From d24c9df38467a2628c126998b3ab1aca54ee6155 Mon Sep 17 00:00:00 2001 From: David Perry Date: Thu, 6 Aug 2020 09:30:38 -0400 Subject: [PATCH] editcap: add capture-file comments to output file Add the `--capture-comment "comment"` option for appending pcapng comments to the SHB of the output file(s). Add the `--discard-capture-comment` option for removing pcapng comments present in the input file SHB(s) before writing to the output file(s). Supports multiple comments per SHB. Noted in the documentation that Wireshark itself doesn't support multiple comments. Bug: 15033 Change-Id: If07a4e7a93505438639018783a11343cd5992f2a Reviewed-on: https://code.wireshark.org/review/38074 Petri-Dish: Anders Broman Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- doc/editcap.pod | 17 ++++++++++++++ editcap.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/doc/editcap.pod b/doc/editcap.pod index 767697ff36..f8ba57990f 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -30,6 +30,8 @@ S<[ B<-T> Eencapsulation typeE ]> S<[ B<-v> ]> S<[ B<--inject-secrets> Esecrets typeE,EfileE ]> S<[ B<--discard-all-secrets> ]> +S<[ B<--capture-comment> EcommentE ]> +S<[ B<--discard-capture-comment> ]> I I S<[ I[-I] ... ]> @@ -360,6 +362,21 @@ Discard all decryption secrets from the input file when writing the output file. Does not discard secrets added by B<--inject-secrets> in the same command line. +=item --capture-comment EcommentE + +Adds the given comment to the Section Header Block (SHB) of the pcapng +output file. New comments will be added I any comments present in the +input file unless B<--discard-capture-comment> is also specified. + +This option may be specified multiple times. Note that Wireshark currently only +recognizes the first comment of a capture file. + +=item --discard-capture-comment + +Discard all capture file comments from the input file when writing the output +file. Does not discard comments added by B<--capture-comment> in the same +command line. + =back =head1 EXAMPLES diff --git a/editcap.c b/editcap.c index eb0e1c6b81..492072257d 100644 --- a/editcap.c +++ b/editcap.c @@ -150,6 +150,7 @@ typedef struct _chop_t { /* Table of user comments */ GTree *frames_user_comments = NULL; +GPtrArray *capture_comments = NULL; #define MAX_SELECTIONS 512 static struct select_item selectfrm[MAX_SELECTIONS]; @@ -171,6 +172,7 @@ static gboolean dup_detect = FALSE; static gboolean dup_detect_by_time = FALSE; static gboolean skip_radiotap = FALSE; static gboolean discard_all_secrets = FALSE; +static gboolean discard_cap_comments = FALSE; static int do_strict_time_adjustment = FALSE; static struct time_adjustment strict_time_adj = {NSTIME_INIT_ZERO, 0}; /* strict time adjustment */ @@ -839,6 +841,13 @@ print_usage(FILE *output) fprintf(output, " when writing the output file. Does not discard\n"); fprintf(output, " secrets added by \"--inject-secrets\" in the same\n"); fprintf(output, " command line.\n"); + fprintf(output, " --capture-comment \n"); + fprintf(output, " Add a capture file comment, if supported.\n"); + fprintf(output, " --discard-capture-comment\n"); + fprintf(output, " Discard capture file comments from the input file\n"); + fprintf(output, " when writing the output file. Does not discard\n"); + fprintf(output, " comments added by \"--capture-comment\" in the same\n"); + fprintf(output, " command line.\n"); fprintf(output, "\n"); fprintf(output, "Miscellaneous:\n"); fprintf(output, " -h display this help and exit.\n"); @@ -1017,6 +1026,8 @@ main(int argc, char *argv[]) #define LONGOPT_SEED LONGOPT_BASE_APPLICATION+3 #define LONGOPT_INJECT_SECRETS LONGOPT_BASE_APPLICATION+4 #define LONGOPT_DISCARD_ALL_SECRETS LONGOPT_BASE_APPLICATION+5 +#define LONGOPT_CAPTURE_COMMENT LONGOPT_BASE_APPLICATION+6 +#define LONGOPT_DISCARD_CAPTURE_COMMENT LONGOPT_BASE_APPLICATION+7 static const struct option long_options[] = { {"novlan", no_argument, NULL, LONGOPT_NO_VLAN}, @@ -1026,6 +1037,8 @@ main(int argc, char *argv[]) {"discard-all-secrets", no_argument, NULL, LONGOPT_DISCARD_ALL_SECRETS}, {"help", no_argument, NULL, 'h'}, {"version", no_argument, NULL, 'V'}, + {"capture-comment", required_argument, NULL, LONGOPT_CAPTURE_COMMENT}, + {"discard-capture-comment", no_argument, NULL, LONGOPT_DISCARD_CAPTURE_COMMENT}, {0, 0, 0, 0 } }; @@ -1163,6 +1176,24 @@ main(int argc, char *argv[]) break; } + case LONGOPT_CAPTURE_COMMENT: + { + /* pcapng supports multiple comments, so support them here too. + * Wireshark only sees the first capture comment though. + */ + if (!capture_comments) { + capture_comments = g_ptr_array_new_with_free_func(g_free); + } + g_ptr_array_add(capture_comments, g_strdup(optarg)); + break; + } + + case LONGOPT_DISCARD_CAPTURE_COMMENT: + { + discard_cap_comments = TRUE; + break; + } + case 'a': { guint frame_number; @@ -1526,6 +1557,31 @@ invalid_time: wtap_dump_params_discard_decryption_secrets(¶ms); } + /* + * Discard capture file comments. + */ + if (discard_cap_comments) { + for (guint b = 0; b < params.shb_hdrs->len; b++) { + wtap_block_t shb = g_array_index(params.shb_hdrs, wtap_block_t, b); + while (WTAP_OPTTYPE_SUCCESS == wtap_block_remove_nth_option_instance(shb, OPT_COMMENT, 0)) { + continue; + } + } + } + + /* + * Add new capture file comments. + */ + if (capture_comments != NULL) { + for (guint b = 0; b < params.shb_hdrs->len; b++) { + wtap_block_t shb = g_array_index(params.shb_hdrs, wtap_block_t, b); + for (guint c = 0; c < capture_comments->len; c++) { + char *comment = (char *)g_ptr_array_index(capture_comments, c); + wtap_block_add_string_option(shb, OPT_COMMENT, comment, strlen(comment)); + } + } + } + if (dsb_filenames) { for (guint k = 0; k < dsb_filenames->len; k++) { guint32 secrets_type_id = g_array_index(dsb_types, guint32, k); @@ -2143,6 +2199,10 @@ clean_exit: wtap_close(wth); wtap_cleanup(); free_progdirs(); + if (capture_comments != NULL) { + g_ptr_array_free(capture_comments, TRUE); + capture_comments = NULL; + } return ret; }