search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wsutil/wsgcrypt.c decrypt_des_ecb
[wireshark-sm.git] / rawshark.c
blob585b63c1c9950f414653c79baffcad763e02696c
1 /* rawshark.c
2 *
3 * Wireshark - Network traffic analyzer
4 * By Gerald Combs <gerald@wireshark.org>
5 * Copyright 1998 Gerald Combs
6 *
7 * Rawshark - Raw field extractor by Gerald Combs <gerald@wireshark.org>
8 * and Loris Degioanni <loris.degioanni@cacetech.com>
9 * Based on TShark, by Gilbert Ramirez <gram@alumni.rice.edu> and Guy Harris
10 * <guy@alum.mit.edu>.
11 *
12 * SPDX-License-Identifier: GPL-2.0-or-later
13 */
14
15 /*
16 * Rawshark does the following:
17 * - Opens a specified file or named pipe
18 * - Applies a specified DLT or "decode as" encapsulation
19 * - Reads frames prepended with a libpcap packet header.
20 * - Prints a status line, followed by fields from a specified list.
21 */
22
23 #include <config.h>
24 #define WS_LOG_DOMAIN LOG_DOMAIN_MAIN
25
26 #include <stdlib.h>
27 #include <stdio.h>
28 #include <string.h>
29 #include <locale.h>
30 #include <limits.h>
31
32 #ifndef _WIN32
33 #include <sys/time.h>
34 #include <sys/resource.h>
35 #endif
36
37 #include <errno.h>
38
39 #include <ws_exit_codes.h>
40 #include <wsutil/ws_getopt.h>
41
42 #include <glib.h>
43 #include <epan/epan.h>
44
45 #include <epan/tfs.h>
46 #include <wsutil/array.h>
47 #include <wsutil/cmdarg_err.h>
48 #include <wsutil/filesystem.h>
49 #include <wsutil/file_util.h>
50 #include <wsutil/socket.h>
51 #include <wsutil/privileges.h>
52 #include <wsutil/please_report_bug.h>
53 #include <wsutil/wslog.h>
54 #include <wsutil/clopts_common.h>
55
56 #ifdef _WIN32
57 #include <wsutil/unicode-utils.h>
58 #include <wsutil/win32-utils.h>
59 #endif
60
61 #include "globals.h"
62 #include <epan/packet.h>
63 #include <epan/ftypes/ftypes.h>
64 #include "file.h"
65 #include "frame_tvbuff.h"
66 #include <epan/disabled_protos.h>
67 #include <epan/prefs.h>
68 #include <epan/column.h>
69 #include <epan/print.h>
70 #include <epan/addr_resolv.h>
71 #ifdef HAVE_LIBPCAP
72 #include "ui/capture_ui_utils.h"
73 #endif
74 #include "ui/util.h"
75 #include "ui/dissect_opts.h"
76 #include "ui/failure_message.h"
77 #include <epan/epan_dissect.h>
78 #include <epan/stat_tap_ui.h>
79 #include <epan/timestamp.h>
80 #include "epan/column-utils.h"
81 #include "epan/proto.h"
82 #include <epan/tap.h>
83
84 #include <wiretap/wtap.h>
85 #include <wiretap/libpcap.h>
86 #include <wiretap/pcap-encap.h>
87
88 #include <cli_main.h>
89 #include <wsutil/version_info.h>
90
91 #include "capture/capture-pcap-util.h"
92
93 #ifdef HAVE_LIBPCAP
94 #include <setjmp.h>
95 #ifdef _WIN32
96 #include "capture/capture-wpcap.h"
97 #endif /* _WIN32 */
98 #endif /* HAVE_LIBPCAP */
99
100 #if 0
101 /*
102 * This is the template for the decode as option; it is shared between the
103 * various functions that output the usage for this parameter.
104 */
105 static const char decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>";
106 #endif
107
108 /* Additional exit codes */
109 #define INVALID_DFILTER 2
110 #define FORMAT_ERROR 2
111
112 capture_file cfile;
113
114 static uint32_t cum_bytes;
115 static frame_data ref_frame;
116 static frame_data prev_dis_frame;
117 static frame_data prev_cap_frame;
118
119 /*
120 * The way the packet decode is to be written.
121 */
122 typedef enum {
123 WRITE_TEXT, /* summary or detail text */
124 WRITE_XML /* PDML or PSML */
125 /* Add CSV and the like here */
126 } output_action_e;
127
128 static bool line_buffered;
129 static print_format_e print_format = PR_FMT_TEXT;
130
131 static bool want_pcap_pkthdr;
132
133 cf_status_t raw_cf_open(capture_file *cf, const char *fname);
134 static bool load_cap_file(capture_file *cf);
135 static bool process_packet(capture_file *cf, epan_dissect_t *edt, int64_t offset,
136 wtap_rec *rec, Buffer *buf);
137 static void show_print_file_io_error(int err);
138
139 static void rawshark_cmdarg_err(const char *fmt, va_list ap);
140 static void rawshark_cmdarg_err_cont(const char *fmt, va_list ap);
141 static void protocolinfo_init(char *field);
142 static bool parse_field_string_format(char *format);
143
144 typedef enum {
145 SF_NONE, /* No format (placeholder) */
146 SF_NAME, /* %D Field name / description */
147 SF_NUMVAL, /* %N Numeric value */
148 SF_STRVAL /* %S String value */
149 } string_fmt_e;
150
151 typedef struct string_fmt_s {
152 char *plain;
153 string_fmt_e format; /* Valid if plain is NULL */
154 } string_fmt_t;
155
156 int n_rfilters;
157 int n_rfcodes;
158 dfilter_t *rfcodes[64];
159 int n_rfieldfilters;
160 dfilter_t *rfieldfcodes[64];
161 int fd;
162 int encap;
163 GPtrArray *string_fmts;
164
165 static void
166 print_usage(FILE *output)
167 {
168 fprintf(output, "\n");
169 fprintf(output, "Usage: rawshark [options] ...\n");
170 fprintf(output, "\n");
171
172 fprintf(output, "Input file:\n");
173 fprintf(output, " -r <infile>, --read-file <infile>\n");
174 fprintf(output," set the pipe or file name to read from\n");
175
176 fprintf(output, "\n");
177 fprintf(output, "Processing:\n");
178 fprintf(output, " -d <encap:linktype>|<proto:protoname>\n");
179 fprintf(output, " packet encapsulation or protocol\n");
180 fprintf(output, " -F <field> field to display\n");
181 #if !defined(_WIN32) && defined(RLIMIT_AS)
182 fprintf(output, " -m virtual memory limit, in bytes\n");
183 #endif
184 fprintf(output, " -n disable all name resolutions (def: \"mNd\" enabled, or\n");
185 fprintf(output, " as set in preferences)\n");
186 fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtdv\"\n");
187 fprintf(output, " -p use the system's packet header format\n");
188 fprintf(output, " (which may have 64-bit timestamps)\n");
189 fprintf(output, " -R <read filter>, --read-filter <read filter>\n");
190 fprintf(output, " packet filter in Wireshark display filter syntax\n");
191 fprintf(output, " -s skip PCAP header on input\n");
192 fprintf(output, " -Y <display filter>, --display-filter <display filter>\n");
193 fprintf(output, " packet filter in Wireshark display filter syntax\n");
194 fprintf(output, " --enable-protocol <proto_name>\n");
195 fprintf(output, " enable dissection of proto_name\n");
196 fprintf(output, " --disable-protocol <proto_name>\n");
197 fprintf(output, " disable dissection of proto_name\n");
198 fprintf(output, " --only-protocols <protocols>\n");
199 fprintf(output, " Only enable dissection of these protocols, comma\n");
200 fprintf(output, " separated. Disable everything else\n");
201 fprintf(output, " --disable-all-protocols\n");
202 fprintf(output, " Disable dissection of all protocols\n");
203 fprintf(output, " --enable-heuristic <short_name>\n");
204 fprintf(output, " enable dissection of heuristic protocol\n");
205 fprintf(output, " --disable-heuristic <short_name>\n");
206 fprintf(output, " disable dissection of heuristic protocol\n");
207
208 fprintf(output, "\n");
209 fprintf(output, "Output:\n");
210 fprintf(output, " -l flush output after each packet\n");
211 fprintf(output, " -S format string for fields\n");
212 fprintf(output, " (%%D - name, %%S - stringval, %%N numval)\n");
213 fprintf(output, " -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N]\n");
214 fprintf(output, " output format of time stamps (def: r: rel. to first)\n");
215 fprintf(output, " -u s|hms output format of seconds (def: s: seconds)\n");
216 fprintf(output, "\n");
217
218 ws_log_print_usage(output);
219 fprintf(output, "\n");
220
221 fprintf(output, "\n");
222 fprintf(output, "Miscellaneous:\n");
223 fprintf(output, " -h, --help display this help and exit\n");
224 fprintf(output, " -v, --version display version info and exit\n");
225 fprintf(output, " -o <name>:<value> ... override preference setting\n");
226 fprintf(output, " -K <keytab> keytab file to use for kerberos decryption\n");
227 }
228
229 /**
230 * Open a pipe for raw input. This is a stripped-down version of
231 * pcap_loop.c:cap_pipe_open_live().
232 * We check if "pipe_name" is "-" (stdin) or a FIFO, and open it.
233 * @param pipe_name The name of the pipe or FIFO.
234 * @return A POSIX file descriptor on success, or -1 on failure.
235 */
236 static int
237 raw_pipe_open(const char *pipe_name)
238 {
239 #ifndef _WIN32
240 ws_statb64 pipe_stat;
241 #else
242 DWORD err;
243 wchar_t *err_str;
244 HANDLE hPipe = NULL;
245 #endif
246 int rfd;
247
248 ws_log(LOG_DOMAIN_CAPCHILD, LOG_LEVEL_DEBUG, "open_raw_pipe: %s", pipe_name);
249
250 /*
251 * XXX Rawshark blocks until we return
252 */
253 if (strcmp(pipe_name, "-") == 0) {
254 rfd = 0; /* read from stdin */
255 #ifdef _WIN32
256 /*
257 * This is needed to set the stdin pipe into binary mode, otherwise
258 * CR/LF are mangled...
259 */
260 _setmode(0, _O_BINARY);
261 #endif /* _WIN32 */
262 } else {
263 #ifndef _WIN32
264 if (ws_stat64(pipe_name, &pipe_stat) < 0) {
265 fprintf(stderr, "rawshark: The pipe %s could not be checked: %s\n",
266 pipe_name, g_strerror(errno));
267 return -1;
268 }
269 if (! S_ISFIFO(pipe_stat.st_mode)) {
270 if (S_ISCHR(pipe_stat.st_mode)) {
271 /*
272 * Assume the user specified an interface on a system where
273 * interfaces are in /dev. Pretend we haven't seen it.
274 */
275 } else
276 {
277 fprintf(stderr, "rawshark: \"%s\" is neither an interface nor a pipe\n",
278 pipe_name);
279 }
280 return -1;
281 }
282 rfd = ws_open(pipe_name, O_RDONLY | O_NONBLOCK, 0000 /* no creation so don't matter */);
283 if (rfd == -1) {
284 fprintf(stderr, "rawshark: \"%s\" could not be opened: %s\n",
285 pipe_name, g_strerror(errno));
286 return -1;
287 }
288 #else /* _WIN32 */
289 if (!win32_is_pipe_name(pipe_name)) {
290 fprintf(stderr, "rawshark: \"%s\" is neither an interface nor a pipe\n",
291 pipe_name);
292 return -1;
293 }
294
295 /* Wait for the pipe to appear */
296 while (1) {
297 hPipe = CreateFile(utf_8to16(pipe_name), GENERIC_READ, 0, NULL,
298 OPEN_EXISTING, 0, NULL);
299
300 if (hPipe != INVALID_HANDLE_VALUE)
301 break;
302
303 err = GetLastError();
304 if (err != ERROR_PIPE_BUSY) {
305 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
306 NULL, err, 0, (LPTSTR) &err_str, 0, NULL);
307 fprintf(stderr, "rawshark: \"%s\" could not be opened: %s (error %lu)\n",
308 pipe_name, utf_16to8(err_str), err);
309 LocalFree(err_str);
310 return -1;
311 }
312
313 if (!WaitNamedPipe(utf_8to16(pipe_name), 30 * 1000)) {
314 err = GetLastError();
315 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
316 NULL, err, 0, (LPTSTR) &err_str, 0, NULL);
317 fprintf(stderr, "rawshark: \"%s\" could not be waited for: %s (error %lu)\n",
318 pipe_name, utf_16to8(err_str), err);
319 LocalFree(err_str);
320 return -1;
321 }
322 }
323
324 rfd = _open_osfhandle((intptr_t) hPipe, _O_RDONLY);
325 if (rfd == -1) {
326 fprintf(stderr, "rawshark: \"%s\" could not be opened: %s\n",
327 pipe_name, g_strerror(errno));
328 return -1;
329 }
330 #endif /* _WIN32 */
331 }
332
333 return rfd;
334 }
335
336 /**
337 * Parse a link-type argument of the form "encap:<pcap linktype>" or
338 * "proto:<proto name>". "Pcap linktype" must be a name conforming to
339 * pcap_datalink_name_to_val() or an integer; the integer should be
340 * a LINKTYPE_ value supported by Wiretap. "Proto name" must be
341 * a protocol name, e.g. "http".
342 */
343 static bool
344 set_link_type(const char *lt_arg) {
345 char *spec_ptr = strchr(lt_arg, ':');
346 char *p;
347 int dlt_val;
348 long val;
349 dissector_handle_t dhandle;
350 GString *pref_str;
351 char *errmsg = NULL;
352
353 if (!spec_ptr)
354 return false;
355
356 spec_ptr++;
357
358 if (strncmp(lt_arg, "encap:", strlen("encap:")) == 0) {
359 dlt_val = linktype_name_to_val(spec_ptr);
360 if (dlt_val == -1) {
361 errno = 0;
362 val = strtol(spec_ptr, &p, 10);
363 if (p == spec_ptr || *p != '\0' || errno != 0 || val > INT_MAX) {
364 return false;
365 }
366 dlt_val = (int)val;
367 }
368 /*
369 * In those cases where a given link-layer header type
370 * has different LINKTYPE_ and DLT_ values, linktype_name_to_val()
371 * will return the OS's DLT_ value for that link-layer header
372 * type, not its OS-independent LINKTYPE_ value.
373 *
374 * On a given OS, wtap_pcap_encap_to_wtap_encap() should
375 * be able to map either LINKTYPE_ values or DLT_ values
376 * for the OS to the appropriate Wiretap encapsulation.
377 */
378 encap = wtap_pcap_encap_to_wtap_encap(dlt_val);
379 if (encap == WTAP_ENCAP_UNKNOWN) {
380 return false;
381 }
382 return true;
383 } else if (strncmp(lt_arg, "proto:", strlen("proto:")) == 0) {
384 dhandle = find_dissector(spec_ptr);
385 if (dhandle) {
386 encap = WTAP_ENCAP_USER0;
387 pref_str = g_string_new("uat:user_dlts:");
388 /* This must match the format used in the user_dlts file */
389 g_string_append_printf(pref_str,
390 "\"User 0 (DLT=147)\",\"%s\",\"0\",\"\",\"0\",\"\"",
391 spec_ptr);
392 if (prefs_set_pref(pref_str->str, &errmsg) != PREFS_SET_OK) {
393 g_string_free(pref_str, TRUE);
394 g_free(errmsg);
395 return false;
396 }
397 g_string_free(pref_str, TRUE);
398 return true;
399 }
400 }
401 return false;
402 }
403
404 int
405 main(int argc, char *argv[])
406 {
407 char *err_msg;
408 int opt, i;
409 df_error_t *df_err;
410
411 #if !defined(_WIN32) && defined(RLIMIT_AS)
412 struct rlimit limit;
413 #endif /* !_WIN32 */
414
415 char *pipe_name = NULL;
416 char *rfilters[64];
417 e_prefs *prefs_p;
418 GPtrArray *disp_fields = g_ptr_array_new();
419 unsigned fc;
420 bool skip_pcap_header = false;
421 int ret = EXIT_SUCCESS;
422 static const struct ws_option long_options[] = {
423 {"help", ws_no_argument, NULL, 'h'},
424 {"version", ws_no_argument, NULL, 'v'},
425 LONGOPT_DISSECT_COMMON
426 LONGOPT_READ_CAPTURE_COMMON
427 {0, 0, 0, 0 }
428 };
429
430 #define OPTSTRING_INIT OPTSTRING_DISSECT_COMMON OPTSTRING_READ_CAPTURE_COMMON "F:hlm:o:psS:v"
431
432 static const char optstring[] = OPTSTRING_INIT;
433
434 /*
435 * Set the C-language locale to the native environment and set the
436 * code page to UTF-8 on Windows.
437 */
438 #ifdef _WIN32
439 setlocale(LC_ALL, ".UTF-8");
440 #else
441 setlocale(LC_ALL, "");
442 #endif
443
444 cmdarg_err_init(rawshark_cmdarg_err, rawshark_cmdarg_err_cont);
445
446 /* Initialize log handler early so we can have proper logging during startup. */
447 ws_log_init("rawshark", vcmdarg_err);
448
449 /* Early logging command-line initialization. */
450 ws_log_parse_args(&argc, argv, vcmdarg_err, WS_EXIT_INVALID_OPTION);
451
452 ws_noisy("Finished log init and parsing command line log arguments");
453
454 /* Initialize the version information. */
455 ws_init_version_info("Rawshark",
456 epan_gather_compile_info,
457 NULL);
458
459 #ifdef _WIN32
460 create_app_running_mutex();
461 #endif /* _WIN32 */
462
463 /*
464 * Get credential information for later use.
465 */
466 init_process_policies();
467
468 /*
469 * Clear the filters arrays
470 */
471 memset(rfilters, 0, sizeof(rfilters));
472 memset(rfcodes, 0, sizeof(rfcodes));
473 n_rfilters = 0;
474 n_rfcodes = 0;
475
476 /*
477 * Initialize our string format
478 */
479 string_fmts = g_ptr_array_new();
480
481 /*
482 * Attempt to get the pathname of the directory containing the
483 * executable file.
484 */
485 err_msg = configuration_init(argv[0], NULL);
486 if (err_msg != NULL) {
487 fprintf(stderr, "rawshark: Can't get pathname of rawshark program: %s.\n",
488 err_msg);
489 }
490
491 init_report_failure_message("rawshark");
492
493 timestamp_set_type(TS_RELATIVE);
494 timestamp_set_precision(TS_PREC_AUTO);
495 timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
496
497 /*
498 * XXX - is this necessary, given that we're not reading a
499 * regular capture file, we're reading rawshark's packet
500 * stream format?
501 *
502 * If it is, note that libwiretap must be initialized before
503 * libwireshark is, so that dissection-time handlers for
504 * file-type-dependent blocks can register using the file
505 * type/subtype value for the file type.
506 */
507 wtap_init(false);
508
509 /* Register all dissectors; we must do this before checking for the
510 "-G" flag, as the "-G" flag dumps information registered by the
511 dissectors, and we must do it before we read the preferences, in
512 case any dissectors register preferences. */
513 if (!epan_init(NULL, NULL, true)) {
514 ret = WS_EXIT_INIT_FAILED;
515 goto clean_exit;
516 }
517
518 /* Load libwireshark settings from the current profile. */
519 prefs_p = epan_load_settings();
520
521 #ifdef _WIN32
522 ws_init_dll_search_path();
523 /* Load Wpcap, if possible */
524 load_wpcap();
525 #endif
526
527 cap_file_init(&cfile);
528
529 /* Print format defaults to this. */
530 print_format = PR_FMT_TEXT;
531
532 /* Initialize our encapsulation type */
533 encap = WTAP_ENCAP_UNKNOWN;
534
535 /* Now get our args */
536 /* XXX - We should probably have an option to dump libpcap link types */
537 while ((opt = ws_getopt_long(argc, argv, optstring, long_options, NULL)) != -1) {
538 switch (opt) {
539 case 'd': /* Payload type */
540 /* XXX: This option should probably be changed so it doesn't
541 * conflict with the common dissection option for Decode As.
542 */
543 if (!set_link_type(ws_optarg)) {
544 cmdarg_err("Invalid link type or protocol \"%s\"", ws_optarg);
545 ret = WS_EXIT_INVALID_OPTION;
546 goto clean_exit;
547 }
548 break;
549 case 'F': /* Read field to display */
550 g_ptr_array_add(disp_fields, g_strdup(ws_optarg));
551 break;
552 case 'h': /* Print help and exit */
553 show_help_header("Dump and analyze network traffic.");
554 print_usage(stdout);
555 goto clean_exit;
556 break;
557 case 'l': /* "Line-buffer" standard output */
558 /* This isn't line-buffering, strictly speaking, it's just
559 flushing the standard output after the information for
560 each packet is printed; however, that should be good
561 enough for all the purposes to which "-l" is put (and
562 is probably actually better for "-V", as it does fewer
563 writes).
564
565 See the comment in "process_packet()" for an explanation of
566 why we do that, and why we don't just use "setvbuf()" to
567 make the standard output line-buffered (short version: in
568 Windows, "line-buffered" is the same as "fully-buffered",
569 and the output buffer is only flushed when it fills up). */
570 line_buffered = true;
571 break;
572 #if !defined(_WIN32) && defined(RLIMIT_AS)
573 case 'm':
574 limit.rlim_cur = get_positive_int(ws_optarg, "memory limit");
575 limit.rlim_max = get_positive_int(ws_optarg, "memory limit");
576
577 if(setrlimit(RLIMIT_AS, &limit) != 0) {
578 cmdarg_err("setrlimit(RLIMIT_AS) failed: %s",
579 g_strerror(errno));
580 ret = WS_EXIT_INVALID_OPTION;
581 goto clean_exit;
582 }
583 break;
584 #endif
585 case 'o': /* Override preference from command line */
586 {
587 char *errmsg = NULL;
588
589 switch (prefs_set_pref(ws_optarg, &errmsg)) {
590
591 case PREFS_SET_OK:
592 break;
593
594 case PREFS_SET_SYNTAX_ERR:
595 cmdarg_err("Invalid -o flag \"%s\"%s%s", ws_optarg,
596 errmsg ? ": " : "", errmsg ? errmsg : "");
597 g_free(errmsg);
598 ret = WS_EXIT_INVALID_OPTION;
599 goto clean_exit;
600 break;
601
602 case PREFS_SET_NO_SUCH_PREF:
603 cmdarg_err("-o flag \"%s\" specifies unknown preference", ws_optarg);
604 ret = WS_EXIT_INVALID_OPTION;
605 goto clean_exit;
606 break;
607
608 case PREFS_SET_OBSOLETE:
609 cmdarg_err("-o flag \"%s\" specifies obsolete preference", ws_optarg);
610 ret = WS_EXIT_INVALID_OPTION;
611 goto clean_exit;
612 break;
613 }
614 break;
615 }
616 case 'p': /* Expect pcap_pkthdr packet headers, which may have 64-bit timestamps */
617 want_pcap_pkthdr = true;
618 break;
619 case 'r': /* Read capture file xxx */
620 pipe_name = g_strdup(ws_optarg);
621 break;
622 case 'R': /* Read file filter */
623 case 'Y': /* Read file filter */
624 /* Read and display filters are the same for rawshark */
625 if(n_rfilters < (int)array_length(rfilters)) {
626 rfilters[n_rfilters++] = ws_optarg;
627 }
628 else {
629 cmdarg_err("Too many display filters");
630 ret = WS_EXIT_INVALID_OPTION;
631 goto clean_exit;
632 }
633 break;
634 case 's': /* Skip PCAP header */
635 skip_pcap_header = true;
636 break;
637 case 'S': /* Print string representations */
638 if (!parse_field_string_format(ws_optarg)) {
639 cmdarg_err("Invalid field string format");
640 ret = WS_EXIT_INVALID_OPTION;
641 goto clean_exit;
642 }
643 break;
644 case 'v': /* Show version and exit */
645 {
646 show_version();
647 goto clean_exit;
648 }
649 /* Common dissection options - 'd' for Decode As also makes
650 * sense, but rawshark uses it for the payload link layer/
651 * dissector selection.
652 */
653 case 'K': /* Kerberos keytab file */
654 case 'n': /* No name resolution */
655 case 'N': /* Select what types of addresses/port #s to resolve */
656 case 't': /* Time stamp type */
657 case 'u': /* Seconds type */
658 case LONGOPT_DISABLE_PROTOCOL: /* disable dissection of protocol */
659 case LONGOPT_ENABLE_HEURISTIC: /* enable heuristic dissection of protocol */
660 case LONGOPT_DISABLE_HEURISTIC: /* disable heuristic dissection of protocol */
661 case LONGOPT_ENABLE_PROTOCOL: /* enable dissection of protocol (that is disabled by default) */
662 case LONGOPT_ONLY_PROTOCOLS: /* enable dissection of only this comma separated list of protocols */
663 case LONGOPT_DISABLE_ALL_PROTOCOLS: /* enable dissection of protocol (that is disabled by default) */
664 if (!dissect_opts_handle_opt(opt, ws_optarg)) {
665 ret = WS_EXIT_INVALID_OPTION;
666 goto clean_exit;
667 }
668 break;
669 default:
670 case '?': /* Bad flag - print usage message */
671 print_usage(stderr);
672 ret = WS_EXIT_INVALID_OPTION;
673 goto clean_exit;
674 }
675 }
676
677 /* Notify all registered modules that have had any of their preferences
678 changed either from one of the preferences file or from the command
679 line that their preferences have changed.
680 Initialize preferences before display filters, otherwise modules
681 like MATE won't work. */
682 prefs_apply_all();
683
684 /* Initialize our display fields */
685 for (fc = 0; fc < disp_fields->len; fc++) {
686 protocolinfo_init((char *)g_ptr_array_index(disp_fields, fc));
687 }
688 g_ptr_array_free(disp_fields, TRUE);
689 printf("\n");
690 fflush(stdout);
691
692 /* If no capture filter or read filter has been specified, and there are
693 still command-line arguments, treat them as the tokens of a capture
694 filter (if no "-r" flag was specified) or a read filter (if a "-r"
695 flag was specified. */
696 if (ws_optind < argc) {
697 if (pipe_name != NULL) {
698 if (n_rfilters != 0) {
699 cmdarg_err("Read filters were specified both with \"-R\" "
700 "and with additional command-line arguments");
701 ret = WS_EXIT_INVALID_OPTION;
702 goto clean_exit;
703 }
704 rfilters[n_rfilters] = get_args_as_string(argc, argv, ws_optind);
705 }
706 }
707
708 /* Make sure we got a dissector handle for our payload. */
709 if (encap == WTAP_ENCAP_UNKNOWN) {
710 cmdarg_err("No valid payload dissector specified.");
711 ret = WS_EXIT_INVALID_OPTION;
712 goto clean_exit;
713 }
714
715 err_msg = ws_init_sockets();
716 if (err_msg != NULL)
717 {
718 cmdarg_err("%s", err_msg);
719 g_free(err_msg);
720 cmdarg_err_cont("%s", please_report_bug());
721 ret = WS_EXIT_INIT_FAILED;
722 goto clean_exit;
723 }
724
725 if (global_dissect_options.time_format != TS_NOT_SET)
726 timestamp_set_type(global_dissect_options.time_format);
727 if (global_dissect_options.time_precision != TS_PREC_NOT_SET)
728 timestamp_set_precision(global_dissect_options.time_precision);
729
730 /*
731 * Enabled and disabled protocols and heuristic dissectors as per
732 * command-line options.
733 */
734 if (!setup_enabled_and_disabled_protocols()) {
735 ret = WS_EXIT_INVALID_OPTION;
736 goto clean_exit;
737 }
738
739 /* Build the column format array */
740 build_column_format_array(&cfile.cinfo, prefs_p->num_cols, true);
741
742 if (n_rfilters != 0) {
743 for (i = 0; i < n_rfilters; i++) {
744 if (!dfilter_compile(rfilters[i], &rfcodes[n_rfcodes], &df_err)) {
745 cmdarg_err("%s", df_err->msg);
746 df_error_free(&df_err);
747 ret = INVALID_DFILTER;
748 goto clean_exit;
749 }
750 n_rfcodes++;
751 }
752 }
753
754 if (pipe_name) {
755 /*
756 * We're reading a pipe (or capture file).
757 */
758
759 /*
760 * Immediately relinquish any special privileges we have; we must not
761 * be allowed to read any capture files the user running Rawshark
762 * can't open.
763 */
764 relinquish_special_privs_perm();
765
766 if (raw_cf_open(&cfile, pipe_name) != CF_OK) {
767 ret = WS_EXIT_OPEN_ERROR;
768 goto clean_exit;
769 }
770
771 /* Do we need to PCAP header and magic? */
772 if (skip_pcap_header) {
773 unsigned int bytes_left = (unsigned int) sizeof(struct pcap_hdr) + sizeof(uint32_t);
774 char buf[sizeof(struct pcap_hdr) + sizeof(uint32_t)];
775 while (bytes_left != 0) {
776 ssize_t bytes = ws_read(fd, buf, bytes_left);
777 if (bytes <= 0) {
778 cmdarg_err("Not enough bytes for pcap header.");
779 ret = FORMAT_ERROR;
780 goto clean_exit;
781 }
782 bytes_left -= (unsigned int)bytes;
783 }
784 }
785
786 /* Process the packets in the file */
787 if (!load_cap_file(&cfile)) {
788 ret = WS_EXIT_OPEN_ERROR;
789 goto clean_exit;
790 }
791 } else {
792 /* If you want to capture live packets, use TShark. */
793 cmdarg_err("Input file or pipe name not specified.");
794 ret = WS_EXIT_OPEN_ERROR;
795 goto clean_exit;
796 }
797
798 clean_exit:
799 g_free(pipe_name);
800 epan_free(cfile.epan);
801 epan_cleanup();
802 wtap_cleanup();
803 return ret;
804 }
805
806 /**
807 * Read data from a raw pipe. The "raw" data consists of a libpcap
808 * packet header followed by the payload.
809 * @param buf [IN] A POSIX file descriptor. Because that's _exactly_ the sort
810 * of thing you want to use in Windows.
811 * @param err [OUT] Error indicator. Uses wiretap values.
812 * @param err_info [OUT] Error message.
813 * @param data_offset [OUT] data offset in the pipe.
814 * @return true on success, false on failure.
815 */
816 static bool
817 raw_pipe_read(wtap_rec *rec, Buffer *buf, int *err, char **err_info, int64_t *data_offset) {
818 struct pcap_pkthdr mem_hdr;
819 struct pcaprec_hdr disk_hdr;
820 ssize_t bytes_read = 0;
821 unsigned int bytes_needed = (unsigned int) sizeof(disk_hdr);
822 unsigned char *ptr = (unsigned char*) &disk_hdr;
823
824 *err = 0;
825
826 if (want_pcap_pkthdr) {
827 bytes_needed = sizeof(mem_hdr);
828 ptr = (unsigned char*) &mem_hdr;
829 }
830
831 /*
832 * Newer versions of the VC runtime do parameter validation. If stdin
833 * has been closed, calls to _read, _get_osfhandle, et al will trigger
834 * the invalid parameter handler and crash.
835 * We could alternatively use ReadFile or set an invalid parameter
836 * handler.
837 * We could also tell callers not to close stdin prematurely.
838 */
839 #ifdef _WIN32
840 DWORD ghi_flags;
841 if (fd == 0 && GetHandleInformation(GetStdHandle(STD_INPUT_HANDLE), &ghi_flags) == 0) {
842 *err = 0;
843 *err_info = NULL;
844 return false;
845 }
846 #endif
847
848 /* Copied from capture_loop.c */
849 while (bytes_needed > 0) {
850 bytes_read = ws_read(fd, ptr, bytes_needed);
851 if (bytes_read == 0) {
852 *err = 0;
853 *err_info = NULL;
854 return false;
855 } else if (bytes_read < 0) {
856 *err = errno;
857 *err_info = NULL;
858 return false;
859 }
860 bytes_needed -= (unsigned int)bytes_read;
861 *data_offset += bytes_read;
862 ptr += bytes_read;
863 }
864
865 rec->rec_type = REC_TYPE_PACKET;
866 rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
867 if (want_pcap_pkthdr) {
868 rec->ts.secs = mem_hdr.ts.tv_sec;
869 rec->ts.nsecs = (int32_t)mem_hdr.ts.tv_usec * 1000;
870 rec->rec_header.packet_header.caplen = mem_hdr.caplen;
871 rec->rec_header.packet_header.len = mem_hdr.len;
872 } else {
873 rec->ts.secs = disk_hdr.ts_sec;
874 rec->ts.nsecs = disk_hdr.ts_usec * 1000;
875 rec->rec_header.packet_header.caplen = disk_hdr.incl_len;
876 rec->rec_header.packet_header.len = disk_hdr.orig_len;
877 }
878 bytes_needed = rec->rec_header.packet_header.caplen;
879
880 rec->rec_header.packet_header.pkt_encap = encap;
881
882 #if 0
883 printf("mem_hdr: %lu disk_hdr: %lu\n", sizeof(mem_hdr), sizeof(disk_hdr));
884 printf("tv_sec: %d (%04x)\n", (unsigned int) rec->ts.secs, (unsigned int) rec->ts.secs);
885 printf("tv_nsec: %d (%04x)\n", rec->ts.nsecs, rec->ts.nsecs);
886 printf("caplen: %d (%04x)\n", rec->rec_header.packet_header.caplen, rec->rec_header.packet_header.caplen);
887 printf("len: %d (%04x)\n", rec->rec_header.packet_header.len, rec->rec_header.packet_header.len);
888 #endif
889 if (bytes_needed > WTAP_MAX_PACKET_SIZE_STANDARD) {
890 *err = WTAP_ERR_BAD_FILE;
891 *err_info = ws_strdup_printf("Bad packet length: %lu",
892 (unsigned long) bytes_needed);
893 return false;
894 }
895
896 ws_buffer_assure_space(buf, bytes_needed);
897 ptr = ws_buffer_start_ptr(buf);
898 while (bytes_needed > 0) {
899 bytes_read = ws_read(fd, ptr, bytes_needed);
900 if (bytes_read == 0) {
901 *err = WTAP_ERR_SHORT_READ;
902 *err_info = NULL;
903 return false;
904 } else if (bytes_read < 0) {
905 *err = errno;
906 *err_info = NULL;
907 return false;
908 }
909 bytes_needed -= (unsigned int)bytes_read;
910 *data_offset += bytes_read;
911 ptr += bytes_read;
912 }
913 return true;
914 }
915
916 static bool
917 load_cap_file(capture_file *cf)
918 {
919 int err;
920 char *err_info = NULL;
921 int64_t data_offset = 0;
922
923 wtap_rec rec;
924 Buffer buf;
925 epan_dissect_t edt;
926
927 wtap_rec_init(&rec);
928 ws_buffer_init(&buf, 1514);
929
930 epan_dissect_init(&edt, cf->epan, true, false);
931
932 while (raw_pipe_read(&rec, &buf, &err, &err_info, &data_offset)) {
933 process_packet(cf, &edt, data_offset, &rec, &buf);
934 }
935
936 epan_dissect_cleanup(&edt);
937
938 wtap_rec_cleanup(&rec);
939 ws_buffer_free(&buf);
940 if (err != 0) {
941 /* Print a message noting that the read failed somewhere along the line. */
942 cfile_read_failure_message(cf->filename, err, err_info);
943 return false;
944 }
945
946 return true;
947 }
948
949 static bool
950 process_packet(capture_file *cf, epan_dissect_t *edt, int64_t offset,
951 wtap_rec *rec, Buffer *buf)
952 {
953 frame_data fdata;
954 bool passed;
955 int i;
956
957 if(rec->rec_header.packet_header.len == 0)
958 {
959 /* The user sends an empty packet when he wants to get output from us even if we don't currently have
960 packets to process. We spit out a line with the timestamp and the text "void"
961 */
962 printf("%lu %" PRIu64 " %d void -\n", (unsigned long int)cf->count,
963 (uint64_t)rec->ts.secs, rec->ts.nsecs);
964
965 fflush(stdout);
966
967 return false;
968 }
969
970 /* Count this packet. */
971 cf->count++;
972
973 /* If we're going to print packet information, or we're going to
974 run a read filter, or we're going to process taps, set up to
975 do a dissection and do so. */
976 frame_data_init(&fdata, cf->count, rec, offset, cum_bytes);
977
978 passed = true;
979
980 /* If we're running a read filter, prime the epan_dissect_t with that
981 filter. */
982 if (n_rfilters > 0) {
983 for(i = 0; i < n_rfcodes; i++) {
984 epan_dissect_prime_with_dfilter(edt, rfcodes[i]);
985 }
986 }
987
988 printf("%lu", (unsigned long int) cf->count);
989
990 frame_data_set_before_dissect(&fdata, &cf->elapsed_time,
991 &cf->provider.ref, cf->provider.prev_dis);
992
993 if (cf->provider.ref == &fdata) {
994 ref_frame = fdata;
995 cf->provider.ref = &ref_frame;
996 }
997
998 /* We only need the columns if we're printing packet info but we're
999 *not* verbose; in verbose mode, we print the protocol tree, not
1000 the protocol summary. */
1001 epan_dissect_run_with_taps(edt, cf->cd_t, rec,
1002 frame_tvbuff_new_buffer(&cf->provider, &fdata, buf),
1003 &fdata, &cf->cinfo);
1004
1005 frame_data_set_after_dissect(&fdata, &cum_bytes);
1006 prev_dis_frame = fdata;
1007 cf->provider.prev_dis = &prev_dis_frame;
1008
1009 prev_cap_frame = fdata;
1010 cf->provider.prev_cap = &prev_cap_frame;
1011
1012 for(i = 0; i < n_rfilters; i++) {
1013 /* Run the read filter if we have one. */
1014 if (rfcodes[i])
1015 passed = dfilter_apply_edt(rfcodes[i], edt);
1016 else
1017 passed = true;
1018
1019 /* Print a one-line summary */
1020 printf(" %d", passed ? 1 : 0);
1021 }
1022
1023 printf(" -\n");
1024
1025 /* The ANSI C standard does not appear to *require* that a line-buffered
1026 stream be flushed to the host environment whenever a newline is
1027 written, it just says that, on such a stream, characters "are
1028 intended to be transmitted to or from the host environment as a
1029 block when a new-line character is encountered".
1030
1031 The Visual C++ 6.0 C implementation doesn't do what is intended;
1032 even if you set a stream to be line-buffered, it still doesn't
1033 flush the buffer at the end of every line.
1034
1035 So, if the "-l" flag was specified, we flush the standard output
1036 at the end of a packet. This will do the right thing if we're
1037 printing packet summary lines, and, as we print the entire protocol
1038 tree for a single packet without waiting for anything to happen,
1039 it should be as good as line-buffered mode if we're printing
1040 protocol trees. (The whole reason for the "-l" flag in either
1041 tcpdump or Rawshark is to allow the output of a live capture to
1042 be piped to a program or script and to have that script see the
1043 information for the packet as soon as it's printed, rather than
1044 having to wait until a standard I/O buffer fills up. */
1045 if (line_buffered)
1046 fflush(stdout);
1047
1048 if (ferror(stdout)) {
1049 show_print_file_io_error(errno);
1050 exit(2);
1051 }
1052
1053 epan_dissect_reset(edt);
1054 frame_data_destroy(&fdata);
1055
1056 return passed;
1057 }
1058
1059 /****************************************************************************************
1060 * FIELD EXTRACTION ROUTINES
1061 ****************************************************************************************/
1062 typedef struct _pci_t {
1063 char *filter;
1064 int hf_index;
1065 int cmd_line_index;
1066 } pci_t;
1067
1068 static const char* ftenum_to_string(header_field_info *hfi)
1069 {
1070 const char* str;
1071 if (!hfi) {
1072 return "n.a.";
1073 }
1074
1075 if (string_fmts->len > 0 && hfi->strings) {
1076 return "FT_STRING";
1077 }
1078
1079 str = ftype_name(hfi->type);
1080 if (str == NULL) {
1081 str = "n.a.";
1082 }
1083
1084 return str;
1085 }
1086
1087 static void field_display_to_string(header_field_info *hfi, char* buf, int size)
1088 {
1089 if (hfi->type != FT_BOOLEAN)
1090 {
1091 (void) g_strlcpy(buf, proto_field_display_to_string(hfi->display), size);
1092 }
1093 else
1094 {
1095 snprintf(buf, size, "(Bit count: %d)", hfi->display);
1096 }
1097 }
1098
1099 /*
1100 * Copied from various parts of proto.c
1101 */
1102 #define FIELD_STR_INIT_LEN 256
1103 #define cVALS(x) (const value_string*)(x)
1104 static bool print_field_value(field_info *finfo, int cmd_line_index)
1105 {
1106 const header_field_info *hfinfo;
1107 char *fs_buf;
1108 char *fs_ptr = NULL;
1109 static GString *label_s = NULL;
1110 size_t fs_len;
1111 unsigned i;
1112 string_fmt_t *sf;
1113 uint32_t uvalue;
1114 int32_t svalue;
1115 uint64_t uvalue64;
1116 int64_t svalue64;
1117
1118 hfinfo = finfo->hfinfo;
1119
1120 if (!label_s) {
1121 label_s = g_string_new("");
1122 }
1123
1124 fs_buf = fvalue_to_string_repr(NULL, finfo->value,
1125 FTREPR_DFILTER, finfo->hfinfo->display);
1126 if (fs_buf != NULL) {
1127 /*
1128 * this field has an associated value,
1129 * e.g: ip.hdr_len
1130 */
1131 fs_len = strlen(fs_buf);
1132 fs_ptr = fs_buf;
1133
1134 /* String types are quoted. Remove them. */
1135 if (FT_IS_STRING(fvalue_type_ftenum(finfo->value)) && fs_len > 2) {
1136 fs_buf[fs_len - 1] = '\0';
1137 fs_ptr++;
1138 }
1139 }
1140
1141 if (string_fmts->len > 0 && finfo->hfinfo->strings) {
1142 g_string_truncate(label_s, 0);
1143 for (i = 0; i < string_fmts->len; i++) {
1144 sf = (string_fmt_t *)g_ptr_array_index(string_fmts, i);
1145 if (sf->plain) {
1146 g_string_append(label_s, sf->plain);
1147 } else {
1148 switch (sf->format) {
1149 case SF_NAME:
1150 g_string_append(label_s, hfinfo->name);
1151 break;
1152 case SF_NUMVAL:
1153 g_string_append(label_s, fs_ptr);
1154 break;
1155 case SF_STRVAL:
1156 switch(hfinfo->type) {
1157 case FT_BOOLEAN:
1158 uvalue64 = fvalue_get_uinteger64(finfo->value);
1159 g_string_append(label_s, tfs_get_string(!!uvalue64, hfinfo->strings));
1160 break;
1161 case FT_INT8:
1162 case FT_INT16:
1163 case FT_INT24:
1164 case FT_INT32:
1165 DISSECTOR_ASSERT(!hfinfo->bitmask);
1166 svalue = fvalue_get_sinteger(finfo->value);
1167 if (hfinfo->display & BASE_RANGE_STRING) {
1168 g_string_append(label_s, rval_to_str_const(svalue, (const range_string *) hfinfo->strings, "Unknown"));
1169 } else if (hfinfo->display & BASE_EXT_STRING) {
1170 g_string_append(label_s, val_to_str_ext_const(svalue, (value_string_ext *) hfinfo->strings, "Unknown"));
1171 } else {
1172 g_string_append(label_s, val_to_str_const(svalue, cVALS(hfinfo->strings), "Unknown"));
1173 }
1174 break;
1175 case FT_INT40: /* XXX: Shouldn't these be as smart as FT_INT{8,16,24,32}? */
1176 case FT_INT48:
1177 case FT_INT56:
1178 case FT_INT64:
1179 DISSECTOR_ASSERT(!hfinfo->bitmask);
1180 svalue64 = fvalue_get_sinteger64(finfo->value);
1181 if (hfinfo->display & BASE_VAL64_STRING) {
1182 g_string_append(label_s, val64_to_str_const(svalue64, (const val64_string *)(hfinfo->strings), "Unknown"));
1183 }
1184 break;
1185 case FT_UINT8:
1186 case FT_UINT16:
1187 case FT_UINT24:
1188 case FT_UINT32:
1189 DISSECTOR_ASSERT(!hfinfo->bitmask);
1190 uvalue = fvalue_get_uinteger(finfo->value);
1191 if (!hfinfo->bitmask && hfinfo->display & BASE_RANGE_STRING) {
1192 g_string_append(label_s, rval_to_str_const(uvalue, (const range_string *) hfinfo->strings, "Unknown"));
1193 } else if (hfinfo->display & BASE_EXT_STRING) {
1194 g_string_append(label_s, val_to_str_ext_const(uvalue, (value_string_ext *) hfinfo->strings, "Unknown"));
1195 } else {
1196 g_string_append(label_s, val_to_str_const(uvalue, cVALS(hfinfo->strings), "Unknown"));
1197 }
1198 break;
1199 case FT_UINT40: /* XXX: Shouldn't these be as smart as FT_INT{8,16,24,32}? */
1200 case FT_UINT48:
1201 case FT_UINT56:
1202 case FT_UINT64:
1203 DISSECTOR_ASSERT(!hfinfo->bitmask);
1204 uvalue64 = fvalue_get_uinteger64(finfo->value);
1205 if (hfinfo->display & BASE_VAL64_STRING) {
1206 g_string_append(label_s, val64_to_str_const(uvalue64, (const val64_string *)(hfinfo->strings), "Unknown"));
1207 }
1208 break;
1209 default:
1210 break;
1211 }
1212 break;
1213 default:
1214 break;
1215 }
1216 }
1217 }
1218 printf(" %d=\"%s\"", cmd_line_index, label_s->str);
1219 wmem_free(NULL, fs_buf);
1220 return true;
1221 }
1222
1223 if(fs_buf)
1224 {
1225 printf(" %d=\"%s\"", cmd_line_index, fs_ptr);
1226 wmem_free(NULL, fs_buf);
1227 return true;
1228 }
1229
1230 /*
1231 * This field doesn't have an associated value,
1232 * e.g. http
1233 * We return n.a.
1234 */
1235 printf(" %d=\"n.a.\"", cmd_line_index);
1236 return true;
1237 }
1238
1239 static tap_packet_status
1240 protocolinfo_packet(void *prs, packet_info *pinfo _U_, epan_dissect_t *edt, const void *dummy _U_, tap_flags_t flags _U_)
1241 {
1242 pci_t *rs=(pci_t *)prs;
1243 GPtrArray *gp;
1244 unsigned i;
1245
1246 gp=proto_get_finfo_ptr_array(edt->tree, rs->hf_index);
1247 if(!gp){
1248 printf(" n.a.");
1249 return TAP_PACKET_DONT_REDRAW;
1250 }
1251
1252 /*
1253 * Print each occurrence of the field
1254 */
1255 for (i = 0; i < gp->len; i++) {
1256 print_field_value((field_info *)gp->pdata[i], rs->cmd_line_index);
1257 }
1258
1259 return TAP_PACKET_DONT_REDRAW;
1260 }
1261
1262 int g_cmd_line_index;
1263
1264 /*
1265 * field must be persistent - we don't g_strdup() it below
1266 */
1267 static void
1268 protocolinfo_init(char *field)
1269 {
1270 pci_t *rs;
1271 header_field_info *hfi;
1272 GString *error_string;
1273 char hfibuf[100];
1274
1275 hfi=proto_registrar_get_byname(field);
1276 if(!hfi){
1277 fprintf(stderr, "rawshark: Field \"%s\" doesn't exist.\n", field);
1278 exit(1);
1279 }
1280
1281 field_display_to_string(hfi, hfibuf, sizeof(hfibuf));
1282 printf("%d %s %s - ",
1283 g_cmd_line_index,
1284 ftenum_to_string(hfi),
1285 hfibuf);
1286
1287 rs=g_new(pci_t, 1);
1288 rs->hf_index=hfi->id;
1289 rs->filter=field;
1290 rs->cmd_line_index = g_cmd_line_index++;
1291
1292 error_string=register_tap_listener("frame", rs, rs->filter, TL_REQUIRES_PROTO_TREE, NULL, protocolinfo_packet, NULL, NULL);
1293 if(error_string){
1294 /* error, we failed to attach to the tap. complain and clean up */
1295 fprintf(stderr, "rawshark: Couldn't register field extraction tap: %s\n",
1296 error_string->str);
1297 g_string_free(error_string, TRUE);
1298 if(rs->filter){
1299 g_free(rs->filter);
1300 }
1301 g_free(rs);
1302
1303 exit(1);
1304 }
1305 }
1306
1307 /*
1308 * Given a format string, split it into a GPtrArray of string_fmt_t structs
1309 * and fill in string_fmt_parts.
1310 */
1311
1312 static void
1313 add_string_fmt(string_fmt_e format, char *plain) {
1314 string_fmt_t *sf = g_new(string_fmt_t, 1);
1315
1316 sf->format = format;
1317 sf->plain = g_strdup(plain);
1318
1319 g_ptr_array_add(string_fmts, sf);
1320 }
1321
1322 static bool
1323 parse_field_string_format(char *format) {
1324 size_t len;
1325 size_t pos = 0;
1326
1327 if (!format) {
1328 return false;
1329 }
1330
1331 GString *plain_s = g_string_new("");
1332
1333 len = strlen(format);
1334 g_ptr_array_set_size(string_fmts, 0);
1335
1336 while (pos < len) {
1337 if (format[pos] == '%') {
1338 if (pos >= (len-1)) { /* There should always be a following specifier character */
1339 return false;
1340 }
1341 pos++;
1342 if (plain_s->len > 0) {
1343 add_string_fmt(SF_NONE, plain_s->str);
1344 g_string_truncate(plain_s, 0);
1345 }
1346 switch (format[pos]) {
1347 case 'D':
1348 add_string_fmt(SF_NAME, NULL);
1349 break;
1350 case 'N':
1351 add_string_fmt(SF_NUMVAL, NULL);
1352 break;
1353 case 'S':
1354 add_string_fmt(SF_STRVAL, NULL);
1355 break;
1356 case '%':
1357 g_string_append_c(plain_s, '%');
1358 break;
1359 default: /* Invalid format */
1360 return false;
1361 }
1362 } else {
1363 g_string_append_c(plain_s, format[pos]);
1364 }
1365 pos++;
1366 }
1367
1368 if (plain_s->len > 0) {
1369 add_string_fmt(SF_NONE, plain_s->str);
1370 }
1371 g_string_free(plain_s, TRUE);
1372
1373 return true;
1374 }
1375 /****************************************************************************************
1376 * END OF FIELD EXTRACTION ROUTINES
1377 ****************************************************************************************/
1378
1379 static void
1380 show_print_file_io_error(int err)
1381 {
1382 switch (err) {
1383
1384 case ENOSPC:
1385 cmdarg_err("Not all the packets could be printed because there is "
1386 "no space left on the file system.");
1387 break;
1388
1389 #ifdef EDQUOT
1390 case EDQUOT:
1391 cmdarg_err("Not all the packets could be printed because you are "
1392 "too close to, or over your disk quota.");
1393 break;
1394 #endif
1395
1396 default:
1397 cmdarg_err("An error occurred while printing packets: %s.",
1398 g_strerror(err));
1399 break;
1400 }
1401 }
1402
1403 static epan_t *
1404 raw_epan_new(capture_file *cf)
1405 {
1406 static const struct packet_provider_funcs funcs = {
1407 cap_file_provider_get_frame_ts,
1408 cap_file_provider_get_interface_name,
1409 cap_file_provider_get_interface_description,
1410 NULL,
1411 };
1412
1413 return epan_new(&cf->provider, &funcs);
1414 }
1415
1416 cf_status_t
1417 raw_cf_open(capture_file *cf, const char *fname)
1418 {
1419 if ((fd = raw_pipe_open(fname)) < 0)
1420 return CF_ERROR;
1421
1422 /* The open succeeded. Fill in the information for this file. */
1423
1424 /* Create new epan session for dissection. */
1425 epan_free(cf->epan);
1426 cf->epan = raw_epan_new(cf);
1427
1428 cf->provider.wth = NULL;
1429 cf->f_datalen = 0; /* not used, but set it anyway */
1430
1431 /* Set the file name because we need it to set the follow stream filter.
1432 XXX - is that still true? We need it for other reasons, though,
1433 in any case. */
1434 cf->filename = g_strdup(fname);
1435
1436 /* Indicate whether it's a permanent or temporary file. */
1437 cf->is_tempfile = false;
1438
1439 /* No user changes yet. */
1440 cf->unsaved_changes = false;
1441
1442 cf->cd_t = WTAP_FILE_TYPE_SUBTYPE_UNKNOWN;
1443 cf->open_type = WTAP_TYPE_AUTO;
1444 cf->count = 0;
1445 cf->drops_known = false;
1446 cf->drops = 0;
1447 cf->snap = 0;
1448 nstime_set_zero(&cf->elapsed_time);
1449 cf->provider.ref = NULL;
1450 cf->provider.prev_dis = NULL;
1451 cf->provider.prev_cap = NULL;
1452
1453 return CF_OK;
1454 }
1455
1456 /*
1457 * Report an error in command-line arguments.
1458 */
1459 static void
1460 rawshark_cmdarg_err(const char *fmt, va_list ap)
1461 {
1462 fprintf(stderr, "rawshark: ");
1463 vfprintf(stderr, fmt, ap);
1464 fprintf(stderr, "\n");
1465 }
1466
1467 /*
1468 * Report additional information for an error in command-line arguments.
1469 */
1470 static void
1471 rawshark_cmdarg_err_cont(const char *fmt, va_list ap)
1472 {
1473 vfprintf(stderr, fmt, ap);
1474 fprintf(stderr, "\n");
1475 }
1476
1477 /*
1478 * Editor modelines
1479 *
1480 * Local Variables:
1481 * c-basic-offset: 4
1482 * tab-width: 8
1483 * indent-tabs-mode: nil
1484 * End:
1485 *
1486 * ex: set shiftwidth=4 tabstop=8 expandtab:
1487 * :indentSize=4:tabSize=8:noTabs=true:
1488 */
Metzes wireshark repo