osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

editcap: add capture-file comments to output file 

Add the `--capture-comment "comment"` option for appending pcapng
comments to the SHB of the output file(s).

Add the `--discard-capture-comment` option for removing pcapng comments
present in the input file SHB(s) before writing to the output file(s).

Supports multiple comments per SHB. Noted in the documentation that
Wireshark itself doesn't support multiple comments.

Bug: 15033
Change-Id: If07a4e7a93505438639018783a11343cd5992f2a
Reviewed-on: https://code.wireshark.org/review/38074
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
osmith/wip
David Perry 2020-08-06 09:30:38 -04:00 committed by Anders Broman
parent 9015824c0e
commit d24c9df384
2 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/editcap.pod
View File

@ -30,6 +30,8 @@ S<[ B<-T> E<lt>encapsulation typeE<gt> ]>
S<[ B<-v> ]>
S<[ B<--inject-secrets> E<lt>secrets typeE<gt>,E<lt>fileE<gt> ]>
S<[ B<--discard-all-secrets> ]>
S<[ B<--capture-comment> E<lt>commentE<gt> ]>
S<[ B<--discard-capture-comment> ]>
I<infile>
I<outfile>
S<[ I<packet#>[-I<packet#>] ... ]>
@ -360,6 +362,21 @@ Discard all decryption secrets from the input file when writing the
output file. Does not discard secrets added by B<--inject-secrets> in
the same command line.
=item --capture-comment E<lt>commentE<gt>
Adds the given comment to the Section Header Block (SHB) of the pcapng
output file. New comments will be added I<after> any comments present in the
input file unless B<--discard-capture-comment> is also specified.
This option may be specified multiple times. Note that Wireshark currently only
recognizes the first comment of a capture file.
=item --discard-capture-comment
Discard all capture file comments from the input file when writing the output
file. Does not discard comments added by B<--capture-comment> in the same
command line.
=back
=head1 EXAMPLES

60
editcap.c
View File

@ -150,6 +150,7 @@ typedef struct _chop_t {
/* Table of user comments */
GTree *frames_user_comments = NULL;
GPtrArray *capture_comments = NULL;
#define MAX_SELECTIONS 512
static struct select_item selectfrm[MAX_SELECTIONS];
@ -171,6 +172,7 @@ static gboolean dup_detect = FALSE;
static gboolean dup_detect_by_time = FALSE;
static gboolean skip_radiotap = FALSE;
static gboolean discard_all_secrets = FALSE;
static gboolean discard_cap_comments = FALSE;
static int do_strict_time_adjustment = FALSE;
static struct time_adjustment strict_time_adj = {NSTIME_INIT_ZERO, 0}; /* strict time adjustment */
@ -839,6 +841,13 @@ print_usage(FILE *output)
fprintf(output, " when writing the output file. Does not discard\n");
fprintf(output, " secrets added by \"--inject-secrets\" in the same\n");
fprintf(output, " command line.\n");
fprintf(output, " --capture-comment <comment>\n");
fprintf(output, " Add a capture file comment, if supported.\n");
fprintf(output, " --discard-capture-comment\n");
fprintf(output, " Discard capture file comments from the input file\n");
fprintf(output, " when writing the output file. Does not discard\n");
fprintf(output, " comments added by \"--capture-comment\" in the same\n");
fprintf(output, " command line.\n");
fprintf(output, "\n");
fprintf(output, "Miscellaneous:\n");
fprintf(output, " -h display this help and exit.\n");
@ -1017,6 +1026,8 @@ main(int argc, char *argv[])
#define LONGOPT_SEED LONGOPT_BASE_APPLICATION+3
#define LONGOPT_INJECT_SECRETS LONGOPT_BASE_APPLICATION+4
#define LONGOPT_DISCARD_ALL_SECRETS LONGOPT_BASE_APPLICATION+5
#define LONGOPT_CAPTURE_COMMENT LONGOPT_BASE_APPLICATION+6
#define LONGOPT_DISCARD_CAPTURE_COMMENT LONGOPT_BASE_APPLICATION+7
static const struct option long_options[] = {
{"novlan", no_argument, NULL, LONGOPT_NO_VLAN},
@ -1026,6 +1037,8 @@ main(int argc, char *argv[])
{"discard-all-secrets", no_argument, NULL, LONGOPT_DISCARD_ALL_SECRETS},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{"capture-comment", required_argument, NULL, LONGOPT_CAPTURE_COMMENT},
{"discard-capture-comment", no_argument, NULL, LONGOPT_DISCARD_CAPTURE_COMMENT},
{0, 0, 0, 0 }
};
@ -1163,6 +1176,24 @@ main(int argc, char *argv[])
break;
}
case LONGOPT_CAPTURE_COMMENT:
{
/* pcapng supports multiple comments, so support them here too.
* Wireshark only sees the first capture comment though.
*/
if (!capture_comments) {
capture_comments = g_ptr_array_new_with_free_func(g_free);
}
g_ptr_array_add(capture_comments, g_strdup(optarg));
break;
}
case LONGOPT_DISCARD_CAPTURE_COMMENT:
{
discard_cap_comments = TRUE;
break;
}
case 'a':
{
guint frame_number;
@ -1526,6 +1557,31 @@ invalid_time:
wtap_dump_params_discard_decryption_secrets(&params);
}
/*
* Discard capture file comments.
*/
if (discard_cap_comments) {
for (guint b = 0; b < params.shb_hdrs->len; b++) {
wtap_block_t shb = g_array_index(params.shb_hdrs, wtap_block_t, b);
while (WTAP_OPTTYPE_SUCCESS == wtap_block_remove_nth_option_instance(shb, OPT_COMMENT, 0)) {
continue;
}
}
}
/*
* Add new capture file comments.
*/
if (capture_comments != NULL) {
for (guint b = 0; b < params.shb_hdrs->len; b++) {
wtap_block_t shb = g_array_index(params.shb_hdrs, wtap_block_t, b);
for (guint c = 0; c < capture_comments->len; c++) {
char *comment = (char *)g_ptr_array_index(capture_comments, c);
wtap_block_add_string_option(shb, OPT_COMMENT, comment, strlen(comment));
}
}
}
if (dsb_filenames) {
for (guint k = 0; k < dsb_filenames->len; k++) {
guint32 secrets_type_id = g_array_index(dsb_types, guint32, k);
@ -2143,6 +2199,10 @@ clean_exit:
wtap_close(wth);
wtap_cleanup();
free_progdirs();
if (capture_comments != NULL) {
g_ptr_array_free(capture_comments, TRUE);
capture_comments = NULL;
}
return ret;
}