2005-12-03 22:38:50 +00:00
|
|
|
/* capture_info.c
|
|
|
|
* capture info functions
|
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2005-12-03 22:38:50 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2005-12-03 22:38:50 +00:00
|
|
|
*/
|
|
|
|
|
2014-08-22 21:13:05 +00:00
|
|
|
#include <config.h>
|
2005-12-03 22:38:50 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_LIBPCAP
|
|
|
|
|
|
|
|
#include <glib.h>
|
|
|
|
|
|
|
|
#include <epan/packet.h>
|
2013-12-21 17:23:17 +00:00
|
|
|
#include <wiretap/wtap.h>
|
|
|
|
|
2005-12-03 22:38:50 +00:00
|
|
|
#include "capture_info.h"
|
|
|
|
|
2015-12-13 04:38:21 +00:00
|
|
|
#include <epan/capture_dissectors.h>
|
2005-12-04 02:04:18 +00:00
|
|
|
|
2013-11-17 02:55:14 +00:00
|
|
|
#include <wsutil/filesystem.h>
|
|
|
|
|
2005-12-04 02:04:18 +00:00
|
|
|
/* open the info */
|
2015-12-17 04:15:03 +00:00
|
|
|
void capture_info_open(capture_session *cap_session, info_data_t* cap_info)
|
2005-12-04 02:04:18 +00:00
|
|
|
{
|
2015-12-19 15:11:40 +00:00
|
|
|
if (cap_info->counts.counts_hash != NULL)
|
|
|
|
{
|
|
|
|
/* Clean up any previous lists of packet counts */
|
|
|
|
g_hash_table_destroy(cap_info->counts.counts_hash);
|
|
|
|
}
|
|
|
|
cap_info->counts.counts_hash = g_hash_table_new_full( g_direct_hash, g_direct_equal, NULL, g_free );
|
|
|
|
cap_info->counts.other = 0;
|
|
|
|
cap_info->counts.total = 0;
|
2015-12-17 04:15:03 +00:00
|
|
|
|
|
|
|
cap_info->wtap = NULL;
|
|
|
|
cap_info->ui.counts = &cap_info->counts;
|
|
|
|
|
|
|
|
capture_info_ui_create(&cap_info->ui, cap_session);
|
2005-12-04 02:04:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2006-03-01 01:46:52 +00:00
|
|
|
static const char *
|
|
|
|
cf_open_error_message(int err, gchar *err_info, gboolean for_writing,
|
|
|
|
int file_type)
|
|
|
|
{
|
2010-10-12 19:26:07 +00:00
|
|
|
const char *errmsg;
|
|
|
|
static char errmsg_errno[1024+1];
|
|
|
|
|
|
|
|
if (err < 0) {
|
|
|
|
/* Wiretap error. */
|
|
|
|
switch (err) {
|
|
|
|
|
|
|
|
case WTAP_ERR_NOT_REGULAR_FILE:
|
|
|
|
errmsg = "The file \"%s\" is a \"special file\" or socket or other non-regular file.";
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ERR_FILE_UNKNOWN_FORMAT:
|
|
|
|
/* Seen only when opening a capture file for reading. */
|
2014-12-17 20:38:48 +00:00
|
|
|
errmsg = "The file \"%s\" isn't a capture file in a format Wireshark understands.";
|
2010-10-12 19:26:07 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ERR_UNSUPPORTED:
|
|
|
|
/* Seen only when opening a capture file for reading. */
|
|
|
|
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
2014-12-17 20:38:48 +00:00
|
|
|
"The file \"%%s\" contains record data that Wireshark doesn't support.\n"
|
2014-12-18 04:03:47 +00:00
|
|
|
"(%s)", err_info != NULL ? err_info : "no information supplied");
|
2010-10-12 19:26:07 +00:00
|
|
|
g_free(err_info);
|
|
|
|
errmsg = errmsg_errno;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ERR_CANT_WRITE_TO_PIPE:
|
|
|
|
/* Seen only when opening a capture file for writing. */
|
|
|
|
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
|
|
|
"The file \"%%s\" is a pipe, and %s capture files can't be "
|
2013-11-08 09:53:01 +00:00
|
|
|
"written to a pipe.", wtap_file_type_subtype_string(file_type));
|
2010-10-12 19:26:07 +00:00
|
|
|
errmsg = errmsg_errno;
|
|
|
|
break;
|
|
|
|
|
2014-12-17 08:29:31 +00:00
|
|
|
case WTAP_ERR_UNWRITABLE_FILE_TYPE:
|
2010-10-12 19:26:07 +00:00
|
|
|
/* Seen only when opening a capture file for writing. */
|
2014-12-17 20:38:48 +00:00
|
|
|
errmsg = "Wireshark doesn't support writing capture files in that format.";
|
2010-10-12 19:26:07 +00:00
|
|
|
break;
|
|
|
|
|
2014-12-17 06:40:45 +00:00
|
|
|
case WTAP_ERR_UNWRITABLE_ENCAP:
|
2014-12-18 00:41:21 +00:00
|
|
|
/* Seen only when opening a capture file for writing. */
|
|
|
|
errmsg = "Wireshark can't save this capture in that format.";
|
2010-10-12 19:26:07 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
|
|
|
|
if (for_writing)
|
2014-12-17 20:38:48 +00:00
|
|
|
errmsg = "Wireshark can't save this capture in that format.";
|
2010-10-12 19:26:07 +00:00
|
|
|
else
|
2014-12-17 20:38:48 +00:00
|
|
|
errmsg = "The file \"%s\" is a capture for a network type that Wireshark doesn't support.";
|
2010-10-12 19:26:07 +00:00
|
|
|
break;
|
|
|
|
|
2011-12-13 09:53:50 +00:00
|
|
|
case WTAP_ERR_BAD_FILE:
|
2010-10-12 19:26:07 +00:00
|
|
|
/* Seen only when opening a capture file for reading. */
|
|
|
|
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
|
|
|
"The file \"%%s\" appears to be damaged or corrupt.\n"
|
2014-12-18 04:03:47 +00:00
|
|
|
"(%s)", err_info != NULL ? err_info : "no information supplied");
|
2010-10-12 19:26:07 +00:00
|
|
|
g_free(err_info);
|
|
|
|
errmsg = errmsg_errno;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ERR_CANT_OPEN:
|
|
|
|
if (for_writing)
|
|
|
|
errmsg = "The file \"%s\" could not be created for some unknown reason.";
|
|
|
|
else
|
|
|
|
errmsg = "The file \"%s\" could not be opened for some unknown reason.";
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ERR_SHORT_READ:
|
|
|
|
errmsg = "The file \"%s\" appears to have been cut short"
|
|
|
|
" in the middle of a packet or other data.";
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_ERR_SHORT_WRITE:
|
|
|
|
errmsg = "A full header couldn't be written to the file \"%s\".";
|
|
|
|
break;
|
|
|
|
|
2011-04-21 09:41:52 +00:00
|
|
|
case WTAP_ERR_DECOMPRESS:
|
|
|
|
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
|
|
|
"The compressed file \"%%s\" appears to be damaged or corrupt.\n"
|
2014-12-18 04:03:47 +00:00
|
|
|
"(%s)", err_info != NULL ? err_info : "no information supplied");
|
2011-04-21 09:41:52 +00:00
|
|
|
g_free(err_info);
|
|
|
|
errmsg = errmsg_errno;
|
|
|
|
break;
|
|
|
|
|
2010-10-12 19:26:07 +00:00
|
|
|
default:
|
|
|
|
g_snprintf(errmsg_errno, sizeof(errmsg_errno),
|
|
|
|
"The file \"%%s\" could not be %s: %s.",
|
|
|
|
for_writing ? "created" : "opened",
|
|
|
|
wtap_strerror(err));
|
|
|
|
errmsg = errmsg_errno;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else
|
|
|
|
errmsg = file_open_error_message(err, for_writing);
|
|
|
|
return errmsg;
|
2006-03-01 01:46:52 +00:00
|
|
|
}
|
|
|
|
|
2005-12-04 02:04:18 +00:00
|
|
|
/* new file arrived */
|
2015-12-17 04:15:03 +00:00
|
|
|
gboolean capture_info_new_file(const char *new_filename, info_data_t* cap_info)
|
2005-12-04 02:04:18 +00:00
|
|
|
{
|
|
|
|
int err;
|
|
|
|
gchar *err_info;
|
2011-03-22 11:25:12 +00:00
|
|
|
gchar *err_msg;
|
2005-12-04 02:04:18 +00:00
|
|
|
|
|
|
|
|
2015-12-17 04:15:03 +00:00
|
|
|
if(cap_info->wtap != NULL) {
|
|
|
|
wtap_close(cap_info->wtap);
|
2005-12-04 02:04:18 +00:00
|
|
|
}
|
|
|
|
|
2015-12-17 04:15:03 +00:00
|
|
|
cap_info->wtap = wtap_open_offline(new_filename, WTAP_TYPE_AUTO, &err, &err_info, FALSE);
|
|
|
|
if (!cap_info->wtap) {
|
2013-11-08 09:53:01 +00:00
|
|
|
err_msg = g_strdup_printf(cf_open_error_message(err, err_info, FALSE, WTAP_FILE_TYPE_SUBTYPE_UNKNOWN),
|
2011-03-22 11:25:12 +00:00
|
|
|
new_filename);
|
2007-10-05 22:39:06 +00:00
|
|
|
g_warning("capture_info_new_file: %d (%s)", err, err_msg);
|
2011-03-22 11:25:12 +00:00
|
|
|
g_free (err_msg);
|
2006-03-01 01:46:52 +00:00
|
|
|
return FALSE;
|
|
|
|
} else
|
|
|
|
return TRUE;
|
2005-12-04 02:04:18 +00:00
|
|
|
}
|
|
|
|
|
2015-12-15 00:25:31 +00:00
|
|
|
static void
|
2015-12-19 15:11:40 +00:00
|
|
|
capture_info_packet(info_data_t* cap_info, gint wtap_linktype, const guchar *pd, guint32 caplen, union wtap_pseudo_header *pseudo_header)
|
2015-12-15 00:25:31 +00:00
|
|
|
{
|
|
|
|
capture_packet_info_t cpinfo;
|
|
|
|
|
|
|
|
/* Setup the capture packet structure */
|
2015-12-19 15:11:40 +00:00
|
|
|
cpinfo.counts = cap_info->counts.counts_hash;
|
2015-12-15 00:25:31 +00:00
|
|
|
|
2015-12-19 15:11:40 +00:00
|
|
|
cap_info->counts.total++;
|
2015-12-15 00:25:31 +00:00
|
|
|
if (!try_capture_dissector("wtap_encap", wtap_linktype, pd, 0, caplen, &cpinfo, pseudo_header))
|
2015-12-19 15:11:40 +00:00
|
|
|
cap_info->counts.other++;
|
2015-12-15 00:25:31 +00:00
|
|
|
}
|
2005-12-04 02:04:18 +00:00
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
/* new packets arrived */
|
2015-12-17 04:15:03 +00:00
|
|
|
void capture_info_new_packets(int to_read, info_data_t* cap_info)
|
2005-12-04 02:04:18 +00:00
|
|
|
{
|
|
|
|
int err;
|
|
|
|
gchar *err_info;
|
2006-11-05 22:46:44 +00:00
|
|
|
gint64 data_offset;
|
2012-10-16 21:50:57 +00:00
|
|
|
struct wtap_pkthdr *phdr;
|
2005-12-04 02:04:18 +00:00
|
|
|
union wtap_pseudo_header *pseudo_header;
|
|
|
|
int wtap_linktype;
|
|
|
|
const guchar *buf;
|
|
|
|
|
|
|
|
|
2015-12-17 04:15:03 +00:00
|
|
|
cap_info->ui.new_packets = to_read;
|
2014-05-23 10:50:02 +00:00
|
|
|
|
2005-12-04 02:04:18 +00:00
|
|
|
/*g_warning("new packets: %u", to_read);*/
|
|
|
|
|
2011-05-19 04:56:04 +00:00
|
|
|
while (to_read > 0) {
|
2015-12-17 04:15:03 +00:00
|
|
|
wtap_cleareof(cap_info->wtap);
|
|
|
|
if (wtap_read(cap_info->wtap, &err, &err_info, &data_offset)) {
|
|
|
|
phdr = wtap_phdr(cap_info->wtap);
|
2014-05-23 10:50:02 +00:00
|
|
|
pseudo_header = &phdr->pseudo_header;
|
|
|
|
wtap_linktype = phdr->pkt_encap;
|
2015-12-17 04:15:03 +00:00
|
|
|
buf = wtap_buf_ptr(cap_info->wtap);
|
2011-05-19 04:56:04 +00:00
|
|
|
|
2015-12-19 15:11:40 +00:00
|
|
|
capture_info_packet(cap_info, wtap_linktype, buf, phdr->caplen, pseudo_header);
|
2011-05-19 04:56:04 +00:00
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
/*g_warning("new packet");*/
|
2011-05-19 04:56:04 +00:00
|
|
|
to_read--;
|
|
|
|
}
|
2005-12-04 02:04:18 +00:00
|
|
|
}
|
|
|
|
|
2015-12-17 04:15:03 +00:00
|
|
|
capture_info_ui_update(&cap_info->ui);
|
2005-12-04 02:04:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* close the info */
|
2015-12-17 04:15:03 +00:00
|
|
|
void capture_info_close(info_data_t* cap_info)
|
2005-12-03 22:38:50 +00:00
|
|
|
{
|
2015-12-17 04:15:03 +00:00
|
|
|
capture_info_ui_destroy(&cap_info->ui);
|
|
|
|
if(cap_info->wtap)
|
|
|
|
wtap_close(cap_info->wtap);
|
2005-12-03 22:38:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* HAVE_LIBPCAP */
|
2014-10-12 18:56:12 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 4
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: nil
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
|
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
|
|
|
*/
|