osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/wiretap/merge.c

1185 lines
42 KiB
C
Raw Blame History

/* Combine multiple dump files, either by appending or by merging by timestamp
*
* Written by Scott Renfro <scott@renfro.org> based on
* editcap by Richard Sharpe and Guy Harris
*
* Copyright 2013, Scott Renfro <scott[AT]renfro.org>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "config.h"
#define WS_LOG_DOMAIN LOG_DOMAIN_WIRETAP
#include <stdlib.h>
#include <errno.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <string.h>
#include "merge.h"
#include "wtap_opttypes.h"
#include "wtap-int.h"
#include <wsutil/filesystem.h>
#include "wsutil/os_version_info.h"
#include <wsutil/wslog.h>
#include <wsutil/ws_assert.h>
static const char* idb_merge_mode_strings[] = {
/* IDB_MERGE_MODE_NONE */
"none",
/* IDB_MERGE_MODE_ALL_SAME */
"all",
/* IDB_MERGE_MODE_ANY_SAME */
"any",
/* IDB_MERGE_MODE_MAX */
"UNKNOWN"
};
idb_merge_mode
merge_string_to_idb_merge_mode(const char *name)
{
int i;
for (i = 0; i < IDB_MERGE_MODE_MAX; i++) {
if (g_strcmp0(name, idb_merge_mode_strings[i]) == 0) {
return (idb_merge_mode) i;
}
}
return IDB_MERGE_MODE_MAX;
}
const char *
merge_idb_merge_mode_to_string(const int mode)
{
if (mode >= 0 && mode < IDB_MERGE_MODE_MAX) {
return idb_merge_mode_strings[mode];
}
return idb_merge_mode_strings[(int)IDB_MERGE_MODE_MAX];
}
static void
cleanup_in_file(merge_in_file_t *in_file)
{
ws_assert(in_file != NULL);
wtap_close(in_file->wth);
in_file->wth = NULL;
g_array_free(in_file->idb_index_map, TRUE);
in_file->idb_index_map = NULL;
wtap_rec_cleanup(&in_file->rec);
ws_buffer_free(&in_file->frame_buffer);
}
static void
add_idb_index_map(merge_in_file_t *in_file, const guint orig_index _U_, const guint found_index)
{
ws_assert(in_file != NULL);
ws_assert(in_file->idb_index_map != NULL);
/*
* we didn't really need the orig_index, since just appending to the array
* should result in the orig_index being its location in the array; but we
* pass it into this function to do a sanity check here
*/
ws_assert(orig_index == in_file->idb_index_map->len);
g_array_append_val(in_file->idb_index_map, found_index);
}
/** Open a number of input files to merge.
*
* @param in_file_count number of entries in in_file_names
* @param in_file_names filenames of the input files
* @param out_files output pointer with filled file array, or NULL
* @param err wiretap error, if failed
* @param err_info wiretap error string, if failed
* @param err_fileno file on which open failed, if failed
* @return TRUE if all files could be opened, FALSE otherwise
*/
static gboolean
merge_open_in_files(guint in_file_count, const char *const *in_file_names,
merge_in_file_t **out_files, merge_progress_callback_t* cb,
int *err, gchar **err_info, guint *err_fileno)
{
guint i;
guint j;
size_t files_size = in_file_count * sizeof(merge_in_file_t);
merge_in_file_t *files;
gint64 size;
files = (merge_in_file_t *)g_malloc0(files_size);
*out_files = NULL;
for (i = 0; i < in_file_count; i++) {
files[i].filename = in_file_names[i];
files[i].wth = wtap_open_offline(in_file_names[i], WTAP_TYPE_AUTO, err, err_info, FALSE);
files[i].state = RECORD_NOT_PRESENT;
files[i].packet_num = 0;
if (!files[i].wth) {
/* Close the files we've already opened. */
for (j = 0; j < i; j++)
cleanup_in_file(&files[j]);
g_free(files);
*err_fileno = i;
return FALSE;
}
size = wtap_file_size(files[i].wth, err);
if (size == -1) {
for (j = 0; j != G_MAXUINT && j <= i; j++)
cleanup_in_file(&files[j]);
g_free(files);
*err_fileno = i;
return FALSE;
}
wtap_rec_init(&files[i].rec);
ws_buffer_init(&files[i].frame_buffer, 1514);
files[i].size = size;
files[i].idb_index_map = g_array_new(FALSE, FALSE, sizeof(guint));
}
if (cb)
cb->callback_func(MERGE_EVENT_INPUT_FILES_OPENED, 0, files, in_file_count, cb->data);
*out_files = files;
return TRUE;
}
/** Close the input files again.
*
* @param in_file_count number of entries in in_files
* @param in_files input file array to be closed
*/
static void
merge_close_in_files(int in_file_count, merge_in_file_t in_files[])
{
int i;
for (i = 0; i < in_file_count; i++) {
cleanup_in_file(&in_files[i]);
}
}
/** Select an output frame type based on the input files
*
* If all files have the same frame type, then use that.
* Otherwise select WTAP_ENCAP_PER_PACKET. If the selected
* output file type doesn't support per packet frame types,
* then the wtap_dump_open call will fail with a reasonable
* error condition.
*
* @param in_file_count number of entries in in_files
* @param in_files input file array
* @return the frame type
*/
static int
merge_select_frame_type(int in_file_count, merge_in_file_t in_files[])
{
int i;
int selected_frame_type;
selected_frame_type = wtap_file_encap(in_files[0].wth);
for (i = 1; i < in_file_count; i++) {
int this_frame_type = wtap_file_encap(in_files[i].wth);
if (selected_frame_type != this_frame_type) {
selected_frame_type = WTAP_ENCAP_PER_PACKET;
break;
}
}
return selected_frame_type;
}
/*
* returns TRUE if first argument is earlier than second
*/
static gboolean
is_earlier(nstime_t *l, nstime_t *r) /* XXX, move to nstime.c */
{
if (l->secs > r->secs) { /* left is later */
return FALSE;
} else if (l->secs < r->secs) { /* left is earlier */
return TRUE;
} else if (l->nsecs > r->nsecs) { /* tv_sec equal, l.usec later */
return FALSE;
}
/* either one < two or one == two
* either way, return one
*/
return TRUE;
}
/** Read the next packet, in chronological order, from the set of files to
* be merged.
*
* On success, set *err to 0 and return a pointer to the merge_in_file_t
* for the file from which the packet was read.
*
* On a read error, set *err to the error and return a pointer to the
* merge_in_file_t for the file on which we got an error.
*
* On an EOF (meaning all the files are at EOF), set *err to 0 and return
* NULL.
*
* @param in_file_count number of entries in in_files
* @param in_files input file array
* @param err wiretap error, if failed
* @param err_info wiretap error string, if failed
* @return pointer to merge_in_file_t for file from which that packet
* came or on which we got a read error, or NULL if we're at EOF on
* all files
*/
static merge_in_file_t *
merge_read_packet(int in_file_count, merge_in_file_t in_files[],
int *err, gchar **err_info)
{
int i;
int ei = -1;
nstime_t tv = NSTIME_INIT_MAX;
wtap_rec *rec;
/*
* Make sure we have a record available from each file that's not at
* EOF, and search for the record with the earliest time stamp or
* with no time stamp (those records are treated as earlier than
* all other records). Yes, this means you won't get a chronological
* merge of those records, but you obviously *can't* get that.
*/
for (i = 0; i < in_file_count; i++) {
gint64 data_offset;
if (in_files[i].state == RECORD_NOT_PRESENT) {
/*
* No packet available, and we haven't seen an error or EOF yet,
* so try to read the next packet.
*/
if (!wtap_read(in_files[i].wth, &in_files[i].rec,
&in_files[i].frame_buffer, err, err_info,
&data_offset)) {
if (*err != 0) {
in_files[i].state = GOT_ERROR;
return &in_files[i];
}
in_files[i].state = AT_EOF;
} else
in_files[i].state = RECORD_PRESENT;
}
if (in_files[i].state == RECORD_PRESENT) {
rec = &in_files[i].rec;
if (!(rec->presence_flags & WTAP_HAS_TS)) {
/*
* No time stamp. Pick this record, and stop looking.
*/
ei = i;
break;
}
if (is_earlier(&rec->ts, &tv)) {
/*
* This record's time stamp is earlier than any of the
* records we've seen so far. Pick it, for now, but
* keep looking.
*/
tv = rec->ts;
ei = i;
}
}
}
if (ei == -1) {
/* All the streams are at EOF. Return an EOF indication. */
*err = 0;
return NULL;
}
/* We'll need to read another packet from this file. */
in_files[ei].state = RECORD_NOT_PRESENT;
/* Count this packet. */
in_files[ei].packet_num++;
/*
* Return a pointer to the merge_in_file_t of the file from which the
* packet was read.
*/
*err = 0;
return &in_files[ei];
}
/** Read the next packet, in file sequence order, from the set of files
* to be merged.
*
* On success, set *err to 0 and return a pointer to the merge_in_file_t
* for the file from which the packet was read.
*
* On a read error, set *err to the error and return a pointer to the
* merge_in_file_t for the file on which we got an error.
*
* On an EOF (meaning all the files are at EOF), set *err to 0 and return
* NULL.
*
* @param in_file_count number of entries in in_files
* @param in_files input file array
* @param err wiretap error, if failed
* @param err_info wiretap error string, if failed
* @return pointer to merge_in_file_t for file from which that packet
* came or on which we got a read error, or NULL if we're at EOF on
* all files
*/
static merge_in_file_t *
merge_append_read_packet(int in_file_count, merge_in_file_t in_files[],
int *err, gchar **err_info)
{
int i;
gint64 data_offset;
/*
* Find the first file not at EOF, and read the next packet from it.
*/
for (i = 0; i < in_file_count; i++) {
if (in_files[i].state == AT_EOF)
continue; /* This file is already at EOF */
if (wtap_read(in_files[i].wth, &in_files[i].rec,
&in_files[i].frame_buffer, err, err_info,
&data_offset))
break; /* We have a packet */
if (*err != 0) {
/* Read error - quit immediately. */
in_files[i].state = GOT_ERROR;
return &in_files[i];
}
/* EOF - flag this file as being at EOF, and try the next one. */
in_files[i].state = AT_EOF;
}
if (i == in_file_count) {
/* All the streams are at EOF. Return an EOF indication. */
*err = 0;
return NULL;
}
/*
* Return a pointer to the merge_in_file_t of the file from which the
* packet was read.
*/
*err = 0;
return &in_files[i];
}
/* creates a section header block for the new output file */
static GArray*
create_shb_header(const merge_in_file_t *in_files, const guint in_file_count,
const gchar *app_name)
{
GArray *shb_hdrs;
wtap_block_t shb_hdr;
GString *comment_gstr;
GString *os_info_str;
guint i;
char* shb_comment = NULL;
wtapng_section_mandatory_t* shb_data;
gsize opt_len;
gchar *opt_str;
shb_hdrs = wtap_file_get_shb_for_new_file(in_files[0].wth);
shb_hdr = g_array_index(shb_hdrs, wtap_block_t, 0);
comment_gstr = g_string_new("");
/*
* TODO: merge comments from all files
*
* XXX - do we want some way to record which comments, hardware/OS/app
* descriptions, IDBs, etc.? came from which files?
*
* XXX - fix this to handle multiple comments from a single file.
*/
if (wtap_block_get_nth_string_option_value(shb_hdr, OPT_COMMENT, 0, &shb_comment) == WTAP_OPTTYPE_SUCCESS &&
strlen(shb_comment) > 0) {
/* very lame way to save comments - does not save them from the other files */
g_string_append_printf(comment_gstr, "%s \n",shb_comment);
}
g_string_append_printf(comment_gstr, "File created by merging: \n");
for (i = 0; i < in_file_count; i++) {
g_string_append_printf(comment_gstr, "File%d: %s \n",i+1,in_files[i].filename);
}
os_info_str = g_string_new("");
get_os_version_info(os_info_str);
shb_data = (wtapng_section_mandatory_t*)wtap_block_get_mandatory_data(shb_hdr);
shb_data->section_length = -1;
/* TODO: handle comments from each file being merged */
opt_len = comment_gstr->len;
opt_str = g_string_free(comment_gstr, FALSE);
wtap_block_set_nth_string_option_value(shb_hdr, OPT_COMMENT, 0, opt_str, opt_len); /* section comment */
g_free(opt_str);
/*
* XXX - and how do we preserve all the OPT_SHB_HARDWARE, OPT_SHB_OS,
* and OPT_SHB_USERAPPL values from all the previous files?
*/
wtap_block_remove_option(shb_hdr, OPT_SHB_HARDWARE);
opt_len = os_info_str->len;
opt_str = g_string_free(os_info_str, FALSE);
if (opt_str) {
wtap_block_set_string_option_value(shb_hdr, OPT_SHB_OS, opt_str, opt_len); /* UTF-8 string containing the name */
/* of the operating system used to create this section. */
g_free(opt_str);
} else {
/*
* No OS information; remove the old version.
*/
wtap_block_remove_option(shb_hdr, OPT_SHB_OS);
}
wtap_block_set_string_option_value(shb_hdr, OPT_SHB_USERAPPL, app_name, app_name ? strlen(app_name): 0 ); /* NULL if not available, UTF-8 string containing the name */
/* of the application used to create this section. */
return shb_hdrs;
}
static gboolean
is_duplicate_idb(const wtap_block_t idb1, const wtap_block_t idb2)
{
wtapng_if_descr_mandatory_t *idb1_mand, *idb2_mand;
gboolean have_idb1_value, have_idb2_value;
guint64 idb1_if_speed, idb2_if_speed;
guint8 idb1_if_tsresol, idb2_if_tsresol;
guint8 idb1_if_fcslen, idb2_if_fcslen;
char *idb1_opt_comment, *idb2_opt_comment;
char *idb1_if_name, *idb2_if_name;
char *idb1_if_description, *idb2_if_description;
char *idb1_if_hardware, *idb2_if_hardware;
char *idb1_if_os, *idb2_if_os;
ws_assert(idb1 && idb2);
idb1_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(idb1);
idb2_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(idb2);
ws_debug("merge::is_duplicate_idb() called");
ws_debug("idb1_mand->wtap_encap == idb2_mand->wtap_encap: %s",
(idb1_mand->wtap_encap == idb2_mand->wtap_encap) ? "TRUE":"FALSE");
if (idb1_mand->wtap_encap != idb2_mand->wtap_encap) {
/* Clearly not the same interface. */
ws_debug("returning FALSE");
return FALSE;
}
ws_debug("idb1_mand->time_units_per_second == idb2_mand->time_units_per_second: %s",
(idb1_mand->time_units_per_second == idb2_mand->time_units_per_second) ? "TRUE":"FALSE");
if (idb1_mand->time_units_per_second != idb2_mand->time_units_per_second) {
/*
* Probably not the same interface, and we can't combine them
* in any case.
*/
ws_debug("returning FALSE");
return FALSE;
}
ws_debug("idb1_mand->tsprecision == idb2_mand->tsprecision: %s",
(idb1_mand->tsprecision == idb2_mand->tsprecision) ? "TRUE":"FALSE");
if (idb1_mand->tsprecision != idb2_mand->tsprecision) {
/*
* Probably not the same interface, and we can't combine them
* in any case.
*/
ws_debug("returning FALSE");
return FALSE;
}
/* XXX: should snaplen not be compared? */
ws_debug("idb1_mand->snap_len == idb2_mand->snap_len: %s",
(idb1_mand->snap_len == idb2_mand->snap_len) ? "TRUE":"FALSE");
if (idb1_mand->snap_len != idb2_mand->snap_len) {
ws_debug("returning FALSE");
return FALSE;
}
/* XXX - what do to if we have only one value? */
have_idb1_value = (wtap_block_get_uint64_option_value(idb1, OPT_IDB_SPEED, &idb1_if_speed) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_uint64_option_value(idb2, OPT_IDB_SPEED, &idb2_if_speed) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("idb1_if_speed == idb2_if_speed: %s",
(idb1_if_speed == idb2_if_speed) ? "TRUE":"FALSE");
if (idb1_if_speed != idb2_if_speed) {
ws_debug("returning FALSE");
return FALSE;
}
}
/* XXX - what do to if we have only one value? */
have_idb1_value = (wtap_block_get_uint8_option_value(idb1, OPT_IDB_TSRESOL, &idb1_if_tsresol) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_uint8_option_value(idb2, OPT_IDB_TSRESOL, &idb2_if_tsresol) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("idb1_if_tsresol == idb2_if_tsresol: %s",
(idb1_if_tsresol == idb2_if_tsresol) ? "TRUE":"FALSE");
if (idb1_if_tsresol != idb2_if_tsresol) {
ws_debug("returning FALSE");
return FALSE;
}
}
/* XXX - what do to if we have only one value? */
have_idb1_value = (wtap_block_get_uint8_option_value(idb1, OPT_IDB_FCSLEN, &idb1_if_fcslen) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_uint8_option_value(idb2, OPT_IDB_FCSLEN, &idb2_if_fcslen) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("idb1_if_fcslen == idb2_if_fcslen: %s",
(idb1_if_fcslen == idb2_if_fcslen) ? "TRUE":"FALSE");
if (idb1_if_fcslen == idb2_if_fcslen) {
ws_debug("returning FALSE");
return FALSE;
}
}
/*
* XXX - handle multiple comments?
* XXX - if the comments are different, just combine them if we
* decide the two interfaces are really the same? As comments
* can be arbitrary strings added by people, the fact that they're
* different doesn't necessarily mean the interfaces are different.
*/
have_idb1_value = (wtap_block_get_nth_string_option_value(idb1, OPT_COMMENT, 0, &idb1_opt_comment) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_nth_string_option_value(idb2, OPT_COMMENT, 0, &idb2_opt_comment) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("g_strcmp0(idb1_opt_comment, idb2_opt_comment) == 0: %s",
(g_strcmp0(idb1_opt_comment, idb2_opt_comment) == 0) ? "TRUE":"FALSE");
if (g_strcmp0(idb1_opt_comment, idb2_opt_comment) != 0) {
ws_debug("returning FALSE");
return FALSE;
}
}
/* XXX - what do to if we have only one value? */
have_idb1_value = (wtap_block_get_string_option_value(idb1, OPT_IDB_NAME, &idb1_if_name) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_string_option_value(idb2, OPT_IDB_NAME, &idb2_if_name) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("g_strcmp0(idb1_if_name, idb2_if_name) == 0: %s",
(g_strcmp0(idb1_if_name, idb2_if_name) == 0) ? "TRUE":"FALSE");
if (g_strcmp0(idb1_if_name, idb2_if_name) != 0) {
ws_debug("returning FALSE");
return FALSE;
}
}
/* XXX - what do to if we have only one value? */
have_idb1_value = (wtap_block_get_string_option_value(idb1, OPT_IDB_DESCRIPTION, &idb1_if_description) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_string_option_value(idb2, OPT_IDB_DESCRIPTION, &idb2_if_description) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("g_strcmp0(idb1_if_description, idb2_if_description) == 0: %s",
(g_strcmp0(idb1_if_description, idb2_if_description) == 0) ? "TRUE":"FALSE");
if (g_strcmp0(idb1_if_description, idb2_if_description) != 0) {
ws_debug("returning FALSE");
return FALSE;
}
}
/* XXX - what do to if we have only one value? */
have_idb1_value = (wtap_block_get_string_option_value(idb1, OPT_IDB_HARDWARE, &idb1_if_hardware) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_string_option_value(idb2, OPT_IDB_HARDWARE, &idb2_if_hardware) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("g_strcmp0(idb1_if_hardware, idb2_if_hardware) == 0: %s",
(g_strcmp0(idb1_if_hardware, idb2_if_hardware) == 0) ? "TRUE":"FALSE");
if (g_strcmp0(idb1_if_hardware, idb2_if_hardware) != 0) {
ws_debug("returning FALSE");
return FALSE;
}
}
/* XXX - what do to if we have only one value? */
have_idb1_value = (wtap_block_get_string_option_value(idb1, OPT_IDB_OS, &idb1_if_os) == WTAP_OPTTYPE_SUCCESS);
have_idb2_value = (wtap_block_get_string_option_value(idb2, OPT_IDB_OS, &idb2_if_os) == WTAP_OPTTYPE_SUCCESS);
if (have_idb1_value && have_idb2_value) {
ws_debug("g_strcmp0(idb1_if_os, idb2_if_os) == 0: %s",
(g_strcmp0(idb1_if_os, idb2_if_os) == 0) ? "TRUE":"FALSE");
if (g_strcmp0(idb1_if_os, idb2_if_os) != 0) {
ws_debug("returning FALSE");
return FALSE;
}
}
/* does not compare filters nor interface statistics */
ws_debug("returning TRUE");
return TRUE;
}
/*
* Returns true if all of the input files have duplicate IDBs to the other files.
*/
static gboolean
all_idbs_are_duplicates(const merge_in_file_t *in_files, const guint in_file_count)
{
wtapng_iface_descriptions_t *first_idb_list = NULL;
wtapng_iface_descriptions_t *other_idb_list = NULL;
guint first_idb_list_size, other_idb_list_size;
wtap_block_t first_file_idb, other_file_idb;
guint i, j;
ws_assert(in_files != NULL);
/* get the first file's info */
first_idb_list = wtap_file_get_idb_info(in_files[0].wth);
ws_assert(first_idb_list->interface_data);
first_idb_list_size = first_idb_list->interface_data->len;
/* now compare the other input files with that */
for (i = 1; i < in_file_count; i++) {
other_idb_list = wtap_file_get_idb_info(in_files[i].wth);
ws_assert(other_idb_list->interface_data);
other_idb_list_size = other_idb_list->interface_data->len;
if (other_idb_list_size != first_idb_list_size) {
ws_debug("sizes of IDB lists don't match: first=%u, other=%u",
first_idb_list_size, other_idb_list_size);
g_free(other_idb_list);
g_free(first_idb_list);
return FALSE;
}
for (j = 0; j < other_idb_list_size; j++) {
first_file_idb = g_array_index(first_idb_list->interface_data, wtap_block_t, j);
other_file_idb = g_array_index(other_idb_list->interface_data, wtap_block_t, j);
if (!is_duplicate_idb(first_file_idb, other_file_idb)) {
ws_debug("IDBs at index %d do not match, returning FALSE", j);
g_free(other_idb_list);
g_free(first_idb_list);
return FALSE;
}
}
g_free(other_idb_list);
}
ws_debug("returning TRUE");
g_free(first_idb_list);
return TRUE;
}
/*
* Returns true if the given input_file_idb is a duplicate of an existing one
* in the merged_idb_list; it's a duplicate if the interface description data
* is all identical to a previous one in another input file. For this
* function, the input file IDB's index does NOT need to match the index
* location of a previous one to be considered a duplicate; any match is
* considered a success. That means it will even match another IDB from its
* own (same) input file.
*/
static gboolean
find_duplicate_idb(const wtap_block_t input_file_idb,
const wtapng_iface_descriptions_t *merged_idb_list,
guint *found_index)
{
wtap_block_t merged_idb;
guint i;
ws_assert(input_file_idb != NULL);
ws_assert(merged_idb_list != NULL);
ws_assert(merged_idb_list->interface_data != NULL);
ws_assert(found_index != NULL);
for (i = 0; i < merged_idb_list->interface_data->len; i++) {
merged_idb = g_array_index(merged_idb_list->interface_data, wtap_block_t, i);
if (is_duplicate_idb(input_file_idb, merged_idb)) {
*found_index = i;
return TRUE;
}
}
return FALSE;
}
/* adds IDB to merged file info, returns its index */
static guint
add_idb_to_merged_file(wtapng_iface_descriptions_t *merged_idb_list,
const wtap_block_t input_file_idb)
{
wtap_block_t idb = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO);
wtapng_if_descr_mandatory_t* idb_mand;
ws_assert(merged_idb_list != NULL);
ws_assert(merged_idb_list->interface_data != NULL);
ws_assert(input_file_idb != NULL);
wtap_block_copy(idb, input_file_idb);
idb_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(idb);
/* Don't copy filter or stat information */
idb_mand->num_stat_entries = 0; /* Number of ISB:s */
idb_mand->interface_statistics = NULL;
g_array_append_val(merged_idb_list->interface_data, idb);
return merged_idb_list->interface_data->len - 1;
}
/*
* Create clone IDBs for the merge file, based on the input files and mode.
*/
static wtapng_iface_descriptions_t *
generate_merged_idbs(merge_in_file_t *in_files, const guint in_file_count, const idb_merge_mode mode)
{
wtapng_iface_descriptions_t *merged_idb_list = NULL;
wtapng_iface_descriptions_t *input_file_idb_list = NULL;
wtap_block_t input_file_idb;
guint itf_count, merged_index;
guint i;
/* create new IDB info */
merged_idb_list = g_new(wtapng_iface_descriptions_t,1);
merged_idb_list->interface_data = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
if (mode == IDB_MERGE_MODE_ALL_SAME && all_idbs_are_duplicates(in_files, in_file_count)) {
guint num_idbs;
ws_debug("mode ALL set and all IDBs are duplicates");
/* they're all the same, so just get the first file's IDBs */
input_file_idb_list = wtap_file_get_idb_info(in_files[0].wth);
/* this is really one more than number of IDBs, but that's good for the for-loops */
num_idbs = input_file_idb_list->interface_data->len;
/* put them in the merged file */
for (itf_count = 0; itf_count < num_idbs; itf_count++) {
input_file_idb = g_array_index(input_file_idb_list->interface_data,
wtap_block_t, itf_count);
merged_index = add_idb_to_merged_file(merged_idb_list, input_file_idb);
add_idb_index_map(&in_files[0], itf_count, merged_index);
}
/* and set all the other file index maps the same way */
for (i = 1; i < in_file_count; i++) {
for (itf_count = 0; itf_count < num_idbs; itf_count++) {
add_idb_index_map(&in_files[i], itf_count, itf_count);
}
}
g_free(input_file_idb_list);
}
else {
for (i = 0; i < in_file_count; i++) {
input_file_idb_list = wtap_file_get_idb_info(in_files[i].wth);
for (itf_count = 0; itf_count < input_file_idb_list->interface_data->len; itf_count++) {
input_file_idb = g_array_index(input_file_idb_list->interface_data,
wtap_block_t, itf_count);
if (mode == IDB_MERGE_MODE_ANY_SAME &&
find_duplicate_idb(input_file_idb, merged_idb_list, &merged_index))
{
ws_debug("mode ANY set and found a duplicate");
/*
* It's the same as a previous IDB, so we're going to "merge"
* them into one by adding a map from its old IDB index to the new
* one. This will be used later to change the rec interface_id.
*/
add_idb_index_map(&in_files[i], itf_count, merged_index);
}
else {
ws_debug("mode NONE set or did not find a duplicate");
/*
* This IDB does not match a previous (or we want to save all IDBs),
* so add the IDB to the merge file, and add a map of the indices.
*/
merged_index = add_idb_to_merged_file(merged_idb_list, input_file_idb);
add_idb_index_map(&in_files[i], itf_count, merged_index);
}
}
g_free(input_file_idb_list);
}
}
return merged_idb_list;
}
static gboolean
map_rec_interface_id(wtap_rec *rec, const merge_in_file_t *in_file)
{
guint current_interface_id = 0;
ws_assert(rec != NULL);
ws_assert(in_file != NULL);
ws_assert(in_file->idb_index_map != NULL);
if (rec->presence_flags & WTAP_HAS_INTERFACE_ID) {
current_interface_id = rec->rec_header.packet_header.interface_id;
}
if (current_interface_id >= in_file->idb_index_map->len) {
/* this shouldn't happen, but in a malformed input file it could */
ws_debug("current_interface_id (%u) >= in_file->idb_index_map->len (%u) (ERROR?)",
current_interface_id, in_file->idb_index_map->len);
return FALSE;
}
rec->rec_header.packet_header.interface_id = g_array_index(in_file->idb_index_map, guint, current_interface_id);
rec->presence_flags |= WTAP_HAS_INTERFACE_ID;
return TRUE;
}
static merge_result
merge_process_packets(wtap_dumper *pdh, const int file_type,
merge_in_file_t *in_files, const guint in_file_count,
const gboolean do_append, guint snaplen,
merge_progress_callback_t* cb,
GArray *dsb_combined,
int *err, gchar **err_info, guint *err_fileno,
guint32 *err_framenum)
{
merge_result status = MERGE_OK;
merge_in_file_t *in_file;
int count = 0;
gboolean stop_flag = FALSE;
wtap_rec *rec, snap_rec;
for (;;) {
*err = 0;
if (do_append) {
in_file = merge_append_read_packet(in_file_count, in_files, err,
err_info);
}
else {
in_file = merge_read_packet(in_file_count, in_files, err,
err_info);
}
if (in_file == NULL) {
/* We're at EOF on all input files */
break;
}
if (*err != 0) {
/* I/O error reading from in_file */
status = MERGE_ERR_CANT_READ_INFILE;
break;
}
count++;
if (cb)
stop_flag = cb->callback_func(MERGE_EVENT_RECORD_WAS_READ, count, in_files, in_file_count, cb->data);
if (stop_flag) {
/* The user decided to abort the merge. */
status = MERGE_USER_ABORTED;
break;
}
rec = &in_file->rec;
switch (rec->rec_type) {
case REC_TYPE_PACKET:
if (rec->presence_flags & WTAP_HAS_CAP_LEN) {
if (snaplen != 0 &&
rec->rec_header.packet_header.caplen > snaplen) {
/*
* The dumper will only write up to caplen bytes out,
* so we only need to change that value, instead of
* cloning the whole packet with fewer bytes.
*
* XXX: but do we need to change the IDBs' snap_len?
*/
snap_rec = *rec;
snap_rec.rec_header.packet_header.caplen = snaplen;
rec = &snap_rec;
}
}
break;
}
/*
* Does this file type support identifying the interfaces on
* which packets arrive?
*
* That mean that the abstract interface provided by libwiretap
* involves WTAP_BLOCK_IF_ID_AND_INFO blocks.
*/
if (wtap_file_type_subtype_supports_block(file_type,
WTAP_BLOCK_IF_ID_AND_INFO) != BLOCK_NOT_SUPPORTED) {
/*
* XXX - We should do this only for record types
* that pertain to a particular interface; for
* now, we hardcode that, but we need to figure
* out a more general way to handle this.
*/
if (rec->rec_type == REC_TYPE_PACKET) {
if (!map_rec_interface_id(rec, in_file)) {
status = MERGE_ERR_BAD_PHDR_INTERFACE_ID;
break;
}
}
}
/*
* If any DSBs were read before this record, be sure to pass those now
* such that wtap_dump can pick it up.
*/
if (dsb_combined && in_file->wth->dsbs) {
GArray *in_dsb = in_file->wth->dsbs;
for (guint i = in_file->dsbs_seen; i < in_dsb->len; i++) {
wtap_block_t wblock = g_array_index(in_dsb, wtap_block_t, i);
g_array_append_val(dsb_combined, wblock);
in_file->dsbs_seen++;
}
}
if (!wtap_dump(pdh, rec, ws_buffer_start_ptr(&in_file->frame_buffer),
err, err_info)) {
status = MERGE_ERR_CANT_WRITE_OUTFILE;
break;
}
wtap_rec_reset(rec);
}
if (cb)
cb->callback_func(MERGE_EVENT_DONE, count, in_files, in_file_count, cb->data);
if (status == MERGE_OK || status == MERGE_USER_ABORTED) {
if (!wtap_dump_close(pdh, NULL, err, err_info))
status = MERGE_ERR_CANT_CLOSE_OUTFILE;
} else {
/*
* We already got some error; no need to report another error on
* close.
*
* Don't overwrite the earlier error.
*/
int close_err = 0;
gchar *close_err_info = NULL;
(void)wtap_dump_close(pdh, NULL, &close_err, &close_err_info);
g_free(close_err_info);
}
/* Close the input files after the output file in case the latter still
* holds references to blocks in the input file (such as the DSB). Even if
* those DSBs are only written when wtap_dump is called and nothing bad will
* happen now, let's keep all pointers in pdh valid for correctness sake. */
merge_close_in_files(in_file_count, in_files);
if (status == MERGE_OK || in_file == NULL) {
*err_fileno = 0;
*err_framenum = 0;
} else {
*err_fileno = (guint)(in_file - in_files);
*err_framenum = in_file->packet_num;
}
return status;
}
static merge_result
merge_files_common(const gchar* out_filename, /* normal output mode */
gchar **out_filenamep, const char *pfx, /* tempfile mode */
const int file_type, const char *const *in_filenames,
const guint in_file_count, const gboolean do_append,
const idb_merge_mode mode, guint snaplen,
const gchar *app_name, merge_progress_callback_t* cb,
int *err, gchar **err_info, guint *err_fileno,
guint32 *err_framenum)
{
merge_in_file_t *in_files = NULL;
int frame_type = WTAP_ENCAP_PER_PACKET;
merge_result status = MERGE_OK;
wtap_dumper *pdh;
GArray *shb_hdrs = NULL;
wtapng_iface_descriptions_t *idb_inf = NULL;
GArray *dsb_combined = NULL;
ws_assert(in_file_count > 0);
ws_assert(in_filenames != NULL);
ws_assert(err != NULL);
ws_assert(err_info != NULL);
ws_assert(err_fileno != NULL);
ws_assert(err_framenum != NULL);
/* if a callback was given, it has to have a callback function ptr */
ws_assert((cb != NULL) ? (cb->callback_func != NULL) : TRUE);
ws_debug("merge_files: begin");
/* open the input files */
if (!merge_open_in_files(in_file_count, in_filenames, &in_files, cb,
err, err_info, err_fileno)) {
ws_debug("merge_open_in_files() failed with err=%d", *err);
*err_framenum = 0;
return MERGE_ERR_CANT_OPEN_INFILE;
}
if (snaplen == 0) {
/* Snapshot length not specified - default to the maximum. */
snaplen = WTAP_MAX_PACKET_SIZE_STANDARD;
}
/*
* This doesn't tell us that much. It tells us what to set the outfile's
* encap type to, but that's all - for example, it does *not* tells us
* whether the input files had the same number of IDBs, for the same exact
* interfaces, and only one IDB each, so it doesn't actually tell us
* whether we can merge IDBs into one or not.
*/
frame_type = merge_select_frame_type(in_file_count, in_files);
ws_debug("got frame_type=%d", frame_type);
if (cb)
cb->callback_func(MERGE_EVENT_FRAME_TYPE_SELECTED, frame_type, in_files, in_file_count, cb->data);
/* prepare the outfile */
wtap_dump_params params = WTAP_DUMP_PARAMS_INIT;
params.encap = frame_type;
params.snaplen = snaplen;
/*
* Does this file type support identifying the interfaces on
* which packets arrive?
*
* That mean that the abstract interface provided by libwiretap
* involves WTAP_BLOCK_IF_ID_AND_INFO blocks.
*/
if (wtap_file_type_subtype_supports_block(file_type,
WTAP_BLOCK_IF_ID_AND_INFO) != BLOCK_NOT_SUPPORTED) {
shb_hdrs = create_shb_header(in_files, in_file_count, app_name);
ws_debug("SHB created");
idb_inf = generate_merged_idbs(in_files, in_file_count, mode);
ws_debug("IDB merge operation complete, got %u IDBs", idb_inf ? idb_inf->interface_data->len : 0);
/* XXX other blocks like NRB are now discarded. */
params.shb_hdrs = shb_hdrs;
params.idb_inf = idb_inf;
dsb_combined = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
params.dsbs_growing = dsb_combined;
}
if (out_filename && !out_filenamep) {
pdh = wtap_dump_open(out_filename, file_type, WTAP_UNCOMPRESSED,
&params, err, err_info);
} else if (out_filename && out_filenamep) {
pdh = wtap_dump_open_tempfile(out_filename, out_filenamep, pfx, file_type,
WTAP_UNCOMPRESSED, &params, err,
err_info);
} else {
pdh = wtap_dump_open_stdout(file_type, WTAP_UNCOMPRESSED, &params, err,
err_info);
}
if (pdh == NULL) {
merge_close_in_files(in_file_count, in_files);
g_free(in_files);
wtap_block_array_free(shb_hdrs);
wtap_free_idb_info(idb_inf);
if (dsb_combined) {
g_array_free(dsb_combined, TRUE);
}
*err_framenum = 0;
return MERGE_ERR_CANT_OPEN_OUTFILE;
}
if (cb)
cb->callback_func(MERGE_EVENT_READY_TO_MERGE, 0, in_files, in_file_count, cb->data);
status = merge_process_packets(pdh, file_type, in_files, in_file_count,
do_append, snaplen, cb, dsb_combined, err, err_info,
err_fileno, err_framenum);
g_free(in_files);
wtap_block_array_free(shb_hdrs);
wtap_free_idb_info(idb_inf);
if (dsb_combined) {
g_array_free(dsb_combined, TRUE);
}
return status;
}
/*
* Merges the files to an output file whose name is supplied as an argument,
* based on given input, and invokes callback during execution. Returns
* MERGE_OK on success, or a MERGE_ERR_XXX on failure.
*/
merge_result
merge_files(const gchar* out_filename, const int file_type,
const char *const *in_filenames, const guint in_file_count,
const gboolean do_append, const idb_merge_mode mode,
guint snaplen, const gchar *app_name, merge_progress_callback_t* cb,
int *err, gchar **err_info, guint *err_fileno,
guint32 *err_framenum)
{
ws_assert(out_filename != NULL);
return merge_files_common(out_filename, NULL, NULL,
file_type, in_filenames, in_file_count,
do_append, mode, snaplen, app_name, cb, err,
err_info, err_fileno, err_framenum);
}
/*
* Merges the files to a temporary file based on given input, and invokes
* callback during execution. Returns MERGE_OK on success, or a MERGE_ERR_XXX
* on failure.
*/
merge_result
merge_files_to_tempfile(const char *tmpdir, gchar **out_filenamep, const char *pfx,
const int file_type, const char *const *in_filenames,
const guint in_file_count, const gboolean do_append,
const idb_merge_mode mode, guint snaplen,
const gchar *app_name, merge_progress_callback_t* cb,
int *err, gchar **err_info, guint *err_fileno,
guint32 *err_framenum)
{
ws_assert(out_filenamep != NULL);
/* no temporary file name yet */
*out_filenamep = NULL;
return merge_files_common(tmpdir, out_filenamep, pfx,
file_type, in_filenames, in_file_count,
do_append, mode, snaplen, app_name, cb, err,
err_info, err_fileno, err_framenum);
}
/*
* Merges the files to the standard output based on given input, and invokes
* callback during execution. Returns MERGE_OK on success, or a MERGE_ERR_XXX
* on failure.
*/
merge_result
merge_files_to_stdout(const int file_type, const char *const *in_filenames,
const guint in_file_count, const gboolean do_append,
const idb_merge_mode mode, guint snaplen,
const gchar *app_name, merge_progress_callback_t* cb,
int *err, gchar **err_info, guint *err_fileno,
guint32 *err_framenum)
{
return merge_files_common(NULL, NULL, NULL,
file_type, in_filenames, in_file_count,
do_append, mode, snaplen, app_name, cb, err,
err_info, err_fileno, err_framenum);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local Variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/
View Git Blame Copy Permalink