Add rawshark, a utility that, when given raw pcap-formatted packets and

a list of fields, prints the field values found in each packet. Packet data can be specified as a libpcap DLT, e.g. "EN10MB" or an upper-layer protocol, e.g. "http". svn path=/trunk/; revision=24339
2008-02-15 23:20:32 +00:00 · 2008-02-15 23:20:32 +00:00 · 98bacb3556
parent 6537c76fb6
commit 98bacb3556
11 changed files with 3451 additions and 44 deletions
--- a/4
+++ b/4
@ -2705,6 +2705,10 @@ Thomas Dreibholz	<dreibh [AT] iem.uni-due.de> {
 	Scripting Service Protocol support
 }

+Loris Degioanni		<loris.degioanni [AT] cacetech.com> {
+	Rawshark
+}
+
 and by:

 Pavel Roskin            <proski [AT] gnu.org>
--- a/Makefile.am
+++ b/Makefile.am
@ -577,6 +577,7 @@ EXTRA_DIST = \
 	doc/idl2wrs.pod		\
 	doc/mergecap.pod	\
 	doc/randpkt.txt		\
+	doc/rawshark.pod	\
 	doc/sgml.doc.template	\
 	doc/text2pcap.pod	\
 	doc/tshark.pod		\
@ -808,6 +809,10 @@ dumpcap.1: doc/dumpcap.pod
 	(cd doc ; \
 	$(MAKE) ../dumpcap.1 )

+rawshark.1: doc/rawshark.pod
+	(cd doc ; \
+	$(MAKE) ../rawshark.1 )
+
 wireshark.html: doc/wireshark.pod AUTHORS-SHORT-FORMAT
 	(cd doc ; \
 	$(MAKE) ../wireshark.html )
@ -844,6 +849,10 @@ dumpcap.html: doc/dumpcap.pod
 	(cd doc ; \
 	$(MAKE) ../dumpcap.html )

+rawshark.html: doc/rawshark.pod
+	(cd doc ; \
+	$(MAKE) ../rawshark.html )
+
 libtool: $(LIBTOOL_DEPS)
 	$(SHELL) ./config.status --recheck

--- a/Makefile.common
+++ b/Makefile.common
@ -191,6 +191,18 @@ tshark_SOURCES =	\
 	tshark-tap-register.c	\
 	tshark.c

+# rawshark specifics
+rawshark_SOURCES =	\
+	$(WIRESHARK_COMMON_SRC)	\
+	capture_opts.c		\
+	capture_loop.c		\
+	capture_stop_conditions.c	\
+	conditions.c		\
+	pcapio.c		\
+	ringbuffer.c		\
+	tempfile.c		\
+	rawshark.c
+
 # text2pcap specifics
 text2pcap_SOURCES = \
 	text2pcap.c \
--- a/Makefile.nmake
+++ b/Makefile.nmake
@ -30,6 +30,7 @@ include Makefile.common

 wireshark_OBJECTS = $(wireshark_SOURCES:.c=.obj)
 tshark_OBJECTS = $(tshark_SOURCES:.c=.obj)
+rawshark_OBJECTS = $(rawshark_SOURCES:.c=.obj)
 dftest_OBJECTS = $(dftest_SOURCES:.c=.obj)
 dumpcap_OBJECTS = $(dumpcap_SOURCES:.c=.obj)
 randpkt_OBJECTS = $(randpkt_SOURCES:.c=.obj)
@ -75,6 +76,23 @@ tshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
 	$(GNUTLS_LIBS)
 !ENDIF

+rawshark_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
+	wsock32.lib user32.lib \
+	$(GLIB_LIBS) \
+!IFDEF ENABLE_LIBWIRESHARK
+	epan\libwireshark.lib \
+!ELSE
+	epan\dissectors\dissectors.lib \
+	epan\wireshark.lib \
+	epan\crypt\airpdcap.lib \
+	epan\dfilter\dfilter.lib \
+	epan\ftypes\ftypes.lib \
+	$(ADNS_LIBS) \
+	$(PCRE_LIBS) \
+	$(ZLIB_LIBS) \
+	$(GNUTLS_LIBS)
+!ENDIF
+
 capinfos_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
 	wsock32.lib user32.lib shell32.lib \
 	$(GLIB_LIBS)
@ -115,12 +133,13 @@ randpkt_LIBS= wiretap\wiretap-$(WTAP_VERSION).lib \
 	user32.lib \
 	$(GLIB_LIBS)

-EXECUTABLES=wireshark.exe wireshark-gtk2.exe tshark.exe \
+EXECUTABLES=wireshark.exe wireshark-gtk2.exe tshark.exe rawshark.exe \
 	capinfos.exe editcap.exe mergecap.exe text2pcap.exe randpkt.exe dumpcap.exe

 RESOURCES=image\wireshark.res image\libwireshark.res image\tshark.res \
 	image\capinfos.res image\editcap.res image\mergecap.res \
-	image\text2pcap.res image\wiretap.res image\dumpcap.res
+	image\text2pcap.res image\wiretap.res image\dumpcap.res \
+	image\rawshark.res

 LIBS_CHECK=_libs_check_

@ -229,6 +248,12 @@ tshark.exe	: $(LIBS_CHECK) config.h svnversion.h $(tshark_OBJECTS) getopt.obj in
 	mt.exe -nologo -manifest "tshark.exe.manifest" -outputresource:tshark.exe;1
 !ENDIF

+rawshark.exe	: $(LIBS_CHECK) config.h svnversion.h $(rawshark_OBJECTS) getopt.obj inet_ntop.obj epan image\rawshark.res wiretap\wiretap-$(WTAP_VERSION).lib plugins
+	@echo Linking $@
+	$(LINK) @<<
+		/OUT:rawshark.exe $(conflags) $(conlibsdll) $(LDFLAGS) /LARGEADDRESSAWARE /SUBSYSTEM:console $(rawshark_LIBS) $(rawshark_OBJECTS) getopt.obj inet_ntop.obj image\rawshark.res
+<<
+
 capinfos.exe	: $(LIBS_CHECK) config.h capinfos.obj getopt.obj epan/unicode-utils.obj epan/plugins.obj epan/report_err.obj epan/privileges.obj epan/filesystem.obj wiretap\wiretap-$(WTAP_VERSION).lib image\capinfos.res
 	@echo Linking $@
 	$(LINK) @<<
@ -837,6 +862,12 @@ debug-tshark: tshark.exe
 	set INSTALL_DIR=$(INSTALL2_DIR)
 	$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-common-files

+# generate and install Wireshark GTK2 in INSTALL2_DIR
+debug-rawshark: rawshark.exe
+	set copycmd=/y
+	set INSTALL_DIR=$(INSTALL2_DIR)
+	$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake install-common-files
+
 # generate and install Wireshark GTK2 in INSTALL2_DIR
 debug-dumpcap: dumpcap.exe

@ -881,6 +912,9 @@ install-common-files:
 	if exist ".\epan\libwireshark.pdb" xcopy ".\epan\libwireshark.pdb" $(INSTALL_DIR) /d
 	if exist tshark.exe xcopy tshark.exe $(INSTALL_DIR) /d
 	if exist tshark.pdb xcopy tshark.pdb $(INSTALL_DIR) /d
+	if exist rawshark.exe xcopy rawshark.exe $(INSTALL_DIR) /d
+	if exist rawshark.exe.manifest xcopy rawshark.exe.manifest $(INSTALL_DIR) /d
+	if exist rawshark.pdb xcopy rawshark.pdb $(INSTALL_DIR) /d
 	if exist dumpcap.exe xcopy dumpcap.exe $(INSTALL_DIR) /d
 	if exist dumpcap.pdb xcopy dumpcap.pdb $(INSTALL_DIR) /d
 	if exist mergecap.exe xcopy mergecap.exe $(INSTALL_DIR) /d
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -139,6 +139,18 @@ wireshark-filter.pod: wireshark-filter.pod.template  ../tshark
 	--noindex							\
 	$(srcdir)/dumpcap.pod > ../dumpcap.html

+../rawshark.1: rawshark.pod ../config.h
+	$(POD2MAN)					\
+	--center="The Wireshark Network Analyzer"	\
+	--release=$(VERSION)				\
+	$(srcdir)/rawshark.pod > ../rawshark.1
+
+../rawshark.html: rawshark.pod ../config.h
+	$(POD2HTML)                     \
+	--title="rawshark - The Wireshark Network Analyzer $(VERSION)"	\
+	--noindex							\
+	$(srcdir)/rawshark.pod > ../rawshark.html
+
 CLEANFILES =		\
 	wireshark-filter.pod \
 	wireshark-tmp.pod \
@ -159,7 +171,9 @@ CLEANFILES =		\
 	../dumpcap.1	\
 	../dumpcap.html	\
 	../idl2wrs.1	\
-	../idl2wrs.html
+	../idl2wrs.html	\
+	../rawshark.1	\
+	../rawshark.html

 DISTCLEANFILES =	\
 	pod2htmi.tmp	\
--- a/doc/Makefile.nmake
+++ b/doc/Makefile.nmake
@ -27,10 +27,11 @@
 include ../config.nmake

 doc: wireshark.html tshark.html wireshark-filter.html capinfos.html \
-	editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html
+	editcap.html idl2wrs.html mergecap.html text2pcap.html dumpcap.html \
+	rawshark.html

 man: wireshark.1 tshark.1 wireshark-filter.4 capinfos.1 editcap.1 \
-	idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1
+	idl2wrs.1 mergecap.1 text2pcap.1 dumpcap.1 rawshark.1

 wireshark-tmp.pod: wireshark.pod ../AUTHORS-SHORT-FORMAT
 	copy /B wireshark.pod + ..\AUTHORS-SHORT-FORMAT wireshark-tmp.pod
@ -161,6 +162,18 @@ dumpcap.html: dumpcap.pod ../config.h
 	--noindex                                 \
 	dumpcap.pod > dumpcap.html

+rawshark.1: rawshark.pod ../config.h
+	$(POD2MAN)                      \
+	--center="The Wireshark Network Analyzer" \
+	--release=$(VERSION)			 \
+	rawshark.pod > rawshark.1
+
+rawshark.html: rawshark.pod ../config.h
+	$(POD2HTML)                     \
+	--title="rawshark - The Wireshark Network Analyzer $(VERSION)" \
+	--noindex                                 \
+	rawshark.pod > rawshark.html
+
 clean:
 	rm -f wireshark.html wireshark.1 wireshark-tmp.pod
 	rm -f tshark.html tshark.1
@ -171,6 +184,7 @@ clean:
 	rm -f mergecap.html mergecap.1
 	rm -f text2pcap.html text2pcap.1
 	rm -f dumpcap.html dumpcap.1
+	rm -f rawshark.html rawshark.1
 	rm -f pod2htm*

 distclean: clean
--- a/doc/rawshark.pod
+++ b/doc/rawshark.pod
--- a/image/Makefile.nmake
+++ b/image/Makefile.nmake
@ -6,7 +6,7 @@ include ..\config.nmake

 # Nmake uses an implicit rule to build a .res from a .rc file!

-ALL_RC=wireshark.rc libwireshark.rc tshark.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
+ALL_RC=wireshark.rc libwireshark.rc tshark.rc rawshark.rc capinfos.rc editcap.rc text2pcap.rc mergecap.rc wiretap.rc dumpcap.rc wireshark.exe.manifest
 all : $(ALL_RC)

 wireshark.exe.manifest: wireshark.exe.manifest.in ..\config.nmake
@ -30,6 +30,11 @@ tshark.rc  : tshark.rc.in ..\config.nmake
 		-e s/@RC_VERSION@/$(RC_VERSION)/ \
 		< tshark.rc.in > $@

+rawshark.rc  : rawshark.rc.in ..\config.nmake
+	sed -e s/@VERSION@/$(VERSION)/ \
+		-e s/@RC_VERSION@/$(RC_VERSION)/ \
+		< rawshark.rc.in > $@
+
 capinfos.rc    : capinfos.rc.in ..\config.nmake
 	sed -e s/@VERSION@/$(VERSION)/ \
 		-e s/@RC_VERSION@/$(RC_VERSION)/ \
--- a/image/rawshark.rc.in
+++ b/image/rawshark.rc.in
@ -0,0 +1,36 @@
+#include "winver.h"
+
+WIRESHARK_ICON		ICON			"wireshark.ico"
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION @RC_VERSION@,0
+ PRODUCTVERSION @RC_VERSION@,0
+ FILEFLAGSMASK 0x0L
+#ifdef _DEBUG
+ FILEFLAGS 0x3L
+#else
+ FILEFLAGS 0x2L
+#endif
+ FILEOS 0x4L
+ FILETYPE 0x1L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "The Wireshark developer community\0"
+            VALUE "FileDescription", "Rawshark\0"
+            VALUE "FileVersion", "@VERSION@\0"
+            VALUE "InternalName", "Rawshark @VERSION@\0"
+            VALUE "LegalCopyright", "Copyright © 2000 Gerald Combs <gerald@wireshark.org>, Gilbert Ramirez <gram@alumni.rice.edu> and others\0"
+            VALUE "OriginalFilename", "Rawshark.exe\0"
+            VALUE "ProductName", "Rawshark\0"
+            VALUE "ProductVersion", "@VERSION@\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
--- a/packaging/nsis/wireshark.nsi
+++ b/packaging/nsis/wireshark.nsi
@ -753,6 +753,15 @@ File "..\..\tshark.exe"
 File "..\..\doc\tshark.html"
 SectionEnd

+Section "Rawshark" SecRawshark
+;-------------------------------------------
+!ifdef GTK1_DIR & GTK2_DIR
+SectionIn 1 2
+!endif
+SetOutPath $INSTDIR
+File "..\..\rawshark.exe"
+SectionEnd
+
 SectionGroup "Plugins / Extensions" SecPluginsGroup

 Section "Dissector Plugins" SecPlugins
@ -894,6 +903,12 @@ Section "Uninstall" un.SecUinstall
 SectionIn 1 2
 SetShellVarContext all

+Delete "$INSTDIR\rawshark.exe"
+IfErrors 0 NoRawsharkErrorMsg
+	MessageBox MB_OK "Please note: rawshark.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if rawshark.exe removed
+	Abort "Please note: rawshark.exe could not be removed, it's probably in use! Abort uninstall process!"
+NoRawsharkErrorMsg:
+
 Delete "$INSTDIR\tshark.exe"
 IfErrors 0 NoTSharkErrorMsg
 	MessageBox MB_OK "Please note: tshark.exe could not be removed, it's probably in use!" IDOK 0 ;skipped if tshark.exe removed
@ -1114,6 +1129,7 @@ SectionEnd
 !endif
 !endif
  !insertmacro MUI_DESCRIPTION_TEXT ${SecTShark} "TShark is a text based network protocol analyzer."
+  !insertmacro MUI_DESCRIPTION_TEXT ${SecRawshark} "Rawshark is a raw packet filter."
  !insertmacro MUI_DESCRIPTION_TEXT ${SecPluginsGroup} "Some plugins and extensions for both Wireshark and TShark."
  !insertmacro MUI_DESCRIPTION_TEXT ${SecPlugins} "Plugins with some extended dissections."
  !insertmacro MUI_DESCRIPTION_TEXT ${SecStatsTree} "Plugin for some extended statistics."
--- a/rawshark.c
+++ b/rawshark.c