Improve file merging for mergecap and wireshark

Refactor the file merging code by removing the duplicate logic from mergecap.c and file.c's cf_merge_files(), into a new merge_files() function in merge.c. Also the following user-visible changes: * Removed the '-T' encap type option from mergecap, as it's illogical for mergecap and would complicate common merge code. * Input files with IDBs of different name, speed, tsprecision, etc., will produce an output PCAPNG file with separate IDBs, even if their encap types are the same. * Added a '-I' IDB merge mode option for mergecap, to control how IDBs are merged. * Changed Wireshark's drag-and-drop merging to use PCAPNG instead of PCAP. Bug: 8795 Bug: 7381 Change-Id: Icc30d217e093d6f40114422204afd2e332834f71 Reviewed-on: https://code.wireshark.org/review/10058 Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
network-analytics · Aug 18, 2015 · 8fcdcb9 · 8fcdcb9
1 parent a3c175a
commit 8fcdcb9
Show file tree

Hide file tree

Showing 9 changed files with 1,139 additions and 734 deletions.
diff --git a/debian/libwiretap0.symbols b/debian/libwiretap0.symbols
@@ -11,10 +11,13 @@ libwiretap.so.0 libwiretap0 #MINVER#
  init_open_routines@Base 1.12.0~rc1
  merge_append_read_packet@Base 1.12.0~rc1
  merge_close_in_files@Base 1.12.0~rc1
+ merge_files@Base 1.99.9
+ merge_idb_merge_mode_to_string@Base 1.99.9
  merge_max_snapshot_length@Base 1.12.0~rc1
  merge_open_in_files@Base 1.12.0~rc1
  merge_read_packet@Base 1.12.0~rc1
  merge_select_frame_type@Base 1.12.0~rc1
+ merge_string_to_idb_merge_mode@Base 1.99.9
  open_info_name_to_type@Base 1.12.0~rc1
  open_routines@Base 1.12.0~rc1
  register_all_wiretap_modules@Base 1.12.0~rc1
@@ -65,6 +68,7 @@ libwiretap.so.0 libwiretap0 #MINVER#
  wtap_fstat@Base 1.9.1
  wtap_get_all_file_extensions_list@Base 1.12.0~rc1
  wtap_get_bytes_dumped@Base 1.9.1
+ wtap_get_debug_if_descr@Base 1.99.9
  wtap_get_file_extension_type_extensions@Base 1.12.0~rc1
  wtap_get_file_extension_type_name@Base 1.12.0~rc1
  wtap_get_file_extensions_list@Base 1.9.1

diff --git a/doc/mergecap.pod b/doc/mergecap.pod
@@ -9,8 +9,8 @@ B<mergecap>
 S<[ B<-a> ]>
 S<[ B<-F> E<lt>I<file format>E<gt> ]>
 S<[ B<-h> ]>
+S<[ B<-I> E<lt>I<IDB merge mode>E<gt> ]>
 S<[ B<-s> E<lt>I<snaplen>E<gt> ]>
-S<[ B<-T> E<lt>I<encapsulation type>E<gt> ]>
 S<[ B<-v> ]>
 S<[ B<-V> ]>
 S<B<-w> E<lt>I<outfile>E<gt>|->
@@ -79,6 +79,28 @@ first input file.
 
 Prints the version and options and exits.
 
+=item -I  E<lt>IDB merge modeE<gt>
+
+Sets the Interface Description Block (IDB) merge mode to use during merging.
+B<mergecap -I> provides a list of the available IDB merge modes.
+
+Every input file has one or more IDBs, which describe the interface(s) the
+capture was performed on originally. This includes encapsulation type,
+interface name, etc. When mergecap merges multiple input files, it has to
+merge these IDBs somehow for the new merged output file. This flag controls
+how that is accomplished. The currently available modes are:
+
+ * 'B<none>': no merging of IDBs is performed, and instead all IDBs are
+              copied to the merged output file.
+ * 'B<all>':  IDBs are merged only if all input files have the same number
+              of IDBs, and each IDB matches their respective entry in the
+              other files. This is the default mode.
+ * 'B<any>':  Any and all duplicate IDBs are merged into one IDB, regardless
+              of what file they are in.
+
+Note that an IDB is only considered a matching duplicate if it has the same
+encapsulation type, name, speed, time precision, comments, description, etc.
+
 =item -s  E<lt>snaplenE<gt>
 
 Sets the snapshot length to use when writing the data.
@@ -92,22 +114,6 @@ appear to reject Ethernet frames larger than the standard Ethernet MTU,
 making them incapable of handling gigabit Ethernet captures if jumbo
 frames were used).
 
-=item -T  E<lt>encapsulation typeE<gt>
-
-Sets the packet encapsulation type of the output capture file.
-If the B<-T> flag is used to specify a frame encapsulation type, the
-encapsulation type of the output capture file will be forced to the
-specified type, rather than being the type appropriate to the
-encapsulation type of the input capture files.
-
-Note that this merely
-forces the encapsulation type of the output file to be the specified
-type; the packet headers of the packets will not be translated from the
-encapsulation type of the input capture file to the specified
-encapsulation type (for example, it will not translate an Ethernet
-capture to an FDDI capture if an Ethernet capture is read and 'B<-T
-fddi>' is specified).
-
 =item -v
 
 Causes B<mergecap> to print a number of messages while it's working.