|
|
* Select an output frame type based on the input files
|
|
|
|
* From Guy: If all files have the same frame type, then use that.
|
|
|
|
* Otherwise select WTAP_ENCAP_PER_PACKET. If the selected
|
|
|
|
* output file type doesn't support per packet frame types,
|
|
|
|
* then the wtap_dump_open call will fail with a reasonable
|
|
|
|
* error condition.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
merge_select_frame_type(int count, merge_in_file_t files[])
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
int selected_frame_type;
|
2004-06-17 21:53:26 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
selected_frame_type = wtap_file_encap(files[0].wth);
|
2004-10-28 01:06:11 +00:00
|
|
|
|
|
|
|
for (i = 1; i < count; i++) {
|
2014-05-09 05:18:49 +00:00
|
|
|
int this_frame_type = wtap_file_encap(files[i].wth);
|
2004-10-28 01:06:11 +00:00
|
|
|
if (selected_frame_type != this_frame_type) {
|
|
|
|
selected_frame_type = WTAP_ENCAP_PER_PACKET;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return selected_frame_type;
|
|
|
|
}
|
2004-06-17 21:53:26 +00:00
|
|
|
|
|
|
|
/*
|
2004-10-28 01:06:11 +00:00
|
|
|
* Scan through input files and find maximum snapshot length
|
2004-06-17 21:53:26 +00:00
|
|
|
*/
|
2004-10-28 01:06:11 +00:00
|
|
|
int
|
|
|
|
merge_max_snapshot_length(int count, merge_in_file_t in_files[])
|
2004-06-17 21:53:26 +00:00
|
|
|
{
|
|
|
|
int i;
|
2004-10-28 01:06:11 +00:00
|
|
|
int max_snapshot = 0;
|
|
|
|
int snapshot_length;
|
2004-06-17 21:53:26 +00:00
|
|
|
|
|
|
|
for (i = 0; i < count; i++) {
|
2014-05-09 05:18:49 +00:00
|
|
|
snapshot_length = wtap_snapshot_length(in_files[i].wth);
|
2004-10-28 01:06:11 +00:00
|
|
|
if (snapshot_length == 0) {
|
|
|
|
/* Snapshot length of input file not known. */
|
|
|
|
snapshot_length = WTAP_MAX_PACKET_SIZE;
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
2004-10-28 01:06:11 +00:00
|
|
|
if (snapshot_length > max_snapshot)
|
|
|
|
max_snapshot = snapshot_length;
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
2004-10-28 01:06:11 +00:00
|
|
|
return max_snapshot;
|
|
|
|
}
|
|
|
|
|
2004-06-17 21:53:26 +00:00
|
|
|
/*
|
|
|
|
* returns TRUE if first argument is earlier than second
|
|
|
|
*/
|
|
|
|
static gboolean
|
2013-11-09 10:38:02 +00:00
|
|
|
is_earlier(nstime_t *l, nstime_t *r) /* XXX, move to nstime.c */
|
|
|
|
{
|
2005-08-24 21:31:56 +00:00
|
|
|
if (l->secs > r->secs) { /* left is later */
|
2004-06-17 21:53:26 +00:00
|
|
|
return FALSE;
|
2005-08-24 21:31:56 +00:00
|
|
|
} else if (l->secs < r->secs) { /* left is earlier */
|
2004-06-17 21:53:26 +00:00
|
|
|
return TRUE;
|
2005-08-24 21:31:56 +00:00
|
|
|
} else if (l->nsecs > r->nsecs) { /* tv_sec equal, l.usec later */
|
2004-06-17 21:53:26 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
/* either one < two or one == two
|
|
|
|
* either way, return one
|
|
|
|
*/
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2004-10-29 00:36:52 +00:00
|
|
|
* Read the next packet, in chronological order, from the set of files
|
2011-11-21 06:26:03 +00:00
|
|
|
* to be merged.
|
|
|
|
*
|
|
|
|
* On success, set *err to 0 and return a pointer to the merge_in_file_t
|
|
|
|
* for the file from which the packet was read.
|
|
|
|
*
|
|
|
|
* On a read error, set *err to the error and return a pointer to the
|
|
|
|
* merge_in_file_t for the file on which we got an error.
|
|
|
|
*
|
|
|
|
* On an EOF (meaning all the files are at EOF), set *err to 0 and return
|
|
|
|
* NULL.
|
2004-06-17 21:53:26 +00:00
|
|
|
*/
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
merge_in_file_t *
|
|
|
|
merge_read_packet(int in_file_count, merge_in_file_t in_files[],
|
|
|
|
int *err, gchar **err_info)
|
2004-10-29 00:36:52 +00:00
|
|
|
{
|
2004-06-17 21:53:26 +00:00
|
|
|
int i;
|
|
|
|
int ei = -1;
|
2013-11-09 10:38:02 +00:00
|
|
|
nstime_t tv = { sizeof(time_t) > sizeof(int) ? LONG_MAX : INT_MAX, INT_MAX };
|
2004-10-29 00:36:52 +00:00
|
|
|
struct wtap_pkthdr *phdr;
|
2004-06-17 21:53:26 +00:00
|
|
|
|
2004-10-29 00:36:52 +00:00
|
|
|
/*
|
|
|
|
* Make sure we have a packet available from each file, if there are any
|
|
|
|
* packets left in the file in question, and search for the packet
|
|
|
|
* with the earliest time stamp.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < in_file_count; i++) {
|
|
|
|
if (in_files[i].state == PACKET_NOT_PRESENT) {
|
|
|
|
/*
|
|
|
|
* No packet available, and we haven't seen an error or EOF yet,
|
|
|
|
* so try to read the next packet.
|
|
|
|
*/
|
2014-05-09 05:18:49 +00:00
|
|
|
if (!wtap_read(in_files[i].wth, err, err_info, &in_files[i].data_offset)) {
|
2004-10-29 00:36:52 +00:00
|
|
|
if (*err != 0) {
|
|
|
|
in_files[i].state = GOT_ERROR;
|
2012-05-25 18:50:47 +00:00
|
|
|
return &in_files[i];
|
2004-10-29 00:36:52 +00:00
|
|
|
}
|
|
|
|
in_files[i].state = AT_EOF;
|
|
|
|
} else
|
|
|
|
in_files[i].state = PACKET_PRESENT;
|
|
|
|
}
|
2013-01-15 02:17:16 +00:00
|
|
|
|
2004-10-29 00:36:52 +00:00
|
|
|
if (in_files[i].state == PACKET_PRESENT) {
|
2014-05-09 05:18:49 +00:00
|
|
|
phdr = wtap_phdr(in_files[i].wth);
|
2004-10-29 00:36:52 +00:00
|
|
|
if (is_earlier(&phdr->ts, &tv)) {
|
|
|
|
tv = phdr->ts;
|
|
|
|
ei = i;
|
|
|
|
}
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-10-29 00:36:52 +00:00
|
|
|
if (ei == -1) {
|
|
|
|
/* All the streams are at EOF. Return an EOF indication. */
|
|
|
|
*err = 0;
|
|
|
|
return NULL;
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
|
|
|
|
2004-10-29 00:36:52 +00:00
|
|
|
/* We'll need to read another packet from this file. */
|
|
|
|
in_files[ei].state = PACKET_NOT_PRESENT;
|
2004-06-17 21:53:26 +00:00
|
|
|
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
/* Count this packet. */
|
|
|
|
in_files[ei].packet_num++;
|
|
|
|
|
2012-05-25 18:50:47 +00:00
|
|
|
/*
|
|
|
|
* Return a pointer to the merge_in_file_t of the file from which the
|
|
|
|
* packet was read.
|
|
|
|
*/
|
|
|
|
*err = 0;
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
return &in_files[ei];
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2004-10-29 00:36:52 +00:00
|
|
|
* Read the next packet, in file sequence order, from the set of files
|
2011-11-21 06:26:03 +00:00
|
|
|
* to be merged.
|
|
|
|
*
|
|
|
|
* On success, set *err to 0 and return a pointer to the merge_in_file_t
|
|
|
|
* for the file from which the packet was read.
|
|
|
|
*
|
|
|
|
* On a read error, set *err to the error and return a pointer to the
|
|
|
|
* merge_in_file_t for the file on which we got an error.
|
|
|
|
*
|
|
|
|
* On an EOF (meaning all the files are at EOF), set *err to 0 and return
|
|
|
|
* NULL.
|
2004-06-17 21:53:26 +00:00
|
|
|
*/
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
merge_in_file_t *
|
2004-10-29 00:36:52 +00:00
|
|
|
merge_append_read_packet(int in_file_count, merge_in_file_t in_files[],
|
|
|
|
int *err, gchar **err_info)
|
2004-06-17 21:53:26 +00:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
2004-10-29 00:36:52 +00:00
|
|
|
/*
|
|
|
|
* Find the first file not at EOF, and read the next packet from it.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < in_file_count; i++) {
|
|
|
|
if (in_files[i].state == AT_EOF)
|
|
|
|
continue; /* This file is already at EOF */
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wtap_read(in_files[i].wth, err, err_info, &in_files[i].data_offset))
|
2004-10-29 00:36:52 +00:00
|
|
|
break; /* We have a packet */
|
|
|
|
if (*err != 0) {
|
|
|
|
/* Read error - quit immediately. */
|
|
|
|
in_files[i].state = GOT_ERROR;
|
2011-11-21 06:26:03 +00:00
|
|
|
return &in_files[i];
|
2004-10-29 00:36:52 +00:00
|
|
|
}
|
|
|
|
/* EOF - flag this file as being at EOF, and try the next one. */
|
|
|
|
in_files[i].state = AT_EOF;
|
|
|
|
}
|
|
|
|
if (i == in_file_count) {
|
|
|
|
/* All the streams are at EOF. Return an EOF indication. */
|
|
|
|
*err = 0;
|
|
|
|
return NULL;
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
|
|
|
|
2012-05-25 18:50:47 +00:00
|
|
|
/*
|
|
|
|
* Return a pointer to the merge_in_file_t of the file from which the
|
|
|
|
* packet was read.
|
|
|
|
*/
|
2011-11-21 06:26:03 +00:00
|
|
|
*err = 0;
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
return &in_files[i];
|
2004-06-17 21:53:26 +00:00
|
|
|
}
|
2015-01-02 00:45:22 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local Variables:
|
|
|
|
* c-basic-offset: 2
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=2 tabstop=8 expandtab:
|
|
|
|
* :indentSize=2:tabSize=8:noTabs=true:
|
|
|
|
*/
|