diff options
Diffstat (limited to 'file.h')
-rw-r--r-- | file.h | 734 |
1 files changed, 734 insertions, 0 deletions
@@ -0,0 +1,734 @@ +/** @file + * + * Definitions for file structures and routines + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef __FILE_H__ +#define __FILE_H__ + +#include <wiretap/wtap.h> +#include <epan/epan.h> +#include <epan/print.h> +#include <epan/fifo_string_cache.h> +#include <ui/packet_range.h> + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/** Return values from functions that only can succeed or fail. */ +typedef enum { + CF_OK, /**< operation succeeded */ + CF_ERROR /**< operation got an error (function may provide err with details) */ +} cf_status_t; + +/** Return values from functions that read capture files. */ +typedef enum { + CF_READ_OK, /**< operation succeeded */ + CF_READ_ERROR, /**< operation got an error (function may provide err with details) */ + CF_READ_ABORTED /**< operation aborted by user */ +} cf_read_status_t; + +/** Return values from functions that write out packets. */ +typedef enum { + CF_WRITE_OK, /**< operation succeeded */ + CF_WRITE_ERROR, /**< operation got an error (function may provide err with details) */ + CF_WRITE_ABORTED /**< operation aborted by user */ +} cf_write_status_t; + +/** Return values from functions that print sets of packets. */ +typedef enum { + CF_PRINT_OK, /**< print operation succeeded */ + CF_PRINT_OPEN_ERROR, /**< print operation failed while opening printer */ + CF_PRINT_WRITE_ERROR /**< print operation failed while writing to the printer */ +} cf_print_status_t; + +typedef enum { + cf_cb_file_opened, + cf_cb_file_closing, + cf_cb_file_closed, + cf_cb_file_read_started, + cf_cb_file_read_finished, + cf_cb_file_reload_started, + cf_cb_file_reload_finished, + cf_cb_file_rescan_started, + cf_cb_file_rescan_finished, + cf_cb_file_retap_started, + cf_cb_file_retap_finished, + cf_cb_file_merge_started, /* Qt only */ + cf_cb_file_merge_finished, /* Qt only */ + cf_cb_file_fast_save_finished, + cf_cb_file_save_started, + cf_cb_file_save_finished, + cf_cb_file_save_failed, + cf_cb_file_save_stopped +} cf_cbs; + +typedef void (*cf_callback_t) (gint event, gpointer data, gpointer user_data); + +typedef struct { + const char *string; + size_t string_len; + capture_file *cf; + gboolean frame_matched; + field_info *finfo; +} match_data; + +/** + * Set maximum number of records per capture file. + * + * @param max_records maximum number of records to support. + */ +extern void +cf_set_max_records(guint max_records); + +/** + * Add a capture file event callback. + * + * @param func The function to be called for each event. + * The function will be passed three parameters: The event type (event), + * event-dependent data (data), and user-supplied data (user_data). + * Event-dependent data may be a capture_file pointer, character pointer, + * or NULL. + * @param user_data User-supplied data to pass to the callback. May be NULL. + */ + +extern void +cf_callback_add(cf_callback_t func, gpointer user_data); + +/** + * Remove a capture file event callback. + * + * @param func The function to be removed. + * @param user_data User-supplied data. Must be the same value supplied to cf_callback_add. + */ + +extern void +cf_callback_remove(cf_callback_t func, gpointer user_data); + +/** + * Open a capture file. + * + * @param cf the capture file to be opened + * @param fname the filename to be opened + * @param type WTAP_TYPE_AUTO for automatic or index to direct open routine + * @param is_tempfile is this a temporary file? + * @param err error code + * @return one of cf_status_t + */ +cf_status_t cf_open(capture_file *cf, const char *fname, unsigned int type, gboolean is_tempfile, int *err); + +/** + * Close a capture file. + * + * @param cf the capture file to be closed + */ +void cf_close(capture_file *cf); + +/** + * Reload a capture file. + * + * @param cf the capture file to be reloaded + * @return one of cf_status_t + */ +cf_status_t cf_reload(capture_file *cf); + +/** + * Read all packets of a capture file into the internal structures. + * + * @param cf the capture file to be read + * @param reloading reread asked for from cf_save_records() + * @return one of cf_read_status_t + */ +cf_read_status_t cf_read(capture_file *cf, gboolean reloading); + +/** + * Read the metadata and raw data for a record. It will pop + * up an alert box if there's an error. + * + * @param cf the capture file from which to read the record + * @param fdata the frame_data structure for the record in question + * @param rec pointer to a wtap_rec structure to contain the + * record's metadata + * @param buf a Buffer into which to read the record's raw data + * @return TRUE if the read succeeded, FALSE if there was an error + */ +gboolean cf_read_record(capture_file *cf, const frame_data *fdata, + wtap_rec *rec, Buffer *buf); + +/** Same as cf_read_record() but does not pop alert box on error */ +gboolean cf_read_record_no_alert(capture_file *cf, const frame_data *fdata, + wtap_rec *rec, Buffer *buf); + + +/** + * Read the metadata and raw data for the current record into a + * capture_file structure's rec and buf for the current record. + * It will pop up an alert box if there's an error. + * + * @param cf the capture file from which to read the record + * @return TRUE if the read succeeded, FALSE if there was an error + */ +gboolean cf_read_current_record(capture_file *cf); + +/** + * Read packets from the "end" of a capture file. + * + * @param cf the capture file to be read from + * @param to_read the number of packets to read + * @param rec pointer to wtap_rec to use when reading + * @param buf pointer to Buffer to use when reading + * @param err the error code, if an error had occurred + * @return one of cf_read_status_t + */ +cf_read_status_t cf_continue_tail(capture_file *cf, volatile int to_read, + wtap_rec *rec, Buffer *buf, int *err, + fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum); + +/** + * Fake reading packets from the "end" of a capture file. + * + * @param cf the capture file to be read from + */ +void cf_fake_continue_tail(capture_file *cf); + +/** + * Finish reading from "end" of a capture file. + * + * @param cf the capture file to be read from + * @param rec pointer to wtap_rec to use when reading + * @param buf pointer to Buffer to use when reading + * @param err the error code, if an error had occurred + * @return one of cf_read_status_t + */ +cf_read_status_t cf_finish_tail(capture_file *cf, wtap_rec *rec, + Buffer *buf, int *err, + fifo_string_cache_t *frame_dup_cache, GChecksum *frame_cksum); + +/** + * Determine whether this capture file (or a range of it) can be written + * in any format using Wiretap rather than by copying the raw data. + * + * @param cf the capture file to check + * @return TRUE if it can be written, FALSE if it can't + */ +gboolean cf_can_write_with_wiretap(capture_file *cf); + +/** + * Determine whether this capture file can be saved with a "save" operation; + * if there's nothing unsaved, it can't. + * + * @param cf the capture file to check + * @return TRUE if it can be saved, FALSE if it can't + */ +gboolean cf_can_save(capture_file *cf); + +/** + * Determine whether this capture file can be saved with a "save as" operation. + * + * @param cf the capture file to check + * @return TRUE if it can be saved, FALSE if it can't + */ +gboolean cf_can_save_as(capture_file *cf); + +/** + * Determine whether this capture file has unsaved data. + * + * @param cf the capture file to check + * @return TRUE if it has unsaved data, FALSE if it doesn't + */ +gboolean cf_has_unsaved_data(capture_file *cf); + +/** + * Save all packets in a capture file to a new file, and, if that succeeds, + * make that file the current capture file. If there's already a file with + * that name, do a "safe save", writing to a temporary file in the same + * directory and, if the write succeeds, renaming the new file on top of the + * old file, so that if the write fails, the old file is still intact. + * + * @param cf the capture file to save to + * @param fname the filename to save to + * @param save_format the format of the file to save (libpcap, ...) + * @param compression_type type of compression to use when writing, if any + * @param discard_comments TRUE if we should discard comments if the save + * succeeds (because we saved in a format that doesn't support + * comments) + * @param dont_reopen TRUE if it shouldn't reopen and make that file the + * current capture file + * @return one of cf_write_status_t + */ +cf_write_status_t cf_save_records(capture_file * cf, const char *fname, + guint save_format, + wtap_compression_type compression_type, + gboolean discard_comments, + gboolean dont_reopen); + +/** + * Export some or all packets from a capture file to a new file. If there's + * already a file with that name, do a "safe save", writing to a temporary + * file in the same directory and, if the write succeeds, renaming the new + * file on top of the old file, so that if the write fails, the old file is + * still intact. + * + * @param cf the capture file to write to + * @param fname the filename to write to + * @param range the range of packets to write + * @param save_format the format of the file to write (libpcap, ...) + * @param compression_type type of compression to use when writing, if any + * @return one of cf_write_status_t + */ +cf_write_status_t cf_export_specified_packets(capture_file *cf, + const char *fname, + packet_range_t *range, + guint save_format, + wtap_compression_type compression_type); + +/** + * Get a displayable name of the capture file. + * + * @param cf the capture file + * @return the displayable name (must be g_free'd) + */ +gchar *cf_get_display_name(capture_file *cf); + +/** + * Get a name that can be used to generate a file name from the + * capture file name. It's based on the displayable name, so it's + * UTF-8; if it ends with a suffix that's used by a file type libwiretap + * can read, we strip that suffix off. + * + * @param cf the capture file + * @return the base name (must be g_free'd) + */ +gchar *cf_get_basename(capture_file *cf); + +/** + * Set the source of the capture data for temporary files, e.g. + * "Interface eth0" or "Pipe from Pong" + * + * @param cf the capture file + * @param source the source description. this will be copied internally. + */ +void cf_set_tempfile_source(capture_file *cf, gchar *source); + +/** + * Get the source of the capture data for temporary files. Guaranteed to + * return a non-null value. The returned value should not be freed. + * + * @param cf the capture file + */ +const gchar *cf_get_tempfile_source(capture_file *cf); + +/** + * Get the number of packets in the capture file. + * + * @param cf the capture file + * @return the number of packets in the capture file + */ +int cf_get_packet_count(capture_file *cf); + +/** + * Is this capture file a temporary file? + * + * @param cf the capture file + * @return TRUE if it's a temporary file, FALSE otherwise + */ +gboolean cf_is_tempfile(capture_file *cf); + +/** + * Set flag, that this file is a tempfile. + */ +void cf_set_tempfile(capture_file *cf, gboolean is_tempfile); + +/** + * Set flag, if the number of packet drops while capturing are known or not. + * + * @param cf the capture file + * @param drops_known TRUE if the number of packet drops are known, FALSE otherwise + */ +void cf_set_drops_known(capture_file *cf, gboolean drops_known); + +/** + * Set the number of packet drops while capturing. + * + * @param cf the capture file + * @param drops the number of packet drops occurred while capturing + */ +void cf_set_drops(capture_file *cf, guint32 drops); + +/** + * Get flag state, if the number of packet drops while capturing are known or not. + * + * @param cf the capture file + * @return TRUE if the number of packet drops are known, FALSE otherwise + */ +gboolean cf_get_drops_known(capture_file *cf); + +/** + * Get the number of packet drops while capturing. + * + * @param cf the capture file + * @return the number of packet drops occurred while capturing + */ +guint32 cf_get_drops(capture_file *cf); + +/** + * Set the read filter. + * @todo this shouldn't be required, remove it somehow + * + * @param cf the capture file + * @param rfcode the readfilter + */ +void cf_set_rfcode(capture_file *cf, dfilter_t *rfcode); + +/** + * "Display Filter" packets in the capture file. + * + * @param cf the capture file + * @param dfilter the display filter + * @param force TRUE if do in any case, FALSE only if dfilter changed + * @return one of cf_status_t + */ +cf_status_t cf_filter_packets(capture_file *cf, gchar *dfilter, gboolean force); + +/** + * Scan through all frame data and recalculate the ref time + * without rereading the file. + * + * @param cf the capture file + */ +void cf_reftime_packets(capture_file *cf); + +/** + * Return the time it took to load the file (in msec). + */ +gulong cf_get_computed_elapsed(capture_file *cf); + +/** + * "Something" has changed, rescan all packets. + * + * @param cf the capture file + */ +void cf_redissect_packets(capture_file *cf); + +/** + * Rescan all packets and just run taps - don't reconstruct the display. + * + * @param cf the capture file + * @return one of cf_read_status_t + */ +cf_read_status_t cf_retap_packets(capture_file *cf); + +/* print_range, enum which frames should be printed */ +typedef enum { + print_range_selected_only, /* selected frame(s) only (currently only one) */ + print_range_marked_only, /* marked frames only */ + print_range_all_displayed, /* all frames currently displayed */ + print_range_all_captured /* all frames in capture */ +} print_range_e; + +typedef struct { + print_stream_t *stream; /* the stream to which we're printing */ + print_format_e format; /* plain text or PostScript */ + gboolean to_file; /* TRUE if we're printing to a file */ + char *file; /* file output pathname */ + char *cmd; /* print command string (not win32) */ + packet_range_t range; + + gboolean print_summary; /* TRUE if we should print summary line. */ + gboolean print_col_headings; /* TRUE if we should print column headings */ + print_dissections_e print_dissections; + gboolean print_hex; /* TRUE if we should print hex data; + * FALSE if we should print only if not dissected. */ + guint hexdump_options; /* Hexdump options if print_hex is TRUE. */ + gboolean print_formfeed; /* TRUE if a formfeed should be printed before + * each new packet */ +} print_args_t; + +/** + * Print the capture file. + * + * @param cf the capture file + * @param print_args the arguments what and how to print + * @param show_progress_bar TRUE if a progress bar is to be shown + * @return one of cf_print_status_t + */ +cf_print_status_t cf_print_packets(capture_file *cf, print_args_t *print_args, + gboolean show_progress_bar); + +/** + * Print (export) the capture file into PDML format. + * + * @param cf the capture file + * @param print_args the arguments what and how to export + * @return one of cf_print_status_t + */ +cf_print_status_t cf_write_pdml_packets(capture_file *cf, print_args_t *print_args); + +/** + * Print (export) the capture file into PSML format. + * + * @param cf the capture file + * @param print_args the arguments what and how to export + * @return one of cf_print_status_t + */ +cf_print_status_t cf_write_psml_packets(capture_file *cf, print_args_t *print_args); + +/** + * Print (export) the capture file into CSV format. + * + * @param cf the capture file + * @param print_args the arguments what and how to export + * @return one of cf_print_status_t + */ +cf_print_status_t cf_write_csv_packets(capture_file *cf, print_args_t *print_args); + +/** + * Print (export) the capture file into C Arrays format. + * + * @param cf the capture file + * @param print_args the arguments what and how to export + * @return one of cf_print_status_t + */ +cf_print_status_t cf_write_carrays_packets(capture_file *cf, print_args_t *print_args); + +/** + * Print (export) the capture file into JSON format. + * + * @param cf the capture file + * @param print_args the arguments what and how to export + * @return one of cf_print_status_t + */ +cf_print_status_t cf_write_json_packets(capture_file *cf, print_args_t *print_args); + +/** + * Find packet with a protocol tree item that contains a specified text string. + * + * @param cf the capture file + * @param string the string to find + * @param dir direction in which to search + * @return TRUE if a packet was found, FALSE otherwise + */ +gboolean cf_find_packet_protocol_tree(capture_file *cf, const char *string, + search_direction dir); + +/** + * Find field with a label that contains the text string cfile->sfilter in + * a protocol tree. + * + * @param cf the capture file + * @param tree the protocol tree + * @return The first field in the tree that matched the string if found, NULL otherwise + */ +extern field_info* cf_find_string_protocol_tree(capture_file *cf, proto_tree *tree); + +/** + * Find packet whose summary line contains a specified text string. + * + * @param cf the capture file + * @param string the string to find + * @param dir direction in which to search + * @return TRUE if a packet was found, FALSE otherwise + */ +gboolean cf_find_packet_summary_line(capture_file *cf, const char *string, + search_direction dir); + +/** + * Find packet whose data contains a specified byte string. + * + * @param cf the capture file + * @param string the string to find + * @param string_size the size of the string to find + * @param dir direction in which to search + * @return TRUE if a packet was found, FALSE otherwise + */ +gboolean cf_find_packet_data(capture_file *cf, const guint8 *string, + size_t string_size, search_direction dir); + +/** + * Find packet that matches a compiled display filter. + * + * @param cf the capture file + * @param sfcode the display filter to match + * @param dir direction in which to search + * @return TRUE if a packet was found, FALSE otherwise + */ +gboolean cf_find_packet_dfilter(capture_file *cf, dfilter_t *sfcode, + search_direction dir); + +/** + * Find packet that matches a display filter given as a text string. + * + * @param cf the capture file + * @param filter the display filter to match + * @param dir direction in which to search + * @return TRUE if a packet was found, FALSE otherwise + */ +gboolean +cf_find_packet_dfilter_string(capture_file *cf, const char *filter, + search_direction dir); + +/** + * Find marked packet. + * + * @param cf the capture file + * @param dir direction in which to search + * @return TRUE if a packet was found, FALSE otherwise + */ +gboolean cf_find_packet_marked(capture_file *cf, search_direction dir); + +/** + * Find time-reference packet. + * + * @param cf the capture file + * @param dir direction in which to search + * @return TRUE if a packet was found, FALSE otherwise + */ +gboolean cf_find_packet_time_reference(capture_file *cf, search_direction dir); + +/** + * GoTo Packet with the given row. + * + * @param cf the capture file + * @param row the row to go to + * @return TRUE if this row exists, FALSE otherwise + */ +gboolean cf_goto_frame(capture_file *cf, guint row); + +/** + * Go to frame specified by currently selected protocol tree field. + * (Go To Corresponding Packet) + * @todo this is ugly and should be improved! + * + * @param cf the capture file + * @return TRUE if this packet exists, FALSE otherwise + */ +gboolean cf_goto_framenum(capture_file *cf); + +/** + * Select the packet in the given row. + * + * @param cf the capture file + * @param frame the frame to be selected + */ +void cf_select_packet(capture_file *cf, frame_data *frame); + +/** + * Unselect all packets, if any. + * + * @param cf the capture file + */ +void cf_unselect_packet(capture_file *cf); + +/** + * Mark a particular frame in a particular capture. + * + * @param cf the capture file + * @param frame the frame to be marked + */ +void cf_mark_frame(capture_file *cf, frame_data *frame); + +/** + * Unmark a particular frame in a particular capture. + * + * @param cf the capture file + * @param frame the frame to be unmarked + */ +void cf_unmark_frame(capture_file *cf, frame_data *frame); + +/** + * Ignore a particular frame in a particular capture. + * + * @param cf the capture file + * @param frame the frame to be ignored + */ +void cf_ignore_frame(capture_file *cf, frame_data *frame); + +/** + * Unignore a particular frame in a particular capture. + * + * @param cf the capture file + * @param frame the frame to be unignored + */ +void cf_unignore_frame(capture_file *cf, frame_data *frame); + +/** + * Merge two or more capture files into a temporary file. + * @todo is this the right place for this function? It doesn't have to do a lot with capture_file. + * + * @param pd_window Window pointer suitable for use by delayed_create_progress_dlg. + * @param out_filenamep Points to a pointer that's set to point to the + * pathname of the temporary file; it's allocated with g_malloc() + * @param in_file_count the number of input files to merge + * @param in_filenames array of input filenames + * @param file_type the output filetype + * @param do_append FALSE to merge chronologically, TRUE simply append + * @return one of cf_status_t + */ +cf_status_t +cf_merge_files_to_tempfile(gpointer pd_window, const char *temp_dir, char **out_filenamep, + int in_file_count, const char *const *in_filenames, + int file_type, gboolean do_append); + +/** + * Update(replace) the comment on a capture from the SHB data block + * XXX - should support multiple sections. + * + * @param cf the capture file + * @param comment the string replacing the old comment + */ +void cf_update_section_comment(capture_file *cf, gchar *comment); + +/* + * Get the packet block for a packet (record). + * If the block has been edited, it returns the result of the edit, + * otherwise it returns the block from the file. + * + * @param cf the capture file + * @param fd the frame_data structure for the frame + * @returns A block (use wtap_block_unref to free) or NULL if there is none. + */ +wtap_block_t cf_get_packet_block(capture_file *cf, const frame_data *fd); + +/** + * Update(replace) the block on a capture from a frame + * + * @param cf the capture file + * @param fd the frame_data structure for the frame + * @param new_block the block replacing the old block + * + * @return TRUE if the block is modified for the first time. FALSE if + * the block was already modified before, in which case the caller is + * responsible for updating the comment count. + */ +gboolean cf_set_modified_block(capture_file *cf, frame_data *fd, const wtap_block_t new_block); + +/** + * What types of comments does this file have? + * + * @param cf the capture file + * @return bitset of WTAP_COMMENT_ values + */ +guint32 cf_comment_types(capture_file *cf); + +/** + * Add a resolved address to this file's list of resolved addresses. + * + * @param cf the capture file + * @param addr a string representing an IPv4 or IPv6 address + * @param name a string containing a name corresponding to that address + * @return TRUE if it succeeds, FALSE if not + */ +gboolean cf_add_ip_name_from_string(capture_file *cf, const char *addr, const char *name); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* file.h */ |