Bug Summary

File:capinfos.c
Warning:line 1065, column 33
File position of the stream might be 'indeterminate' after a failed operation. Can cause undefined behavior

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name capinfos.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-20/lib/clang/20 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -I /builds/wireshark/wireshark/wiretap -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-20/lib/clang/20/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-truncation -Wno-format-nonliteral -Wno-pointer-sign -std=gnu11 -ferror-limit 19 -fvisibility=hidden -fwrapv -fwrapv-pointer -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2025-09-11-100357-3933-1 -x c /builds/wireshark/wireshark/capinfos.c
1/* capinfos.c
2 * Reports capture file information including # of packets, duration, others
3 *
4 * Copyright 2004 Ian Schorr
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <[email protected]>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13/*
14 * 2009-09-19: jyoung
15 *
16 * New capinfos features
17 *
18 * Continue processing additional files after
19 * a wiretap open failure. The new -C option
20 * reverts to capinfos' original behavior which
21 * is to cancel any further file processing at
22 * first file open failure.
23 *
24 * Change the behavior of how the default display
25 * of all infos is initiated. This gets rid of a
26 * special post getopt() argument count test.
27 *
28 * Add new table output format (with related options)
29 * This feature allows outputting the various infos
30 * into a tab delimited text file, or to a comma
31 * separated variables file (*.csv) instead of the
32 * original "long" format.
33 *
34 * 2011-04-05: wmeier
35 * behaviour changed: Upon exit capinfos will return
36 * an error status if an error occurred at any
37 * point during "continuous" file processing.
38 * (Previously a success status was always
39 * returned if the -C option was not used).
40 *
41 */
42
43
44#include <config.h>
45#define WS_LOG_DOMAIN"Main" LOG_DOMAIN_MAIN"Main"
46
47#include <stdio.h>
48#include <stdlib.h>
49#include <string.h>
50#include <stdarg.h>
51#include <locale.h>
52
53#include <ws_exit_codes.h>
54#include <wsutil/clopts_common.h>
55#include <wsutil/ws_getopt.h>
56
57#include <glib.h>
58
59#include <wiretap/wtap.h>
60
61#include <wsutil/cmdarg_err.h>
62#include <wsutil/filesystem.h>
63#include <wsutil/privileges.h>
64#include <cli_main.h>
65#include <wsutil/version_info.h>
66#include <wiretap/wtap_opttypes.h>
67
68#ifdef HAVE_PLUGINS1
69#include <wsutil/plugins.h>
70#endif
71
72#include <wsutil/str_util.h>
73#include <wsutil/to_str.h>
74#include <wsutil/file_util.h>
75#include <wsutil/ws_assert.h>
76#include <wsutil/wslog.h>
77
78#include <gcrypt.h>
79
80#include "ui/failure_message.h"
81
82/*
83 * By default capinfos now continues processing
84 * the next filename if and when wiretap detects
85 * a problem opening or reading a file.
86 * Use the '-C' option to revert back to original
87 * capinfos behavior which is to abort any
88 * additional file processing at the first file
89 * open or read failure.
90 */
91
92static bool_Bool stop_after_failure;
93
94/*
95 * table report variables
96 */
97
98static bool_Bool long_report = true1; /* By default generate long report */
99static bool_Bool table_report_header = true1; /* Generate column header by default */
100static char field_separator = '\t'; /* Use TAB as field separator by default */
101static char quote_char = '\0'; /* Do NOT quote fields by default */
102static bool_Bool machine_readable; /* Display machine-readable numbers */
103
104/*
105 * capinfos has the ability to report on a number of
106 * various characteristics ("infos") for each input file.
107 *
108 * By default reporting of all info fields is enabled.
109 *
110 * Optionally the reporting of any specific info field
111 * or combination of info fields can be enabled with
112 * individual options.
113 */
114
115static bool_Bool report_all_infos = true1; /* Report all infos */
116
117static bool_Bool cap_file_type = true1; /* Report capture type */
118static bool_Bool cap_file_encap = true1; /* Report encapsulation */
119static bool_Bool cap_snaplen = true1; /* Packet size limit (snaplen)*/
120static bool_Bool cap_packet_count = true1; /* Report packet count */
121static bool_Bool cap_file_size = true1; /* Report file size */
122static bool_Bool cap_comment = true1; /* Display the capture comment */
123static bool_Bool cap_file_more_info = true1; /* Report more file info */
124static bool_Bool cap_file_idb = true1; /* Report Interface info */
125static bool_Bool cap_file_nrb = true1; /* Report Name Resolution Block info */
126static bool_Bool cap_file_dsb = true1; /* Report Decryption Secrets Block info */
127
128static bool_Bool cap_data_size = true1; /* Report packet byte size */
129static bool_Bool cap_duration = true1; /* Report capture duration */
130static bool_Bool cap_earliest_packet_time = true1; /* Report timestamp of earliest packet */
131static bool_Bool cap_latest_packet_time = true1; /* Report timestamp of latest packet */
132static bool_Bool time_as_secs; /* Report time values as raw seconds */
133
134static bool_Bool cap_data_rate_byte = true1; /* Report data rate bytes/sec */
135static bool_Bool cap_data_rate_bit = true1; /* Report data rate bites/sec */
136static bool_Bool cap_packet_size = true1; /* Report average packet size */
137static bool_Bool cap_packet_rate = true1; /* Report average packet rate */
138static bool_Bool cap_order = true1; /* Report if packets are in chronological order (True/False) */
139static bool_Bool pkt_comments = true1; /* Report individual packet comments */
140
141static bool_Bool cap_file_hashes = true1; /* Calculate file hashes */
142
143// Strongest to weakest
144#define HASH_SIZE_SHA25632 32
145#define HASH_SIZE_SHA120 20
146
147#define HASH_STR_SIZE(65) (65) /* Max hash size * 2 + '\0' */
148#define HASH_BUF_SIZE(1024 * 1024) (1024 * 1024)
149
150
151static char file_sha256[HASH_STR_SIZE(65)];
152static char file_sha1[HASH_STR_SIZE(65)];
153
154static char *hash_buf;
155static gcry_md_hd_t hd;
156
157static unsigned int num_ipv4_addresses;
158static unsigned int num_ipv6_addresses;
159static unsigned int num_decryption_secrets;
160
161/*
162 * If we have at least two packets with time stamps, and they're not in
163 * order - i.e., the later packet has a time stamp older than the earlier
164 * packet - the time stamps are known not to be in order.
165 *
166 * If every packet has a time stamp, and they're all in order, the time
167 * stamp is known to be in order.
168 *
169 * Otherwise, we have no idea.
170 */
171typedef enum {
172 IN_ORDER,
173 NOT_IN_ORDER,
174 ORDER_UNKNOWN
175} order_t;
176
177typedef struct _pkt_cmt {
178 uint32_t recno;
179 char *cmt;
180 struct _pkt_cmt *next;
181} pkt_cmt;
182
183typedef struct _capture_info {
184 const char *filename;
185 uint16_t file_type;
186 wtap_compression_type compression_type;
187 int file_encap;
188 int file_tsprec;
189 wtap *wth;
190 int64_t filesize;
191 uint64_t packet_bytes;
192 bool_Bool times_known;
193 nstime_t earliest_packet_time;
194 int earliest_packet_time_tsprec;
195 nstime_t latest_packet_time;
196 int latest_packet_time_tsprec;
197 uint32_t packet_count;
198 bool_Bool snap_set; /* If set in capture file header */
199 uint32_t snaplen; /* value from the capture file header */
200 uint32_t snaplen_min_inferred; /* If caplen < len for 1 or more rcds */
201 uint32_t snaplen_max_inferred; /* ... */
202 bool_Bool drops_known;
203 uint32_t drop_count;
204
205 nstime_t duration;
206 int duration_tsprec;
207 double packet_rate;
208 double packet_size;
209 double data_rate; /* in bytes/s */
210 bool_Bool know_order;
211 order_t order;
212
213 int *encap_counts; /* array of per_packet encap counts; array has one entry per wtap_encap type */
214 pkt_cmt *pkt_cmts; /* list of packet comments */
215
216 unsigned int num_interfaces; /* number of IDBs, and thus size of interface_packet_counts array */
217 GArray *interface_packet_counts; /* array of per_packet interface_id counts; one entry per file IDB */
218 uint32_t pkt_interface_id_unknown; /* counts if packet interface_id didn't match a known one */
219 GArray *idb_info_strings; /* array of IDB info strings */
220} capture_info;
221
222static char *decimal_point;
223
224static void
225enable_all_infos(void)
226{
227 report_all_infos = true1;
228
229 cap_file_type = true1;
230 cap_file_encap = true1;
231 cap_snaplen = true1;
232 cap_packet_count = true1;
233 cap_file_size = true1;
234 cap_comment = true1;
235 pkt_comments = true1;
236 cap_file_more_info = true1;
237 cap_file_idb = true1;
238 cap_file_nrb = true1;
239 cap_file_dsb = true1;
240
241 cap_data_size = true1;
242 cap_duration = true1;
243 cap_earliest_packet_time = true1;
244 cap_latest_packet_time = true1;
245 cap_order = true1;
246
247 cap_data_rate_byte = true1;
248 cap_data_rate_bit = true1;
249 cap_packet_size = true1;
250 cap_packet_rate = true1;
251
252 cap_file_hashes = true1;
253}
254
255static void
256disable_all_infos(void)
257{
258 report_all_infos = false0;
259
260 cap_file_type = false0;
261 cap_file_encap = false0;
262 cap_snaplen = false0;
263 cap_packet_count = false0;
264 cap_file_size = false0;
265 cap_comment = false0;
266 pkt_comments = false0;
267 cap_file_more_info = false0;
268 cap_file_idb = false0;
269 cap_file_nrb = false0;
270 cap_file_dsb = false0;
271
272 cap_data_size = false0;
273 cap_duration = false0;
274 cap_earliest_packet_time = false0;
275 cap_latest_packet_time = false0;
276 cap_order = false0;
277
278 cap_data_rate_byte = false0;
279 cap_data_rate_bit = false0;
280 cap_packet_size = false0;
281 cap_packet_rate = false0;
282
283 cap_file_hashes = false0;
284}
285
286static const char *
287order_string(order_t order)
288{
289 switch (order) {
290
291 case IN_ORDER:
292 return "True";
293
294 case NOT_IN_ORDER:
295 return "False";
296
297 case ORDER_UNKNOWN:
298 return "Unknown";
299
300 default:
301 return "???"; /* "cannot happen" (the next step is "Profit!") */
302 }
303}
304
305static char *
306absolute_time_string(nstime_t *timer, int tsprecision, capture_info *cf_info)
307{
308 /*
309 * https://web.archive.org/web/20120513133703/http://www.idrbt.ac.in/publications/workingpapers/Working%20Paper%20No.%209.pdf
310 *
311 * says:
312 *
313 * A 64-bit Unix time would be safe for the indefinite future, as
314 * this variable would not overflow until 2**63 or
315 * 9,223,372,036,854,775,808 (over nine quintillion) seconds
316 * after the beginning of the Unix epoch - corresponding to
317 * GMT 15:30:08, Sunday, 4th December, 292,277,026,596.
318 *
319 * So, if we're displaying the time as YYYY-MM-DD HH:MM:SS.SSSSSSSSS,
320 * we'll have the buffer be large enough for a date of the format
321 * 292277026596-MM-DD HH:MM:SS.SSSSSSSSS, which is the biggest value
322 * you'll get with a 64-bit time_t and a nanosecond-resolution
323 * fraction-of-a-second.
324 *
325 * That's 12+1+2+1+2+1+2+1+2+2+2+1+9+1, including the terminating
326 * \0, or 39.
327 *
328 * If we're displaying the time as epoch time, and the time is
329 * unsigned, 2^64-1 is 18446744073709551615, so the buffer has
330 * to be big enough for 18446744073709551615.999999999. That's
331 * 20+1+9+1, including the terminating '\0', or 31. If it's
332 * signed, 2^63 is 9223372036854775808, so the buffer has to
333 * be big enough for -9223372036854775808.999999999, which is
334 * again 20+1+9+1, or 31.
335 *
336 * So we go with 39.
337 */
338 static char time_string_buf[39];
339
340 if (cf_info->times_known && cf_info->packet_count > 0) {
341 if (time_as_secs) {
342 display_epoch_time(time_string_buf, sizeof time_string_buf, timer, tsprecision);
343 } else {
344 format_nstime_as_iso8601(time_string_buf, sizeof time_string_buf, timer, decimal_point, true1, tsprecision);
345 }
346 } else {
347 snprintf(time_string_buf, sizeof time_string_buf, "n/a");
348 }
349 return time_string_buf;
350}
351
352static char *
353relative_time_string(nstime_t *timer, int tsprecision, capture_info *cf_info, bool_Bool want_seconds)
354{
355 const char *second = want_seconds ? " second" : "";
356 const char *plural = want_seconds ? "s" : "";
357 /*
358 * If we're displaying the time as epoch time, and the time is
359 * unsigned, 2^64-1 is 18446744073709551615, so the buffer has
360 * to be big enough for "18446744073709551615.999999999 seconds".
361 * That's 20+1+9+1+7+1, including the terminating '\0', or 39.
362 * If it'ssigned, 2^63 is 9223372036854775808, so the buffer has to
363 * be big enough for "-9223372036854775808.999999999 seconds",
364 * which is again 20+1+9+1+7+1, or 39.
365 */
366 static char time_string_buf[39];
367
368 if (cf_info->times_known && cf_info->packet_count > 0) {
369 char *ptr;
370 size_t remaining;
371 int num_bytes;
372
373 ptr = time_string_buf;
374 remaining = sizeof time_string_buf;
375 num_bytes = snprintf(ptr, remaining,
376 "%"PRId64"l" "d",
377 (int64_t)timer->secs);
378 if (num_bytes < 0) {
379 /*
380 * That got an error.
381 * Not much else we can do.
382 */
383 snprintf(ptr, remaining, "snprintf() failed");
384 return time_string_buf;
385 }
386 if ((unsigned int)num_bytes >= remaining) {
387 /*
388 * That filled up or would have overflowed the buffer.
389 * Nothing more we can do.
390 */
391 return time_string_buf;
392 }
393 ptr += num_bytes;
394 remaining -= num_bytes;
395
396 if (tsprecision != 0) {
397 /*
398 * Append the fractional part.
399 */
400 num_bytes = format_fractional_part_nsecs(ptr, remaining, timer->nsecs, decimal_point, tsprecision);
401 if ((unsigned int)num_bytes >= remaining) {
402 /*
403 * That filled up or would have overflowed the buffer.
404 * Nothing more we can do.
405 */
406 return time_string_buf;
407 }
408 ptr += num_bytes;
409 remaining -= num_bytes;
410 }
411
412 /*
413 * Append the units.
414 */
415 snprintf(ptr, remaining, "%s%s",
416 second,
417 timer->secs == 1 ? "" : plural);
418
419 return time_string_buf;
420 }
421
422 snprintf(time_string_buf, sizeof time_string_buf, "n/a");
423 return time_string_buf;
424}
425
426static void print_value(const char *text_p1, int width, const char *text_p2, double value)
427{
428 if (value > 0.0)
429 printf("%s%.*f%s\n", text_p1, width, value, text_p2);
430 else
431 printf("%sn/a\n", text_p1);
432}
433
434/* multi-line comments would conflict with the formatting that capinfos uses
435 we replace linefeeds with spaces */
436static void
437string_replace_newlines(char *str)
438{
439 char *p;
440
441 if (str) {
442 p = str;
443 while (*p != '\0') {
444 if (*p == '\n')
445 *p = ' ';
446 if (*p == '\r')
447 *p = ' ';
448 p++;
449 }
450 }
451}
452
453static void
454show_option_string(const char *prefix, const char *option_str)
455{
456 char *str;
457
458 if (option_str != NULL((void*)0) && option_str[0] != '\0') {
459 str = g_strdup(option_str)g_strdup_inline (option_str);
460 string_replace_newlines(str);
461 printf("%s%s\n", prefix, str);
462 g_free(str);
463 }
464}
465
466static void
467print_stats(const char *filename, capture_info *cf_info)
468{
469 const char *file_type_string, *file_encap_string;
470 char *size_string;
471 pkt_cmt *p, *prev;
472
473 /* Build printable strings for various stats */
474 if (machine_readable) {
475 file_type_string = wtap_file_type_subtype_name(cf_info->file_type);
476 file_encap_string = wtap_encap_name(cf_info->file_encap);
477 }
478 else {
479 file_type_string = wtap_file_type_subtype_description(cf_info->file_type);
480 file_encap_string = wtap_encap_description(cf_info->file_encap);
481 }
482
483 if (filename) printf ("File name: %s\n", filename);
484 if (cap_file_type) {
485 const char *compression_type_description;
486 compression_type_description = wtap_compression_type_description(cf_info->compression_type);
487 if (compression_type_description == NULL((void*)0))
488 printf ("File type: %s\n",
489 file_type_string);
490 else
491 printf ("File type: %s (%s)\n",
492 file_type_string, compression_type_description);
493 }
494 if (cap_file_encap) {
495 printf ("File encapsulation: %s\n", file_encap_string);
496 if (cf_info->file_encap == WTAP_ENCAP_PER_PACKET-1) {
497 int i;
498 printf ("Encapsulation in use by packets (# of pkts):\n");
499 for (i=0; i<WTAP_NUM_ENCAP_TYPESwtap_get_num_encap_types(); i++) {
500 if (cf_info->encap_counts[i] > 0)
501 printf(" %s (%d)\n",
502 wtap_encap_description(i), cf_info->encap_counts[i]);
503 }
504 }
505 }
506 if (cap_file_more_info) {
507 printf ("File timestamp precision: %s (%d)\n",
508 wtap_tsprec_string(cf_info->file_tsprec), cf_info->file_tsprec);
509 }
510
511 if (cap_snaplen && cf_info->snap_set)
512 printf ("Packet size limit: file hdr: %u bytes\n", cf_info->snaplen);
513 else if (cap_snaplen && !cf_info->snap_set)
514 printf ("Packet size limit: file hdr: (not set)\n");
515 if (cf_info->snaplen_max_inferred > 0) {
516 if (cf_info->snaplen_min_inferred == cf_info->snaplen_max_inferred)
517 printf ("Packet size limit: inferred: %u bytes\n", cf_info->snaplen_min_inferred);
518 else
519 printf ("Packet size limit: inferred: %u bytes - %u bytes (range)\n",
520 cf_info->snaplen_min_inferred, cf_info->snaplen_max_inferred);
521 }
522 if (cap_packet_count) {
523 printf ("Number of packets: ");
524 if (machine_readable) {
525 printf ("%u\n", cf_info->packet_count);
526 } else {
527 size_string = format_size(cf_info->packet_count, FORMAT_SIZE_UNIT_NONE, 0)format_size_wmem(((void*)0), cf_info->packet_count, FORMAT_SIZE_UNIT_NONE
, 0);
528 printf ("%s\n", size_string);
529 g_free(size_string);
530 }
531 }
532 if (cap_file_size) {
533 printf ("File size: ");
534 if (machine_readable) {
535 printf ("%" PRId64"l" "d" " bytes\n", cf_info->filesize);
536 } else {
537 size_string = format_size(cf_info->filesize, FORMAT_SIZE_UNIT_BYTES, 0)format_size_wmem(((void*)0), cf_info->filesize, FORMAT_SIZE_UNIT_BYTES
, 0);
538 printf ("%s\n", size_string);
539 g_free(size_string);
540 }
541 }
542 if (cap_data_size) {
543 printf ("Data size: ");
544 if (machine_readable) {
545 printf ("%" PRIu64"l" "u" " bytes\n", cf_info->packet_bytes);
546 } else {
547 size_string = format_size(cf_info->packet_bytes, FORMAT_SIZE_UNIT_BYTES, 0)format_size_wmem(((void*)0), cf_info->packet_bytes, FORMAT_SIZE_UNIT_BYTES
, 0);
548 printf ("%s\n", size_string);
549 g_free(size_string);
550 }
551 }
552 if (cf_info->times_known) {
553 if (cap_duration) /* XXX - shorten to hh:mm:ss */
554 printf("Capture duration: %s\n", relative_time_string(&cf_info->duration, cf_info->duration_tsprec, cf_info, true1));
555 if (cap_earliest_packet_time)
556 printf("Earliest packet time: %s\n", absolute_time_string(&cf_info->earliest_packet_time, cf_info->earliest_packet_time_tsprec, cf_info));
557 if (cap_latest_packet_time)
558 printf("Latest packet time: %s\n", absolute_time_string(&cf_info->latest_packet_time, cf_info->latest_packet_time_tsprec, cf_info));
559 if (cap_data_rate_byte) {
560 printf("Data byte rate: ");
561 if (machine_readable) {
562 print_value("", 2, " bytes/sec", cf_info->data_rate);
563 } else {
564 size_string = format_size((int64_t)cf_info->data_rate, FORMAT_SIZE_UNIT_BYTES_S, 0)format_size_wmem(((void*)0), (int64_t)cf_info->data_rate, FORMAT_SIZE_UNIT_BYTES_S
, 0);
565 printf ("%s\n", size_string);
566 g_free(size_string);
567 }
568 }
569 if (cap_data_rate_bit) {
570 printf("Data bit rate: ");
571 if (machine_readable) {
572 print_value("", 2, " bits/sec", cf_info->data_rate*8);
573 } else {
574 size_string = format_size((int64_t)(cf_info->data_rate*8), FORMAT_SIZE_UNIT_BITS_S, 0)format_size_wmem(((void*)0), (int64_t)(cf_info->data_rate*
8), FORMAT_SIZE_UNIT_BITS_S, 0);
575 printf ("%s\n", size_string);
576 g_free(size_string);
577 }
578 }
579 }
580 if (cap_packet_size) printf("Average packet size: %.2f bytes\n", cf_info->packet_size);
581 if (cf_info->times_known) {
582 if (cap_packet_rate) {
583 printf("Average packet rate: ");
584 if (machine_readable) {
585 print_value("", 2, " packets/sec", cf_info->packet_rate);
586 } else {
587 size_string = format_size((int64_t)cf_info->packet_rate, FORMAT_SIZE_UNIT_PACKETS_S, 0)format_size_wmem(((void*)0), (int64_t)cf_info->packet_rate
, FORMAT_SIZE_UNIT_PACKETS_S, 0);
588 printf ("%s\n", size_string);
589 g_free(size_string);
590 }
591 }
592 }
593 if (cap_file_hashes) {
594 printf ("SHA256: %s\n", file_sha256);
595 printf ("SHA1: %s\n", file_sha1);
596 }
597 if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order));
598
599 bool_Bool has_multiple_sections = (wtap_file_get_num_shbs(cf_info->wth) > 1);
600
601 for (unsigned int section_number = 0;
602 section_number < wtap_file_get_num_shbs(cf_info->wth);
603 section_number++) {
604 wtap_block_t shb;
605
606 // If we have more than one section, add headers for each section.
607 if (has_multiple_sections)
608 printf("Section %u:\n\n", section_number);
609
610 shb = wtap_file_get_shb(cf_info->wth, section_number);
611 if (shb != NULL((void*)0)) {
612 if (cap_file_more_info) {
613 char *str;
614
615 if (wtap_block_get_string_option_value(shb, OPT_SHB_HARDWARE2, &str) == WTAP_OPTTYPE_SUCCESS)
616 show_option_string("Capture hardware: ", str);
617 if (wtap_block_get_string_option_value(shb, OPT_SHB_OS3, &str) == WTAP_OPTTYPE_SUCCESS)
618 show_option_string("Capture oper-sys: ", str);
619 if (wtap_block_get_string_option_value(shb, OPT_SHB_USERAPPL4, &str) == WTAP_OPTTYPE_SUCCESS)
620 show_option_string("Capture application: ", str);
621 }
622 if (cap_comment) {
623 unsigned int i;
624 char *str;
625
626 for (i = 0; wtap_block_get_nth_string_option_value(shb, OPT_COMMENT1, i, &str) == WTAP_OPTTYPE_SUCCESS; i++) {
627 show_option_string("Capture comment: ", str);
628 }
629 }
630 }
631 }
632
633 if (pkt_comments && cf_info->pkt_cmts != NULL((void*)0)) {
634 for (p = cf_info->pkt_cmts; p != NULL((void*)0); prev = p, p = p->next, g_free(prev)) {
635 if (machine_readable){
636 printf("Packet %u Comment: %s\n", p->recno, g_strescape(p->cmt, NULL((void*)0)));
637 } else {
638 printf("Packet %u Comment: %s\n", p->recno, p->cmt);
639 }
640 g_free(p->cmt);
641 }
642 }
643
644 if (cap_file_idb && cf_info->num_interfaces != 0) {
645 unsigned int i;
646 ws_assert(cf_info->num_interfaces == cf_info->idb_info_strings->len)do { if ((1) && !(cf_info->num_interfaces == cf_info
->idb_info_strings->len)) ws_log_fatal_full("Main", LOG_LEVEL_ERROR
, "capinfos.c", 646, __func__, "assertion failed: %s", "cf_info->num_interfaces == cf_info->idb_info_strings->len"
); } while (0);
647 printf ("Number of interfaces in file: %u\n", cf_info->num_interfaces);
648 for (i = 0; i < cf_info->idb_info_strings->len; i++) {
649 char *s = g_array_index(cf_info->idb_info_strings, char*, i)(((char**) (void *) (cf_info->idb_info_strings)->data) [
(i)]);
650 uint32_t packet_count = 0;
651 if (i < cf_info->interface_packet_counts->len)
652 packet_count = g_array_index(cf_info->interface_packet_counts, uint32_t, i)(((uint32_t*) (void *) (cf_info->interface_packet_counts)->
data) [(i)]);
653 printf ("Interface #%u info:\n", i);
654 printf ("%s", s);
655 printf (" Number of packets = %u\n", packet_count);
656 }
657 }
658
659 if (cap_file_nrb) {
660 if (num_ipv4_addresses != 0)
661 printf ("Number of resolved IPv4 addresses in file: %u\n", num_ipv4_addresses);
662 if (num_ipv6_addresses != 0)
663 printf ("Number of resolved IPv6 addresses in file: %u\n", num_ipv6_addresses);
664 }
665 if (cap_file_dsb) {
666 if (num_decryption_secrets != 0)
667 printf ("Number of decryption secrets in file: %u\n", num_decryption_secrets);
668 }
669}
670
671static void
672putsep(void)
673{
674 if (field_separator) putchar(field_separator);
675}
676
677static void
678putquote(void)
679{
680 if (quote_char) putchar(quote_char);
681}
682
683static void G_GNUC_PRINTF(1, 2)__attribute__((__format__ (__printf__, 1, 2)))
684print_stats_table_header_label(const char *fmt, ...)
685{
686 va_list ap;
687
688 putsep();
689 putquote();
690 va_start(ap, fmt)__builtin_va_start(ap, fmt);
691 vprintf(fmt, ap);
692 va_end(ap)__builtin_va_end(ap);
693 putquote();
694}
695
696static void
697print_stats_table_header(capture_info *cf_info)
698{
699 pkt_cmt *p;
700
701 putquote();
702 printf("File name");
703 putquote();
704
705 if (cap_file_type) print_stats_table_header_label("File type");
706 if (cap_file_encap) print_stats_table_header_label("File encapsulation");
707 if (cap_file_more_info) print_stats_table_header_label("File time precision");
708 if (cap_snaplen) {
709 print_stats_table_header_label("Packet size limit");
710 print_stats_table_header_label("Packet size limit min (inferred)");
711 print_stats_table_header_label("Packet size limit max (inferred)");
712 }
713 if (cap_packet_count) print_stats_table_header_label("Number of packets");
714 if (cap_file_size) print_stats_table_header_label("File size (bytes)");
715 if (cap_data_size) print_stats_table_header_label("Data size (bytes)");
716 if (cap_duration) print_stats_table_header_label("Capture duration (seconds)");
717 if (cap_earliest_packet_time) print_stats_table_header_label("Start time");
718 if (cap_latest_packet_time) print_stats_table_header_label("End time");
719 if (cap_data_rate_byte) print_stats_table_header_label("Data byte rate (bytes/sec)");
720 if (cap_data_rate_bit) print_stats_table_header_label("Data bit rate (bits/sec)");
721 if (cap_packet_size) print_stats_table_header_label("Average packet size (bytes)");
722 if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)");
723 if (cap_file_hashes) {
724 print_stats_table_header_label("SHA256");
725 print_stats_table_header_label("SHA1");
726 }
727 if (cap_order) print_stats_table_header_label("Strict time order");
728 if (cap_file_more_info) {
729 print_stats_table_header_label("Capture hardware");
730 print_stats_table_header_label("Capture oper-sys");
731 print_stats_table_header_label("Capture application");
732 }
733 if (cap_comment) print_stats_table_header_label("Capture comment");
734
735 if (pkt_comments && cf_info->pkt_cmts != NULL((void*)0)) {
736 for (p = cf_info->pkt_cmts; p != NULL((void*)0); p = p->next) {
737 print_stats_table_header_label("Packet %u Comment", p->recno);
738 }
739 }
740
741 printf("\n");
742}
743
744static void
745print_stats_table(const char *filename, capture_info *cf_info)
746{
747 const char *file_type_string, *file_encap_string;
748 pkt_cmt *p, *prev;
749
750 /* Build printable strings for various stats */
751 file_type_string = wtap_file_type_subtype_name(cf_info->file_type);
752 file_encap_string = wtap_encap_name(cf_info->file_encap);
753
754 if (filename) {
755 putquote();
756 printf("%s", filename);
757 putquote();
758 }
759
760 if (cap_file_type) {
761 putsep();
762 putquote();
763 printf("%s", file_type_string);
764 putquote();
765 }
766
767 /* ToDo: If WTAP_ENCAP_PER_PACKET, show the list of encapsulations encountered;
768 * Output a line for each different encap with all fields repeated except
769 * the encapsulation field which has "Per Packet: ..." for each
770 * encapsulation type seen ?
771 */
772 if (cap_file_encap) {
773 putsep();
774 putquote();
775 printf("%s", file_encap_string);
776 putquote();
777 }
778
779 if (cap_file_more_info) {
780 putsep();
781 putquote();
782 printf("%s", wtap_tsprec_string(cf_info->file_tsprec));
783 putquote();
784 }
785
786 if (cap_snaplen) {
787 putsep();
788 putquote();
789 if (cf_info->snap_set)
790 printf("%u", cf_info->snaplen);
791 else
792 printf("(not set)");
793 putquote();
794 if (cf_info->snaplen_max_inferred > 0) {
795 putsep();
796 putquote();
797 printf("%u", cf_info->snaplen_min_inferred);
798 putquote();
799 putsep();
800 putquote();
801 printf("%u", cf_info->snaplen_max_inferred);
802 putquote();
803 }
804 else {
805 putsep();
806 putquote();
807 printf("n/a");
808 putquote();
809 putsep();
810 putquote();
811 printf("n/a");
812 putquote();
813 }
814 }
815
816 if (cap_packet_count) {
817 putsep();
818 putquote();
819 printf("%u", cf_info->packet_count);
820 putquote();
821 }
822
823 if (cap_file_size) {
824 putsep();
825 putquote();
826 printf("%" PRId64"l" "d", cf_info->filesize);
827 putquote();
828 }
829
830 if (cap_data_size) {
831 putsep();
832 putquote();
833 printf("%" PRIu64"l" "u", cf_info->packet_bytes);
834 putquote();
835 }
836
837 if (cap_duration) {
838 putsep();
839 putquote();
840 printf("%s", relative_time_string(&cf_info->duration, cf_info->duration_tsprec, cf_info, false0));
841 putquote();
842 }
843
844 if (cap_earliest_packet_time) {
845 putsep();
846 putquote();
847 printf("%s", absolute_time_string(&cf_info->earliest_packet_time, cf_info->earliest_packet_time_tsprec, cf_info));
848 putquote();
849 }
850
851 if (cap_latest_packet_time) {
852 putsep();
853 putquote();
854 printf("%s", absolute_time_string(&cf_info->latest_packet_time, cf_info->latest_packet_time_tsprec, cf_info));
855 putquote();
856 }
857
858 if (cap_data_rate_byte) {
859 putsep();
860 putquote();
861 if (cf_info->times_known)
862 printf("%.2f", cf_info->data_rate);
863 else
864 printf("n/a");
865 putquote();
866 }
867
868 if (cap_data_rate_bit) {
869 putsep();
870 putquote();
871 if (cf_info->times_known)
872 printf("%.2f", cf_info->data_rate*8);
873 else
874 printf("n/a");
875 putquote();
876 }
877
878 if (cap_packet_size) {
879 putsep();
880 putquote();
881 printf("%.2f", cf_info->packet_size);
882 putquote();
883 }
884
885 if (cap_packet_rate) {
886 putsep();
887 putquote();
888 if (cf_info->times_known)
889 printf("%.2f", cf_info->packet_rate);
890 else
891 printf("n/a");
892 putquote();
893 }
894
895 if (cap_file_hashes) {
896 putsep();
897 putquote();
898 printf("%s", file_sha256);
899 putquote();
900
901 putsep();
902 putquote();
903 printf("%s", file_sha1);
904 putquote();
905 }
906
907 if (cap_order) {
908 putsep();
909 putquote();
910 printf("%s", order_string(cf_info->order));
911 putquote();
912 }
913
914 for (unsigned section_number = 0;
915 section_number < wtap_file_get_num_shbs(cf_info->wth);
916 section_number++) {
917 wtap_block_t shb;
918
919 shb = wtap_file_get_shb(cf_info->wth, section_number);
920 if (cap_file_more_info) {
921 char *str;
922
923 putsep();
924 putquote();
925 if (wtap_block_get_string_option_value(shb, OPT_SHB_HARDWARE2, &str) == WTAP_OPTTYPE_SUCCESS) {
926 printf("%s", str);
927 }
928 putquote();
929
930 putsep();
931 putquote();
932 if (wtap_block_get_string_option_value(shb, OPT_SHB_OS3, &str) == WTAP_OPTTYPE_SUCCESS) {
933 printf("%s", str);
934 }
935 putquote();
936
937 putsep();
938 putquote();
939 if (wtap_block_get_string_option_value(shb, OPT_SHB_USERAPPL4, &str) == WTAP_OPTTYPE_SUCCESS) {
940 printf("%s", str);
941 }
942 putquote();
943 }
944
945 /*
946 * One might argue that the following is silly to put into a table format,
947 * but oh well note that there may be *more than one* of each of these types
948 * of options. To mitigate some of the potential silliness the if(cap_comment)
949 * block is moved AFTER the if(cap_file_more_info) block. This will make any
950 * comments the last item(s) in each row. We now have a new -K option to
951 * disable cap_comment to more easily manage the potential silliness.
952 * Potential silliness includes multiple comments (therefore resulting in
953 * more than one additional column and/or comments with embedded newlines
954 * and/or possible delimiters).
955 *
956 * To mitigate embedded newlines and other special characters, use -M
957 */
958 if (cap_comment) {
959 unsigned int i;
960 char *opt_comment;
961 bool_Bool have_cap = false0;
962
963 for (i = 0; wtap_block_get_nth_string_option_value(shb, OPT_COMMENT1, i, &opt_comment) == WTAP_OPTTYPE_SUCCESS; i++) {
964 have_cap = true1;
965 putsep();
966 putquote();
967 if (machine_readable){
968 printf("%s", g_strescape(opt_comment, NULL((void*)0)));
969 } else {
970 printf("%s", opt_comment);
971 }
972 putquote();
973 }
974 if(!have_cap) {
975 /* Maintain column alignment when we have no OPT_COMMENT */
976 putsep();
977 putquote();
978 putquote();
979 }
980 }
981
982 }
983
984 if (pkt_comments && cf_info->pkt_cmts != NULL((void*)0)) {
985 for(p = cf_info->pkt_cmts; p != NULL((void*)0); prev = p, p = p->next, g_free(prev)) {
986 putsep();
987 putquote();
988 if (machine_readable) {
989 printf("%s", g_strescape(p->cmt, NULL((void*)0)));
990 } else {
991 printf("%s", p->cmt);
992 }
993 g_free(p->cmt);
994 putquote();
995 }
996 }
997
998 printf("\n");
999}
1000
1001static void
1002cleanup_capture_info(capture_info *cf_info)
1003{
1004 unsigned int i;
1005 ws_assert(cf_info != NULL)do { if ((1) && !(cf_info != ((void*)0))) ws_log_fatal_full
("Main", LOG_LEVEL_ERROR, "capinfos.c", 1005, __func__, "assertion failed: %s"
, "cf_info != ((void*)0)"); } while (0);
1006
1007 g_free(cf_info->encap_counts);
1008 cf_info->encap_counts = NULL((void*)0);
1009
1010 g_array_free(cf_info->interface_packet_counts, true1);
1011 cf_info->interface_packet_counts = NULL((void*)0);
1012
1013 if (cf_info->idb_info_strings) {
1014 for (i = 0; i < cf_info->idb_info_strings->len; i++) {
1015 char *s = g_array_index(cf_info->idb_info_strings, char*, i)(((char**) (void *) (cf_info->idb_info_strings)->data) [
(i)]);
1016 g_free(s);
1017 }
1018 g_array_free(cf_info->idb_info_strings, true1);
1019 }
1020 cf_info->idb_info_strings = NULL((void*)0);
1021}
1022
1023static void
1024count_ipv4_address(const unsigned int addr _U___attribute__((unused)), const char *name _U___attribute__((unused)), const bool_Bool static_entry _U___attribute__((unused)))
1025{
1026 num_ipv4_addresses++;
1027}
1028
1029static void
1030count_ipv6_address(const ws_in6_addr *addrp _U___attribute__((unused)), const char *name _U___attribute__((unused)), const bool_Bool static_entry _U___attribute__((unused)))
1031{
1032 num_ipv6_addresses++;
1033}
1034
1035static void
1036count_decryption_secret(uint32_t secrets_type _U___attribute__((unused)), const void *secrets _U___attribute__((unused)), unsigned int size _U___attribute__((unused)))
1037{
1038 /* XXX - count them based on the secrets type (which is an opaque code,
1039 not a small integer)? */
1040 num_decryption_secrets++;
1041}
1042
1043static void
1044hash_to_str(const unsigned char *hash, size_t length, char *str)
1045{
1046 int i;
1047
1048 for (i = 0; i < (int) length; i++) {
1049 snprintf(str+(i*2), 3, "%02x", hash[i]);
1050 }
1051}
1052
1053static void
1054calculate_hashes(const char *filename)
1055{
1056 FILE *fh;
1057 size_t hash_bytes;
1058
1059 (void) g_strlcpy(file_sha256, "<unknown>", HASH_STR_SIZE(65));
1060 (void) g_strlcpy(file_sha1, "<unknown>", HASH_STR_SIZE(65));
1061
1062 if (cap_file_hashes) {
18
Assuming 'cap_file_hashes' is true
19
Taking true branch
1063 fh = ws_fopenfopen(filename, "rb");
1064 if (fh
19.1
'fh' is non-null
 && hd) {
20
Assuming 'hd' is non-null
21
Taking true branch
1065 while((hash_bytes = fread(hash_buf, 1, HASH_BUF_SIZE(1024 * 1024), fh)) > 0) {
22
Assuming this stream operation fails
23
Assuming the condition is true
24
Loop condition is true. Entering loop body
25
File position of the stream might be 'indeterminate' after a failed operation. Can cause undefined behavior
1066 gcry_md_write(hd, hash_buf, hash_bytes);
1067 }
1068 gcry_md_final(hd)gcry_md_ctl ((hd), GCRYCTL_FINALIZE, ((void*)0), 0);
1069 hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA25632, file_sha256);
1070 hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA120, file_sha1);
1071 }
1072 if (fh) fclose(fh);
1073 if (hd) gcry_md_reset(hd);
1074 }
1075}
1076
1077static int
1078process_cap_file(const char *filename, bool_Bool need_separator)
1079{
1080 int status = 0;
1081 int err;
1082 char *err_info;
1083 int64_t size;
1084 int64_t data_offset;
1085
1086 uint32_t packet = 0;
1087 int64_t bytes = 0;
1088 uint32_t snaplen_min_inferred = 0xffffffff;
1089 uint32_t snaplen_max_inferred = 0;
1090 wtap_rec rec;
1091 capture_info cf_info;
1092 bool_Bool have_times = true1;
1093 nstime_t earliest_packet_time;
1094 int earliest_packet_time_tsprec;
1095 nstime_t latest_packet_time;
1096 int latest_packet_time_tsprec;
1097 nstime_t cur_time;
1098 nstime_t prev_time;
1099 bool_Bool know_order = false0;
1100 order_t order = IN_ORDER;
1101 unsigned int i;
1102 wtapng_iface_descriptions_t *idb_info;
1103
1104 pkt_cmt *pc = NULL((void*)0), *prev = NULL((void*)0);
1105
1106 cf_info.wth = wtap_open_offline(filename, WTAP_TYPE_AUTO0, &err, &err_info, false0);
1107 if (!cf_info.wth) {
15
Assuming field 'wth' is non-null
16
Taking false branch
1108 cfile_open_failure_message(filename, err, err_info);
1109 return 2;
1110 }
1111
1112 /*
1113 * Calculate the checksums. Do this after wtap_open_offline, so we don't
1114 * bother calculating them for files that are not known capture types
1115 * where we wouldn't print them anyway.
1116 */
1117 calculate_hashes(filename);
17
Calling 'calculate_hashes'
1118
1119 if (need_separator && long_report) {
1120 printf("\n");
1121 }
1122
1123 nstime_set_zero(&earliest_packet_time);
1124 earliest_packet_time_tsprec = WTAP_TSPREC_UNKNOWN-2;
1125 nstime_set_zero(&latest_packet_time);
1126 latest_packet_time_tsprec = WTAP_TSPREC_UNKNOWN-2;
1127 nstime_set_zero(&cur_time);
1128 nstime_set_zero(&prev_time);
1129
1130 cf_info.encap_counts = g_new0(int,WTAP_NUM_ENCAP_TYPES)((int *) g_malloc0_n ((wtap_get_num_encap_types()), sizeof (int
)));
1131
1132 idb_info = wtap_file_get_idb_info(cf_info.wth);
1133
1134 ws_assert(idb_info->interface_data != NULL)do { if ((1) && !(idb_info->interface_data != ((void
*)0))) ws_log_fatal_full("Main", LOG_LEVEL_ERROR, "capinfos.c"
, 1134, __func__, "assertion failed: %s", "idb_info->interface_data != ((void*)0)"
); } while (0);
1135
1136 cf_info.pkt_cmts = NULL((void*)0);
1137 cf_info.num_interfaces = idb_info->interface_data->len;
1138 cf_info.interface_packet_counts = g_array_sized_new(false0, true1, sizeof(uint32_t), cf_info.num_interfaces);
1139 g_array_set_size(cf_info.interface_packet_counts, cf_info.num_interfaces);
1140 cf_info.pkt_interface_id_unknown = 0;
1141
1142 g_free(idb_info);
1143 idb_info = NULL((void*)0);
1144
1145 /* Zero out the counters for the callbacks. */
1146 num_ipv4_addresses = 0;
1147 num_ipv6_addresses = 0;
1148 num_decryption_secrets = 0;
1149
1150 /* Register callbacks for new name<->address maps from the file and
1151 decryption secrets from the file. */
1152 wtap_set_cb_new_ipv4(cf_info.wth, count_ipv4_address);
1153 wtap_set_cb_new_ipv6(cf_info.wth, count_ipv6_address);
1154 wtap_set_cb_new_secrets(cf_info.wth, count_decryption_secret);
1155
1156 /* Tally up data that we need to parse through the file to find */
1157 wtap_rec_init(&rec, 1514);
1158 while (wtap_read(cf_info.wth, &rec, &err, &err_info, &data_offset)) {
1159 if (rec.presence_flags & WTAP_HAS_TS0x00000001) {
1160 prev_time = cur_time;
1161 cur_time = rec.ts;
1162 if (packet == 0) {
1163 earliest_packet_time = rec.ts;
1164 earliest_packet_time_tsprec = rec.tsprec;
1165 latest_packet_time = rec.ts;
1166 latest_packet_time_tsprec = rec.tsprec;
1167 prev_time = rec.ts;
1168 }
1169 if (nstime_cmp(&cur_time, &prev_time) < 0) {
1170 order = NOT_IN_ORDER;
1171 }
1172 if (nstime_cmp(&cur_time, &earliest_packet_time) < 0) {
1173 earliest_packet_time = cur_time;
1174 earliest_packet_time_tsprec = rec.tsprec;
1175 }
1176 if (nstime_cmp(&cur_time, &latest_packet_time) > 0) {
1177 latest_packet_time = cur_time;
1178 latest_packet_time_tsprec = rec.tsprec;
1179 }
1180 } else {
1181 have_times = false0; /* at least one packet has no time stamp */
1182 if (order != NOT_IN_ORDER)
1183 order = ORDER_UNKNOWN;
1184 }
1185
1186 if (rec.rec_type == REC_TYPE_PACKET0) {
1187 bytes += rec.rec_header.packet_header.len;
1188 packet++;
1189 /* packet comments */
1190 if (pkt_comments && wtap_block_count_option(rec.block, OPT_COMMENT1) > 0) {
1191 char *cmt_buff;
1192 for (i = 0; wtap_block_get_nth_string_option_value(rec.block, OPT_COMMENT1, i, &cmt_buff) == WTAP_OPTTYPE_SUCCESS; i++) {
1193 pc = g_new0(pkt_cmt, 1)((pkt_cmt *) g_malloc0_n ((1), sizeof (pkt_cmt)));
1194
1195 pc->recno = packet;
1196 pc->cmt = g_strdup(cmt_buff)g_strdup_inline (cmt_buff);
1197 pc->next = NULL((void*)0);
1198
1199 if (prev == NULL((void*)0))
1200 cf_info.pkt_cmts = pc;
1201 else
1202 prev->next = pc;
1203
1204 prev = pc;
1205 }
1206 }
1207
1208 /* If caplen < len for a rcd, then presumably */
1209 /* 'Limit packet capture length' was done for this rcd. */
1210 /* Keep track as to the min/max actual snapshot lengths */
1211 /* seen for this file. */
1212 if (rec.rec_header.packet_header.caplen < rec.rec_header.packet_header.len) {
1213 if (rec.rec_header.packet_header.caplen < snaplen_min_inferred)
1214 snaplen_min_inferred = rec.rec_header.packet_header.caplen;
1215 if (rec.rec_header.packet_header.caplen > snaplen_max_inferred)
1216 snaplen_max_inferred = rec.rec_header.packet_header.caplen;
1217 }
1218
1219 if ((rec.rec_header.packet_header.pkt_encap > 0) &&
1220 (rec.rec_header.packet_header.pkt_encap < WTAP_NUM_ENCAP_TYPESwtap_get_num_encap_types())) {
1221 cf_info.encap_counts[rec.rec_header.packet_header.pkt_encap] += 1;
1222 } else {
1223 fprintf(stderrstderr, "capinfos: Unknown packet encapsulation %d in frame %u of file \"%s\"\n",
1224 rec.rec_header.packet_header.pkt_encap, packet, filename);
1225 }
1226
1227 /* Packet interface_id info */
1228 if (rec.presence_flags & WTAP_HAS_INTERFACE_ID0x00000004) {
1229 /* cf_info.num_interfaces is size, not index, so it's one more than max index */
1230 if (rec.rec_header.packet_header.interface_id >= cf_info.num_interfaces) {
1231 /*
1232 * OK, re-fetch the number of interfaces, as there might have
1233 * been an interface that was in the middle of packets, and
1234 * grow the array to be big enough for the new number of
1235 * interfaces.
1236 */
1237 idb_info = wtap_file_get_idb_info(cf_info.wth);
1238
1239 cf_info.num_interfaces = idb_info->interface_data->len;
1240 g_array_set_size(cf_info.interface_packet_counts, cf_info.num_interfaces);
1241
1242 g_free(idb_info);
1243 idb_info = NULL((void*)0);
1244 }
1245 if (rec.rec_header.packet_header.interface_id < cf_info.num_interfaces) {
1246 g_array_index(cf_info.interface_packet_counts, uint32_t,(((uint32_t*) (void *) (cf_info.interface_packet_counts)->
data) [(rec.rec_header.packet_header.interface_id)])
1247 rec.rec_header.packet_header.interface_id)(((uint32_t*) (void *) (cf_info.interface_packet_counts)->
data) [(rec.rec_header.packet_header.interface_id)]) += 1;
1248 }
1249 else {
1250 cf_info.pkt_interface_id_unknown += 1;
1251 }
1252 }
1253 else {
1254 /* it's for interface_id 0 */
1255 if (cf_info.num_interfaces != 0) {
1256 g_array_index(cf_info.interface_packet_counts, uint32_t, 0)(((uint32_t*) (void *) (cf_info.interface_packet_counts)->
data) [(0)]) += 1;
1257 }
1258 else {
1259 cf_info.pkt_interface_id_unknown += 1;
1260 }
1261 }
1262 }
1263
1264 wtap_rec_reset(&rec);
1265 } /* while */
1266 wtap_rec_cleanup(&rec);
1267
1268 /*
1269 * Get IDB info strings.
1270 * We do this at the end, so we can get information for all IDBs in
1271 * the file, even those that come after packet records, and so that
1272 * we get, for example, a count of the number of statistics entries
1273 * for each interface as of the *end* of the file.
1274 */
1275 idb_info = wtap_file_get_idb_info(cf_info.wth);
1276
1277 cf_info.idb_info_strings = g_array_sized_new(false0, false0, sizeof(char*), cf_info.num_interfaces);
1278 cf_info.num_interfaces = idb_info->interface_data->len;
1279 for (i = 0; i < cf_info.num_interfaces; i++) {
1280 const wtap_block_t if_descr = g_array_index(idb_info->interface_data, wtap_block_t, i)(((wtap_block_t*) (void *) (idb_info->interface_data)->
data) [(i)]);
1281 char *s = wtap_get_debug_if_descr(if_descr, 21, "\n");
1282 g_array_append_val(cf_info.idb_info_strings, s)g_array_append_vals (cf_info.idb_info_strings, &(s), 1);
1283 }
1284
1285 g_free(idb_info);
1286 idb_info = NULL((void*)0);
1287
1288 if (err != 0) {
1289 fprintf(stderrstderr,
1290 "capinfos: An error occurred after reading %u packets from \"%s\".\n",
1291 packet, filename);
1292 cfile_read_failure_message(filename, err, err_info);
1293 if (err == WTAP_ERR_SHORT_READ-12) {
1294 /* Don't give up completely with this one. */
1295 status = 1;
1296 fprintf(stderrstderr,
1297 " (will continue anyway, checksums might be incorrect)\n");
1298 } else {
1299 cleanup_capture_info(&cf_info);
1300 wtap_close(cf_info.wth);
1301 return 2;
1302 }
1303 }
1304
1305 /* File size */
1306 size = wtap_file_size(cf_info.wth, &err);
1307 if (size == -1) {
1308 fprintf(stderrstderr,
1309 "capinfos: Can't get size of \"%s\": %s.\n",
1310 filename, g_strerror(err));
1311 cleanup_capture_info(&cf_info);
1312 wtap_close(cf_info.wth);
1313 return 2;
1314 }
1315
1316 cf_info.filesize = size;
1317
1318 /* File Type */
1319 cf_info.file_type = wtap_file_type_subtype(cf_info.wth);
1320 cf_info.compression_type = wtap_get_compression_type(cf_info.wth);
1321
1322 /* File Encapsulation */
1323 cf_info.file_encap = wtap_file_encap(cf_info.wth);
1324
1325 cf_info.file_tsprec = wtap_file_tsprec(cf_info.wth);
1326
1327 /* Packet size limit (snaplen) */
1328 cf_info.snaplen = wtap_snapshot_length(cf_info.wth);
1329 if (cf_info.snaplen > 0)
1330 cf_info.snap_set = true1;
1331 else
1332 cf_info.snap_set = false0;
1333
1334 cf_info.snaplen_min_inferred = snaplen_min_inferred;
1335 cf_info.snaplen_max_inferred = snaplen_max_inferred;
1336
1337 /* # of packets */
1338 cf_info.packet_count = packet;
1339
1340 /* File Times */
1341 cf_info.times_known = have_times;
1342 cf_info.earliest_packet_time = earliest_packet_time;
1343 cf_info.earliest_packet_time_tsprec = earliest_packet_time_tsprec;
1344 cf_info.latest_packet_time = latest_packet_time;
1345 cf_info.latest_packet_time_tsprec = latest_packet_time_tsprec;
1346 nstime_delta(&cf_info.duration, &latest_packet_time, &earliest_packet_time);
1347 /* Duration precision is the higher of the earliest and latest packet timestamp precisions. */
1348 if (cf_info.latest_packet_time_tsprec > cf_info.earliest_packet_time_tsprec)
1349 cf_info.duration_tsprec = cf_info.latest_packet_time_tsprec;
1350 else
1351 cf_info.duration_tsprec = cf_info.earliest_packet_time_tsprec;
1352 cf_info.know_order = know_order;
1353 cf_info.order = order;
1354
1355 /* Number of packet bytes */
1356 cf_info.packet_bytes = bytes;
1357
1358 cf_info.data_rate = 0.0;
1359 cf_info.packet_rate = 0.0;
1360 cf_info.packet_size = 0.0;
1361
1362 if (packet > 0) {
1363 double delta_time = nstime_to_sec(&latest_packet_time) - nstime_to_sec(&earliest_packet_time);
1364 if (delta_time > 0.0) {
1365 cf_info.data_rate = (double)bytes / delta_time; /* Data rate per second */
1366 cf_info.packet_rate = (double)packet / delta_time; /* packet rate per second */
1367 }
1368 cf_info.packet_size = (double)bytes / packet; /* Avg packet size */
1369 }
1370
1371 if (!long_report && table_report_header) {
1372 print_stats_table_header(&cf_info);
1373 }
1374
1375 if (long_report) {
1376 print_stats(filename, &cf_info);
1377 } else {
1378 print_stats_table(filename, &cf_info);
1379 }
1380
1381 cleanup_capture_info(&cf_info);
1382 wtap_close(cf_info.wth);
1383
1384 return status;
1385}
1386
1387static void
1388print_usage(FILE *output)
1389{
1390 fprintf(output, "\n");
1391 fprintf(output, "Usage: capinfos [options] <infile> ...\n");
1392 fprintf(output, "\n");
1393 fprintf(output, "General infos:\n");
1394 fprintf(output, " -t display the capture file type\n");
1395 fprintf(output, " -E display the capture file encapsulation\n");
1396 fprintf(output, " -I display the capture file interface information\n");
1397 fprintf(output, " -F display additional capture file information\n");
1398 fprintf(output, " -H display the SHA256 and SHA1 hashes of the file\n");
1399 fprintf(output, " -k display the capture comment\n");
1400 fprintf(output, " -p display individual packet comments\n");
1401 fprintf(output, "\n");
1402 fprintf(output, "Size infos:\n");
1403 fprintf(output, " -c display the number of packets\n");
1404 fprintf(output, " -s display the size of the file (in bytes)\n");
1405 fprintf(output, " -d display the total length of all packets (in bytes)\n");
1406 fprintf(output, " -l display the packet size limit (snapshot length)\n");
1407 fprintf(output, "\n");
1408 fprintf(output, "Time infos:\n");
1409 fprintf(output, " -u display the capture duration (in seconds)\n");
1410 fprintf(output, " -a display the timestamp of the earliest packet\n");
1411 fprintf(output, " -e display the timestamp of the latest packet\n");
1412 fprintf(output, " -o display the capture file chronological status (True/False)\n");
1413 fprintf(output, " -S display earliest and latest packet timestamps as seconds\n");
1414 fprintf(output, "\n");
1415 fprintf(output, "Statistic infos:\n");
1416 fprintf(output, " -y display average data rate (in bytes/sec)\n");
1417 fprintf(output, " -i display average data rate (in bits/sec)\n");
1418 fprintf(output, " -z display average packet size (in bytes)\n");
1419 fprintf(output, " -x display average packet rate (in packets/sec)\n");
1420 fprintf(output, "\n");
1421 fprintf(output, "Metadata infos:\n");
1422 fprintf(output, " -n display number of resolved IPv4 and IPv6 addresses\n");
1423 fprintf(output, " -D display number of decryption secrets\n");
1424 fprintf(output, "\n");
1425 fprintf(output, "Output format:\n");
1426 fprintf(output, " -L generate long report (default)\n");
1427 fprintf(output, " -T generate table report\n");
1428 fprintf(output, " -M display machine-readable values in long reports\n");
1429 fprintf(output, "\n");
1430 fprintf(output, "Table report options:\n");
1431 fprintf(output, " -R generate header record (default)\n");
1432 fprintf(output, " -r do not generate header record\n");
1433 fprintf(output, "\n");
1434 fprintf(output, " -B separate infos with TAB character (default)\n");
1435 fprintf(output, " -m separate infos with comma (,) character\n");
1436 fprintf(output, " -b separate infos with SPACE character\n");
1437 fprintf(output, "\n");
1438 fprintf(output, " -N do not quote infos (default)\n");
1439 fprintf(output, " -q quote infos with single quotes (')\n");
1440 fprintf(output, " -Q quote infos with double quotes (\")\n");
1441 fprintf(output, "\n");
1442 fprintf(output, "Miscellaneous:\n");
1443 fprintf(output, " -h, --help display this help and exit\n");
1444 fprintf(output, " -v, --version display version info and exit\n");
1445 fprintf(output, " -C cancel processing if file open fails (default is to continue)\n");
1446 fprintf(output, " -A generate all infos (default)\n");
1447 fprintf(output, " -K disable displaying the capture comment\n");
1448 fprintf(output, " -P disable displaying individual packet comments\n");
1449 fprintf(output, "\n");
1450 fprintf(output, "Options are processed from left to right order with later options superseding\n");
1451 fprintf(output, "or adding to earlier options.\n");
1452 fprintf(output, "\n");
1453 fprintf(output, "If no options are given the default is to display all infos in long report\n");
1454 fprintf(output, "output format.\n");
1455}
1456
1457int
1458main(int argc, char *argv[])
1459{
1460 char *configuration_init_error;
1461 bool_Bool need_separator = false0;
1462 int opt;
1463 int overall_error_status = EXIT_SUCCESS0;
1464 static const struct ws_option long_options[] = {
1465 {"help", ws_no_argument0, NULL((void*)0), 'h'},
1466 {"version", ws_no_argument0, NULL((void*)0), 'v'},
1467 LONGOPT_WSLOG{"log-level", 1, ((void*)0), 5000 +1}, {"log-domain", 1, ((void
*)0), 5000 +2}, {"log-domains", 1, ((void*)0), 5000 +2}, {"log-file"
, 1, ((void*)0), 5000 +3}, {"log-fatal", 1, ((void*)0), 5000 +
4}, {"log-fatal-domain", 1, ((void*)0), 5000 +5}, {"log-fatal-domains"
, 1, ((void*)0), 5000 +5}, {"log-debug", 1, ((void*)0), 5000 +
6}, {"log-noisy", 1, ((void*)0), 5000 +7},
1468 {0, 0, 0, 0 }
1469 };
1470
1471#define OPTSTRING"abcdehiklmnopqrstuvxyzABCDEFHIKLMNPQRST" "abcdehiklmnopqrstuvxyzABCDEFHIKLMNPQRST"
1472 static const char optstring[] = OPTSTRING"abcdehiklmnopqrstuvxyzABCDEFHIKLMNPQRST";
1473
1474 int status = 0;
1475
1476 /* Set the program name. */
1477 g_set_prgname("capinfos");
1478
1479 /*
1480 * Set the C-language locale to the native environment and set the
1481 * code page to UTF-8 on Windows.
1482 */
1483#ifdef _WIN32
1484 setlocale(LC_ALL6, ".UTF-8");
1485#else
1486 setlocale(LC_ALL6, "");
1487#endif
1488
1489 cmdarg_err_init(stderr_cmdarg_err, stderr_cmdarg_err_cont);
1490
1491 /* Initialize log handler early so we can have proper logging during startup. */
1492 ws_log_init(vcmdarg_err);
1493
1494 /* Early logging command-line initialization. */
1495 ws_log_parse_args(&argc, argv, optstring, long_options, vcmdarg_err, WS_EXIT_INVALID_OPTION1);
1496
1497 ws_noisy("Finished log init and parsing command line log arguments")do { if (1) { ws_log_full("Main", LOG_LEVEL_NOISY, "capinfos.c"
, 1497, __func__, "Finished log init and parsing command line log arguments"
); } } while (0);
1
Taking true branch
2
Loop condition is false. Exiting loop
1498
1499 /* Get the decimal point. */
1500 decimal_point = g_strdup(localeconv()->decimal_point)g_strdup_inline (localeconv()->decimal_point);
1501
1502#ifdef _WIN32
1503 create_app_running_mutex();
1504#endif /* _WIN32 */
1505
1506 /*
1507 * Get credential information for later use.
1508 */
1509 init_process_policies();
1510
1511 /*
1512 * Attempt to get the pathname of the directory containing the
1513 * executable file.
1514 */
1515 configuration_init_error = configuration_init(argv[0]);
1516 if (configuration_init_error != NULL((void*)0)) {
3
Assuming 'configuration_init_error' is equal to NULL
4
Taking false branch
1517 fprintf(stderrstderr,
1518 "capinfos: Can't get pathname of directory containing the capinfos program: %s.\n",
1519 configuration_init_error);
1520 g_free(configuration_init_error);
1521 }
1522
1523 /* Initialize the version information. */
1524 ws_init_version_info("Capinfos", NULL((void*)0), NULL((void*)0));
1525
1526 init_report_failure_message("capinfos");
1527
1528 wtap_init(true1);
1529
1530 /* Process the options */
1531 while ((opt = ws_getopt_long(argc, argv, optstring, long_options, NULL((void*)0))) !=-1) {
5
Assuming the condition is false
6
Loop condition is false. Execution continues on line 1723
1532
1533 switch (opt) {
1534
1535 case 't':
1536 if (report_all_infos) disable_all_infos();
1537 cap_file_type = true1;
1538 break;
1539
1540 case 'E':
1541 if (report_all_infos) disable_all_infos();
1542 cap_file_encap = true1;
1543 break;
1544
1545 case 'l':
1546 if (report_all_infos) disable_all_infos();
1547 cap_snaplen = true1;
1548 break;
1549
1550 case 'c':
1551 if (report_all_infos) disable_all_infos();
1552 cap_packet_count = true1;
1553 break;
1554
1555 case 's':
1556 if (report_all_infos) disable_all_infos();
1557 cap_file_size = true1;
1558 break;
1559
1560 case 'd':
1561 if (report_all_infos) disable_all_infos();
1562 cap_data_size = true1;
1563 break;
1564
1565 case 'u':
1566 if (report_all_infos) disable_all_infos();
1567 cap_duration = true1;
1568 break;
1569
1570 case 'a':
1571 if (report_all_infos) disable_all_infos();
1572 cap_earliest_packet_time = true1;
1573 break;
1574
1575 case 'e':
1576 if (report_all_infos) disable_all_infos();
1577 cap_latest_packet_time = true1;
1578 break;
1579
1580 case 'S':
1581 time_as_secs = true1;
1582 break;
1583
1584 case 'y':
1585 if (report_all_infos) disable_all_infos();
1586 cap_data_rate_byte = true1;
1587 break;
1588
1589 case 'i':
1590 if (report_all_infos) disable_all_infos();
1591 cap_data_rate_bit = true1;
1592 break;
1593
1594 case 'z':
1595 if (report_all_infos) disable_all_infos();
1596 cap_packet_size = true1;
1597 break;
1598
1599 case 'x':
1600 if (report_all_infos) disable_all_infos();
1601 cap_packet_rate = true1;
1602 break;
1603
1604 case 'H':
1605 if (report_all_infos) disable_all_infos();
1606 cap_file_hashes = true1;
1607 break;
1608
1609 case 'o':
1610 if (report_all_infos) disable_all_infos();
1611 cap_order = true1;
1612 break;
1613
1614 case 'k':
1615 if (report_all_infos) disable_all_infos();
1616 cap_comment = true1;
1617 break;
1618
1619 case 'p':
1620 if (report_all_infos) disable_all_infos();
1621 pkt_comments = true1;
1622 break;
1623
1624 case 'K':
1625 cap_comment = false0;
1626 break;
1627
1628 case 'P':
1629 pkt_comments = false0;
1630 break;
1631
1632 case 'F':
1633 if (report_all_infos) disable_all_infos();
1634 cap_file_more_info = true1;
1635 break;
1636
1637 case 'I':
1638 if (report_all_infos) disable_all_infos();
1639 cap_file_idb = true1;
1640 break;
1641
1642 case 'n':
1643 if (report_all_infos) disable_all_infos();
1644 cap_file_nrb = true1;
1645 break;
1646
1647 case 'D':
1648 if (report_all_infos) disable_all_infos();
1649 cap_file_dsb = true1;
1650 break;
1651
1652 case 'C':
1653 stop_after_failure = true1;
1654 break;
1655
1656 case 'A':
1657 enable_all_infos();
1658 break;
1659
1660 case 'L':
1661 long_report = true1;
1662 break;
1663
1664 case 'T':
1665 long_report = false0;
1666 break;
1667
1668 case 'M':
1669 machine_readable = true1;
1670 break;
1671
1672 case 'R':
1673 table_report_header = true1;
1674 break;
1675
1676 case 'r':
1677 table_report_header = false0;
1678 break;
1679
1680 case 'N':
1681 quote_char = '\0';
1682 break;
1683
1684 case 'q':
1685 quote_char = '\'';
1686 break;
1687
1688 case 'Q':
1689 quote_char = '"';
1690 break;
1691
1692 case 'B':
1693 field_separator = '\t';
1694 break;
1695
1696 case 'm':
1697 field_separator = ',';
1698 break;
1699
1700 case 'b':
1701 field_separator = ' ';
1702 break;
1703
1704 case 'h':
1705 show_help_header("Print various information (infos) about capture files.");
1706 print_usage(stdoutstdout);
1707 goto exit;
1708 break;
1709
1710 case 'v':
1711 show_version();
1712 goto exit;
1713 break;
1714
1715 case '?': /* Bad flag - print usage message */
1716 print_usage(stderrstderr);
1717 overall_error_status = WS_EXIT_INVALID_OPTION1;
1718 goto exit;
1719 break;
1720 }
1721 }
1722
1723 if ((argc - ws_optind) < 1) {
7
Assuming the condition is false
8
Taking false branch
1724 print_usage(stderrstderr);
1725 overall_error_status = WS_EXIT_INVALID_OPTION1;
1726 goto exit;
1727 }
1728
1729 if (cap_file_hashes
8.1
'cap_file_hashes' is true
) {
9
Taking true branch
1730 gcry_check_version(NULL((void*)0));
1731 gcry_md_open(&hd, GCRY_MD_SHA256, 0);
1732 if (hd)
10
Assuming 'hd' is null
11
Taking false branch
1733 gcry_md_enable(hd, GCRY_MD_SHA1);
1734
1735 hash_buf = (char *)g_malloc(HASH_BUF_SIZE(1024 * 1024));
1736 }
1737
1738 overall_error_status = 0;
1739
1740 for (opt = ws_optind; opt < argc; opt++) {
12
Assuming 'opt' is < 'argc'
13
Loop condition is true. Entering loop body
1741
1742 status = process_cap_file(argv[opt], need_separator);
14
Calling 'process_cap_file'
1743 if (status) {
1744 /* Something failed. It's been reported; remember that processing
1745 one file failed and, if -C was specified, stop. */
1746 overall_error_status = status;
1747 if (stop_after_failure)
1748 goto exit;
1749 }
1750 if (status != 2) {
1751 /* Either it succeeded or it got a "short read" but printed
1752 information anyway. Note that we need a blank line before
1753 the next file's information, to separate it from the
1754 previous file. */
1755 need_separator = true1;
1756 }
1757 }
1758
1759exit:
1760 g_free(hash_buf);
1761 gcry_md_close(hd);
1762 wtap_cleanup();
1763 free_progdirs();
1764 return overall_error_status;
1765}