1998-09-16 02:39:15 +00:00
|
|
|
/* file.c
|
|
|
|
|
* File I/O routines
|
|
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2018-02-07 12:26:45 +01:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
1998-09-16 02:39:15 +00:00
|
|
|
*/
|
|
|
|
|
|
2014-08-22 22:13:05 +01:00
|
|
|
#include <config.h>
|
2021-06-15 00:06:02 +01:00
|
|
|
#define WS_LOG_DOMAIN LOG_DOMAIN_CAPTURE
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-08-22 07:19:28 +00:00
|
|
|
#include <time.h>
|
|
|
|
|
|
1999-07-28 20:39:42 +00:00
|
|
|
#include <stdlib.h>
|
2000-02-03 06:35:27 +00:00
|
|
|
#include <stdio.h>
|
1998-09-27 22:12:47 +00:00
|
|
|
#include <string.h>
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
#include <ctype.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
#include <errno.h>
|
|
|
|
|
|
2013-07-16 02:35:33 +00:00
|
|
|
#include <wsutil/file_util.h>
|
2013-11-17 02:55:14 +00:00
|
|
|
#include <wsutil/filesystem.h>
|
2018-12-10 13:44:03 +01:00
|
|
|
#include <wsutil/json_dumper.h>
|
2021-06-15 00:06:02 +01:00
|
|
|
#include <wsutil/wslog.h>
|
2021-06-18 19:21:42 +01:00
|
|
|
#include <wsutil/ws_assert.h>
|
2023-02-06 21:57:51 +00:00
|
|
|
#include <wsutil/version_info.h>
|
2024-07-01 00:47:04 -07:00
|
|
|
#include <wsutil/report_message.h>
|
2000-09-27 04:55:05 +00:00
|
|
|
|
2013-07-16 02:35:33 +00:00
|
|
|
#include <wiretap/merge.h>
|
|
|
|
|
|
2013-11-10 15:59:37 +00:00
|
|
|
#include <epan/exceptions.h>
|
2013-07-16 02:35:33 +00:00
|
|
|
#include <epan/epan.h>
|
2004-09-29 02:54:22 +00:00
|
|
|
#include <epan/column.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2009-07-01 17:39:19 +00:00
|
|
|
#include <epan/column-utils.h>
|
2013-07-16 02:35:33 +00:00
|
|
|
#include <epan/expert.h>
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/dfilter/dfilter.h>
|
|
|
|
|
#include <epan/epan_dissect.h>
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2005-08-25 21:29:54 +00:00
|
|
|
#include <epan/timestamp.h>
|
2008-03-01 05:16:45 +00:00
|
|
|
#include <epan/strutil.h>
|
2011-03-24 22:47:57 +00:00
|
|
|
#include <epan/addr_resolv.h>
|
2015-12-22 15:07:00 -05:00
|
|
|
#include <epan/color_filters.h>
|
2018-11-18 18:11:42 +01:00
|
|
|
#include <epan/secrets.h>
|
2004-06-30 06:58:59 +00:00
|
|
|
|
2013-07-16 02:35:33 +00:00
|
|
|
#include "cfile.h"
|
|
|
|
|
#include "file.h"
|
|
|
|
|
#include "fileset.h"
|
|
|
|
|
|
2012-01-16 01:07:52 +00:00
|
|
|
#include "ui/simple_dialog.h"
|
|
|
|
|
#include "ui/main_statusbar.h"
|
|
|
|
|
#include "ui/progress_dlg.h"
|
2020-10-02 19:17:00 -07:00
|
|
|
#include "ui/urls.h"
|
2017-10-14 21:14:14 +01:00
|
|
|
#include "ui/ws_ui_util.h"
|
2022-06-29 11:03:44 +02:00
|
|
|
#include "ui/packet_list_utils.h"
|
2012-01-16 01:07:52 +00:00
|
|
|
|
2013-04-13 18:24:06 +00:00
|
|
|
/* Needed for addrinfo */
|
2018-05-16 12:51:45 -07:00
|
|
|
#include <sys/types.h>
|
2013-04-13 18:24:06 +00:00
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
|
# include <netinet/in.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-11-19 11:24:44 +00:00
|
|
|
#ifdef _WIN32
|
2017-10-25 17:42:15 -07:00
|
|
|
# include <winsock2.h>
|
2013-04-13 18:24:06 +00:00
|
|
|
# include <ws2tcpip.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
static bool read_record(capture_file *cf, wtap_rec *rec, dfilter_t *dfcode,
|
|
|
|
|
epan_dissect_t *edt, column_info *cinfo, int64_t offset,
|
2023-06-05 17:07:09 -05:00
|
|
|
fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum);
|
1998-11-15 05:29:17 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
static void rescan_packets(capture_file *cf, const char *action, const char *action_item, bool redissect);
|
2000-07-09 03:29:42 +00:00
|
|
|
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
typedef enum {
|
2022-02-20 19:39:37 +00:00
|
|
|
MR_NOTMATCHED,
|
|
|
|
|
MR_MATCHED,
|
|
|
|
|
MR_ERROR
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
} match_result;
|
2019-04-10 18:27:21 -07:00
|
|
|
typedef match_result (*ws_match_function)(capture_file *, frame_data *,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result match_protocol_tree(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2024-07-07 16:00:12 -04:00
|
|
|
static void match_subtree_text(proto_node *node, void *data);
|
|
|
|
|
static void match_subtree_text_reverse(proto_node *node, void *data);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result match_summary_line(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2012-12-15 01:04:39 +00:00
|
|
|
static match_result match_narrow_and_wide(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result match_narrow_and_wide_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2022-02-08 09:04:55 -05:00
|
|
|
static match_result match_narrow_and_wide_case(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result match_narrow_and_wide_case_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2022-02-08 09:04:55 -05:00
|
|
|
static match_result match_narrow_case(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result match_narrow_case_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2012-12-15 01:04:39 +00:00
|
|
|
static match_result match_wide(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result match_wide_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2022-02-08 09:04:55 -05:00
|
|
|
static match_result match_wide_case(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result match_wide_case_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result match_binary(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result match_binary_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2016-02-16 22:34:12 +01:00
|
|
|
static match_result match_regex(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result match_regex_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result match_dfilter(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result match_marked(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result match_time_reference(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *criterion);
|
2024-07-07 16:00:12 -04:00
|
|
|
static bool find_packet(capture_file *cf, ws_match_function match_function,
|
2024-11-03 17:21:03 -05:00
|
|
|
void *criterion, search_direction dir, bool start_current);
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
|
2016-07-15 11:09:01 -07:00
|
|
|
/* Seconds spent processing packets between pushing UI updates. */
|
|
|
|
|
#define PROGBAR_UPDATE_INTERVAL 0.150
|
|
|
|
|
|
|
|
|
|
/* Show the progress bar after this many seconds. */
|
|
|
|
|
#define PROGBAR_SHOW_DELAY 0.5
|
1999-08-05 16:46:04 +00:00
|
|
|
|
2020-10-26 16:00:40 -07:00
|
|
|
/*
|
|
|
|
|
* Maximum number of records we support in a file.
|
|
|
|
|
*
|
2024-07-07 16:00:12 -04:00
|
|
|
* It is, at most, the maximum value of a uint32_t, as we use a uint32_t
|
2020-10-26 16:00:40 -07:00
|
|
|
* for the frame number.
|
|
|
|
|
*
|
|
|
|
|
* We allow it to be set to a lower value; see issue #16908 for why
|
|
|
|
|
* we're doing this. Thanks, Qt!
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
static uint32_t max_records = UINT32_MAX;
|
2020-10-26 16:00:40 -07:00
|
|
|
|
|
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_set_max_records(unsigned max_records_arg)
|
2020-10-26 16:00:40 -07:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
max_records = max_records_arg;
|
2020-10-26 16:00:40 -07:00
|
|
|
}
|
|
|
|
|
|
2011-03-22 21:07:00 +00:00
|
|
|
/*
|
|
|
|
|
* We could probably use g_signal_...() instead of the callbacks below but that
|
|
|
|
|
* would require linking our CLI programs to libgobject and creating an object
|
|
|
|
|
* instance for the signals.
|
|
|
|
|
*/
|
2008-04-12 15:16:52 +00:00
|
|
|
typedef struct {
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_t cb_fct;
|
2024-07-07 16:00:12 -04:00
|
|
|
void * user_data;
|
2008-04-12 15:16:52 +00:00
|
|
|
} cf_callback_data_t;
|
|
|
|
|
|
2024-04-02 14:37:13 +02:00
|
|
|
static GList *cf_callbacks;
|
2005-02-07 00:54:46 +00:00
|
|
|
|
2008-06-24 08:05:45 +00:00
|
|
|
static void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_callback_invoke(int event, void *data)
|
2005-02-07 00:54:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_data_t *cb;
|
|
|
|
|
GList *cb_item = cf_callbacks;
|
2008-04-12 15:16:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* there should be at least one interested */
|
|
|
|
|
ws_assert(cb_item != NULL);
|
2008-04-12 15:16:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
while (cb_item != NULL) {
|
|
|
|
|
cb = (cf_callback_data_t *)cb_item->data;
|
|
|
|
|
cb->cb_fct(event, data, cb->user_data);
|
|
|
|
|
cb_item = g_list_next(cb_item);
|
|
|
|
|
}
|
2005-02-07 00:54:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_callback_add(cf_callback_t func, void *user_data)
|
2005-02-07 00:54:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_data_t *cb;
|
2008-04-12 15:16:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cb = g_new(cf_callback_data_t,1);
|
|
|
|
|
cb->cb_fct = func;
|
|
|
|
|
cb->user_data = user_data;
|
2008-04-12 15:16:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callbacks = g_list_prepend(cf_callbacks, cb);
|
2005-02-07 00:54:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_callback_remove(cf_callback_t func, void *user_data)
|
2005-02-07 00:54:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_data_t *cb;
|
|
|
|
|
GList *cb_item = cf_callbacks;
|
|
|
|
|
|
|
|
|
|
while (cb_item != NULL) {
|
|
|
|
|
cb = (cf_callback_data_t *)cb_item->data;
|
|
|
|
|
if (cb->cb_fct == func && cb->user_data == user_data) {
|
|
|
|
|
cf_callbacks = g_list_remove(cf_callbacks, cb);
|
|
|
|
|
g_free(cb);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
cb_item = g_list_next(cb_item);
|
2008-04-12 15:16:52 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
ws_assert_not_reached();
|
2005-02-07 00:54:46 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
unsigned long
|
2013-08-14 04:14:36 +00:00
|
|
|
cf_get_computed_elapsed(capture_file *cf)
|
2009-09-07 21:07:51 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
return cf->computed_elapsed;
|
2009-09-07 21:07:51 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
static void
|
2024-07-07 16:00:12 -04:00
|
|
|
compute_elapsed(capture_file *cf, int64_t start_time)
|
2009-09-07 21:07:51 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t delta_time = g_get_monotonic_time() - start_time;
|
2009-09-07 21:07:51 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->computed_elapsed = (unsigned long) (delta_time / 1000); /* ms */
|
2009-09-07 21:07:51 +00:00
|
|
|
}
|
2005-02-07 00:54:46 +00:00
|
|
|
|
2013-07-23 23:45:24 +00:00
|
|
|
static epan_t *
|
2013-07-21 20:48:30 +00:00
|
|
|
ws_epan_new(capture_file *cf)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
static const struct packet_provider_funcs funcs = {
|
2023-12-18 10:54:02 -08:00
|
|
|
cap_file_provider_get_frame_ts,
|
2022-02-20 19:39:37 +00:00
|
|
|
cap_file_provider_get_interface_name,
|
|
|
|
|
cap_file_provider_get_interface_description,
|
|
|
|
|
cap_file_provider_get_modified_block
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return epan_new(&cf->provider, &funcs);
|
2013-07-21 20:48:30 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-05 12:50:47 +00:00
|
|
|
cf_status_t
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_open(capture_file *cf, const char *fname, unsigned int type, bool is_tempfile, int *err)
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap *wth;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
2019-04-06 18:42:39 +01:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
wth = wtap_open_offline(fname, type, err, &err_info, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (wth == NULL)
|
|
|
|
|
goto fail;
|
Split "load_cap_file()" into "open_cap_file()" and "read_cap_file()".
The former, which used to be called by "load_cap_file()", now just opens
the file and, if the open succeeds, closes any capture file we
previously had open, reinitializes any protocols that need
reinitialization, and saves information about the new capture file in
the "capture_file" structure to which it was passed a pointer. The
latter reads the file already opened by "read_cap_file()".
For "File/Open", call "open_cap_file()" before dismissing the file
selection box; if it fails, "open_cap_file()" will have popped up a
message box complaining about it - just return, leaving the file
selection box open so the user can, after dismissing the message box,
either try again with a different file name, or dismiss the file
selection box. (Other file selection boxes should be made to work the
same way.) If "open_cap_file()" succeeds, dismiss the file selection
box, and read the capture file in.
svn path=/trunk/; revision=492
1999-08-15 00:26:11 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* The open succeeded. Close whatever capture file we had open,
|
|
|
|
|
and fill in the information for this file. */
|
|
|
|
|
cf_close(cf);
|
Split "load_cap_file()" into "open_cap_file()" and "read_cap_file()".
The former, which used to be called by "load_cap_file()", now just opens
the file and, if the open succeeds, closes any capture file we
previously had open, reinitializes any protocols that need
reinitialization, and saves information about the new capture file in
the "capture_file" structure to which it was passed a pointer. The
latter reads the file already opened by "read_cap_file()".
For "File/Open", call "open_cap_file()" before dismissing the file
selection box; if it fails, "open_cap_file()" will have popped up a
message box complaining about it - just return, leaving the file
selection box open so the user can, after dismissing the message box,
either try again with a different file name, or dismiss the file
selection box. (Other file selection boxes should be made to work the
same way.) If "open_cap_file()" succeeds, dismiss the file selection
box, and read the capture file in.
svn path=/trunk/; revision=492
1999-08-15 00:26:11 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
/* Initialize the record information.
|
|
|
|
|
XXX - we really want to initialize this after we've read all
|
2022-02-20 19:39:37 +00:00
|
|
|
the packets, so we know how much we'll ultimately need. */
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec_init(&cf->rec, 1514);
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We're about to start reading the file. */
|
|
|
|
|
cf->state = FILE_READ_IN_PROGRESS;
|
2009-09-07 21:07:51 +00:00
|
|
|
|
2024-04-09 08:45:05 -04:00
|
|
|
/* If there was a pending redissection for the old file (there
|
|
|
|
|
* shouldn't be), clear it. cf_close() should have failed if the
|
|
|
|
|
* old file's read lock was held, but it doesn't hurt to clear it. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->read_lock = false;
|
2024-04-09 08:45:05 -04:00
|
|
|
cf->redissection_queued = RESCAN_NONE;
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->provider.wth = wth;
|
|
|
|
|
cf->f_datalen = 0;
|
2009-09-21 15:29:32 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Set the file name because we need it to set the follow stream filter.
|
|
|
|
|
XXX - is that still true? We need it for other reasons, though,
|
|
|
|
|
in any case. */
|
|
|
|
|
cf->filename = g_strdup(fname);
|
2011-04-27 02:54:44 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Indicate whether it's a permanent or temporary file. */
|
|
|
|
|
cf->is_tempfile = is_tempfile;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* No user changes yet. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
cf->computed_elapsed = 0;
|
|
|
|
|
|
2025-01-10 11:38:03 -05:00
|
|
|
/* Record the file's type and compression type. */
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->cd_t = wtap_file_type_subtype(cf->provider.wth);
|
2025-01-10 11:38:03 -05:00
|
|
|
cf->compression_type = wtap_get_compression_type(cf->provider.wth);
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->open_type = type;
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->linktypes = g_array_sized_new(FALSE, FALSE, (unsigned) sizeof(int), 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->count = 0;
|
|
|
|
|
cf->packet_comment_count = 0;
|
|
|
|
|
cf->displayed_count = 0;
|
|
|
|
|
cf->marked_count = 0;
|
|
|
|
|
cf->ignored_count = 0;
|
|
|
|
|
cf->ref_time_count = 0;
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->drops_known = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->drops = 0;
|
|
|
|
|
cf->snap = wtap_snapshot_length(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
/* Allocate a frame_data_sequence for the frames in this file */
|
|
|
|
|
cf->provider.frames = new_frame_data_sequence();
|
|
|
|
|
|
|
|
|
|
nstime_set_zero(&cf->elapsed_time);
|
|
|
|
|
cf->provider.ref = NULL;
|
|
|
|
|
cf->provider.prev_dis = NULL;
|
|
|
|
|
cf->provider.prev_cap = NULL;
|
|
|
|
|
cf->cum_bytes = 0;
|
|
|
|
|
|
|
|
|
|
/* Create new epan session for dissection.
|
|
|
|
|
* (The old one was freed in cf_close().)
|
|
|
|
|
*/
|
|
|
|
|
cf->epan = ws_epan_new(cf);
|
2018-06-04 13:22:49 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
packet_list_queue_draw();
|
|
|
|
|
cf_callback_invoke(cf_cb_file_opened, cf);
|
2005-04-29 14:51:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_set_cb_new_ipv4(cf->provider.wth, add_ipv4_name);
|
|
|
|
|
wtap_set_cb_new_ipv6(cf->provider.wth, (wtap_new_ipv6_callback_t) add_ipv6_name);
|
|
|
|
|
wtap_set_cb_new_secrets(cf->provider.wth, secrets_wtap_callback);
|
2011-03-24 22:47:57 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_OK;
|
Split "load_cap_file()" into "open_cap_file()" and "read_cap_file()".
The former, which used to be called by "load_cap_file()", now just opens
the file and, if the open succeeds, closes any capture file we
previously had open, reinitializes any protocols that need
reinitialization, and saves information about the new capture file in
the "capture_file" structure to which it was passed a pointer. The
latter reads the file already opened by "read_cap_file()".
For "File/Open", call "open_cap_file()" before dismissing the file
selection box; if it fails, "open_cap_file()" will have popped up a
message box complaining about it - just return, leaving the file
selection box open so the user can, after dismissing the message box,
either try again with a different file name, or dismiss the file
selection box. (Other file selection boxes should be made to work the
same way.) If "open_cap_file()" succeeds, dismiss the file selection
box, and read the capture file in.
svn path=/trunk/; revision=492
1999-08-15 00:26:11 +00:00
|
|
|
|
|
|
|
|
fail:
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_open_failure(fname, *err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_ERROR;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
2012-06-15 23:54:05 +00:00
|
|
|
/*
|
|
|
|
|
* Add an encapsulation type to cf->linktypes.
|
|
|
|
|
*/
|
2013-03-21 21:58:47 +00:00
|
|
|
static void
|
2012-06-15 23:54:05 +00:00
|
|
|
cf_add_encapsulation_type(capture_file *cf, int encap)
|
|
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
unsigned i;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
for (i = 0; i < cf->linktypes->len; i++) {
|
2024-07-07 16:00:12 -04:00
|
|
|
if (g_array_index(cf->linktypes, int, i) == encap)
|
2022-02-20 19:39:37 +00:00
|
|
|
return; /* it's already there */
|
|
|
|
|
}
|
|
|
|
|
/* It's not already there - add it. */
|
|
|
|
|
g_array_append_val(cf->linktypes, encap);
|
2012-06-15 23:54:05 +00:00
|
|
|
}
|
2005-04-29 14:51:52 +00:00
|
|
|
|
2014-07-15 15:48:29 -07:00
|
|
|
/* Reset everything to a pristine state */
|
|
|
|
|
void
|
|
|
|
|
cf_close(capture_file *cf)
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->stop_flag = false;
|
2023-06-11 10:18:18 -04:00
|
|
|
if (cf->state == FILE_CLOSED || cf->state == FILE_READ_PENDING)
|
2022-02-20 19:39:37 +00:00
|
|
|
return; /* Nothing to do */
|
2014-07-15 15:48:29 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Die if we're in the middle of reading a file. */
|
|
|
|
|
ws_assert(cf->state != FILE_READ_IN_PROGRESS);
|
|
|
|
|
ws_assert(!cf->read_lock);
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_invoke(cf_cb_file_closing, cf);
|
2014-07-15 15:48:29 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* close things, if not already closed before */
|
|
|
|
|
color_filters_cleanup();
|
2014-07-15 15:48:29 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->provider.wth) {
|
|
|
|
|
wtap_close(cf->provider.wth);
|
|
|
|
|
cf->provider.wth = NULL;
|
|
|
|
|
}
|
|
|
|
|
/* We have no file open... */
|
|
|
|
|
if (cf->filename != NULL) {
|
|
|
|
|
/* If it's a temporary file, remove it. */
|
|
|
|
|
if (cf->is_tempfile)
|
|
|
|
|
ws_unlink(cf->filename);
|
|
|
|
|
g_free(cf->filename);
|
|
|
|
|
cf->filename = NULL;
|
|
|
|
|
}
|
|
|
|
|
/* ...which means we have no changes to that file to save. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* no open_routine type */
|
|
|
|
|
cf->open_type = WTAP_TYPE_AUTO;
|
|
|
|
|
|
2024-12-22 21:38:27 +00:00
|
|
|
/* Clean up the record information. */
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_rec_cleanup(&cf->rec);
|
|
|
|
|
|
|
|
|
|
/* Clear the packet list. */
|
|
|
|
|
packet_list_freeze();
|
|
|
|
|
packet_list_clear();
|
|
|
|
|
packet_list_thaw();
|
|
|
|
|
|
|
|
|
|
dfilter_free(cf->rfcode);
|
|
|
|
|
cf->rfcode = NULL;
|
|
|
|
|
if (cf->provider.frames != NULL) {
|
|
|
|
|
free_frame_data_sequence(cf->provider.frames);
|
|
|
|
|
cf->provider.frames = NULL;
|
|
|
|
|
}
|
|
|
|
|
if (cf->provider.frames_modified_blocks) {
|
|
|
|
|
g_tree_destroy(cf->provider.frames_modified_blocks);
|
|
|
|
|
cf->provider.frames_modified_blocks = NULL;
|
|
|
|
|
}
|
|
|
|
|
cf_unselect_packet(cf); /* nothing to select */
|
|
|
|
|
cf->first_displayed = 0;
|
|
|
|
|
cf->last_displayed = 0;
|
|
|
|
|
|
|
|
|
|
/* No frames, no frame selected, no field in that frame selected. */
|
|
|
|
|
cf->count = 0;
|
|
|
|
|
cf->current_frame = NULL;
|
|
|
|
|
cf->finfo_selected = NULL;
|
|
|
|
|
|
|
|
|
|
/* No frame link-layer types, either. */
|
|
|
|
|
if (cf->linktypes != NULL) {
|
|
|
|
|
g_array_free(cf->linktypes, TRUE);
|
|
|
|
|
cf->linktypes = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf->f_datalen = 0;
|
|
|
|
|
nstime_set_zero(&cf->elapsed_time);
|
|
|
|
|
|
|
|
|
|
reset_tap_listeners();
|
|
|
|
|
|
|
|
|
|
epan_free(cf->epan);
|
|
|
|
|
cf->epan = NULL;
|
|
|
|
|
|
|
|
|
|
/* We have no file open. */
|
|
|
|
|
cf->state = FILE_CLOSED;
|
|
|
|
|
|
|
|
|
|
cf_callback_invoke(cf_cb_file_closed, cf);
|
2005-02-07 02:09:30 +00:00
|
|
|
}
|
|
|
|
|
|
2016-07-15 11:09:01 -07:00
|
|
|
/*
|
2024-07-07 16:00:12 -04:00
|
|
|
* true if the progress dialog doesn't exist and it looks like we'll
|
|
|
|
|
* take > PROGBAR_SHOW_DELAY (500ms) to load, false otherwise.
|
2016-07-15 11:09:01 -07:00
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
static inline bool
|
|
|
|
|
progress_is_slow(progdlg_t *progdlg, GTimer *prog_timer, int64_t size, int64_t pos)
|
2016-07-15 11:09:01 -07:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
double elapsed;
|
2016-07-15 11:09:01 -07:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
if (progdlg) return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
elapsed = g_timer_elapsed(prog_timer, NULL);
|
2023-07-31 00:48:02 -04:00
|
|
|
/* This only gets checked between reading records, which doesn't help if
|
|
|
|
|
* a single record takes a very long time, e.g., the first TLS packet if
|
|
|
|
|
* the SSLKEYLOGFILE is very large. (#17051) */
|
|
|
|
|
if ((elapsed * 2 > PROGBAR_SHOW_DELAY && (size / pos) >= 2) /* It looks like we're going to be slow. */
|
2022-02-20 19:39:37 +00:00
|
|
|
|| elapsed > PROGBAR_SHOW_DELAY) { /* We are indeed slow. */
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2016-07-15 11:09:01 -07:00
|
|
|
}
|
|
|
|
|
|
2010-10-18 20:52:54 +00:00
|
|
|
static float
|
2024-07-07 16:00:12 -04:00
|
|
|
calc_progbar_val(capture_file *cf, int64_t size, int64_t file_pos, char *status_str, unsigned long status_size)
|
2010-10-18 20:52:54 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
float progbar_val;
|
2009-09-21 15:50:15 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar_val = (float) file_pos / (float) size;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (progbar_val > 1.0) {
|
2010-10-18 20:52:54 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* The file probably grew while we were reading it.
|
|
|
|
|
* Update file size, and try again.
|
|
|
|
|
*/
|
|
|
|
|
size = wtap_file_size(cf->provider.wth, NULL);
|
2010-10-18 20:52:54 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (size >= 0)
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar_val = (float) file_pos / (float) size;
|
2010-10-18 20:52:54 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* If it's still > 1, either "wtap_file_size()" failed (in which
|
|
|
|
|
* case there's not much we can do about it), or the file
|
|
|
|
|
* *shrank* (in which case there's not much we can do about
|
|
|
|
|
* it); just clip the progress value at 1.0.
|
|
|
|
|
*/
|
|
|
|
|
if (progbar_val > 1.0f)
|
|
|
|
|
progbar_val = 1.0f;
|
|
|
|
|
}
|
2010-10-18 20:52:54 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
snprintf(status_str, status_size,
|
|
|
|
|
"%" PRId64 "KB of %" PRId64 "KB",
|
|
|
|
|
file_pos / 1024, size / 1024);
|
2010-10-18 20:52:54 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return progbar_val;
|
2009-09-01 08:51:41 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-04 20:54:12 +00:00
|
|
|
cf_read_status_t
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_read(capture_file *cf, bool reloading)
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
int err = 0;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info = NULL;
|
|
|
|
|
volatile bool too_many_records = false;
|
|
|
|
|
char *name_ptr;
|
2022-02-20 19:39:37 +00:00
|
|
|
progdlg_t *volatile progbar = NULL;
|
|
|
|
|
GTimer *prog_timer = g_timer_new();
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t size;
|
|
|
|
|
int64_t start_time;
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_t edt;
|
|
|
|
|
wtap_rec rec;
|
2023-04-21 01:35:22 +01:00
|
|
|
dfilter_t *dfcode = NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
column_info *cinfo;
|
2024-07-07 16:00:12 -04:00
|
|
|
volatile bool create_proto_tree;
|
|
|
|
|
unsigned tap_flags;
|
|
|
|
|
bool compiled _U_;
|
|
|
|
|
volatile bool is_read_aborted = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* The update_progress_dlg call below might end up accepting a user request to
|
|
|
|
|
* trigger redissection/rescans which can modify/destroy the dissection
|
|
|
|
|
* context ("cf->epan"). That condition should be prevented by callers, but in
|
|
|
|
|
* case it occurs let's fail gracefully.
|
|
|
|
|
*/
|
|
|
|
|
if (cf->read_lock) {
|
|
|
|
|
ws_warning("Failing due to recursive cf_read(\"%s\", %d) call!",
|
|
|
|
|
cf->filename, reloading);
|
|
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
}
|
2024-04-09 08:45:05 -04:00
|
|
|
/* This is a full dissection, so clear any pending request for one. */
|
|
|
|
|
cf->redissection_queued = RESCAN_NONE;
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->read_lock = true;
|
2012-10-22 21:22:35 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Compile the current display filter.
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
* The code it compiles to might have changed, e.g. if a display
|
|
|
|
|
* filter macro used has changed.
|
|
|
|
|
*
|
2022-02-20 19:39:37 +00:00
|
|
|
* We assume this will not fail since cf->dfilter is only set in
|
|
|
|
|
* cf_filter IFF the filter was valid.
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
* XXX - This is not necessarily true, if the filter has a FT_IPv4
|
|
|
|
|
* or FT_IPv6 field compared to a resolved hostname in it, because
|
|
|
|
|
* we do a new host lookup, and that *could* timeout this time
|
|
|
|
|
* (though with the read lock above we shouldn't have many lookups at
|
|
|
|
|
* once, reducing the chances of that)... (#19612)
|
2022-02-20 19:39:37 +00:00
|
|
|
*/
|
2023-04-21 01:35:22 +01:00
|
|
|
if (cf->dfilter) {
|
|
|
|
|
compiled = dfilter_compile(cf->dfilter, &dfcode, NULL);
|
|
|
|
|
ws_assert(compiled && dfcode);
|
|
|
|
|
}
|
2012-11-25 18:35:41 +00:00
|
|
|
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
dfilter_free(cf->dfcode);
|
|
|
|
|
cf->dfcode = dfcode;
|
2025-02-07 09:13:44 -05:00
|
|
|
tap_load_main_filter(dfcode);
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
|
|
|
|
|
/* The compiled dfilter might have a field reference; recompiling it
|
|
|
|
|
* means that the field references won't match anything. That's what
|
|
|
|
|
* we want since this is a new sequential read and we don't have
|
|
|
|
|
* a selected frame with a tree. (Will taps with filters with display
|
|
|
|
|
* references also have cleared display references?)
|
|
|
|
|
*/
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Get the union of the flags for all tap listeners. */
|
|
|
|
|
tap_flags = union_of_tap_listener_flags();
|
2012-11-25 18:35:41 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* Determine whether we need to create a protocol tree.
|
|
|
|
|
* We do if:
|
|
|
|
|
*
|
|
|
|
|
* we're going to apply a display filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners is going to apply a filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners requires a protocol tree;
|
|
|
|
|
*
|
|
|
|
|
* a postdissector wants field values or protocols on
|
|
|
|
|
* the first pass.
|
|
|
|
|
*/
|
|
|
|
|
create_proto_tree =
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
(cf->dfcode != NULL || have_filtering_tap_listeners() ||
|
2022-02-20 19:39:37 +00:00
|
|
|
(tap_flags & TL_REQUIRES_PROTO_TREE) || postdissectors_want_hfids());
|
|
|
|
|
|
|
|
|
|
reset_tap_listeners();
|
|
|
|
|
|
|
|
|
|
name_ptr = g_filename_display_basename(cf->filename);
|
|
|
|
|
|
|
|
|
|
if (reloading)
|
|
|
|
|
cf_callback_invoke(cf_cb_file_reload_started, cf);
|
|
|
|
|
else
|
|
|
|
|
cf_callback_invoke(cf_cb_file_read_started, cf);
|
|
|
|
|
|
2023-09-26 00:26:25 -04:00
|
|
|
/* The packet list window will be empty until the file is completely loaded */
|
2022-02-20 19:39:37 +00:00
|
|
|
packet_list_freeze();
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->stop_flag = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
start_time = g_get_monotonic_time();
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&edt, cf->epan, create_proto_tree, false);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
/* If the display filter or any tap listeners require the columns,
|
|
|
|
|
* construct them. */
|
|
|
|
|
cinfo = (tap_listeners_require_columns() ||
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
dfilter_requires_columns(cf->dfcode)) ? &cf->cinfo : NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Find the size of the file. */
|
|
|
|
|
size = wtap_file_size(cf->provider.wth, NULL);
|
|
|
|
|
|
2023-06-04 09:12:19 -05:00
|
|
|
/* If we are to ignore duplicate frames, we need a container to store
|
|
|
|
|
* hashes frame contents */
|
|
|
|
|
fifo_string_cache_t frame_dup_cache;
|
2023-06-12 09:28:56 +02:00
|
|
|
GChecksum *volatile cksum = NULL;
|
2023-06-04 09:12:19 -05:00
|
|
|
|
|
|
|
|
if (prefs.ignore_dup_frames) {
|
|
|
|
|
fifo_string_cache_init(&frame_dup_cache, prefs.ignore_dup_frames_cache_entries, g_free);
|
|
|
|
|
cksum = g_checksum_new(G_CHECKSUM_SHA256);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec_init(&rec, 1514);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
TRY {
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t file_pos;
|
|
|
|
|
int64_t data_offset;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
float progbar_val;
|
2024-07-07 16:00:12 -04:00
|
|
|
char status_str[100];
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
while ((wtap_read(cf->provider.wth, &rec, &err, &err_info,
|
2022-02-20 19:39:37 +00:00
|
|
|
&data_offset))) {
|
|
|
|
|
if (size >= 0) {
|
|
|
|
|
if (cf->count == max_records) {
|
|
|
|
|
/*
|
|
|
|
|
* Quit if we've already read the maximum number of
|
|
|
|
|
* records allowed.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
too_many_records = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
file_pos = wtap_read_so_far(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
/* Create the progress bar if necessary. */
|
|
|
|
|
if (progress_is_slow(progbar, prog_timer, size, file_pos)) {
|
|
|
|
|
progbar_val = calc_progbar_val(cf, size, file_pos, status_str, sizeof(status_str));
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar = delayed_create_progress_dlg(cf->window, NULL, NULL, true,
|
2022-02-20 19:39:37 +00:00
|
|
|
&cf->stop_flag, progbar_val);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Update the progress bar, but do it only after
|
|
|
|
|
* PROGBAR_UPDATE_INTERVAL has elapsed. Calling update_progress_dlg
|
|
|
|
|
* and packets_bar_update will likely trigger UI paint events, which
|
|
|
|
|
* might take a while depending on the platform and display. Reset
|
|
|
|
|
* our timer *after* painting.
|
|
|
|
|
*/
|
|
|
|
|
if (progbar && g_timer_elapsed(prog_timer, NULL) > PROGBAR_UPDATE_INTERVAL) {
|
|
|
|
|
progbar_val = calc_progbar_val(cf, size, file_pos, status_str, sizeof(status_str));
|
|
|
|
|
/* update the packet bar content on the first run or frequently on very large files */
|
|
|
|
|
update_progress_dlg(progbar, progbar_val, status_str);
|
|
|
|
|
compute_elapsed(cf, start_time);
|
|
|
|
|
packets_bar_update();
|
|
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* The previous GUI triggers should not have destroyed the running
|
|
|
|
|
* session. If that did happen, it could blow up when read_record tries
|
|
|
|
|
* to use the destroyed edt.session, so detect it right here.
|
|
|
|
|
*/
|
|
|
|
|
ws_assert(edt.session == cf->epan);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->state == FILE_READ_ABORTED) {
|
|
|
|
|
/* Well, the user decided to exit Wireshark. Break out of the
|
|
|
|
|
loop, and let the code below (which is called even if there
|
|
|
|
|
aren't any packets left to read) exit. */
|
2024-07-07 16:00:12 -04:00
|
|
|
is_read_aborted = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (cf->stop_flag) {
|
|
|
|
|
/* Well, the user decided to abort the read. He/She will be warned and
|
|
|
|
|
it might be enough for him/her to work with the already loaded
|
|
|
|
|
packets.
|
|
|
|
|
This is especially true for very large capture files, where you don't
|
|
|
|
|
want to wait loading the whole file (which may last minutes or even
|
|
|
|
|
hours even on fast machines) just to see that it was the wrong file. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-12-29 14:04:53 -08:00
|
|
|
read_record(cf, &rec, cf->dfcode, &edt, cinfo, data_offset, &frame_dup_cache, cksum);
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_rec_reset(&rec);
|
2012-11-25 18:35:41 +00:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
CATCH(OutOfMemoryError) {
|
|
|
|
|
simple_message_box(ESD_TYPE_ERROR, NULL,
|
|
|
|
|
"More information and workarounds can be found at\n"
|
|
|
|
|
WS_WIKI_URL("KnownBugs/OutOfMemory"),
|
|
|
|
|
"Sorry, but Wireshark has run out of memory and has to terminate now.");
|
2012-06-17 22:32:03 +00:00
|
|
|
#if 0
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Could we close the current capture and free up memory from that? */
|
2012-06-17 22:32:03 +00:00
|
|
|
#else
|
2022-02-20 19:39:37 +00:00
|
|
|
/* we have to terminate, as we cannot recover from the memory error */
|
|
|
|
|
exit(1);
|
2012-06-17 22:32:03 +00:00
|
|
|
#endif
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
ENDTRY;
|
|
|
|
|
|
2023-06-11 17:01:55 +00:00
|
|
|
// If we're ignoring duplicate frames, clear the data structures.
|
|
|
|
|
// We really could look at prefs.ignore_dup_frames here, but it's even
|
|
|
|
|
// safer to check if we had allocated 'cksum'.
|
|
|
|
|
if (cksum != NULL) {
|
2023-06-04 09:12:19 -05:00
|
|
|
fifo_string_cache_free(&frame_dup_cache);
|
|
|
|
|
g_checksum_free(cksum);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We're done reading sequentially through the file. */
|
|
|
|
|
cf->state = FILE_READ_DONE;
|
2007-01-01 10:23:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Destroy the progress bar if it was created. */
|
|
|
|
|
if (progbar != NULL)
|
|
|
|
|
destroy_progress_dlg(progbar);
|
|
|
|
|
g_timer_destroy(prog_timer);
|
2019-04-17 15:28:24 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Free the display name */
|
|
|
|
|
g_free(name_ptr);
|
2019-04-17 15:28:24 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_cleanup(&edt);
|
|
|
|
|
wtap_rec_cleanup(&rec);
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Close the sequential I/O side, to free up memory it requires. */
|
|
|
|
|
wtap_sequential_close(cf->provider.wth);
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Allow the protocol dissectors to free up memory that they
|
|
|
|
|
* don't need after the sequential run-through of the packets. */
|
|
|
|
|
postseq_cleanup_all_protocols();
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* compute the time it took to load the file */
|
|
|
|
|
compute_elapsed(cf, start_time);
|
2002-01-05 04:12:17 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Set the file encapsulation type now; we don't know what it is until
|
|
|
|
|
we've looked at all the packets, as we don't know until then whether
|
|
|
|
|
there's more than one type (and thus whether it's
|
|
|
|
|
WTAP_ENCAP_PER_PACKET). */
|
|
|
|
|
cf->lnk_t = wtap_file_encap(cf->provider.wth);
|
2009-08-28 05:19:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->current_frame = frame_data_sequence_find(cf->provider.frames, cf->first_displayed);
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
packet_list_thaw();
|
2023-01-07 09:04:41 -05:00
|
|
|
|
|
|
|
|
/* It is safe again to execute redissections or sort. */
|
|
|
|
|
ws_assert(cf->read_lock);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->read_lock = false;
|
2023-01-07 09:04:41 -05:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (reloading)
|
|
|
|
|
cf_callback_invoke(cf_cb_file_reload_finished, cf);
|
|
|
|
|
else
|
|
|
|
|
cf_callback_invoke(cf_cb_file_read_finished, cf);
|
2008-11-18 14:50:51 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* If we have any displayed packets to select, select the first of those
|
|
|
|
|
packets by making the first row the selected row. */
|
|
|
|
|
if (cf->first_displayed != 0) {
|
2022-06-28 14:39:27 +02:00
|
|
|
packet_list_select_row_from_data(NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
1999-08-10 07:16:47 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (is_read_aborted) {
|
|
|
|
|
/*
|
|
|
|
|
* Well, the user decided to exit Wireshark while reading this *offline*
|
|
|
|
|
* capture file (Live captures are handled by something like
|
|
|
|
|
* cf_continue_tail). Clean up accordingly.
|
|
|
|
|
*/
|
|
|
|
|
cf_close(cf);
|
|
|
|
|
cf->redissection_queued = RESCAN_NONE;
|
|
|
|
|
return CF_READ_ABORTED;
|
|
|
|
|
}
|
2018-06-29 22:38:10 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->redissection_queued != RESCAN_NONE) {
|
|
|
|
|
/* Redissection was queued up. Clear the request and perform it now. */
|
2024-07-07 16:00:12 -04:00
|
|
|
bool redissect = cf->redissection_queued == RESCAN_REDISSECT;
|
2022-02-20 19:39:37 +00:00
|
|
|
rescan_packets(cf, NULL, NULL, redissect);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->stop_flag) {
|
|
|
|
|
simple_message_box(ESD_TYPE_WARN, NULL,
|
|
|
|
|
"The remaining packets in the file were discarded.\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"As a lot of packets from the original file will be missing,\n"
|
|
|
|
|
"remember to be careful when saving the current content to a file.\n",
|
|
|
|
|
"File loading was cancelled.");
|
|
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (err != 0) {
|
|
|
|
|
/* Put up a message box noting that the read failed somewhere along
|
|
|
|
|
the line. Don't throw out the stuff we managed to read, though,
|
|
|
|
|
if any. */
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_read_failure(NULL, err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
} else if (too_many_records) {
|
|
|
|
|
simple_message_box(ESD_TYPE_WARN, NULL,
|
|
|
|
|
"The remaining packets in the file were discarded.\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"As a lot of packets from the original file will be missing,\n"
|
|
|
|
|
"remember to be careful when saving the current content to a file.\n"
|
|
|
|
|
"\n"
|
|
|
|
|
"The command-line utility editcap can be used to split "
|
|
|
|
|
"the file into multiple smaller files",
|
|
|
|
|
"The file contains more records than the maximum "
|
|
|
|
|
"supported number of records, %u.", max_records);
|
|
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
} else
|
|
|
|
|
return CF_READ_OK;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
1999-07-13 02:53:26 +00:00
|
|
|
#ifdef HAVE_LIBPCAP
|
2005-02-04 20:54:12 +00:00
|
|
|
cf_read_status_t
|
2019-04-06 19:42:23 -07:00
|
|
|
cf_continue_tail(capture_file *cf, volatile int to_read, wtap_rec *rec,
|
2024-12-29 14:04:53 -08:00
|
|
|
int *err, fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum)
|
1999-11-29 01:54:01 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
2022-02-20 19:39:37 +00:00
|
|
|
volatile int newly_displayed_packets = 0;
|
|
|
|
|
epan_dissect_t edt;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool create_proto_tree;
|
|
|
|
|
unsigned tap_flags;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
/* Don't compile the current display filter. The current display filter
|
|
|
|
|
* text might compile to different code than when the capture started:
|
|
|
|
|
*
|
|
|
|
|
* If it has a IP address resolved name, calling get_host_ipaddr every
|
|
|
|
|
* time new packets arrive can mean a *lot* of gethostbyname calls
|
|
|
|
|
* in flight at once, eventually leading to a timeout (#19612).
|
|
|
|
|
* addr_resolv.c says that ares_gethostbyname is "usually interactive",
|
|
|
|
|
* unlike ares_gethostbyaddr (used in dissection), and violating that
|
|
|
|
|
* expectation is bad.
|
|
|
|
|
*
|
|
|
|
|
* If it has a display filter macro, the definition might have changed.
|
|
|
|
|
*
|
|
|
|
|
* If it has a field reference, the selected frame / current proto tree
|
|
|
|
|
* might have changed, and we don't have the old one. If we recompile,
|
|
|
|
|
* we can't set the field references to the old values.
|
|
|
|
|
*
|
|
|
|
|
* For a rescan, redissection, reload, retap, or opening a new file, we
|
|
|
|
|
* want to compile. What about here, when new frames have arrived in a live
|
|
|
|
|
* capture? We might be able to cache the host lookup, and a user might want
|
|
|
|
|
* the new display filter macro definition, but the user almost surely wants
|
|
|
|
|
* the field references to refer to values from the proto tree when the
|
|
|
|
|
* filter was applied, not whatever it happens to be now if the user has
|
|
|
|
|
* clicked on a different packet.
|
|
|
|
|
*
|
|
|
|
|
* To get the new compiled filter, the user should refilter.
|
2022-02-20 19:39:37 +00:00
|
|
|
*/
|
2012-10-22 21:22:35 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Get the union of the flags for all tap listeners. */
|
|
|
|
|
tap_flags = union_of_tap_listener_flags();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Determine whether we need to create a protocol tree.
|
|
|
|
|
* We do if:
|
|
|
|
|
*
|
|
|
|
|
* we're going to apply a display filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners is going to apply a filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners requires a protocol tree;
|
|
|
|
|
*
|
|
|
|
|
* a postdissector wants field values or protocols on
|
|
|
|
|
* the first pass.
|
|
|
|
|
*/
|
|
|
|
|
create_proto_tree =
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
(cf->dfcode != NULL || have_filtering_tap_listeners() ||
|
2022-02-20 19:39:37 +00:00
|
|
|
(tap_flags & TL_REQUIRES_PROTO_TREE) || postdissectors_want_hfids());
|
|
|
|
|
|
|
|
|
|
*err = 0;
|
|
|
|
|
|
|
|
|
|
/* Don't freeze/thaw the list when doing live capture */
|
|
|
|
|
/*packet_list_freeze();*/
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&edt, cf->epan, create_proto_tree, false);
|
2012-10-22 19:44:51 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
TRY {
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t data_offset = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
column_info *cinfo;
|
|
|
|
|
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
/* If the display filter or any tap listeners require the columns,
|
|
|
|
|
* construct them. */
|
|
|
|
|
cinfo = (tap_listeners_require_columns() ||
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
dfilter_requires_columns(cf->dfcode)) ? &cf->cinfo : NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
while (to_read != 0) {
|
|
|
|
|
wtap_cleareof(cf->provider.wth);
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!wtap_read(cf->provider.wth, rec, err, &err_info,
|
2022-02-20 19:39:37 +00:00
|
|
|
&data_offset)) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (cf->state == FILE_READ_ABORTED) {
|
|
|
|
|
/* Well, the user decided to exit Wireshark. Break out of the
|
|
|
|
|
loop, and let the code below (which is called even if there
|
|
|
|
|
aren't any packets left to read) exit. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-12-29 14:04:53 -08:00
|
|
|
if (read_record(cf, rec, cf->dfcode, &edt, cinfo, data_offset, frame_dup_cache, frame_cksum)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
newly_displayed_packets++;
|
|
|
|
|
}
|
|
|
|
|
to_read--;
|
|
|
|
|
}
|
|
|
|
|
wtap_rec_reset(rec);
|
|
|
|
|
}
|
|
|
|
|
CATCH(OutOfMemoryError) {
|
|
|
|
|
simple_message_box(ESD_TYPE_ERROR, NULL,
|
|
|
|
|
"More information and workarounds can be found at\n"
|
|
|
|
|
WS_WIKI_URL("KnownBugs/OutOfMemory"),
|
|
|
|
|
"Sorry, but Wireshark has run out of memory and has to terminate now.");
|
2012-06-17 22:32:03 +00:00
|
|
|
#if 0
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Could we close the current capture and free up memory from that? */
|
|
|
|
|
return CF_READ_ABORTED;
|
2012-06-17 22:32:03 +00:00
|
|
|
#else
|
2022-02-20 19:39:37 +00:00
|
|
|
/* we have to terminate, as we cannot recover from the memory error */
|
|
|
|
|
exit(1);
|
2012-06-17 22:32:03 +00:00
|
|
|
#endif
|
2014-12-17 20:03:47 -08:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
ENDTRY;
|
|
|
|
|
|
|
|
|
|
/* Update the file encapsulation; it might have changed based on the
|
|
|
|
|
packets we've read. */
|
|
|
|
|
cf->lnk_t = wtap_file_encap(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
epan_dissect_cleanup(&edt);
|
|
|
|
|
|
|
|
|
|
/* Don't freeze/thaw the list when doing live capture */
|
|
|
|
|
/*packet_list_thaw();*/
|
|
|
|
|
/* With the new packet list the first packet
|
|
|
|
|
* isn't automatically selected.
|
|
|
|
|
*/
|
|
|
|
|
if (!cf->current_frame && !packet_list_multi_select_active())
|
2022-06-28 14:39:27 +02:00
|
|
|
packet_list_select_row_from_data(NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (cf->state == FILE_READ_ABORTED) {
|
|
|
|
|
/* Well, the user decided to exit Wireshark. Return CF_READ_ABORTED
|
|
|
|
|
so that our caller can kill off the capture child process;
|
|
|
|
|
this will cause an EOF on the pipe from the child, so
|
|
|
|
|
"cf_finish_tail()" will be called, and it will clean up
|
|
|
|
|
and exit. */
|
|
|
|
|
return CF_READ_ABORTED;
|
|
|
|
|
} else if (*err != 0) {
|
2025-01-18 20:34:37 -05:00
|
|
|
/* We got an error reading the capture file. */
|
|
|
|
|
report_cfile_read_failure(cf->filename, *err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
} else
|
|
|
|
|
return CF_READ_OK;
|
1999-11-29 01:54:01 +00:00
|
|
|
}
|
|
|
|
|
|
2010-05-27 23:55:04 +00:00
|
|
|
void
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_fake_continue_tail(capture_file *cf)
|
|
|
|
|
{
|
2023-06-11 10:18:18 -04:00
|
|
|
if (cf->state == FILE_CLOSED) {
|
|
|
|
|
cf->state = FILE_READ_PENDING;
|
|
|
|
|
}
|
2010-05-27 23:55:04 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-04 20:54:12 +00:00
|
|
|
cf_read_status_t
|
2024-12-29 14:04:53 -08:00
|
|
|
cf_finish_tail(capture_file *cf, wtap_rec *rec, int *err,
|
2023-06-05 17:07:09 -05:00
|
|
|
fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum)
|
1999-11-29 01:54:01 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
|
|
|
|
int64_t data_offset;
|
2022-02-20 19:39:37 +00:00
|
|
|
column_info *cinfo;
|
|
|
|
|
epan_dissect_t edt;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool create_proto_tree;
|
|
|
|
|
unsigned tap_flags;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
/* All the comments above in cf_continue_tail apply regarding the
|
|
|
|
|
* current display filter.
|
2022-02-20 19:39:37 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* Get the union of the flags for all tap listeners. */
|
|
|
|
|
tap_flags = union_of_tap_listener_flags();
|
|
|
|
|
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
/* If the display filter or any tap listeners require the columns,
|
|
|
|
|
* construct them. */
|
|
|
|
|
cinfo = (tap_listeners_require_columns() ||
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
dfilter_requires_columns(cf->dfcode)) ? &cf->cinfo : NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Determine whether we need to create a protocol tree.
|
|
|
|
|
* We do if:
|
|
|
|
|
*
|
|
|
|
|
* we're going to apply a display filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners is going to apply a filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners requires a protocol tree;
|
|
|
|
|
*
|
|
|
|
|
* a postdissector wants field values or protocols on
|
|
|
|
|
* the first pass.
|
|
|
|
|
*/
|
|
|
|
|
create_proto_tree =
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
(cf->dfcode != NULL || have_filtering_tap_listeners() ||
|
2022-02-20 19:39:37 +00:00
|
|
|
(tap_flags & TL_REQUIRES_PROTO_TREE) || postdissectors_want_hfids());
|
|
|
|
|
|
|
|
|
|
if (cf->provider.wth == NULL) {
|
|
|
|
|
cf_close(cf);
|
|
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Don't freeze/thaw the list when doing live capture */
|
|
|
|
|
/*packet_list_freeze();*/
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&edt, cf->epan, create_proto_tree, false);
|
2005-04-12 00:54:52 +00:00
|
|
|
|
2025-01-21 10:43:57 -05:00
|
|
|
wtap_cleareof(cf->provider.wth);
|
2024-12-29 14:04:53 -08:00
|
|
|
while ((wtap_read(cf->provider.wth, rec, err, &err_info, &data_offset))) {
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->state == FILE_READ_ABORTED) {
|
|
|
|
|
/* Well, the user decided to abort the read. Break out of the
|
|
|
|
|
loop, and let the code below (which is called even if there
|
|
|
|
|
aren't any packets left to read) exit. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
2024-12-29 14:04:53 -08:00
|
|
|
read_record(cf, rec, cf->dfcode, &edt, cinfo, data_offset, frame_dup_cache, frame_cksum);
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_rec_reset(rec);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
epan_dissect_cleanup(&edt);
|
|
|
|
|
|
|
|
|
|
/* Don't freeze/thaw the list when doing live capture */
|
|
|
|
|
/*packet_list_thaw();*/
|
2013-10-20 13:22:48 +00:00
|
|
|
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
if (cf->state == FILE_READ_ABORTED) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Well, the user decided to abort the read. We're only called
|
|
|
|
|
when the child capture process closes the pipe to us (meaning
|
|
|
|
|
it's probably exited), so we can just close the capture
|
|
|
|
|
file; we return CF_READ_ABORTED so our caller can do whatever
|
|
|
|
|
is appropriate when that happens. */
|
|
|
|
|
cf_close(cf);
|
|
|
|
|
return CF_READ_ABORTED;
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
}
|
2007-01-01 10:23:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We're done reading sequentially through the file. */
|
|
|
|
|
cf->state = FILE_READ_DONE;
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We're done reading sequentially through the file; close the
|
|
|
|
|
sequential I/O side, to free up memory it requires. */
|
|
|
|
|
wtap_sequential_close(cf->provider.wth);
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Allow the protocol dissectors to free up memory that they
|
|
|
|
|
* don't need after the sequential run-through of the packets. */
|
|
|
|
|
postseq_cleanup_all_protocols();
|
2005-10-06 00:55:21 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Update the file encapsulation; it might have changed based on the
|
|
|
|
|
packets we've read. */
|
|
|
|
|
cf->lnk_t = wtap_file_encap(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
/* Update the details in the file-set dialog, as the capture file
|
|
|
|
|
* has likely grown since we first stat-ed it */
|
|
|
|
|
fileset_update_file(cf->filename);
|
|
|
|
|
|
|
|
|
|
if (*err != 0) {
|
2025-01-18 20:34:37 -05:00
|
|
|
/* We got an error reading the capture file. */
|
|
|
|
|
report_cfile_read_failure(cf->filename, *err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_READ_ERROR;
|
2014-12-17 20:03:47 -08:00
|
|
|
} else {
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_READ_OK;
|
2014-12-17 20:03:47 -08:00
|
|
|
}
|
1999-05-11 18:51:10 +00:00
|
|
|
}
|
1999-09-19 15:54:54 +00:00
|
|
|
#endif /* HAVE_LIBPCAP */
|
1999-05-11 18:51:10 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
char *
|
2003-09-15 22:16:08 +00:00
|
|
|
cf_get_display_name(capture_file *cf)
|
|
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
char *displayname;
|
2003-09-15 22:16:08 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Return a name to use in displays */
|
|
|
|
|
if (!cf->is_tempfile) {
|
|
|
|
|
/* Get the last component of the file name, and use that. */
|
|
|
|
|
if (cf->filename) {
|
|
|
|
|
displayname = g_filename_display_basename(cf->filename);
|
|
|
|
|
} else {
|
|
|
|
|
displayname=g_strdup("(No file)");
|
|
|
|
|
}
|
2010-04-01 21:55:01 +00:00
|
|
|
} else {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* The file we read is a temporary file from a live capture or
|
|
|
|
|
a merge operation; we don't mention its name, but, if it's
|
|
|
|
|
from a capture, give the source of the capture. */
|
|
|
|
|
if (cf->source) {
|
|
|
|
|
displayname = g_strdup(cf->source);
|
|
|
|
|
} else {
|
|
|
|
|
displayname = g_strdup("(Untitled)");
|
|
|
|
|
}
|
2010-04-01 21:55:01 +00:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
return displayname;
|
2003-09-15 22:16:08 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
char *
|
2018-07-06 02:06:56 -07:00
|
|
|
cf_get_basename(capture_file *cf)
|
|
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
char *displayname;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Return a name to use in the GUI for the basename for files to
|
|
|
|
|
which we save statistics */
|
|
|
|
|
if (!cf->is_tempfile) {
|
|
|
|
|
/* Get the last component of the file name, and use that. */
|
|
|
|
|
if (cf->filename) {
|
|
|
|
|
displayname = g_filename_display_basename(cf->filename);
|
|
|
|
|
|
|
|
|
|
/* If the file name ends with any extension that corresponds
|
|
|
|
|
to a file type we support - including compressed versions
|
|
|
|
|
of those files - strip it off. */
|
|
|
|
|
size_t displayname_len = strlen(displayname);
|
|
|
|
|
GSList *extensions = wtap_get_all_file_extensions_list();
|
|
|
|
|
GSList *suffix;
|
|
|
|
|
for (suffix = extensions; suffix != NULL; suffix = g_slist_next(suffix)) {
|
|
|
|
|
/* Does the file name end with that extension? */
|
|
|
|
|
const char *extension = (char *)suffix->data;
|
|
|
|
|
size_t extension_len = strlen(extension);
|
|
|
|
|
if (displayname_len > extension_len &&
|
|
|
|
|
displayname[displayname_len - extension_len - 1] == '.' &&
|
|
|
|
|
strcmp(&displayname[displayname_len - extension_len], extension) == 0) {
|
|
|
|
|
/* Yes. Strip the extension off, and return the result. */
|
|
|
|
|
displayname[displayname_len - extension_len - 1] = '\0';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
wtap_free_extensions_list(extensions);
|
|
|
|
|
} else {
|
|
|
|
|
displayname=g_strdup("");
|
2018-07-06 02:06:56 -07:00
|
|
|
}
|
|
|
|
|
} else {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* The file we read is a temporary file from a live capture or
|
|
|
|
|
a merge operation; we don't mention its name, but, if it's
|
|
|
|
|
from a capture, give the source of the capture. */
|
|
|
|
|
if (cf->source) {
|
|
|
|
|
displayname = g_strdup(cf->source);
|
|
|
|
|
} else {
|
|
|
|
|
displayname = g_strdup("");
|
|
|
|
|
}
|
2018-07-06 02:06:56 -07:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
return displayname;
|
2018-07-06 02:06:56 -07:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_set_tempfile_source(capture_file *cf, char *source)
|
2022-02-20 19:39:37 +00:00
|
|
|
{
|
|
|
|
|
if (cf->source) {
|
|
|
|
|
g_free(cf->source);
|
|
|
|
|
}
|
2010-04-01 21:55:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (source) {
|
|
|
|
|
cf->source = g_strdup(source);
|
|
|
|
|
} else {
|
|
|
|
|
cf->source = g_strdup("");
|
|
|
|
|
}
|
2010-04-01 21:55:01 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
const char *
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_get_tempfile_source(capture_file *cf)
|
|
|
|
|
{
|
|
|
|
|
if (!cf->source) {
|
|
|
|
|
return "";
|
|
|
|
|
}
|
2010-04-01 21:55:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return cf->source;
|
2010-04-01 21:55:01 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-04 01:29:29 +00:00
|
|
|
/* XXX - use a macro instead? */
|
|
|
|
|
int
|
2006-01-22 16:26:41 +00:00
|
|
|
cf_get_packet_count(capture_file *cf)
|
2005-02-04 01:29:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
return cf->count;
|
2005-02-04 01:29:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* XXX - use a macro instead? */
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2005-02-04 01:29:29 +00:00
|
|
|
cf_is_tempfile(capture_file *cf)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
return cf->is_tempfile;
|
2005-02-04 01:29:29 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_set_tempfile(capture_file *cf, bool is_tempfile)
|
2005-03-28 14:39:31 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->is_tempfile = is_tempfile;
|
2005-03-28 14:39:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-02-04 01:29:29 +00:00
|
|
|
/* XXX - use a macro instead? */
|
2022-02-20 19:39:37 +00:00
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_set_drops_known(capture_file *cf, bool drops_known)
|
2005-02-04 01:29:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->drops_known = drops_known;
|
2005-02-04 01:29:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* XXX - use a macro instead? */
|
2022-02-20 19:39:37 +00:00
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_set_drops(capture_file *cf, uint32_t drops)
|
2005-02-04 01:29:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->drops = drops;
|
2005-02-04 01:29:29 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-28 22:46:49 +00:00
|
|
|
/* XXX - use a macro instead? */
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_get_drops_known(capture_file *cf)
|
2005-02-28 22:46:49 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
return cf->drops_known;
|
2005-02-28 22:46:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* XXX - use a macro instead? */
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_get_drops(capture_file *cf)
|
2005-02-28 22:46:49 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
return cf->drops;
|
2005-02-28 22:46:49 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
void
|
|
|
|
|
cf_set_rfcode(capture_file *cf, dfilter_t *rfcode)
|
2005-02-04 08:27:41 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->rfcode = rfcode;
|
2005-02-04 08:27:41 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-08 16:19:12 -08:00
|
|
|
static void
|
2000-05-18 09:09:50 +00:00
|
|
|
add_packet_to_packet_list(frame_data *fdata, capture_file *cf,
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_t *edt, dfilter_t *dfcode, column_info *cinfo,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, bool add_to_packet_list)
|
1999-08-14 04:23:22 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data_set_before_dissect(fdata, &cf->elapsed_time,
|
|
|
|
|
&cf->provider.ref, cf->provider.prev_dis);
|
|
|
|
|
cf->provider.prev_cap = fdata;
|
2009-09-21 19:30:06 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (dfcode != NULL) {
|
|
|
|
|
epan_dissect_prime_with_dfilter(edt, dfcode);
|
|
|
|
|
}
|
2016-01-10 18:07:24 +01:00
|
|
|
#if 0
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Prepare coloring rules, this ensures that display filter rules containing
|
|
|
|
|
* frame.color_rule references are still processed.
|
|
|
|
|
* TODO: actually detect that situation or maybe apply other optimizations? */
|
|
|
|
|
if (edt->tree && color_filters_used()) {
|
|
|
|
|
color_filters_prime_edt(edt);
|
|
|
|
|
fdata->need_colorize = 1;
|
|
|
|
|
}
|
2016-01-10 18:07:24 +01:00
|
|
|
#endif
|
2012-11-03 20:51:19 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (!fdata->visited) {
|
|
|
|
|
/* This is the first pass, so prime the epan_dissect_t with the
|
|
|
|
|
hfids postdissectors want on the first pass. */
|
|
|
|
|
prime_epan_dissect_with_postdissector_wanted_hfids(edt);
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-06 10:46:08 +00:00
|
|
|
/* Initialize passed_dfilter here so that dissectors can hide packets. */
|
2023-12-14 15:57:28 -08:00
|
|
|
/* XXX We might want to add a separate "visible" bit to frame_data instead. */
|
|
|
|
|
fdata->passed_dfilter = 1;
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Dissect the frame. */
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run_with_taps(edt, cf->cd_t, rec, fdata, cinfo);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2023-12-14 15:57:28 -08:00
|
|
|
if (fdata->passed_dfilter && dfcode != NULL) {
|
2022-02-20 19:39:37 +00:00
|
|
|
fdata->passed_dfilter = dfilter_apply_edt(dfcode, edt) ? 1 : 0;
|
|
|
|
|
|
2023-01-28 13:41:50 +01:00
|
|
|
if (fdata->passed_dfilter && edt->pi.fd->dependent_frames) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* This frame passed the display filter but it may depend on other
|
|
|
|
|
* (potentially not displayed) frames. Find those frames and mark them
|
|
|
|
|
* as depended upon.
|
|
|
|
|
*/
|
2023-01-28 13:41:50 +01:00
|
|
|
g_hash_table_foreach(edt->pi.fd->dependent_frames, find_and_mark_frame_depended_upon, cf->provider.frames);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2023-12-14 15:57:28 -08:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2016-06-02 21:26:47 +02:00
|
|
|
if (fdata->passed_dfilter || fdata->ref_time) {
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->displayed_count++;
|
2016-06-02 21:26:47 +02:00
|
|
|
fdata->dis_num = cf->displayed_count;
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (add_to_packet_list) {
|
|
|
|
|
/* We fill the needed columns from new_packet_list */
|
|
|
|
|
packet_list_append(cinfo, fdata);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (fdata->passed_dfilter || fdata->ref_time)
|
|
|
|
|
{
|
|
|
|
|
frame_data_set_after_dissect(fdata, &cf->cum_bytes);
|
Don't use frames without timestamp for delta time calculations
pcapng allows simple packet blocks (which don't have timestamps),
enhanced packet blocks (which do) and custom blocks (which might
or might not have timestamps, and even if they do have timestamps,
libwiretap might not know about them), and so some records may have
timestamps while others do not.
Do not use frames without timestamps in delta time calculations.
Don't use them as reference frames for time calculations, or for
the previously displayed frame for time calculations, where the
previously displayed frame that actually has a timestamp is used.
Have the various _get_frame_ts functions return null instead of
their ts value (that is currently handled; if records without
timestamps set their abs_ts to the special "unset" value of nstime_t
that could work too, except that isn't currently handled.)
Still allow the GUI to set frames without timestamps as "Time
References", because that does still affect the "Cumulative Bytes"
column, so it's not entirely pointless; unset the reference time
so that the timestamp from the next frame that does have a timestamp
will be used as reference time.
The "previous captured frame" will show a 0 time delta when
the previous frame doeesn't have a timestamp. Perhaps a user
would also want "previous captured frame with a timestamp,"
but we'd have to store that in frame data (adding memory to
that struct.)
Fix #19397
2023-10-14 09:52:49 -04:00
|
|
|
/* The only way we use prev_dis is to get the time stamp of
|
|
|
|
|
* the previous displayed frame, so ignore it if it doesn't
|
|
|
|
|
* have a time stamp, because we're presumably interested in
|
|
|
|
|
* the timestamp of the previously displayed frame with a
|
|
|
|
|
* time. XXX: What if in the future we want to use the previously
|
|
|
|
|
* displayed frame for something else, too?
|
|
|
|
|
*/
|
|
|
|
|
if (fdata->has_ts) {
|
|
|
|
|
cf->provider.prev_dis = fdata;
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* If we haven't yet seen the first frame, this is it. */
|
|
|
|
|
if (cf->first_displayed == 0)
|
|
|
|
|
cf->first_displayed = fdata->num;
|
|
|
|
|
|
|
|
|
|
/* This is the last frame we've seen so far. */
|
|
|
|
|
cf->last_displayed = fdata->num;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
epan_dissect_reset(edt);
|
2009-09-21 12:14:11 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-08 16:19:12 -08:00
|
|
|
/*
|
|
|
|
|
* Read in a new record.
|
2024-07-07 16:00:12 -04:00
|
|
|
* Returns true if the packet was added to the packet (record) list,
|
|
|
|
|
* false otherwise.
|
2018-02-08 16:19:12 -08:00
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
static bool
|
2024-12-29 14:04:53 -08:00
|
|
|
read_record(capture_file *cf, wtap_rec *rec, dfilter_t *dfcode,
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_t *edt, column_info *cinfo, int64_t offset,
|
2023-06-05 17:07:09 -05:00
|
|
|
fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum)
|
We can't trust "cf->current_frame" to refer to the frame that was
selected before we started re-colorizing or re-filtering the display, as
when the first row is added to the clist, that may be selected and thus
made the current frame.
This means that we can't find the row corresponding to the
previously-selected frame, if any, by checking as each packet is
colorized/filtered and see whether its "frame_data" structure is equal
to "cf->current_frame", as that'll always say that the first frame in
the display is the selected frame.
Instead, we recored the value of "cf->current_frame" before we do
anything to the clist, have "add_packet_to_packet_list()" return either
the row number of the frame (if it passed the filter and thus was added
to the clist) or -1 (if it didn't pass the filter and thus wasn't added
to the clist), and, after "add_packet_to_packet_list()", if the current
frame is the one that was the selected row, remember its row number (if
any), and, when we're finished colorizing/filtering the display, make
that row the current row if it's not -1 (-1 means that the selected row
didn't pass the filter).
Also, don't do that until after we've thawed the clist, as the vertical
adjustment for the clist doesn't reflect reality until then, and
attempting to go to a given row won't work right until the vertical
adjustment for the clist reflects reality.
Shove all the code to set the selected and focus rows, and to make said
row visible, into a routine, so the "Find Frame" and "Go To Frame" code
can use it as well.
svn path=/trunk/; revision=1959
2000-05-15 01:50:16 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data fdlocal;
|
|
|
|
|
frame_data *fdata;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool passed = true;
|
|
|
|
|
bool added = false;
|
|
|
|
|
const char *cksum_string;
|
|
|
|
|
bool was_in_cache;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Add this packet's link-layer encapsulation type to cf->linktypes, if
|
|
|
|
|
it's not already there.
|
|
|
|
|
XXX - yes, this is O(N), so if every packet had a different
|
|
|
|
|
link-layer encapsulation type, it'd be O(N^2) to read the file, but
|
|
|
|
|
there are probably going to be a small number of encapsulation types
|
|
|
|
|
in a file. */
|
|
|
|
|
if (rec->rec_type == REC_TYPE_PACKET) {
|
|
|
|
|
cf_add_encapsulation_type(cf, rec->rec_header.packet_header.pkt_encap);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* The frame number of this packet, if we add it to the set of frames,
|
|
|
|
|
would be one more than the count of frames in the file so far. */
|
|
|
|
|
frame_data_init(&fdlocal, cf->count + 1, rec, offset, cf->cum_bytes);
|
|
|
|
|
|
|
|
|
|
if (cf->rfcode) {
|
|
|
|
|
epan_dissect_t rf_edt;
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
column_info *rf_cinfo = NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&rf_edt, cf->epan, true, false);
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_prime_with_dfilter(&rf_edt, cf->rfcode);
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
if (dfilter_requires_columns(cf->rfcode)) {
|
|
|
|
|
rf_cinfo = &cf->cinfo;
|
|
|
|
|
}
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&rf_edt, cf->cd_t, rec, &fdlocal, rf_cinfo);
|
2022-02-20 19:39:37 +00:00
|
|
|
passed = dfilter_apply_edt(cf->rfcode, &rf_edt);
|
|
|
|
|
epan_dissect_cleanup(&rf_edt);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (passed) {
|
2024-07-07 16:00:12 -04:00
|
|
|
added = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* This does a shallow copy of fdlocal, which is good enough. */
|
|
|
|
|
fdata = frame_data_sequence_add(cf->provider.frames, &fdlocal);
|
|
|
|
|
|
|
|
|
|
cf->count++;
|
2025-06-17 13:07:27 +02:00
|
|
|
if (rec->block != NULL) {
|
|
|
|
|
uint64_t dropcount = 0;
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->packet_comment_count += wtap_block_count_option(rec->block, OPT_COMMENT);
|
2025-06-17 13:07:27 +02:00
|
|
|
if (wtap_block_get_uint64_option_value(rec->block, OPT_PKT_DROPCOUNT, &dropcount) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
|
cf->drops_known = true;
|
|
|
|
|
cf->drops += (uint32_t)dropcount;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
cf->f_datalen = offset + fdlocal.cap_len;
|
2023-06-04 09:12:19 -05:00
|
|
|
|
|
|
|
|
// Should we check if the frame data is a duplicate, and thus, ignore
|
|
|
|
|
// this frame?
|
2023-06-11 17:01:55 +00:00
|
|
|
if (frame_cksum != NULL && rec->rec_type == REC_TYPE_PACKET) {
|
2023-06-05 17:07:09 -05:00
|
|
|
g_checksum_reset(frame_cksum);
|
2024-12-29 14:04:53 -08:00
|
|
|
g_checksum_update(frame_cksum, ws_buffer_start_ptr(&rec->data), ws_buffer_length(&rec->data));
|
2023-06-05 17:07:09 -05:00
|
|
|
cksum_string = g_strdup(g_checksum_get_string(frame_cksum));
|
|
|
|
|
was_in_cache = fifo_string_cache_insert(frame_dup_cache, cksum_string);
|
2023-06-04 09:12:19 -05:00
|
|
|
if (was_in_cache) {
|
2024-07-07 16:00:12 -04:00
|
|
|
g_free((void *)cksum_string);
|
|
|
|
|
fdata->ignored = true;
|
2023-06-04 09:12:19 -05:00
|
|
|
cf->ignored_count++;
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* When a redissection is in progress (or queued), do not process packets.
|
|
|
|
|
* This will be done once all (new) packets have been scanned. */
|
|
|
|
|
if (!cf->redissecting && cf->redissection_queued == RESCAN_NONE) {
|
2024-12-29 14:04:53 -08:00
|
|
|
add_packet_to_packet_list(fdata, cf, edt, dfcode, cinfo, rec, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return added;
|
1999-07-11 08:40:52 +00:00
|
|
|
}
|
|
|
|
|
|
2015-08-16 12:37:11 -04:00
|
|
|
|
|
|
|
|
typedef struct _callback_data_t {
|
2024-07-07 16:00:12 -04:00
|
|
|
void * pd_window;
|
|
|
|
|
int64_t f_len;
|
2022-02-20 19:39:37 +00:00
|
|
|
progdlg_t *progbar;
|
|
|
|
|
GTimer *prog_timer;
|
2024-03-29 18:08:09 -07:00
|
|
|
bool stop_flag;
|
2015-08-16 12:37:11 -04:00
|
|
|
} callback_data_t;
|
2012-08-12 22:21:02 +00:00
|
|
|
|
|
|
|
|
|
Convert Wiretap to C99
This one is complicated because a gboolean is an int, but a bool
is not, in the way that a pointer to a bool (including in the
return of a function pointer) cannot be substituted for a pointer
to a gboolean. (They can convert a bool used internally to a gboolean
on return.)
Continue for that reason to have some functions return gboolean
when used with glib callback functions:
https://docs.gtk.org/glib/callback.HRFunc.html
Another small gotcha is that macros like UINT64_C are not necessarily
guaranteed to wrap the return in parentheses, which G_GUINT64_CONSTANT
and the like do.
In wtap.h, the file subtype "dump_open" function was typedef'd
as returning an int, but almost all users (except in wslua) returned
a gboolean. Switch it to a bool.
Make a note about why can_write_encap does not return a bool,
because it returns error codes on failure (for Lua) instead of
having the err as a separate parameter.
Update the usbdump wiretap plugin too.
A few places outside of wiretap use wiretap function pointers, such
as in the Lua interface, adding IP addresses to NRBs, merging, and
the frame dissector using wiretap functions. Switch those to bool.
Ping #19116
2024-03-20 15:26:00 -04:00
|
|
|
static bool
|
2015-08-16 12:37:11 -04:00
|
|
|
merge_callback(merge_event event, int num _U_,
|
2024-07-07 16:00:12 -04:00
|
|
|
const merge_in_file_t in_files[], const unsigned in_file_count,
|
2022-02-20 19:39:37 +00:00
|
|
|
void *data)
|
2015-08-16 12:37:11 -04:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
unsigned i;
|
2022-02-20 19:39:37 +00:00
|
|
|
callback_data_t *cb_data = (callback_data_t*) data;
|
2012-08-12 22:21:02 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
ws_assert(cb_data != NULL);
|
2012-08-12 22:21:02 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
switch (event) {
|
2004-10-27 23:28:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case MERGE_EVENT_INPUT_FILES_OPENED:
|
|
|
|
|
/* do nothing */
|
|
|
|
|
break;
|
2004-10-29 00:36:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case MERGE_EVENT_FRAME_TYPE_SELECTED:
|
|
|
|
|
/* do nothing */
|
|
|
|
|
break;
|
2004-10-29 00:36:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case MERGE_EVENT_READY_TO_MERGE:
|
|
|
|
|
/* Get the sum of the sizes of all the files. */
|
|
|
|
|
for (i = 0; i < in_file_count; i++)
|
|
|
|
|
cb_data->f_len += in_files[i].size;
|
2004-10-27 23:28:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cb_data->prog_timer = g_timer_new();
|
|
|
|
|
g_timer_start(cb_data->prog_timer);
|
|
|
|
|
break;
|
2004-10-29 00:36:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case MERGE_EVENT_RECORD_WAS_READ:
|
|
|
|
|
{
|
|
|
|
|
/* Create the progress bar if necessary.
|
|
|
|
|
We check on every iteration of the loop, so that it takes no
|
|
|
|
|
longer than the standard time to create it (otherwise, for a
|
|
|
|
|
large file, we might take considerably longer than that standard
|
|
|
|
|
time in order to get to the next progress bar step). */
|
|
|
|
|
if (cb_data->progbar == NULL) {
|
|
|
|
|
cb_data->progbar = delayed_create_progress_dlg(cb_data->pd_window, NULL, NULL,
|
2024-07-07 16:00:12 -04:00
|
|
|
false, &cb_data->stop_flag, 0.0f);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Update the progress bar, but do it only after
|
|
|
|
|
* PROGBAR_UPDATE_INTERVAL has elapsed. Calling update_progress_dlg
|
|
|
|
|
* and packets_bar_update will likely trigger UI paint events, which
|
|
|
|
|
* might take a while depending on the platform and display. Reset
|
|
|
|
|
* our timer *after* painting.
|
|
|
|
|
*/
|
|
|
|
|
if (g_timer_elapsed(cb_data->prog_timer, NULL) > PROGBAR_UPDATE_INTERVAL) {
|
|
|
|
|
float progbar_val;
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t file_pos = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Get the sum of the seek positions in all of the files. */
|
|
|
|
|
for (i = 0; i < in_file_count; i++)
|
|
|
|
|
file_pos += wtap_read_so_far(in_files[i].wth);
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar_val = (float) file_pos / (float) cb_data->f_len;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (progbar_val > 1.0f) {
|
|
|
|
|
/* Some file probably grew while we were reading it.
|
|
|
|
|
That "shouldn't happen", so we'll just clip the progress
|
|
|
|
|
value at 1.0. */
|
|
|
|
|
progbar_val = 1.0f;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cb_data->progbar != NULL) {
|
2024-07-07 16:00:12 -04:00
|
|
|
char status_str[100];
|
2022-02-20 19:39:37 +00:00
|
|
|
snprintf(status_str, sizeof(status_str),
|
|
|
|
|
"%" PRId64 "KB of %" PRId64 "KB",
|
|
|
|
|
file_pos / 1024, cb_data->f_len / 1024);
|
|
|
|
|
update_progress_dlg(cb_data->progbar, progbar_val, status_str);
|
|
|
|
|
}
|
|
|
|
|
g_timer_start(cb_data->prog_timer);
|
|
|
|
|
}
|
2015-08-16 12:37:11 -04:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
break;
|
2005-11-12 11:05:02 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case MERGE_EVENT_DONE:
|
|
|
|
|
/* We're done merging the files; destroy the progress bar if it was created. */
|
|
|
|
|
if (cb_data->progbar != NULL)
|
|
|
|
|
destroy_progress_dlg(cb_data->progbar);
|
|
|
|
|
g_timer_destroy(cb_data->prog_timer);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cb_data->stop_flag;
|
2015-08-16 12:37:11 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cf_status_t
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_merge_files_to_tempfile(void *pd_window, const char *temp_dir, char **out_filenamep,
|
2022-02-20 19:39:37 +00:00
|
|
|
int in_file_count, const char *const *in_filenames,
|
2024-07-07 16:00:12 -04:00
|
|
|
int file_type, bool do_append)
|
2015-08-16 12:37:11 -04:00
|
|
|
{
|
2024-07-01 10:27:37 -07:00
|
|
|
bool status;
|
2022-02-20 19:39:37 +00:00
|
|
|
merge_progress_callback_t cb;
|
|
|
|
|
callback_data_t *cb_data = g_new0(callback_data_t, 1);
|
|
|
|
|
|
|
|
|
|
/* prepare our callback routine */
|
|
|
|
|
cb_data->pd_window = pd_window;
|
|
|
|
|
cb.callback_func = merge_callback;
|
|
|
|
|
cb.data = cb_data;
|
|
|
|
|
|
|
|
|
|
cf_callback_invoke(cf_cb_file_merge_started, NULL);
|
|
|
|
|
|
|
|
|
|
/* merge the files */
|
|
|
|
|
status = merge_files_to_tempfile(temp_dir, out_filenamep, "wireshark", file_type,
|
|
|
|
|
in_filenames,
|
|
|
|
|
in_file_count, do_append,
|
|
|
|
|
IDB_MERGE_MODE_ALL_SAME, 0 /* snaplen */,
|
2024-07-01 10:27:37 -07:00
|
|
|
"Wireshark", &cb);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
g_free(cb.data);
|
|
|
|
|
|
|
|
|
|
cf_callback_invoke(cf_cb_file_merge_finished, NULL);
|
|
|
|
|
|
2024-07-01 10:27:37 -07:00
|
|
|
if (!status) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Callers aren't expected to treat an error or an explicit abort
|
2024-07-01 10:27:37 -07:00
|
|
|
differently - the merge code puts up error dialogs itself, so
|
|
|
|
|
they don't have to. */
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_ERROR;
|
|
|
|
|
} else
|
|
|
|
|
return CF_OK;
|
2004-10-27 23:28:37 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-05 12:50:47 +00:00
|
|
|
cf_status_t
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_filter_packets(capture_file *cf, char *dftext, bool force)
|
1999-07-11 08:40:52 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
const char *filter_new = dftext ? dftext : "";
|
|
|
|
|
const char *filter_old = cf->dfilter ? cf->dfilter : "";
|
|
|
|
|
dfilter_t *dfcode;
|
2022-11-19 19:21:19 +00:00
|
|
|
df_error_t *df_err;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* if new filter equals old one, do nothing unless told to do so */
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
/* XXX - The text can be the same without compiling to the same code.
|
|
|
|
|
* (Macros, field references, etc.)
|
|
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
if (!force && strcmp(filter_new, filter_old) == 0) {
|
|
|
|
|
return CF_OK;
|
|
|
|
|
}
|
2004-01-26 06:43:00 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
dfcode=NULL;
|
|
|
|
|
|
|
|
|
|
if (dftext == NULL) {
|
|
|
|
|
/* The new filter is an empty filter (i.e., display all packets).
|
|
|
|
|
* so leave dfcode==NULL
|
|
|
|
|
*/
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* We have a filter; make a copy of it (as we'll be saving it),
|
|
|
|
|
* and try to compile it.
|
|
|
|
|
*/
|
|
|
|
|
dftext = g_strdup(dftext);
|
2022-11-19 19:21:19 +00:00
|
|
|
if (!dfilter_compile(dftext, &dfcode, &df_err)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* The attempt failed; report an error. */
|
|
|
|
|
simple_message_box(ESD_TYPE_ERROR, NULL,
|
|
|
|
|
"See the help for a description of the display filter syntax.",
|
|
|
|
|
"\"%s\" isn't a valid display filter: %s",
|
2022-11-19 19:21:19 +00:00
|
|
|
dftext, df_err->msg);
|
2023-04-15 00:18:53 +01:00
|
|
|
df_error_free(&df_err);
|
2022-02-20 19:39:37 +00:00
|
|
|
g_free(dftext);
|
|
|
|
|
return CF_ERROR;
|
|
|
|
|
}
|
1999-08-05 16:46:04 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Was it empty? */
|
|
|
|
|
if (dfcode == NULL) {
|
|
|
|
|
/* Yes - free the filter text, and set it to null. */
|
|
|
|
|
g_free(dftext);
|
|
|
|
|
dftext = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
2007-01-01 10:23:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We have a valid filter. Replace the current filter. */
|
|
|
|
|
g_free(cf->dfilter);
|
|
|
|
|
cf->dfilter = dftext;
|
|
|
|
|
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
/* We'll recompile this when the rescan starts, or in cf_read()
|
2024-02-02 20:11:56 -05:00
|
|
|
* if no file is open currently. However, if no file is open and
|
|
|
|
|
* we start a new capture, we want to use this rather than
|
|
|
|
|
* recompiling in cf_continue_tail() */
|
|
|
|
|
dfilter_free(cf->dfcode);
|
|
|
|
|
cf->dfcode = dfcode;
|
2025-02-07 09:13:44 -05:00
|
|
|
tap_load_main_filter(dfcode);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Now rescan the packet list, applying the new filter, but not
|
|
|
|
|
* throwing away information constructed on a previous pass.
|
|
|
|
|
* If a dissection is already in progress, queue it.
|
1999-07-11 08:40:52 +00:00
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->redissection_queued == RESCAN_NONE) {
|
|
|
|
|
if (cf->read_lock) {
|
|
|
|
|
cf->redissection_queued = RESCAN_SCAN;
|
|
|
|
|
} else if (cf->state != FILE_CLOSED) {
|
|
|
|
|
if (dftext == NULL) {
|
2024-07-07 16:00:12 -04:00
|
|
|
rescan_packets(cf, "Resetting", "filter", false);
|
2022-02-20 19:39:37 +00:00
|
|
|
} else {
|
2024-07-07 16:00:12 -04:00
|
|
|
rescan_packets(cf, "Filtering", dftext, false);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
2015-09-29 23:27:01 +02:00
|
|
|
}
|
2007-01-01 10:23:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_OK;
|
1999-10-11 06:39:26 +00:00
|
|
|
}
|
|
|
|
|
|
2000-07-09 03:29:42 +00:00
|
|
|
void
|
2005-02-04 18:44:44 +00:00
|
|
|
cf_redissect_packets(capture_file *cf)
|
2000-07-09 03:29:42 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->read_lock || cf->redissection_queued == RESCAN_SCAN) {
|
|
|
|
|
/* Dissection in progress, signal redissection rather than rescanning. That
|
|
|
|
|
* would destroy the current (in-progress) dissection in "cf_read" which
|
|
|
|
|
* will cause issues when "cf_read" tries to add packets to the list.
|
|
|
|
|
* If a previous rescan was requested, "upgrade" it to a full redissection.
|
|
|
|
|
*/
|
|
|
|
|
cf->redissection_queued = RESCAN_REDISSECT;
|
|
|
|
|
}
|
|
|
|
|
if (cf->redissection_queued != RESCAN_NONE) {
|
|
|
|
|
/* Redissection is (already) queued, wait for "cf_read" to finish. */
|
2024-04-06 12:38:44 -04:00
|
|
|
/* XXX - what if whatever set and later clears read_lock is *not*
|
|
|
|
|
* cf_read, e.g. process_specified_records ? We need to handle a
|
|
|
|
|
* queued redissection there too like we do in cf_read.
|
|
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->state != FILE_CLOSED) {
|
|
|
|
|
/* Restart dissection in case no cf_read is pending. */
|
2024-07-07 16:00:12 -04:00
|
|
|
rescan_packets(cf, "Reprocessing", "all packets", true);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2000-07-09 03:29:42 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2024-12-29 14:04:53 -08:00
|
|
|
cf_read_record(capture_file *cf, const frame_data *fdata, wtap_rec *rec)
|
From Jakub Zawadzki:
New functions: cf_read_frame_r, cf_read_frame
It's much easier to write:
cf_read_frame (cf, fdata, &err, &err_info)
Than:
wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header, cf->pd,
fdata->cap_len, &err, &err_info)
svn path=/trunk/; revision=32980
2010-05-26 19:11:23 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
int err;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!wtap_seek_read(cf->provider.wth, fdata->file_off, rec, &err, &err_info)) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_read_failure(cf->filename, err, err_info);
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
From Jakub Zawadzki:
New functions: cf_read_frame_r, cf_read_frame
It's much easier to write:
cf_read_frame (cf, fdata, &err, &err_info)
Than:
wtap_seek_read (cf->wth, fdata->file_off, &cf->pseudo_header, cf->pd,
fdata->cap_len, &err, &err_info)
svn path=/trunk/; revision=32980
2010-05-26 19:11:23 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2020-02-15 20:14:34 +01:00
|
|
|
cf_read_record_no_alert(capture_file *cf, const frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec)
|
2020-02-15 20:14:34 +01:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
int err;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
2020-02-15 20:14:34 +01:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!wtap_seek_read(cf->provider.wth, fdata->file_off, rec, &err, &err_info)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
g_free(err_info);
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2020-02-15 20:14:34 +01:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2019-04-14 22:14:15 -07:00
|
|
|
cf_read_current_record(capture_file *cf)
|
2019-04-06 18:42:39 +01:00
|
|
|
{
|
2024-12-29 14:04:53 -08:00
|
|
|
return cf_read_record(cf, cf->current_frame, &cf->rec);
|
2019-04-06 18:42:39 +01:00
|
|
|
}
|
|
|
|
|
|
2000-07-09 03:29:42 +00:00
|
|
|
/* Rescan the list of packets, reconstructing the CList.
|
|
|
|
|
|
|
|
|
|
"action" describes why we're doing this; it's used in the progress
|
|
|
|
|
dialog box.
|
|
|
|
|
|
2002-08-28 10:07:37 +00:00
|
|
|
"action_item" describes what we're doing; it's used in the progress
|
|
|
|
|
dialog box.
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
"redissect" is true if we need to make the dissectors reconstruct
|
2000-08-24 06:45:37 +00:00
|
|
|
any state information they have (because a preference that affects
|
|
|
|
|
some dissector has changed, meaning some dissector might construct
|
|
|
|
|
its state differently from the way it was constructed the last time). */
|
2000-07-09 03:29:42 +00:00
|
|
|
static void
|
2025-02-09 10:29:11 -08:00
|
|
|
// NOLINTNEXTLINE(misc-no-recursion)
|
2024-07-07 16:00:12 -04:00
|
|
|
rescan_packets(capture_file *cf, const char *action, const char *action_item, bool redissect)
|
1999-10-11 06:39:26 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Rescan packets new packet list */
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t framenum;
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data *fdata;
|
|
|
|
|
wtap_rec rec;
|
|
|
|
|
progdlg_t *progbar = NULL;
|
|
|
|
|
GTimer *prog_timer = g_timer_new();
|
|
|
|
|
int count;
|
|
|
|
|
frame_data *selected_frame, *preceding_frame, *following_frame, *prev_frame;
|
|
|
|
|
int selected_frame_num, preceding_frame_num, following_frame_num, prev_frame_num;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool selected_frame_seen;
|
2022-02-20 19:39:37 +00:00
|
|
|
float progbar_val;
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t start_time;
|
|
|
|
|
char status_str[100];
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_t edt;
|
2023-04-21 01:35:22 +01:00
|
|
|
dfilter_t *dfcode = NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
column_info *cinfo;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool create_proto_tree;
|
|
|
|
|
bool filtering_tap_listeners = false;
|
|
|
|
|
unsigned tap_flags;
|
|
|
|
|
bool add_to_packet_list = false;
|
|
|
|
|
bool compiled _U_;
|
|
|
|
|
uint32_t frames_count;
|
2024-04-08 19:01:33 -04:00
|
|
|
rescan_type queued_rescan_type = RESCAN_NONE;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2023-06-11 10:18:18 -04:00
|
|
|
if (cf->state == FILE_CLOSED || cf->state == FILE_READ_PENDING) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Rescan in progress, clear pending actions. */
|
|
|
|
|
cf->redissection_queued = RESCAN_NONE;
|
|
|
|
|
ws_assert(!cf->read_lock);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->read_lock = true;
|
2009-07-26 10:34:07 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec_init(&rec, 1514);
|
2016-04-09 14:30:07 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Compile the current display filter.
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
* The code it compiles to might have changed, e.g. if a display
|
|
|
|
|
* filter macro used has changed.
|
|
|
|
|
*
|
2022-02-20 19:39:37 +00:00
|
|
|
* We assume this will not fail since cf->dfilter is only set in
|
|
|
|
|
* cf_filter IFF the filter was valid.
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
* XXX - This is not necessarily true, if the filter has a FT_IPv4
|
|
|
|
|
* or FT_IPv6 field compared to a resolved hostname in it, because
|
|
|
|
|
* we do a new host lookup, and that *could* timeout this time
|
|
|
|
|
* (though with the read lock above we shouldn't have many lookups at
|
|
|
|
|
* once, reducing the chances of that)... (#19612)
|
2022-02-20 19:39:37 +00:00
|
|
|
*/
|
2023-04-21 01:35:22 +01:00
|
|
|
if (cf->dfilter) {
|
|
|
|
|
compiled = dfilter_compile(cf->dfilter, &dfcode, NULL);
|
|
|
|
|
ws_assert(compiled && dfcode);
|
|
|
|
|
}
|
2000-08-24 06:45:37 +00:00
|
|
|
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
dfilter_free(cf->dfcode);
|
|
|
|
|
cf->dfcode = dfcode;
|
2025-02-07 09:13:44 -05:00
|
|
|
tap_load_main_filter(dfcode);
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
|
2023-05-05 07:43:27 -04:00
|
|
|
/* Do we have any tap listeners with filters? */
|
|
|
|
|
filtering_tap_listeners = have_filtering_tap_listeners();
|
|
|
|
|
|
|
|
|
|
/* Update references in filters (if any) for the protocol
|
2022-03-31 13:22:56 +01:00
|
|
|
* tree corresponding to the currently selected frame in the GUI. */
|
2023-05-05 07:43:27 -04:00
|
|
|
if (cf->edt != NULL && cf->edt->tree != NULL) {
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
if (cf->dfcode)
|
|
|
|
|
dfilter_load_field_references(cf->dfcode, cf->edt->tree);
|
2023-05-05 07:43:27 -04:00
|
|
|
if (filtering_tap_listeners)
|
|
|
|
|
tap_listeners_load_field_references(cf->edt);
|
|
|
|
|
}
|
2022-03-27 15:26:46 +01:00
|
|
|
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
if (cf->dfcode != NULL) {
|
2023-01-07 02:40:14 +00:00
|
|
|
dfilter_log_full(LOG_DOMAIN_DFILTER, LOG_LEVEL_NOISY, NULL, -1, NULL,
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
cf->dfcode, "Rescanning packets with display filter");
|
2022-03-27 16:38:39 +01:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Get the union of the flags for all tap listeners. */
|
|
|
|
|
tap_flags = union_of_tap_listener_flags();
|
1999-11-06 06:28:07 +00:00
|
|
|
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
/* If the display filter or any tap listeners require the columns,
|
|
|
|
|
* construct them. */
|
|
|
|
|
cinfo = (tap_listeners_require_columns() ||
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
dfilter_requires_columns(cf->dfcode)) ? &cf->cinfo : NULL;
|
2004-02-03 00:16:59 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* Determine whether we need to create a protocol tree.
|
|
|
|
|
* We do if:
|
|
|
|
|
*
|
|
|
|
|
* we're going to apply a display filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners is going to apply a filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners requires a protocol tree;
|
|
|
|
|
*
|
|
|
|
|
* we're redissecting and a postdissector wants field
|
|
|
|
|
* values or protocols on the first pass.
|
|
|
|
|
*/
|
|
|
|
|
create_proto_tree =
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
(cf->dfcode != NULL || filtering_tap_listeners ||
|
2022-02-20 19:39:37 +00:00
|
|
|
(tap_flags & TL_REQUIRES_PROTO_TREE) ||
|
|
|
|
|
(redissect && postdissectors_want_hfids()));
|
1999-08-05 16:46:04 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
reset_tap_listeners();
|
|
|
|
|
/* Which frame, if any, is the currently selected frame?
|
|
|
|
|
XXX - should the selected frame or the focus frame be the "current"
|
|
|
|
|
frame, that frame being the one from which "Find Frame" searches
|
|
|
|
|
start? */
|
|
|
|
|
selected_frame = cf->current_frame;
|
2015-09-18 11:31:16 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Mark frame num as not found */
|
|
|
|
|
selected_frame_num = -1;
|
2000-01-08 23:49:33 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Freeze the packet list while we redo it, so we don't get any
|
|
|
|
|
screen updates while it happens. */
|
|
|
|
|
packet_list_freeze();
|
1999-08-28 01:51:58 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (redissect) {
|
|
|
|
|
/* We need to re-initialize all the state information that protocols
|
|
|
|
|
keep, because some preference that controls a dissector has changed,
|
|
|
|
|
which might cause the state information to be constructed differently
|
|
|
|
|
by that dissector. */
|
|
|
|
|
|
|
|
|
|
/* We might receive new packets while redissecting, and we don't
|
|
|
|
|
want to dissect those before their time. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->redissecting = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* 'reset' dissection session */
|
|
|
|
|
epan_free(cf->epan);
|
|
|
|
|
if (cf->edt && cf->edt->pi.fd) {
|
|
|
|
|
/* All pointers in "per frame proto data" for the currently selected
|
|
|
|
|
packet are allocated in wmem_file_scope() and deallocated in epan_free().
|
|
|
|
|
Free them here to avoid unintended usage in packet_list_clear(). */
|
|
|
|
|
frame_data_destroy(cf->edt->pi.fd);
|
|
|
|
|
}
|
|
|
|
|
cf->epan = ws_epan_new(cf);
|
|
|
|
|
cf->cinfo.epan = cf->epan;
|
2003-09-25 08:20:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* A new Lua tap listener may be registered in lua_prime_all_fields()
|
|
|
|
|
called via epan_new() / init_dissection() when reloading Lua plugins. */
|
|
|
|
|
if (!create_proto_tree && have_filtering_tap_listeners()) {
|
2024-07-07 16:00:12 -04:00
|
|
|
create_proto_tree = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
if (!cinfo && tap_listeners_require_columns()) {
|
|
|
|
|
cinfo = &cf->cinfo;
|
|
|
|
|
}
|
2003-09-25 08:20:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We need to redissect the packets so we have to discard our old
|
|
|
|
|
* packet list store. */
|
|
|
|
|
packet_list_clear();
|
2024-07-07 16:00:12 -04:00
|
|
|
add_to_packet_list = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2003-09-25 08:20:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We don't yet know which will be the first and last frames displayed. */
|
|
|
|
|
cf->first_displayed = 0;
|
|
|
|
|
cf->last_displayed = 0;
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We currently don't display any packets */
|
|
|
|
|
cf->displayed_count = 0;
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of frames. Call a routine for each frame
|
|
|
|
|
to check whether it should be displayed and, if so, add it to
|
|
|
|
|
the display list. */
|
|
|
|
|
cf->provider.ref = NULL;
|
|
|
|
|
cf->provider.prev_dis = NULL;
|
|
|
|
|
cf->provider.prev_cap = NULL;
|
|
|
|
|
cf->cum_bytes = 0;
|
2019-01-18 01:54:22 +01:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_invoke(cf_cb_file_rescan_started, cf);
|
2011-04-25 05:33:07 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
/* Count of packets at which we've looked. */
|
|
|
|
|
count = 0;
|
|
|
|
|
/* Progress so far. */
|
|
|
|
|
progbar_val = 0.0f;
|
2005-10-27 06:45:37 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->stop_flag = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
start_time = g_get_monotonic_time();
|
1999-08-28 01:51:58 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* no previous row yet */
|
|
|
|
|
prev_frame_num = -1;
|
|
|
|
|
prev_frame = NULL;
|
2002-07-30 10:13:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
preceding_frame_num = -1;
|
|
|
|
|
preceding_frame = NULL;
|
|
|
|
|
following_frame_num = -1;
|
|
|
|
|
following_frame = NULL;
|
2000-07-03 08:36:52 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
selected_frame_seen = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
frames_count = cf->count;
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&edt, cf->epan, create_proto_tree, false);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (redissect) {
|
|
|
|
|
/*
|
2023-01-20 01:10:27 -05:00
|
|
|
* Decryption secrets and name resolution blocks are read while
|
|
|
|
|
* sequentially processing records and then passed to the dissector.
|
|
|
|
|
* During redissection, the previous information is lost (see epan_free
|
|
|
|
|
* above), but they are not read again from the file as only packet
|
|
|
|
|
* records are re-read. Therefore reset the wtap secrets and name
|
|
|
|
|
* resolution callbacks such that wtap resupplies the callbacks with
|
|
|
|
|
* previously read information.
|
2022-02-20 19:39:37 +00:00
|
|
|
*/
|
2023-01-20 01:10:27 -05:00
|
|
|
wtap_set_cb_new_ipv4(cf->provider.wth, add_ipv4_name);
|
|
|
|
|
wtap_set_cb_new_ipv6(cf->provider.wth, (wtap_new_ipv6_callback_t) add_ipv6_name);
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_set_cb_new_secrets(cf->provider.wth, secrets_wtap_callback);
|
2018-06-27 17:28:06 -07:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
for (framenum = 1; framenum <= frames_count; framenum++) {
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, framenum);
|
|
|
|
|
|
|
|
|
|
/* Create the progress bar if necessary.
|
|
|
|
|
We check on every iteration of the loop, so that it takes no
|
|
|
|
|
longer than the standard time to create it (otherwise, for a
|
|
|
|
|
large file, we might take considerably longer than that standard
|
|
|
|
|
time in order to get to the next progress bar step). */
|
|
|
|
|
if (progbar == NULL)
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar = delayed_create_progress_dlg(cf->window, action, action_item, true,
|
2022-02-20 19:39:37 +00:00
|
|
|
&cf->stop_flag,
|
|
|
|
|
progbar_val);
|
2000-07-03 08:36:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* Update the progress bar, but do it only after PROGBAR_UPDATE_INTERVAL
|
|
|
|
|
* has elapsed. Calling update_progress_dlg and packets_bar_update will
|
|
|
|
|
* likely trigger UI paint events, which might take a while depending on
|
|
|
|
|
* the platform and display. Reset our timer *after* painting.
|
|
|
|
|
*/
|
|
|
|
|
if (g_timer_elapsed(prog_timer, NULL) > PROGBAR_UPDATE_INTERVAL) {
|
|
|
|
|
/* let's not divide by zero. I should never be started
|
|
|
|
|
* with count == 0, so let's assert that
|
|
|
|
|
*/
|
|
|
|
|
ws_assert(cf->count > 0);
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar_val = (float) count / frames_count;
|
2011-03-22 03:56:39 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (progbar != NULL) {
|
|
|
|
|
snprintf(status_str, sizeof(status_str),
|
|
|
|
|
"%4u of %u frames", count, frames_count);
|
|
|
|
|
update_progress_dlg(progbar, progbar_val, status_str);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
queued_rescan_type = cf->redissection_queued;
|
|
|
|
|
if (queued_rescan_type != RESCAN_NONE) {
|
|
|
|
|
/* A redissection was requested while an existing redissection was
|
|
|
|
|
* pending. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->stop_flag) {
|
|
|
|
|
/* Well, the user decided to abort the filtering. Just stop.
|
|
|
|
|
|
|
|
|
|
XXX - go back to the previous filter? Users probably just
|
|
|
|
|
want not to wait for a filtering operation to finish;
|
|
|
|
|
unless we cancel by having no filter, reverting to the
|
|
|
|
|
previous filter will probably be even more expensive than
|
|
|
|
|
continuing the filtering, as it involves going back to the
|
|
|
|
|
beginning and filtering, and even with no filter we currently
|
|
|
|
|
have to re-generate the entire clist, which is also expensive.
|
|
|
|
|
|
|
|
|
|
I'm not sure what Network Monitor does, but it doesn't appear
|
|
|
|
|
to give you an unfiltered display if you cancel. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
count++;
|
|
|
|
|
|
|
|
|
|
if (redissect) {
|
|
|
|
|
/* Since all state for the frame was destroyed, mark the frame
|
|
|
|
|
* as not visited, free the GSList referring to the state
|
|
|
|
|
* data (the per-frame data itself was freed by
|
|
|
|
|
* "init_dissection()"), and null out the GSList pointer. */
|
|
|
|
|
frame_data_reset(fdata);
|
|
|
|
|
frames_count = cf->count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Frame dependencies from the previous dissection/filtering are no longer valid. */
|
|
|
|
|
fdata->dependent_of_displayed = 0;
|
|
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, &rec))
|
2022-02-20 19:39:37 +00:00
|
|
|
break; /* error reading the frame */
|
|
|
|
|
|
|
|
|
|
/* If the previous frame is displayed, and we haven't yet seen the
|
|
|
|
|
selected frame, remember that frame - it's the closest one we've
|
|
|
|
|
yet seen before the selected frame. */
|
|
|
|
|
if (prev_frame_num != -1 && !selected_frame_seen && prev_frame->passed_dfilter) {
|
|
|
|
|
preceding_frame_num = prev_frame_num;
|
|
|
|
|
preceding_frame = prev_frame;
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
add_packet_to_packet_list(fdata, cf, &edt, cf->dfcode, cinfo, &rec,
|
2022-02-20 19:39:37 +00:00
|
|
|
add_to_packet_list);
|
|
|
|
|
|
|
|
|
|
/* If this frame is displayed, and this is the first frame we've
|
|
|
|
|
seen displayed after the selected frame, remember this frame -
|
|
|
|
|
it's the closest one we've yet seen at or after the selected
|
|
|
|
|
frame. */
|
|
|
|
|
if (fdata->passed_dfilter && selected_frame_seen && following_frame_num == -1) {
|
|
|
|
|
following_frame_num = fdata->num;
|
|
|
|
|
following_frame = fdata;
|
|
|
|
|
}
|
|
|
|
|
if (fdata == selected_frame) {
|
2024-07-07 16:00:12 -04:00
|
|
|
selected_frame_seen = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fdata->passed_dfilter)
|
|
|
|
|
selected_frame_num = fdata->num;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Remember this frame - it'll be the previous frame
|
|
|
|
|
on the next pass through the loop. */
|
|
|
|
|
prev_frame_num = fdata->num;
|
|
|
|
|
prev_frame = fdata;
|
|
|
|
|
wtap_rec_reset(&rec);
|
1999-08-28 01:51:58 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_cleanup(&edt);
|
|
|
|
|
wtap_rec_cleanup(&rec);
|
|
|
|
|
|
|
|
|
|
/* We are done redissecting the packet list. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->redissecting = false;
|
1999-08-10 04:13:37 +00:00
|
|
|
|
2000-08-24 06:45:37 +00:00
|
|
|
if (redissect) {
|
2022-02-20 19:39:37 +00:00
|
|
|
frames_count = cf->count;
|
|
|
|
|
/* Clear out what remains of the visited flags and per-frame data
|
|
|
|
|
pointers.
|
|
|
|
|
|
|
|
|
|
XXX - that may cause various forms of bogosity when dissecting
|
|
|
|
|
these frames, as they won't have been seen by this sequential
|
|
|
|
|
pass, but the only alternative I see is to keep scanning them
|
|
|
|
|
even though the user requested that the scan stop, and that
|
|
|
|
|
would leave the user stuck with an Wireshark grinding on
|
|
|
|
|
until it finishes. Should we just stick them with that? */
|
|
|
|
|
for (; framenum <= frames_count; framenum++) {
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, framenum);
|
|
|
|
|
frame_data_reset(fdata);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We're done filtering the packets; destroy the progress bar if it
|
|
|
|
|
was created. */
|
|
|
|
|
if (progbar != NULL)
|
|
|
|
|
destroy_progress_dlg(progbar);
|
|
|
|
|
g_timer_destroy(prog_timer);
|
|
|
|
|
|
|
|
|
|
/* Unfreeze the packet list. */
|
|
|
|
|
if (!add_to_packet_list)
|
|
|
|
|
packet_list_recreate_visible_rows();
|
|
|
|
|
|
|
|
|
|
/* Compute the time it took to filter the file */
|
|
|
|
|
compute_elapsed(cf, start_time);
|
|
|
|
|
|
|
|
|
|
packet_list_thaw();
|
|
|
|
|
|
2023-01-07 09:04:41 -05:00
|
|
|
/* It is safe again to execute redissections or sort. */
|
|
|
|
|
ws_assert(cf->read_lock);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->read_lock = false;
|
2023-01-07 09:04:41 -05:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_invoke(cf_cb_file_rescan_finished, cf);
|
|
|
|
|
|
|
|
|
|
if (selected_frame_num == -1) {
|
|
|
|
|
/* The selected frame didn't pass the filter. */
|
|
|
|
|
if (selected_frame == NULL) {
|
|
|
|
|
/* That's because there *was* no selected frame. Make the first
|
|
|
|
|
displayed frame the current frame. */
|
|
|
|
|
selected_frame_num = 0;
|
|
|
|
|
} else {
|
|
|
|
|
/* Find the nearest displayed frame to the selected frame (whether
|
|
|
|
|
it's before or after that frame) and make that the current frame.
|
|
|
|
|
If the next and previous displayed frames are equidistant from the
|
|
|
|
|
selected frame, choose the next one. */
|
|
|
|
|
ws_assert(following_frame == NULL ||
|
|
|
|
|
following_frame->num >= selected_frame->num);
|
|
|
|
|
ws_assert(preceding_frame == NULL ||
|
|
|
|
|
preceding_frame->num <= selected_frame->num);
|
|
|
|
|
if (following_frame == NULL) {
|
|
|
|
|
/* No frame after the selected frame passed the filter, so we
|
|
|
|
|
have to select the last displayed frame before the selected
|
|
|
|
|
frame. */
|
|
|
|
|
selected_frame_num = preceding_frame_num;
|
|
|
|
|
selected_frame = preceding_frame;
|
|
|
|
|
} else if (preceding_frame == NULL) {
|
|
|
|
|
/* No frame before the selected frame passed the filter, so we
|
|
|
|
|
have to select the first displayed frame after the selected
|
|
|
|
|
frame. */
|
|
|
|
|
selected_frame_num = following_frame_num;
|
|
|
|
|
selected_frame = following_frame;
|
|
|
|
|
} else {
|
|
|
|
|
/* Frames before and after the selected frame passed the filter, so
|
|
|
|
|
we'll select the previous frame */
|
|
|
|
|
selected_frame_num = preceding_frame_num;
|
|
|
|
|
selected_frame = preceding_frame;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (selected_frame_num == -1) {
|
|
|
|
|
/* There are no frames displayed at all. */
|
|
|
|
|
cf_unselect_packet(cf);
|
2003-09-25 08:20:01 +00:00
|
|
|
} else {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Either the frame that was selected passed the filter, or we've
|
|
|
|
|
found the nearest displayed frame to that frame. Select it, make
|
|
|
|
|
it the focus row, and make it visible. */
|
|
|
|
|
/* Set to invalid to force update of packet list and packet details */
|
|
|
|
|
if (selected_frame_num == 0) {
|
2022-06-28 14:39:27 +02:00
|
|
|
packet_list_select_row_from_data(NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
}else{
|
|
|
|
|
if (!packet_list_select_row_from_data(selected_frame)) {
|
|
|
|
|
/* We didn't find a row corresponding to this frame.
|
|
|
|
|
This means that the frame isn't being displayed currently,
|
|
|
|
|
so we can't select it. */
|
|
|
|
|
simple_message_box(ESD_TYPE_INFO, NULL,
|
|
|
|
|
"The capture file is probably not fully dissected.",
|
|
|
|
|
"End of capture exceeded.");
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-12-10 11:05:45 +00:00
|
|
|
}
|
2007-01-01 10:23:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* If another rescan (due to dfilter change) or redissection (due to profile
|
|
|
|
|
* change) was requested, the rescan above is aborted and restarted here. */
|
|
|
|
|
if (queued_rescan_type != RESCAN_NONE) {
|
|
|
|
|
redissect = redissect || queued_rescan_type == RESCAN_REDISSECT;
|
2025-02-09 10:29:11 -08:00
|
|
|
// We recurse here, but if we have a deep queue at this point we have other problems.
|
2022-02-20 19:39:37 +00:00
|
|
|
rescan_packets(cf, "Reprocessing", "all packets", redissect);
|
|
|
|
|
}
|
1999-06-22 03:39:07 +00:00
|
|
|
}
|
2009-09-21 14:13:46 +00:00
|
|
|
|
|
|
|
|
|
2009-07-28 16:20:05 +00:00
|
|
|
/*
|
2016-01-05 19:58:42 -05:00
|
|
|
* Scan through all frame data and recalculate the ref time
|
2009-07-28 16:20:05 +00:00
|
|
|
* without rereading the file.
|
2023-09-26 00:26:25 -04:00
|
|
|
* XXX - do we need a progress bar or is this fast enough?
|
2009-07-28 16:20:05 +00:00
|
|
|
*/
|
2021-08-28 07:53:51 +02:00
|
|
|
void
|
|
|
|
|
cf_reftime_packets(capture_file* cf)
|
2009-07-28 16:20:05 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t framenum;
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data *fdata;
|
|
|
|
|
nstime_t rel_ts;
|
2009-07-28 16:20:05 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->provider.ref = NULL;
|
|
|
|
|
cf->provider.prev_dis = NULL;
|
|
|
|
|
cf->cum_bytes = 0;
|
2009-07-28 16:20:05 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
for (framenum = 1; framenum <= cf->count; framenum++) {
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, framenum);
|
2011-04-25 05:33:07 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* just add some value here until we know if it is being displayed or not */
|
|
|
|
|
fdata->cum_bytes = cf->cum_bytes + fdata->pkt_len;
|
2009-07-28 16:20:05 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
Don't use frames without timestamp for delta time calculations
pcapng allows simple packet blocks (which don't have timestamps),
enhanced packet blocks (which do) and custom blocks (which might
or might not have timestamps, and even if they do have timestamps,
libwiretap might not know about them), and so some records may have
timestamps while others do not.
Do not use frames without timestamps in delta time calculations.
Don't use them as reference frames for time calculations, or for
the previously displayed frame for time calculations, where the
previously displayed frame that actually has a timestamp is used.
Have the various _get_frame_ts functions return null instead of
their ts value (that is currently handled; if records without
timestamps set their abs_ts to the special "unset" value of nstime_t
that could work too, except that isn't currently handled.)
Still allow the GUI to set frames without timestamps as "Time
References", because that does still affect the "Cumulative Bytes"
column, so it's not entirely pointless; unset the reference time
so that the timestamp from the next frame that does have a timestamp
will be used as reference time.
The "previous captured frame" will show a 0 time delta when
the previous frame doeesn't have a timestamp. Perhaps a user
would also want "previous captured frame with a timestamp,"
but we'd have to store that in frame data (adding memory to
that struct.)
Fix #19397
2023-10-14 09:52:49 -04:00
|
|
|
* Timestamps
|
2022-02-20 19:39:37 +00:00
|
|
|
*/
|
2010-05-26 23:29:56 +00:00
|
|
|
|
Don't use frames without timestamp for delta time calculations
pcapng allows simple packet blocks (which don't have timestamps),
enhanced packet blocks (which do) and custom blocks (which might
or might not have timestamps, and even if they do have timestamps,
libwiretap might not know about them), and so some records may have
timestamps while others do not.
Do not use frames without timestamps in delta time calculations.
Don't use them as reference frames for time calculations, or for
the previously displayed frame for time calculations, where the
previously displayed frame that actually has a timestamp is used.
Have the various _get_frame_ts functions return null instead of
their ts value (that is currently handled; if records without
timestamps set their abs_ts to the special "unset" value of nstime_t
that could work too, except that isn't currently handled.)
Still allow the GUI to set frames without timestamps as "Time
References", because that does still affect the "Cumulative Bytes"
column, so it's not entirely pointless; unset the reference time
so that the timestamp from the next frame that does have a timestamp
will be used as reference time.
The "previous captured frame" will show a 0 time delta when
the previous frame doeesn't have a timestamp. Perhaps a user
would also want "previous captured frame with a timestamp,"
but we'd have to store that in frame data (adding memory to
that struct.)
Fix #19397
2023-10-14 09:52:49 -04:00
|
|
|
if (fdata->has_ts) {
|
|
|
|
|
/* If we don't have the time stamp of the first packet in the
|
|
|
|
|
capture, it's because this is the first packet. Save the time
|
|
|
|
|
stamp of this packet as the time stamp of the first packet. */
|
|
|
|
|
if (cf->provider.ref == NULL)
|
|
|
|
|
cf->provider.ref = fdata;
|
|
|
|
|
/* if this frames is marked as a reference time frame, reset
|
|
|
|
|
firstsec and firstusec to this frame */
|
|
|
|
|
if (fdata->ref_time)
|
|
|
|
|
cf->provider.ref = fdata;
|
|
|
|
|
|
|
|
|
|
/* Get the time elapsed between the first packet and this one. */
|
|
|
|
|
fdata->frame_ref_num = (fdata != cf->provider.ref) ? cf->provider.ref->num : 0;
|
|
|
|
|
nstime_delta(&rel_ts, &fdata->abs_ts, &cf->provider.ref->abs_ts);
|
|
|
|
|
|
|
|
|
|
/* If it's greater than the current elapsed time, set the elapsed
|
|
|
|
|
time to it (we check for "greater than" so as not to be
|
|
|
|
|
confused by time moving backwards). */
|
2025-01-18 21:24:57 -05:00
|
|
|
if (nstime_cmp(&cf->elapsed_time, &rel_ts) < 0) {
|
Don't use frames without timestamp for delta time calculations
pcapng allows simple packet blocks (which don't have timestamps),
enhanced packet blocks (which do) and custom blocks (which might
or might not have timestamps, and even if they do have timestamps,
libwiretap might not know about them), and so some records may have
timestamps while others do not.
Do not use frames without timestamps in delta time calculations.
Don't use them as reference frames for time calculations, or for
the previously displayed frame for time calculations, where the
previously displayed frame that actually has a timestamp is used.
Have the various _get_frame_ts functions return null instead of
their ts value (that is currently handled; if records without
timestamps set their abs_ts to the special "unset" value of nstime_t
that could work too, except that isn't currently handled.)
Still allow the GUI to set frames without timestamps as "Time
References", because that does still affect the "Cumulative Bytes"
column, so it's not entirely pointless; unset the reference time
so that the timestamp from the next frame that does have a timestamp
will be used as reference time.
The "previous captured frame" will show a 0 time delta when
the previous frame doeesn't have a timestamp. Perhaps a user
would also want "previous captured frame with a timestamp,"
but we'd have to store that in frame data (adding memory to
that struct.)
Fix #19397
2023-10-14 09:52:49 -04:00
|
|
|
cf->elapsed_time = rel_ts;
|
|
|
|
|
}
|
2009-07-28 16:20:05 +00:00
|
|
|
|
Don't use frames without timestamp for delta time calculations
pcapng allows simple packet blocks (which don't have timestamps),
enhanced packet blocks (which do) and custom blocks (which might
or might not have timestamps, and even if they do have timestamps,
libwiretap might not know about them), and so some records may have
timestamps while others do not.
Do not use frames without timestamps in delta time calculations.
Don't use them as reference frames for time calculations, or for
the previously displayed frame for time calculations, where the
previously displayed frame that actually has a timestamp is used.
Have the various _get_frame_ts functions return null instead of
their ts value (that is currently handled; if records without
timestamps set their abs_ts to the special "unset" value of nstime_t
that could work too, except that isn't currently handled.)
Still allow the GUI to set frames without timestamps as "Time
References", because that does still affect the "Cumulative Bytes"
column, so it's not entirely pointless; unset the reference time
so that the timestamp from the next frame that does have a timestamp
will be used as reference time.
The "previous captured frame" will show a 0 time delta when
the previous frame doeesn't have a timestamp. Perhaps a user
would also want "previous captured frame with a timestamp,"
but we'd have to store that in frame data (adding memory to
that struct.)
Fix #19397
2023-10-14 09:52:49 -04:00
|
|
|
/* If this frame is displayed, get the time elapsed between the
|
|
|
|
|
previous displayed packet and this packet. */
|
|
|
|
|
/* XXX: What if in the future we want to use the previously
|
|
|
|
|
* displayed frame for something else, too? Then we'd want
|
|
|
|
|
* to store this frame as prev_dis even if it doesn't have a
|
|
|
|
|
* timestamp. */
|
|
|
|
|
if ( fdata->passed_dfilter ) {
|
|
|
|
|
/* If we don't have the time stamp of the previous displayed
|
|
|
|
|
packet, it's because this is the first displayed packet.
|
|
|
|
|
Save the time stamp of this packet as the time stamp of
|
|
|
|
|
the previous displayed packet. */
|
|
|
|
|
if (cf->provider.prev_dis == NULL) {
|
|
|
|
|
cf->provider.prev_dis = fdata;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fdata->prev_dis_num = cf->provider.prev_dis->num;
|
2023-09-05 09:24:27 -04:00
|
|
|
cf->provider.prev_dis = fdata;
|
|
|
|
|
}
|
Don't use frames without timestamp for delta time calculations
pcapng allows simple packet blocks (which don't have timestamps),
enhanced packet blocks (which do) and custom blocks (which might
or might not have timestamps, and even if they do have timestamps,
libwiretap might not know about them), and so some records may have
timestamps while others do not.
Do not use frames without timestamps in delta time calculations.
Don't use them as reference frames for time calculations, or for
the previously displayed frame for time calculations, where the
previously displayed frame that actually has a timestamp is used.
Have the various _get_frame_ts functions return null instead of
their ts value (that is currently handled; if records without
timestamps set their abs_ts to the special "unset" value of nstime_t
that could work too, except that isn't currently handled.)
Still allow the GUI to set frames without timestamps as "Time
References", because that does still affect the "Cumulative Bytes"
column, so it's not entirely pointless; unset the reference time
so that the timestamp from the next frame that does have a timestamp
will be used as reference time.
The "previous captured frame" will show a 0 time delta when
the previous frame doeesn't have a timestamp. Perhaps a user
would also want "previous captured frame with a timestamp,"
but we'd have to store that in frame data (adding memory to
that struct.)
Fix #19397
2023-10-14 09:52:49 -04:00
|
|
|
} else {
|
|
|
|
|
/* If this frame doesn't have a timestamp, don't calculate
|
|
|
|
|
anything with relative times. */
|
|
|
|
|
/* However, if this frame is marked as a reference time frame,
|
|
|
|
|
clear the reference frame so that the next frame with a
|
|
|
|
|
timestamp becomes the reference frame. */
|
|
|
|
|
if (fdata->ref_time) {
|
|
|
|
|
cf->provider.ref = NULL;
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2010-05-26 23:29:56 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* Byte counts
|
|
|
|
|
*/
|
|
|
|
|
if ( (fdata->passed_dfilter) || (fdata->ref_time) ) {
|
|
|
|
|
/* This frame either passed the display filter list or is marked as
|
|
|
|
|
a time reference frame. All time reference frames are displayed
|
|
|
|
|
even if they don't pass the display filter */
|
|
|
|
|
if (fdata->ref_time) {
|
|
|
|
|
/* if this was a TIME REF frame we should reset the cum_bytes field */
|
|
|
|
|
cf->cum_bytes = fdata->pkt_len;
|
|
|
|
|
fdata->cum_bytes = cf->cum_bytes;
|
|
|
|
|
} else {
|
|
|
|
|
/* increase cum_bytes with this packets length */
|
|
|
|
|
cf->cum_bytes += fdata->pkt_len;
|
|
|
|
|
}
|
2009-09-21 15:50:15 +00:00
|
|
|
}
|
|
|
|
|
}
|
2009-07-28 16:20:05 +00:00
|
|
|
}
|
2009-09-21 15:50:15 +00:00
|
|
|
|
2004-01-09 22:56:59 +00:00
|
|
|
typedef enum {
|
2022-02-20 19:39:37 +00:00
|
|
|
PSP_FINISHED,
|
|
|
|
|
PSP_STOPPED,
|
|
|
|
|
PSP_FAILED
|
2004-01-09 22:56:59 +00:00
|
|
|
} psp_return_t;
|
|
|
|
|
|
2005-08-14 23:25:20 +00:00
|
|
|
static psp_return_t
|
2014-05-24 11:28:30 -07:00
|
|
|
process_specified_records(capture_file *cf, packet_range_t *range,
|
2024-07-07 16:00:12 -04:00
|
|
|
const char *string1, const char *string2, bool terminate_is_stop,
|
2024-05-06 10:41:20 -07:00
|
|
|
bool (*callback)(capture_file *, frame_data *,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *, void *),
|
2022-02-20 19:39:37 +00:00
|
|
|
void *callback_args,
|
2024-07-07 16:00:12 -04:00
|
|
|
bool show_progress_bar)
|
1999-07-23 08:29:24 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t framenum;
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data *fdata;
|
|
|
|
|
wtap_rec rec;
|
|
|
|
|
psp_return_t ret = PSP_FINISHED;
|
|
|
|
|
|
|
|
|
|
progdlg_t *progbar = NULL;
|
|
|
|
|
GTimer *prog_timer = g_timer_new();
|
|
|
|
|
int progbar_count;
|
|
|
|
|
float progbar_val;
|
2024-07-07 16:00:12 -04:00
|
|
|
char progbar_status_str[100];
|
2022-02-20 19:39:37 +00:00
|
|
|
range_process_e process_this;
|
2004-01-09 18:11:21 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec_init(&rec, 1514);
|
2005-10-27 06:45:37 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
/* Count of packets at which we've looked. */
|
|
|
|
|
progbar_count = 0;
|
|
|
|
|
/* Progress so far. */
|
|
|
|
|
progbar_val = 0.0f;
|
1999-09-13 23:45:22 +00:00
|
|
|
|
2024-04-06 12:38:44 -04:00
|
|
|
/* XXX - It should be ok to have multiple readers, so long as nothing
|
|
|
|
|
* frees the epan context, e.g. rescan_packets with redissect true,
|
|
|
|
|
* or anything that closes the file (including reload and certain forms
|
|
|
|
|
* of saving.) This is mostly to stop cf_save_records but should probably
|
|
|
|
|
* be handled by callers in order to allow multiple readers (e.g.,
|
|
|
|
|
* restarting taps after adding or changing one.) We should probably
|
|
|
|
|
* make this a real reader-writer lock.
|
|
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->read_lock) {
|
|
|
|
|
ws_warning("Failing due to nested process_specified_records(\"%s\") call!", cf->filename);
|
|
|
|
|
return PSP_FAILED;
|
|
|
|
|
}
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->read_lock = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->stop_flag = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (range != NULL)
|
|
|
|
|
packet_range_process_init(range);
|
|
|
|
|
|
|
|
|
|
/* Iterate through all the packets, printing the packets that
|
|
|
|
|
were selected by the current display filter. */
|
|
|
|
|
for (framenum = 1; framenum <= cf->count; framenum++) {
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, framenum);
|
|
|
|
|
|
|
|
|
|
/* Create the progress bar if necessary.
|
|
|
|
|
We check on every iteration of the loop, so that it takes no
|
|
|
|
|
longer than the standard time to create it (otherwise, for a
|
|
|
|
|
large file, we might take considerably longer than that standard
|
|
|
|
|
time in order to get to the next progress bar step). */
|
|
|
|
|
if (show_progress_bar && progbar == NULL)
|
|
|
|
|
progbar = delayed_create_progress_dlg(cf->window, string1, string2,
|
|
|
|
|
terminate_is_stop,
|
|
|
|
|
&cf->stop_flag,
|
|
|
|
|
progbar_val);
|
2002-07-30 10:13:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* Update the progress bar, but do it only after PROGBAR_UPDATE_INTERVAL
|
|
|
|
|
* has elapsed. Calling update_progress_dlg and packets_bar_update will
|
|
|
|
|
* likely trigger UI paint events, which might take a while depending on
|
|
|
|
|
* the platform and display. Reset our timer *after* painting.
|
|
|
|
|
*/
|
|
|
|
|
if (progbar && g_timer_elapsed(prog_timer, NULL) > PROGBAR_UPDATE_INTERVAL) {
|
|
|
|
|
/* let's not divide by zero. I should never be started
|
|
|
|
|
* with count == 0, so let's assert that
|
|
|
|
|
*/
|
|
|
|
|
ws_assert(cf->count > 0);
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar_val = (float) progbar_count / cf->count;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
snprintf(progbar_status_str, sizeof(progbar_status_str),
|
|
|
|
|
"%4u of %u packets", progbar_count, cf->count);
|
|
|
|
|
update_progress_dlg(progbar, progbar_val, progbar_status_str);
|
|
|
|
|
|
|
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->stop_flag) {
|
|
|
|
|
/* Well, the user decided to abort the operation. Just stop,
|
|
|
|
|
and arrange to return PSP_STOPPED to our caller, so they know
|
|
|
|
|
it was stopped explicitly. */
|
|
|
|
|
ret = PSP_STOPPED;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
progbar_count++;
|
|
|
|
|
|
|
|
|
|
if (range != NULL) {
|
|
|
|
|
/* do we have to process this packet? */
|
|
|
|
|
process_this = packet_range_process_packet(range, fdata);
|
|
|
|
|
if (process_this == range_process_next) {
|
|
|
|
|
/* this packet uninteresting, continue with next one */
|
|
|
|
|
continue;
|
|
|
|
|
} else if (process_this == range_processing_finished) {
|
|
|
|
|
/* all interesting packets processed, stop the loop */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get the packet */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, &rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
ret = PSP_FAILED;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
/* Process the packet */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!callback(cf, fdata, &rec, callback_args)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Callback failed. We assume it reported the error appropriately. */
|
|
|
|
|
ret = PSP_FAILED;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
wtap_rec_reset(&rec);
|
1999-09-13 23:45:22 +00:00
|
|
|
}
|
2000-07-03 08:36:52 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We're done printing the packets; destroy the progress bar if
|
|
|
|
|
it was created. */
|
|
|
|
|
if (progbar != NULL)
|
|
|
|
|
destroy_progress_dlg(progbar);
|
|
|
|
|
g_timer_destroy(prog_timer);
|
|
|
|
|
|
|
|
|
|
ws_assert(cf->read_lock);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->read_lock = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
wtap_rec_cleanup(&rec);
|
|
|
|
|
|
|
|
|
|
return ret;
|
2004-01-09 22:56:59 +00:00
|
|
|
}
|
1999-08-10 04:13:37 +00:00
|
|
|
|
2009-06-05 22:42:47 +00:00
|
|
|
typedef struct {
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_t edt;
|
|
|
|
|
column_info *cinfo;
|
2009-06-05 22:42:47 +00:00
|
|
|
} retap_callback_args_t;
|
|
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2024-12-29 14:04:53 -08:00
|
|
|
retap_packet(capture_file *cf, frame_data *fdata, wtap_rec *rec, void *argsp)
|
2004-01-13 22:34:10 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
retap_callback_args_t *args = (retap_callback_args_t *)argsp;
|
2004-01-13 22:34:10 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run_with_taps(&args->edt, cf->cd_t, rec, fdata, args->cinfo);
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_reset(&args->edt);
|
2004-01-13 22:34:10 +00:00
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
return true;
|
2004-01-13 22:34:10 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-05 12:50:47 +00:00
|
|
|
cf_read_status_t
|
2009-06-05 22:42:47 +00:00
|
|
|
cf_retap_packets(capture_file *cf)
|
2004-01-13 22:34:10 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
packet_range_t range;
|
|
|
|
|
retap_callback_args_t callback_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool create_proto_tree;
|
|
|
|
|
bool filtering_tap_listeners;
|
|
|
|
|
unsigned tap_flags;
|
2022-02-20 19:39:37 +00:00
|
|
|
psp_return_t ret;
|
|
|
|
|
|
|
|
|
|
/* Presumably the user closed the capture file. */
|
|
|
|
|
if (cf == NULL) {
|
|
|
|
|
return CF_READ_ABORTED;
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-06 12:38:44 -04:00
|
|
|
/* XXX - If cf->read_lock is true, process_specified_records will fail
|
|
|
|
|
* due to a nested call. We fail here so that we don't reset the tap
|
|
|
|
|
* listeners if this tap isn't going to succeed.
|
|
|
|
|
*/
|
|
|
|
|
if (cf->read_lock) {
|
|
|
|
|
ws_warning("Failing due to nested process_specified_records(\"%s\") call!", cf->filename);
|
|
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_invoke(cf_cb_file_retap_started, cf);
|
|
|
|
|
|
2023-05-05 07:43:27 -04:00
|
|
|
/* Do we have any tap listeners with filters? */
|
|
|
|
|
filtering_tap_listeners = have_filtering_tap_listeners();
|
|
|
|
|
|
|
|
|
|
/* Update references in filters (if any) for the protocol
|
|
|
|
|
* tree corresponding to the currently selected frame in the GUI. */
|
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
2024-01-21 07:51:03 -05:00
|
|
|
/* XXX - What if we *don't* have a currently selected frame in the GUI,
|
|
|
|
|
* but we did the last time we loaded field references? Then they'll
|
|
|
|
|
* match something instead of nothing (unless they've been recompiled).
|
|
|
|
|
* Should we have a way to clear the field references even with a NULL tree?
|
|
|
|
|
*/
|
2023-05-05 07:43:27 -04:00
|
|
|
if (cf->edt != NULL && cf->edt->tree != NULL) {
|
|
|
|
|
if (filtering_tap_listeners)
|
|
|
|
|
tap_listeners_load_field_references(cf->edt);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Get the union of the flags for all tap listeners. */
|
|
|
|
|
tap_flags = union_of_tap_listener_flags();
|
|
|
|
|
|
|
|
|
|
/* If any tap listeners require the columns, construct them. */
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 08:02:18 -04:00
|
|
|
callback_args.cinfo = (tap_listeners_require_columns()) ? &cf->cinfo : NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Determine whether we need to create a protocol tree.
|
|
|
|
|
* We do if:
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners is going to apply a filter;
|
|
|
|
|
*
|
|
|
|
|
* one of the tap listeners requires a protocol tree.
|
|
|
|
|
*/
|
|
|
|
|
create_proto_tree =
|
2023-05-05 07:43:27 -04:00
|
|
|
(filtering_tap_listeners || (tap_flags & TL_REQUIRES_PROTO_TREE));
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Reset the tap listeners. */
|
|
|
|
|
reset_tap_listeners();
|
2024-04-06 12:38:44 -04:00
|
|
|
uint32_t count = cf->count;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&callback_args.edt, cf->epan, create_proto_tree, false);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Iterate through the list of packets, dissecting all packets and
|
|
|
|
|
re-running the taps. */
|
|
|
|
|
packet_range_init(&range, cf);
|
|
|
|
|
packet_range_process_init(&range);
|
|
|
|
|
|
2024-04-06 12:38:44 -04:00
|
|
|
if (cf->state == FILE_READ_IN_PROGRESS) {
|
|
|
|
|
/* We're not done with the sequential read of the file and might
|
|
|
|
|
* add more frames while process_specified_records is going. We
|
|
|
|
|
* don't want to tap new frames twice, so limit the range to the
|
|
|
|
|
* frames already here.
|
|
|
|
|
*
|
|
|
|
|
* cf_read sets read_lock so we don't tap in case of an offline
|
|
|
|
|
* file, but cf_continue_tail and cf_finish_tail don't, and we
|
|
|
|
|
* don't want them to, because tapping new packets in a live
|
|
|
|
|
* capture is a common use case.
|
|
|
|
|
*
|
|
|
|
|
* Note that most other users of process_specified_records (saving,
|
|
|
|
|
* printing) do want to process new packets, unlike taps.
|
|
|
|
|
*/
|
|
|
|
|
if (count) {
|
|
|
|
|
char* range_str = g_strdup_printf("-%u", count);
|
|
|
|
|
packet_range_convert_str(&range, range_str);
|
|
|
|
|
g_free(range_str);
|
|
|
|
|
} else {
|
|
|
|
|
/* range_t treats a missing number as meaning 1, not 0, and
|
|
|
|
|
* reverses the order if backwards; thus the syntax -0 means
|
|
|
|
|
* 0-1, so to only take zero packets we do this.
|
|
|
|
|
*/
|
|
|
|
|
packet_range_convert_str(&range, "0");
|
|
|
|
|
}
|
|
|
|
|
range.process = range_process_user_range;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
ret = process_specified_records(cf, &range, "Recalculating statistics on",
|
2024-07-07 16:00:12 -04:00
|
|
|
"all packets", true, retap_packet,
|
|
|
|
|
&callback_args, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
packet_range_cleanup(&range);
|
|
|
|
|
epan_dissect_cleanup(&callback_args.edt);
|
|
|
|
|
|
|
|
|
|
cf_callback_invoke(cf_cb_file_retap_finished, cf);
|
|
|
|
|
|
|
|
|
|
switch (ret) {
|
|
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
return CF_READ_OK;
|
2004-01-13 22:34:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* Well, the user decided to abort the refiltering.
|
|
|
|
|
Return CF_READ_ABORTED so our caller knows they did that. */
|
|
|
|
|
return CF_READ_ABORTED;
|
2004-01-13 22:34:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while retapping. */
|
|
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
}
|
2004-01-13 22:34:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
ws_assert_not_reached();
|
|
|
|
|
return CF_READ_OK;
|
2004-01-13 22:34:10 +00:00
|
|
|
}
|
|
|
|
|
|
2004-01-09 22:56:59 +00:00
|
|
|
typedef struct {
|
2022-02-20 19:39:37 +00:00
|
|
|
print_args_t *print_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool print_header_line;
|
2022-02-20 19:39:37 +00:00
|
|
|
char *header_line_buf;
|
|
|
|
|
int header_line_buf_len;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool print_formfeed;
|
|
|
|
|
bool print_separator;
|
2022-02-20 19:39:37 +00:00
|
|
|
char *line_buf;
|
|
|
|
|
int line_buf_len;
|
2024-07-07 16:00:12 -04:00
|
|
|
int *col_widths;
|
2022-02-20 19:39:37 +00:00
|
|
|
int num_visible_cols;
|
2024-07-07 16:00:12 -04:00
|
|
|
int *visible_cols;
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_t edt;
|
2004-01-09 22:56:59 +00:00
|
|
|
} print_callback_args_t;
|
1999-08-10 04:13:37 +00:00
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2024-12-29 14:04:53 -08:00
|
|
|
print_packet(capture_file *cf, frame_data *fdata, wtap_rec *rec, void *argsp)
|
2004-01-09 22:56:59 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
print_callback_args_t *args = (print_callback_args_t *)argsp;
|
|
|
|
|
int i;
|
|
|
|
|
char *cp;
|
|
|
|
|
int line_len;
|
|
|
|
|
int column_len;
|
|
|
|
|
int cp_off;
|
|
|
|
|
char bookmark_name[9+10+1]; /* "__frameNNNNNNNNNN__\0" */
|
|
|
|
|
char bookmark_title[6+10+1]; /* "Frame NNNNNNNNNN__\0" */
|
|
|
|
|
col_item_t* col_item;
|
2024-07-07 16:00:12 -04:00
|
|
|
const char* col_text;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Fill in the column information if we're printing the summary
|
|
|
|
|
information. */
|
|
|
|
|
if (args->print_args->print_summary) {
|
|
|
|
|
col_custom_prime_edt(&args->edt, &cf->cinfo);
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&args->edt, cf->cd_t, rec, fdata, &cf->cinfo);
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_fill_in_columns(&args->edt, false, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
} else
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&args->edt, cf->cd_t, rec, fdata, NULL);
|
2018-07-09 21:45:33 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (args->print_formfeed) {
|
|
|
|
|
if (!new_page(args->print_args->stream))
|
|
|
|
|
goto fail;
|
2004-04-22 17:03:21 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* Print another header line if we print a packet summary on the
|
|
|
|
|
* new page.
|
|
|
|
|
*/
|
|
|
|
|
if (args->print_args->print_col_headings)
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_header_line = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
} else {
|
|
|
|
|
if (args->print_separator) {
|
|
|
|
|
if (!print_line(args->print_args->stream, 0, ""))
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-04-22 17:03:21 +00:00
|
|
|
|
2004-07-25 08:53:38 +00:00
|
|
|
/*
|
2022-02-20 19:39:37 +00:00
|
|
|
* We generate bookmarks, if the output format supports them.
|
|
|
|
|
* The name is "__frameN__".
|
2004-07-25 08:53:38 +00:00
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
snprintf(bookmark_name, sizeof bookmark_name, "__frame%u__", fdata->num);
|
2004-07-25 08:53:38 +00:00
|
|
|
|
2004-04-16 20:20:54 +00:00
|
|
|
if (args->print_args->print_summary) {
|
2022-02-20 19:39:37 +00:00
|
|
|
if (!args->print_args->print_col_headings)
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_header_line = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (args->print_header_line) {
|
|
|
|
|
if (!print_line(args->print_args->stream, 0, args->header_line_buf))
|
|
|
|
|
goto fail;
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_header_line = false; /* we might not need to print any more */
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
cp = &args->line_buf[0];
|
|
|
|
|
line_len = 0;
|
|
|
|
|
for (i = 0; i < args->num_visible_cols; i++) {
|
|
|
|
|
col_item = &cf->cinfo.columns[args->visible_cols[i]];
|
2022-07-09 12:34:15 -04:00
|
|
|
col_text = get_column_text(&cf->cinfo, args->visible_cols[i]);
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Find the length of the string for this column. */
|
2022-07-09 12:34:15 -04:00
|
|
|
column_len = (int) strlen(col_text);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (args->col_widths[i] > column_len)
|
|
|
|
|
column_len = args->col_widths[i];
|
|
|
|
|
|
|
|
|
|
/* Make sure there's room in the line buffer for the column; if not,
|
|
|
|
|
double its length. */
|
|
|
|
|
line_len += column_len + 1; /* "+1" for space */
|
|
|
|
|
if (line_len > args->line_buf_len) {
|
|
|
|
|
cp_off = (int) (cp - args->line_buf);
|
|
|
|
|
args->line_buf_len = 2 * line_len;
|
|
|
|
|
args->line_buf = (char *)g_realloc(args->line_buf, args->line_buf_len + 1);
|
|
|
|
|
cp = args->line_buf + cp_off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Right-justify the packet number column. */
|
2024-10-06 21:13:42 +02:00
|
|
|
if (col_item->col_fmt == COL_NUMBER || col_item->col_fmt == COL_NUMBER_DIS)
|
2022-07-09 12:34:15 -04:00
|
|
|
snprintf(cp, column_len+1, "%*s", args->col_widths[i], col_text);
|
2022-02-20 19:39:37 +00:00
|
|
|
else
|
2022-07-09 12:34:15 -04:00
|
|
|
snprintf(cp, column_len+1, "%-*s", args->col_widths[i], col_text);
|
2022-02-20 19:39:37 +00:00
|
|
|
cp += column_len;
|
|
|
|
|
if (i != args->num_visible_cols - 1)
|
|
|
|
|
*cp++ = ' ';
|
|
|
|
|
}
|
|
|
|
|
*cp = '\0';
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Generate a bookmark, using the summary line as the title.
|
|
|
|
|
*/
|
|
|
|
|
if (!print_bookmark(args->print_args->stream, bookmark_name,
|
|
|
|
|
args->line_buf))
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
if (!print_line(args->print_args->stream, 0, args->line_buf))
|
|
|
|
|
goto fail;
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Generate a bookmark, using "Frame N" as the title, as we're not
|
|
|
|
|
* printing the summary line.
|
|
|
|
|
*/
|
|
|
|
|
snprintf(bookmark_title, sizeof bookmark_title, "Frame %u", fdata->num);
|
|
|
|
|
if (!print_bookmark(args->print_args->stream, bookmark_name,
|
|
|
|
|
bookmark_title))
|
|
|
|
|
goto fail;
|
|
|
|
|
} /* if (print_summary) */
|
|
|
|
|
|
|
|
|
|
if (args->print_args->print_dissections != print_dissections_none) {
|
|
|
|
|
if (args->print_args->print_summary) {
|
|
|
|
|
/* Separate the summary line from the tree with a blank line. */
|
|
|
|
|
if (!print_line(args->print_args->stream, 0, ""))
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Print the information in that tree. */
|
|
|
|
|
if (!proto_tree_print(args->print_args->print_dissections,
|
|
|
|
|
args->print_args->print_hex, &args->edt, NULL,
|
|
|
|
|
args->print_args->stream))
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
/* Print a blank line if we print anything after this (aka more than one packet). */
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_separator = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Print a header line if we print any more packet summaries */
|
|
|
|
|
if (args->print_args->print_col_headings)
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_header_line = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (args->print_args->print_hex) {
|
|
|
|
|
if (args->print_args->print_summary || (args->print_args->print_dissections != print_dissections_none)) {
|
|
|
|
|
if (!print_line(args->print_args->stream, 0, ""))
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
/* Print the full packet data as hex. */
|
|
|
|
|
if (!print_hex_data(args->print_args->stream, &args->edt, args->print_args->hexdump_options))
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
/* Print a blank line if we print anything after this (aka more than one packet). */
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_separator = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Print a header line if we print any more packet summaries */
|
|
|
|
|
if (args->print_args->print_col_headings)
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_header_line = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
} /* if (args->print_args->print_dissections != print_dissections_none) */
|
|
|
|
|
|
|
|
|
|
epan_dissect_reset(&args->edt);
|
|
|
|
|
|
|
|
|
|
/* do we want to have a formfeed between each packet from now on? */
|
|
|
|
|
if (args->print_args->print_formfeed) {
|
2024-07-07 16:00:12 -04:00
|
|
|
args->print_formfeed = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
return true;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
epan_dissect_reset(&args->edt);
|
2024-05-06 10:41:20 -07:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf_print_status_t
|
|
|
|
|
cf_print_packets(capture_file *cf, print_args_t *print_args,
|
2024-07-07 16:00:12 -04:00
|
|
|
bool show_progress_bar)
|
2022-02-20 19:39:37 +00:00
|
|
|
{
|
|
|
|
|
print_callback_args_t callback_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
int data_width;
|
2022-02-20 19:39:37 +00:00
|
|
|
char *cp;
|
|
|
|
|
int i, cp_off, column_len, line_len;
|
|
|
|
|
int num_visible_col = 0, last_visible_col = 0, visible_col_count;
|
|
|
|
|
psp_return_t ret;
|
|
|
|
|
GList *clp;
|
|
|
|
|
fmt_data *cfmt;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool proto_tree_needed;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
callback_args.print_args = print_args;
|
|
|
|
|
callback_args.print_header_line = print_args->print_col_headings;
|
|
|
|
|
callback_args.header_line_buf = NULL;
|
|
|
|
|
callback_args.header_line_buf_len = 256;
|
2024-07-07 16:00:12 -04:00
|
|
|
callback_args.print_formfeed = false;
|
|
|
|
|
callback_args.print_separator = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
callback_args.line_buf = NULL;
|
|
|
|
|
callback_args.line_buf_len = 256;
|
|
|
|
|
callback_args.col_widths = NULL;
|
|
|
|
|
callback_args.num_visible_cols = 0;
|
|
|
|
|
callback_args.visible_cols = NULL;
|
|
|
|
|
|
|
|
|
|
if (!print_preamble(print_args->stream, cf->filename, get_ws_vcs_version_info())) {
|
|
|
|
|
destroy_print_stream(print_args->stream);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
2004-04-16 20:20:54 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (print_args->print_summary) {
|
|
|
|
|
/* We're printing packet summaries. Allocate the header line buffer
|
|
|
|
|
and get the column widths. */
|
|
|
|
|
callback_args.header_line_buf = (char *)g_malloc(callback_args.header_line_buf_len + 1);
|
2004-01-09 22:56:59 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Find the number of visible columns and the last visible column */
|
|
|
|
|
for (i = 0; i < prefs.num_cols; i++) {
|
2004-04-16 20:20:54 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
clp = g_list_nth(prefs.col_list, i);
|
|
|
|
|
if (clp == NULL) /* Sanity check, Invalid column requested */
|
|
|
|
|
continue;
|
2004-04-16 18:17:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cfmt = (fmt_data *) clp->data;
|
|
|
|
|
if (cfmt->visible) {
|
|
|
|
|
num_visible_col++;
|
|
|
|
|
last_visible_col = i;
|
|
|
|
|
}
|
|
|
|
|
}
|
2004-01-09 22:56:59 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* if num_visible_col is 0, we are done */
|
|
|
|
|
if (num_visible_col == 0) {
|
|
|
|
|
g_free(callback_args.header_line_buf);
|
|
|
|
|
return CF_PRINT_OK;
|
|
|
|
|
}
|
2004-04-16 20:20:54 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Find the widths for each of the columns - maximum of the
|
|
|
|
|
width of the title and the width of the data - and construct
|
|
|
|
|
a buffer with a line containing the column titles. */
|
|
|
|
|
callback_args.num_visible_cols = num_visible_col;
|
2024-07-07 16:00:12 -04:00
|
|
|
callback_args.col_widths = g_new(int, num_visible_col);
|
|
|
|
|
callback_args.visible_cols = g_new(int, num_visible_col);
|
2022-02-20 19:39:37 +00:00
|
|
|
cp = &callback_args.header_line_buf[0];
|
|
|
|
|
line_len = 0;
|
|
|
|
|
visible_col_count = 0;
|
|
|
|
|
for (i = 0; i < cf->cinfo.num_cols; i++) {
|
|
|
|
|
|
|
|
|
|
clp = g_list_nth(prefs.col_list, i);
|
|
|
|
|
if (clp == NULL) /* Sanity check, Invalid column requested */
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
cfmt = (fmt_data *) clp->data;
|
2024-07-07 16:00:12 -04:00
|
|
|
if (cfmt->visible == false)
|
2022-02-20 19:39:37 +00:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Save the order of visible columns */
|
|
|
|
|
callback_args.visible_cols[visible_col_count] = i;
|
|
|
|
|
|
|
|
|
|
/* Don't pad the last column. */
|
|
|
|
|
if (i == last_visible_col)
|
|
|
|
|
callback_args.col_widths[visible_col_count] = 0;
|
|
|
|
|
else {
|
2024-07-07 16:00:12 -04:00
|
|
|
callback_args.col_widths[visible_col_count] = (int) strlen(cf->cinfo.columns[i].col_title);
|
2022-02-20 19:39:37 +00:00
|
|
|
data_width = get_column_char_width(get_column_format(i));
|
|
|
|
|
if (data_width > callback_args.col_widths[visible_col_count])
|
|
|
|
|
callback_args.col_widths[visible_col_count] = data_width;
|
|
|
|
|
}
|
2004-04-16 18:17:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Find the length of the string for this column. */
|
|
|
|
|
column_len = (int) strlen(cf->cinfo.columns[i].col_title);
|
|
|
|
|
if (callback_args.col_widths[visible_col_count] > column_len)
|
|
|
|
|
column_len = callback_args.col_widths[visible_col_count];
|
|
|
|
|
|
|
|
|
|
/* Make sure there's room in the line buffer for the column; if not,
|
|
|
|
|
double its length. */
|
|
|
|
|
line_len += column_len + 1; /* "+1" for space */
|
|
|
|
|
if (line_len > callback_args.header_line_buf_len) {
|
|
|
|
|
cp_off = (int) (cp - callback_args.header_line_buf);
|
|
|
|
|
callback_args.header_line_buf_len = 2 * line_len;
|
|
|
|
|
callback_args.header_line_buf = (char *)g_realloc(callback_args.header_line_buf,
|
|
|
|
|
callback_args.header_line_buf_len + 1);
|
|
|
|
|
cp = callback_args.header_line_buf + cp_off;
|
|
|
|
|
}
|
2004-01-09 22:56:59 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Right-justify the packet number column. */
|
2024-10-06 21:13:42 +02:00
|
|
|
/* if (cf->cinfo.col_fmt[i] == COL_NUMBER || cf->cinfo.col_fmt[i] == COL_NUMBER_DIS)
|
2022-02-20 19:39:37 +00:00
|
|
|
snprintf(cp, column_len+1, "%*s", callback_args.col_widths[visible_col_count], cf->cinfo.columns[i].col_title);
|
|
|
|
|
else*/
|
|
|
|
|
snprintf(cp, column_len+1, "%-*s", callback_args.col_widths[visible_col_count], cf->cinfo.columns[i].col_title);
|
|
|
|
|
cp += column_len;
|
|
|
|
|
if (i != cf->cinfo.num_cols - 1)
|
|
|
|
|
*cp++ = ' ';
|
2004-04-22 17:03:21 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
visible_col_count++;
|
|
|
|
|
}
|
|
|
|
|
*cp = '\0';
|
|
|
|
|
|
|
|
|
|
/* Now start out the main line buffer with the same length as the
|
|
|
|
|
header line buffer. */
|
|
|
|
|
callback_args.line_buf_len = callback_args.header_line_buf_len;
|
|
|
|
|
callback_args.line_buf = (char *)g_malloc(callback_args.line_buf_len + 1);
|
|
|
|
|
} /* if (print_summary) */
|
|
|
|
|
|
|
|
|
|
/* Create the protocol tree, and make it visible, if we're printing
|
|
|
|
|
the dissection or the hex data.
|
|
|
|
|
XXX - do we need it if we're just printing the hex data? */
|
|
|
|
|
proto_tree_needed =
|
|
|
|
|
callback_args.print_args->print_dissections != print_dissections_none ||
|
|
|
|
|
callback_args.print_args->print_hex ||
|
|
|
|
|
have_custom_cols(&cf->cinfo) || have_field_extractors();
|
|
|
|
|
epan_dissect_init(&callback_args.edt, cf->epan, proto_tree_needed, proto_tree_needed);
|
|
|
|
|
|
|
|
|
|
/* Iterate through the list of packets, printing the packets we were
|
|
|
|
|
told to print. */
|
|
|
|
|
ret = process_specified_records(cf, &print_args->range, "Printing",
|
2024-07-07 16:00:12 -04:00
|
|
|
"selected packets", true, print_packet,
|
2022-02-20 19:39:37 +00:00
|
|
|
&callback_args, show_progress_bar);
|
|
|
|
|
epan_dissect_cleanup(&callback_args.edt);
|
|
|
|
|
g_free(callback_args.header_line_buf);
|
|
|
|
|
g_free(callback_args.line_buf);
|
|
|
|
|
g_free(callback_args.col_widths);
|
|
|
|
|
g_free(callback_args.visible_cols);
|
|
|
|
|
|
|
|
|
|
switch (ret) {
|
|
|
|
|
|
|
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
2004-07-25 08:53:38 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* Well, the user decided to abort the printing.
|
2004-01-09 22:56:59 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
XXX - note that what got generated before they did that
|
|
|
|
|
will get printed if we're piping to a print program; we'd
|
|
|
|
|
have to write to a file and then hand that to the print
|
|
|
|
|
program to make it actually not print anything. */
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while printing.
|
|
|
|
|
|
|
|
|
|
XXX - note that what got generated before they did that
|
|
|
|
|
will get printed if we're piping to a print program; we'd
|
|
|
|
|
have to write to a file and then hand that to the print
|
|
|
|
|
program to make it actually not print anything. */
|
|
|
|
|
destroy_print_stream(print_args->stream);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
2012-07-15 14:56:40 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (!print_finale(print_args->stream)) {
|
|
|
|
|
destroy_print_stream(print_args->stream);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
2018-01-19 09:32:27 +01:00
|
|
|
}
|
2018-01-17 14:54:36 +01:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (!destroy_print_stream(print_args->stream))
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
2012-07-15 14:56:40 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_PRINT_OK;
|
1999-07-23 08:29:24 +00:00
|
|
|
}
|
|
|
|
|
|
2013-10-20 13:22:48 +00:00
|
|
|
typedef struct {
|
2022-02-20 19:39:37 +00:00
|
|
|
FILE *fh;
|
|
|
|
|
epan_dissect_t edt;
|
|
|
|
|
print_args_t *print_args;
|
|
|
|
|
json_dumper jdumper;
|
2013-10-20 13:22:48 +00:00
|
|
|
} write_packet_callback_args_t;
|
|
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2018-02-08 16:19:12 -08:00
|
|
|
write_pdml_packet(capture_file *cf, frame_data *fdata, wtap_rec *rec,
|
2024-12-29 14:04:53 -08:00
|
|
|
void *argsp)
|
2004-07-08 10:36:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t *args = (write_packet_callback_args_t *)argsp;
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Create the protocol tree, but don't fill in the column information. */
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&args->edt, cf->cd_t, rec, fdata, NULL);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Write out the information in that tree. */
|
2024-07-07 16:00:12 -04:00
|
|
|
write_pdml_proto_tree(NULL, &args->edt, &cf->cinfo, args->fh, false);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_reset(&args->edt);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return !ferror(args->fh);
|
2004-07-08 10:36:29 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-04 20:54:12 +00:00
|
|
|
cf_print_status_t
|
2005-02-04 18:44:44 +00:00
|
|
|
cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
|
2004-07-08 10:36:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t callback_args;
|
|
|
|
|
FILE *fh;
|
|
|
|
|
psp_return_t ret;
|
|
|
|
|
|
|
|
|
|
fh = ws_fopen(print_args->file, "w");
|
|
|
|
|
if (fh == NULL)
|
|
|
|
|
return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
|
|
|
|
|
|
|
|
|
|
write_pdml_preamble(fh, cf->filename);
|
|
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
callback_args.fh = fh;
|
|
|
|
|
callback_args.print_args = print_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&callback_args.edt, cf->epan, true, true);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of packets, printing the packets we were
|
|
|
|
|
told to print. */
|
|
|
|
|
ret = process_specified_records(cf, &print_args->range, "Writing PDML",
|
2024-07-07 16:00:12 -04:00
|
|
|
"selected packets", true,
|
|
|
|
|
write_pdml_packet, &callback_args, true);
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_cleanup(&callback_args.edt);
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
switch (ret) {
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* Well, the user decided to abort the printing. */
|
|
|
|
|
break;
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while printing. */
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
write_pdml_finale(fh);
|
|
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* XXX - check for an error */
|
2004-07-08 10:36:29 +00:00
|
|
|
fclose(fh);
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_PRINT_OK;
|
2004-07-08 10:36:29 +00:00
|
|
|
}
|
|
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2018-02-08 16:19:12 -08:00
|
|
|
write_psml_packet(capture_file *cf, frame_data *fdata, wtap_rec *rec,
|
2024-12-29 14:04:53 -08:00
|
|
|
void *argsp)
|
2004-07-08 10:36:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t *args = (write_packet_callback_args_t *)argsp;
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Fill in the column information */
|
|
|
|
|
col_custom_prime_edt(&args->edt, &cf->cinfo);
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&args->edt, cf->cd_t, rec, fdata, &cf->cinfo);
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_fill_in_columns(&args->edt, false, true);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Write out the column information. */
|
2024-07-07 16:00:12 -04:00
|
|
|
write_psml_columns(&args->edt, args->fh, false);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_reset(&args->edt);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return !ferror(args->fh);
|
2004-07-08 10:36:29 +00:00
|
|
|
}
|
|
|
|
|
|
2005-02-04 20:54:12 +00:00
|
|
|
cf_print_status_t
|
2005-02-04 18:44:44 +00:00
|
|
|
cf_write_psml_packets(capture_file *cf, print_args_t *print_args)
|
2004-07-08 10:36:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t callback_args;
|
|
|
|
|
FILE *fh;
|
|
|
|
|
psp_return_t ret;
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool proto_tree_needed;
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
fh = ws_fopen(print_args->file, "w");
|
|
|
|
|
if (fh == NULL)
|
|
|
|
|
return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
write_psml_preamble(&cf->cinfo, fh);
|
|
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
callback_args.fh = fh;
|
|
|
|
|
callback_args.print_args = print_args;
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Fill in the column information, only create the protocol tree
|
|
|
|
|
if having custom columns or field extractors. */
|
|
|
|
|
proto_tree_needed = have_custom_cols(&cf->cinfo) || have_field_extractors();
|
|
|
|
|
epan_dissect_init(&callback_args.edt, cf->epan, proto_tree_needed, proto_tree_needed);
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of packets, printing the packets we were
|
|
|
|
|
told to print. */
|
|
|
|
|
ret = process_specified_records(cf, &print_args->range, "Writing PSML",
|
2024-07-07 16:00:12 -04:00
|
|
|
"selected packets", true,
|
|
|
|
|
write_psml_packet, &callback_args, true);
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_cleanup(&callback_args.edt);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
switch (ret) {
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* Well, the user decided to abort the printing. */
|
|
|
|
|
break;
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while printing. */
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
write_psml_finale(fh);
|
|
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* XXX - check for an error */
|
|
|
|
|
fclose(fh);
|
2004-07-08 10:36:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_PRINT_OK;
|
2004-07-08 10:36:29 +00:00
|
|
|
}
|
|
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2018-02-08 16:19:12 -08:00
|
|
|
write_csv_packet(capture_file *cf, frame_data *fdata, wtap_rec *rec,
|
2024-12-29 14:04:53 -08:00
|
|
|
void *argsp)
|
2005-03-11 20:56:31 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t *args = (write_packet_callback_args_t *)argsp;
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
col_custom_prime_edt(&args->edt, &cf->cinfo);
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&args->edt, cf->cd_t, rec, fdata, &cf->cinfo);
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_fill_in_columns(&args->edt, false, true);
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Write out the column information. */
|
|
|
|
|
write_csv_columns(&args->edt, args->fh);
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_reset(&args->edt);
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return !ferror(args->fh);
|
2005-03-11 20:56:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf_print_status_t
|
|
|
|
|
cf_write_csv_packets(capture_file *cf, print_args_t *print_args)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t callback_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool proto_tree_needed;
|
2022-02-20 19:39:37 +00:00
|
|
|
FILE *fh;
|
|
|
|
|
psp_return_t ret;
|
|
|
|
|
|
|
|
|
|
fh = ws_fopen(print_args->file, "w");
|
|
|
|
|
if (fh == NULL)
|
|
|
|
|
return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
|
|
|
|
|
|
|
|
|
|
write_csv_column_titles(&cf->cinfo, fh);
|
|
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
callback_args.fh = fh;
|
|
|
|
|
callback_args.print_args = print_args;
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* only create the protocol tree if having custom columns or field extractors. */
|
|
|
|
|
proto_tree_needed = have_custom_cols(&cf->cinfo) || have_field_extractors();
|
|
|
|
|
epan_dissect_init(&callback_args.edt, cf->epan, proto_tree_needed, proto_tree_needed);
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of packets, printing the packets we were
|
|
|
|
|
told to print. */
|
|
|
|
|
ret = process_specified_records(cf, &print_args->range, "Writing CSV",
|
2024-07-07 16:00:12 -04:00
|
|
|
"selected packets", true,
|
|
|
|
|
write_csv_packet, &callback_args, true);
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_cleanup(&callback_args.edt);
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
switch (ret) {
|
2013-10-20 13:22:48 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* Well, the user decided to abort the printing. */
|
|
|
|
|
break;
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while printing. */
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2005-03-11 20:56:31 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* XXX - check for an error */
|
2005-03-11 20:56:31 +00:00
|
|
|
fclose(fh);
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_PRINT_OK;
|
2005-03-11 20:56:31 +00:00
|
|
|
}
|
|
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2018-02-08 16:19:12 -08:00
|
|
|
carrays_write_packet(capture_file *cf, frame_data *fdata, wtap_rec *rec,
|
2024-12-29 14:04:53 -08:00
|
|
|
void *argsp)
|
2008-03-11 18:23:16 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t *args = (write_packet_callback_args_t *)argsp;
|
2011-12-09 19:44:28 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&args->edt, cf->cd_t, rec, fdata, NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
write_carrays_hex_data(fdata->num, args->fh, &args->edt);
|
|
|
|
|
epan_dissect_reset(&args->edt);
|
2008-03-11 18:23:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return !ferror(args->fh);
|
2008-03-11 18:23:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf_print_status_t
|
|
|
|
|
cf_write_carrays_packets(capture_file *cf, print_args_t *print_args)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t callback_args;
|
|
|
|
|
FILE *fh;
|
|
|
|
|
psp_return_t ret;
|
2008-03-11 18:23:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
fh = ws_fopen(print_args->file, "w");
|
2008-03-11 18:23:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fh == NULL)
|
|
|
|
|
return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
|
2008-03-11 18:23:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
callback_args.fh = fh;
|
|
|
|
|
callback_args.print_args = print_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&callback_args.edt, cf->epan, true, true);
|
2008-03-11 18:23:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of packets, printing the packets we were
|
|
|
|
|
told to print. */
|
|
|
|
|
ret = process_specified_records(cf, &print_args->range,
|
|
|
|
|
"Writing C Arrays",
|
2024-07-07 16:00:12 -04:00
|
|
|
"selected packets", true,
|
|
|
|
|
carrays_write_packet, &callback_args, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
epan_dissect_cleanup(&callback_args.edt);
|
|
|
|
|
|
|
|
|
|
switch (ret) {
|
|
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
|
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* Well, the user decided to abort the printing. */
|
|
|
|
|
break;
|
|
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while printing. */
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_OK;
|
2008-03-11 18:23:16 +00:00
|
|
|
}
|
|
|
|
|
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2018-02-08 16:19:12 -08:00
|
|
|
write_json_packet(capture_file *cf, frame_data *fdata, wtap_rec *rec,
|
2024-12-29 14:04:53 -08:00
|
|
|
void *argsp)
|
2016-06-19 16:52:50 +02:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t *args = (write_packet_callback_args_t *)argsp;
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Create the protocol tree, but don't fill in the column information. */
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&args->edt, cf->cd_t, rec, fdata, NULL);
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Write out the information in that tree. */
|
|
|
|
|
write_json_proto_tree(NULL, args->print_args->print_dissections,
|
2023-06-14 00:49:14 -04:00
|
|
|
args->print_args->print_hex,
|
Qt: Enable JSON no duplicate keys options from the GUI
Enable access to the JSON "no-duplicate-keys" option available in
tshark in the GUI as well. Continue to default to it off, same as
in tshark.
As part of this, have the Export Dissections dialog packet format
group box be a stacked widget, allowing different per format
options. Note the current options are only valid for text (and
PostScript, but Export Dissections doesn't do that.) This could allow
support for CSV options, e.g. see #14260.
Have the different format group boxes be responsible for checking
validity and setting the print arguments, to reduce duplicate code
between Export Dissections and Print, and keep those widgets from
having to understand details of the group boxes.
Note that the current "no duplicate keys" format has limitations of
its own, because it doesn't preserve order in cases where there
are multiple siblings of the same field at the same tree level but
not consecutive (i.e., with other fields between them.) They will
be placed together. A different strategy, that involves even more
use of arrays, would be necessary to preserve order. (See also
issue #12958.)
Ping #13904, #19295, #19329
2025-03-01 20:27:46 -05:00
|
|
|
&args->edt, &cf->cinfo,
|
|
|
|
|
args->print_args->no_duplicate_keys ?
|
|
|
|
|
proto_node_group_children_by_json_key :
|
|
|
|
|
proto_node_group_children_by_unique,
|
2022-02-20 19:39:37 +00:00
|
|
|
&args->jdumper);
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_reset(&args->edt);
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return !ferror(args->fh);
|
2016-06-19 16:52:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf_print_status_t
|
|
|
|
|
cf_write_json_packets(capture_file *cf, print_args_t *print_args)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
write_packet_callback_args_t callback_args;
|
|
|
|
|
FILE *fh;
|
|
|
|
|
psp_return_t ret;
|
|
|
|
|
|
|
|
|
|
fh = ws_fopen(print_args->file, "w");
|
|
|
|
|
if (fh == NULL)
|
|
|
|
|
return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
|
|
|
|
|
|
|
|
|
|
callback_args.jdumper = write_json_preamble(fh);
|
|
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
callback_args.fh = fh;
|
|
|
|
|
callback_args.print_args = print_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&callback_args.edt, cf->epan, true, true);
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of packets, printing the packets we were
|
|
|
|
|
told to print. */
|
|
|
|
|
ret = process_specified_records(cf, &print_args->range, "Writing JSON",
|
2024-07-07 16:00:12 -04:00
|
|
|
"selected packets", true,
|
|
|
|
|
write_json_packet, &callback_args, true);
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_cleanup(&callback_args.edt);
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
switch (ret) {
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* Well, the user decided to abort the printing. */
|
|
|
|
|
break;
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while printing. */
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
write_json_finale(&callback_args.jdumper);
|
|
|
|
|
if (ferror(fh)) {
|
|
|
|
|
fclose(fh);
|
|
|
|
|
return CF_PRINT_WRITE_ERROR;
|
|
|
|
|
}
|
2016-06-19 16:52:50 +02:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* XXX - check for an error */
|
2016-06-19 16:52:50 +02:00
|
|
|
fclose(fh);
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_PRINT_OK;
|
2016-06-19 16:52:50 +02:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
cf_find_packet_protocol_tree(capture_file *cf, const char *string,
|
2023-09-27 07:54:51 -04:00
|
|
|
search_direction dir, bool multiple)
|
2003-08-11 22:41:10 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
match_data mdata;
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata.frame_matched = false;
|
|
|
|
|
mdata.halt = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
mdata.string = string;
|
|
|
|
|
mdata.string_len = strlen(string);
|
2023-09-26 07:45:34 -04:00
|
|
|
mdata.cf = cf;
|
|
|
|
|
mdata.prev_finfo = cf->finfo_selected;
|
2023-09-27 07:54:51 -04:00
|
|
|
if (multiple && cf->finfo_selected && cf->edt) {
|
2023-09-26 07:45:34 -04:00
|
|
|
if (dir == SD_FORWARD) {
|
|
|
|
|
proto_tree_children_foreach(cf->edt->tree, match_subtree_text, &mdata);
|
|
|
|
|
} else {
|
|
|
|
|
proto_tree_children_foreach(cf->edt->tree, match_subtree_text_reverse, &mdata);
|
|
|
|
|
}
|
|
|
|
|
if (mdata.frame_matched) {
|
|
|
|
|
packet_list_select_finfo(mdata.finfo);
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2023-09-26 07:45:34 -04:00
|
|
|
}
|
|
|
|
|
}
|
2024-11-03 17:21:03 -05:00
|
|
|
return find_packet(cf, match_protocol_tree, &mdata, dir, true);
|
2003-08-11 22:41:10 +00:00
|
|
|
}
|
|
|
|
|
|
2023-03-22 07:22:06 -04:00
|
|
|
field_info*
|
|
|
|
|
cf_find_string_protocol_tree(capture_file *cf, proto_tree *tree)
|
2011-01-31 12:19:15 +00:00
|
|
|
{
|
2023-03-22 07:22:06 -04:00
|
|
|
match_data mdata;
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata.frame_matched = false;
|
|
|
|
|
mdata.halt = false;
|
2023-03-22 07:22:06 -04:00
|
|
|
mdata.string = convert_string_case(cf->sfilter, cf->case_type);
|
|
|
|
|
mdata.string_len = strlen(mdata.string);
|
|
|
|
|
mdata.cf = cf;
|
2023-09-26 07:45:34 -04:00
|
|
|
mdata.prev_finfo = NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through all the nodes looking for matching text */
|
2023-09-26 07:45:34 -04:00
|
|
|
if (cf->dir == SD_FORWARD) {
|
|
|
|
|
proto_tree_children_foreach(tree, match_subtree_text, &mdata);
|
|
|
|
|
} else {
|
|
|
|
|
proto_tree_children_foreach(tree, match_subtree_text_reverse, &mdata);
|
|
|
|
|
}
|
2023-03-22 07:22:06 -04:00
|
|
|
g_free((char *)mdata.string);
|
|
|
|
|
return mdata.frame_matched ? mdata.finfo : NULL;
|
2011-01-31 12:19:15 +00:00
|
|
|
}
|
|
|
|
|
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_protocol_tree(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2003-08-11 22:41:10 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
match_data *mdata = (match_data *)criterion;
|
|
|
|
|
epan_dissect_t edt;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Construct the protocol tree, including the displayed text */
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&edt, cf->epan, true, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We don't need the column information */
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&edt, cf->cd_t, rec, fdata, NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Iterate through all the nodes, seeing if they have text that matches. */
|
|
|
|
|
mdata->cf = cf;
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->frame_matched = false;
|
|
|
|
|
mdata->halt = false;
|
2023-09-26 07:45:34 -04:00
|
|
|
mdata->prev_finfo = NULL;
|
|
|
|
|
/* We don't care about the direction here, because we're just looking
|
|
|
|
|
* for one match and we'll destroy this tree anyway. (We find the actual
|
|
|
|
|
* field later in PacketList::selectionChanged().) Forwards is faster.
|
|
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
proto_tree_children_foreach(edt.tree, match_subtree_text, mdata);
|
|
|
|
|
epan_dissect_cleanup(&edt);
|
|
|
|
|
return mdata->frame_matched ? MR_MATCHED : MR_NOTMATCHED;
|
2003-08-11 22:41:10 +00:00
|
|
|
}
|
|
|
|
|
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
static void
|
2024-07-07 16:00:12 -04:00
|
|
|
match_subtree_text(proto_node *node, void *data)
|
2003-08-11 22:41:10 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
match_data *mdata = (match_data *) data;
|
2024-07-07 16:00:12 -04:00
|
|
|
const char *string = mdata->string;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t string_len = mdata->string_len;
|
|
|
|
|
capture_file *cf = mdata->cf;
|
|
|
|
|
field_info *fi = PNODE_FINFO(node);
|
2024-07-07 16:00:12 -04:00
|
|
|
char label_str[ITEM_LABEL_LENGTH];
|
|
|
|
|
char *label_ptr;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t label_len;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i, i_restart;
|
|
|
|
|
uint8_t c_char;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* dissection with an invisible proto tree? */
|
|
|
|
|
ws_assert(fi);
|
|
|
|
|
|
|
|
|
|
if (mdata->frame_matched) {
|
|
|
|
|
/* We already had a match; don't bother doing any more work. */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Don't match invisible entries. */
|
|
|
|
|
if (proto_item_is_hidden(node))
|
|
|
|
|
return;
|
|
|
|
|
|
2023-09-26 07:45:34 -04:00
|
|
|
if (mdata->prev_finfo) {
|
|
|
|
|
/* Haven't found the old match, so don't match this node. */
|
|
|
|
|
if (fi == mdata->prev_finfo) {
|
|
|
|
|
/* Found the old match, look for the next one after this. */
|
|
|
|
|
mdata->prev_finfo = NULL;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* was a free format label produced? */
|
|
|
|
|
if (fi->rep) {
|
|
|
|
|
label_ptr = fi->rep->representation;
|
|
|
|
|
} else {
|
|
|
|
|
/* no, make a generic label */
|
|
|
|
|
label_ptr = label_str;
|
2024-09-11 14:26:14 +02:00
|
|
|
proto_item_fill_label(fi, label_str, NULL);
|
2023-09-26 07:45:34 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->regex) {
|
|
|
|
|
if (ws_regex_matches(cf->regex, label_ptr)) {
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->frame_matched = true;
|
2023-09-26 07:45:34 -04:00
|
|
|
mdata->finfo = fi;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
} else if (cf->case_type) {
|
|
|
|
|
/* Case insensitive match */
|
|
|
|
|
label_len = strlen(label_ptr);
|
|
|
|
|
i_restart = 0;
|
|
|
|
|
for (i = 0; i < label_len; i++) {
|
|
|
|
|
if (i_restart == 0 && c_match == 0 && (label_len - i < string_len))
|
|
|
|
|
break;
|
|
|
|
|
c_char = label_ptr[i];
|
|
|
|
|
c_char = g_ascii_toupper(c_char);
|
|
|
|
|
/* If c_match is non-zero, save candidate for retrying full match. */
|
|
|
|
|
if (c_match > 0 && i_restart == 0 && c_char == string[0])
|
|
|
|
|
i_restart = i;
|
|
|
|
|
if (c_char == string[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == string_len) {
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->frame_matched = true;
|
2023-09-26 07:45:34 -04:00
|
|
|
mdata->finfo = fi;
|
|
|
|
|
/* No need to look further; we have a match */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
} else if (i_restart) {
|
|
|
|
|
i = i_restart;
|
|
|
|
|
c_match = 1;
|
|
|
|
|
i_restart = 0;
|
|
|
|
|
} else
|
|
|
|
|
c_match = 0;
|
|
|
|
|
}
|
|
|
|
|
} else if (strstr(label_ptr, string) != NULL) {
|
|
|
|
|
/* Case sensitive match */
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->frame_matched = true;
|
2023-09-26 07:45:34 -04:00
|
|
|
mdata->finfo = fi;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Recurse into the subtree, if it exists */
|
|
|
|
|
if (node->first_child != NULL)
|
|
|
|
|
proto_tree_children_foreach(node, match_subtree_text, mdata);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2024-07-07 16:00:12 -04:00
|
|
|
match_subtree_text_reverse(proto_node *node, void *data)
|
2023-09-26 07:45:34 -04:00
|
|
|
{
|
|
|
|
|
match_data *mdata = (match_data *) data;
|
2024-07-07 16:00:12 -04:00
|
|
|
const char *string = mdata->string;
|
2023-09-26 07:45:34 -04:00
|
|
|
size_t string_len = mdata->string_len;
|
|
|
|
|
capture_file *cf = mdata->cf;
|
|
|
|
|
field_info *fi = PNODE_FINFO(node);
|
2024-07-07 16:00:12 -04:00
|
|
|
char label_str[ITEM_LABEL_LENGTH];
|
|
|
|
|
char *label_ptr;
|
2023-09-26 07:45:34 -04:00
|
|
|
size_t label_len;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i, i_restart;
|
|
|
|
|
uint8_t c_char;
|
2023-09-26 07:45:34 -04:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* dissection with an invisible proto tree? */
|
|
|
|
|
ws_assert(fi);
|
|
|
|
|
|
|
|
|
|
/* We don't have an easy way to search backwards in the tree
|
|
|
|
|
* (see also, proto_find_field_from_offset()) because we don't
|
|
|
|
|
* have a previous node pointer, so we search backwards by
|
|
|
|
|
* searching forwards, only stopping if we see the old match
|
|
|
|
|
* (if we have one).
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (mdata->halt) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Don't match invisible entries. */
|
|
|
|
|
if (proto_item_is_hidden(node))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (mdata->prev_finfo && fi == mdata->prev_finfo) {
|
|
|
|
|
/* Found the old match, use the previous match. */
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->halt = true;
|
2023-09-26 07:45:34 -04:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* was a free format label produced? */
|
|
|
|
|
if (fi->rep) {
|
|
|
|
|
label_ptr = fi->rep->representation;
|
|
|
|
|
} else {
|
|
|
|
|
/* no, make a generic label */
|
|
|
|
|
label_ptr = label_str;
|
2024-09-11 14:26:14 +02:00
|
|
|
proto_item_fill_label(fi, label_str, NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->regex) {
|
2022-07-27 07:12:27 +01:00
|
|
|
if (ws_regex_matches(cf->regex, label_ptr)) {
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->frame_matched = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
mdata->finfo = fi;
|
|
|
|
|
}
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
} else if (cf->case_type) {
|
|
|
|
|
/* Case insensitive match */
|
2022-02-20 19:39:37 +00:00
|
|
|
label_len = strlen(label_ptr);
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
i_restart = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
for (i = 0; i < label_len; i++) {
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
if (i_restart == 0 && c_match == 0 && (label_len - i < string_len))
|
|
|
|
|
break;
|
2022-02-20 19:39:37 +00:00
|
|
|
c_char = label_ptr[i];
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
c_char = g_ascii_toupper(c_char);
|
|
|
|
|
/* If c_match is non-zero, save candidate for retrying full match. */
|
|
|
|
|
if (c_match > 0 && i_restart == 0 && c_char == string[0])
|
|
|
|
|
i_restart = i;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (c_char == string[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == string_len) {
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->frame_matched = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
mdata->finfo = fi;
|
2023-09-26 07:45:34 -04:00
|
|
|
break;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
} else if (i_restart) {
|
|
|
|
|
i = i_restart;
|
|
|
|
|
c_match = 1;
|
|
|
|
|
i_restart = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
} else
|
|
|
|
|
c_match = 0;
|
2016-02-16 22:34:12 +01:00
|
|
|
}
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
} else if (strstr(label_ptr, string) != NULL) {
|
|
|
|
|
/* Case sensitive match */
|
2024-07-07 16:00:12 -04:00
|
|
|
mdata->frame_matched = true;
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
mdata->finfo = fi;
|
2016-02-16 22:34:12 +01:00
|
|
|
}
|
2006-04-27 18:46:05 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Recurse into the subtree, if it exists */
|
|
|
|
|
if (node->first_child != NULL)
|
2023-09-26 07:45:34 -04:00
|
|
|
proto_tree_children_foreach(node, match_subtree_text_reverse, mdata);
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
cf_find_packet_summary_line(capture_file *cf, const char *string,
|
2022-02-20 19:39:37 +00:00
|
|
|
search_direction dir)
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
match_data mdata;
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
mdata.string = string;
|
|
|
|
|
mdata.string_len = strlen(string);
|
2024-11-03 17:21:03 -05:00
|
|
|
return find_packet(cf, match_summary_line, &mdata, dir, true);
|
2003-08-11 22:41:10 +00:00
|
|
|
}
|
|
|
|
|
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_summary_line(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2003-08-11 22:41:10 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
match_data *mdata = (match_data *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const char *string = mdata->string;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t string_len = mdata->string_len;
|
|
|
|
|
epan_dissect_t edt;
|
|
|
|
|
const char *info_column;
|
|
|
|
|
size_t info_column_len;
|
|
|
|
|
match_result result = MR_NOTMATCHED;
|
2024-07-07 16:00:12 -04:00
|
|
|
int colx;
|
|
|
|
|
uint32_t i, i_restart;
|
|
|
|
|
uint8_t c_char;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Don't bother constructing the protocol tree */
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&edt, cf->epan, false, false);
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Get the column information */
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&edt, cf->cd_t, rec, fdata, &cf->cinfo);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Find the Info column */
|
|
|
|
|
for (colx = 0; colx < cf->cinfo.num_cols; colx++) {
|
|
|
|
|
if (cf->cinfo.columns[colx].fmt_matx[COL_INFO]) {
|
|
|
|
|
/* Found it. See if we match. */
|
2022-07-09 12:34:15 -04:00
|
|
|
info_column = get_column_text(edt.pi.cinfo, colx);
|
2022-02-20 19:39:37 +00:00
|
|
|
info_column_len = strlen(info_column);
|
|
|
|
|
if (cf->regex) {
|
2022-07-27 07:12:27 +01:00
|
|
|
if (ws_regex_matches(cf->regex, info_column)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
result = MR_MATCHED;
|
|
|
|
|
break;
|
|
|
|
|
}
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
} else if (cf->case_type) {
|
|
|
|
|
/* Case insensitive match */
|
|
|
|
|
i_restart = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
for (i = 0; i < info_column_len; i++) {
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
if (i_restart == 0 && c_match == 0 && (info_column_len - i < string_len))
|
|
|
|
|
break;
|
2022-02-20 19:39:37 +00:00
|
|
|
c_char = info_column[i];
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
c_char = g_ascii_toupper(c_char);
|
|
|
|
|
/* If c_match is non-zero, save candidate for retrying full match. */
|
|
|
|
|
if (c_match > 0 && i_restart == 0 && c_char == string[0])
|
|
|
|
|
i_restart = i;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (c_char == string[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == string_len) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
break;
|
|
|
|
|
}
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
} else if (i_restart) {
|
|
|
|
|
i = i_restart;
|
|
|
|
|
c_match = 1;
|
|
|
|
|
i_restart = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
} else
|
|
|
|
|
c_match = 0;
|
|
|
|
|
}
|
String search may fail when partial matches occur
When searching for string matches in packet list and details, save index of
next possible start location inside a partial match and rewind to that
position if the ongoing match is not successful.
While here, also terminate search when the search string is longer than
the remainder of the text string being matched against.
As suggested by John Thacker, use strstr() for case sensitive search.
Full bug description:
Currently, searching for strings in "Packet list" and "Packet detail" may fail
to find matches if a partial match is encountered. Examples of both are present
in nfsv4.1_pnfs.cap in the Wireshark sample trace collection.
Searching for "Win=29200 Len=0" in Packet list finds frame 1, based on:
880 → 2049 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM TSval=360391592 TSecr=0 WS=128
However, searching for jsut "0 Len=0" skips this frame when searching.
Similarly, searching for "netapp-26" in Packet detail will find many frames
(if TCP port 2049 is decoded as RPC) based on the RPC credentials:
Machine Name: netapp-26
Similarly, if searching for "p-26", no frames are found.
The problem is how match_summary_line() and match_subtree_text() will start a
comparison against the search string based on the first character and scan
ahead to check if each subsequent character also matches. However, if there is
no match, the search continues only after the partial match.
In practice, if "p-26" is against "Machine Name: netapp-26" will:
- Test against against characters, but find no match until the first 'p'.
- Find that the first 'p' matches the leading 'p' in the search string.
- Compare the second 'p' against '-' in the search string, which fails.
- Continue checking the second 'p' where neither '-', '2' nor '6' match the
leading 'p' in the search string.
The proposed fix will, when a partial match is in progress, store the first
location where a new match might occur. If the partial match is not
successful, the search is restarted at that stored position.
As far as I can tell, other match_xxx functions in file.c do not have
share this problem.
2023-03-12 20:40:24 +01:00
|
|
|
} else if (strstr(info_column, string) != NULL) {
|
|
|
|
|
/* Case sensitive match */
|
|
|
|
|
result = MR_MATCHED;
|
2016-02-16 22:34:12 +01:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
break;
|
2016-02-16 22:34:12 +01:00
|
|
|
}
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_cleanup(&edt);
|
|
|
|
|
return result;
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2003-08-11 22:41:10 +00:00
|
|
|
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
typedef struct {
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *data;
|
2012-08-12 22:21:02 +00:00
|
|
|
size_t data_len;
|
2022-02-08 09:04:55 -05:00
|
|
|
ws_mempbrk_pattern *pattern;
|
2009-09-21 15:50:15 +00:00
|
|
|
} cbs_t; /* "Counted byte string" */
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2012-12-15 01:04:39 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The current match_* routines only support ASCII case insensitivity and don't
|
2022-02-08 09:04:55 -05:00
|
|
|
* convert UTF-8 inputs to UTF-16 for matching. The UTF-16 support just
|
|
|
|
|
* interleaves with \0 bytes, which works for 7 bit ASCII.
|
2012-12-15 01:04:39 +00:00
|
|
|
*
|
|
|
|
|
* We could modify them to use the GLib Unicode routines or the International
|
|
|
|
|
* Components for Unicode library but it's not apparent that we could do so
|
|
|
|
|
* without consuming a lot more CPU and memory or that searching would be
|
|
|
|
|
* significantly better.
|
2022-02-08 09:04:55 -05:00
|
|
|
*
|
|
|
|
|
* XXX: We could test the search string to see if it's all ASCII, and if not
|
|
|
|
|
* use Unicode aware routines for case insensitive searches or any UTF-16
|
|
|
|
|
* search.
|
2012-12-15 01:04:39 +00:00
|
|
|
*/
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
|
|
|
|
cf_find_packet_data(capture_file *cf, const uint8_t *string, size_t string_size,
|
2023-10-01 11:37:21 -04:00
|
|
|
search_direction dir, bool multiple)
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cbs_t info;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint8_t needles[3];
|
2023-10-01 11:37:21 -04:00
|
|
|
ws_mempbrk_pattern pattern = {0};
|
|
|
|
|
ws_match_function match_function;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
info.data = string;
|
|
|
|
|
info.data_len = string_size;
|
|
|
|
|
|
|
|
|
|
/* Regex, String or hex search? */
|
|
|
|
|
if (cf->regex) {
|
|
|
|
|
/* Regular Expression search */
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_regex : match_regex_reverse;
|
2022-02-20 19:39:37 +00:00
|
|
|
} else if (cf->string) {
|
|
|
|
|
/* String search - what type of string? */
|
|
|
|
|
if (cf->case_type) {
|
|
|
|
|
needles[0] = string[0];
|
|
|
|
|
needles[1] = g_ascii_tolower(needles[0]);
|
|
|
|
|
needles[2] = '\0';
|
|
|
|
|
ws_mempbrk_compile(&pattern, needles);
|
|
|
|
|
info.pattern = &pattern;
|
|
|
|
|
switch (cf->scs_type) {
|
|
|
|
|
|
|
|
|
|
case SCS_NARROW_AND_WIDE:
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_narrow_and_wide_case : match_narrow_and_wide_case_reverse;
|
2023-10-01 11:37:21 -04:00
|
|
|
break;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
case SCS_NARROW:
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_narrow_case : match_narrow_case_reverse;
|
2023-10-01 11:37:21 -04:00
|
|
|
break;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
case SCS_WIDE:
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_wide_case : match_wide_case_reverse;
|
2023-10-01 11:37:21 -04:00
|
|
|
break;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
ws_assert_not_reached();
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
} else {
|
|
|
|
|
switch (cf->scs_type) {
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case SCS_NARROW_AND_WIDE:
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_narrow_and_wide : match_narrow_and_wide_reverse;
|
2023-10-01 11:37:21 -04:00
|
|
|
break;
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case SCS_NARROW:
|
2023-10-01 11:24:35 -04:00
|
|
|
/* Narrow, case-sensitive match is the same as looking
|
|
|
|
|
* for a converted hexstring. */
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_binary : match_binary_reverse;
|
2023-10-01 11:37:21 -04:00
|
|
|
break;
|
2003-08-11 22:41:10 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case SCS_WIDE:
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_wide : match_wide_reverse;
|
2023-10-01 11:37:21 -04:00
|
|
|
break;
|
2022-02-08 09:04:55 -05:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
default:
|
|
|
|
|
ws_assert_not_reached();
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
2023-10-01 11:37:21 -04:00
|
|
|
} else {
|
2024-11-03 17:21:03 -05:00
|
|
|
match_function = (dir == SD_FORWARD) ? match_binary : match_binary_reverse;
|
2023-10-01 11:37:21 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (multiple && cf->current_frame && (cf->search_pos || cf->search_len)) {
|
|
|
|
|
/* Use the current frame (this will perform the equivalent of
|
|
|
|
|
* cf_read_current_record() in match_function).
|
|
|
|
|
*/
|
2024-12-29 14:04:53 -08:00
|
|
|
if (match_function(cf, cf->current_frame, &cf->rec, &info)) {
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->search_in_progress = true;
|
2023-10-01 11:37:21 -04:00
|
|
|
if (cf->edt) {
|
|
|
|
|
field_info *fi = NULL;
|
|
|
|
|
/* The regex match can match an empty string. */
|
|
|
|
|
if (cf->search_len) {
|
|
|
|
|
fi = proto_find_field_from_offset(cf->edt->tree, cf->search_pos + cf->search_len - 1, cf->edt->tvb);
|
|
|
|
|
}
|
|
|
|
|
packet_list_select_finfo(fi);
|
|
|
|
|
} else {
|
|
|
|
|
packet_list_select_row_from_data(cf->current_frame);
|
|
|
|
|
}
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->search_in_progress = false;
|
|
|
|
|
return true;
|
2023-10-01 11:37:21 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
cf->search_pos = 0; /* Reset the position */
|
|
|
|
|
cf->search_len = 0; /* Reset length */
|
2024-11-03 17:21:03 -05:00
|
|
|
return find_packet(cf, match_function, &info, dir, true);
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2003-08-11 22:41:10 +00:00
|
|
|
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_narrow_and_wide(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2022-02-20 19:39:37 +00:00
|
|
|
buf_end = buf_start + buf_len;
|
2023-10-01 11:37:21 -04:00
|
|
|
pd = buf_start;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte past the previous match start */
|
|
|
|
|
pd += cf->search_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd < buf_end; pd++) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)memchr(pd, ascii_text[0], buf_end - pd);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
/* Try narrow match at this start location */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = pd[i];
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now try wide match at the same start location. */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = pd[i];
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
|
|
|
|
match_narrow_and_wide_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2023-10-01 11:37:21 -04:00
|
|
|
{
|
|
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
/* Has to be room to hold the sought data. */
|
|
|
|
|
if (textlen > fdata->cap_len) {
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2023-10-01 11:37:21 -04:00
|
|
|
buf_end = buf_start + buf_len;
|
|
|
|
|
pd = buf_end - textlen;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte before the previous match start */
|
|
|
|
|
pd = buf_start + cf->search_pos - 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd < buf_end; pd++) {
|
|
|
|
|
pd = (uint8_t *)ws_memrchr(buf_start, ascii_text[0], pd - buf_start + 1);
|
|
|
|
|
if (pd == NULL) break;
|
|
|
|
|
/* Try narrow match at this start location */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = pd[i];
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Now try wide match at the same start location. */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = pd[i];
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
|
|
|
|
|
done:
|
2022-02-20 19:39:37 +00:00
|
|
|
return result;
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Case insensitive match */
|
|
|
|
|
static match_result
|
|
|
|
|
match_narrow_and_wide_case(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2022-02-08 09:04:55 -05:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
ws_mempbrk_pattern *pattern = info->pattern;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ws_assert(pattern != NULL);
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2022-02-20 19:39:37 +00:00
|
|
|
buf_end = buf_start + buf_len;
|
2023-10-01 11:37:21 -04:00
|
|
|
pd = buf_start;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte past the previous match start */
|
|
|
|
|
pd += cf->search_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd < buf_end; pd++) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)ws_mempbrk_exec(pd, buf_end - pd, pattern, &c_char);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
/* Try narrow match at this start location */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Now try wide match at the same start location. */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
|
|
|
|
match_narrow_and_wide_case_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2023-10-01 11:37:21 -04:00
|
|
|
{
|
|
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
ws_mempbrk_pattern *pattern = info->pattern;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ws_assert(pattern != NULL);
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
/* Has to be room to hold the sought data. */
|
|
|
|
|
if (textlen > fdata->cap_len) {
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2023-10-01 11:37:21 -04:00
|
|
|
buf_end = buf_start + buf_len;
|
|
|
|
|
pd = buf_end - textlen;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte before the previous match start */
|
|
|
|
|
pd = buf_start + cf->search_pos - 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd >= buf_start; pd--) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)ws_memrpbrk_exec(buf_start, pd - buf_start + 1, pattern, &c_char);
|
2023-10-01 11:37:21 -04:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
/* Try narrow match at this start location */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now try wide match at the same start location. */
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
2012-01-13 21:09:33 +00:00
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
|
|
|
|
|
done:
|
2022-02-20 19:39:37 +00:00
|
|
|
return result;
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Case insensitive match */
|
|
|
|
|
static match_result
|
|
|
|
|
match_narrow_case(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2022-02-08 09:04:55 -05:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
ws_mempbrk_pattern *pattern = info->pattern;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ws_assert(pattern != NULL);
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2022-02-20 19:39:37 +00:00
|
|
|
buf_end = buf_start + buf_len;
|
2023-10-01 11:37:21 -04:00
|
|
|
pd = buf_start;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte past the previous match start */
|
|
|
|
|
pd += cf->search_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd < buf_end; pd++) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)ws_mempbrk_exec(pd, buf_end - pd, pattern, &c_char);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
2022-02-20 19:39:37 +00:00
|
|
|
result = MR_MATCHED;
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
|
|
|
|
match_narrow_case_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2023-10-01 11:37:21 -04:00
|
|
|
{
|
|
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
ws_mempbrk_pattern *pattern = info->pattern;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ws_assert(pattern != NULL);
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
/* Has to be room to hold the sought data. */
|
|
|
|
|
if (textlen > fdata->cap_len) {
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2023-10-01 11:37:21 -04:00
|
|
|
buf_end = buf_start + buf_len;
|
|
|
|
|
pd = buf_end - textlen;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte before the previous match start */
|
|
|
|
|
pd = buf_start + cf->search_pos - 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd >= buf_start; pd--) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)ws_memrpbrk_exec(buf_start, pd - buf_start + 1, pattern, &c_char);
|
2023-10-01 11:37:21 -04:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
2012-01-13 21:09:33 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-08 09:04:55 -05:00
|
|
|
done:
|
2022-02-20 19:39:37 +00:00
|
|
|
return result;
|
2003-08-11 22:41:10 +00:00
|
|
|
}
|
|
|
|
|
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_wide(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2003-07-22 23:08:48 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2022-02-20 19:39:37 +00:00
|
|
|
buf_end = buf_start + buf_len;
|
2023-10-01 11:37:21 -04:00
|
|
|
pd = buf_start;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte past the previous match start */
|
|
|
|
|
pd += cf->search_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd < buf_end; pd++) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)memchr(pd, ascii_text[0], buf_end - pd);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = pd[i];
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
|
|
|
|
match_wide_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2023-10-01 11:37:21 -04:00
|
|
|
{
|
|
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
/* Has to be room to hold the sought data. */
|
|
|
|
|
if (textlen > fdata->cap_len) {
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2023-10-01 11:37:21 -04:00
|
|
|
buf_end = buf_start + buf_len;
|
|
|
|
|
pd = buf_end - textlen;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte before the previous match start */
|
|
|
|
|
pd = buf_start + cf->search_pos - 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd < buf_end; pd++) {
|
|
|
|
|
pd = (uint8_t *)ws_memrchr(buf_start, ascii_text[0], pd - buf_start + 1);
|
|
|
|
|
if (pd == NULL) break;
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = pd[i];
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
2012-01-13 21:09:33 +00:00
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
|
|
|
|
|
done:
|
2022-02-20 19:39:37 +00:00
|
|
|
return result;
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Case insensitive match */
|
|
|
|
|
static match_result
|
|
|
|
|
match_wide_case(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2022-02-08 09:04:55 -05:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
ws_mempbrk_pattern *pattern = info->pattern;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2022-02-20 19:39:37 +00:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ws_assert(pattern != NULL);
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2022-02-20 19:39:37 +00:00
|
|
|
buf_end = buf_start + buf_len;
|
2023-10-01 11:37:21 -04:00
|
|
|
pd = buf_start;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte past the previous match start */
|
|
|
|
|
pd += cf->search_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd < buf_end; pd++) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)ws_mempbrk_exec(pd, buf_end - pd, pattern, &c_char);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Case insensitive match */
|
|
|
|
|
static match_result
|
|
|
|
|
match_wide_case_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2023-10-01 11:37:21 -04:00
|
|
|
{
|
|
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
2024-07-07 16:00:12 -04:00
|
|
|
const uint8_t *ascii_text = info->data;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t textlen = info->data_len;
|
|
|
|
|
ws_mempbrk_pattern *pattern = info->pattern;
|
|
|
|
|
match_result result;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t buf_len;
|
2025-01-08 12:22:50 -08:00
|
|
|
const uint8_t *pd, *buf_start, *buf_end;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t i;
|
|
|
|
|
uint8_t c_char;
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t c_match = 0;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ws_assert(pattern != NULL);
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
|
|
|
|
/* Has to be room to hold the sought data. */
|
|
|
|
|
if (textlen > fdata->cap_len) {
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
buf_len = fdata->cap_len;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2023-10-01 11:37:21 -04:00
|
|
|
buf_end = buf_start + buf_len;
|
|
|
|
|
pd = buf_end - textlen;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte before the previous match start */
|
|
|
|
|
pd = buf_start + cf->search_pos - 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd >= buf_start; pd--) {
|
2024-07-07 16:00:12 -04:00
|
|
|
pd = (uint8_t *)ws_memrpbrk_exec(buf_start, pd - buf_start + 1, pattern, &c_char);
|
2023-10-01 11:37:21 -04:00
|
|
|
if (pd == NULL) break;
|
|
|
|
|
c_match = 0;
|
|
|
|
|
for (i = 0; pd + i < buf_end; i++) {
|
|
|
|
|
c_char = g_ascii_toupper(pd[i]);
|
|
|
|
|
if (c_char == ascii_text[c_match]) {
|
|
|
|
|
c_match++;
|
|
|
|
|
if (c_match == textlen) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)(i + 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
if (pd + i >= buf_end || pd[i] != '\0') break;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
}
|
2012-01-13 21:09:33 +00:00
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
|
|
|
|
|
done:
|
2022-02-20 19:39:37 +00:00
|
|
|
return result;
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2003-08-05 00:01:27 +00:00
|
|
|
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_binary(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
|
|
|
|
size_t datalen = info->data_len;
|
|
|
|
|
match_result result;
|
2023-10-01 11:37:21 -04:00
|
|
|
const uint8_t *pd = NULL, *buf_start;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t offset = 0;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte past the previous match start */
|
|
|
|
|
offset = cf->search_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
if (offset < fdata->cap_len) {
|
|
|
|
|
pd = ws_memmem(buf_start + offset, fdata->cap_len - offset, info->data, datalen);
|
|
|
|
|
}
|
2023-10-01 17:48:02 -04:00
|
|
|
if (pd != NULL) {
|
|
|
|
|
result = MR_MATCHED;
|
2023-10-03 07:44:45 -04:00
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
2023-10-01 17:48:02 -04:00
|
|
|
cf->search_len = (uint32_t)datalen;
|
2012-01-13 21:09:33 +00:00
|
|
|
}
|
2022-02-08 09:04:55 -05:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return result;
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2003-07-22 23:08:48 +00:00
|
|
|
|
2023-10-01 11:37:21 -04:00
|
|
|
static match_result
|
|
|
|
|
match_binary_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion)
|
2023-10-01 11:37:21 -04:00
|
|
|
{
|
|
|
|
|
cbs_t *info = (cbs_t *)criterion;
|
|
|
|
|
size_t datalen = info->data_len;
|
|
|
|
|
match_result result;
|
|
|
|
|
const uint8_t *pd = NULL, *buf_start;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = MR_NOTMATCHED;
|
2024-12-29 14:04:53 -08:00
|
|
|
buf_start = ws_buffer_start_ptr(&rec->data);
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Has to be room to hold the sought data. */
|
|
|
|
|
if (datalen > fdata->cap_len) {
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
pd = buf_start + fdata->cap_len - datalen;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte before the previous match start */
|
|
|
|
|
pd = buf_start + cf->search_pos - 1;
|
|
|
|
|
}
|
|
|
|
|
for (; pd >= buf_start; pd--) {
|
|
|
|
|
pd = (uint8_t *)ws_memrchr(buf_start, info->data[0], pd - buf_start + 1);
|
|
|
|
|
if (pd == NULL) break;
|
|
|
|
|
if (memcmp(pd, info->data, datalen) == 0) {
|
|
|
|
|
result = MR_MATCHED;
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
|
|
|
|
cf->search_pos = (uint32_t)(pd - buf_start);
|
|
|
|
|
cf->search_len = (uint32_t)datalen;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-16 22:34:12 +01:00
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_regex(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion _U_)
|
2016-02-16 22:34:12 +01:00
|
|
|
{
|
|
|
|
|
match_result result = MR_NOTMATCHED;
|
2022-07-27 07:12:27 +01:00
|
|
|
size_t result_pos[2] = {0, 0};
|
2016-02-16 22:34:12 +01:00
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2016-02-16 22:34:12 +01:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-01 11:37:21 -04:00
|
|
|
size_t offset = 0;
|
|
|
|
|
if (cf->search_len || cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte past the previous match start */
|
|
|
|
|
offset = cf->search_pos + 1;
|
|
|
|
|
}
|
|
|
|
|
if (offset < fdata->cap_len) {
|
|
|
|
|
if (ws_regex_matches_pos(cf->regex,
|
2024-12-29 14:04:53 -08:00
|
|
|
(const char *)ws_buffer_start_ptr(&rec->data),
|
2023-10-01 11:37:21 -04:00
|
|
|
fdata->cap_len, offset,
|
|
|
|
|
result_pos)) {
|
|
|
|
|
//TODO: A chosen regex can match the empty string (zero length)
|
|
|
|
|
// which doesn't make a lot of sense for searching the packet bytes.
|
|
|
|
|
// Should we search with the PCRE2_NOTEMPTY option?
|
|
|
|
|
//TODO: Fix cast.
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->search_pos = (uint32_t)(result_pos[0]);
|
|
|
|
|
cf->search_len = (uint32_t)(result_pos[1] - result_pos[0]);
|
2023-10-01 11:37:21 -04:00
|
|
|
result = MR_MATCHED;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
|
|
|
|
match_regex_reverse(capture_file *cf, frame_data *fdata,
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec *rec, void *criterion _U_)
|
2023-10-01 11:37:21 -04:00
|
|
|
{
|
|
|
|
|
match_result result = MR_NOTMATCHED;
|
|
|
|
|
size_t result_pos[2] = {0, 0};
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2023-10-01 11:37:21 -04:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
size_t offset = fdata->cap_len - 1;
|
|
|
|
|
if (cf->search_pos) {
|
|
|
|
|
/* we want to start searching one byte before the previous match */
|
|
|
|
|
offset = cf->search_pos - 1;
|
|
|
|
|
}
|
|
|
|
|
for (; offset > 0; offset--) {
|
|
|
|
|
if (ws_regex_matches_pos(cf->regex,
|
2024-12-29 14:04:53 -08:00
|
|
|
(const char *)ws_buffer_start_ptr(&rec->data),
|
2023-10-01 11:37:21 -04:00
|
|
|
fdata->cap_len, offset,
|
|
|
|
|
result_pos)) {
|
|
|
|
|
//TODO: A chosen regex can match the empty string (zero length)
|
|
|
|
|
// which doesn't make a lot of sense for searching the packet bytes.
|
|
|
|
|
// Should we search with the PCRE2_NOTEMPTY option?
|
|
|
|
|
//TODO: Fix cast.
|
|
|
|
|
/* Save position and length for highlighting the field. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->search_pos = (uint32_t)(result_pos[0]);
|
|
|
|
|
cf->search_len = (uint32_t)(result_pos[1] - result_pos[0]);
|
2023-10-01 11:37:21 -04:00
|
|
|
result = MR_MATCHED;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-02-16 22:34:12 +01:00
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode,
|
2024-11-03 17:21:03 -05:00
|
|
|
search_direction dir, bool start_current)
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
{
|
2024-11-03 17:21:03 -05:00
|
|
|
return find_packet(cf, match_dfilter, sfcode, dir, start_current);
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
}
|
2003-07-22 23:08:48 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
cf_find_packet_dfilter_string(capture_file *cf, const char *filter,
|
2022-02-20 19:39:37 +00:00
|
|
|
search_direction dir)
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
dfilter_t *sfcode;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool result;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (!dfilter_compile(filter, &sfcode, NULL)) {
|
|
|
|
|
/*
|
|
|
|
|
* XXX - this shouldn't happen, as the filter string is machine
|
|
|
|
|
* generated
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
if (sfcode == NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* XXX - this shouldn't happen, as the filter string is machine
|
|
|
|
|
* generated.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2024-11-03 17:21:03 -05:00
|
|
|
result = find_packet(cf, match_dfilter, sfcode, dir, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
dfilter_free(sfcode);
|
|
|
|
|
return result;
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
2024-12-29 14:04:53 -08:00
|
|
|
match_dfilter(capture_file *cf, frame_data *fdata, wtap_rec *rec,
|
|
|
|
|
void *criterion)
|
Get rid of the EBCDIC stuff in the find dialog - it's not supported yet,
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
2003-08-29 04:03:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
dfilter_t *sfcode = (dfilter_t *)criterion;
|
|
|
|
|
epan_dissect_t edt;
|
|
|
|
|
match_result result;
|
|
|
|
|
|
|
|
|
|
/* Load the frame's data. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Attempt to get the packet failed. */
|
|
|
|
|
return MR_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
epan_dissect_init(&edt, cf->epan, true, false);
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_prime_with_dfilter(&edt, sfcode);
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(&edt, cf->cd_t, rec, fdata, NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
result = dfilter_apply_edt(sfcode, &edt) ? MR_MATCHED : MR_NOTMATCHED;
|
|
|
|
|
epan_dissect_cleanup(&edt);
|
|
|
|
|
return result;
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
cf_find_packet_marked(capture_file *cf, search_direction dir)
|
|
|
|
|
{
|
2024-11-03 17:21:03 -05:00
|
|
|
return find_packet(cf, match_marked, NULL, dir, true);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_marked(capture_file *cf _U_, frame_data *fdata, wtap_rec *rec _U_,
|
2024-12-29 14:04:53 -08:00
|
|
|
void *criterion _U_)
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
return fdata->marked ? MR_MATCHED : MR_NOTMATCHED;
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
cf_find_packet_time_reference(capture_file *cf, search_direction dir)
|
|
|
|
|
{
|
2024-11-03 17:21:03 -05:00
|
|
|
return find_packet(cf, match_time_reference, NULL, dir, true);
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static match_result
|
2019-04-10 18:27:21 -07:00
|
|
|
match_time_reference(capture_file *cf _U_, frame_data *fdata, wtap_rec *rec _U_,
|
2024-12-29 14:04:53 -08:00
|
|
|
void *criterion _U_)
|
Instead of using a Boolean for the search direction, use an enum, so
that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
2010-08-13 07:39:46 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
return fdata->ref_time ? MR_MATCHED : MR_NOTMATCHED;
|
2003-07-22 23:08:48 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
static bool
|
2019-04-10 18:27:21 -07:00
|
|
|
find_packet(capture_file *cf, ws_match_function match_function,
|
2024-11-03 17:21:03 -05:00
|
|
|
void *criterion, search_direction dir, bool start_current)
|
1999-11-06 06:28:07 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data *start_fd;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t framenum;
|
|
|
|
|
uint32_t prev_framenum;
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data *fdata;
|
|
|
|
|
wtap_rec rec;
|
|
|
|
|
frame_data *new_fd = NULL;
|
|
|
|
|
progdlg_t *progbar = NULL;
|
|
|
|
|
GTimer *prog_timer = g_timer_new();
|
|
|
|
|
int count;
|
2024-10-20 11:35:22 -04:00
|
|
|
bool wrap = prefs.gui_find_wrap;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool succeeded;
|
2022-02-20 19:39:37 +00:00
|
|
|
float progbar_val;
|
2024-07-07 16:00:12 -04:00
|
|
|
char status_str[100];
|
2022-02-20 19:39:37 +00:00
|
|
|
match_result result;
|
1999-11-06 06:28:07 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec_init(&rec, 1514);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-11-03 17:21:03 -05:00
|
|
|
start_fd = start_current ? cf->current_frame : NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (start_fd != NULL) {
|
|
|
|
|
prev_framenum = start_fd->num;
|
|
|
|
|
} else {
|
|
|
|
|
prev_framenum = 0; /* No start packet selected. */
|
2024-10-20 11:35:22 -04:00
|
|
|
wrap = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2002-07-30 10:13:16 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of packets, starting at the packet we've
|
|
|
|
|
picked, calling a routine to run the filter on the packet, see if
|
|
|
|
|
it matches, and stop if so. */
|
|
|
|
|
count = 0;
|
|
|
|
|
framenum = prev_framenum;
|
2024-10-20 11:35:22 -04:00
|
|
|
if (framenum == 0 && dir == SD_BACKWARD) {
|
|
|
|
|
/* If we have no start packet selected, and we're going backwards,
|
|
|
|
|
* start at the end (even if wrap is off.)
|
|
|
|
|
*/
|
|
|
|
|
framenum = cf->count + 1;
|
|
|
|
|
}
|
1999-11-06 06:28:07 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
/* Progress so far. */
|
|
|
|
|
progbar_val = 0.0f;
|
2000-07-03 08:36:52 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->stop_flag = false;
|
1999-11-06 06:28:07 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
for (;;) {
|
|
|
|
|
/* Create the progress bar if necessary.
|
|
|
|
|
We check on every iteration of the loop, so that it takes no
|
|
|
|
|
longer than the standard time to create it (otherwise, for a
|
|
|
|
|
large file, we might take considerably longer than that standard
|
|
|
|
|
time in order to get to the next progress bar step). */
|
|
|
|
|
if (progbar == NULL)
|
|
|
|
|
progbar = delayed_create_progress_dlg(cf->window, NULL, NULL,
|
2024-07-07 16:00:12 -04:00
|
|
|
false, &cf->stop_flag, progbar_val);
|
1999-11-06 06:28:07 +00:00
|
|
|
|
2018-05-23 20:15:32 +02:00
|
|
|
/*
|
2022-02-20 19:39:37 +00:00
|
|
|
* Update the progress bar, but do it only after PROGBAR_UPDATE_INTERVAL
|
|
|
|
|
* has elapsed. Calling update_progress_dlg and packets_bar_update will
|
|
|
|
|
* likely trigger UI paint events, which might take a while depending on
|
|
|
|
|
* the platform and display. Reset our timer *after* painting.
|
2018-05-23 20:15:32 +02:00
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
if (g_timer_elapsed(prog_timer, NULL) > PROGBAR_UPDATE_INTERVAL) {
|
|
|
|
|
/* let's not divide by zero. I should never be started
|
|
|
|
|
* with count == 0, so let's assert that
|
|
|
|
|
*/
|
|
|
|
|
ws_assert(cf->count > 0);
|
2000-01-08 23:49:33 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
progbar_val = (float) count / cf->count;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
snprintf(status_str, sizeof(status_str),
|
|
|
|
|
"%4u of %u packets", count, cf->count);
|
|
|
|
|
update_progress_dlg(progbar, progbar_val, status_str);
|
|
|
|
|
|
|
|
|
|
g_timer_start(prog_timer);
|
1999-11-06 06:28:07 +00:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (cf->stop_flag) {
|
|
|
|
|
/* Well, the user decided to abort the search. Go back to the
|
2024-11-03 17:21:03 -05:00
|
|
|
frame where we started.
|
|
|
|
|
XXX - This ends up selecting the start packet and reporting
|
|
|
|
|
"success". Perhaps new_fd should stay NULL? */
|
2022-02-20 19:39:37 +00:00
|
|
|
new_fd = start_fd;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Go past the current frame. */
|
|
|
|
|
if (dir == SD_BACKWARD) {
|
|
|
|
|
/* Go on to the previous frame. */
|
|
|
|
|
if (framenum <= 1) {
|
|
|
|
|
/*
|
|
|
|
|
* XXX - other apps have a bit more of a detailed message
|
|
|
|
|
* for this, and instead of offering "OK" and "Cancel",
|
|
|
|
|
* they offer things such as "Continue" and "Cancel";
|
|
|
|
|
* we need an API for popping up alert boxes with
|
|
|
|
|
* {Verb} and "Cancel".
|
|
|
|
|
*/
|
|
|
|
|
|
2024-10-20 11:35:22 -04:00
|
|
|
if (wrap) {
|
2022-02-20 19:39:37 +00:00
|
|
|
statusbar_push_temporary_msg("Search reached the beginning. Continuing at end.");
|
|
|
|
|
framenum = cf->count; /* wrap around */
|
2024-10-20 11:35:22 -04:00
|
|
|
wrap = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
} else {
|
|
|
|
|
statusbar_push_temporary_msg("Search reached the beginning.");
|
|
|
|
|
framenum = prev_framenum; /* stay on previous packet */
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
framenum--;
|
2018-05-23 20:15:32 +02:00
|
|
|
} else {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Go on to the next frame. */
|
|
|
|
|
if (framenum == cf->count) {
|
2024-10-20 11:35:22 -04:00
|
|
|
if (wrap) {
|
2022-02-20 19:39:37 +00:00
|
|
|
statusbar_push_temporary_msg("Search reached the end. Continuing at beginning.");
|
|
|
|
|
framenum = 1; /* wrap around */
|
2024-10-20 11:35:22 -04:00
|
|
|
wrap = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
} else {
|
|
|
|
|
statusbar_push_temporary_msg("Search reached the end.");
|
|
|
|
|
framenum = prev_framenum; /* stay on previous packet */
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
framenum++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, framenum);
|
|
|
|
|
count++;
|
|
|
|
|
|
|
|
|
|
/* Is this packet in the display? */
|
|
|
|
|
if (fdata && fdata->passed_dfilter) {
|
|
|
|
|
/* Yes. Does it match the search criterion? */
|
2024-12-29 14:04:53 -08:00
|
|
|
result = (*match_function)(cf, fdata, &rec, criterion);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (result == MR_ERROR) {
|
|
|
|
|
/* Error; our caller has reported the error. Go back to the frame
|
2024-11-03 17:21:03 -05:00
|
|
|
where we started.
|
|
|
|
|
XXX - This ends up selecting the start packet and reporting
|
|
|
|
|
"success." Perhaps new_fd should stay NULL? */
|
2022-02-20 19:39:37 +00:00
|
|
|
new_fd = start_fd;
|
|
|
|
|
break;
|
|
|
|
|
} else if (result == MR_MATCHED) {
|
|
|
|
|
/* Yes. Go to the new frame. */
|
|
|
|
|
new_fd = fdata;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
wtap_rec_reset(&rec);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (fdata == start_fd) {
|
|
|
|
|
/* We're back to the frame we were on originally, and that frame
|
|
|
|
|
doesn't match the search filter. The search failed. */
|
|
|
|
|
break;
|
2018-05-23 20:15:32 +02:00
|
|
|
}
|
|
|
|
|
}
|
2000-04-07 08:00:34 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We're done scanning the packets; destroy the progress bar if it
|
|
|
|
|
was created. */
|
|
|
|
|
if (progbar != NULL)
|
|
|
|
|
destroy_progress_dlg(progbar);
|
|
|
|
|
g_timer_destroy(prog_timer);
|
|
|
|
|
|
|
|
|
|
if (new_fd != NULL) {
|
|
|
|
|
/* We found a frame that's displayed and that matches.
|
|
|
|
|
Try to find and select the packet summary list row for that frame. */
|
2024-07-07 16:00:12 -04:00
|
|
|
bool found_row;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->search_in_progress = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
found_row = packet_list_select_row_from_data(new_fd);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->search_in_progress = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (!found_row) {
|
|
|
|
|
/* We didn't find a row corresponding to this frame.
|
|
|
|
|
This means that the frame isn't being displayed currently,
|
|
|
|
|
so we can't select it. */
|
2023-10-01 11:37:21 -04:00
|
|
|
cf->search_pos = 0; /* Reset the position */
|
|
|
|
|
cf->search_len = 0; /* Reset length */
|
2022-02-20 19:39:37 +00:00
|
|
|
simple_message_box(ESD_TYPE_INFO, NULL,
|
|
|
|
|
"The capture file is probably not fully dissected.",
|
|
|
|
|
"End of capture exceeded.");
|
2024-07-07 16:00:12 -04:00
|
|
|
succeeded = false; /* The search succeeded but we didn't find the row */
|
2022-02-20 19:39:37 +00:00
|
|
|
} else
|
2024-07-07 16:00:12 -04:00
|
|
|
succeeded = true; /* The search succeeded and we found the row */
|
2019-04-10 18:27:21 -07:00
|
|
|
} else
|
2024-07-07 16:00:12 -04:00
|
|
|
succeeded = false; /* The search failed */
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_rec_cleanup(&rec);
|
|
|
|
|
return succeeded;
|
1999-11-06 06:28:07 +00:00
|
|
|
}
|
1999-08-15 07:28:23 +00:00
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
|
|
|
|
cf_goto_frame(capture_file *cf, unsigned fnumber, bool exact)
|
1999-11-08 01:03:40 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data *fdata;
|
|
|
|
|
|
|
|
|
|
if (cf == NULL || cf->provider.frames == NULL) {
|
|
|
|
|
/* we don't have a loaded capture file - fix for bugs 11810 & 11989 */
|
|
|
|
|
statusbar_push_temporary_msg("There is no file loaded");
|
2024-07-07 16:00:12 -04:00
|
|
|
return false; /* we failed to go to that packet */
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, fnumber);
|
|
|
|
|
|
|
|
|
|
if (fdata == NULL) {
|
|
|
|
|
/* we didn't find a packet with that packet number */
|
|
|
|
|
statusbar_push_temporary_msg("There is no packet number %u.", fnumber);
|
2024-07-07 16:00:12 -04:00
|
|
|
return false; /* we failed to go to that packet */
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
if (!fdata->passed_dfilter) {
|
|
|
|
|
/* that packet currently isn't displayed */
|
|
|
|
|
/* XXX - add it to the set of displayed packets? */
|
2024-03-11 09:18:37 -04:00
|
|
|
if (cf->first_displayed == 0 || exact) {
|
|
|
|
|
/* We only want that exact frame, or no frames are displayed. */
|
|
|
|
|
statusbar_push_temporary_msg("Packet number %u isn't displayed.", fnumber);
|
2024-07-07 16:00:12 -04:00
|
|
|
return false; /* we failed to go to that packet */
|
2024-03-11 09:18:37 -04:00
|
|
|
}
|
|
|
|
|
if (fdata->prev_dis_num == 0) {
|
|
|
|
|
/* There is no previous displayed frame, so this frame is
|
|
|
|
|
* before the first displayed frame. Go to the first line,
|
|
|
|
|
* which is the closest frame.
|
|
|
|
|
*/
|
|
|
|
|
fdata = NULL; /* This will select the first row. */
|
|
|
|
|
statusbar_push_temporary_msg("Packet number %u isn't displayed, going to the first displayed packet, %u.", fnumber, cf->first_displayed);
|
|
|
|
|
} else {
|
|
|
|
|
uint32_t delta = fnumber - fdata->prev_dis_num;
|
|
|
|
|
/* The next displayed frame might be closer, we can do an
|
|
|
|
|
* O(log n) binary search for the earliest displayed frame
|
|
|
|
|
* in the open interval (fnumber, fnumber + delta).
|
|
|
|
|
*
|
|
|
|
|
* This is possibly overkill, we could just go to the previous
|
|
|
|
|
* displayed frame.
|
|
|
|
|
*/
|
|
|
|
|
frame_data *fdata2;
|
|
|
|
|
uint32_t lower_bound = fnumber + 1;
|
|
|
|
|
uint32_t upper_bound = fnumber + delta - 1;
|
|
|
|
|
bool found = false;
|
|
|
|
|
while (lower_bound <= upper_bound) {
|
|
|
|
|
uint32_t middle = (lower_bound + upper_bound) / 2;
|
|
|
|
|
fdata2 = frame_data_sequence_find(cf->provider.frames, middle);
|
|
|
|
|
if (fdata2 == NULL) {
|
|
|
|
|
/* We don't have a frame of that number, so search before it. */
|
|
|
|
|
upper_bound = middle - 1;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* We have a frame of that number. What's the displayed
|
|
|
|
|
* frame before it? */
|
|
|
|
|
if (fdata2->prev_dis_num > fnumber) {
|
|
|
|
|
/* The previous frame that passed the filter is also after
|
|
|
|
|
* our target, so our answer is no later than that.
|
|
|
|
|
*/
|
|
|
|
|
upper_bound = fdata2->prev_dis_num;
|
|
|
|
|
} else {
|
|
|
|
|
/* The previous displayed frame is before fnumber.
|
|
|
|
|
* (We already know fnumber itself is not displayed.)
|
|
|
|
|
* Is this frame itself displayed?
|
|
|
|
|
*/
|
|
|
|
|
if (fdata2->passed_dfilter) {
|
|
|
|
|
/* Yes. So this is our answer. */
|
|
|
|
|
found = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
/* No. So our answer, if any, is after this frame. */
|
|
|
|
|
lower_bound = middle + 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (found) {
|
|
|
|
|
fdata = fdata2;
|
|
|
|
|
statusbar_push_temporary_msg("Packet number %u isn't displayed, going to the next displayed packet, %u.", fnumber, fdata->num);
|
|
|
|
|
} else {
|
|
|
|
|
statusbar_push_temporary_msg("Packet number %u isn't displayed, going to the previous displayed packet, %u.", fnumber, fdata->prev_dis_num);
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, fdata->prev_dis_num);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!packet_list_select_row_from_data(fdata)) {
|
|
|
|
|
/* We didn't find a row corresponding to this frame.
|
|
|
|
|
This means that the frame isn't being displayed currently,
|
|
|
|
|
so we can't select it. */
|
|
|
|
|
simple_message_box(ESD_TYPE_INFO, NULL,
|
|
|
|
|
"The capture file is probably not fully dissected.",
|
|
|
|
|
"End of capture exceeded.");
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2024-07-07 16:00:12 -04:00
|
|
|
return true; /* we got to that packet */
|
2004-01-20 18:47:25 +00:00
|
|
|
}
|
|
|
|
|
|
2004-09-02 19:52:39 +00:00
|
|
|
/*
|
|
|
|
|
* Go to frame specified by currently selected protocol tree item.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2005-02-04 18:44:44 +00:00
|
|
|
cf_goto_framenum(capture_file *cf)
|
2004-09-02 19:52:39 +00:00
|
|
|
{
|
2024-02-03 20:18:33 -05:00
|
|
|
const header_field_info *hfinfo;
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t framenum;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (cf->finfo_selected) {
|
|
|
|
|
hfinfo = cf->finfo_selected->hfinfo;
|
|
|
|
|
ws_assert(hfinfo);
|
|
|
|
|
if (hfinfo->type == FT_FRAMENUM) {
|
2023-04-17 01:06:04 +01:00
|
|
|
framenum = fvalue_get_uinteger(cf->finfo_selected->value);
|
2024-03-11 09:18:37 -04:00
|
|
|
if (framenum != 0) {
|
|
|
|
|
/* We probably only want to go to the exact match,
|
|
|
|
|
* even though "Go to Previous Packet in History" exists.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
return cf_goto_frame(cf, framenum, true);
|
2024-03-11 09:18:37 -04:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2004-09-02 19:52:39 +00:00
|
|
|
}
|
|
|
|
|
|
1999-07-24 03:22:50 +00:00
|
|
|
/* Select the packet on a given row. */
|
|
|
|
|
void
|
2022-06-28 14:56:06 +02:00
|
|
|
cf_select_packet(capture_file *cf, frame_data *fdata)
|
1999-07-24 03:22:50 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_t *old_edt;
|
|
|
|
|
|
2022-06-28 14:56:06 +02:00
|
|
|
/* check the frame data struct pointer for this frame */
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fdata == NULL) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get the data in that frame. */
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fdata, &cf->rec)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Record that this frame is the current frame. */
|
|
|
|
|
cf->current_frame = fdata;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The change to defer freeing the current epan_dissect_t was in
|
|
|
|
|
* commit a2bb94c3b33d53f42534aceb7cc67aab1d1fb1f9; to quote
|
|
|
|
|
* that commit's comment:
|
|
|
|
|
*
|
|
|
|
|
* Clear GtkTreeStore before freeing edt
|
|
|
|
|
*
|
|
|
|
|
* When building current data for packet details treeview we store two
|
|
|
|
|
* things.
|
|
|
|
|
* - Generated string with item label
|
|
|
|
|
* - Pointer to node field_info structure
|
|
|
|
|
*
|
|
|
|
|
* After epan_dissect_{free, cleanup} pointer to field_info node is no
|
|
|
|
|
* longer valid so we should clear GtkTreeStore before freeing.
|
|
|
|
|
*
|
|
|
|
|
* XXX - we're no longer using GTK+; is there a way to ensure that
|
|
|
|
|
* *nothing* refers to any of the current frame information before
|
|
|
|
|
* we replace it?
|
|
|
|
|
*/
|
|
|
|
|
old_edt = cf->edt;
|
|
|
|
|
/* Create the logical protocol tree. */
|
|
|
|
|
/* We don't need the columns here. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->edt = epan_dissect_new(cf->epan, true, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
epan_dissect_run(cf->edt, cf->cd_t, &cf->rec, cf->current_frame, NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (old_edt != NULL)
|
|
|
|
|
epan_dissect_free(old_edt);
|
1999-07-24 03:22:50 +00:00
|
|
|
}
|
|
|
|
|
|
Have "close_cap_file()" disable all menu items that make sense only if
you have a capture.
Leave the job of enabling and disabling menu items that make sense only
if you have a capture (except for "File/Save" and "File/Save As...", for
now) up to "load_cap_file()", "close_cap_file()", and the like - don't
scatter that stuff throughout the code.
Disable "File/Print Packet" if no packet is selected; enable it only if
a packet is selected.
If there's a selected packet, and a display filter is run:
if the selected packet passed the filter, re-select it;
if the selected packet didn't pass the filter, un-select it.
If we've opened a live "pcap" capture, but can't do the capture because
we can't get the netmask info, or can't parse the capture filter string,
or can't install the filter, close the live capture and the dump and
delete the dump file.
If we failed to open a live "pcap" capture, don't try to read the
capture file - it doesn't exist.
svn path=/trunk/; revision=384
1999-07-24 02:42:52 +00:00
|
|
|
/* Unselect the selected packet, if any. */
|
|
|
|
|
void
|
2005-02-04 18:44:44 +00:00
|
|
|
cf_unselect_packet(capture_file *cf)
|
Have "close_cap_file()" disable all menu items that make sense only if
you have a capture.
Leave the job of enabling and disabling menu items that make sense only
if you have a capture (except for "File/Save" and "File/Save As...", for
now) up to "load_cap_file()", "close_cap_file()", and the like - don't
scatter that stuff throughout the code.
Disable "File/Print Packet" if no packet is selected; enable it only if
a packet is selected.
If there's a selected packet, and a display filter is run:
if the selected packet passed the filter, re-select it;
if the selected packet didn't pass the filter, un-select it.
If we've opened a live "pcap" capture, but can't do the capture because
we can't get the netmask info, or can't parse the capture filter string,
or can't install the filter, close the live capture and the dump and
delete the dump file.
If we failed to open a live "pcap" capture, don't try to read the
capture file - it doesn't exist.
svn path=/trunk/; revision=384
1999-07-24 02:42:52 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
epan_dissect_t *old_edt = cf->edt;
|
2012-06-10 22:03:17 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* See the comment in cf_select_packet() about deferring the freeing
|
|
|
|
|
* of the old cf->edt.
|
|
|
|
|
*/
|
|
|
|
|
cf->edt = NULL;
|
1999-07-24 03:22:50 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* No packet is selected. */
|
|
|
|
|
cf->current_frame = NULL;
|
2005-02-07 00:54:46 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Destroy the epan_dissect_t for the unselected packet. */
|
|
|
|
|
if (old_edt != NULL)
|
|
|
|
|
epan_dissect_free(old_edt);
|
Have "close_cap_file()" disable all menu items that make sense only if
you have a capture.
Leave the job of enabling and disabling menu items that make sense only
if you have a capture (except for "File/Save" and "File/Save As...", for
now) up to "load_cap_file()", "close_cap_file()", and the like - don't
scatter that stuff throughout the code.
Disable "File/Print Packet" if no packet is selected; enable it only if
a packet is selected.
If there's a selected packet, and a display filter is run:
if the selected packet passed the filter, re-select it;
if the selected packet didn't pass the filter, un-select it.
If we've opened a live "pcap" capture, but can't do the capture because
we can't get the netmask info, or can't parse the capture filter string,
or can't install the filter, close the live capture and the dump and
delete the dump file.
If we failed to open a live "pcap" capture, don't try to read the
capture file - it doesn't exist.
svn path=/trunk/; revision=384
1999-07-24 02:42:52 +00:00
|
|
|
}
|
|
|
|
|
|
2001-12-06 02:21:26 +00:00
|
|
|
/*
|
|
|
|
|
* Mark a particular frame.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2005-02-04 18:44:44 +00:00
|
|
|
cf_mark_frame(capture_file *cf, frame_data *frame)
|
2001-12-06 02:21:26 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
if (! frame->marked) {
|
2024-07-07 16:00:12 -04:00
|
|
|
frame->marked = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->count > cf->marked_count)
|
|
|
|
|
cf->marked_count++;
|
|
|
|
|
}
|
2001-12-06 02:21:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Unmark a particular frame.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2005-02-04 18:44:44 +00:00
|
|
|
cf_unmark_frame(capture_file *cf, frame_data *frame)
|
2001-12-06 02:21:26 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
if (frame->marked) {
|
2024-07-07 16:00:12 -04:00
|
|
|
frame->marked = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->marked_count > 0)
|
|
|
|
|
cf->marked_count--;
|
|
|
|
|
}
|
2001-12-06 02:21:26 +00:00
|
|
|
}
|
|
|
|
|
|
2009-12-17 01:18:14 +00:00
|
|
|
/*
|
|
|
|
|
* Ignore a particular frame.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
cf_ignore_frame(capture_file *cf, frame_data *frame)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
if (! frame->ignored) {
|
2024-07-07 16:00:12 -04:00
|
|
|
frame->ignored = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->count > cf->ignored_count)
|
|
|
|
|
cf->ignored_count++;
|
|
|
|
|
}
|
2009-12-17 01:18:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Un-ignore a particular frame.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
cf_unignore_frame(capture_file *cf, frame_data *frame)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
if (frame->ignored) {
|
2024-07-07 16:00:12 -04:00
|
|
|
frame->ignored = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->ignored_count > 0)
|
|
|
|
|
cf->ignored_count--;
|
|
|
|
|
}
|
2009-12-17 01:18:14 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-16 20:37:32 -07:00
|
|
|
/*
|
|
|
|
|
* Modify the section comment.
|
|
|
|
|
*/
|
2012-02-29 16:51:32 +00:00
|
|
|
void
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_update_section_comment(capture_file *cf, char *comment)
|
2012-02-29 16:51:32 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_block_t shb_inf;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *shb_comment;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* Get the first SHB. */
|
|
|
|
|
/* XXX - support multiple SHBs */
|
|
|
|
|
shb_inf = wtap_file_get_shb(cf->provider.wth, 0);
|
|
|
|
|
|
|
|
|
|
/* Get the first comment from the SHB. */
|
|
|
|
|
/* XXX - support multiple comments */
|
|
|
|
|
if (wtap_block_get_nth_string_option_value(shb_inf, OPT_COMMENT, 0, &shb_comment) != WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
|
/* There's no comment - add one. */
|
|
|
|
|
wtap_block_add_string_option(shb_inf, OPT_COMMENT, comment, strlen(comment));
|
|
|
|
|
} else {
|
|
|
|
|
/* See if the comment has changed or not */
|
|
|
|
|
if (strcmp(shb_comment, comment) == 0) {
|
|
|
|
|
g_free(comment);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* The comment has changed, let's update it */
|
|
|
|
|
wtap_block_set_nth_string_option_value(shb_inf, OPT_COMMENT, 0, comment, strlen(comment));
|
|
|
|
|
}
|
|
|
|
|
/* Mark the file as having unsaved changes */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = true;
|
2012-02-29 16:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
2023-10-15 18:17:18 -04:00
|
|
|
/*
|
|
|
|
|
* Modify the section comments for a given section.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
cf_update_section_comments(capture_file *cf, unsigned shb_idx, char **comments)
|
|
|
|
|
{
|
|
|
|
|
wtap_block_t shb_inf;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *shb_comment;
|
2023-10-15 18:17:18 -04:00
|
|
|
|
|
|
|
|
shb_inf = wtap_file_get_shb(cf->provider.wth, shb_idx);
|
|
|
|
|
if (shb_inf == NULL) {
|
|
|
|
|
/* Shouldn't happen. XXX: Report it if it does? */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unsigned n_comments = g_strv_length(comments);
|
|
|
|
|
unsigned i;
|
|
|
|
|
char* comment;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < n_comments; i++) {
|
|
|
|
|
comment = comments[i];
|
|
|
|
|
if (wtap_block_get_nth_string_option_value(shb_inf, OPT_COMMENT, i, &shb_comment) != WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
|
/* There's no comment - add one. */
|
|
|
|
|
wtap_block_add_string_option_owned(shb_inf, OPT_COMMENT, comment);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = true;
|
2023-10-15 18:17:18 -04:00
|
|
|
} else {
|
|
|
|
|
/* See if the comment has changed or not */
|
|
|
|
|
if (strcmp(shb_comment, comment) != 0) {
|
|
|
|
|
/* The comment has changed, let's update it */
|
|
|
|
|
wtap_block_set_nth_string_option_value(shb_inf, OPT_COMMENT, 0, comment, strlen(comment));
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = true;
|
2023-10-15 18:17:18 -04:00
|
|
|
}
|
|
|
|
|
g_free(comment);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* We either transferred ownership of the comments or freed them
|
|
|
|
|
* above, so free the array of strings but not the strings themselves. */
|
|
|
|
|
g_free(comments);
|
|
|
|
|
|
|
|
|
|
/* If there are extra old comments, remove them. Start at the end. */
|
|
|
|
|
for (i = wtap_block_count_option(shb_inf, OPT_COMMENT); i > n_comments; i--) {
|
|
|
|
|
wtap_block_remove_nth_option_instance(shb_inf, OPT_COMMENT, i - 1);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = true;
|
2023-10-15 18:17:18 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-16 20:49:01 -07:00
|
|
|
/*
|
2021-04-29 07:23:21 -04:00
|
|
|
* Get the packet block for a packet (record).
|
|
|
|
|
* If the block has been edited, it returns the result of the edit,
|
|
|
|
|
* otherwise it returns the block from the file.
|
|
|
|
|
* NB. Caller must wtap_block_unref() the result when done.
|
2017-07-16 20:49:01 -07:00
|
|
|
*/
|
2021-04-29 07:23:21 -04:00
|
|
|
wtap_block_t
|
|
|
|
|
cf_get_packet_block(capture_file *cf, const frame_data *fd)
|
2013-08-01 20:59:38 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
/* If this block has been modified, fetch the modified version */
|
|
|
|
|
if (fd->has_modified_block)
|
|
|
|
|
return wtap_block_ref(cap_file_provider_get_modified_block(&cf->provider, fd));
|
|
|
|
|
else {
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec rec; /* Record information */
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_block_t block;
|
|
|
|
|
|
|
|
|
|
/* fetch record block */
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec_init(&rec, 1514);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2024-12-29 14:04:53 -08:00
|
|
|
if (!cf_read_record(cf, fd, &rec))
|
2022-02-20 19:39:37 +00:00
|
|
|
{ /* XXX, what we can do here? */ }
|
|
|
|
|
|
|
|
|
|
/* rec.block is owned by the record, steal it before it is gone. */
|
|
|
|
|
block = wtap_block_ref(rec.block);
|
|
|
|
|
|
|
|
|
|
wtap_rec_cleanup(&rec);
|
|
|
|
|
return block;
|
|
|
|
|
}
|
2013-08-01 20:59:38 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-16 20:49:01 -07:00
|
|
|
/*
|
2021-04-29 07:23:21 -04:00
|
|
|
* Update(replace) the block on a capture from a frame
|
2017-07-16 20:49:01 -07:00
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2021-07-07 22:43:29 -07:00
|
|
|
cf_set_modified_block(capture_file *cf, frame_data *fd, const wtap_block_t new_block)
|
2013-08-01 20:59:38 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_block_t pkt_block = cf_get_packet_block(cf, fd);
|
|
|
|
|
|
|
|
|
|
/* It's possible to further modify the modified block "in place" by doing
|
|
|
|
|
* a call to cf_get_packet_block() that returns an already created modified
|
|
|
|
|
* block, modifying that, and calling this function.
|
|
|
|
|
* If the caller did that, then the block pointers will be equal.
|
2021-04-29 07:23:21 -04:00
|
|
|
*/
|
2022-02-20 19:39:37 +00:00
|
|
|
if (pkt_block == new_block) {
|
|
|
|
|
/* No need to save anything here, the caller changes went right
|
|
|
|
|
* onto the block.
|
Qt: Ensure that add frame comments trigger recoloring, count updates
Add functions to PacketListRecord to invalidate a single record's
colorization and column strings, used for a record is modified in a
way that needs to trigger redrawing, but we don't need to redraw
all packets.
Move the functionality for adding, deleting, and setting frame comments
into PacketListModel, operating on QModelIndexes (or on all physical
rows in the case of deleting all comments from a file.) Trigger
recolorization of any record with an updated comment.
Only set a block as modified when deleting comments if we actually
deleted comments. This avoids marking a file as modified if we
delete all comments from all frames, or all comments from selected
frames, when those comments do not actually have frames.
If cf_set_modified_block is used to modify a block that is already
modified, it can't update the comment count. In that case, return
false and have the callers update the comment count. (It already
has a return value, which is always true.) This avoids having the
GUI warning about saving into a format that doesn't support comments
when comments have been added and then removed.
Note that, unlike with time references and time shifts, there
are no fields (and hence no columns nor color filters) that depend
on whether other fields have comments. If for some reason some
were added, then the model data for all frames would have to be
updated instead. Since there aren't, we don't need to
redrawVisiblePackets, but we do need to drawCurrentPacket to ensure
the packet details are redissected.
Fix #12519
2023-02-09 07:21:55 -05:00
|
|
|
* Unfortunately we don't have a way to know how many comments were
|
|
|
|
|
* in the block before the caller modified it, so tell the caller
|
|
|
|
|
* it is its responsibility to update the comment count.
|
2022-02-20 19:39:37 +00:00
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if (pkt_block)
|
|
|
|
|
cf->packet_comment_count -= wtap_block_count_option(pkt_block, OPT_COMMENT);
|
2013-08-01 20:59:38 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (new_block)
|
|
|
|
|
cf->packet_comment_count += wtap_block_count_option(new_block, OPT_COMMENT);
|
2013-08-01 20:59:38 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
cap_file_provider_set_modified_block(&cf->provider, fd, new_block);
|
2012-06-20 01:11:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
expert_update_comment_count(cf->packet_comment_count);
|
|
|
|
|
}
|
2013-06-20 22:25:33 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Either way, we have unsaved changes. */
|
|
|
|
|
wtap_block_unref(pkt_block);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = true;
|
|
|
|
|
return true;
|
2012-06-20 01:11:01 +00:00
|
|
|
}
|
|
|
|
|
|
2012-06-20 04:44:14 +00:00
|
|
|
/*
|
2013-04-01 20:36:42 +00:00
|
|
|
* What types of comments does this capture file have?
|
2012-06-20 04:44:14 +00:00
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t
|
2013-04-01 20:36:42 +00:00
|
|
|
cf_comment_types(capture_file *cf)
|
2012-06-20 04:44:14 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
uint32_t comment_types = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Does this file have any sections with at least one comment?
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
for (unsigned section_number = 0;
|
2022-02-20 19:39:37 +00:00
|
|
|
section_number < wtap_file_get_num_shbs(cf->provider.wth);
|
|
|
|
|
section_number++) {
|
|
|
|
|
wtap_block_t shb_inf;
|
|
|
|
|
char *shb_comment;
|
|
|
|
|
|
|
|
|
|
shb_inf = wtap_file_get_shb(cf->provider.wth, section_number);
|
|
|
|
|
|
|
|
|
|
/* Try to get the first comment from that SHB. */
|
|
|
|
|
if (wtap_block_get_nth_string_option_value(shb_inf, OPT_COMMENT, 0,
|
|
|
|
|
&shb_comment) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
|
/* We succeeded, so this file has at least one section comment. */
|
|
|
|
|
comment_types |= WTAP_COMMENT_PER_SECTION;
|
|
|
|
|
|
|
|
|
|
/* We don't need to search any more. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (cf->packet_comment_count != 0)
|
|
|
|
|
comment_types |= WTAP_COMMENT_PER_PACKET;
|
|
|
|
|
return comment_types;
|
2012-06-20 04:44:14 +00:00
|
|
|
}
|
|
|
|
|
|
2016-07-18 16:04:22 -07:00
|
|
|
/*
|
|
|
|
|
* Add a resolved address to this file's list of resolved addresses.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2016-07-18 16:04:22 -07:00
|
|
|
cf_add_ip_name_from_string(capture_file *cf, const char *addr, const char *name)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* XXX - support multiple resolved address lists, and add to the one
|
|
|
|
|
* attached to this file?
|
|
|
|
|
*/
|
|
|
|
|
if (!add_ip_name_from_string(addr, name))
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2016-07-18 16:04:22 -07:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* OK, we have unsaved changes. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = true;
|
|
|
|
|
return true;
|
2016-07-18 16:04:22 -07:00
|
|
|
}
|
|
|
|
|
|
2004-01-09 22:56:59 +00:00
|
|
|
typedef struct {
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_dumper *pdh;
|
|
|
|
|
const char *fname;
|
|
|
|
|
int file_type;
|
2024-07-07 16:00:12 -04:00
|
|
|
bool export;
|
2004-01-09 22:56:59 +00:00
|
|
|
} save_callback_args_t;
|
|
|
|
|
|
2002-05-23 07:46:58 +00:00
|
|
|
/*
|
|
|
|
|
* Save a capture to a file, in a particular format, saving either
|
|
|
|
|
* all packets, all currently-displayed packets, or all marked packets.
|
|
|
|
|
*
|
2024-07-07 16:00:12 -04:00
|
|
|
* Returns true if it succeeds, false otherwise; if it fails, it pops
|
2002-05-23 07:46:58 +00:00
|
|
|
* up a message box for the failure.
|
|
|
|
|
*/
|
2024-05-06 10:41:20 -07:00
|
|
|
static bool
|
2024-12-29 14:04:53 -08:00
|
|
|
save_record(capture_file *cf, frame_data *fdata, wtap_rec *rec, void *argsp)
|
2004-01-09 22:56:59 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
save_callback_args_t *args = (save_callback_args_t *)argsp;
|
|
|
|
|
wtap_rec new_rec;
|
|
|
|
|
int err;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_block_t pkt_block;
|
|
|
|
|
|
|
|
|
|
/* Copy the record information from what was read in from the file. */
|
|
|
|
|
new_rec = *rec;
|
|
|
|
|
|
|
|
|
|
/* Make changes based on anything that the user has done but that
|
|
|
|
|
hasn't been saved yet. */
|
|
|
|
|
if (fdata->has_modified_block)
|
|
|
|
|
pkt_block = cap_file_provider_get_modified_block(&cf->provider, fdata);
|
|
|
|
|
else
|
|
|
|
|
pkt_block = rec->block;
|
|
|
|
|
new_rec.block = pkt_block;
|
2024-07-07 16:00:12 -04:00
|
|
|
new_rec.block_was_modified = fdata->has_modified_block ? true : false;
|
2023-05-27 22:11:54 -04:00
|
|
|
|
|
|
|
|
if (!nstime_is_zero(&fdata->shift_offset)) {
|
|
|
|
|
if (new_rec.presence_flags & WTAP_HAS_TS) {
|
|
|
|
|
nstime_add(&new_rec.ts, &fdata->shift_offset);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* and save the packet */
|
2025-01-07 02:08:37 -08:00
|
|
|
if (!wtap_dump(args->pdh, &new_rec, &err, &err_info)) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_write_failure(NULL, args->fname, err, err_info, fdata->num,
|
2022-02-20 19:39:37 +00:00
|
|
|
args->file_type);
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2013-08-01 20:59:38 +00:00
|
|
|
|
2023-05-27 22:11:54 -04:00
|
|
|
/* If we are saving (i.e., replacing the current file with the one we're
|
|
|
|
|
* writing), then update the frame data to clear the shift offset.
|
|
|
|
|
* This keeps us from having to re-read the entire file.
|
|
|
|
|
* We could do this in rescan_file(), but
|
|
|
|
|
* 1) Ideally we shouldn't have to call rescan_file if all we're doing
|
|
|
|
|
* is changing the timestamps, since that shouldn't change the offsets.
|
|
|
|
|
* 2) The long term goal is to try to do the offset adjustment here
|
|
|
|
|
* instead of using rescan_file, which should be faster (#1257).
|
|
|
|
|
*
|
|
|
|
|
* If we're exporting to a different file, then don't do that.
|
|
|
|
|
*/
|
|
|
|
|
if (!args->export && new_rec.presence_flags & WTAP_HAS_TS) {
|
|
|
|
|
nstime_set_zero(&fdata->shift_offset);
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2004-01-09 22:56:59 +00:00
|
|
|
}
|
|
|
|
|
|
2007-03-14 19:30:19 +00:00
|
|
|
/*
|
2012-06-25 18:37:52 +00:00
|
|
|
* Can this capture file be written out in any format using Wiretap
|
|
|
|
|
* rather than by copying the raw data?
|
2007-03-14 19:30:19 +00:00
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2012-06-25 18:37:52 +00:00
|
|
|
cf_can_write_with_wiretap(capture_file *cf)
|
2007-03-14 19:30:19 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We don't care whether we support the comments in this file or not;
|
|
|
|
|
if we can't, we'll offer the user the option of discarding the
|
|
|
|
|
comments. */
|
|
|
|
|
return wtap_dump_can_write(cf->linktypes, 0);
|
2007-03-14 19:30:19 +00:00
|
|
|
}
|
|
|
|
|
|
2013-04-01 23:44:29 +00:00
|
|
|
/*
|
|
|
|
|
* Should we let the user do a save?
|
|
|
|
|
*
|
|
|
|
|
* We should if:
|
|
|
|
|
*
|
|
|
|
|
* the file has unsaved changes, and we can save it in some
|
|
|
|
|
* format through Wiretap
|
|
|
|
|
*
|
|
|
|
|
* or
|
|
|
|
|
*
|
|
|
|
|
* the file is a temporary file and has no unsaved changes (so
|
|
|
|
|
* that "saving" it just means copying it).
|
|
|
|
|
*
|
|
|
|
|
* XXX - we shouldn't allow files to be edited if they can't be saved,
|
|
|
|
|
* so cf->unsaved_changes should be true only if the file can be saved.
|
|
|
|
|
*
|
|
|
|
|
* We don't care whether we support the comments in this file or not;
|
|
|
|
|
* if we can't, we'll offer the user the option of discarding the
|
|
|
|
|
* comments.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2013-04-01 23:44:29 +00:00
|
|
|
cf_can_save(capture_file *cf)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->unsaved_changes && wtap_dump_can_write(cf->linktypes, 0)) {
|
|
|
|
|
/* Saved changes, and we can write it out with Wiretap. */
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2013-04-01 23:44:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->is_tempfile && !cf->unsaved_changes) {
|
|
|
|
|
/*
|
|
|
|
|
* Temporary file with no unsaved changes, so we can just do a
|
|
|
|
|
* raw binary copy.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2013-04-01 23:44:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Nothing to save. */
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2013-04-01 23:44:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Should we let the user do a "save as"?
|
|
|
|
|
*
|
|
|
|
|
* That's true if:
|
|
|
|
|
*
|
|
|
|
|
* we can save it in some format through Wiretap
|
|
|
|
|
*
|
|
|
|
|
* or
|
|
|
|
|
*
|
|
|
|
|
* the file is a temporary file and has no unsaved changes (so
|
|
|
|
|
* that "saving" it just means copying it).
|
|
|
|
|
*
|
|
|
|
|
* XXX - we shouldn't allow files to be edited if they can't be saved,
|
|
|
|
|
* so cf->unsaved_changes should be true only if the file can be saved.
|
|
|
|
|
*
|
|
|
|
|
* We don't care whether we support the comments in this file or not;
|
|
|
|
|
* if we can't, we'll offer the user the option of discarding the
|
|
|
|
|
* comments.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2013-04-01 23:44:29 +00:00
|
|
|
cf_can_save_as(capture_file *cf)
|
|
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
if (wtap_dump_can_write(cf->linktypes, 0)) {
|
|
|
|
|
/* We can write it out with Wiretap. */
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2013-04-01 23:44:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->is_tempfile && !cf->unsaved_changes) {
|
|
|
|
|
/*
|
|
|
|
|
* Temporary file with no unsaved changes, so we can just do a
|
|
|
|
|
* raw binary copy.
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
return true;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
2013-04-01 23:44:29 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Nothing to save. */
|
2024-07-07 16:00:12 -04:00
|
|
|
return false;
|
2013-04-01 23:44:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Does this file have unsaved data?
|
|
|
|
|
*/
|
2024-07-07 16:00:12 -04:00
|
|
|
bool
|
2013-04-02 20:35:46 +00:00
|
|
|
cf_has_unsaved_data(capture_file *cf)
|
2013-04-01 23:44:29 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* If this is a temporary file, or a file with unsaved changes, it
|
|
|
|
|
* has unsaved data.
|
|
|
|
|
*/
|
|
|
|
|
return (cf->is_tempfile && cf->count>0) || cf->unsaved_changes;
|
2013-04-01 23:44:29 +00:00
|
|
|
}
|
|
|
|
|
|
If we do a Save or Save As with a move, don't reread the capture file,
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
2012-06-05 06:52:18 +00:00
|
|
|
/*
|
|
|
|
|
* Quick scan to find packet offsets.
|
|
|
|
|
*/
|
|
|
|
|
static cf_read_status_t
|
2024-07-07 16:00:12 -04:00
|
|
|
rescan_file(capture_file *cf, const char *fname, bool is_tempfile)
|
If we do a Save or Save As with a move, don't reread the capture file,
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
2012-06-05 06:52:18 +00:00
|
|
|
{
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_rec rec;
|
|
|
|
|
int err;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
|
|
|
|
char *name_ptr;
|
|
|
|
|
int64_t data_offset;
|
2022-02-20 19:39:37 +00:00
|
|
|
progdlg_t *progbar = NULL;
|
|
|
|
|
GTimer *prog_timer = g_timer_new();
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t size;
|
2022-02-20 19:39:37 +00:00
|
|
|
float progbar_val;
|
2024-07-07 16:00:12 -04:00
|
|
|
int64_t start_time;
|
|
|
|
|
char status_str[100];
|
|
|
|
|
uint32_t framenum;
|
2022-02-20 19:39:37 +00:00
|
|
|
frame_data *fdata;
|
|
|
|
|
|
|
|
|
|
/* Close the old handle. */
|
|
|
|
|
wtap_close(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
/* Open the new file. */
|
|
|
|
|
/* XXX: this will go through all open_routines for a matching one. But right
|
|
|
|
|
now rescan_file() is only used when a file is being saved to a different
|
|
|
|
|
format than the original, and the user is not given a choice of which
|
|
|
|
|
reader to use (only which format to save it in), so doing this makes
|
2023-05-27 22:11:54 -04:00
|
|
|
sense for now. (XXX: Now it is also used when saving a changed file,
|
|
|
|
|
e.g. comments or time-shifted frames.) */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->provider.wth = wtap_open_offline(fname, WTAP_TYPE_AUTO, &err, &err_info, true);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->provider.wth == NULL) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_open_failure(fname, err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We're scanning a file whose contents should be the same as what
|
|
|
|
|
we had before, so we don't discard dissection state etc.. */
|
|
|
|
|
cf->f_datalen = 0;
|
|
|
|
|
|
|
|
|
|
/* Set the file name because we need it to set the follow stream filter.
|
|
|
|
|
XXX - is that still true? We need it for other reasons, though,
|
|
|
|
|
in any case. */
|
2023-09-06 07:16:37 -04:00
|
|
|
if (cf->filename != NULL) {
|
|
|
|
|
g_free(cf->filename);
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->filename = g_strdup(fname);
|
|
|
|
|
|
|
|
|
|
/* Indicate whether it's a permanent or temporary file. */
|
|
|
|
|
cf->is_tempfile = is_tempfile;
|
|
|
|
|
|
|
|
|
|
/* No user changes yet. */
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
2025-01-10 11:38:03 -05:00
|
|
|
/* Record the file's type and compression type. */
|
2022-02-20 19:39:37 +00:00
|
|
|
cf->cd_t = wtap_file_type_subtype(cf->provider.wth);
|
2025-01-10 11:38:03 -05:00
|
|
|
cf->compression_type = wtap_get_compression_type(cf->provider.wth);
|
2023-09-06 07:16:37 -04:00
|
|
|
if (cf->linktypes != NULL) {
|
|
|
|
|
g_array_free(cf->linktypes, TRUE);
|
|
|
|
|
}
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->linktypes = g_array_sized_new(FALSE, FALSE, (unsigned) sizeof(int), 1);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
cf->snap = wtap_snapshot_length(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
name_ptr = g_filename_display_basename(cf->filename);
|
|
|
|
|
|
|
|
|
|
cf_callback_invoke(cf_cb_file_rescan_started, cf);
|
|
|
|
|
|
|
|
|
|
/* Find the size of the file. */
|
|
|
|
|
size = wtap_file_size(cf->provider.wth, NULL);
|
|
|
|
|
|
|
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->stop_flag = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
start_time = g_get_monotonic_time();
|
|
|
|
|
|
|
|
|
|
framenum = 0;
|
2024-12-29 14:04:53 -08:00
|
|
|
wtap_rec_init(&rec, 1514);
|
|
|
|
|
while ((wtap_read(cf->provider.wth, &rec, &err, &err_info,
|
|
|
|
|
&data_offset))) {
|
2022-02-20 19:39:37 +00:00
|
|
|
framenum++;
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, framenum);
|
2022-07-05 16:59:19 +00:00
|
|
|
if (G_LIKELY(fdata != NULL)) {
|
|
|
|
|
fdata->file_off = data_offset;
|
|
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
if (size >= 0) {
|
|
|
|
|
cf->f_datalen = wtap_read_so_far(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
/* Create the progress bar if necessary. */
|
|
|
|
|
if (progress_is_slow(progbar, prog_timer, size, cf->f_datalen)) {
|
|
|
|
|
progbar_val = calc_progbar_val(cf, size, cf->f_datalen, status_str, sizeof(status_str));
|
|
|
|
|
progbar = delayed_create_progress_dlg(cf->window, NULL, NULL,
|
2024-07-07 16:00:12 -04:00
|
|
|
true, &cf->stop_flag, progbar_val);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Update the progress bar, but do it only after PROGBAR_UPDATE_INTERVAL
|
|
|
|
|
* has elapsed. Calling update_progress_dlg and packets_bar_update will
|
|
|
|
|
* likely trigger UI paint events, which might take a while depending on
|
|
|
|
|
* the platform and display. Reset our timer *after* painting.
|
|
|
|
|
*/
|
|
|
|
|
if (progbar && g_timer_elapsed(prog_timer, NULL) > PROGBAR_UPDATE_INTERVAL) {
|
|
|
|
|
progbar_val = calc_progbar_val(cf, size, cf->f_datalen, status_str, sizeof(status_str));
|
|
|
|
|
/* update the packet bar content on the first run or frequently on very large files */
|
|
|
|
|
update_progress_dlg(progbar, progbar_val, status_str);
|
|
|
|
|
compute_elapsed(cf, start_time);
|
|
|
|
|
packets_bar_update();
|
|
|
|
|
g_timer_start(prog_timer);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->stop_flag) {
|
|
|
|
|
/* Well, the user decided to abort the rescan. Sadly, as this
|
|
|
|
|
isn't a reread, recovering is difficult, so we'll just
|
|
|
|
|
close the current capture. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Add this packet's link-layer encapsulation type to cf->linktypes, if
|
|
|
|
|
it's not already there.
|
|
|
|
|
XXX - yes, this is O(N), so if every packet had a different
|
|
|
|
|
link-layer encapsulation type, it'd be O(N^2) to read the file, but
|
|
|
|
|
there are probably going to be a small number of encapsulation types
|
|
|
|
|
in a file. */
|
|
|
|
|
if (rec.rec_type == REC_TYPE_PACKET) {
|
|
|
|
|
cf_add_encapsulation_type(cf, rec.rec_header.packet_header.pkt_encap);
|
|
|
|
|
}
|
2023-09-06 07:16:37 -04:00
|
|
|
wtap_rec_reset(&rec);
|
If we do a Save or Save As with a move, don't reread the capture file,
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
2012-06-05 06:52:18 +00:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_rec_cleanup(&rec);
|
|
|
|
|
|
|
|
|
|
/* Free the display name */
|
|
|
|
|
g_free(name_ptr);
|
|
|
|
|
|
|
|
|
|
/* We're done reading the file; destroy the progress bar if it was created. */
|
|
|
|
|
if (progbar != NULL)
|
|
|
|
|
destroy_progress_dlg(progbar);
|
|
|
|
|
g_timer_destroy(prog_timer);
|
|
|
|
|
|
|
|
|
|
/* We're done reading sequentially through the file. */
|
|
|
|
|
cf->state = FILE_READ_DONE;
|
|
|
|
|
|
|
|
|
|
/* Close the sequential I/O side, to free up memory it requires. */
|
|
|
|
|
wtap_sequential_close(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
/* compute the time it took to load the file */
|
|
|
|
|
compute_elapsed(cf, start_time);
|
|
|
|
|
|
|
|
|
|
/* Set the file encapsulation type now; we don't know what it is until
|
|
|
|
|
we've looked at all the packets, as we don't know until then whether
|
|
|
|
|
there's more than one type (and thus whether it's
|
|
|
|
|
WTAP_ENCAP_PER_PACKET). */
|
|
|
|
|
cf->lnk_t = wtap_file_encap(cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
cf_callback_invoke(cf_cb_file_rescan_finished, cf);
|
If we do a Save or Save As with a move, don't reread the capture file,
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
2012-06-05 06:52:18 +00:00
|
|
|
|
2015-06-19 16:56:44 -07:00
|
|
|
if (cf->stop_flag) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Our caller will give up at this point. */
|
|
|
|
|
return CF_READ_ABORTED;
|
If we do a Save or Save As with a move, don't reread the capture file,
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
2012-06-05 06:52:18 +00:00
|
|
|
}
|
2012-06-15 23:54:05 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (err != 0) {
|
|
|
|
|
/* Put up a message box noting that the read failed somewhere along
|
|
|
|
|
the line. Don't throw out the stuff we managed to read, though,
|
|
|
|
|
if any. */
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_read_failure(NULL, err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_READ_ERROR;
|
|
|
|
|
} else
|
|
|
|
|
return CF_READ_OK;
|
If we do a Save or Save As with a move, don't reread the capture file,
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
2012-06-05 06:52:18 +00:00
|
|
|
}
|
|
|
|
|
|
Distinguish between "failed" and "user stopped it" for "save as" and
"export specified packets". For "failed", let the user try again with a
different file, in case it failed due to, for example, running out of
space or quota (probably the most likely failure mode for writing, and
trying to a different volume might be the best workaround). For "user
stopped it", presumably they don't want to try again (the most likely
reason is "it was taking too damn long").
Put "Exporting to: ...", not "Saving: ..." in the statusbar if we're
doing "export specified packets".
In process_specified_packets(), allow a null range pointer to be
specified, meaning "save 'em all"; that avoids the possibly-expensive
(with a large capture) operation of initializing the range.
If a "safe save" atop an existing file fails or is stopped, get rid of
the temporary file we created.
svn path=/trunk/; revision=43095
2012-06-05 02:46:54 +00:00
|
|
|
cf_write_status_t
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_save_records(capture_file *cf, const char *fname, unsigned save_format,
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_compression_type compression_type,
|
2024-07-07 16:00:12 -04:00
|
|
|
bool discard_comments, bool dont_reopen)
|
Improve the alert boxes put up for file open/read/write errors. (Some
influence came from
http://developer.apple.com/techpubs/mac/HIGuidelines/HIGuidelines-232.html
which has a section on dialog box and alert box messages. However,
we're largely dealing with technoids, not with The Rest Of Us, so I
didn't go as far as one perhaps should.)
Unfortunately, it looks like it's a bit more work to arrange that, if
you give a bad file name to the "-r" flag, the dialog box pop up only
*after* the main window pops up - it has the annoying habit of popping
up *before* the main window pops up, and sometimes getting *obscured* by
it, when I do that. The removal of the dialog box stuff from
"load_cap_file()" was intended to facilitate that work. (It might also
be nice if, when an open from the "File/Open" menu item fails, we keep
the file selection box open, and give the user a chance to correct
typos, choose another file name, etc.)
svn path=/trunk/; revision=310
1999-06-12 09:10:20 +00:00
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info = "Unknown error";
|
|
|
|
|
char *fname_new = NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_dumper *pdh;
|
|
|
|
|
frame_data *fdata;
|
|
|
|
|
addrinfo_lists_t *addr_lists;
|
2024-07-07 16:00:12 -04:00
|
|
|
unsigned framenum;
|
2022-02-20 19:39:37 +00:00
|
|
|
int err;
|
|
|
|
|
enum {
|
|
|
|
|
SAVE_WITH_MOVE,
|
|
|
|
|
SAVE_WITH_COPY,
|
|
|
|
|
SAVE_WITH_WTAP
|
|
|
|
|
} how_to_save;
|
|
|
|
|
save_callback_args_t callback_args;
|
2024-07-07 16:00:12 -04:00
|
|
|
callback_args.export = false;
|
Convert Wiretap to C99
This one is complicated because a gboolean is an int, but a bool
is not, in the way that a pointer to a bool (including in the
return of a function pointer) cannot be substituted for a pointer
to a gboolean. (They can convert a bool used internally to a gboolean
on return.)
Continue for that reason to have some functions return gboolean
when used with glib callback functions:
https://docs.gtk.org/glib/callback.HRFunc.html
Another small gotcha is that macros like UINT64_C are not necessarily
guaranteed to wrap the return in parentheses, which G_GUINT64_CONSTANT
and the like do.
In wtap.h, the file subtype "dump_open" function was typedef'd
as returning an int, but almost all users (except in wslua) returned
a gboolean. Switch it to a bool.
Make a note about why can_write_encap does not return a bool,
because it returns error codes on failure (for Lua) instead of
having the err as a separate parameter.
Update the usbdump wiretap plugin too.
A few places outside of wiretap use wiretap function pointers, such
as in the Lua interface, adding IP addresses to NRBs, merging, and
the frame dissector using wiretap functions. Switch those to bool.
Ping #19116
2024-03-20 15:26:00 -04:00
|
|
|
bool needs_reload = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
/* XXX caller should avoid saving the file while a read is pending
|
|
|
|
|
* (e.g. by delaying the save action) */
|
|
|
|
|
if (cf->read_lock) {
|
|
|
|
|
ws_warning("cf_save_records(\"%s\") while the file is being read, potential crash ahead", fname);
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
cf_callback_invoke(cf_cb_file_save_started, (void *)fname);
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
addr_lists = get_addrinfo_list();
|
|
|
|
|
|
|
|
|
|
if (save_format == cf->cd_t && compression_type == cf->compression_type
|
|
|
|
|
&& !discard_comments && !cf->unsaved_changes
|
|
|
|
|
&& (wtap_addrinfo_list_empty(addr_lists) || wtap_file_type_subtype_supports_block(save_format, WTAP_BLOCK_NAME_RESOLUTION) == BLOCK_NOT_SUPPORTED)) {
|
|
|
|
|
/* We're saving in the format it's already in, and we're not discarding
|
|
|
|
|
comments, and there are no changes we have in memory that aren't saved
|
|
|
|
|
to the file, and we have no name resolution information to write or
|
|
|
|
|
the file format we're saving in doesn't support writing name
|
|
|
|
|
resolution information, so we can just move or copy the raw data. */
|
|
|
|
|
|
|
|
|
|
if (cf->is_tempfile) {
|
|
|
|
|
/* The file being saved is a temporary file from a live
|
|
|
|
|
capture, so it doesn't need to stay around under that name;
|
|
|
|
|
first, try renaming the capture buffer file to the new name.
|
|
|
|
|
This acts as a "safe save", in that, if the file already
|
|
|
|
|
exists, the existing file will be removed only if the rename
|
|
|
|
|
succeeds.
|
|
|
|
|
|
|
|
|
|
Sadly, on Windows, as we have the current capture file
|
|
|
|
|
open, even MoveFileEx() with MOVEFILE_REPLACE_EXISTING
|
|
|
|
|
(to cause the rename to remove an existing target), as
|
|
|
|
|
done by ws_stdio_rename() (ws_rename() is #defined to
|
|
|
|
|
be ws_stdio_rename() on Windows) will fail.
|
|
|
|
|
|
|
|
|
|
According to the MSDN documentation for CreateFile(), if,
|
|
|
|
|
when we open a capture file, we were to directly do a CreateFile(),
|
|
|
|
|
opening with FILE_SHARE_DELETE|FILE_SHARE_READ, and then
|
|
|
|
|
convert it to a file descriptor with _open_osfhandle(),
|
|
|
|
|
that would allow the file to be renamed out from under us.
|
|
|
|
|
|
|
|
|
|
However, that doesn't work in practice. Perhaps the problem
|
|
|
|
|
is that the process doing the rename is the process that
|
|
|
|
|
has the file open. */
|
2012-05-26 00:44:49 +00:00
|
|
|
#ifndef _WIN32
|
2022-02-20 19:39:37 +00:00
|
|
|
if (ws_rename(cf->filename, fname) == 0) {
|
|
|
|
|
/* That succeeded - there's no need to copy the source file. */
|
|
|
|
|
how_to_save = SAVE_WITH_MOVE;
|
|
|
|
|
} else {
|
|
|
|
|
if (errno == EXDEV) {
|
|
|
|
|
/* They're on different file systems, so we have to copy the
|
|
|
|
|
file. */
|
|
|
|
|
how_to_save = SAVE_WITH_COPY;
|
|
|
|
|
} else {
|
|
|
|
|
/* The rename failed, but not because they're on different
|
|
|
|
|
file systems - put up an error message. (Or should we
|
|
|
|
|
just punt and try to copy? The only reason why I'd
|
|
|
|
|
expect the rename to fail and the copy to succeed would
|
|
|
|
|
be if we didn't have permission to remove the file from
|
|
|
|
|
the temporary directory, and that might be fixable - but
|
|
|
|
|
is it worth requiring the user to go off and fix it?) */
|
2024-10-05 14:46:33 -07:00
|
|
|
report_rename_failure(cf->filename, fname, errno);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-05-26 00:44:49 +00:00
|
|
|
#else
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Windows - copy the file to its new location. */
|
|
|
|
|
how_to_save = SAVE_WITH_COPY;
|
2012-05-26 00:44:49 +00:00
|
|
|
#endif
|
2022-02-20 19:39:37 +00:00
|
|
|
} else {
|
|
|
|
|
/* It's a permanent file, so we should copy it, and not remove the
|
|
|
|
|
original. */
|
|
|
|
|
how_to_save = SAVE_WITH_COPY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (how_to_save == SAVE_WITH_COPY) {
|
|
|
|
|
/* Copy the file, if we haven't moved it. If we're overwriting
|
|
|
|
|
an existing file, we do it with a "safe save", by writing
|
|
|
|
|
to a new file and, if the write succeeds, renaming the
|
|
|
|
|
new file on top of the old file. */
|
|
|
|
|
if (file_exists(fname)) {
|
|
|
|
|
fname_new = ws_strdup_printf("%s~", fname);
|
|
|
|
|
if (!copy_file_binary_mode(cf->filename, fname_new))
|
|
|
|
|
goto fail;
|
|
|
|
|
} else {
|
|
|
|
|
if (!copy_file_binary_mode(cf->filename, fname))
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
}
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
} else {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Either we're saving in a different format or we're saving changes,
|
|
|
|
|
such as added, modified, or removed comments, that haven't yet
|
|
|
|
|
been written to the underlying file; we can't do that by copying
|
|
|
|
|
or moving the capture file, we have to do it by writing the packets
|
|
|
|
|
out in Wiretap. */
|
|
|
|
|
|
|
|
|
|
wtap_dump_params params;
|
|
|
|
|
int encap;
|
|
|
|
|
|
2023-09-06 07:16:37 -04:00
|
|
|
how_to_save = SAVE_WITH_WTAP;
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_dump_params_init(¶ms, cf->provider.wth);
|
|
|
|
|
|
|
|
|
|
/* Determine what file encapsulation type we should use. */
|
2023-03-17 18:22:59 -07:00
|
|
|
encap = wtap_dump_required_file_encap_type(cf->linktypes);
|
2022-02-20 19:39:37 +00:00
|
|
|
params.encap = encap;
|
|
|
|
|
|
|
|
|
|
/* Use the snaplen from cf (XXX - does wtap_dump_params_init handle that?) */
|
|
|
|
|
params.snaplen = cf->snap;
|
|
|
|
|
|
|
|
|
|
if (file_exists(fname)) {
|
|
|
|
|
/* We're overwriting an existing file; write out to a new file,
|
|
|
|
|
and, if that succeeds, rename the new file on top of the
|
|
|
|
|
old file. That makes this a "safe save", so that we don't
|
|
|
|
|
lose the old file if we have a problem writing out the new
|
|
|
|
|
file. (If the existing file is the current capture file,
|
|
|
|
|
we *HAVE* to do that, otherwise we're overwriting the file
|
|
|
|
|
from which we're reading the packets that we're writing!) */
|
|
|
|
|
fname_new = ws_strdup_printf("%s~", fname);
|
|
|
|
|
pdh = wtap_dump_open(fname_new, save_format, compression_type, ¶ms,
|
|
|
|
|
&err, &err_info);
|
|
|
|
|
} else {
|
|
|
|
|
pdh = wtap_dump_open(fname, save_format, compression_type, ¶ms,
|
|
|
|
|
&err, &err_info);
|
|
|
|
|
}
|
|
|
|
|
/* XXX idb_inf is documented to be used until wtap_dump_close. */
|
|
|
|
|
g_free(params.idb_inf);
|
|
|
|
|
params.idb_inf = NULL;
|
|
|
|
|
|
|
|
|
|
if (pdh == NULL) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_dump_open_failure(fname, err, err_info, save_format);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Add address resolution */
|
|
|
|
|
wtap_dump_set_addrinfo_list(pdh, addr_lists);
|
|
|
|
|
|
|
|
|
|
/* Iterate through the list of packets, processing all the packets. */
|
|
|
|
|
callback_args.pdh = pdh;
|
|
|
|
|
callback_args.fname = fname;
|
|
|
|
|
callback_args.file_type = save_format;
|
|
|
|
|
switch (process_specified_records(cf, NULL, "Saving", "packets",
|
2024-07-07 16:00:12 -04:00
|
|
|
true, save_record, &callback_args, true)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* The user decided to abort the saving.
|
|
|
|
|
If we're writing to a temporary file, remove it.
|
|
|
|
|
XXX - should we do so even if we're not writing to a
|
|
|
|
|
temporary file? */
|
2022-03-14 12:11:24 -07:00
|
|
|
wtap_dump_close(pdh, NULL, &err, &err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fname_new != NULL)
|
|
|
|
|
ws_unlink(fname_new);
|
|
|
|
|
cf_callback_invoke(cf_cb_file_save_stopped, NULL);
|
2023-09-06 07:16:37 -04:00
|
|
|
wtap_dump_params_cleanup(¶ms);
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_WRITE_ABORTED;
|
|
|
|
|
|
|
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while saving.
|
|
|
|
|
If we're writing to a temporary file, remove it. */
|
|
|
|
|
if (fname_new != NULL)
|
|
|
|
|
ws_unlink(fname_new);
|
2022-03-14 12:11:24 -07:00
|
|
|
wtap_dump_close(pdh, NULL, &err, &err_info);
|
2023-09-06 07:16:37 -04:00
|
|
|
wtap_dump_params_cleanup(¶ms);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-14 12:11:24 -07:00
|
|
|
if (!wtap_dump_close(pdh, &needs_reload, &err, &err_info)) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_close_failure(fname, err, err_info);
|
2023-09-06 07:16:37 -04:00
|
|
|
wtap_dump_params_cleanup(¶ms);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-06 07:16:37 -04:00
|
|
|
wtap_dump_params_cleanup(¶ms);
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
}
|
2002-04-22 19:10:33 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fname_new != NULL) {
|
|
|
|
|
/* We wrote out to fname_new, and should rename it on top of
|
|
|
|
|
fname. fname_new is now closed, so that should be possible even
|
|
|
|
|
on Windows. However, on Windows, we first need to close whatever
|
|
|
|
|
file descriptors we have open for fname. */
|
|
|
|
|
#ifdef _WIN32
|
|
|
|
|
wtap_fdclose(cf->provider.wth);
|
|
|
|
|
#endif
|
|
|
|
|
/* Now do the rename. */
|
|
|
|
|
if (ws_rename(fname_new, fname) == -1) {
|
|
|
|
|
/* Well, the rename failed. */
|
2024-10-05 14:46:33 -07:00
|
|
|
report_rename_failure(fname_new, fname, errno);
|
2022-02-20 19:39:37 +00:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
/* Attempt to reopen the random file descriptor using the
|
|
|
|
|
current file's filename. (At this point, the sequential
|
|
|
|
|
file descriptor is closed.) */
|
|
|
|
|
if (!wtap_fdreopen(cf->provider.wth, cf->filename, &err)) {
|
|
|
|
|
/* Oh, well, we're screwed. */
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_open_failure(cf->filename, err, NULL);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2022-05-31 22:08:13 -04:00
|
|
|
g_free(fname_new);
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If this was a temporary file, and we didn't do the save by doing
|
|
|
|
|
a move, so the tempoary file is still around under its old name,
|
|
|
|
|
remove it. */
|
|
|
|
|
if (cf->is_tempfile && how_to_save != SAVE_WITH_MOVE) {
|
|
|
|
|
/* If this fails, there's not much we can do, so just ignore errors. */
|
|
|
|
|
ws_unlink(cf->filename);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf_callback_invoke(cf_cb_file_save_finished, NULL);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->unsaved_changes = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
if (!dont_reopen) {
|
|
|
|
|
switch (how_to_save) {
|
|
|
|
|
|
|
|
|
|
case SAVE_WITH_MOVE:
|
|
|
|
|
/* We just moved the file, so the wtap structure refers to the
|
|
|
|
|
new file, and all the information other than the filename
|
|
|
|
|
and the "is temporary" status applies to the new file; just
|
|
|
|
|
update that. */
|
|
|
|
|
g_free(cf->filename);
|
|
|
|
|
cf->filename = g_strdup(fname);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->is_tempfile = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_callback_invoke(cf_cb_file_fast_save_finished, cf);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SAVE_WITH_COPY:
|
|
|
|
|
/* We just copied the file, so all the information other than
|
file: Only change the file descriptors on a Save with Copy
If we do a save with copy, so that we just copied the binary
file, everything in the wtap structure should be the same except
for the filename and the file descriptors, so just change that
instead of closing wtap and reopening it.
The current behavior of calling wtap_open_offline does not work
for files that have blocks (SHBs, IDBs, NRBs, DSBs, ISBs, etc.) in
the middle of the file instead of at the beginning, but we shouldn't
have to waste time rescanning the entire file either.
In the case where a specific file format reader was manually selected,
this will keep the same file format as selected instead of switching to
the auto-detection when opening the copy, just as SAVE_WITH_MOVE already
does and presumably what the user wants.
Update wtap_fdreopen to change the wtap struct's pathname if
wtap_fdreopen is called with a different filename than currently.
Fix #17472
2022-05-30 15:18:50 -04:00
|
|
|
the file descriptors, the filename, and the "is temporary"
|
2022-02-20 19:39:37 +00:00
|
|
|
status applies to the new file; just update that. */
|
file: Only change the file descriptors on a Save with Copy
If we do a save with copy, so that we just copied the binary
file, everything in the wtap structure should be the same except
for the filename and the file descriptors, so just change that
instead of closing wtap and reopening it.
The current behavior of calling wtap_open_offline does not work
for files that have blocks (SHBs, IDBs, NRBs, DSBs, ISBs, etc.) in
the middle of the file instead of at the beginning, but we shouldn't
have to waste time rescanning the entire file either.
In the case where a specific file format reader was manually selected,
this will keep the same file format as selected instead of switching to
the auto-detection when opening the copy, just as SAVE_WITH_MOVE already
does and presumably what the user wants.
Update wtap_fdreopen to change the wtap struct's pathname if
wtap_fdreopen is called with a different filename than currently.
Fix #17472
2022-05-30 15:18:50 -04:00
|
|
|
wtap_fdclose(cf->provider.wth);
|
|
|
|
|
/* Attempt to reopen the random file descriptor using the
|
|
|
|
|
new file's filename. (At this point, the sequential
|
|
|
|
|
file descriptor is closed.) */
|
|
|
|
|
if (!wtap_fdreopen(cf->provider.wth, fname, &err)) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_open_failure(fname, err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_close(cf);
|
|
|
|
|
} else {
|
|
|
|
|
g_free(cf->filename);
|
|
|
|
|
cf->filename = g_strdup(fname);
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->is_tempfile = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
cf_callback_invoke(cf_cb_file_fast_save_finished, cf);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SAVE_WITH_WTAP:
|
|
|
|
|
/* Open and read the file we saved to.
|
|
|
|
|
|
|
|
|
|
XXX - this is somewhat of a waste; we already have the
|
|
|
|
|
packets, all this gets us is updated file type information
|
|
|
|
|
(which we could just stuff into "cf"), and having the new
|
|
|
|
|
file be the one we have opened and from which we're reading
|
|
|
|
|
the data, and it means we have to spend time opening and
|
|
|
|
|
reading the file, which could be a significant amount of
|
|
|
|
|
time if the file is large.
|
|
|
|
|
|
|
|
|
|
If the capture-file-writing code were to return the
|
|
|
|
|
seek offset of each packet it writes, we could save that
|
|
|
|
|
in the frame_data structure for the frame, and just open
|
|
|
|
|
the file without reading it again...
|
|
|
|
|
|
|
|
|
|
...as long as, for gzipped files, the process of writing
|
|
|
|
|
out the file *also* generates the information needed to
|
|
|
|
|
support fast random access to the compressed file. */
|
|
|
|
|
/* rescan_file will cause us to try all open_routines, so
|
|
|
|
|
reset cfile's open_type */
|
|
|
|
|
cf->open_type = WTAP_TYPE_AUTO;
|
|
|
|
|
/* There are cases when SAVE_WITH_WTAP can result in new packets
|
|
|
|
|
being written to the file, e.g ERF records
|
|
|
|
|
In that case, we need to reload the whole file */
|
|
|
|
|
if(needs_reload) {
|
2024-07-07 16:00:12 -04:00
|
|
|
if (cf_open(cf, fname, WTAP_TYPE_AUTO, false, &err) == CF_OK) {
|
|
|
|
|
if (cf_read(cf, /*reloading=*/true) != CF_READ_OK) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* The rescan failed; just close the file. Either
|
|
|
|
|
a dialog was popped up for the failure, so the
|
|
|
|
|
user knows what happened, or they stopped the
|
|
|
|
|
rescan, in which case they know what happened. */
|
|
|
|
|
/* XXX: This is inconsistent with normal open/reload behaviour. */
|
|
|
|
|
cf_close(cf);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
2024-07-07 16:00:12 -04:00
|
|
|
if (rescan_file(cf, fname, false) != CF_READ_OK) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* The rescan failed; just close the file. Either
|
|
|
|
|
a dialog was popped up for the failure, so the
|
|
|
|
|
user knows what happened, or they stopped the
|
|
|
|
|
rescan, in which case they know what happened. */
|
|
|
|
|
cf_close(cf);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If we were told to discard the comments, do so. */
|
|
|
|
|
if (discard_comments) {
|
|
|
|
|
/* Remove SHB comment, if any. */
|
|
|
|
|
wtap_write_shb_comment(cf->provider.wth, NULL);
|
|
|
|
|
|
|
|
|
|
/* remove all user comments */
|
|
|
|
|
for (framenum = 1; framenum <= cf->count; framenum++) {
|
|
|
|
|
fdata = frame_data_sequence_find(cf->provider.frames, framenum);
|
|
|
|
|
|
|
|
|
|
// XXX: This also ignores non-comment options like verdict
|
2024-07-07 16:00:12 -04:00
|
|
|
fdata->has_modified_block = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cf->provider.frames_modified_blocks) {
|
|
|
|
|
g_tree_destroy(cf->provider.frames_modified_blocks);
|
|
|
|
|
cf->provider.frames_modified_blocks = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf->packet_comment_count = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return CF_WRITE_OK;
|
|
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
if (fname_new != NULL) {
|
|
|
|
|
/* We were trying to write to a temporary file; get rid of it if it
|
|
|
|
|
exists. (We don't care whether this fails, as, if it fails,
|
|
|
|
|
there's not much we can do about it. I guess if it failed for
|
|
|
|
|
a reason other than "it doesn't exist", we could report an
|
|
|
|
|
error, so the user knows there's a junk file that they might
|
|
|
|
|
want to clean up.) */
|
|
|
|
|
ws_unlink(fname_new);
|
|
|
|
|
g_free(fname_new);
|
|
|
|
|
}
|
|
|
|
|
cf_callback_invoke(cf_cb_file_save_failed, NULL);
|
|
|
|
|
return CF_WRITE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cf_write_status_t
|
|
|
|
|
cf_export_specified_packets(capture_file *cf, const char *fname,
|
2024-07-07 16:00:12 -04:00
|
|
|
packet_range_t *range, unsigned save_format,
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_compression_type compression_type)
|
|
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
char *fname_new = NULL;
|
2022-02-20 19:39:37 +00:00
|
|
|
int err;
|
2024-07-07 16:00:12 -04:00
|
|
|
char *err_info;
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_dumper *pdh;
|
|
|
|
|
save_callback_args_t callback_args;
|
|
|
|
|
wtap_dump_params params;
|
|
|
|
|
int encap;
|
|
|
|
|
|
2024-07-07 16:00:12 -04:00
|
|
|
callback_args.export = true;
|
2022-02-20 19:39:37 +00:00
|
|
|
packet_range_process_init(range);
|
|
|
|
|
|
|
|
|
|
/* We're writing out specified packets from the specified capture
|
|
|
|
|
file to another file. Even if all captured packets are to be
|
|
|
|
|
written, don't special-case the operation - read each packet
|
|
|
|
|
and then write it out if it's one of the specified ones. */
|
2012-02-15 19:44:16 +00:00
|
|
|
|
2018-11-13 16:10:53 -08:00
|
|
|
wtap_dump_params_init(¶ms, cf->provider.wth);
|
2012-02-20 20:15:51 +00:00
|
|
|
|
Add a routine that, given a set of packet encapsulation types, returns
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
2012-07-20 04:00:29 +00:00
|
|
|
/* Determine what file encapsulation type we should use. */
|
2023-03-17 18:22:59 -07:00
|
|
|
encap = wtap_dump_required_file_encap_type(cf->linktypes);
|
2018-11-13 16:10:53 -08:00
|
|
|
params.encap = encap;
|
|
|
|
|
|
|
|
|
|
/* Use the snaplen from cf (XXX - does wtap_dump_params_init handle that?) */
|
|
|
|
|
params.snaplen = cf->snap;
|
Add a routine that, given a set of packet encapsulation types, returns
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
2012-07-20 04:00:29 +00:00
|
|
|
|
2012-05-24 02:16:53 +00:00
|
|
|
if (file_exists(fname)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
/* We're overwriting an existing file; write out to a new file,
|
|
|
|
|
and, if that succeeds, rename the new file on top of the
|
|
|
|
|
old file. That makes this a "safe save", so that we don't
|
|
|
|
|
lose the old file if we have a problem writing out the new
|
|
|
|
|
file. (If the existing file is the current capture file,
|
|
|
|
|
we *HAVE* to do that, otherwise we're overwriting the file
|
|
|
|
|
from which we're reading the packets that we're writing!) */
|
|
|
|
|
fname_new = ws_strdup_printf("%s~", fname);
|
|
|
|
|
pdh = wtap_dump_open(fname_new, save_format, compression_type, ¶ms,
|
|
|
|
|
&err, &err_info);
|
We're an editor now, as we let you add, delete, and edit frame comments,
so "Save" should, for non-temporary files, mean "save the current state
of the capture file on top of the existing file" without prompting for a
file name.
That means we have to do a "safe save" - i.e, write the capture out to a
new file and, if that succeeds, rename the new file on top of the old
file - as the actual packet data to write out is in the file we're
overwriting, not in memory. (We'd want to do that anyway, of
course....)
Update some comments.
Clean up indentation slightly, and get rid of an unnecessary variable
(in all the cases where we use it, we assign it the same value, and that
value isn't modified out from under us before we use it).
Note that after a "Save", or a "Save As" that writes out all captured
packets, we shouldn't have to close the current file and open the new
file and reread it - we should be able to open the new file and update
the frame offsets in the frame_data structures.
Note that we need to do some a better job of reporting rename failures.
svn path=/trunk/; revision=42777
2012-05-22 10:36:40 +00:00
|
|
|
} else {
|
2022-02-20 19:39:37 +00:00
|
|
|
pdh = wtap_dump_open(fname, save_format, compression_type, ¶ms,
|
|
|
|
|
&err, &err_info);
|
We're an editor now, as we let you add, delete, and edit frame comments,
so "Save" should, for non-temporary files, mean "save the current state
of the capture file on top of the existing file" without prompting for a
file name.
That means we have to do a "safe save" - i.e, write the capture out to a
new file and, if that succeeds, rename the new file on top of the old
file - as the actual packet data to write out is in the file we're
overwriting, not in memory. (We'd want to do that anyway, of
course....)
Update some comments.
Clean up indentation slightly, and get rid of an unnecessary variable
(in all the cases where we use it, we assign it the same value, and that
value isn't modified out from under us before we use it).
Note that after a "Save", or a "Save As" that writes out all captured
packets, we shouldn't have to close the current file and open the new
file and reread it - we should be able to open the new file and update
the frame offsets in the frame_data structures.
Note that we need to do some a better job of reporting rename failures.
svn path=/trunk/; revision=42777
2012-05-22 10:36:40 +00:00
|
|
|
}
|
2018-11-11 15:49:12 +01:00
|
|
|
/* XXX idb_inf is documented to be used until wtap_dump_close. */
|
2018-11-13 16:10:53 -08:00
|
|
|
g_free(params.idb_inf);
|
|
|
|
|
params.idb_inf = NULL;
|
2012-03-15 02:35:49 +00:00
|
|
|
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
if (pdh == NULL) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_dump_open_failure(fname, err, err_info, save_format);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto fail;
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
}
|
Improve the alert boxes put up for file open/read/write errors. (Some
influence came from
http://developer.apple.com/techpubs/mac/HIGuidelines/HIGuidelines-232.html
which has a section on dialog box and alert box messages. However,
we're largely dealing with technoids, not with The Rest Of Us, so I
didn't go as far as one perhaps should.)
Unfortunately, it looks like it's a bit more work to arrange that, if
you give a bad file name to the "-r" flag, the dialog box pop up only
*after* the main window pops up - it has the annoying habit of popping
up *before* the main window pops up, and sometimes getting *obscured* by
it, when I do that. The removal of the dialog box stuff from
"load_cap_file()" was intended to facilitate that work. (It might also
be nice if, when an open from the "File/Open" menu item fails, we keep
the file selection box open, and give the user a chance to correct
typos, choose another file name, etc.)
svn path=/trunk/; revision=310
1999-06-12 09:10:20 +00:00
|
|
|
|
2012-02-08 20:15:59 +00:00
|
|
|
/* Add address resolution */
|
2022-02-20 19:39:37 +00:00
|
|
|
wtap_dump_set_addrinfo_list(pdh, get_addrinfo_list());
|
2012-02-08 20:15:59 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
/* Iterate through the list of packets, processing the packets we were
|
|
|
|
|
told to process.
|
|
|
|
|
|
|
|
|
|
XXX - we've already called "packet_range_process_init(range)", but
|
|
|
|
|
"process_specified_records()" will do it again. Fortunately,
|
|
|
|
|
that's harmless in this case, as we haven't done anything to
|
|
|
|
|
"range" since we initialized it. */
|
2004-01-09 22:56:59 +00:00
|
|
|
callback_args.pdh = pdh;
|
|
|
|
|
callback_args.fname = fname;
|
When reporting "sorry, *this* packet can't be written to a file of that
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
2011-11-19 20:18:01 +00:00
|
|
|
callback_args.file_type = save_format;
|
2022-02-20 19:39:37 +00:00
|
|
|
switch (process_specified_records(cf, range, "Writing", "specified records",
|
2024-07-07 16:00:12 -04:00
|
|
|
true, save_record, &callback_args, true)) {
|
2004-01-02 21:01:40 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FINISHED:
|
|
|
|
|
/* Completed successfully. */
|
|
|
|
|
break;
|
Improve the alert boxes put up for file open/read/write errors. (Some
influence came from
http://developer.apple.com/techpubs/mac/HIGuidelines/HIGuidelines-232.html
which has a section on dialog box and alert box messages. However,
we're largely dealing with technoids, not with The Rest Of Us, so I
didn't go as far as one perhaps should.)
Unfortunately, it looks like it's a bit more work to arrange that, if
you give a bad file name to the "-r" flag, the dialog box pop up only
*after* the main window pops up - it has the annoying habit of popping
up *before* the main window pops up, and sometimes getting *obscured* by
it, when I do that. The removal of the dialog box stuff from
"load_cap_file()" was intended to facilitate that work. (It might also
be nice if, when an open from the "File/Open" menu item fails, we keep
the file selection box open, and give the user a chance to correct
typos, choose another file name, etc.)
svn path=/trunk/; revision=310
1999-06-12 09:10:20 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_STOPPED:
|
|
|
|
|
/* The user decided to abort the saving.
|
|
|
|
|
If we're writing to a temporary file, remove it.
|
|
|
|
|
XXX - should we do so even if we're not writing to a
|
|
|
|
|
temporary file? */
|
2022-03-14 12:11:24 -07:00
|
|
|
wtap_dump_close(pdh, NULL, &err, &err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fname_new != NULL) {
|
|
|
|
|
ws_unlink(fname_new);
|
|
|
|
|
g_free(fname_new);
|
|
|
|
|
}
|
2023-07-18 18:26:58 -04:00
|
|
|
wtap_dump_params_cleanup(¶ms);
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_WRITE_ABORTED;
|
2017-06-01 20:34:25 +12:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
case PSP_FAILED:
|
|
|
|
|
/* Error while saving. */
|
2022-03-14 12:11:24 -07:00
|
|
|
wtap_dump_close(pdh, NULL, &err, &err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
/*
|
|
|
|
|
* We don't report any error from closing; the error that caused
|
|
|
|
|
* process_specified_records() to fail has already been reported.
|
|
|
|
|
*/
|
|
|
|
|
goto fail;
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
}
|
If we do a Save or Save As with a move, don't reread the capture file,
just tweak the elements in the capture_file structure as necessary and
poke the UI to update stuff such as the windows title.
If we do a Save or Save As with a copy, don't reread the capture file,
just close the old wtap, open a wtap for the copy, and tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title.
Otherwise, don't do a full read-and-dissect pass on the capture file,
just close the old wtap, open a wtap for the new file, tweak the
elements in the capture_file structure as necessary and poke the UI to
update stuff such as the windows title, and rescan the file to update
the packet offsets (and cause Wiretap to regenerate, for a gzipped file,
the information needed to support fast random access to the gzipped
file).
This should speed up Save and Save As a bit, as well as removing some
glitches in the UI (e.g., you won't see the packet list disappear and
reappear).
svn path=/trunk/; revision=43101
2012-06-05 06:52:18 +00:00
|
|
|
|
2022-03-14 12:11:24 -07:00
|
|
|
if (!wtap_dump_close(pdh, NULL, &err, &err_info)) {
|
2024-10-05 14:46:33 -07:00
|
|
|
report_cfile_close_failure(fname, err, err_info);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto fail;
|
|
|
|
|
}
|
2004-01-02 21:01:40 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fname_new != NULL) {
|
|
|
|
|
/* We wrote out to fname_new, and should rename it on top of
|
|
|
|
|
fname; fname is now closed, so that should be possible even
|
|
|
|
|
on Windows. Do the rename. */
|
|
|
|
|
if (ws_rename(fname_new, fname) == -1) {
|
|
|
|
|
/* Well, the rename failed. */
|
2024-10-05 14:46:33 -07:00
|
|
|
report_rename_failure(fname_new, fname, errno);
|
2022-02-20 19:39:37 +00:00
|
|
|
goto fail;
|
2017-06-01 20:34:25 +12:00
|
|
|
}
|
2022-02-20 19:39:37 +00:00
|
|
|
g_free(fname_new);
|
Allow the user to save either all of the current capture, or only the
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
1999-11-30 20:50:15 +00:00
|
|
|
}
|
2023-07-18 18:26:58 -04:00
|
|
|
wtap_dump_params_cleanup(¶ms);
|
2012-06-20 01:11:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_WRITE_OK;
|
2002-05-23 10:27:12 +00:00
|
|
|
|
|
|
|
|
fail:
|
2022-02-20 19:39:37 +00:00
|
|
|
if (fname_new != NULL) {
|
|
|
|
|
/* We were trying to write to a temporary file; get rid of it if it
|
|
|
|
|
exists. (We don't care whether this fails, as, if it fails,
|
|
|
|
|
there's not much we can do about it. I guess if it failed for
|
|
|
|
|
a reason other than "it doesn't exist", we could report an
|
|
|
|
|
error, so the user knows there's a junk file that they might
|
|
|
|
|
want to clean up.) */
|
Distinguish between "failed" and "user stopped it" for "save as" and
"export specified packets". For "failed", let the user try again with a
different file, in case it failed due to, for example, running out of
space or quota (probably the most likely failure mode for writing, and
trying to a different volume might be the best workaround). For "user
stopped it", presumably they don't want to try again (the most likely
reason is "it was taking too damn long").
Put "Exporting to: ...", not "Saving: ..." in the statusbar if we're
doing "export specified packets".
In process_specified_packets(), allow a null range pointer to be
specified, meaning "save 'em all"; that avoids the possibly-expensive
(with a large capture) operation of initializing the range.
If a "safe save" atop an existing file fails or is stopped, get rid of
the temporary file we created.
svn path=/trunk/; revision=43095
2012-06-05 02:46:54 +00:00
|
|
|
ws_unlink(fname_new);
|
2021-05-22 12:23:50 -07:00
|
|
|
g_free(fname_new);
|
2012-05-24 02:16:53 +00:00
|
|
|
}
|
2023-07-18 18:26:58 -04:00
|
|
|
wtap_dump_params_cleanup(¶ms);
|
|
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
return CF_WRITE_ERROR;
|
We're an editor now, as we let you add, delete, and edit frame comments,
so "Save" should, for non-temporary files, mean "save the current state
of the capture file on top of the existing file" without prompting for a
file name.
That means we have to do a "safe save" - i.e, write the capture out to a
new file and, if that succeeds, rename the new file on top of the old
file - as the actual packet data to write out is in the file we're
overwriting, not in memory. (We'd want to do that anyway, of
course....)
Update some comments.
Clean up indentation slightly, and get rid of an unnecessary variable
(in all the cases where we use it, we assign it the same value, and that
value isn't modified out from under us before we use it).
Note that after a "Save", or a "Save As" that writes out all captured
packets, we shouldn't have to close the current file and open the new
file and reread it - we should be able to open the new file and update
the frame offsets in the frame_data structures.
Note that we need to do some a better job of reporting rename failures.
svn path=/trunk/; revision=42777
2012-05-22 10:36:40 +00:00
|
|
|
}
|
|
|
|
|
|
2004-09-02 19:52:39 +00:00
|
|
|
/* Reload the current capture file. */
|
2021-10-03 21:16:16 +02:00
|
|
|
cf_status_t
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_reload(capture_file *cf)
|
|
|
|
|
{
|
2024-07-07 16:00:12 -04:00
|
|
|
char *filename;
|
|
|
|
|
bool is_tempfile;
|
2022-02-20 19:39:37 +00:00
|
|
|
cf_status_t cf_status = CF_OK;
|
|
|
|
|
int err;
|
2010-04-01 21:55:01 +00:00
|
|
|
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf->read_lock) {
|
|
|
|
|
ws_warning("Failing cf_reload(\"%s\") since a read is in progress", cf->filename);
|
|
|
|
|
return CF_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If the file could be opened, "cf_open()" calls "cf_close()"
|
|
|
|
|
to get rid of state for the old capture file before filling in state
|
|
|
|
|
for the new capture file. "cf_close()" will remove the file if
|
|
|
|
|
it's a temporary file; we don't want that to happen (for one thing,
|
|
|
|
|
it'd prevent subsequent reopens from working). Remember whether it's
|
|
|
|
|
a temporary file, mark it as not being a temporary file, and then
|
|
|
|
|
reopen it as the type of file it was.
|
|
|
|
|
|
|
|
|
|
Also, "cf_close()" will free "cf->filename", so we must make
|
|
|
|
|
a copy of it first. */
|
|
|
|
|
filename = g_strdup(cf->filename);
|
|
|
|
|
is_tempfile = cf->is_tempfile;
|
2024-07-07 16:00:12 -04:00
|
|
|
cf->is_tempfile = false;
|
2022-02-20 19:39:37 +00:00
|
|
|
if (cf_open(cf, filename, cf->open_type, is_tempfile, &err) == CF_OK) {
|
2024-07-07 16:00:12 -04:00
|
|
|
switch (cf_read(cf, /*reloading=*/true)) {
|
2022-02-20 19:39:37 +00:00
|
|
|
|
|
|
|
|
case CF_READ_OK:
|
|
|
|
|
case CF_READ_ERROR:
|
|
|
|
|
/* Just because we got an error, that doesn't mean we were unable
|
|
|
|
|
to read any of the file; we handle what we could get from the
|
|
|
|
|
file. */
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case CF_READ_ABORTED:
|
|
|
|
|
/* The user bailed out of re-reading the capture file; the
|
|
|
|
|
capture file has been closed. */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* The open failed, so "cf->is_tempfile" wasn't set to "is_tempfile".
|
|
|
|
|
Instead, the file was left open, so we should restore "cf->is_tempfile"
|
|
|
|
|
ourselves.
|
|
|
|
|
|
|
|
|
|
XXX - change the menu? Presumably "cf_open()" will do that;
|
|
|
|
|
make sure it does! */
|
|
|
|
|
cf->is_tempfile = is_tempfile;
|
|
|
|
|
cf_status = CF_ERROR;
|
|
|
|
|
}
|
|
|
|
|
/* "cf_open()" made a copy of the file name we handed it, so
|
|
|
|
|
we should free up our copy. */
|
|
|
|
|
g_free(filename);
|
|
|
|
|
return cf_status;
|
|
|
|
|
}
|
