dcerpc-netlogon: improve NetrLogonGetCapabilities dissection
[wireshark-sm.git] / file.h
blob376c7147d6bf10dd3dba8979e45295fe612d24b2
1 /** @file
3 * Definitions for file structures and routines
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * SPDX-License-Identifier: GPL-2.0-or-later
12 #ifndef __FILE_H__
13 #define __FILE_H__
15 #include <wiretap/wtap.h>
16 #include <epan/epan.h>
17 #include <epan/print.h>
18 #include <epan/fifo_string_cache.h>
19 #include <ui/packet_range.h>
21 #ifdef __cplusplus
22 extern "C" {
23 #endif /* __cplusplus */
25 /** Return values from functions that only can succeed or fail. */
26 typedef enum {
27 CF_OK, /**< operation succeeded */
28 CF_ERROR /**< operation got an error (function may provide err with details) */
29 } cf_status_t;
31 /** Return values from functions that read capture files. */
32 typedef enum {
33 CF_READ_OK, /**< operation succeeded */
34 CF_READ_ERROR, /**< operation got an error (function may provide err with details) */
35 CF_READ_ABORTED /**< operation aborted by user */
36 } cf_read_status_t;
38 /** Return values from functions that write out packets. */
39 typedef enum {
40 CF_WRITE_OK, /**< operation succeeded */
41 CF_WRITE_ERROR, /**< operation got an error (function may provide err with details) */
42 CF_WRITE_ABORTED /**< operation aborted by user */
43 } cf_write_status_t;
45 /** Return values from functions that print sets of packets. */
46 typedef enum {
47 CF_PRINT_OK, /**< print operation succeeded */
48 CF_PRINT_OPEN_ERROR, /**< print operation failed while opening printer */
49 CF_PRINT_WRITE_ERROR /**< print operation failed while writing to the printer */
50 } cf_print_status_t;
52 typedef enum {
53 cf_cb_file_opened,
54 cf_cb_file_closing,
55 cf_cb_file_closed,
56 cf_cb_file_read_started,
57 cf_cb_file_read_finished,
58 cf_cb_file_reload_started,
59 cf_cb_file_reload_finished,
60 cf_cb_file_rescan_started,
61 cf_cb_file_rescan_finished,
62 cf_cb_file_retap_started,
63 cf_cb_file_retap_finished,
64 cf_cb_file_merge_started, /* Qt only */
65 cf_cb_file_merge_finished, /* Qt only */
66 cf_cb_file_fast_save_finished,
67 cf_cb_file_save_started,
68 cf_cb_file_save_finished,
69 cf_cb_file_save_failed,
70 cf_cb_file_save_stopped
71 } cf_cbs;
73 typedef void (*cf_callback_t) (int event, void *data, void *user_data);
75 typedef struct {
76 const char *string;
77 size_t string_len;
78 capture_file *cf;
79 field_info *finfo;
80 field_info *prev_finfo;
81 bool frame_matched;
82 bool halt;
83 } match_data;
85 /**
86 * Set maximum number of records per capture file.
88 * @param max_records maximum number of records to support.
90 extern void
91 cf_set_max_records(unsigned max_records);
93 /**
94 * Add a capture file event callback.
96 * @param func The function to be called for each event.
97 * The function will be passed three parameters: The event type (event),
98 * event-dependent data (data), and user-supplied data (user_data).
99 * Event-dependent data may be a capture_file pointer, character pointer,
100 * or NULL.
101 * @param user_data User-supplied data to pass to the callback. May be NULL.
104 extern void
105 cf_callback_add(cf_callback_t func, void *user_data);
108 * Remove a capture file event callback.
110 * @param func The function to be removed.
111 * @param user_data User-supplied data. Must be the same value supplied to cf_callback_add.
114 extern void
115 cf_callback_remove(cf_callback_t func, void *user_data);
118 * Open a capture file.
120 * @param cf the capture file to be opened
121 * @param fname the filename to be opened
122 * @param type WTAP_TYPE_AUTO for automatic or index to direct open routine
123 * @param is_tempfile is this a temporary file?
124 * @param err error code
125 * @return one of cf_status_t
127 cf_status_t cf_open(capture_file *cf, const char *fname, unsigned int type, bool is_tempfile, int *err);
130 * Close a capture file.
132 * @param cf the capture file to be closed
134 void cf_close(capture_file *cf);
137 * Reload a capture file.
139 * @param cf the capture file to be reloaded
140 * @return one of cf_status_t
142 cf_status_t cf_reload(capture_file *cf);
145 * Read all packets of a capture file into the internal structures.
147 * @param cf the capture file to be read
148 * @param reloading reread asked for from cf_save_records()
149 * @return one of cf_read_status_t
151 cf_read_status_t cf_read(capture_file *cf, bool reloading);
154 * Read the metadata and raw data for a record. It will pop
155 * up an alert box if there's an error.
157 * @param cf the capture file from which to read the record
158 * @param fdata the frame_data structure for the record in question
159 * @param rec pointer to a wtap_rec structure to contain the
160 * record's metadata
161 * @param buf a Buffer into which to read the record's raw data
162 * @return true if the read succeeded, false if there was an error
164 bool cf_read_record(capture_file *cf, const frame_data *fdata,
165 wtap_rec *rec, Buffer *buf);
167 /** Same as cf_read_record() but does not pop alert box on error */
168 bool cf_read_record_no_alert(capture_file *cf, const frame_data *fdata,
169 wtap_rec *rec, Buffer *buf);
173 * Read the metadata and raw data for the current record into a
174 * capture_file structure's rec and buf for the current record.
175 * It will pop up an alert box if there's an error.
177 * @param cf the capture file from which to read the record
178 * @return true if the read succeeded, false if there was an error
180 bool cf_read_current_record(capture_file *cf);
183 * Read packets from the "end" of a capture file.
185 * @param cf the capture file to be read from
186 * @param to_read the number of packets to read
187 * @param rec pointer to wtap_rec to use when reading
188 * @param buf pointer to Buffer to use when reading
189 * @param err the error code, if an error had occurred
190 * @return one of cf_read_status_t
192 cf_read_status_t cf_continue_tail(capture_file *cf, volatile int to_read,
193 wtap_rec *rec, Buffer *buf, int *err,
194 fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum);
197 * Fake reading packets from the "end" of a capture file.
199 * @param cf the capture file to be read from
201 void cf_fake_continue_tail(capture_file *cf);
204 * Finish reading from "end" of a capture file.
206 * @param cf the capture file to be read from
207 * @param rec pointer to wtap_rec to use when reading
208 * @param buf pointer to Buffer to use when reading
209 * @param err the error code, if an error had occurred
210 * @return one of cf_read_status_t
212 cf_read_status_t cf_finish_tail(capture_file *cf, wtap_rec *rec,
213 Buffer *buf, int *err,
214 fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum);
217 * Determine whether this capture file (or a range of it) can be written
218 * in any format using Wiretap rather than by copying the raw data.
220 * @param cf the capture file to check
221 * @return true if it can be written, false if it can't
223 bool cf_can_write_with_wiretap(capture_file *cf);
226 * Determine whether this capture file can be saved with a "save" operation;
227 * if there's nothing unsaved, it can't.
229 * @param cf the capture file to check
230 * @return true if it can be saved, false if it can't
232 bool cf_can_save(capture_file *cf);
235 * Determine whether this capture file can be saved with a "save as" operation.
237 * @param cf the capture file to check
238 * @return true if it can be saved, false if it can't
240 bool cf_can_save_as(capture_file *cf);
243 * Determine whether this capture file has unsaved data.
245 * @param cf the capture file to check
246 * @return true if it has unsaved data, false if it doesn't
248 bool cf_has_unsaved_data(capture_file *cf);
251 * Save all packets in a capture file to a new file, and, if that succeeds,
252 * make that file the current capture file. If there's already a file with
253 * that name, do a "safe save", writing to a temporary file in the same
254 * directory and, if the write succeeds, renaming the new file on top of the
255 * old file, so that if the write fails, the old file is still intact.
257 * @param cf the capture file to save to
258 * @param fname the filename to save to
259 * @param save_format the format of the file to save (libpcap, ...)
260 * @param compression_type type of compression to use when writing, if any
261 * @param discard_comments true if we should discard comments if the save
262 * succeeds (because we saved in a format that doesn't support
263 * comments)
264 * @param dont_reopen true if it shouldn't reopen and make that file the
265 * current capture file
266 * @return one of cf_write_status_t
268 cf_write_status_t cf_save_records(capture_file * cf, const char *fname,
269 unsigned save_format,
270 wtap_compression_type compression_type,
271 bool discard_comments,
272 bool dont_reopen);
275 * Export some or all packets from a capture file to a new file. If there's
276 * already a file with that name, do a "safe save", writing to a temporary
277 * file in the same directory and, if the write succeeds, renaming the new
278 * file on top of the old file, so that if the write fails, the old file is
279 * still intact.
281 * @param cf the capture file to write to
282 * @param fname the filename to write to
283 * @param range the range of packets to write
284 * @param save_format the format of the file to write (libpcap, ...)
285 * @param compression_type type of compression to use when writing, if any
286 * @return one of cf_write_status_t
288 cf_write_status_t cf_export_specified_packets(capture_file *cf,
289 const char *fname,
290 packet_range_t *range,
291 unsigned save_format,
292 wtap_compression_type compression_type);
295 * Get a displayable name of the capture file.
297 * @param cf the capture file
298 * @return the displayable name (must be g_free'd)
300 char *cf_get_display_name(capture_file *cf);
303 * Get a name that can be used to generate a file name from the
304 * capture file name. It's based on the displayable name, so it's
305 * UTF-8; if it ends with a suffix that's used by a file type libwiretap
306 * can read, we strip that suffix off.
308 * @param cf the capture file
309 * @return the base name (must be g_free'd)
311 char *cf_get_basename(capture_file *cf);
314 * Set the source of the capture data for temporary files, e.g.
315 * "Interface eth0" or "Pipe from Pong"
317 * @param cf the capture file
318 * @param source the source description. this will be copied internally.
320 void cf_set_tempfile_source(capture_file *cf, char *source);
323 * Get the source of the capture data for temporary files. Guaranteed to
324 * return a non-null value. The returned value should not be freed.
326 * @param cf the capture file
328 const char *cf_get_tempfile_source(capture_file *cf);
331 * Get the number of packets in the capture file.
333 * @param cf the capture file
334 * @return the number of packets in the capture file
336 int cf_get_packet_count(capture_file *cf);
339 * Is this capture file a temporary file?
341 * @param cf the capture file
342 * @return true if it's a temporary file, false otherwise
344 bool cf_is_tempfile(capture_file *cf);
347 * Set flag, that this file is a tempfile.
349 void cf_set_tempfile(capture_file *cf, bool is_tempfile);
352 * Set flag, if the number of packet drops while capturing are known or not.
354 * @param cf the capture file
355 * @param drops_known true if the number of packet drops are known, false otherwise
357 void cf_set_drops_known(capture_file *cf, bool drops_known);
360 * Set the number of packet drops while capturing.
362 * @param cf the capture file
363 * @param drops the number of packet drops occurred while capturing
365 void cf_set_drops(capture_file *cf, uint32_t drops);
368 * Get flag state, if the number of packet drops while capturing are known or not.
370 * @param cf the capture file
371 * @return true if the number of packet drops are known, false otherwise
373 bool cf_get_drops_known(capture_file *cf);
376 * Get the number of packet drops while capturing.
378 * @param cf the capture file
379 * @return the number of packet drops occurred while capturing
381 uint32_t cf_get_drops(capture_file *cf);
384 * Set the read filter.
385 * @todo this shouldn't be required, remove it somehow
387 * @param cf the capture file
388 * @param rfcode the readfilter
390 void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode);
393 * "Display Filter" packets in the capture file.
395 * @param cf the capture file
396 * @param dfilter the display filter
397 * @param force true if do in any case, false only if dfilter changed
398 * @return one of cf_status_t
400 cf_status_t cf_filter_packets(capture_file *cf, char *dfilter, bool force);
403 * Scan through all frame data and recalculate the ref time
404 * without rereading the file.
406 * @param cf the capture file
408 void cf_reftime_packets(capture_file *cf);
411 * Return the time it took to load the file (in msec).
413 unsigned long cf_get_computed_elapsed(capture_file *cf);
416 * "Something" has changed, rescan all packets.
418 * @param cf the capture file
420 void cf_redissect_packets(capture_file *cf);
423 * Rescan all packets and just run taps - don't reconstruct the display.
425 * @param cf the capture file
426 * @return one of cf_read_status_t
428 cf_read_status_t cf_retap_packets(capture_file *cf);
430 /* print_range, enum which frames should be printed */
431 typedef enum {
432 print_range_selected_only, /* selected frame(s) only (currently only one) */
433 print_range_marked_only, /* marked frames only */
434 print_range_all_displayed, /* all frames currently displayed */
435 print_range_all_captured /* all frames in capture */
436 } print_range_e;
438 typedef struct {
439 print_stream_t *stream; /* the stream to which we're printing */
440 print_format_e format; /* plain text or PostScript */
441 bool to_file; /* true if we're printing to a file */
442 char *file; /* file output pathname */
443 char *cmd; /* print command string (not win32) */
444 packet_range_t range;
446 bool print_summary; /* true if we should print summary line. */
447 bool print_col_headings; /* true if we should print column headings */
448 print_dissections_e print_dissections;
449 bool print_hex; /* true if we should print hex data;
450 * false if we should print only if not dissected. */
451 unsigned hexdump_options; /* Hexdump options if print_hex is true. */
452 bool print_formfeed; /* true if a formfeed should be printed before
453 * each new packet */
454 } print_args_t;
457 * Print the capture file.
459 * @param cf the capture file
460 * @param print_args the arguments what and how to print
461 * @param show_progress_bar true if a progress bar is to be shown
462 * @return one of cf_print_status_t
464 cf_print_status_t cf_print_packets(capture_file *cf, print_args_t *print_args,
465 bool show_progress_bar);
468 * Print (export) the capture file into PDML format.
470 * @param cf the capture file
471 * @param print_args the arguments what and how to export
472 * @return one of cf_print_status_t
474 cf_print_status_t cf_write_pdml_packets(capture_file *cf, print_args_t *print_args);
477 * Print (export) the capture file into PSML format.
479 * @param cf the capture file
480 * @param print_args the arguments what and how to export
481 * @return one of cf_print_status_t
483 cf_print_status_t cf_write_psml_packets(capture_file *cf, print_args_t *print_args);
486 * Print (export) the capture file into CSV format.
488 * @param cf the capture file
489 * @param print_args the arguments what and how to export
490 * @return one of cf_print_status_t
492 cf_print_status_t cf_write_csv_packets(capture_file *cf, print_args_t *print_args);
495 * Print (export) the capture file into C Arrays format.
497 * @param cf the capture file
498 * @param print_args the arguments what and how to export
499 * @return one of cf_print_status_t
501 cf_print_status_t cf_write_carrays_packets(capture_file *cf, print_args_t *print_args);
504 * Print (export) the capture file into JSON format.
506 * @param cf the capture file
507 * @param print_args the arguments what and how to export
508 * @return one of cf_print_status_t
510 cf_print_status_t cf_write_json_packets(capture_file *cf, print_args_t *print_args);
513 * Find packet with a protocol tree item that contains a specified text string.
515 * @param cf the capture file
516 * @param string the string to find
517 * @param dir direction in which to search
518 * @param multiple whether to look for the next occurrence of the same string
519 * in the current packet, or to only match once per frame
520 * @return true if a packet was found, false otherwise
522 bool cf_find_packet_protocol_tree(capture_file *cf, const char *string,
523 search_direction dir, bool multiple);
526 * Find field with a label that contains the text string cfile->sfilter in
527 * a protocol tree.
529 * @param cf the capture file
530 * @param tree the protocol tree
531 * @return The first field in the tree that matched the string if found, NULL otherwise
533 extern field_info* cf_find_string_protocol_tree(capture_file *cf, proto_tree *tree);
536 * Find packet whose summary line contains a specified text string.
538 * @param cf the capture file
539 * @param string the string to find
540 * @param dir direction in which to search
541 * @return true if a packet was found, false otherwise
543 bool cf_find_packet_summary_line(capture_file *cf, const char *string,
544 search_direction dir);
547 * Find packet whose data contains a specified byte string.
549 * @param cf the capture file
550 * @param string the string to find
551 * @param string_size the size of the string to find
552 * @param dir direction in which to search
553 * @param multiple whether to look for the next occurrence of the same string
554 * in the current packet, or to only match once per frame
555 * @return true if a packet was found, false otherwise
557 bool cf_find_packet_data(capture_file *cf, const uint8_t *string,
558 size_t string_size, search_direction dir,
559 bool multiple);
562 * Find packet that matches a compiled display filter.
564 * @param cf the capture file
565 * @param sfcode the display filter to match
566 * @param dir direction in which to search
567 * @return true if a packet was found, false otherwise
569 bool cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode,
570 search_direction dir);
573 * Find packet that matches a display filter given as a text string.
575 * @param cf the capture file
576 * @param filter the display filter to match
577 * @param dir direction in which to search
578 * @return true if a packet was found, false otherwise
580 bool
581 cf_find_packet_dfilter_string(capture_file *cf, const char *filter,
582 search_direction dir);
585 * Find marked packet.
587 * @param cf the capture file
588 * @param dir direction in which to search
589 * @return true if a packet was found, false otherwise
591 bool cf_find_packet_marked(capture_file *cf, search_direction dir);
594 * Find time-reference packet.
596 * @param cf the capture file
597 * @param dir direction in which to search
598 * @return true if a packet was found, false otherwise
600 bool cf_find_packet_time_reference(capture_file *cf, search_direction dir);
603 * GoTo Packet with the given row.
605 * @param cf the capture file
606 * @param row the row to go to
607 * @param exact if true, fail if the row exists and is filtered (not displayed)
608 * if false, go to the nearest displayed packet instead
609 * @return true if this row exists, false otherwise
611 bool cf_goto_frame(capture_file *cf, unsigned row, bool exact);
614 * Go to frame specified by currently selected protocol tree field.
615 * (Go To Corresponding Packet)
616 * @todo this is ugly and should be improved!
618 * @param cf the capture file
619 * @return true if this packet exists, false otherwise
621 bool cf_goto_framenum(capture_file *cf);
624 * Select the packet in the given row.
626 * @param cf the capture file
627 * @param frame the frame to be selected
629 void cf_select_packet(capture_file *cf, frame_data *frame);
632 * Unselect all packets, if any.
634 * @param cf the capture file
636 void cf_unselect_packet(capture_file *cf);
639 * Mark a particular frame in a particular capture.
641 * @param cf the capture file
642 * @param frame the frame to be marked
644 void cf_mark_frame(capture_file *cf, frame_data *frame);
647 * Unmark a particular frame in a particular capture.
649 * @param cf the capture file
650 * @param frame the frame to be unmarked
652 void cf_unmark_frame(capture_file *cf, frame_data *frame);
655 * Ignore a particular frame in a particular capture.
657 * @param cf the capture file
658 * @param frame the frame to be ignored
660 void cf_ignore_frame(capture_file *cf, frame_data *frame);
663 * Unignore a particular frame in a particular capture.
665 * @param cf the capture file
666 * @param frame the frame to be unignored
668 void cf_unignore_frame(capture_file *cf, frame_data *frame);
671 * Merge two or more capture files into a temporary file.
672 * @todo is this the right place for this function? It doesn't have to do a lot with capture_file.
674 * @param pd_window Window pointer suitable for use by delayed_create_progress_dlg.
675 * @param out_filenamep Points to a pointer that's set to point to the
676 * pathname of the temporary file; it's allocated with g_malloc()
677 * @param in_file_count the number of input files to merge
678 * @param in_filenames array of input filenames
679 * @param file_type the output filetype
680 * @param do_append false to merge chronologically, true simply append
681 * @return one of cf_status_t
683 cf_status_t
684 cf_merge_files_to_tempfile(void *pd_window, const char *temp_dir, char **out_filenamep,
685 int in_file_count, const char *const *in_filenames,
686 int file_type, bool do_append);
689 * Update(replace) the comment on a capture from the SHB data block
690 * XXX - should support multiple sections.
692 * @param cf the capture file
693 * @param comment the string replacing the old comment
695 void cf_update_section_comment(capture_file *cf, char *comment);
698 * Update(replace) the comments on a capture from the SHB data block
700 * @param cf the capture file
701 * @param shb_idx the index of the SHB (0-indexed)
702 * @param comments a NULL-terminated string array of comments. The function
703 * takes ownership of the string array and frees it and the contents.
705 void cf_update_section_comments(capture_file *cf, unsigned shb_idx, char **comments);
708 * Get the packet block for a packet (record).
709 * If the block has been edited, it returns the result of the edit,
710 * otherwise it returns the block from the file.
712 * @param cf the capture file
713 * @param fd the frame_data structure for the frame
714 * @returns A block (use wtap_block_unref to free) or NULL if there is none.
716 wtap_block_t cf_get_packet_block(capture_file *cf, const frame_data *fd);
719 * Update(replace) the block on a capture from a frame
721 * @param cf the capture file
722 * @param fd the frame_data structure for the frame
723 * @param new_block the block replacing the old block
725 * @return true if the block is modified for the first time. false if
726 * the block was already modified before, in which case the caller is
727 * responsible for updating the comment count.
729 bool cf_set_modified_block(capture_file *cf, frame_data *fd, const wtap_block_t new_block);
732 * What types of comments does this file have?
734 * @param cf the capture file
735 * @return bitset of WTAP_COMMENT_ values
737 uint32_t cf_comment_types(capture_file *cf);
740 * Add a resolved address to this file's list of resolved addresses.
742 * @param cf the capture file
743 * @param addr a string representing an IPv4 or IPv6 address
744 * @param name a string containing a name corresponding to that address
745 * @return true if it succeeds, false if not
747 bool cf_add_ip_name_from_string(capture_file *cf, const char *addr, const char *name);
749 #ifdef __cplusplus
751 #endif /* __cplusplus */
753 #endif /* file.h */