3 * capture_file definition & GUI-independent manipulation
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * SPDX-License-Identifier: GPL-2.0-or-later
15 #include <epan/epan.h>
16 #include <epan/column-info.h>
17 #include <epan/dfilter/dfilter.h>
18 #include <epan/frame_data.h>
19 #include <epan/frame_data_sequence.h>
20 #include <wiretap/wtap.h>
24 #endif /* __cplusplus */
26 /* Current state of file. */
28 FILE_CLOSED
, /* No file open */
29 FILE_READ_PENDING
, /* A file to read, but haven't opened it yet */
30 FILE_READ_IN_PROGRESS
, /* Reading a file we've opened */
31 FILE_READ_ABORTED
, /* Read aborted by user */
32 FILE_READ_DONE
/* Read completed */
35 /* Requested packets rescan action. */
37 RESCAN_NONE
= 0, /* No rescan requested */
38 RESCAN_SCAN
, /* Request rescan without full redissection. */
39 RESCAN_REDISSECT
/* Request full redissection. */
42 /* Character set for text search. */
47 /* add EBCDIC when it's implemented */
56 * Packet provider for programs using a capture file.
58 struct packet_provider_data
{
59 wtap
*wth
; /* Wiretap session */
60 const frame_data
*ref
;
63 frame_data_sequence
*frames
; /* Sequence of frames, if we're keeping that information */
64 GTree
*frames_modified_blocks
; /* BST with modified blocks for frames (key = frame_data) */
67 typedef struct _capture_file
{
69 file_state state
; /* Current state of capture file */
70 gchar
*filename
; /* Name of capture file */
71 gchar
*source
; /* Temp file source, e.g. "Pipe from elsewhere" */
72 gboolean is_tempfile
; /* Is capture file a temporary file? */
73 gboolean unsaved_changes
; /* Does the capture file have changes that have not been saved? */
74 bool stop_flag
; /* Stop current processing (loading, searching, etc.) */
76 gint64 f_datalen
; /* Size of capture file data (uncompressed) */
77 guint16 cd_t
; /* File type of capture file */
78 unsigned int open_type
; /* open_routine index+1 used, if selected, or WTAP_TYPE_AUTO */
79 wtap_compression_type compression_type
; /* Compression type of the file, or uncompressed */
80 int lnk_t
; /* File link-layer type; could be WTAP_ENCAP_PER_PACKET */
81 GArray
*linktypes
; /* Array of packet link-layer types */
82 guint32 count
; /* Total number of frames */
83 guint64 packet_comment_count
; /* Number of comments in frames (could be >1 per frame... */
84 guint32 displayed_count
; /* Number of displayed frames */
85 guint32 marked_count
; /* Number of marked frames */
86 guint32 ignored_count
; /* Number of ignored frames */
87 guint32 ref_time_count
; /* Number of time referenced frames */
88 gboolean drops_known
; /* TRUE if we know how many packets were dropped */
89 guint32 drops
; /* Dropped packets */
90 nstime_t elapsed_time
; /* Elapsed time */
91 int snap
; /* Maximum captured packet length; 0 if unknown */
92 dfilter_t
*rfcode
; /* Compiled read filter program */
93 dfilter_t
*dfcode
; /* Compiled display filter program */
94 gchar
*dfilter
; /* Display filter string */
95 gboolean redissecting
; /* TRUE if currently redissecting (cf_redissect_packets) */
96 gboolean read_lock
; /* TRUE if currently processing a file (cf_read) */
97 rescan_type redissection_queued
; /* Queued redissection type. */
99 gchar
*sfilter
; /* Filter, hex value, or string being searched */
100 /* XXX: Some of these booleans should be enums; they're exclusive cases */
101 gboolean hex
; /* TRUE if "Hex value" search was last selected */
102 gboolean string
; /* TRUE if "String" (or "Regex"?) search was last selected */
103 gboolean summary_data
; /* TRUE if "String" search in "Packet list" (Info column) was last selected */
104 gboolean decode_data
; /* TRUE if "String" search in "Packet details" was last selected */
105 gboolean packet_data
; /* TRUE if "String" search in "Packet data" was last selected */
106 guint32 search_pos
; /* Byte position of first byte found in a hex search */
107 guint32 search_len
; /* Length of bytes matching the search */
108 gboolean case_type
; /* TRUE if case-insensitive text search */
109 ws_regex_t
*regex
; /* Set if regular expression search */
110 search_charset_t scs_type
; /* Character set for text search */
111 search_direction dir
; /* Direction in which to do searches */
112 gboolean search_in_progress
; /* TRUE if user just clicked OK in the Find dialog or hit <control>N/B */
113 /* packet provider */
114 struct packet_provider_data provider
;
116 guint32 first_displayed
; /* Frame number of first frame displayed */
117 guint32 last_displayed
; /* Frame number of last frame displayed */
118 /* Data for currently selected frame */
119 column_info cinfo
; /* Column formatting information */
120 frame_data
*current_frame
; /* Frame data */
121 epan_dissect_t
*edt
; /* Protocol dissection */
122 field_info
*finfo_selected
; /* Field info */
123 wtap_rec rec
; /* Record header */
124 Buffer buf
; /* Record data */
126 gpointer window
; /* Top-level window associated with file */
127 gulong computed_elapsed
; /* Elapsed time to load the file (in msec). */
132 extern void cap_file_init(capture_file
*cf
);
134 const nstime_t
*cap_file_provider_get_frame_ts(struct packet_provider_data
*prov
, guint32 frame_num
);
135 const char *cap_file_provider_get_interface_name(struct packet_provider_data
*prov
, guint32 interface_id
, unsigned section_number
);
136 const char *cap_file_provider_get_interface_description(struct packet_provider_data
*prov
, guint32 interface_id
, unsigned section_number
);
137 wtap_block_t
cap_file_provider_get_modified_block(struct packet_provider_data
*prov
, const frame_data
*fd
);
138 void cap_file_provider_set_modified_block(struct packet_provider_data
*prov
, frame_data
*fd
, const wtap_block_t new_block
);
142 #endif /* __cplusplus */