1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/* file.h
* Definitions for file structures and routines
*
* $Id: file.h,v 1.96 2002/08/02 23:35:46 jmayer Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __FILE_H__
#define __FILE_H__
#include "wiretap/wtap.h"
#include <epan/dfilter/dfilter.h>
#include "print.h"
#include <errno.h>
#include <epan/epan.h>
/* Current state of file. */
typedef enum {
FILE_CLOSED, /* No file open */
FILE_READ_IN_PROGRESS, /* Reading a file we've opened */
FILE_READ_ABORTED, /* Read aborted by user */
FILE_READ_DONE /* Read completed */
} file_state;
typedef struct _capture_file {
file_state state; /* Current state of capture file */
int filed; /* File descriptor of capture file */
gchar *filename; /* Name of capture file */
gboolean is_tempfile; /* Is capture file a temporary file? */
gboolean user_saved;/* If capture file is temporary, has it been saved by user yet? */
long f_len; /* Length of capture file */
guint16 cd_t; /* File type of capture file */
int lnk_t; /* Link-layer type with which to save capture */
guint32 vers; /* Version. For tcpdump minor is appended to major */
int count; /* Total number of frames */
int marked_count; /* Number of marked frames */
gboolean drops_known; /* TRUE if we know how many packets were dropped */
guint32 drops; /* Dropped packets */
guint32 esec; /* Elapsed seconds */
guint32 eusec; /* Elapsed microseconds */
gboolean has_snap; /* TRUE if maximum capture packet length is known */
int snap; /* Maximum captured packet length */
long progbar_quantum; /* Number of bytes read per progress bar update */
long progbar_nextstep; /* Next point at which to update progress bar */
gchar *iface; /* Interface */
gchar *save_file; /* File that user saved capture to */
int save_file_fd; /* File descriptor for saved file */
wtap *wth; /* Wiretap session */
dfilter_t *rfcode; /* Compiled read filter program */
gchar *dfilter; /* Display filter string */
dfilter_t *dfcode; /* Compiled display filter program */
#ifdef HAVE_LIBPCAP
gchar *cfilter; /* Capture filter string */
#endif
gchar *sfilter; /* Search filter string */
gboolean sbackward; /* TRUE if search is backward, FALSE if forward */
union wtap_pseudo_header pseudo_header; /* Packet pseudo_header */
guint8 pd[WTAP_MAX_PACKET_SIZE]; /* Packet data */
GMemChunk *plist_chunk; /* Memory chunk for frame_data structures */
frame_data *plist; /* Packet list */
frame_data *plist_end; /* Last packet in list */
frame_data *first_displayed; /* First frame displayed */
frame_data *last_displayed; /* Last frame displayed */
column_info cinfo; /* Column formatting information */
frame_data *current_frame; /* Frame data for current frame */
epan_dissect_t *edt; /* Protocol dissection fo rcurrently selected packet */
FILE *print_fh; /* File we're printing to */
} capture_file;
/* Return values from "read_cap_file()", "continue_tail_cap_file()",
and "finish_tail_cap_file()". */
typedef enum {
READ_SUCCESS, /* read succeeded */
READ_ERROR, /* read got an error */
READ_ABORTED /* read aborted by user */
} read_status_t;
int open_cap_file(char *, gboolean, capture_file *);
void close_cap_file(capture_file *);
read_status_t read_cap_file(capture_file *, int *);
int start_tail_cap_file(char *, gboolean, capture_file *);
read_status_t continue_tail_cap_file(capture_file *, int, int *);
read_status_t finish_tail_cap_file(capture_file *, int *);
/* size_t read_frame_header(capture_file *); */
gboolean save_cap_file(char *, capture_file *, gboolean, gboolean, guint);
int filter_packets(capture_file *cf, gchar *dfilter);
void colorize_packets(capture_file *);
void redissect_packets(capture_file *cf);
int print_packets(capture_file *cf, print_args_t *print_args);
void change_time_formats(capture_file *);
gboolean find_packet(capture_file *cf, dfilter_t *sfcode);
typedef enum {
FOUND_FRAME, /* found the frame */
NO_SUCH_FRAME, /* no frame with that number */
FRAME_NOT_DISPLAYED /* frame with that number isn't displayed */
} goto_result_t;
goto_result_t goto_frame(capture_file *cf, guint fnumber);
void select_packet(capture_file *, int);
void unselect_packet(capture_file *);
void unselect_field(void);
/*
* Mark a particular frame in a particular capture.
*/
void mark_frame(capture_file *, frame_data *);
/*
* Unmark a particular frame in a particular capture.
*/
void unmark_frame(capture_file *, frame_data *);
/* Moves or copies a file. Returns 0 on failure, 1 on success */
int file_mv(char *from, char *to);
/* Copies a file. Returns 0 on failure, 1 on success */
int file_cp(char *from, char *to);
char *file_open_error_message(int, gboolean, int);
char *file_read_error_message(int);
char *file_write_error_message(int);
#endif /* file.h */
|
