wireshark/wiretap/wtap.c

/* wtap.c
 *
 * $Id: wtap.c,v 1.7 1999/03/01 18:57:07 gram Exp $
 *
 * Wiretap Library
 * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */

#include "wtap.h"
#include "buffer.h"
#include "bpf-engine.h"
#include "rt-compile.h"

FILE* wtap_file(wtap *wth)
{
	return wth->fh;
}

int wtap_file_type(wtap *wth)
{
	return wth->file_type;
}


int wtap_snapshot_length(wtap *wth)
{
	return wth->snapshot_length;
}

void wtap_close(wtap *wth)
{
	/* free up memory. If any capture structure ever allocates
	 * its own memory, it would be better to make a *close() function
	 * for each filetype, like pcap_close(0, lanalyzer_close(), etc.
	 * But for now this will work. */
	switch(wth->file_type) {
		case WTAP_FILE_PCAP:
			g_free(wth->capture.pcap);
			break;

		case WTAP_FILE_LANALYZER:
			g_free(wth->capture.lanalyzer);
			break;

		case WTAP_FILE_NGSNIFFER:
			g_free(wth->capture.ngsniffer);
			break;

		case WTAP_FILE_NETMON:
			g_free(wth->capture.netmon);
			break;

		/* default:
			 nothing */
	}

	fclose(wth->fh);
}

void wtap_loop(wtap *wth, int count, wtap_handler callback, u_char* user)
{
	int data_offset;
	int ret;
	int pkt_encap;

	while ((data_offset = wth->subtype_read(wth)) > 0) {
		/* offline filter? */
		if (wth->filter_type == WTAP_FILTER_OFFLINE) {
			pkt_encap = wth->phdr.pkt_encap;

			/* do we have a compiled filter for this
			 * encapsulation type? */
			if (!wth->filter.offline[pkt_encap])
				wtap_offline_filter_compile(wth, pkt_encap);

			/* run the filter */
			ret = bpf_run_filter(
					buffer_start_ptr(wth->frame_buffer),
					wth->phdr.caplen,
					wth->filter.offline[pkt_encap],
					wth->offline_filter_lengths[pkt_encap]
					);
			
			/* if the packet made it through the filter,
			 * send the data to the user */
			if (ret > 0)
				callback(user, &wth->phdr, data_offset,
				    buffer_start_ptr(wth->frame_buffer));
		}
		else
			callback(user, &wth->phdr, data_offset,
			    buffer_start_ptr(wth->frame_buffer));
	}
}
I added the LANalzyer file format to wiretap. I cleaned up some code in the wiretap functions to be more generic and therefore allow an easier integration of more packet-capture file types. I also put in all the GPL copyrights in the wiretap code. svn path=/trunk/; revision=83 1998-11-12 06:01:27 +00:00			`/* wtap.c`
			`*`
Added display filters to wiretap. svn path=/trunk/; revision=198 1999-03-01 18:57:07 +00:00			`* $Id: wtap.c,v 1.7 1999/03/01 18:57:07 gram Exp $`
I added the LANalzyer file format to wiretap. I cleaned up some code in the wiretap functions to be more generic and therefore allow an easier integration of more packet-capture file types. I also put in all the GPL copyrights in the wiretap code. svn path=/trunk/; revision=83 1998-11-12 06:01:27 +00:00			`*`
			`* Wiretap Library`
			`* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License`
			`* as published by the Free Software Foundation; either version 2`
			`* of the License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.`
			`*`
			`*/`

A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`#include "wtap.h"`
Added display filters to wiretap. svn path=/trunk/; revision=198 1999-03-01 18:57:07 +00:00			`#include "buffer.h"`
			`#include "bpf-engine.h"`
			`#include "rt-compile.h"`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00
			`FILE* wtap_file(wtap *wth)`
			`{`
Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`return wth->fh;`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`

			`int wtap_file_type(wtap *wth)`
			`{`
			`return wth->file_type;`
			`}`


			`int wtap_snapshot_length(wtap *wth)`
			`{`
Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`return wth->snapshot_length;`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`

			`void wtap_close(wtap *wth)`
			`{`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`/* free up memory. If any capture structure ever allocates`
			`* its own memory, it would be better to make a *close() function`
			`* for each filetype, like pcap_close(0, lanalyzer_close(), etc.`
			`* But for now this will work. */`
			`switch(wth->file_type) {`
			`case WTAP_FILE_PCAP:`
Use g_free instead of free so that I don't have to include <stdlib.h> for just one function. svn path=/trunk/; revision=165 1999-01-08 17:24:01 +00:00			`g_free(wth->capture.pcap);`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`break;`

			`case WTAP_FILE_LANALYZER:`
Use g_free instead of free so that I don't have to include <stdlib.h> for just one function. svn path=/trunk/; revision=165 1999-01-08 17:24:01 +00:00			`g_free(wth->capture.lanalyzer);`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`break;`

			`case WTAP_FILE_NGSNIFFER:`
Use g_free instead of free so that I don't have to include <stdlib.h> for just one function. svn path=/trunk/; revision=165 1999-01-08 17:24:01 +00:00			`g_free(wth->capture.ngsniffer);`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`break;`

Added display filters to wiretap. svn path=/trunk/; revision=198 1999-03-01 18:57:07 +00:00			`case WTAP_FILE_NETMON:`
			`g_free(wth->capture.netmon);`
			`break;`

Change to wtap.c switch() statement to allow compilation under IBM's C compiler. It didn't like an empty default case. And <time.h> was forgotten in netmon.c svn path=/trunk/; revision=188 1999-02-12 16:26:09 +00:00			`/* default:`
			`nothing */`
I removed the per-file encapsulation type from wiretap, and make all filetypes provide a per-packet encapsulation type. this required minor modifications to ethereal. svn path=/trunk/; revision=162 1999-01-07 16:15:37 +00:00			`}`

Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`fclose(wth->fh);`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`

			`void wtap_loop(wtap wth, int count, wtap_handler callback, u_char user)`
			`{`
Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`int data_offset;`
Added display filters to wiretap. svn path=/trunk/; revision=198 1999-03-01 18:57:07 +00:00			`int ret;`
			`int pkt_encap;`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00
Add support to wiretap for reading Sun "snoop" capture files. That requires that, in the packet-reading loop, we pass to the callback routine the offset in the file of a packet's data, because we can no longer compute that offset by subtracting the size of the captured packet data from the offset in the file after the data was read - "snoop" may stick padding in after the packet data to align packet headers on 4-byte boundaries. Doing that required that we arrange that we do that for "libpcap" capture files as well; the cleanest way to do that was to write our own code for reading "libpcap" capture files, rather than using the "libpcap" code to do it. Make "wtap_dispatch_cb()" and "pcap_dispatch_cb()" static to "file.c", as they're not used elsewhere. If we're using wiretap, don't define in "file.h" stuff used only when we're not using wiretap. Update the wiretap README to reflect Gilbert's and my recent changes. Clean up some memory leaks in "wiretap/lanalyzer.c" and "wiretap/ngsniffer.c", where the capture-file-format-specific data wasn't freed if the open failed. svn path=/trunk/; revision=91 1998-11-15 05:29:17 +00:00			`while ((data_offset = wth->subtype_read(wth)) > 0) {`
Added display filters to wiretap. svn path=/trunk/; revision=198 1999-03-01 18:57:07 +00:00			`/* offline filter? */`
			`if (wth->filter_type == WTAP_FILTER_OFFLINE) {`
			`pkt_encap = wth->phdr.pkt_encap;`

			`/* do we have a compiled filter for this`
			`* encapsulation type? */`
			`if (!wth->filter.offline[pkt_encap])`
			`wtap_offline_filter_compile(wth, pkt_encap);`

			`/* run the filter */`
			`ret = bpf_run_filter(`
			`buffer_start_ptr(wth->frame_buffer),`
			`wth->phdr.caplen,`
			`wth->filter.offline[pkt_encap],`
			`wth->offline_filter_lengths[pkt_encap]`
			`);`

			`/* if the packet made it through the filter,`
			`* send the data to the user */`
			`if (ret > 0)`
			`callback(user, &wth->phdr, data_offset,`
			`buffer_start_ptr(wth->frame_buffer));`
			`}`
			`else`
			`callback(user, &wth->phdr, data_offset,`
			`buffer_start_ptr(wth->frame_buffer));`
A lengthy patch to add the wiretap library. Wiretap is not used by default because it is still in its infancy, but it can be compiled in optionally. The library exists in its own subdirectory ethereal/wiretap. This patch also edits all the packet-*.c files to remove the #include <pcap.h> line which is unnecessary in these files. In the ethereal code, file.c is the most heavily modified with #ifdef WITH_WIRETAP lines for the optional library. svn path=/trunk/; revision=82 1998-11-12 00:06:47 +00:00			`}`
			`}`