Ask Your Question
0

Is it possible to read multiple pcap file using a loop inside the main function of tshark.c?

asked 2023-11-26 14:09:08 +0000

omicron2023 gravatar image

updated 2023-11-26 15:08:22 +0000

Suppose in tshark.c,
I rename the int main() function to Old_Main(int argc, char* argv[]) and call it in a loop in the newly created int main() function.

Example:

//main function renamed as Old_Main
int
Old_Main(int argc, char* argv[])
{
    //the code inside the main function as it was, I make no change.
}

//new main function
//Here I am reading 3 pcap file (packet1.pcap, packet2.pcap, packet3.pcap)
int
main(int argc, char* argv[])
{
    int i = 1;
    while (i <= 3)
    {
        argc = 4;
        argv[1] = "-Tjson";
        argv[2] = "-r";
        sprintf(argv[3], "D:\\Windows\\files\\packet%d.pcap", i);
        Old_Main(argc, argv);
        i++;
    }
    return exit_status; //I declare exit_status globally so that I can return it here.
}

I am getting the following exception after doing it,

** (tshark:10488) 20:01:33.061563 [Wiretap ERROR] C:\Development\wireshark\wiretap\file_access.c:1273 -- wtap_init_file_type_subtypes(): assertion failed: file_type_subtype_table_arr == ((void *)0)

** (tshark:10488) Aborting on fatal log level exception

Anyone kindly help me to find a way.
Thanks in advance for your help.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2023-11-28 22:24:17 +0000

André gravatar image

updated 2023-11-29 09:36:06 +0000

argv[3] is a pointer, it is NOT a char array to store a string in. And argv is declared as char* argv[], which means "an array of pointers to char".
For example argv[1] = "-Tjson"; means: set the pointer argv[1] to the memory address where the string "-Tjson" is stored. That is how pointers in C work.

So, by writing to unspecified memory using sprintf the memory gets corrupted causing a crash further down the stream...

Allocate some memory first, e.g. on the stack using char buf[50]; and set the pointer argv[3] = buf; then inside the (for) loop fill the string buffer snprintf(buf, sizeof buf, "D:\\Windows\\files\\packet%d.pcap", i);

But this whole peace of code looks awkward to me. Why would you require 3 command line arguments so you can replace them with your own, instead of calling tshark 3 times (or use your own array)?
The size of the array argv is set by the caller of main, so if you do not provide any command line arguments the size is 1 (or 2 for a NULL pointer as sentinel). In that case argv[3] is beyond the memory reserved for the array. That can also cause problems. In C it is the responsibility of the programmer to check the array bounds. There is no implicit memory allocation in C programming language (therefore also no implicit memory release by a process called ‘Garbage Collection’) and that is why working with character strings is hard.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2023-11-26 14:09:08 +0000

Seen: 190 times

Last updated: Nov 29 '23

Related questions

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark

Using tshark filters to extract only interesting traffic from 12GB trace

Any way to use cmd tshark for a gns3 wire?

authority RRs tshark

can I install only tshark?

How do I change the interface on Tshark?

Tshark TCP stream assembly

Tshark output file problem, saving to csv or txt

How to convert Pcapng file to pcap file by Tshark