/* follow_stream.c * Common routines for following data streams * * $Id$ * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA. */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include #include #include #include <../alert_box.h> #include <../isprint.h> #include <../print.h> #include <../simple_dialog.h> #include #include #include #include #include #include #include #include #include #include "gtk/main.h" #ifdef _WIN32 #include "../tempfile.h" #include "gtk/print_win32.h" #endif /* static variable declarations to speed up the performance * of follow_load_text and follow_add_to_gtk_text */ static GdkColor server_fg, server_bg; static GdkColor client_fg, client_bg; static GtkTextTag *server_tag, *client_tag; static void follow_destroy_cb(GtkWidget *w, gpointer data _U_); GList *follow_infos = NULL; frs_return_t follow_read_stream(follow_info_t *follow_info, gboolean (*print_line)(char *, size_t, gboolean, void *), void *arg) { switch(follow_info->follow_type) { case FOLLOW_TCP : return follow_read_tcp_stream(follow_info, print_line, arg); case FOLLOW_UDP : return follow_read_udp_stream(follow_info, print_line, arg); case FOLLOW_SSL : return follow_read_ssl_stream(follow_info, print_line, arg); default : g_assert_not_reached(); return 0; } } gboolean follow_add_to_gtk_text(char *buffer, size_t nchars, gboolean is_server, void *arg) { GtkWidget *text = arg; GtkTextBuffer *buf = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text)); GtkTextIter iter; /* While our isprint() hack is in place, we * have to convert some chars to '.' in order * to be able to see the data we *should* see * in the GtkText widget. */ size_t i; for (i = 0; i < nchars; i++) { if (buffer[i] == '\n' || buffer[i] == '\r') continue; if (! isprint((guchar)buffer[i])) { buffer[i] = '.'; } } gtk_text_buffer_get_end_iter(buf, &iter); if (is_server) { gtk_text_buffer_insert_with_tags(buf, &iter, buffer, (gint) nchars, server_tag, NULL); } else { gtk_text_buffer_insert_with_tags(buf, &iter, buffer, (gint) nchars, client_tag, NULL); } return TRUE; } /* * XXX - for text printing, we probably want to wrap lines at 80 characters; * (PostScript printing is doing this already), and perhaps put some kind of * dingbat (to use the technical term) to indicate a wrapped line, along the * lines of what's done when displaying this in a window, as per Warren Young's * suggestion. */ gboolean follow_print_text(char *buffer, size_t nchars, gboolean is_server _U_, void *arg) { print_stream_t *stream = arg; size_t i; char *str; /* convert non printable characters */ for (i = 0; i < nchars; i++) { if (buffer[i] == '\n' || buffer[i] == '\r') continue; if (! isprint((guchar)buffer[i])) { buffer[i] = '.'; } } /* convert unterminated char array to a zero terminated string */ str = g_malloc(nchars + 1); memcpy(str, buffer, nchars); str[nchars] = 0; print_line(stream, /*indent*/ 0, str); g_free(str); return TRUE; } gboolean follow_write_raw(char *buffer, size_t nchars, gboolean is_server _U_, void *arg) { FILE *fh = arg; size_t nwritten; nwritten = fwrite(buffer, 1, nchars, fh); if (nwritten != nchars) return FALSE; return TRUE; } /* Handles the display style toggling */ void follow_charset_toggle_cb(GtkWidget * w _U_, gpointer data) { follow_info_t *follow_info = data; /* * A radio button toggles when it goes on and when it goes * off, so when you click a radio button two signals are * delivered. We only want to reprocess the display once, * so we do it only when the button goes on. */ if (GTK_TOGGLE_BUTTON(w)->active) { if (w == follow_info->ebcdic_bt) follow_info->show_type = SHOW_EBCDIC; else if (w == follow_info->hexdump_bt) follow_info->show_type = SHOW_HEXDUMP; else if (w == follow_info->carray_bt) follow_info->show_type = SHOW_CARRAY; else if (w == follow_info->ascii_bt) follow_info->show_type = SHOW_ASCII; else if (w == follow_info->raw_bt) follow_info->show_type = SHOW_RAW; follow_load_text(follow_info); } } void follow_load_text(follow_info_t *follow_info) { GtkTextBuffer *buf; buf = gtk_text_view_get_buffer(GTK_TEXT_VIEW(follow_info->text)); /* prepare colors one time for repeated use by follow_add_to_gtk_text */ color_t_to_gdkcolor(&server_fg, &prefs.st_server_fg); color_t_to_gdkcolor(&server_bg, &prefs.st_server_bg); color_t_to_gdkcolor(&client_fg, &prefs.st_client_fg); color_t_to_gdkcolor(&client_bg, &prefs.st_client_bg); /* prepare tags one time for repeated use by follow_add_to_gtk_text */ server_tag = gtk_text_buffer_create_tag(buf, NULL, "foreground-gdk", &server_fg, "background-gdk", &server_bg, "font-desc", user_font_get_regular(), NULL); client_tag = gtk_text_buffer_create_tag(buf, NULL, "foreground-gdk", &client_fg, "background-gdk", &client_bg, "font-desc", user_font_get_regular(), NULL); /* Delete any info already in text box */ gtk_text_buffer_set_text(buf, "", -1); follow_read_stream(follow_info, follow_add_to_gtk_text, follow_info->text); } void follow_filter_out_stream(GtkWidget * w _U_, gpointer data) { follow_info_t *follow_info = data; /* Lock out user from messing with us. (ie. don't free our data!) */ gtk_widget_set_sensitive(follow_info->streamwindow, FALSE); /* Set the display filter. */ gtk_entry_set_text(GTK_ENTRY(follow_info->filter_te), follow_info->filter_out_filter); /* Run the display filter so it goes in effect. */ main_filter_packets(&cfile, follow_info->filter_out_filter, FALSE); /* we force a subsequent close */ window_destroy(follow_info->streamwindow); return; } void follow_find_cb(GtkWidget * w _U_, gpointer data) { follow_info_t *follow_info = data; GtkTooltips *tooltips; GtkWidget *find_dlg_w, *main_vb, *buttons_row, *find_lb; GtkWidget *find_hb, *find_text_box, *find_bt, *cancel_bt; tooltips = gtk_tooltips_new(); if (follow_info->find_dlg_w != NULL) { /* There's already a dialog box; reactivate it. */ reactivate_window(follow_info->find_dlg_w); return; } /* Create the find box */ find_dlg_w = dlg_window_new("Wireshark: Find text"); gtk_window_set_transient_for(GTK_WINDOW(find_dlg_w), GTK_WINDOW(follow_info->streamwindow)); gtk_window_set_destroy_with_parent(GTK_WINDOW(find_dlg_w), TRUE); follow_info->find_dlg_w = find_dlg_w; g_signal_connect(find_dlg_w, "destroy", G_CALLBACK(follow_find_destroy_cb), follow_info); g_signal_connect(find_dlg_w, "delete_event", G_CALLBACK(window_delete_event_cb), NULL); /* Main vertical box */ main_vb = gtk_vbox_new(FALSE, 3); gtk_container_set_border_width(GTK_CONTAINER(main_vb), 5); gtk_container_add(GTK_CONTAINER(find_dlg_w), main_vb); /* Horizontal box for find label, entry field and up/down radio buttons */ find_hb = gtk_hbox_new(FALSE, 3); gtk_container_add(GTK_CONTAINER(main_vb), find_hb); gtk_widget_show(find_hb); /* Find label */ find_lb = gtk_label_new("Find text:"); gtk_box_pack_start(GTK_BOX(find_hb), find_lb, FALSE, FALSE, 0); gtk_widget_show(find_lb); /* Find field */ find_text_box = gtk_entry_new(); gtk_box_pack_start(GTK_BOX(find_hb), find_text_box, FALSE, FALSE, 0); gtk_tooltips_set_tip(tooltips, find_text_box, "Text to search for (case sensitive)", NULL); gtk_widget_show(find_text_box); /* Buttons row */ buttons_row = dlg_button_row_new(GTK_STOCK_FIND, GTK_STOCK_CANCEL, NULL); gtk_container_add(GTK_CONTAINER(main_vb), buttons_row); find_bt = g_object_get_data(G_OBJECT(buttons_row), GTK_STOCK_FIND); cancel_bt = g_object_get_data(G_OBJECT(buttons_row), GTK_STOCK_CANCEL); g_signal_connect(find_bt, "clicked", G_CALLBACK(follow_find_button_cb), follow_info); g_object_set_data(G_OBJECT(find_bt), "find_string", find_text_box); window_set_cancel_button(find_dlg_w, cancel_bt, window_cancel_button_cb); /* Hitting return in the find field "clicks" the find button */ dlg_set_activate(find_text_box, find_bt); /* Show the dialog */ gtk_widget_show_all(find_dlg_w); window_present(find_dlg_w); } void follow_find_button_cb(GtkWidget * w, gpointer data) { gboolean found; const gchar *find_string; follow_info_t *follow_info = data; GtkTextBuffer *buffer; GtkTextIter iter, match_start, match_end; GtkTextMark *last_pos_mark; GtkWidget *find_string_w; /* Get the text the user typed into the find field */ find_string_w = (GtkWidget *)g_object_get_data(G_OBJECT(w), "find_string"); find_string = gtk_entry_get_text(GTK_ENTRY(find_string_w)); /* Get the buffer associated with the follow stream */ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(follow_info->text)); gtk_text_buffer_get_start_iter(buffer, &iter); /* Look for the search string in the buffer */ last_pos_mark = gtk_text_buffer_get_mark(buffer, "last_position"); if(last_pos_mark) gtk_text_buffer_get_iter_at_mark(buffer, &iter, last_pos_mark); found = gtk_text_iter_forward_search(&iter, find_string, 0, &match_start, &match_end, NULL); if(found) { gtk_text_buffer_select_range(buffer, &match_start, &match_end); last_pos_mark = gtk_text_buffer_create_mark (buffer, "last_position", &match_end, FALSE); gtk_text_view_scroll_mark_onscreen(GTK_TEXT_VIEW(follow_info->text), last_pos_mark); } else { /* We didn't find a match */ simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK, "%sFind text has reached the end of the followed " "stream%s\n\nThe next search will start from the " "beginning", simple_dialog_primary_start(), simple_dialog_primary_end()); if(last_pos_mark) gtk_text_buffer_delete_mark(buffer, last_pos_mark); } } void follow_find_destroy_cb(GtkWidget * win _U_, gpointer data) { follow_info_t *follow_info = data; /* Note that we no longer have a dialog box. */ follow_info->find_dlg_w = NULL; } void follow_print_stream(GtkWidget * w _U_, gpointer data) { print_stream_t *stream; gboolean to_file; char *print_dest; follow_info_t *follow_info = data; #ifdef _WIN32 gboolean win_printer = FALSE; int tmp_fd; char tmp_namebuf[128+1]; /* see create_tmpfile which says [128+1]; why ? */ #endif switch (prefs.pr_dest) { case PR_DEST_CMD: #ifdef _WIN32 win_printer = TRUE; /* (The code for creating a temp filename is adapted from print_dlg.c). */ /* We currently don't have a function in util.h to create just a tempfile */ /* name, so simply create a tempfile using the "official" function, */ /* then delete this file again. After this, the name MUST be available. */ /* */ /* Don't use tmpnam() or such, as this will fail under some ACL */ /* circumstances: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=358 */ /* Also: tmpnam is "insecure" and should not be used. */ tmp_fd = create_tempfile(tmp_namebuf, sizeof(tmp_namebuf), "wshprint"); if(tmp_fd == -1) { simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "Couldn't create a temporary file for printing."); return; } ws_close(tmp_fd); ws_unlink(tmp_namebuf); print_dest = tmp_namebuf; to_file = TRUE; #else print_dest = prefs.pr_cmd; to_file = FALSE; #endif break; case PR_DEST_FILE: print_dest = prefs.pr_file; to_file = TRUE; break; default: /* "Can't happen" */ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "Couldn't figure out where to send the print " "job. Check your preferences."); return; } switch (prefs.pr_format) { case PR_FMT_TEXT: stream = print_stream_text_new(to_file, print_dest); break; case PR_FMT_PS: stream = print_stream_ps_new(to_file, print_dest); break; default: g_assert_not_reached(); stream = NULL; } if (stream == NULL) { if (to_file) { open_failure_alert_box(print_dest, errno, TRUE); } else { simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "Couldn't run print command %s.", prefs.pr_cmd); } return; } if (!print_preamble(stream, cfile.filename)) goto print_error; switch (follow_read_stream(follow_info, follow_print_text, stream)) { case FRS_OK: break; case FRS_OPEN_ERROR: case FRS_READ_ERROR: /* XXX - cancel printing? */ destroy_print_stream(stream); return; case FRS_PRINT_ERROR: goto print_error; } if (!print_finale(stream)) goto print_error; if (!destroy_print_stream(stream)) { if (to_file) { write_failure_alert_box(print_dest, errno); } else { simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "Error closing print destination."); } } #ifdef _WIN32 if (win_printer) { print_mswin(print_dest); /* trash temp file */ ws_remove(print_dest); } #endif return; print_error: if (to_file) { write_failure_alert_box(print_dest, errno); } else { simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "Error writing to print command: %s", strerror(errno)); } /* XXX - cancel printing? */ destroy_print_stream(stream); #ifdef _WIN32 if (win_printer) { /* trash temp file */ ws_remove(print_dest); } #endif } /* * Keep a static pointer to the current "Save Follow Stream As" window, if * any, so that if somebody tries to do "Save" * while there's already a "Save Follow Stream" window up, we just pop * up the existing one, rather than creating a new one. */ void follow_save_as_cmd_cb(GtkWidget *w _U_, gpointer data) { GtkWidget *new_win; follow_info_t *follow_info = data; if (follow_info->follow_save_as_w != NULL) { /* There's already a dialog box; reactivate it. */ reactivate_window(follow_info->follow_save_as_w); return; } new_win = file_selection_new("Wireshark: Save Follow Stream As", FILE_SELECTION_SAVE); follow_info->follow_save_as_w = new_win; /* Tuck away the follow_info object into the window */ g_object_set_data(G_OBJECT(new_win), E_FOLLOW_INFO_KEY, follow_info); g_signal_connect(new_win, "destroy", G_CALLBACK(follow_save_as_destroy_cb), follow_info); if (gtk_dialog_run(GTK_DIALOG(new_win)) == GTK_RESPONSE_ACCEPT) { follow_save_as_ok_cb(new_win, new_win); } else { window_destroy(new_win); } } void follow_save_as_ok_cb(GtkWidget * w _U_, gpointer fs) { gchar *to_name; follow_info_t *follow_info; FILE *fh; print_stream_t *stream = NULL; gchar *dirname; to_name = g_strdup(gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(fs))); /* Perhaps the user specified a directory instead of a file. Check whether they did. */ if (test_for_directory(to_name) == EISDIR) { /* It's a directory - set the file selection box to display that directory, and leave the selection box displayed. */ set_last_open_dir(to_name); g_free(to_name); file_selection_set_current_folder(fs, get_last_open_dir()); return; } follow_info = g_object_get_data(G_OBJECT(fs), E_FOLLOW_INFO_KEY); if (follow_info->show_type == SHOW_RAW) { /* Write the data out as raw binary data */ fh = ws_fopen(to_name, "wb"); } else { /* Write it out as text */ fh = ws_fopen(to_name, "w"); } if (fh == NULL) { open_failure_alert_box(to_name, errno, TRUE); g_free(to_name); return; } gtk_widget_hide(GTK_WIDGET(fs)); window_destroy(GTK_WIDGET(fs)); if (follow_info->show_type == SHOW_RAW) { switch (follow_read_stream(follow_info, follow_write_raw, fh)) { case FRS_OK: if (fclose(fh) == EOF) write_failure_alert_box(to_name, errno); break; case FRS_OPEN_ERROR: case FRS_READ_ERROR: fclose(fh); break; case FRS_PRINT_ERROR: write_failure_alert_box(to_name, errno); fclose(fh); break; } } else { stream = print_stream_text_stdio_new(fh); switch (follow_read_stream(follow_info, follow_print_text, stream)) { case FRS_OK: if (!destroy_print_stream(stream)) write_failure_alert_box(to_name, errno); break; case FRS_OPEN_ERROR: case FRS_READ_ERROR: destroy_print_stream(stream); break; case FRS_PRINT_ERROR: write_failure_alert_box(to_name, errno); destroy_print_stream(stream); break; } } /* Save the directory name for future file dialogs. */ dirname = get_dirname(to_name); /* Overwrites to_name */ set_last_open_dir(dirname); g_free(to_name); } void follow_save_as_destroy_cb(GtkWidget * win _U_, gpointer data) { follow_info_t *follow_info = data; /* Note that we no longer have a dialog box. */ follow_info->follow_save_as_w = NULL; } void follow_stream_direction_changed(GtkWidget *w, gpointer data) { follow_info_t *follow_info = data; switch(gtk_combo_box_get_active(GTK_COMBO_BOX(w))) { case 0 : follow_info->show_stream = BOTH_HOSTS; follow_load_text(follow_info); break; case 1 : follow_info->show_stream = FROM_CLIENT; follow_load_text(follow_info); break; case 2 : follow_info->show_stream = FROM_SERVER; follow_load_text(follow_info); break; } } /* Add a "follow_info_t" structure to the list. */ void remember_follow_info(follow_info_t *follow_info) { follow_infos = g_list_append(follow_infos, follow_info); } #define IS_SHOW_TYPE(x) (follow_info->show_type == x ? 1 : 0) /* Remove a "follow_info_t" structure from the list. */ void forget_follow_info(follow_info_t *follow_info) { follow_infos = g_list_remove(follow_infos, follow_info); } void follow_stream(gchar *title, follow_info_t *follow_info, gchar *both_directions_string, gchar *server_to_client_string, gchar *client_to_server_string) { GtkWidget *streamwindow, *vbox, *txt_scrollw, *text; GtkWidget *hbox, *bbox, *button, *radio_bt; GtkWidget *stream_fr, *stream_vb; GtkWidget *stream_cmb; GtkTooltips *tooltips; follow_stats_t stats; follow_info->show_type = SHOW_RAW; streamwindow = dlg_window_new(title); /* needed in follow_filter_out_stream(), is there a better way? */ follow_info->streamwindow = streamwindow; gtk_widget_set_name(streamwindow, title); gtk_window_set_default_size(GTK_WINDOW(streamwindow), DEF_WIDTH, DEF_HEIGHT); gtk_container_set_border_width(GTK_CONTAINER(streamwindow), 6); /* setup the container */ tooltips = gtk_tooltips_new (); vbox = gtk_vbox_new(FALSE, 6); gtk_container_add(GTK_CONTAINER(streamwindow), vbox); /* content frame */ if (incomplete_tcp_stream) { stream_fr = gtk_frame_new("Stream Content (incomplete)"); } else { stream_fr = gtk_frame_new("Stream Content"); } gtk_container_add(GTK_CONTAINER(vbox), stream_fr); gtk_widget_show(stream_fr); stream_vb = gtk_vbox_new(FALSE, 6); gtk_container_set_border_width( GTK_CONTAINER(stream_vb) , 6); gtk_container_add(GTK_CONTAINER(stream_fr), stream_vb); /* create a scrolled window for the text */ txt_scrollw = scrolled_window_new(NULL, NULL); gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(txt_scrollw), GTK_SHADOW_IN); gtk_box_pack_start(GTK_BOX(stream_vb), txt_scrollw, TRUE, TRUE, 0); /* create a text box */ text = gtk_text_view_new(); gtk_text_view_set_editable(GTK_TEXT_VIEW(text), FALSE); gtk_text_view_set_wrap_mode(GTK_TEXT_VIEW(text), GTK_WRAP_WORD_CHAR); gtk_container_add(GTK_CONTAINER(txt_scrollw), text); follow_info->text = text; /* stream hbox */ hbox = gtk_hbox_new(FALSE, 1); gtk_box_pack_start(GTK_BOX(stream_vb), hbox, FALSE, FALSE, 0); /* Create Find Button */ button = gtk_button_new_from_stock(GTK_STOCK_FIND); g_signal_connect(button, "clicked", G_CALLBACK(follow_find_cb), follow_info); gtk_tooltips_set_tip (tooltips, button, "Find text in the displayed content", NULL); gtk_box_pack_start(GTK_BOX(hbox), button, FALSE, FALSE, 0); /* Create Save As Button */ button = gtk_button_new_from_stock(GTK_STOCK_SAVE_AS); g_signal_connect(button, "clicked", G_CALLBACK(follow_save_as_cmd_cb), follow_info); gtk_tooltips_set_tip (tooltips, button, "Save the content as currently displayed", NULL); gtk_box_pack_start(GTK_BOX(hbox), button, FALSE, FALSE, 0); /* Create Print Button */ button = gtk_button_new_from_stock(GTK_STOCK_PRINT); g_signal_connect(button, "clicked", G_CALLBACK(follow_print_stream), follow_info); gtk_tooltips_set_tip(tooltips, button, "Print the content as currently displayed", NULL); gtk_box_pack_start(GTK_BOX(hbox), button, FALSE, FALSE, 0); /* Stream to show */ follow_stats(&stats); follow_info->is_ipv6 = stats.is_ipv6; stream_cmb = gtk_combo_box_new_text(); gtk_combo_box_append_text(GTK_COMBO_BOX(stream_cmb), both_directions_string); follow_info->show_stream = BOTH_HOSTS; gtk_combo_box_append_text(GTK_COMBO_BOX(stream_cmb), server_to_client_string); gtk_combo_box_append_text(GTK_COMBO_BOX(stream_cmb), client_to_server_string); gtk_combo_box_set_active(GTK_COMBO_BOX(stream_cmb), 0); /* Do this before signal_connect */ /* so callback not triggered */ g_signal_connect(stream_cmb, "changed", G_CALLBACK(follow_stream_direction_changed), follow_info); gtk_tooltips_set_tip (tooltips, stream_cmb, "Select the stream direction to display", NULL); gtk_box_pack_start(GTK_BOX(hbox), stream_cmb, FALSE, FALSE, 0); /* ASCII radio button */ radio_bt = gtk_radio_button_new_with_label(NULL, "ASCII"); gtk_tooltips_set_tip (tooltips, radio_bt, "Stream data output in \"ASCII\" format", NULL); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radio_bt), IS_SHOW_TYPE(SHOW_ASCII)); gtk_box_pack_start(GTK_BOX(hbox), radio_bt, FALSE, FALSE, 0); g_signal_connect(radio_bt, "toggled", G_CALLBACK(follow_charset_toggle_cb), follow_info); follow_info->ascii_bt = radio_bt; /* EBCDIC radio button */ radio_bt = gtk_radio_button_new_with_label(gtk_radio_button_get_group (GTK_RADIO_BUTTON(radio_bt)), "EBCDIC"); gtk_tooltips_set_tip (tooltips, radio_bt, "Stream data output in \"EBCDIC\" format", NULL); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radio_bt), IS_SHOW_TYPE(SHOW_EBCDIC)); gtk_box_pack_start(GTK_BOX(hbox), radio_bt, FALSE, FALSE, 0); g_signal_connect(radio_bt, "toggled", G_CALLBACK(follow_charset_toggle_cb), follow_info); follow_info->ebcdic_bt = radio_bt; /* HEX DUMP radio button */ radio_bt = gtk_radio_button_new_with_label(gtk_radio_button_get_group (GTK_RADIO_BUTTON(radio_bt)), "Hex Dump"); gtk_tooltips_set_tip (tooltips, radio_bt, "Stream data output in \"Hexdump\" format", NULL); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radio_bt), IS_SHOW_TYPE(SHOW_HEXDUMP)); gtk_box_pack_start(GTK_BOX(hbox), radio_bt, FALSE, FALSE, 0); g_signal_connect(radio_bt, "toggled", G_CALLBACK(follow_charset_toggle_cb), follow_info); follow_info->hexdump_bt = radio_bt; /* C Array radio button */ radio_bt = gtk_radio_button_new_with_label(gtk_radio_button_get_group (GTK_RADIO_BUTTON(radio_bt)), "C Arrays"); gtk_tooltips_set_tip (tooltips, radio_bt, "Stream data output in \"C Array\" format", NULL); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radio_bt), IS_SHOW_TYPE(SHOW_CARRAY)); gtk_box_pack_start(GTK_BOX(hbox), radio_bt, FALSE, FALSE, 0); g_signal_connect(radio_bt, "toggled", G_CALLBACK(follow_charset_toggle_cb), follow_info); follow_info->carray_bt = radio_bt; /* Raw radio button */ radio_bt = gtk_radio_button_new_with_label(gtk_radio_button_get_group (GTK_RADIO_BUTTON(radio_bt)), "Raw"); gtk_tooltips_set_tip (tooltips, radio_bt, "Stream data output in \"Raw\" (binary) format. As this contains non printable characters, the screen output will be in ASCII format", NULL); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radio_bt), IS_SHOW_TYPE(SHOW_RAW)); gtk_box_pack_start(GTK_BOX(hbox), radio_bt, FALSE, FALSE, 0); g_signal_connect(radio_bt, "toggled", G_CALLBACK(follow_charset_toggle_cb), follow_info); follow_info->raw_bt = radio_bt; /* Button row: help, filter out, close button */ bbox = dlg_button_row_new(WIRESHARK_STOCK_FILTER_OUT_STREAM, GTK_STOCK_CLOSE, GTK_STOCK_HELP, NULL); gtk_box_pack_start(GTK_BOX(vbox), bbox, FALSE, FALSE, 5); button = g_object_get_data(G_OBJECT(bbox), WIRESHARK_STOCK_FILTER_OUT_STREAM); gtk_tooltips_set_tip (tooltips, button, "Build a display filter which cuts this stream from the capture", NULL); g_signal_connect(button, "clicked", G_CALLBACK(follow_filter_out_stream), follow_info); button = g_object_get_data(G_OBJECT(bbox), GTK_STOCK_CLOSE); window_set_cancel_button(streamwindow, button, window_cancel_button_cb); gtk_tooltips_set_tip (tooltips, button, "Close the dialog and keep the current display filter", NULL); gtk_widget_grab_default(button); button = g_object_get_data(G_OBJECT(bbox), GTK_STOCK_HELP); g_signal_connect(button, "clicked", G_CALLBACK(topic_cb), (gpointer)HELP_FOLLOW_STREAM_DIALOG); /* Tuck away the follow_info object into the window */ g_object_set_data(G_OBJECT(streamwindow), E_FOLLOW_INFO_KEY, follow_info); follow_load_text(follow_info); remember_follow_info(follow_info); g_signal_connect(streamwindow, "delete_event", G_CALLBACK(window_delete_event_cb), NULL); g_signal_connect(streamwindow, "destroy", G_CALLBACK(follow_destroy_cb), NULL); /* Make sure this widget gets destroyed if we quit the main loop, so that if we exit, we clean up any temporary files we have for "Follow TCP Stream" windows. */ gtk_quit_add_destroy(gtk_main_level(), GTK_OBJECT(streamwindow)); gtk_widget_show_all(streamwindow); window_present(streamwindow); } /* The destroy call back has the responsibility of * unlinking the temporary file * and freeing the filter_out_filter */ static void follow_destroy_cb(GtkWidget *w, gpointer data _U_) { follow_info_t *follow_info; follow_record_t *follow_record; GList *cur; int i; follow_info = g_object_get_data(G_OBJECT(w), E_FOLLOW_INFO_KEY); switch(follow_info->follow_type) { case FOLLOW_TCP : i = ws_unlink(follow_info->data_out_filename); if(i != 0) { g_warning("Follow: Couldn't remove temporary file: \"%s\", errno: %s (%u)", follow_info->data_out_filename, strerror(errno), errno); } break; case FOLLOW_UDP : for(cur = follow_info->payload; cur; cur = g_list_next(cur)) if(cur->data) { follow_record = cur->data; if(follow_record->data) g_byte_array_free(follow_record->data, TRUE); g_free(follow_record); } g_list_free(follow_info->payload); break; case FOLLOW_SSL : /* free decrypted data list*/ for (cur = follow_info->payload; cur; cur = g_list_next(cur)) if (cur->data) { g_free(cur->data); cur->data = NULL; } g_list_free (follow_info->payload); break; } g_free(follow_info->filter_out_filter); g_free((gpointer)follow_info->client_ip.data); forget_follow_info(follow_info); g_free(follow_info); } frs_return_t follow_show(follow_info_t *follow_info, gboolean (*print_line)(char *, size_t, gboolean, void *), char *buffer, size_t nchars, gboolean is_server, void *arg, guint32 *global_pos, guint32 *server_packet_count, guint32 *client_packet_count) { gchar initbuf[256]; guint32 current_pos; static const gchar hexchars[16] = "0123456789abcdef"; switch (follow_info->show_type) { case SHOW_EBCDIC: /* If our native arch is ASCII, call: */ EBCDIC_to_ASCII(buffer, (guint) nchars); if (!(*print_line) (buffer, nchars, is_server, arg)) return FRS_PRINT_ERROR; break; case SHOW_ASCII: /* If our native arch is EBCDIC, call: * ASCII_TO_EBCDIC(buffer, nchars); */ if (!(*print_line) (buffer, nchars, is_server, arg)) return FRS_PRINT_ERROR; break; case SHOW_RAW: /* Don't translate, no matter what the native arch * is. */ if (!(*print_line) (buffer, nchars, is_server, arg)) return FRS_PRINT_ERROR; break; case SHOW_HEXDUMP: current_pos = 0; while (current_pos < nchars) { gchar hexbuf[256]; int i; gchar *cur = hexbuf, *ascii_start; /* is_server indentation : put 4 spaces at the * beginning of the string */ /* XXX - We might want to prepend each line with "C" or "S" instead. */ if (is_server && follow_info->show_stream == BOTH_HOSTS) { memset(cur, ' ', 4); cur += 4; } cur += g_snprintf(cur, 20, "%08X ", *global_pos); /* 49 is space consumed by hex chars */ ascii_start = cur + 49; for (i = 0; i < 16 && current_pos + i < nchars; i++) { *cur++ = hexchars[(buffer[current_pos + i] & 0xf0) >> 4]; *cur++ = hexchars[buffer[current_pos + i] & 0x0f]; *cur++ = ' '; if (i == 7) *cur++ = ' '; } /* Fill it up if column isn't complete */ while (cur < ascii_start) *cur++ = ' '; /* Now dump bytes as text */ for (i = 0; i < 16 && current_pos + i < nchars; i++) { *cur++ = (isprint((guchar)buffer[current_pos + i]) ? buffer[current_pos + i] : '.' ); if (i == 7) { *cur++ = ' '; } } current_pos += i; (*global_pos) += i; *cur++ = '\n'; *cur = 0; if (!(*print_line) (hexbuf, strlen(hexbuf), is_server, arg)) return FRS_PRINT_ERROR; } break; case SHOW_CARRAY: current_pos = 0; g_snprintf(initbuf, sizeof(initbuf), "char peer%d_%d[] = {\n", is_server ? 1 : 0, is_server ? (*server_packet_count)++ : (*client_packet_count)++); if (!(*print_line) (initbuf, strlen(initbuf), is_server, arg)) return FRS_PRINT_ERROR; while (current_pos < nchars) { gchar hexbuf[256]; int i, cur; cur = 0; for (i = 0; i < 8 && current_pos + i < nchars; i++) { /* Prepend entries with "0x" */ hexbuf[cur++] = '0'; hexbuf[cur++] = 'x'; hexbuf[cur++] = hexchars[(buffer[current_pos + i] & 0xf0) >> 4]; hexbuf[cur++] = hexchars[buffer[current_pos + i] & 0x0f]; /* Delimit array entries with a comma */ if (current_pos + i + 1 < nchars) hexbuf[cur++] = ','; hexbuf[cur++] = ' '; } /* Terminate the array if we are at the end */ if (current_pos + i == nchars) { hexbuf[cur++] = '}'; hexbuf[cur++] = ';'; } current_pos += i; (*global_pos) += i; hexbuf[cur++] = '\n'; hexbuf[cur] = 0; if (!(*print_line) (hexbuf, strlen(hexbuf), is_server, arg)) return FRS_PRINT_ERROR; } break; } return FRS_OK; }