From 8bc52f542bfa25f7de15c9df90c323ab2d195917 Mon Sep 17 00:00:00 2001 From: Juha Takala Date: Mon, 23 Aug 2021 19:42:04 +0300 Subject: [PATCH] Add tshark ringbuffer option '-b nametimenum:value' This is used to select ringbuffer savefile name template. Choose one of two savefile name templates: If value is 1, make running file number part before start time part; this is the original and default behaviour (e.g. log_00001_20210828164426.pcap). If value is greater than 1, make start time part before running number part (e.g. log_20210828164426_00001.pcap). The latter makes alphabetical sortig order equal to creation time order, and keeps related multiple file sets in same directory close to each other (e.g. while browsing in wireshark "Open file" dialog). Signed-off-by: Juha Takala --- capture/capture_sync.c | 7 +++++++ capture_opts.c | 5 +++++ capture_opts.h | 1 + doc/tshark.pod | 8 ++++++++ dumpcap.c | 3 ++- ringbuffer.c | 12 +++++++++--- ringbuffer.h | 3 ++- 7 files changed, 34 insertions(+), 5 deletions(-) diff --git a/capture/capture_sync.c b/capture/capture_sync.c index 4352521fe3..5ce1d479da 100644 --- a/capture/capture_sync.c +++ b/capture/capture_sync.c @@ -302,6 +302,13 @@ sync_pipe_start(capture_options *capture_opts, GPtrArray *capture_comments, argv = sync_pipe_add_arg(argv, &argc, sring_num_files); } + if (capture_opts->has_nametimenum) { + char nametimenum[ARGV_NUMBER_LEN]; + argv = sync_pipe_add_arg(argv, &argc, "-b"); + g_snprintf(nametimenum, ARGV_NUMBER_LEN, "nametimenum:2"); + argv = sync_pipe_add_arg(argv, &argc, nametimenum); + } + if (capture_opts->has_autostop_files) { char sautostop_files[ARGV_NUMBER_LEN]; argv = sync_pipe_add_arg(argv, &argc, "-a"); diff --git a/capture_opts.c b/capture_opts.c index 504560caee..b04f3aa2b4 100644 --- a/capture_opts.c +++ b/capture_opts.c @@ -101,6 +101,7 @@ capture_opts_init(capture_options *capture_opts) capture_opts->has_file_duration = FALSE; capture_opts->file_duration = 60.0; /* 1 min */ capture_opts->has_file_interval = FALSE; + capture_opts->has_nametimenum = FALSE; capture_opts->file_interval = 60; /* 1 min */ capture_opts->has_file_packets = FALSE; capture_opts->file_packets = 0; @@ -252,6 +253,7 @@ capture_opts_log(const char *log_domain, enum ws_log_level log_level, capture_op ws_log(log_domain, log_level, "FileDuration (%u) : %.3f", capture_opts->has_file_duration, capture_opts->file_duration); ws_log(log_domain, log_level, "FileInterval (%u) : %u", capture_opts->has_file_interval, capture_opts->file_interval); ws_log(log_domain, log_level, "FilePackets (%u) : %u", capture_opts->has_file_packets, capture_opts->file_packets); + ws_log(log_domain, log_level, "FileNameType : %s", (capture_opts->has_nametimenum) ? "prefix_time_num.suffix" : "prefix_num_time.suffix"); ws_log(log_domain, log_level, "RingNumFiles (%u) : %u", capture_opts->has_ring_num_files, capture_opts->ring_num_files); ws_log(log_domain, log_level, "RingPrintFiles (%u) : %s", capture_opts->print_file_names, (capture_opts->print_file_names ? capture_opts->print_name_to : "")); @@ -414,6 +416,9 @@ get_ring_arguments(capture_options *capture_opts, const char *arg) } else if (strcmp(arg,"interval") == 0) { capture_opts->has_file_interval = TRUE; capture_opts->file_interval = get_positive_int(p, "ring buffer interval"); + } else if (strcmp(arg,"nametimenum") == 0) { + int val = get_positive_int(p, "file name: time before num"); + capture_opts->has_nametimenum = (val > 1); } else if (strcmp(arg,"packets") == 0) { capture_opts->has_file_packets = TRUE; capture_opts->file_packets = get_positive_int(p, "ring buffer packet count"); diff --git a/capture_opts.h b/capture_opts.h index 660a9746bd..6573b34aaf 100644 --- a/capture_opts.h +++ b/capture_opts.h @@ -295,6 +295,7 @@ typedef struct capture_options_tag { int file_packets; /**< Switch file after n packets */ gboolean has_ring_num_files; /**< TRUE if ring num_files specified */ guint32 ring_num_files; /**< Number of multiple buffer files */ + gboolean has_nametimenum; /**< TRUE if file name has date part before num part */ /* autostop conditions */ gboolean has_autostop_files; /**< TRUE if maximum number of capture files diff --git a/doc/tshark.pod b/doc/tshark.pod index d37efab81d..dae6cf3c18 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -231,6 +231,14 @@ every hour on the hour. B:I switch to the next file after it contains I packets. +B:I Choose between two save filename templates. If +I is 1, make running file number part before start time part; this is +the original and default behaviour (e.g. log_00001_20210828164426.pcap). If +I is greater than 1, make start time part before running number part +(e.g. log_20210828164426_00001.pcap). The latter makes alphabetical sortig +order equal to creation time order, and keeps related multiple file sets in +same directory close to each other. + Example: B results in a ring buffer of five files of size one megabyte each. diff --git a/dumpcap.c b/dumpcap.c index dd43a0d289..682156232f 100644 --- a/dumpcap.c +++ b/dumpcap.c @@ -3580,7 +3580,8 @@ capture_loop_open_output(capture_options *capture_opts, int *save_file_fd, *save_file_fd = ringbuf_init(capfile_name, (capture_opts->has_ring_num_files) ? capture_opts->ring_num_files : 0, capture_opts->group_read_access, - capture_opts->compress_type); + capture_opts->compress_type, + capture_opts->has_nametimenum); /* capfile_name is unused as the ringbuffer provides its own filename. */ if (*save_file_fd != -1) { diff --git a/ringbuffer.c b/ringbuffer.c index 21e651a523..4893236837 100644 --- a/ringbuffer.c +++ b/ringbuffer.c @@ -72,6 +72,7 @@ typedef struct _ringbuf_data { guint curr_file_num; /**< Number of the current file (ever increasing) */ gchar *fprefix; /**< Filename prefix */ gchar *fsuffix; /**< Filename suffix */ + gboolean nametimenum; /**< ...num_time... or ...time_num... */ gboolean unlimited; /**< TRUE if unlimited number of files */ int fd; /**< Current ringbuffer file descriptor */ @@ -232,8 +233,11 @@ static int ringbuf_open_file(rb_file *rfile, int *err) strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", tm); else (void) g_strlcpy(timestr, "196912312359", sizeof(timestr)); /* second before the Epoch */ - rfile->name = g_strconcat(rb_data.fprefix, "_", filenum, "_", timestr, - rb_data.fsuffix, NULL); + if (rb_data.nametimenum) { + rfile->name = g_strconcat(rb_data.fprefix, "_", timestr, "_", filenum, rb_data.fsuffix, NULL); + } else { + rfile->name = g_strconcat(rb_data.fprefix, "_", filenum, "_", timestr, rb_data.fsuffix, NULL); + } if (rfile->name == NULL) { if (err != NULL) @@ -255,7 +259,8 @@ static int ringbuf_open_file(rb_file *rfile, int *err) * Initialize the ringbuffer data structures */ int -ringbuf_init(const char *capfile_name, guint num_files, gboolean group_read_access, gchar *compress_type) +ringbuf_init(const char *capfile_name, guint num_files, gboolean group_read_access, + gchar *compress_type, gboolean has_nametimenum) { unsigned int i; char *pfx, *last_pathsep; @@ -265,6 +270,7 @@ ringbuf_init(const char *capfile_name, guint num_files, gboolean group_read_acce rb_data.curr_file_num = 0; rb_data.fprefix = NULL; rb_data.fsuffix = NULL; + rb_data.nametimenum = has_nametimenum; rb_data.unlimited = FALSE; rb_data.fd = -1; rb_data.pdh = NULL; diff --git a/ringbuffer.h b/ringbuffer.h index 387fae0df5..2118029b44 100644 --- a/ringbuffer.h +++ b/ringbuffer.h @@ -23,7 +23,8 @@ /* Maximum number for FAT filesystems */ #define RINGBUFFER_WARN_NUM_FILES 65535 -int ringbuf_init(const char *capture_name, guint num_files, gboolean group_read_access, gchar* compress_type); +int ringbuf_init(const char *capture_name, guint num_files, gboolean group_read_access, gchar* compress_type, + gboolean nametimenum); gboolean ringbuf_is_initialized(void); const gchar *ringbuf_current_filename(void); FILE *ringbuf_init_libpcap_fdopen(int *err);