1 /* summary.c
2 * Routines for capture file summary info
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 #include <config.h>
12
13 #include <wiretap/pcap-encap.h>
14 #include <wiretap/wtap_opttypes.h>
15
16 #include <epan/packet.h>
17 #include <wsutil/file_util.h>
18 #include <wsutil/wsgcrypt.h>
19 #include "cfile.h"
20 #include "ui/summary.h"
21
22 // Strongest to weakest
23 #define HASH_SIZE_SHA256 32
24 #define HASH_SIZE_RMD160 20
25 #define HASH_SIZE_SHA1 20
26
27 #define HASH_BUF_SIZE (1024 * 1024)
28
29 static void
tally_frame_data(frame_data * cur_frame,summary_tally * sum_tally)30 tally_frame_data(frame_data *cur_frame, summary_tally *sum_tally)
31 {
32 double cur_time;
33
34 sum_tally->bytes += cur_frame->pkt_len;
35 if (cur_frame->passed_dfilter){
36 sum_tally->filtered_count++;
37 sum_tally->filtered_bytes += cur_frame->pkt_len;
38 }
39 if (cur_frame->marked){
40 sum_tally->marked_count++;
41 sum_tally->marked_bytes += cur_frame->pkt_len;
42 }
43 if (cur_frame->ignored){
44 sum_tally->ignored_count++;
45 }
46
47 if (cur_frame->has_ts) {
48 /* This packet has a time stamp. */
49 cur_time = nstime_to_sec(&cur_frame->abs_ts);
50
51 sum_tally->packet_count_ts++;
52 if (cur_time < sum_tally->start_time) {
53 sum_tally->start_time = cur_time;
54 }
55 if (cur_time > sum_tally->stop_time){
56 sum_tally->stop_time = cur_time;
57 }
58 if (cur_frame->passed_dfilter){
59 sum_tally->filtered_count_ts++;
60 /*
61 * If we've seen one filtered packet, this is the first
62 * one.
63 */
64 if (sum_tally->filtered_count == 1){
65 sum_tally->filtered_start= cur_time;
66 sum_tally->filtered_stop = cur_time;
67 } else {
68 if (cur_time < sum_tally->filtered_start) {
69 sum_tally->filtered_start = cur_time;
70 }
71 if (cur_time > sum_tally->filtered_stop) {
72 sum_tally->filtered_stop = cur_time;
73 }
74 }
75 }
76 if (cur_frame->marked){
77 sum_tally->marked_count_ts++;
78 /*
79 * If we've seen one marked packet, this is the first
80 * one.
81 */
82 if (sum_tally->marked_count == 1){
83 sum_tally->marked_start= cur_time;
84 sum_tally->marked_stop = cur_time;
85 } else {
86 if (cur_time < sum_tally->marked_start) {
87 sum_tally->marked_start = cur_time;
88 }
89 if (cur_time > sum_tally->marked_stop) {
90 sum_tally->marked_stop = cur_time;
91 }
92 }
93 }
94 }
95 }
96
97 static void
hash_to_str(const unsigned char * hash,size_t length,char * str)98 hash_to_str(const unsigned char *hash, size_t length, char *str) {
99 int i;
100
101 for (i = 0; i < (int) length; i++) {
102 g_snprintf(str+(i*2), 3, "%02x", hash[i]);
103 }
104 }
105
106 void
summary_fill_in(capture_file * cf,summary_tally * st)107 summary_fill_in(capture_file *cf, summary_tally *st)
108 {
109 frame_data *first_frame, *cur_frame;
110 guint32 framenum;
111 iface_summary_info iface;
112 guint i;
113 wtapng_iface_descriptions_t* idb_info;
114 wtap_block_t wtapng_if_descr;
115 wtapng_if_descr_mandatory_t *wtapng_if_descr_mand;
116 wtap_block_t if_stats;
117 guint64 isb_ifdrop;
118 char* if_string;
119 if_filter_opt_t if_filter;
120
121 FILE *fh;
122 char *hash_buf;
123 gcry_md_hd_t hd;
124 size_t hash_bytes;
125
126 st->packet_count_ts = 0;
127 st->start_time = 0;
128 st->stop_time = 0;
129 st->bytes = 0;
130 st->filtered_count = 0;
131 st->filtered_count_ts = 0;
132 st->filtered_start = 0;
133 st->filtered_stop = 0;
134 st->filtered_bytes = 0;
135 st->marked_count = 0;
136 st->marked_count_ts = 0;
137 st->marked_start = 0;
138 st->marked_stop = 0;
139 st->marked_bytes = 0;
140 st->ignored_count = 0;
141
142 /* initialize the tally */
143 if (cf->count != 0) {
144 first_frame = frame_data_sequence_find(cf->provider.frames, 1);
145 st->start_time = nstime_to_sec(&first_frame->abs_ts);
146 st->stop_time = nstime_to_sec(&first_frame->abs_ts);
147
148 for (framenum = 1; framenum <= cf->count; framenum++) {
149 cur_frame = frame_data_sequence_find(cf->provider.frames, framenum);
150 tally_frame_data(cur_frame, st);
151 }
152 }
153
154 st->filename = cf->filename;
155 st->file_length = cf->f_datalen;
156 st->file_type = cf->cd_t;
157 st->compression_type = cf->compression_type;
158 st->is_tempfile = cf->is_tempfile;
159 st->file_encap_type = cf->lnk_t;
160 st->packet_encap_types = cf->linktypes;
161 st->snap = cf->snap;
162 st->elapsed_time = nstime_to_sec(&cf->elapsed_time);
163 st->packet_count = cf->count;
164 st->drops_known = cf->drops_known;
165 st->drops = cf->drops;
166 st->dfilter = cf->dfilter;
167
168 st->ifaces = g_array_new(FALSE, FALSE, sizeof(iface_summary_info));
169 idb_info = wtap_file_get_idb_info(cf->provider.wth);
170 for (i = 0; i < idb_info->interface_data->len; i++) {
171 wtapng_if_descr = g_array_index(idb_info->interface_data, wtap_block_t, i);
172 wtapng_if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(wtapng_if_descr);
173 if (wtap_block_get_if_filter_option_value(wtapng_if_descr, OPT_IDB_FILTER, &if_filter) == WTAP_OPTTYPE_SUCCESS) {
174 if (if_filter.type == if_filter_pcap) {
175 iface.cfilter = g_strdup(if_filter.data.filter_str);
176 } else {
177 /* Not a pcap filter string; punt for now */
178 iface.cfilter = NULL;
179 }
180 } else {
181 iface.cfilter = NULL;
182 }
183 if (wtap_block_get_string_option_value(wtapng_if_descr, OPT_IDB_NAME, &if_string) == WTAP_OPTTYPE_SUCCESS) {
184 iface.name = g_strdup(if_string);
185 } else {
186 iface.name = NULL;
187 }
188 if (wtap_block_get_string_option_value(wtapng_if_descr, OPT_IDB_DESCRIPTION, &if_string) == WTAP_OPTTYPE_SUCCESS) {
189 iface.descr = g_strdup(if_string);
190 } else {
191 iface.descr = NULL;
192 }
193 iface.drops_known = FALSE;
194 iface.drops = 0;
195 iface.snap = wtapng_if_descr_mand->snap_len;
196 iface.encap_type = wtapng_if_descr_mand->wtap_encap;
197 iface.isb_comment = NULL;
198 if(wtapng_if_descr_mand->num_stat_entries == 1){
199 /* dumpcap only writes one ISB, only handle that for now */
200 if_stats = g_array_index(wtapng_if_descr_mand->interface_statistics, wtap_block_t, 0);
201 if (wtap_block_get_uint64_option_value(if_stats, OPT_ISB_IFDROP, &isb_ifdrop) == WTAP_OPTTYPE_SUCCESS) {
202 iface.drops_known = TRUE;
203 iface.drops = isb_ifdrop;
204 }
205 /* XXX: this doesn't get used, and might need to be g_strdup'ed when it does */
206 /* XXX - support multiple comments */
207 if (wtap_block_get_nth_string_option_value(if_stats, OPT_COMMENT, 0, &iface.isb_comment) != WTAP_OPTTYPE_SUCCESS) {
208 iface.isb_comment = NULL;
209 }
210 }
211 g_array_append_val(st->ifaces, iface);
212 }
213 g_free(idb_info);
214
215 (void) g_strlcpy(st->file_sha256, "<unknown>", HASH_STR_SIZE);
216 (void) g_strlcpy(st->file_rmd160, "<unknown>", HASH_STR_SIZE);
217 (void) g_strlcpy(st->file_sha1, "<unknown>", HASH_STR_SIZE);
218
219 gcry_md_open(&hd, GCRY_MD_SHA256, 0);
220 if (hd) {
221 gcry_md_enable(hd, GCRY_MD_RMD160);
222 gcry_md_enable(hd, GCRY_MD_SHA1);
223 }
224 hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
225
226 fh = ws_fopen(cf->filename, "rb");
227 if (fh && hash_buf && hd) {
228 while((hash_bytes = fread(hash_buf, 1, HASH_BUF_SIZE, fh)) > 0) {
229 gcry_md_write(hd, hash_buf, hash_bytes);
230 }
231 gcry_md_final(hd);
232 hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, st->file_sha256);
233 hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, st->file_rmd160);
234 hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, st->file_sha1);
235 }
236 if (fh) fclose(fh);
237 g_free(hash_buf);
238 gcry_md_close(hd);
239 }
240
241 #ifdef HAVE_LIBPCAP
242 void
summary_fill_in_capture(capture_file * cf,capture_options * capture_opts,summary_tally * st)243 summary_fill_in_capture(capture_file *cf,capture_options *capture_opts, summary_tally *st)
244 {
245 iface_summary_info iface;
246 interface_t *device;
247 guint i;
248
249 if (st->ifaces->len == 0) {
250 /*
251 * XXX - do this only if we have a live capture.
252 */
253 for (i = 0; i < capture_opts->all_ifaces->len; i++) {
254 device = &g_array_index(capture_opts->all_ifaces, interface_t, i);
255 if (!device->selected) {
256 continue;
257 }
258 iface.cfilter = g_strdup(device->cfilter);
259 iface.name = g_strdup(device->name);
260 iface.descr = g_strdup(device->display_name);
261 iface.drops_known = cf->drops_known;
262 iface.drops = cf->drops;
263 iface.snap = device->snaplen;
264 iface.encap_type = wtap_pcap_encap_to_wtap_encap(device->active_dlt);
265 g_array_append_val(st->ifaces, iface);
266 }
267 }
268 }
269 #endif
270