1998-09-16 02:39:15 +00:00
|
|
|
/* file.h
|
|
|
|
|
* Definitions for file structures and routines
|
|
|
|
|
*
|
2000-05-19 23:07:04 +00:00
|
|
|
* $Id: file.h,v 1.68 2000/05/19 23:06:07 gram Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef __FILE_H__
|
|
|
|
|
#define __FILE_H__
|
|
|
|
|
|
1999-07-13 02:53:26 +00:00
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
1998-09-16 02:39:15 +00:00
|
|
|
#include <sys/types.h>
|
1999-07-13 02:53:26 +00:00
|
|
|
#endif
|
|
|
|
|
|
1999-07-09 04:18:36 +00:00
|
|
|
#ifndef __WTAP_H__
|
1999-08-11 17:02:28 +00:00
|
|
|
#include "wiretap/wtap.h"
|
1999-07-09 04:18:36 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_LIBPCAP
|
|
|
|
|
#ifndef lib_pcap_h
|
1999-07-07 22:52:57 +00:00
|
|
|
#include <pcap.h>
|
1999-07-09 04:18:36 +00:00
|
|
|
#endif
|
|
|
|
|
#endif
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-08-13 23:47:43 +00:00
|
|
|
#ifndef __DFILTER_H__
|
|
|
|
|
#include "dfilter.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-08-24 16:27:23 +00:00
|
|
|
#ifndef __COLORS_H__
|
2000-02-12 08:15:31 +00:00
|
|
|
#include "gtk/colors.h" /* XXX */
|
1999-08-24 16:27:23 +00:00
|
|
|
#endif
|
|
|
|
|
|
1999-12-10 04:21:04 +00:00
|
|
|
#ifndef __PRINT_H__
|
|
|
|
|
#include "print.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-09-22 01:26:50 +00:00
|
|
|
#include <errno.h>
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_LIBZ
|
|
|
|
|
#include "zlib.h"
|
|
|
|
|
#define FILE_T gzFile
|
|
|
|
|
#define file_open gzopen
|
|
|
|
|
#define filed_open gzdopen
|
|
|
|
|
#define file_close gzclose
|
|
|
|
|
#else /* No zLib */
|
|
|
|
|
#define FILE_T FILE *
|
|
|
|
|
#define file_open fopen
|
|
|
|
|
#define filed_open fdopen
|
|
|
|
|
#define file_close fclose
|
|
|
|
|
#endif /* HAVE_LIBZ */
|
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
typedef struct bpf_program bpf_prog;
|
|
|
|
|
|
|
|
|
|
typedef struct _capture_file {
|
1999-11-29 08:51:11 +00:00
|
|
|
int filed; /* File descriptor of capture file */
|
|
|
|
|
gchar *filename; /* Name of capture file */
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
gboolean is_tempfile; /* Is capture file a temporary file? */
|
|
|
|
|
gboolean user_saved;/* If capture file is temporary, has it been saved by user yet? */
|
1999-11-29 08:51:11 +00:00
|
|
|
long f_len; /* Length of capture file */
|
|
|
|
|
guint16 cd_t; /* File type of capture file */
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
int lnk_t; /* Link-layer type with which to save capture */
|
1999-08-10 07:16:47 +00:00
|
|
|
guint32 vers; /* Version. For tcpdump minor is appended to major */
|
|
|
|
|
guint32 count; /* Packet count */
|
|
|
|
|
guint32 drops; /* Dropped packets */
|
|
|
|
|
guint32 esec; /* Elapsed seconds */
|
|
|
|
|
guint32 eusec; /* Elapsed microseconds */
|
|
|
|
|
guint32 snap; /* Captured packet length */
|
1999-08-28 01:51:58 +00:00
|
|
|
gboolean update_progbar; /* TRUE if we should update the progress bar */
|
|
|
|
|
long progbar_quantum; /* Number of bytes read per progress bar update */
|
|
|
|
|
long progbar_nextstep; /* Next point at which to update progress bar */
|
1999-08-10 07:16:47 +00:00
|
|
|
gchar *iface; /* Interface */
|
|
|
|
|
gchar *save_file; /* File that user saved capture to */
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
int save_file_fd; /* File descriptor for saved file */
|
1999-08-10 07:16:47 +00:00
|
|
|
wtap *wth; /* Wiretap session */
|
1999-08-15 19:18:46 +00:00
|
|
|
dfilter *rfcode; /* Compiled read filter program */
|
1999-08-10 07:16:47 +00:00
|
|
|
gchar *dfilter; /* Display filter string */
|
1999-08-24 16:27:23 +00:00
|
|
|
colfilter *colors; /* Colors for colorizing packet window */
|
1999-08-13 23:47:43 +00:00
|
|
|
dfilter *dfcode; /* Compiled display filter program */
|
1999-07-09 04:18:36 +00:00
|
|
|
#ifdef HAVE_LIBPCAP
|
1999-08-10 07:16:47 +00:00
|
|
|
gchar *cfilter; /* Capture filter string */
|
|
|
|
|
bpf_prog fcode; /* Compiled capture filter program */
|
1999-07-09 04:18:36 +00:00
|
|
|
#endif
|
1999-11-06 06:28:07 +00:00
|
|
|
gchar *sfilter; /* Search filter string */
|
|
|
|
|
gboolean sbackward; /* TRUE if search is backward, FALSE if forward */
|
2000-05-19 23:07:04 +00:00
|
|
|
union wtap_pseudo_header pseudo_header; /* Packet pseudo_header */
|
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
1999-08-22 00:47:56 +00:00
|
|
|
guint8 pd[WTAP_MAX_PACKET_SIZE]; /* Packet data */
|
2000-04-03 08:42:45 +00:00
|
|
|
GMemChunk *plist_chunk; /* Memory chunk for frame_data structures */
|
1999-08-10 07:16:47 +00:00
|
|
|
frame_data *plist; /* Packet list */
|
|
|
|
|
frame_data *plist_end; /* Last packet in list */
|
1999-11-06 06:28:07 +00:00
|
|
|
frame_data *first_displayed; /* First frame displayed */
|
|
|
|
|
frame_data *last_displayed; /* Last frame displayed */
|
1998-11-17 04:29:13 +00:00
|
|
|
column_info cinfo; /* Column formatting information */
|
1999-11-06 06:28:07 +00:00
|
|
|
frame_data *current_frame; /* Frame data for current frame */
|
1999-08-10 07:16:47 +00:00
|
|
|
proto_tree *protocol_tree; /* Protocol tree for currently selected packet */
|
|
|
|
|
FILE *print_fh; /* File we're printing to */
|
1998-09-16 02:39:15 +00:00
|
|
|
} capture_file;
|
|
|
|
|
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
int open_cap_file(char *, gboolean, capture_file *);
|
|
|
|
|
void close_cap_file(capture_file *, void *);
|
1999-08-15 19:18:46 +00:00
|
|
|
int read_cap_file(capture_file *);
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
int start_tail_cap_file(char *, gboolean, capture_file *);
|
1999-11-29 01:54:01 +00:00
|
|
|
int continue_tail_cap_file(capture_file *, int);
|
|
|
|
|
int finish_tail_cap_file(capture_file *);
|
1998-09-16 02:39:15 +00:00
|
|
|
/* size_t read_frame_header(capture_file *); */
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
int save_cap_file(char *, capture_file *, gboolean, guint);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-11-25 18:02:25 +00:00
|
|
|
int filter_packets(capture_file *cf, gchar *dfilter);
|
1999-10-11 06:39:26 +00:00
|
|
|
void colorize_packets(capture_file *);
|
1999-09-12 06:11:51 +00:00
|
|
|
int print_packets(capture_file *cf, print_args_t *print_args);
|
1999-06-22 03:39:07 +00:00
|
|
|
void change_time_formats(capture_file *);
|
1999-11-06 06:54:24 +00:00
|
|
|
gboolean find_packet(capture_file *cf, dfilter *sfcode);
|
1999-11-30 07:27:37 +00:00
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
|
FOUND_FRAME, /* found the frame */
|
|
|
|
|
NO_SUCH_FRAME, /* no frame with that number */
|
|
|
|
|
FRAME_NOT_DISPLAYED /* frame with that number isn't displayed */
|
|
|
|
|
} goto_result_t;
|
|
|
|
|
goto_result_t goto_frame(capture_file *cf, guint fnumber);
|
|
|
|
|
|
1999-07-24 03:22:50 +00:00
|
|
|
void select_packet(capture_file *, int);
|
Have "close_cap_file()" disable all menu items that make sense only if
you have a capture.
Leave the job of enabling and disabling menu items that make sense only
if you have a capture (except for "File/Save" and "File/Save As...", for
now) up to "load_cap_file()", "close_cap_file()", and the like - don't
scatter that stuff throughout the code.
Disable "File/Print Packet" if no packet is selected; enable it only if
a packet is selected.
If there's a selected packet, and a display filter is run:
if the selected packet passed the filter, re-select it;
if the selected packet didn't pass the filter, un-select it.
If we've opened a live "pcap" capture, but can't do the capture because
we can't get the netmask info, or can't parse the capture filter string,
or can't install the filter, close the live capture and the dump and
delete the dump file.
If we failed to open a live "pcap" capture, don't try to read the
capture file - it doesn't exist.
svn path=/trunk/; revision=384
1999-07-24 02:42:52 +00:00
|
|
|
void unselect_packet(capture_file *);
|
1999-06-19 01:14:51 +00:00
|
|
|
|
Improve the alert boxes put up for file open/read/write errors. (Some
influence came from
http://developer.apple.com/techpubs/mac/HIGuidelines/HIGuidelines-232.html
which has a section on dialog box and alert box messages. However,
we're largely dealing with technoids, not with The Rest Of Us, so I
didn't go as far as one perhaps should.)
Unfortunately, it looks like it's a bit more work to arrange that, if
you give a bad file name to the "-r" flag, the dialog box pop up only
*after* the main window pops up - it has the annoying habit of popping
up *before* the main window pops up, and sometimes getting *obscured* by
it, when I do that. The removal of the dialog box stuff from
"load_cap_file()" was intended to facilitate that work. (It might also
be nice if, when an open from the "File/Open" menu item fails, we keep
the file selection box open, and give the user a chance to correct
typos, choose another file name, etc.)
svn path=/trunk/; revision=310
1999-06-12 09:10:20 +00:00
|
|
|
/* Moves or copies a file. Returns 0 on failure, 1 on success */
|
|
|
|
|
int file_mv(char *from, char *to);
|
|
|
|
|
|
|
|
|
|
/* Copies a file. Returns 0 on failure, 1 on success */
|
|
|
|
|
int file_cp(char *from, char *to);
|
|
|
|
|
|
|
|
|
|
char *file_open_error_message(int, int);
|
|
|
|
|
char *file_read_error_message(int);
|
|
|
|
|
char *file_write_error_message(int);
|
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#endif /* file.h */
|