Add tshark ringbuffer option '-b nametimenum:value'

This is used to select ringbuffer savefile name template.  Choose one of two
savefile name templates:

If value is 1, make running file number part before start time part; this is
the original and default behaviour (e.g. log_00001_20210828164426.pcap).

If value is greater than 1, make start time part before running number part
(e.g. log_20210828164426_00001.pcap).

The latter makes alphabetical sortig order equal to creation time order, and
keeps related multiple file sets in same directory close to each other (e.g.
while browsing in wireshark "Open file" dialog).

Signed-off-by: Juha Takala <juha.takala+rauta@iki.fi>
This commit is contained in:
Juha Takala 2021-08-23 19:42:04 +03:00 committed by Wireshark GitLab Utility
parent 6cf6794e37
commit 8bc52f542b
7 changed files with 34 additions and 5 deletions

View File

@ -302,6 +302,13 @@ sync_pipe_start(capture_options *capture_opts, GPtrArray *capture_comments,
argv = sync_pipe_add_arg(argv, &argc, sring_num_files);
}
if (capture_opts->has_nametimenum) {
char nametimenum[ARGV_NUMBER_LEN];
argv = sync_pipe_add_arg(argv, &argc, "-b");
g_snprintf(nametimenum, ARGV_NUMBER_LEN, "nametimenum:2");
argv = sync_pipe_add_arg(argv, &argc, nametimenum);
}
if (capture_opts->has_autostop_files) {
char sautostop_files[ARGV_NUMBER_LEN];
argv = sync_pipe_add_arg(argv, &argc, "-a");

View File

@ -101,6 +101,7 @@ capture_opts_init(capture_options *capture_opts)
capture_opts->has_file_duration = FALSE;
capture_opts->file_duration = 60.0; /* 1 min */
capture_opts->has_file_interval = FALSE;
capture_opts->has_nametimenum = FALSE;
capture_opts->file_interval = 60; /* 1 min */
capture_opts->has_file_packets = FALSE;
capture_opts->file_packets = 0;
@ -252,6 +253,7 @@ capture_opts_log(const char *log_domain, enum ws_log_level log_level, capture_op
ws_log(log_domain, log_level, "FileDuration (%u) : %.3f", capture_opts->has_file_duration, capture_opts->file_duration);
ws_log(log_domain, log_level, "FileInterval (%u) : %u", capture_opts->has_file_interval, capture_opts->file_interval);
ws_log(log_domain, log_level, "FilePackets (%u) : %u", capture_opts->has_file_packets, capture_opts->file_packets);
ws_log(log_domain, log_level, "FileNameType : %s", (capture_opts->has_nametimenum) ? "prefix_time_num.suffix" : "prefix_num_time.suffix");
ws_log(log_domain, log_level, "RingNumFiles (%u) : %u", capture_opts->has_ring_num_files, capture_opts->ring_num_files);
ws_log(log_domain, log_level, "RingPrintFiles (%u) : %s", capture_opts->print_file_names, (capture_opts->print_file_names ? capture_opts->print_name_to : ""));
@ -414,6 +416,9 @@ get_ring_arguments(capture_options *capture_opts, const char *arg)
} else if (strcmp(arg,"interval") == 0) {
capture_opts->has_file_interval = TRUE;
capture_opts->file_interval = get_positive_int(p, "ring buffer interval");
} else if (strcmp(arg,"nametimenum") == 0) {
int val = get_positive_int(p, "file name: time before num");
capture_opts->has_nametimenum = (val > 1);
} else if (strcmp(arg,"packets") == 0) {
capture_opts->has_file_packets = TRUE;
capture_opts->file_packets = get_positive_int(p, "ring buffer packet count");

View File

@ -295,6 +295,7 @@ typedef struct capture_options_tag {
int file_packets; /**< Switch file after n packets */
gboolean has_ring_num_files; /**< TRUE if ring num_files specified */
guint32 ring_num_files; /**< Number of multiple buffer files */
gboolean has_nametimenum; /**< TRUE if file name has date part before num part */
/* autostop conditions */
gboolean has_autostop_files; /**< TRUE if maximum number of capture files

View File

@ -231,6 +231,14 @@ every hour on the hour.
B<packets>:I<value> switch to the next file after it contains I<value>
packets.
B<nametimenum>:I<value> Choose between two save filename templates. If
I<value> is 1, make running file number part before start time part; this is
the original and default behaviour (e.g. log_00001_20210828164426.pcap). If
I<value> is greater than 1, make start time part before running number part
(e.g. log_20210828164426_00001.pcap). The latter makes alphabetical sortig
order equal to creation time order, and keeps related multiple file sets in
same directory close to each other.
Example: B<tshark -b filesize:1000 -b files:5> results in a ring buffer of five
files of size one megabyte each.

View File

@ -3580,7 +3580,8 @@ capture_loop_open_output(capture_options *capture_opts, int *save_file_fd,
*save_file_fd = ringbuf_init(capfile_name,
(capture_opts->has_ring_num_files) ? capture_opts->ring_num_files : 0,
capture_opts->group_read_access,
capture_opts->compress_type);
capture_opts->compress_type,
capture_opts->has_nametimenum);
/* capfile_name is unused as the ringbuffer provides its own filename. */
if (*save_file_fd != -1) {

View File

@ -72,6 +72,7 @@ typedef struct _ringbuf_data {
guint curr_file_num; /**< Number of the current file (ever increasing) */
gchar *fprefix; /**< Filename prefix */
gchar *fsuffix; /**< Filename suffix */
gboolean nametimenum; /**< ...num_time... or ...time_num... */
gboolean unlimited; /**< TRUE if unlimited number of files */
int fd; /**< Current ringbuffer file descriptor */
@ -232,8 +233,11 @@ static int ringbuf_open_file(rb_file *rfile, int *err)
strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", tm);
else
(void) g_strlcpy(timestr, "196912312359", sizeof(timestr)); /* second before the Epoch */
rfile->name = g_strconcat(rb_data.fprefix, "_", filenum, "_", timestr,
rb_data.fsuffix, NULL);
if (rb_data.nametimenum) {
rfile->name = g_strconcat(rb_data.fprefix, "_", timestr, "_", filenum, rb_data.fsuffix, NULL);
} else {
rfile->name = g_strconcat(rb_data.fprefix, "_", filenum, "_", timestr, rb_data.fsuffix, NULL);
}
if (rfile->name == NULL) {
if (err != NULL)
@ -255,7 +259,8 @@ static int ringbuf_open_file(rb_file *rfile, int *err)
* Initialize the ringbuffer data structures
*/
int
ringbuf_init(const char *capfile_name, guint num_files, gboolean group_read_access, gchar *compress_type)
ringbuf_init(const char *capfile_name, guint num_files, gboolean group_read_access,
gchar *compress_type, gboolean has_nametimenum)
{
unsigned int i;
char *pfx, *last_pathsep;
@ -265,6 +270,7 @@ ringbuf_init(const char *capfile_name, guint num_files, gboolean group_read_acce
rb_data.curr_file_num = 0;
rb_data.fprefix = NULL;
rb_data.fsuffix = NULL;
rb_data.nametimenum = has_nametimenum;
rb_data.unlimited = FALSE;
rb_data.fd = -1;
rb_data.pdh = NULL;

View File

@ -23,7 +23,8 @@
/* Maximum number for FAT filesystems */
#define RINGBUFFER_WARN_NUM_FILES 65535
int ringbuf_init(const char *capture_name, guint num_files, gboolean group_read_access, gchar* compress_type);
int ringbuf_init(const char *capture_name, guint num_files, gboolean group_read_access, gchar* compress_type,
gboolean nametimenum);
gboolean ringbuf_is_initialized(void);
const gchar *ringbuf_current_filename(void);
FILE *ringbuf_init_libpcap_fdopen(int *err);