From f194916d6236b0b660c43205bbd0963f21d95d7e Mon Sep 17 00:00:00 2001 From: Gerald Combs Date: Wed, 2 Jun 2010 00:24:03 +0000 Subject: [PATCH] From Jim Young via bug 4049: This patch adds a new '-o' option to capinfos (enabled by default) to report if the packets within a particular capture file are in strict chronological time order or not. svn path=/trunk/; revision=33041 --- AUTHORS | 1 + capinfos.c | 30 +++++++++++++++++++++++++++++- doc/capinfos.pod | 7 +++++++ docbook/release-notes.xml | 6 ++++++ 4 files changed, 43 insertions(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index 269cb6a3b3..8106652a88 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2482,6 +2482,7 @@ Brian Bogora { Jim Young { Improvements LLDP dissection (803.3 "PMD Auto-Negotiation Advertised Capability" and "Operational MAU Type") + Capinfos time order checking } diff --git a/capinfos.c b/capinfos.c index 7d3223098a..97d852cfef 100644 --- a/capinfos.c +++ b/capinfos.c @@ -137,6 +137,8 @@ static gboolean cap_data_rate_byte = TRUE; /* Report data rate bytes/sec */ static gboolean cap_data_rate_bit = TRUE; /* Report data rate bites/sec */ static gboolean cap_packet_size = TRUE; /* Report average packet size */ static gboolean cap_packet_rate = TRUE; /* Report average packet rate */ +static gboolean cap_in_order = TRUE; /* Report if packets are in chronological order (True/False) */ + #ifdef HAVE_LIBGCRYPT static gboolean cap_file_hashes = TRUE; /* Calculate file hashes */ #endif @@ -180,6 +182,7 @@ typedef struct _capture_info { double packet_rate; double packet_size; double data_rate; /* in bytes */ + gboolean in_order; } capture_info; static void @@ -197,6 +200,7 @@ enable_all_infos(void) cap_duration = TRUE; cap_start_time = TRUE; cap_end_time = TRUE; + cap_in_order = TRUE; cap_data_rate_byte = TRUE; cap_data_rate_bit = TRUE; @@ -223,6 +227,7 @@ disable_all_infos(void) cap_duration = FALSE; cap_start_time = FALSE; cap_end_time = FALSE; + cap_in_order = FALSE; cap_data_rate_byte = FALSE; cap_data_rate_bit = FALSE; @@ -333,6 +338,7 @@ print_stats(const gchar *filename, capture_info *cf_info) printf ("RIPEMD160: %s\n", file_rmd160); printf ("MD5: %s\n", file_md5); } + if (cap_in_order) printf ("Strict time order: %s\n", (cf_info->in_order) ? "True" : "False"); #endif /* HAVE_LIBGCRYPT */ } @@ -385,6 +391,7 @@ print_stats_table_header(void) print_stats_table_header_label("RIPEMD160"); print_stats_table_header_label("MD5"); } + if (cap_in_order) print_stats_table_header_label("Strict time order"); #endif /* HAVE_LIBGCRYPT */ printf("\n"); @@ -542,6 +549,13 @@ print_stats_table(const gchar *filename, capture_info *cf_info) } #endif /* HAVE_LIBGCRYPT */ + if (cap_in_order) { + putsep(); + putquote(); + printf("%s", (cf_info->in_order) ? "True" : "False"); + putquote(); + } + printf("\n"); } @@ -562,14 +576,21 @@ process_cap_file(wtap *wth, const char *filename) double start_time = 0; double stop_time = 0; double cur_time = 0; + double prev_time = 0; + gboolean in_order = TRUE; /* Tally up data that we need to parse through the file to find */ while (wtap_read(wth, &err, &err_info, &data_offset)) { phdr = wtap_phdr(wth); + prev_time = cur_time; cur_time = secs_nsecs(&phdr->ts); if(packet==0) { start_time = cur_time; stop_time = cur_time; + prev_time = cur_time; + } + if (cur_time < prev_time) { + in_order = FALSE; } if (cur_time < start_time) { start_time = cur_time; @@ -644,6 +665,7 @@ process_cap_file(wtap *wth, const char *filename) cf_info.start_time = start_time; cf_info.stop_time = stop_time; cf_info.duration = stop_time-start_time; + cf_info.in_order = in_order; /* Number of packet bytes */ cf_info.packet_bytes = bytes; @@ -709,6 +731,7 @@ usage(gboolean is_error) fprintf(output, " -u display the capture duration (in seconds)\n"); fprintf(output, " -a display the capture start time\n"); fprintf(output, " -e display the capture end time\n"); + fprintf(output, " -o display the capture file chronological status (True/False)\n"); fprintf(output, " -S display start and end times as seconds\n"); fprintf(output, "\n"); fprintf(output, "Statistic infos:\n"); @@ -809,7 +832,7 @@ main(int argc, char *argv[]) /* Process the options */ - while ((opt = getopt(argc, argv, "tEcs" FILE_HASH_OPT "dluaeyizvhxCALTRrSNqQBmb")) !=-1) { + while ((opt = getopt(argc, argv, "tEcs" FILE_HASH_OPT "dluaeyizvhxoCALTRrSNqQBmb")) !=-1) { switch (opt) { @@ -889,6 +912,11 @@ main(int argc, char *argv[]) break; #endif + case 'o': + if (report_all_infos) disable_all_infos(); + cap_in_order = TRUE; + break; + case 'C': continue_after_wtap_open_offline_failure = FALSE; break; diff --git a/doc/capinfos.pod b/doc/capinfos.pod index df11aa487b..33f58cf489 100644 --- a/doc/capinfos.pod +++ b/doc/capinfos.pod @@ -22,6 +22,7 @@ S<[ B<-l> ]> S<[ B<-L> ]> S<[ B<-m> ]> S<[ B<-N> ]> +S<[ B<-o> ]> S<[ B<-q> ]> S<[ B<-Q> ]> S<[ B<-r> ]> @@ -160,6 +161,12 @@ Display the snaplen (if any) for a file. snaplen (if available) is determined from the capture file header and by looking for truncated records in the capture file. +=item -o + +Displays "True" if packets exist in strict chronological order +or "False" if one or more packets in the capture exists +"out-of-order" time-wise. + =item -L Generate long report. Capinfos can generate two diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml index f6d4916409..62cc6af4b2 100644 --- a/docbook/release-notes.xml +++ b/docbook/release-notes.xml @@ -135,6 +135,12 @@ Wireshark Info + + + Capinfos now checks the time order of capture files. + + +