Bug Summary

File:builds/wireshark/wireshark/capinfos.c
Warning:line 1082, column 33
File position of the stream might be 'indeterminate' after a failed operation. Can cause undefined behavior

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name capinfos.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-21/lib/clang/21 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -I /builds/wireshark/wireshark/wiretap -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-21/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-nonliteral -std=gnu17 -ferror-limit 19 -fvisibility=hidden -fwrapv -fwrapv-pointer -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2026-05-13-100359-3641-1 -x c /builds/wireshark/wireshark/capinfos.c
1/* capinfos.c
2 * Reports capture file information including # of packets, duration, others
3 *
4 * Copyright 2004 Ian Schorr
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13/*
14 * 2009-09-19: jyoung
15 *
16 * New capinfos features
17 *
18 * Continue processing additional files after
19 * a wiretap open failure. The new -C option
20 * reverts to capinfos' original behavior which
21 * is to cancel any further file processing at
22 * first file open failure.
23 *
24 * Change the behavior of how the default display
25 * of all infos is initiated. This gets rid of a
26 * special post getopt() argument count test.
27 *
28 * Add new table output format (with related options)
29 * This feature allows outputting the various infos
30 * into a tab delimited text file, or to a comma
31 * separated variables file (*.csv) instead of the
32 * original "long" format.
33 *
34 * 2011-04-05: wmeier
35 * behaviour changed: Upon exit capinfos will return
36 * an error status if an error occurred at any
37 * point during "continuous" file processing.
38 * (Previously a success status was always
39 * returned if the -C option was not used).
40 *
41 */
42
43
44#include <config.h>
45#define WS_LOG_DOMAIN"Main" LOG_DOMAIN_MAIN"Main"
46
47#include <stdio.h>
48#include <stdlib.h>
49#include <string.h>
50#include <stdarg.h>
51#include <locale.h>
52
53#include <ws_exit_codes.h>
54#include <wsutil/clopts_common.h>
55#include <wsutil/ws_getopt.h>
56
57#include <glib.h>
58
59#include <wiretap/wtap.h>
60
61#include <wsutil/cmdarg_err.h>
62#include <wsutil/filesystem.h>
63#include <app/application_flavor.h>
64#include <wsutil/file_compressed.h>
65#include <wsutil/privileges.h>
66#include <cli_main.h>
67#include <wsutil/version_info.h>
68#include <wsutil/report_message.h>
69#include <wiretap/wtap_opttypes.h>
70
71#ifdef HAVE_PLUGINS1
72#include <wsutil/plugins.h>
73#endif
74
75#include <wsutil/str_util.h>
76#include <wsutil/to_str.h>
77#include <wsutil/file_util.h>
78#include <wsutil/ws_assert.h>
79#include <wsutil/wslog.h>
80
81#include <gcrypt.h>
82
83#include "ui/failure_message.h"
84
85/*
86 * By default capinfos now continues processing
87 * the next filename if and when wiretap detects
88 * a problem opening or reading a file.
89 * Use the '-C' option to revert back to original
90 * capinfos behavior which is to abort any
91 * additional file processing at the first file
92 * open or read failure.
93 */
94
95static bool_Bool stop_after_failure;
96
97/*
98 * table report variables
99 */
100
101static bool_Bool long_report = true1; /* By default generate long report */
102static bool_Bool table_report_header = true1; /* Generate column header by default */
103static char field_separator = '\t'; /* Use TAB as field separator by default */
104static char quote_char = '\0'; /* Do NOT quote fields by default */
105static bool_Bool machine_readable; /* Display machine-readable numbers */
106
107/*
108 * capinfos has the ability to report on a number of
109 * various characteristics ("infos") for each input file.
110 *
111 * By default reporting of all info fields is enabled.
112 *
113 * Optionally the reporting of any specific info field
114 * or combination of info fields can be enabled with
115 * individual options.
116 */
117
118static bool_Bool report_all_infos = true1; /* Report all infos */
119
120static bool_Bool cap_file_type = true1; /* Report capture type */
121static bool_Bool cap_file_encap = true1; /* Report encapsulation */
122static bool_Bool cap_snaplen = true1; /* Packet size limit (snaplen)*/
123static bool_Bool cap_packet_count = true1; /* Report packet count */
124static bool_Bool cap_file_size = true1; /* Report file size */
125static bool_Bool cap_comment = true1; /* Display the capture comment */
126static bool_Bool cap_file_more_info = true1; /* Report more file info */
127static bool_Bool cap_file_idb = true1; /* Report Interface info */
128static bool_Bool cap_file_nrb = true1; /* Report Name Resolution Block info */
129static bool_Bool cap_file_dsb = true1; /* Report Decryption Secrets Block info */
130
131static bool_Bool cap_data_size = true1; /* Report packet byte size */
132static bool_Bool cap_duration = true1; /* Report capture duration */
133static bool_Bool cap_earliest_packet_time = true1; /* Report timestamp of earliest packet */
134static bool_Bool cap_latest_packet_time = true1; /* Report timestamp of latest packet */
135static bool_Bool time_as_secs; /* Report time values as raw seconds */
136
137static bool_Bool cap_data_rate_byte = true1; /* Report data rate bytes/sec */
138static bool_Bool cap_data_rate_bit = true1; /* Report data rate bites/sec */
139static bool_Bool cap_packet_size = true1; /* Report average packet size */
140static bool_Bool cap_packet_rate = true1; /* Report average packet rate */
141static bool_Bool cap_order = true1; /* Report if packets are in chronological order (True/False) */
142static bool_Bool pkt_comments = true1; /* Report individual packet comments */
143
144static bool_Bool cap_file_hashes = true1; /* Calculate file hashes */
145
146// Strongest to weakest
147#define HASH_SIZE_SHA25632 32
148#define HASH_SIZE_SHA120 20
149
150#define HASH_STR_SIZE(65) (65) /* Max hash size * 2 + '\0' */
151#define HASH_BUF_SIZE(1024 * 1024) (1024 * 1024)
152
153
154static char file_sha256[HASH_STR_SIZE(65)];
155static char file_sha1[HASH_STR_SIZE(65)];
156
157static char *hash_buf;
158static gcry_md_hd_t hd;
159
160static unsigned int num_ipv4_addresses;
161static unsigned int num_ipv6_addresses;
162static unsigned int num_decryption_secrets;
163
164/*
165 * If we have at least two packets with time stamps, and they're not in
166 * order - i.e., the later packet has a time stamp older than the earlier
167 * packet - the time stamps are known not to be in order.
168 *
169 * If every packet has a time stamp, and they're all in order, the time
170 * stamp is known to be in order.
171 *
172 * Otherwise, we have no idea.
173 */
174typedef enum {
175 IN_ORDER,
176 NOT_IN_ORDER,
177 ORDER_UNKNOWN
178} order_t;
179
180typedef struct _pkt_cmt {
181 uint32_t recno;
182 char *cmt;
183 struct _pkt_cmt *next;
184} pkt_cmt;
185
186typedef struct _capture_info {
187 const char *filename;
188 uint16_t file_type;
189 ws_compression_type compression_type;
190 int file_encap;
191 int file_tsprec;
192 wtap *wth;
193 int64_t filesize;
194 uint64_t packet_bytes;
195 bool_Bool times_known;
196 nstime_t earliest_packet_time;
197 int earliest_packet_time_tsprec;
198 nstime_t latest_packet_time;
199 int latest_packet_time_tsprec;
200 uint32_t packet_count;
201 bool_Bool snap_set; /* If set in capture file header */
202 uint32_t snaplen; /* value from the capture file header */
203 uint32_t snaplen_min_inferred; /* If caplen < len for 1 or more rcds */
204 uint32_t snaplen_max_inferred; /* ... */
205 bool_Bool drops_known;
206 uint32_t drop_count;
207
208 nstime_t duration;
209 int duration_tsprec;
210 double packet_rate;
211 double packet_size;
212 double data_rate; /* in bytes/s */
213 bool_Bool know_order;
214 order_t order;
215
216 int *encap_counts; /* array of per_packet encap counts; array has one entry per wtap_encap type */
217 pkt_cmt *pkt_cmts; /* list of packet comments */
218
219 unsigned int num_interfaces; /* number of IDBs, and thus size of interface_packet_counts array */
220 GArray *interface_packet_counts; /* array of per_packet interface_id counts; one entry per file IDB */
221 uint32_t pkt_interface_id_unknown; /* counts if packet interface_id didn't match a known one */
222 GArray *idb_info_strings; /* array of IDB info strings */
223} capture_info;
224
225static char *decimal_point;
226
227static void
228enable_all_infos(void)
229{
230 report_all_infos = true1;
231
232 cap_file_type = true1;
233 cap_file_encap = true1;
234 cap_snaplen = true1;
235 cap_packet_count = true1;
236 cap_file_size = true1;
237 cap_comment = true1;
238 pkt_comments = true1;
239 cap_file_more_info = true1;
240 cap_file_idb = true1;
241 cap_file_nrb = true1;
242 cap_file_dsb = true1;
243
244 cap_data_size = true1;
245 cap_duration = true1;
246 cap_earliest_packet_time = true1;
247 cap_latest_packet_time = true1;
248 cap_order = true1;
249
250 cap_data_rate_byte = true1;
251 cap_data_rate_bit = true1;
252 cap_packet_size = true1;
253 cap_packet_rate = true1;
254
255 cap_file_hashes = true1;
256}
257
258static void
259disable_all_infos(void)
260{
261 report_all_infos = false0;
262
263 cap_file_type = false0;
264 cap_file_encap = false0;
265 cap_snaplen = false0;
266 cap_packet_count = false0;
267 cap_file_size = false0;
268 cap_comment = false0;
269 pkt_comments = false0;
270 cap_file_more_info = false0;
271 cap_file_idb = false0;
272 cap_file_nrb = false0;
273 cap_file_dsb = false0;
274
275 cap_data_size = false0;
276 cap_duration = false0;
277 cap_earliest_packet_time = false0;
278 cap_latest_packet_time = false0;
279 cap_order = false0;
280
281 cap_data_rate_byte = false0;
282 cap_data_rate_bit = false0;
283 cap_packet_size = false0;
284 cap_packet_rate = false0;
285
286 cap_file_hashes = false0;
287}
288
289static const char *
290order_string(order_t order)
291{
292 switch (order) {
293
294 case IN_ORDER:
295 return "True";
296
297 case NOT_IN_ORDER:
298 return "False";
299
300 case ORDER_UNKNOWN:
301 return "Unknown";
302
303 default:
304 return "???"; /* "cannot happen" (the next step is "Profit!") */
305 }
306}
307
308static char *
309absolute_time_string(nstime_t *timer, int tsprecision, capture_info *cf_info)
310{
311 /*
312 * https://web.archive.org/web/20120513133703/http://www.idrbt.ac.in/publications/workingpapers/Working%20Paper%20No.%209.pdf
313 *
314 * says:
315 *
316 * A 64-bit Unix time would be safe for the indefinite future, as
317 * this variable would not overflow until 2**63 or
318 * 9,223,372,036,854,775,808 (over nine quintillion) seconds
319 * after the beginning of the Unix epoch - corresponding to
320 * GMT 15:30:08, Sunday, 4th December, 292,277,026,596.
321 *
322 * So, if we're displaying the time as YYYY-MM-DD HH:MM:SS.SSSSSSSSS,
323 * we'll have the buffer be large enough for a date of the format
324 * 292277026596-MM-DD HH:MM:SS.SSSSSSSSS, which is the biggest value
325 * you'll get with a 64-bit time_t and a nanosecond-resolution
326 * fraction-of-a-second.
327 *
328 * That's 12+1+2+1+2+1+2+1+2+2+2+1+9+1, including the terminating
329 * \0, or 39.
330 *
331 * If we're displaying the time as epoch time, and the time is
332 * unsigned, 2^64-1 is 18446744073709551615, so the buffer has
333 * to be big enough for 18446744073709551615.999999999. That's
334 * 20+1+9+1, including the terminating '\0', or 31. If it's
335 * signed, 2^63 is 9223372036854775808, so the buffer has to
336 * be big enough for -9223372036854775808.999999999, which is
337 * again 20+1+9+1, or 31.
338 *
339 * So we go with 39.
340 */
341 static char time_string_buf[39];
342
343 if (cf_info->times_known && cf_info->packet_count > 0) {
344 if (time_as_secs) {
345 display_epoch_time(time_string_buf, sizeof time_string_buf, timer, tsprecision);
346 } else {
347 format_nstime_as_iso8601(time_string_buf, sizeof time_string_buf, timer, decimal_point, true1, tsprecision);
348 }
349 } else {
350 snprintf(time_string_buf, sizeof time_string_buf, "n/a");
351 }
352 return time_string_buf;
353}
354
355static char *
356relative_time_string(nstime_t *timer, int tsprecision, capture_info *cf_info, bool_Bool want_seconds)
357{
358 const char *second = want_seconds ? " second" : "";
359 const char *plural = want_seconds ? "s" : "";
360 /*
361 * If we're displaying the time as epoch time, and the time is
362 * unsigned, 2^64-1 is 18446744073709551615, so the buffer has
363 * to be big enough for "18446744073709551615.999999999 seconds".
364 * That's 20+1+9+1+7+1, including the terminating '\0', or 39.
365 * If it's signed, 2^63 is 9223372036854775808, so the buffer has to
366 * be big enough for "-9223372036854775808.999999999 seconds",
367 * which is again 20+1+9+1+7+1, or 39.
368 */
369 static char time_string_buf[39];
370
371 if (cf_info->times_known && cf_info->packet_count > 0) {
372 char *ptr;
373 size_t remaining;
374 int num_bytes;
375
376 ptr = time_string_buf;
377 remaining = sizeof time_string_buf;
378 num_bytes = snprintf(ptr, remaining,
379 "%"PRId64"l" "d",
380 (int64_t)timer->secs);
381 if (num_bytes < 0) {
382 /*
383 * That got an error.
384 * Not much else we can do.
385 */
386 snprintf(ptr, remaining, "snprintf() failed");
387 return time_string_buf;
388 }
389 if ((unsigned int)num_bytes >= remaining) {
390 /*
391 * That filled up or would have overflowed the buffer.
392 * Nothing more we can do.
393 */
394 return time_string_buf;
395 }
396 ptr += num_bytes;
397 remaining -= num_bytes;
398
399 if (tsprecision != 0) {
400 /*
401 * Append the fractional part.
402 */
403 num_bytes = format_fractional_part_nsecs(ptr, remaining, timer->nsecs, decimal_point, tsprecision);
404 if ((unsigned int)num_bytes >= remaining) {
405 /*
406 * That filled up or would have overflowed the buffer.
407 * Nothing more we can do.
408 */
409 return time_string_buf;
410 }
411 ptr += num_bytes;
412 remaining -= num_bytes;
413 }
414
415 /*
416 * Append the units.
417 */
418 snprintf(ptr, remaining, "%s%s",
419 second,
420 timer->secs == 1 ? "" : plural);
421
422 return time_string_buf;
423 }
424
425 snprintf(time_string_buf, sizeof time_string_buf, "n/a");
426 return time_string_buf;
427}
428
429static void print_value(const char *text_p1, int width, const char *text_p2, double value)
430{
431 if (value > 0.0)
432 printf("%s%.*f%s\n", text_p1, width, value, text_p2);
433 else
434 printf("%sn/a\n", text_p1);
435}
436
437/* multi-line comments would conflict with the formatting that capinfos uses
438 we replace linefeeds with spaces */
439static void
440string_replace_newlines(char *str)
441{
442 char *p;
443
444 if (str) {
445 p = str;
446 while (*p != '\0') {
447 if (*p == '\n')
448 *p = ' ';
449 if (*p == '\r')
450 *p = ' ';
451 p++;
452 }
453 }
454}
455
456static void
457show_option_string(const char *prefix, const char *option_str)
458{
459 char *str;
460
461 if (option_str != NULL((void*)0) && option_str[0] != '\0') {
462 str = g_strdup(option_str)g_strdup_inline (option_str);
463 string_replace_newlines(str);
464 printf("%s%s\n", prefix, str);
465 g_free(str);
466 }
467}
468
469static void
470print_stats(const char *filename, capture_info *cf_info)
471{
472 const char *file_type_string, *file_encap_string;
473 char *size_string;
474 pkt_cmt *p, *prev;
475
476 /* Build printable strings for various stats */
477 if (machine_readable) {
478 file_type_string = wtap_file_type_subtype_name(cf_info->file_type);
479 file_encap_string = wtap_encap_name(cf_info->file_encap);
480 }
481 else {
482 file_type_string = wtap_file_type_subtype_description(cf_info->file_type);
483 file_encap_string = wtap_encap_description(cf_info->file_encap);
484 }
485
486 if (filename) printf ("File name: %s\n", filename);
487 if (cap_file_type) {
488 const char *compression_type_description;
489 compression_type_description = ws_compression_type_description(cf_info->compression_type);
490 if (compression_type_description == NULL((void*)0))
491 printf ("File type: %s\n",
492 file_type_string);
493 else
494 printf ("File type: %s (%s)\n",
495 file_type_string, compression_type_description);
496 }
497 if (cap_file_encap) {
498 printf ("File encapsulation: %s\n", file_encap_string);
499 if (cf_info->file_encap == WTAP_ENCAP_PER_PACKET-1) {
500 int i;
501 printf ("Encapsulation in use by packets (# of pkts):\n");
502 for (i=0; i<WTAP_NUM_ENCAP_TYPESwtap_get_num_encap_types(); i++) {
503 if (cf_info->encap_counts[i] > 0)
504 printf(" %s (%d)\n",
505 wtap_encap_description(i), cf_info->encap_counts[i]);
506 }
507 }
508 }
509 if (cap_file_more_info) {
510 printf ("File timestamp precision: %s (%d)\n",
511 wtap_tsprec_string(cf_info->file_tsprec), cf_info->file_tsprec);
512 }
513
514 if (cap_snaplen && cf_info->snap_set)
515 printf ("Packet size limit: file hdr: %u bytes\n", cf_info->snaplen);
516 else if (cap_snaplen && !cf_info->snap_set)
517 printf ("Packet size limit: file hdr: (not set)\n");
518 if (cf_info->snaplen_max_inferred > 0) {
519 if (cf_info->snaplen_min_inferred == cf_info->snaplen_max_inferred)
520 printf ("Packet size limit: inferred: %u bytes\n", cf_info->snaplen_min_inferred);
521 else
522 printf ("Packet size limit: inferred: %u bytes - %u bytes (range)\n",
523 cf_info->snaplen_min_inferred, cf_info->snaplen_max_inferred);
524 }
525 if (cap_packet_count) {
526 printf ("Number of packets: ");
527 if (machine_readable) {
528 printf ("%u\n", cf_info->packet_count);
529 } else {
530 size_string = format_size(cf_info->packet_count, FORMAT_SIZE_UNIT_NONE, 0)format_size_wmem(((void*)0), cf_info->packet_count, FORMAT_SIZE_UNIT_NONE
, 0);
531 printf ("%s\n", size_string);
532 g_free(size_string);
533 }
534 }
535 if (cap_file_size) {
536 printf ("File size: ");
537 if (machine_readable) {
538 printf ("%" PRId64"l" "d" " bytes\n", cf_info->filesize);
539 } else {
540 size_string = format_size(cf_info->filesize, FORMAT_SIZE_UNIT_BYTES, 0)format_size_wmem(((void*)0), cf_info->filesize, FORMAT_SIZE_UNIT_BYTES
, 0);
541 printf ("%s\n", size_string);
542 g_free(size_string);
543 }
544 }
545 if (cap_data_size) {
546 printf ("Data size: ");
547 if (machine_readable) {
548 printf ("%" PRIu64"l" "u" " bytes\n", cf_info->packet_bytes);
549 } else {
550 size_string = format_size(cf_info->packet_bytes, FORMAT_SIZE_UNIT_BYTES, 0)format_size_wmem(((void*)0), cf_info->packet_bytes, FORMAT_SIZE_UNIT_BYTES
, 0);
551 printf ("%s\n", size_string);
552 g_free(size_string);
553 }
554 }
555 if (cf_info->times_known) {
556 if (cap_duration) /* XXX - shorten to hh:mm:ss */
557 printf("Capture duration: %s\n", relative_time_string(&cf_info->duration, cf_info->duration_tsprec, cf_info, true1));
558 if (cap_earliest_packet_time)
559 printf("Earliest packet time: %s\n", absolute_time_string(&cf_info->earliest_packet_time, cf_info->earliest_packet_time_tsprec, cf_info));
560 if (cap_latest_packet_time)
561 printf("Latest packet time: %s\n", absolute_time_string(&cf_info->latest_packet_time, cf_info->latest_packet_time_tsprec, cf_info));
562 if (cap_data_rate_byte) {
563 printf("Data byte rate: ");
564 if (machine_readable) {
565 print_value("", 2, " bytes/sec", cf_info->data_rate);
566 } else {
567 size_string = format_size((int64_t)cf_info->data_rate, FORMAT_SIZE_UNIT_BYTES_S, 0)format_size_wmem(((void*)0), (int64_t)cf_info->data_rate, FORMAT_SIZE_UNIT_BYTES_S
, 0);
568 printf ("%s\n", size_string);
569 g_free(size_string);
570 }
571 }
572 if (cap_data_rate_bit) {
573 printf("Data bit rate: ");
574 if (machine_readable) {
575 print_value("", 2, " bits/sec", cf_info->data_rate*8);
576 } else {
577 size_string = format_size((int64_t)(cf_info->data_rate*8), FORMAT_SIZE_UNIT_BITS_S, 0)format_size_wmem(((void*)0), (int64_t)(cf_info->data_rate*
8), FORMAT_SIZE_UNIT_BITS_S, 0);
578 printf ("%s\n", size_string);
579 g_free(size_string);
580 }
581 }
582 }
583 if (cap_packet_size) printf("Average packet size: %.2f bytes\n", cf_info->packet_size);
584 if (cf_info->times_known) {
585 if (cap_packet_rate) {
586 printf("Average packet rate: ");
587 if (machine_readable) {
588 print_value("", 2, " packets/sec", cf_info->packet_rate);
589 } else {
590 size_string = format_size((int64_t)cf_info->packet_rate, FORMAT_SIZE_UNIT_PACKETS_S, 0)format_size_wmem(((void*)0), (int64_t)cf_info->packet_rate
, FORMAT_SIZE_UNIT_PACKETS_S, 0);
591 printf ("%s\n", size_string);
592 g_free(size_string);
593 }
594 }
595 }
596 if (cap_file_hashes) {
597 printf ("SHA256: %s\n", file_sha256);
598 printf ("SHA1: %s\n", file_sha1);
599 }
600 if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order));
601
602 bool_Bool has_multiple_sections = (wtap_file_get_num_shbs(cf_info->wth) > 1);
603
604 for (unsigned int section_number = 0;
605 section_number < wtap_file_get_num_shbs(cf_info->wth);
606 section_number++) {
607 wtap_block_t shb;
608
609 // If we have more than one section, add headers for each section.
610 if (has_multiple_sections)
611 printf("Section %u:\n\n", section_number);
612
613 shb = wtap_file_get_shb(cf_info->wth, section_number);
614 if (shb != NULL((void*)0)) {
615 if (cap_file_more_info) {
616 char *str;
617
618 if (wtap_block_get_string_option_value(shb, OPT_SHB_HARDWARE2, &str) == WTAP_OPTTYPE_SUCCESS)
619 show_option_string("Capture hardware: ", str);
620 if (wtap_block_get_string_option_value(shb, OPT_SHB_OS3, &str) == WTAP_OPTTYPE_SUCCESS)
621 show_option_string("Capture oper-sys: ", str);
622 if (wtap_block_get_string_option_value(shb, OPT_SHB_USERAPPL4, &str) == WTAP_OPTTYPE_SUCCESS)
623 show_option_string("Capture application: ", str);
624 }
625 if (cap_comment) {
626 unsigned int i;
627 char *str;
628
629 for (i = 0; wtap_block_get_nth_string_option_value(shb, OPT_COMMENT1, i, &str) == WTAP_OPTTYPE_SUCCESS; i++) {
630 show_option_string("Capture comment: ", str);
631 }
632 }
633 }
634 }
635
636 if (pkt_comments && cf_info->pkt_cmts != NULL((void*)0)) {
637 for (p = cf_info->pkt_cmts; p != NULL((void*)0); prev = p, p = p->next, g_free(prev)) {
638 if (machine_readable){
639 char *escaped_cmt = g_strescape(p->cmt, NULL((void*)0));
640 printf("Packet %u Comment: %s\n", p->recno, escaped_cmt);
641 g_free(escaped_cmt);
642 } else {
643 printf("Packet %u Comment: %s\n", p->recno, p->cmt);
644 }
645 g_free(p->cmt);
646 }
647 cf_info->pkt_cmts = NULL((void*)0);
648 }
649
650 if (cap_file_idb && cf_info->num_interfaces != 0) {
651 unsigned int i;
652 ws_assert(cf_info->num_interfaces == cf_info->idb_info_strings->len)do { if ((1) && !(cf_info->num_interfaces == cf_info
->idb_info_strings->len)) ws_log_fatal_full("Main", LOG_LEVEL_ERROR
, "capinfos.c", 652, __func__, "assertion failed: %s", "cf_info->num_interfaces == cf_info->idb_info_strings->len"
); } while (0);
653 printf ("Number of interfaces in file: %u\n", cf_info->num_interfaces);
654 for (i = 0; i < cf_info->idb_info_strings->len; i++) {
655 char *s = g_array_index(cf_info->idb_info_strings, char*, i)(((char**) (void *) (cf_info->idb_info_strings)->data) [
(i)]);
656 uint32_t packet_count = 0;
657 if (i < cf_info->interface_packet_counts->len)
658 packet_count = g_array_index(cf_info->interface_packet_counts, uint32_t, i)(((uint32_t*) (void *) (cf_info->interface_packet_counts)->
data) [(i)]);
659 printf ("Interface #%u info:\n", i);
660 printf ("%s", s);
661 printf (" Number of packets = %u\n", packet_count);
662 }
663 }
664
665 if (cap_file_nrb) {
666 if (num_ipv4_addresses != 0)
667 printf ("Number of resolved IPv4 addresses in file: %u\n", num_ipv4_addresses);
668 if (num_ipv6_addresses != 0)
669 printf ("Number of resolved IPv6 addresses in file: %u\n", num_ipv6_addresses);
670 }
671 if (cap_file_dsb) {
672 if (num_decryption_secrets != 0)
673 printf ("Number of decryption secrets in file: %u\n", num_decryption_secrets);
674 }
675}
676
677static void
678putsep(void)
679{
680 if (field_separator) putchar(field_separator);
681}
682
683static void
684putquote(void)
685{
686 if (quote_char) putchar(quote_char);
687}
688
689static void G_GNUC_PRINTF(1, 2)__attribute__((__format__ (__printf__, 1, 2)))
690print_stats_table_header_label(const char *fmt, ...)
691{
692 va_list ap;
693
694 putsep();
695 putquote();
696 va_start(ap, fmt)__builtin_va_start(ap, fmt);
697 vprintf(fmt, ap);
698 va_end(ap)__builtin_va_end(ap);
699 putquote();
700}
701
702static void
703print_stats_table_header(capture_info *cf_info)
704{
705 pkt_cmt *p;
706
707 putquote();
708 printf("File name");
709 putquote();
710
711 if (cap_file_type) print_stats_table_header_label("File type");
712 if (cap_file_encap) print_stats_table_header_label("File encapsulation");
713 if (cap_file_more_info) print_stats_table_header_label("File time precision");
714 if (cap_snaplen) {
715 print_stats_table_header_label("Packet size limit");
716 print_stats_table_header_label("Packet size limit min (inferred)");
717 print_stats_table_header_label("Packet size limit max (inferred)");
718 }
719 if (cap_packet_count) print_stats_table_header_label("Number of packets");
720 if (cap_file_size) print_stats_table_header_label("File size (bytes)");
721 if (cap_data_size) print_stats_table_header_label("Data size (bytes)");
722 if (cap_duration) print_stats_table_header_label("Capture duration (seconds)");
723 if (cap_earliest_packet_time) print_stats_table_header_label("Start time");
724 if (cap_latest_packet_time) print_stats_table_header_label("End time");
725 if (cap_data_rate_byte) print_stats_table_header_label("Data byte rate (bytes/sec)");
726 if (cap_data_rate_bit) print_stats_table_header_label("Data bit rate (bits/sec)");
727 if (cap_packet_size) print_stats_table_header_label("Average packet size (bytes)");
728 if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)");
729 if (cap_file_hashes) {
730 print_stats_table_header_label("SHA256");
731 print_stats_table_header_label("SHA1");
732 }
733 if (cap_order) print_stats_table_header_label("Strict time order");
734 if (cap_file_more_info) {
735 print_stats_table_header_label("Capture hardware");
736 print_stats_table_header_label("Capture oper-sys");
737 print_stats_table_header_label("Capture application");
738 }
739 if (cap_comment) print_stats_table_header_label("Capture comment");
740
741 if (pkt_comments && cf_info->pkt_cmts != NULL((void*)0)) {
742 for (p = cf_info->pkt_cmts; p != NULL((void*)0); p = p->next) {
743 print_stats_table_header_label("Packet %u Comment", p->recno);
744 }
745 }
746
747 printf("\n");
748}
749
750static void
751print_stats_table(const char *filename, capture_info *cf_info)
752{
753 const char *file_type_string, *file_encap_string;
754 pkt_cmt *p, *prev;
755
756 /* Build printable strings for various stats */
757 file_type_string = wtap_file_type_subtype_name(cf_info->file_type);
758 file_encap_string = wtap_encap_name(cf_info->file_encap);
759
760 if (filename) {
761 putquote();
762 printf("%s", filename);
763 putquote();
764 }
765
766 if (cap_file_type) {
767 putsep();
768 putquote();
769 printf("%s", file_type_string);
770 putquote();
771 }
772
773 /* ToDo: If WTAP_ENCAP_PER_PACKET, show the list of encapsulations encountered;
774 * Output a line for each different encap with all fields repeated except
775 * the encapsulation field which has "Per Packet: ..." for each
776 * encapsulation type seen ?
777 */
778 if (cap_file_encap) {
779 putsep();
780 putquote();
781 printf("%s", file_encap_string);
782 putquote();
783 }
784
785 if (cap_file_more_info) {
786 putsep();
787 putquote();
788 printf("%s", wtap_tsprec_string(cf_info->file_tsprec));
789 putquote();
790 }
791
792 if (cap_snaplen) {
793 putsep();
794 putquote();
795 if (cf_info->snap_set)
796 printf("%u", cf_info->snaplen);
797 else
798 printf("(not set)");
799 putquote();
800 if (cf_info->snaplen_max_inferred > 0) {
801 putsep();
802 putquote();
803 printf("%u", cf_info->snaplen_min_inferred);
804 putquote();
805 putsep();
806 putquote();
807 printf("%u", cf_info->snaplen_max_inferred);
808 putquote();
809 }
810 else {
811 putsep();
812 putquote();
813 printf("n/a");
814 putquote();
815 putsep();
816 putquote();
817 printf("n/a");
818 putquote();
819 }
820 }
821
822 if (cap_packet_count) {
823 putsep();
824 putquote();
825 printf("%u", cf_info->packet_count);
826 putquote();
827 }
828
829 if (cap_file_size) {
830 putsep();
831 putquote();
832 printf("%" PRId64"l" "d", cf_info->filesize);
833 putquote();
834 }
835
836 if (cap_data_size) {
837 putsep();
838 putquote();
839 printf("%" PRIu64"l" "u", cf_info->packet_bytes);
840 putquote();
841 }
842
843 if (cap_duration) {
844 putsep();
845 putquote();
846 printf("%s", relative_time_string(&cf_info->duration, cf_info->duration_tsprec, cf_info, false0));
847 putquote();
848 }
849
850 if (cap_earliest_packet_time) {
851 putsep();
852 putquote();
853 printf("%s", absolute_time_string(&cf_info->earliest_packet_time, cf_info->earliest_packet_time_tsprec, cf_info));
854 putquote();
855 }
856
857 if (cap_latest_packet_time) {
858 putsep();
859 putquote();
860 printf("%s", absolute_time_string(&cf_info->latest_packet_time, cf_info->latest_packet_time_tsprec, cf_info));
861 putquote();
862 }
863
864 if (cap_data_rate_byte) {
865 putsep();
866 putquote();
867 if (cf_info->times_known)
868 printf("%.2f", cf_info->data_rate);
869 else
870 printf("n/a");
871 putquote();
872 }
873
874 if (cap_data_rate_bit) {
875 putsep();
876 putquote();
877 if (cf_info->times_known)
878 printf("%.2f", cf_info->data_rate*8);
879 else
880 printf("n/a");
881 putquote();
882 }
883
884 if (cap_packet_size) {
885 putsep();
886 putquote();
887 printf("%.2f", cf_info->packet_size);
888 putquote();
889 }
890
891 if (cap_packet_rate) {
892 putsep();
893 putquote();
894 if (cf_info->times_known)
895 printf("%.2f", cf_info->packet_rate);
896 else
897 printf("n/a");
898 putquote();
899 }
900
901 if (cap_file_hashes) {
902 putsep();
903 putquote();
904 printf("%s", file_sha256);
905 putquote();
906
907 putsep();
908 putquote();
909 printf("%s", file_sha1);
910 putquote();
911 }
912
913 if (cap_order) {
914 putsep();
915 putquote();
916 printf("%s", order_string(cf_info->order));
917 putquote();
918 }
919
920 for (unsigned section_number = 0;
921 section_number < wtap_file_get_num_shbs(cf_info->wth);
922 section_number++) {
923 wtap_block_t shb;
924
925 shb = wtap_file_get_shb(cf_info->wth, section_number);
926 if (cap_file_more_info) {
927 char *str;
928
929 putsep();
930 putquote();
931 if (wtap_block_get_string_option_value(shb, OPT_SHB_HARDWARE2, &str) == WTAP_OPTTYPE_SUCCESS) {
932 printf("%s", str);
933 }
934 putquote();
935
936 putsep();
937 putquote();
938 if (wtap_block_get_string_option_value(shb, OPT_SHB_OS3, &str) == WTAP_OPTTYPE_SUCCESS) {
939 printf("%s", str);
940 }
941 putquote();
942
943 putsep();
944 putquote();
945 if (wtap_block_get_string_option_value(shb, OPT_SHB_USERAPPL4, &str) == WTAP_OPTTYPE_SUCCESS) {
946 printf("%s", str);
947 }
948 putquote();
949 }
950
951 /*
952 * One might argue that the following is silly to put into a table format,
953 * but oh well note that there may be *more than one* of each of these types
954 * of options. To mitigate some of the potential silliness the if(cap_comment)
955 * block is moved AFTER the if(cap_file_more_info) block. This will make any
956 * comments the last item(s) in each row. We now have a new -K option to
957 * disable cap_comment to more easily manage the potential silliness.
958 * Potential silliness includes multiple comments (therefore resulting in
959 * more than one additional column and/or comments with embedded newlines
960 * and/or possible delimiters).
961 *
962 * To mitigate embedded newlines and other special characters, use -M
963 */
964 if (cap_comment) {
965 unsigned int i;
966 char *opt_comment;
967 bool_Bool have_cap = false0;
968
969 for (i = 0; wtap_block_get_nth_string_option_value(shb, OPT_COMMENT1, i, &opt_comment) == WTAP_OPTTYPE_SUCCESS; i++) {
970 have_cap = true1;
971 putsep();
972 putquote();
973 if (machine_readable){
974 opt_comment = g_strescape(opt_comment, NULL((void*)0));
975 printf("%s", opt_comment);
976 g_free(opt_comment);
977 } else {
978 printf("%s", opt_comment);
979 }
980 putquote();
981 }
982 if(!have_cap) {
983 /* Maintain column alignment when we have no OPT_COMMENT */
984 putsep();
985 putquote();
986 putquote();
987 }
988 }
989
990 }
991
992 if (pkt_comments && cf_info->pkt_cmts != NULL((void*)0)) {
993 for(p = cf_info->pkt_cmts; p != NULL((void*)0); prev = p, p = p->next, g_free(prev)) {
994 putsep();
995 putquote();
996 if (machine_readable) {
997 char *escaped_cmt = g_strescape(p->cmt, NULL((void*)0));
998 printf("%s", escaped_cmt);
999 g_free(escaped_cmt);
1000 } else {
1001 printf("%s", p->cmt);
1002 }
1003 g_free(p->cmt);
1004 putquote();
1005 }
1006 cf_info->pkt_cmts = NULL((void*)0);
1007 }
1008
1009 printf("\n");
1010}
1011
1012static void
1013cleanup_capture_info(capture_info *cf_info)
1014{
1015 pkt_cmt *p, *prev;
1016 unsigned int i;
1017 ws_assert(cf_info != NULL)do { if ((1) && !(cf_info != ((void*)0))) ws_log_fatal_full
("Main", LOG_LEVEL_ERROR, "capinfos.c", 1017, __func__, "assertion failed: %s"
, "cf_info != ((void*)0)"); } while (0);
1018
1019 g_free(cf_info->encap_counts);
1020 cf_info->encap_counts = NULL((void*)0);
1021
1022 g_array_free(cf_info->interface_packet_counts, true1);
1023 cf_info->interface_packet_counts = NULL((void*)0);
1024
1025 if (cf_info->idb_info_strings) {
1026 for (i = 0; i < cf_info->idb_info_strings->len; i++) {
1027 char *s = g_array_index(cf_info->idb_info_strings, char*, i)(((char**) (void *) (cf_info->idb_info_strings)->data) [
(i)]);
1028 g_free(s);
1029 }
1030 g_array_free(cf_info->idb_info_strings, true1);
1031 }
1032 cf_info->idb_info_strings = NULL((void*)0);
1033
1034 for(p = cf_info->pkt_cmts; p != NULL((void*)0); prev = p, p = p->next, g_free(prev)) {
1035 g_free(p->cmt);
1036 }
1037 cf_info->pkt_cmts = NULL((void*)0);
1038}
1039
1040static void
1041count_ipv4_address(const unsigned int addr _U___attribute__((unused)), const char *name _U___attribute__((unused)), const bool_Bool static_entry _U___attribute__((unused)))
1042{
1043 num_ipv4_addresses++;
1044}
1045
1046static void
1047count_ipv6_address(const ws_in6_addr *addrp _U___attribute__((unused)), const char *name _U___attribute__((unused)), const bool_Bool static_entry _U___attribute__((unused)))
1048{
1049 num_ipv6_addresses++;
1050}
1051
1052static void
1053count_decryption_secret(uint32_t secrets_type _U___attribute__((unused)), const void *secrets _U___attribute__((unused)), unsigned int size _U___attribute__((unused)))
1054{
1055 /* XXX - count them based on the secrets type (which is an opaque code,
1056 not a small integer)? */
1057 num_decryption_secrets++;
1058}
1059
1060static void
1061hash_to_str(const unsigned char *hash, size_t length, char *str)
1062{
1063 int i;
1064
1065 for (i = 0; i < (int) length; i++) {
1066 snprintf(str+(i*2), 3, "%02x", hash[i]);
1067 }
1068}
1069
1070static void
1071calculate_hashes(const char *filename)
1072{
1073 FILE *fh;
1074 size_t hash_bytes;
1075
1076 (void) g_strlcpy(file_sha256, "<unknown>", HASH_STR_SIZE(65));
1077 (void) g_strlcpy(file_sha1, "<unknown>", HASH_STR_SIZE(65));
1078
1079 if (cap_file_hashes) {
18
Assuming 'cap_file_hashes' is true
19
Taking true branch
1080 fh = ws_fopenfopen(filename, "rb");
1081 if (fh
19.1
'fh' is non-null
 && hd) {
20
Assuming 'hd' is non-null
21
Taking true branch
1082 while((hash_bytes = fread(hash_buf, 1, HASH_BUF_SIZE(1024 * 1024), fh)) > 0) {
22
Assuming this stream operation fails
23
Assuming the condition is true
24
Loop condition is true. Entering loop body
25
File position of the stream might be 'indeterminate' after a failed operation. Can cause undefined behavior
1083 gcry_md_write(hd, hash_buf, hash_bytes);
1084 }
1085 gcry_md_final(hd)gcry_md_ctl ((hd), GCRYCTL_FINALIZE, ((void*)0), 0);
1086 hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA25632, file_sha256);
1087 hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA120, file_sha1);
1088 }
1089 if (fh) fclose(fh);
1090 if (hd) gcry_md_reset(hd);
1091 }
1092}
1093
1094static int
1095process_cap_file(const char *filename, bool_Bool need_separator)
1096{
1097 int status = 0;
1098 int err;
1099 char *err_info;
1100 int64_t size;
1101 int64_t data_offset;
1102
1103 uint32_t packet = 0;
1104 int64_t bytes = 0;
1105 uint32_t snaplen_min_inferred = 0xffffffff;
1106 uint32_t snaplen_max_inferred = 0;
1107 wtap_rec rec;
1108 capture_info cf_info;
1109 bool_Bool have_times = true1;
1110 nstime_t earliest_packet_time;
1111 int earliest_packet_time_tsprec;
1112 nstime_t latest_packet_time;
1113 int latest_packet_time_tsprec;
1114 nstime_t cur_time;
1115 nstime_t prev_time;
1116 bool_Bool know_order = false0;
1117 order_t order = IN_ORDER;
1118 unsigned int i;
1119 wtapng_iface_descriptions_t *idb_info;
1120
1121 pkt_cmt *pc = NULL((void*)0), *prev = NULL((void*)0);
1122
1123 cf_info.wth = wtap_open_offline(filename, WTAP_TYPE_AUTO0, &err, &err_info, false0, application_configuration_environment_prefix());
1124 if (!cf_info.wth) {
15
Assuming field 'wth' is non-null
16
Taking false branch
1125 report_cfile_open_failure(filename, err, err_info);
1126 return 2;
1127 }
1128
1129 /*
1130 * Calculate the checksums. Do this after wtap_open_offline, so we don't
1131 * bother calculating them for files that are not known capture types
1132 * where we wouldn't print them anyway.
1133 */
1134 calculate_hashes(filename);
17
Calling 'calculate_hashes'
1135
1136 if (need_separator && long_report) {
1137 printf("\n");
1138 }
1139
1140 nstime_set_zero(&earliest_packet_time);
1141 earliest_packet_time_tsprec = WTAP_TSPREC_UNKNOWN-2;
1142 nstime_set_zero(&latest_packet_time);
1143 latest_packet_time_tsprec = WTAP_TSPREC_UNKNOWN-2;
1144 nstime_set_zero(&cur_time);
1145 nstime_set_zero(&prev_time);
1146
1147 cf_info.encap_counts = g_new0(int,WTAP_NUM_ENCAP_TYPES)((int *) g_malloc0_n ((wtap_get_num_encap_types()), sizeof (int
)));
1148
1149 idb_info = wtap_file_get_idb_info(cf_info.wth);
1150
1151 ws_assert(idb_info->interface_data != NULL)do { if ((1) && !(idb_info->interface_data != ((void
*)0))) ws_log_fatal_full("Main", LOG_LEVEL_ERROR, "capinfos.c"
, 1151, __func__, "assertion failed: %s", "idb_info->interface_data != ((void*)0)"
); } while (0);
1152
1153 cf_info.pkt_cmts = NULL((void*)0);
1154 cf_info.num_interfaces = idb_info->interface_data->len;
1155 cf_info.interface_packet_counts = g_array_sized_new(false0, true1, sizeof(uint32_t), cf_info.num_interfaces);
1156 g_array_set_size(cf_info.interface_packet_counts, cf_info.num_interfaces);
1157 cf_info.pkt_interface_id_unknown = 0;
1158
1159 g_free(idb_info);
1160 idb_info = NULL((void*)0);
1161
1162 /* Zero out the counters for the callbacks. */
1163 num_ipv4_addresses = 0;
1164 num_ipv6_addresses = 0;
1165 num_decryption_secrets = 0;
1166
1167 /* Register callbacks for new name<->address maps from the file and
1168 decryption secrets from the file. */
1169 wtap_set_cb_new_ipv4(cf_info.wth, count_ipv4_address);
1170 wtap_set_cb_new_ipv6(cf_info.wth, count_ipv6_address);
1171 wtap_set_cb_new_secrets(cf_info.wth, count_decryption_secret);
1172
1173 /* Tally up data that we need to parse through the file to find */
1174 wtap_rec_init(&rec, DEFAULT_INIT_BUFFER_SIZE_2048(2 * 1024));
1175 while (wtap_read(cf_info.wth, &rec, &err, &err_info, &data_offset)) {
1176 if (rec.presence_flags & WTAP_HAS_TS0x00000001) {
1177 prev_time = cur_time;
1178 cur_time = rec.ts;
1179 if (packet == 0) {
1180 earliest_packet_time = rec.ts;
1181 earliest_packet_time_tsprec = rec.tsprec;
1182 latest_packet_time = rec.ts;
1183 latest_packet_time_tsprec = rec.tsprec;
1184 prev_time = rec.ts;
1185 }
1186 if (nstime_cmp(&cur_time, &prev_time) < 0) {
1187 order = NOT_IN_ORDER;
1188 }
1189 if (nstime_cmp(&cur_time, &earliest_packet_time) < 0) {
1190 earliest_packet_time = cur_time;
1191 earliest_packet_time_tsprec = rec.tsprec;
1192 }
1193 if (nstime_cmp(&cur_time, &latest_packet_time) > 0) {
1194 latest_packet_time = cur_time;
1195 latest_packet_time_tsprec = rec.tsprec;
1196 }
1197 } else {
1198 have_times = false0; /* at least one packet has no time stamp */
1199 if (order != NOT_IN_ORDER)
1200 order = ORDER_UNKNOWN;
1201 }
1202
1203 if (rec.rec_type == REC_TYPE_PACKET0) {
1204 bytes += rec.rec_header.packet_header.len;
1205 packet++;
1206 /* packet comments */
1207 if (pkt_comments && wtap_block_count_option(rec.block, OPT_COMMENT1) > 0) {
1208 char *cmt_buff;
1209 for (i = 0; wtap_block_get_nth_string_option_value(rec.block, OPT_COMMENT1, i, &cmt_buff) == WTAP_OPTTYPE_SUCCESS; i++) {
1210 pc = g_new0(pkt_cmt, 1)((pkt_cmt *) g_malloc0_n ((1), sizeof (pkt_cmt)));
1211
1212 pc->recno = packet;
1213 pc->cmt = g_strdup(cmt_buff)g_strdup_inline (cmt_buff);
1214 pc->next = NULL((void*)0);
1215
1216 if (prev == NULL((void*)0))
1217 cf_info.pkt_cmts = pc;
1218 else
1219 prev->next = pc;
1220
1221 prev = pc;
1222 }
1223 }
1224
1225 /* If caplen < len for a rcd, then presumably */
1226 /* 'Limit packet capture length' was done for this rcd. */
1227 /* Keep track as to the min/max actual snapshot lengths */
1228 /* seen for this file. */
1229 if (rec.rec_header.packet_header.caplen < rec.rec_header.packet_header.len) {
1230 if (rec.rec_header.packet_header.caplen < snaplen_min_inferred)
1231 snaplen_min_inferred = rec.rec_header.packet_header.caplen;
1232 if (rec.rec_header.packet_header.caplen > snaplen_max_inferred)
1233 snaplen_max_inferred = rec.rec_header.packet_header.caplen;
1234 }
1235
1236 if ((rec.rec_header.packet_header.pkt_encap > 0) &&
1237 (rec.rec_header.packet_header.pkt_encap < WTAP_NUM_ENCAP_TYPESwtap_get_num_encap_types())) {
1238 cf_info.encap_counts[rec.rec_header.packet_header.pkt_encap] += 1;
1239 } else {
1240 fprintf(stderrstderr, "capinfos: Unknown packet encapsulation %d in frame %u of file \"%s\"\n",
1241 rec.rec_header.packet_header.pkt_encap, packet, filename);
1242 }
1243
1244 /* Packet interface_id info */
1245 if (rec.presence_flags & WTAP_HAS_INTERFACE_ID0x00000004) {
1246 /* cf_info.num_interfaces is size, not index, so it's one more than max index */
1247 if (rec.rec_header.packet_header.interface_id >= cf_info.num_interfaces) {
1248 /*
1249 * OK, re-fetch the number of interfaces, as there might have
1250 * been an interface that was in the middle of packets, and
1251 * grow the array to be big enough for the new number of
1252 * interfaces.
1253 */
1254 idb_info = wtap_file_get_idb_info(cf_info.wth);
1255
1256 cf_info.num_interfaces = idb_info->interface_data->len;
1257 g_array_set_size(cf_info.interface_packet_counts, cf_info.num_interfaces);
1258
1259 g_free(idb_info);
1260 idb_info = NULL((void*)0);
1261 }
1262 if (rec.rec_header.packet_header.interface_id < cf_info.num_interfaces) {
1263 g_array_index(cf_info.interface_packet_counts, uint32_t,(((uint32_t*) (void *) (cf_info.interface_packet_counts)->
data) [(rec.rec_header.packet_header.interface_id)])
1264 rec.rec_header.packet_header.interface_id)(((uint32_t*) (void *) (cf_info.interface_packet_counts)->
data) [(rec.rec_header.packet_header.interface_id)]) += 1;
1265 }
1266 else {
1267 cf_info.pkt_interface_id_unknown += 1;
1268 }
1269 }
1270 else {
1271 /* it's for interface_id 0 */
1272 if (cf_info.num_interfaces != 0) {
1273 g_array_index(cf_info.interface_packet_counts, uint32_t, 0)(((uint32_t*) (void *) (cf_info.interface_packet_counts)->
data) [(0)]) += 1;
1274 }
1275 else {
1276 cf_info.pkt_interface_id_unknown += 1;
1277 }
1278 }
1279 }
1280
1281 wtap_rec_reset(&rec);
1282 } /* while */
1283 wtap_rec_cleanup(&rec);
1284
1285 /*
1286 * Get IDB info strings.
1287 * We do this at the end, so we can get information for all IDBs in
1288 * the file, even those that come after packet records, and so that
1289 * we get, for example, a count of the number of statistics entries
1290 * for each interface as of the *end* of the file.
1291 */
1292 idb_info = wtap_file_get_idb_info(cf_info.wth);
1293
1294 cf_info.idb_info_strings = g_array_sized_new(false0, false0, sizeof(char*), cf_info.num_interfaces);
1295 cf_info.num_interfaces = idb_info->interface_data->len;
1296 for (i = 0; i < cf_info.num_interfaces; i++) {
1297 const wtap_block_t if_descr = g_array_index(idb_info->interface_data, wtap_block_t, i)(((wtap_block_t*) (void *) (idb_info->interface_data)->
data) [(i)]);
1298 char *s = wtap_get_debug_if_descr(if_descr, 21, "\n");
1299 g_array_append_val(cf_info.idb_info_strings, s)g_array_append_vals (cf_info.idb_info_strings, &(s), 1);
1300 }
1301
1302 g_free(idb_info);
1303 idb_info = NULL((void*)0);
1304
1305 if (err != 0) {
1306 fprintf(stderrstderr,
1307 "capinfos: An error occurred after reading %u packets from \"%s\".\n",
1308 packet, filename);
1309 report_cfile_read_failure(filename, err, err_info);
1310 if (err == WTAP_ERR_SHORT_READ-12) {
1311 /* Don't give up completely with this one. */
1312 status = 1;
1313 fprintf(stderrstderr,
1314 " (will continue anyway, checksums might be incorrect)\n");
1315 } else {
1316 cleanup_capture_info(&cf_info);
1317 wtap_close(cf_info.wth);
1318 return 2;
1319 }
1320 }
1321
1322 /* File size */
1323 size = wtap_file_size(cf_info.wth, &err);
1324 if (size == -1) {
1325 fprintf(stderrstderr,
1326 "capinfos: Can't get size of \"%s\": %s.\n",
1327 filename, g_strerror(err));
1328 cleanup_capture_info(&cf_info);
1329 wtap_close(cf_info.wth);
1330 return 2;
1331 }
1332
1333 cf_info.filesize = size;
1334
1335 /* File Type */
1336 cf_info.file_type = wtap_file_type_subtype(cf_info.wth);
1337 cf_info.compression_type = wtap_get_compression_type(cf_info.wth);
1338
1339 /* File Encapsulation */
1340 cf_info.file_encap = wtap_file_encap(cf_info.wth);
1341
1342 cf_info.file_tsprec = wtap_file_tsprec(cf_info.wth);
1343
1344 /* Packet size limit (snaplen) */
1345 cf_info.snaplen = wtap_snapshot_length(cf_info.wth);
1346 if (cf_info.snaplen > 0)
1347 cf_info.snap_set = true1;
1348 else
1349 cf_info.snap_set = false0;
1350
1351 cf_info.snaplen_min_inferred = snaplen_min_inferred;
1352 cf_info.snaplen_max_inferred = snaplen_max_inferred;
1353
1354 /* # of packets */
1355 cf_info.packet_count = packet;
1356
1357 /* File Times */
1358 cf_info.times_known = have_times;
1359 cf_info.earliest_packet_time = earliest_packet_time;
1360 cf_info.earliest_packet_time_tsprec = earliest_packet_time_tsprec;
1361 cf_info.latest_packet_time = latest_packet_time;
1362 cf_info.latest_packet_time_tsprec = latest_packet_time_tsprec;
1363 nstime_delta(&cf_info.duration, &latest_packet_time, &earliest_packet_time);
1364 /* Duration precision is the higher of the earliest and latest packet timestamp precisions. */
1365 if (cf_info.latest_packet_time_tsprec > cf_info.earliest_packet_time_tsprec)
1366 cf_info.duration_tsprec = cf_info.latest_packet_time_tsprec;
1367 else
1368 cf_info.duration_tsprec = cf_info.earliest_packet_time_tsprec;
1369 cf_info.know_order = know_order;
1370 cf_info.order = order;
1371
1372 /* Number of packet bytes */
1373 cf_info.packet_bytes = bytes;
1374
1375 cf_info.data_rate = 0.0;
1376 cf_info.packet_rate = 0.0;
1377 cf_info.packet_size = 0.0;
1378
1379 if (packet > 0) {
1380 double delta_time = nstime_to_sec(&latest_packet_time) - nstime_to_sec(&earliest_packet_time);
1381 if (delta_time > 0.0) {
1382 cf_info.data_rate = (double)bytes / delta_time; /* Data rate per second */
1383 cf_info.packet_rate = (double)packet / delta_time; /* packet rate per second */
1384 }
1385 cf_info.packet_size = (double)bytes / packet; /* Avg packet size */
1386 }
1387
1388 if (!long_report && table_report_header) {
1389 print_stats_table_header(&cf_info);
1390 }
1391
1392 if (long_report) {
1393 print_stats(filename, &cf_info);
1394 } else {
1395 print_stats_table(filename, &cf_info);
1396 }
1397
1398 cleanup_capture_info(&cf_info);
1399 wtap_close(cf_info.wth);
1400
1401 return status;
1402}
1403
1404static void
1405print_usage(FILE *output)
1406{
1407 fprintf(output, "\n");
1408 fprintf(output, "Usage: capinfos [options] <infile> ...\n");
1409 fprintf(output, "\n");
1410 fprintf(output, "General infos:\n");
1411 fprintf(output, " -t display the capture file type\n");
1412 fprintf(output, " -E display the capture file encapsulation\n");
1413 fprintf(output, " -I display the capture file interface information\n");
1414 fprintf(output, " -F display additional capture file information\n");
1415 fprintf(output, " -H display the SHA256 and SHA1 hashes of the file\n");
1416 fprintf(output, " -k display the capture comment\n");
1417 fprintf(output, " -p display individual packet comments\n");
1418 fprintf(output, "\n");
1419 fprintf(output, "Size infos:\n");
1420 fprintf(output, " -c display the number of packets\n");
1421 fprintf(output, " -s display the size of the file (in bytes)\n");
1422 fprintf(output, " -d display the total length of all packets (in bytes)\n");
1423 fprintf(output, " -l display the packet size limit (snapshot length)\n");
1424 fprintf(output, "\n");
1425 fprintf(output, "Time infos:\n");
1426 fprintf(output, " -u display the capture duration (in seconds)\n");
1427 fprintf(output, " -a display the timestamp of the earliest packet\n");
1428 fprintf(output, " -e display the timestamp of the latest packet\n");
1429 fprintf(output, " -o display the capture file chronological status (True/False)\n");
1430 fprintf(output, " -S display earliest and latest packet timestamps as seconds\n");
1431 fprintf(output, "\n");
1432 fprintf(output, "Statistic infos:\n");
1433 fprintf(output, " -y display average data rate (in bytes/sec)\n");
1434 fprintf(output, " -i display average data rate (in bits/sec)\n");
1435 fprintf(output, " -z display average packet size (in bytes)\n");
1436 fprintf(output, " -x display average packet rate (in packets/sec)\n");
1437 fprintf(output, "\n");
1438 fprintf(output, "Metadata infos:\n");
1439 fprintf(output, " -n display number of resolved IPv4 and IPv6 addresses\n");
1440 fprintf(output, " -D display number of decryption secrets\n");
1441 fprintf(output, "\n");
1442 fprintf(output, "Output format:\n");
1443 fprintf(output, " -L generate long report (default)\n");
1444 fprintf(output, " -T generate table report\n");
1445 fprintf(output, " -M display machine-readable values in long reports\n");
1446 fprintf(output, "\n");
1447 fprintf(output, "Table report options:\n");
1448 fprintf(output, " -R generate header record (default)\n");
1449 fprintf(output, " -r do not generate header record\n");
1450 fprintf(output, "\n");
1451 fprintf(output, " -B separate infos with TAB character (default)\n");
1452 fprintf(output, " -m separate infos with comma (,) character\n");
1453 fprintf(output, " -b separate infos with SPACE character\n");
1454 fprintf(output, "\n");
1455 fprintf(output, " -N do not quote infos (default)\n");
1456 fprintf(output, " -q quote infos with single quotes (')\n");
1457 fprintf(output, " -Q quote infos with double quotes (\")\n");
1458 fprintf(output, "\n");
1459 fprintf(output, "Miscellaneous:\n");
1460 fprintf(output, " -h, --help display this help and exit\n");
1461 fprintf(output, " -v, --version display version info and exit\n");
1462 fprintf(output, " -C cancel processing if file open fails (default is to continue)\n");
1463 fprintf(output, " -A generate all infos (default)\n");
1464 fprintf(output, " -K disable displaying the capture comment\n");
1465 fprintf(output, " -P disable displaying individual packet comments\n");
1466 fprintf(output, "\n");
1467 fprintf(output, "Options are processed from left to right order with later options superseding\n");
1468 fprintf(output, "or adding to earlier options.\n");
1469 fprintf(output, "\n");
1470 fprintf(output, "If no options are given the default is to display all infos in long report\n");
1471 fprintf(output, "output format.\n");
1472}
1473
1474int
1475main(int argc, char *argv[])
1476{
1477 char *configuration_init_error;
1478 bool_Bool need_separator = false0;
1479 int opt;
1480 int overall_error_status = EXIT_SUCCESS0;
1481 static const struct ws_option long_options[] = {
1482 {"help", ws_no_argument0, NULL((void*)0), 'h'},
1483 {"version", ws_no_argument0, NULL((void*)0), 'v'},
1484 LONGOPT_WSLOG{"log-level", 1, ((void*)0), 5000 +1}, {"log-domain", 1, ((void
*)0), 5000 +2}, {"log-domains", 1, ((void*)0), 5000 +2}, {"log-file"
, 1, ((void*)0), 5000 +3}, {"log-fatal", 1, ((void*)0), 5000 +
4}, {"log-fatal-domain", 1, ((void*)0), 5000 +5}, {"log-fatal-domains"
, 1, ((void*)0), 5000 +5}, {"log-debug", 1, ((void*)0), 5000 +
6}, {"log-noisy", 1, ((void*)0), 5000 +7},
1485 {0, 0, 0, 0 }
1486 };
1487 const struct file_extension_info* file_extensions;
1488 unsigned num_extensions;
1489
1490#define OPTSTRING"abcdehiklmnopqrstuvxyzABCDEFHIKLMNPQRST" "abcdehiklmnopqrstuvxyzABCDEFHIKLMNPQRST"
1491 static const char optstring[] = OPTSTRING"abcdehiklmnopqrstuvxyzABCDEFHIKLMNPQRST";
1492
1493 int status = 0;
1494
1495 /* Set the program name. */
1496 g_set_prgname("capinfos");
1497
1498 /*
1499 * Set the C-language locale to the native environment and set the
1500 * code page to UTF-8 on Windows.
1501 */
1502#ifdef _WIN32
1503 setlocale(LC_ALL6, ".UTF-8");
1504#else
1505 setlocale(LC_ALL6, "");
1506#endif
1507
1508 cmdarg_err_init(stderr_cmdarg_err, stderr_cmdarg_err_cont);
1509
1510 /* Initialize log handler early so we can have proper logging during startup. */
1511 ws_log_init(vcmdarg_err, "Capinfos Debug Console");
1512
1513 /* Early logging command-line initialization. */
1514 ws_log_parse_args(&argc, argv, optstring, long_options, vcmdarg_err, WS_EXIT_INVALID_OPTION1);
1515
1516 ws_noisy("Finished log init and parsing command line log arguments")do { if (1) { ws_log_full("Main", LOG_LEVEL_NOISY, "capinfos.c"
, 1516, __func__, "Finished log init and parsing command line log arguments"
); } } while (0);
1
Taking true branch
2
Loop condition is false. Exiting loop
1517
1518 /* Get the decimal point. */
1519 decimal_point = g_strdup(localeconv()->decimal_point)g_strdup_inline (localeconv()->decimal_point);
1520
1521#ifdef _WIN32
1522 create_app_running_mutex();
1523#endif /* _WIN32 */
1524
1525 /*
1526 * Get credential information for later use.
1527 */
1528 init_process_policies();
1529
1530 /*
1531 * Attempt to get the pathname of the directory containing the
1532 * executable file.
1533 */
1534 configuration_init_error = configuration_init(argv[0], "wireshark");
1535 if (configuration_init_error != NULL((void*)0)) {
3
Assuming 'configuration_init_error' is equal to NULL
4
Taking false branch
1536 fprintf(stderrstderr,
1537 "capinfos: Can't get pathname of directory containing the capinfos program: %s.\n",
1538 configuration_init_error);
1539 g_free(configuration_init_error);
1540 }
1541
1542 /* Initialize the version information. */
1543 ws_init_version_info("Capinfos", NULL((void*)0), application_get_vcs_version_info, NULL((void*)0), NULL((void*)0));
1544
1545 init_report_failure_message("capinfos");
1546
1547 application_file_extensions(&file_extensions, &num_extensions);
1548 wtap_init(true1, application_configuration_environment_prefix(), file_extensions, num_extensions);
1549
1550 /* Process the options */
1551 while ((opt = ws_getopt_long(argc, argv, optstring, long_options, NULL((void*)0))) !=-1) {
5
Assuming the condition is false
6
Loop condition is false. Execution continues on line 1743
1552
1553 switch (opt) {
1554
1555 case 't':
1556 if (report_all_infos) disable_all_infos();
1557 cap_file_type = true1;
1558 break;
1559
1560 case 'E':
1561 if (report_all_infos) disable_all_infos();
1562 cap_file_encap = true1;
1563 break;
1564
1565 case 'l':
1566 if (report_all_infos) disable_all_infos();
1567 cap_snaplen = true1;
1568 break;
1569
1570 case 'c':
1571 if (report_all_infos) disable_all_infos();
1572 cap_packet_count = true1;
1573 break;
1574
1575 case 's':
1576 if (report_all_infos) disable_all_infos();
1577 cap_file_size = true1;
1578 break;
1579
1580 case 'd':
1581 if (report_all_infos) disable_all_infos();
1582 cap_data_size = true1;
1583 break;
1584
1585 case 'u':
1586 if (report_all_infos) disable_all_infos();
1587 cap_duration = true1;
1588 break;
1589
1590 case 'a':
1591 if (report_all_infos) disable_all_infos();
1592 cap_earliest_packet_time = true1;
1593 break;
1594
1595 case 'e':
1596 if (report_all_infos) disable_all_infos();
1597 cap_latest_packet_time = true1;
1598 break;
1599
1600 case 'S':
1601 time_as_secs = true1;
1602 break;
1603
1604 case 'y':
1605 if (report_all_infos) disable_all_infos();
1606 cap_data_rate_byte = true1;
1607 break;
1608
1609 case 'i':
1610 if (report_all_infos) disable_all_infos();
1611 cap_data_rate_bit = true1;
1612 break;
1613
1614 case 'z':
1615 if (report_all_infos) disable_all_infos();
1616 cap_packet_size = true1;
1617 break;
1618
1619 case 'x':
1620 if (report_all_infos) disable_all_infos();
1621 cap_packet_rate = true1;
1622 break;
1623
1624 case 'H':
1625 if (report_all_infos) disable_all_infos();
1626 cap_file_hashes = true1;
1627 break;
1628
1629 case 'o':
1630 if (report_all_infos) disable_all_infos();
1631 cap_order = true1;
1632 break;
1633
1634 case 'k':
1635 if (report_all_infos) disable_all_infos();
1636 cap_comment = true1;
1637 break;
1638
1639 case 'p':
1640 if (report_all_infos) disable_all_infos();
1641 pkt_comments = true1;
1642 break;
1643
1644 case 'K':
1645 cap_comment = false0;
1646 break;
1647
1648 case 'P':
1649 pkt_comments = false0;
1650 break;
1651
1652 case 'F':
1653 if (report_all_infos) disable_all_infos();
1654 cap_file_more_info = true1;
1655 break;
1656
1657 case 'I':
1658 if (report_all_infos) disable_all_infos();
1659 cap_file_idb = true1;
1660 break;
1661
1662 case 'n':
1663 if (report_all_infos) disable_all_infos();
1664 cap_file_nrb = true1;
1665 break;
1666
1667 case 'D':
1668 if (report_all_infos) disable_all_infos();
1669 cap_file_dsb = true1;
1670 break;
1671
1672 case 'C':
1673 stop_after_failure = true1;
1674 break;
1675
1676 case 'A':
1677 enable_all_infos();
1678 break;
1679
1680 case 'L':
1681 long_report = true1;
1682 break;
1683
1684 case 'T':
1685 long_report = false0;
1686 break;
1687
1688 case 'M':
1689 machine_readable = true1;
1690 break;
1691
1692 case 'R':
1693 table_report_header = true1;
1694 break;
1695
1696 case 'r':
1697 table_report_header = false0;
1698 break;
1699
1700 case 'N':
1701 quote_char = '\0';
1702 break;
1703
1704 case 'q':
1705 quote_char = '\'';
1706 break;
1707
1708 case 'Q':
1709 quote_char = '"';
1710 break;
1711
1712 case 'B':
1713 field_separator = '\t';
1714 break;
1715
1716 case 'm':
1717 field_separator = ',';
1718 break;
1719
1720 case 'b':
1721 field_separator = ' ';
1722 break;
1723
1724 case 'h':
1725 show_help_header("Print various information (infos) about capture files.");
1726 print_usage(stdoutstdout);
1727 goto exit;
1728 break;
1729
1730 case 'v':
1731 show_version();
1732 goto exit;
1733 break;
1734
1735 case '?': /* Bad flag - print usage message */
1736 print_usage(stderrstderr);
1737 overall_error_status = WS_EXIT_INVALID_OPTION1;
1738 goto exit;
1739 break;
1740 }
1741 }
1742
1743 if ((argc - ws_optind) < 1) {
7
Assuming the condition is false
8
Taking false branch
1744 print_usage(stderrstderr);
1745 overall_error_status = WS_EXIT_INVALID_OPTION1;
1746 goto exit;
1747 }
1748
1749 if (cap_file_hashes
8.1
'cap_file_hashes' is true
) {
9
Taking true branch
1750 gcry_check_version(NULL((void*)0));
1751 gcry_md_open(&hd, GCRY_MD_SHA256, 0);
1752 if (hd)
10
Assuming 'hd' is null
11
Taking false branch
1753 gcry_md_enable(hd, GCRY_MD_SHA1);
1754
1755 hash_buf = (char *)g_malloc(HASH_BUF_SIZE(1024 * 1024));
1756 }
1757
1758 overall_error_status = 0;
1759
1760 for (opt = ws_optind; opt < argc; opt++) {
12
Assuming 'opt' is < 'argc'
13
Loop condition is true. Entering loop body
1761
1762 status = process_cap_file(argv[opt], need_separator);
14
Calling 'process_cap_file'
1763 if (status) {
1764 /* Something failed. It's been reported; remember that processing
1765 one file failed and, if -C was specified, stop. */
1766 overall_error_status = status;
1767 if (stop_after_failure)
1768 goto exit;
1769 }
1770 if (status != 2) {
1771 /* Either it succeeded or it got a "short read" but printed
1772 information anyway. Note that we need a blank line before
1773 the next file's information, to separate it from the
1774 previous file. */
1775 need_separator = true1;
1776 }
1777 }
1778
1779exit:
1780 g_free(hash_buf);
1781 gcry_md_close(hd);
1782 wtap_cleanup();
1783 free_progdirs();
1784 return overall_error_status;
1785}