2 * Routines for capture options setting
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
39 #include <epan/packet.h>
40 #include <epan/prefs.h>
41 #include "capture_ui_utils.h"
43 #include "capture_opts.h"
44 #include "ringbuffer.h"
45 #include "clopts_common.h"
46 #include "cmdarg_err.h"
48 #include "capture_ifinfo.h"
49 #include "capture-pcap-util.h"
50 #include <wsutil/file_util.h>
52 static gboolean capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe);
56 capture_opts_init(capture_options *capture_opts)
58 capture_opts->ifaces = g_array_new(FALSE, FALSE, sizeof(interface_options));
59 capture_opts->all_ifaces = g_array_new(FALSE, FALSE, sizeof(interface_t));
60 capture_opts->num_selected = 0;
61 capture_opts->default_options.name = NULL;
62 capture_opts->default_options.descr = NULL;
63 capture_opts->default_options.cfilter = NULL;
64 capture_opts->default_options.has_snaplen = FALSE;
65 capture_opts->default_options.snaplen = WTAP_MAX_PACKET_SIZE;
66 capture_opts->default_options.linktype = -1; /* use interface default */
67 capture_opts->default_options.promisc_mode = TRUE;
68 capture_opts->default_options.if_type = IF_WIRED;
69 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
70 capture_opts->default_options.buffer_size = DEFAULT_CAPTURE_BUFFER_SIZE;
72 capture_opts->default_options.monitor_mode = FALSE;
73 #ifdef HAVE_PCAP_REMOTE
74 capture_opts->default_options.src_type = CAPTURE_IFLOCAL;
75 capture_opts->default_options.remote_host = NULL;
76 capture_opts->default_options.remote_port = NULL;
77 capture_opts->default_options.auth_type = CAPTURE_AUTH_NULL;
78 capture_opts->default_options.auth_username = NULL;
79 capture_opts->default_options.auth_password = NULL;
80 capture_opts->default_options.datatx_udp = FALSE;
81 capture_opts->default_options.nocap_rpcap = TRUE;
82 capture_opts->default_options.nocap_local = FALSE;
84 #ifdef HAVE_PCAP_SETSAMPLING
85 capture_opts->default_options.sampling_method = CAPTURE_SAMP_NONE;
86 capture_opts->default_options.sampling_param = 0;
88 capture_opts->saving_to_file = FALSE;
89 capture_opts->save_file = NULL;
90 capture_opts->group_read_access = FALSE;
91 #ifdef PCAP_NG_DEFAULT
92 capture_opts->use_pcapng = TRUE; /* Save as pcap-ng by default */
94 capture_opts->use_pcapng = FALSE; /* Save as pcap by default */
96 capture_opts->real_time_mode = TRUE;
97 capture_opts->show_info = TRUE;
98 capture_opts->quit_after_cap = getenv("WIRESHARK_QUIT_AFTER_CAPTURE") ? TRUE : FALSE;
99 capture_opts->restart = FALSE;
100 capture_opts->orig_save_file = NULL;
102 capture_opts->multi_files_on = FALSE;
103 capture_opts->has_file_duration = FALSE;
104 capture_opts->file_duration = 60; /* 1 min */
105 capture_opts->has_ring_num_files = FALSE;
106 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
108 capture_opts->has_autostop_files = FALSE;
109 capture_opts->autostop_files = 1;
110 capture_opts->has_autostop_packets = FALSE;
111 capture_opts->autostop_packets = 0;
112 capture_opts->has_autostop_filesize = FALSE;
113 capture_opts->autostop_filesize = 1000; /* 1 MB */
114 capture_opts->has_autostop_duration = FALSE;
115 capture_opts->autostop_duration = 60; /* 1 min */
116 capture_opts->capture_comment = NULL;
118 capture_opts->output_to_pipe = FALSE;
119 capture_opts->capture_child = FALSE;
123 /* log content of capture_opts */
125 capture_opts_log(const char *log_domain, GLogLevelFlags log_level, capture_options *capture_opts) {
128 g_log(log_domain, log_level, "CAPTURE OPTIONS :");
130 for (i = 0; i < capture_opts->ifaces->len; i++) {
131 interface_options interface_opts;
133 interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
134 g_log(log_domain, log_level, "Interface name[%02d] : %s", i, interface_opts.name ? interface_opts.name : "(unspecified)");
135 g_log(log_domain, log_level, "Interface description[%02d] : %s", i, interface_opts.descr ? interface_opts.descr : "(unspecified)");
136 g_log(log_domain, log_level, "Console display name[%02d]: %s", i, interface_opts.console_display_name ? interface_opts.console_display_name : "(unspecified)");
137 g_log(log_domain, log_level, "Capture filter[%02d] : %s", i, interface_opts.cfilter ? interface_opts.cfilter : "(unspecified)");
138 g_log(log_domain, log_level, "Snap length[%02d] (%u) : %d", i, interface_opts.has_snaplen, interface_opts.snaplen);
139 g_log(log_domain, log_level, "Link Type[%02d] : %d", i, interface_opts.linktype);
140 g_log(log_domain, log_level, "Promiscuous Mode[%02d]: %s", i, interface_opts.promisc_mode?"TRUE":"FALSE");
141 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
142 g_log(log_domain, log_level, "Buffer size[%02d] : %d (MB)", i, interface_opts.buffer_size);
144 g_log(log_domain, log_level, "Monitor Mode[%02d] : %s", i, interface_opts.monitor_mode?"TRUE":"FALSE");
145 #ifdef HAVE_PCAP_REMOTE
146 g_log(log_domain, log_level, "Capture source[%02d] : %s", i,
147 interface_opts.src_type == CAPTURE_IFLOCAL ? "Local interface" :
148 interface_opts.src_type == CAPTURE_IFREMOTE ? "Remote interface" :
150 if (interface_opts.src_type == CAPTURE_IFREMOTE) {
151 g_log(log_domain, log_level, "Remote host[%02d] : %s", i, interface_opts.remote_host ? interface_opts.remote_host : "(unspecified)");
152 g_log(log_domain, log_level, "Remote port[%02d] : %s", i, interface_opts.remote_port ? interface_opts.remote_port : "(unspecified)");
154 g_log(log_domain, log_level, "Authentication[%02d] : %s", i,
155 interface_opts.auth_type == CAPTURE_AUTH_NULL ? "Null" :
156 interface_opts.auth_type == CAPTURE_AUTH_PWD ? "By username/password" :
158 if (interface_opts.auth_type == CAPTURE_AUTH_PWD) {
159 g_log(log_domain, log_level, "Auth username[%02d] : %s", i, interface_opts.auth_username ? interface_opts.auth_username : "(unspecified)");
160 g_log(log_domain, log_level, "Auth password[%02d] : <hidden>", i);
162 g_log(log_domain, log_level, "UDP data tfer[%02d] : %u", i, interface_opts.datatx_udp);
163 g_log(log_domain, log_level, "No cap. RPCAP[%02d] : %u", i, interface_opts.nocap_rpcap);
164 g_log(log_domain, log_level, "No cap. local[%02d] : %u", i, interface_opts.nocap_local);
166 #ifdef HAVE_PCAP_SETSAMPLING
167 g_log(log_domain, log_level, "Sampling meth.[%02d] : %d", i, interface_opts.sampling_method);
168 g_log(log_domain, log_level, "Sampling param.[%02d] : %d", i, interface_opts.sampling_param);
171 g_log(log_domain, log_level, "Interface name[df] : %s", capture_opts->default_options.name ? capture_opts->default_options.name : "(unspecified)");
172 g_log(log_domain, log_level, "Interface Descr[df] : %s", capture_opts->default_options.descr ? capture_opts->default_options.descr : "(unspecified)");
173 g_log(log_domain, log_level, "Capture filter[df] : %s", capture_opts->default_options.cfilter ? capture_opts->default_options.cfilter : "(unspecified)");
174 g_log(log_domain, log_level, "Snap length[df] (%u) : %d", capture_opts->default_options.has_snaplen, capture_opts->default_options.snaplen);
175 g_log(log_domain, log_level, "Link Type[df] : %d", capture_opts->default_options.linktype);
176 g_log(log_domain, log_level, "Promiscuous Mode[df]: %s", capture_opts->default_options.promisc_mode?"TRUE":"FALSE");
177 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
178 g_log(log_domain, log_level, "Buffer size[df] : %d (MB)", capture_opts->default_options.buffer_size);
180 g_log(log_domain, log_level, "Monitor Mode[df] : %s", capture_opts->default_options.monitor_mode?"TRUE":"FALSE");
181 #ifdef HAVE_PCAP_REMOTE
182 g_log(log_domain, log_level, "Capture source[df] : %s",
183 capture_opts->default_options.src_type == CAPTURE_IFLOCAL ? "Local interface" :
184 capture_opts->default_options.src_type == CAPTURE_IFREMOTE ? "Remote interface" :
186 if (capture_opts->default_options.src_type == CAPTURE_IFREMOTE) {
187 g_log(log_domain, log_level, "Remote host[df] : %s", capture_opts->default_options.remote_host ? capture_opts->default_options.remote_host : "(unspecified)");
188 g_log(log_domain, log_level, "Remote port[df] : %s", capture_opts->default_options.remote_port ? capture_opts->default_options.remote_port : "(unspecified)");
190 g_log(log_domain, log_level, "Authentication[df] : %s",
191 capture_opts->default_options.auth_type == CAPTURE_AUTH_NULL ? "Null" :
192 capture_opts->default_options.auth_type == CAPTURE_AUTH_PWD ? "By username/password" :
194 if (capture_opts->default_options.auth_type == CAPTURE_AUTH_PWD) {
195 g_log(log_domain, log_level, "Auth username[df] : %s", capture_opts->default_options.auth_username ? capture_opts->default_options.auth_username : "(unspecified)");
196 g_log(log_domain, log_level, "Auth password[df] : <hidden>");
198 g_log(log_domain, log_level, "UDP data tfer[df] : %u", capture_opts->default_options.datatx_udp);
199 g_log(log_domain, log_level, "No cap. RPCAP[df] : %u", capture_opts->default_options.nocap_rpcap);
200 g_log(log_domain, log_level, "No cap. local[df] : %u", capture_opts->default_options.nocap_local);
202 #ifdef HAVE_PCAP_SETSAMPLING
203 g_log(log_domain, log_level, "Sampling meth. [df] : %d", capture_opts->default_options.sampling_method);
204 g_log(log_domain, log_level, "Sampling param.[df] : %d", capture_opts->default_options.sampling_param);
206 g_log(log_domain, log_level, "SavingToFile : %u", capture_opts->saving_to_file);
207 g_log(log_domain, log_level, "SaveFile : %s", (capture_opts->save_file) ? capture_opts->save_file : "");
208 g_log(log_domain, log_level, "GroupReadAccess : %u", capture_opts->group_read_access);
209 g_log(log_domain, log_level, "Fileformat : %s", (capture_opts->use_pcapng) ? "PCAPNG" : "PCAP");
210 g_log(log_domain, log_level, "RealTimeMode : %u", capture_opts->real_time_mode);
211 g_log(log_domain, log_level, "ShowInfo : %u", capture_opts->show_info);
212 g_log(log_domain, log_level, "QuitAfterCap : %u", capture_opts->quit_after_cap);
214 g_log(log_domain, log_level, "MultiFilesOn : %u", capture_opts->multi_files_on);
215 g_log(log_domain, log_level, "FileDuration (%u) : %u", capture_opts->has_file_duration, capture_opts->file_duration);
216 g_log(log_domain, log_level, "RingNumFiles (%u) : %u", capture_opts->has_ring_num_files, capture_opts->ring_num_files);
218 g_log(log_domain, log_level, "AutostopFiles (%u) : %u", capture_opts->has_autostop_files, capture_opts->autostop_files);
219 g_log(log_domain, log_level, "AutostopPackets (%u) : %u", capture_opts->has_autostop_packets, capture_opts->autostop_packets);
220 g_log(log_domain, log_level, "AutostopFilesize(%u) : %u (KB)", capture_opts->has_autostop_filesize, capture_opts->autostop_filesize);
221 g_log(log_domain, log_level, "AutostopDuration(%u) : %u", capture_opts->has_autostop_duration, capture_opts->autostop_duration);
225 * Given a string of the form "<autostop criterion>:<value>", as might appear
226 * as an argument to a "-a" option, parse it and set the criterion in
227 * question. Return an indication of whether it succeeded or failed
231 set_autostop_criterion(capture_options *capture_opts, const char *autostoparg)
235 colonp = strchr(autostoparg, ':');
243 * Skip over any white space (there probably won't be any, but
244 * as we allow it in the preferences file, we might as well
247 while (isspace((guchar)*p))
251 * Put the colon back, so if our caller uses, in an
252 * error message, the string they passed us, the message
258 if (strcmp(autostoparg,"duration") == 0) {
259 capture_opts->has_autostop_duration = TRUE;
260 capture_opts->autostop_duration = get_positive_int(p,"autostop duration");
261 } else if (strcmp(autostoparg,"filesize") == 0) {
262 capture_opts->has_autostop_filesize = TRUE;
263 capture_opts->autostop_filesize = get_positive_int(p,"autostop filesize");
264 } else if (strcmp(autostoparg,"files") == 0) {
265 capture_opts->multi_files_on = TRUE;
266 capture_opts->has_autostop_files = TRUE;
267 capture_opts->autostop_files = get_positive_int(p,"autostop files");
271 *colonp = ':'; /* put the colon back */
276 * Given a string of the form "<ring buffer file>:<duration>", as might appear
277 * as an argument to a "-b" option, parse it and set the arguments in
278 * question. Return an indication of whether it succeeded or failed
282 get_ring_arguments(capture_options *capture_opts, const char *arg)
284 gchar *p = NULL, *colonp;
286 colonp = strchr(arg, ':');
294 * Skip over any white space (there probably won't be any, but
295 * as we allow it in the preferences file, we might as well
298 while (isspace((guchar)*p))
302 * Put the colon back, so if our caller uses, in an
303 * error message, the string they passed us, the message
310 if (strcmp(arg,"files") == 0) {
311 capture_opts->has_ring_num_files = TRUE;
312 capture_opts->ring_num_files = get_positive_int(p, "number of ring buffer files");
313 } else if (strcmp(arg,"filesize") == 0) {
314 capture_opts->has_autostop_filesize = TRUE;
315 capture_opts->autostop_filesize = get_positive_int(p, "ring buffer filesize");
316 } else if (strcmp(arg,"duration") == 0) {
317 capture_opts->has_file_duration = TRUE;
318 capture_opts->file_duration = get_positive_int(p, "ring buffer duration");
321 *colonp = ':'; /* put the colon back */
325 #ifdef HAVE_PCAP_SETSAMPLING
327 * Given a string of the form "<sampling type>:<value>", as might appear
328 * as an argument to a "-m" option, parse it and set the arguments in
329 * question. Return an indication of whether it succeeded or failed
333 get_sampling_arguments(capture_options *capture_opts, const char *arg)
335 gchar *p = NULL, *colonp;
337 colonp = strchr(arg, ':');
344 while (isspace((guchar)*p))
351 if (strcmp(arg, "count") == 0) {
352 if (capture_opts->ifaces->len > 0) {
353 interface_options interface_opts;
355 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
356 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
357 interface_opts.sampling_method = CAPTURE_SAMP_BY_COUNT;
358 interface_opts.sampling_param = get_positive_int(p, "sampling count");
359 g_array_append_val(capture_opts->ifaces, interface_opts);
361 capture_opts->default_options.sampling_method = CAPTURE_SAMP_BY_COUNT;
362 capture_opts->default_options.sampling_param = get_positive_int(p, "sampling count");
364 } else if (strcmp(arg, "timer") == 0) {
365 if (capture_opts->ifaces->len > 0) {
366 interface_options interface_opts;
368 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
369 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
370 interface_opts.sampling_method = CAPTURE_SAMP_BY_TIMER;
371 interface_opts.sampling_param = get_positive_int(p, "sampling timer");
372 g_array_append_val(capture_opts->ifaces, interface_opts);
374 capture_opts->default_options.sampling_method = CAPTURE_SAMP_BY_TIMER;
375 capture_opts->default_options.sampling_param = get_positive_int(p, "sampling timer");
383 #ifdef HAVE_PCAP_REMOTE
385 * Given a string of the form "<username>:<password>", as might appear
386 * as an argument to a "-A" option, parse it and set the arguments in
387 * question. Return an indication of whether it succeeded or failed
391 get_auth_arguments(capture_options *capture_opts, const char *arg)
393 gchar *p = NULL, *colonp;
395 colonp = strchr(arg, ':');
402 while (isspace((guchar)*p))
405 if (capture_opts->ifaces->len > 0) {
406 interface_options interface_opts;
408 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
409 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
410 interface_opts.auth_type = CAPTURE_AUTH_PWD;
411 interface_opts.auth_username = g_strdup(arg);
412 interface_opts.auth_password = g_strdup(p);
413 g_array_append_val(capture_opts->ifaces, interface_opts);
415 capture_opts->default_options.auth_type = CAPTURE_AUTH_PWD;
416 capture_opts->default_options.auth_username = g_strdup(arg);
417 capture_opts->default_options.auth_password = g_strdup(p);
425 capture_opts_add_iface_opt(capture_options *capture_opts, const char *optarg_str_p)
433 interface_options interface_opts;
436 * If the argument is a number, treat it as an index into the list
437 * of adapters, as printed by "tshark -D".
439 * This should be OK on UNIX systems, as interfaces shouldn't have
440 * names that begin with digits. It can be useful on Windows, where
441 * more than one interface can have the same name.
443 adapter_index = strtol(optarg_str_p, &p, 10);
444 if (p != NULL && *p == '\0') {
445 if (adapter_index < 0) {
446 cmdarg_err("The specified adapter index is a negative number");
449 if (adapter_index > INT_MAX) {
450 cmdarg_err("The specified adapter index is too large (greater than %d)",
454 if (adapter_index == 0) {
455 cmdarg_err("There is no interface with that adapter index");
458 if_list = capture_interface_list(&err, &err_str, NULL);
459 if (if_list == NULL) {
462 case CANT_GET_INTERFACE_LIST:
464 cmdarg_err("%s", err_str);
468 case NO_INTERFACES_FOUND:
469 cmdarg_err("There are no interfaces on which a capture can be done");
474 if_info = (if_info_t *)g_list_nth_data(if_list, (int)(adapter_index - 1));
475 if (if_info == NULL) {
476 cmdarg_err("There is no interface with that adapter index");
479 interface_opts.name = g_strdup(if_info->name);
480 if (if_info->friendly_name != NULL) {
482 * We have a friendly name for the interface, so display that
483 * instead of the interface name/guid.
485 * XXX - on UN*X, the interface name is not quite so ugly,
486 * and might be more familiar to users; display them both?
488 interface_opts.console_display_name = g_strdup(if_info->friendly_name);
490 /* fallback to the interface name */
491 interface_opts.console_display_name = g_strdup(if_info->name);
493 free_interface_list(if_list);
494 } else if (capture_opts->capture_child) {
495 /* In Wireshark capture child mode, thus proper device name is supplied. */
496 /* No need for trying to match it for friendly names. */
497 interface_opts.name = g_strdup(optarg_str_p);
498 interface_opts.console_display_name = g_strdup(optarg_str_p);
501 * Retrieve the interface list so that we can search for the
502 * specified option amongst both the interface names and the
503 * friendly names and so that we find the friendly name even
504 * if an interface name was specified.
506 * If we can't get the list, just use the specified option as
507 * the interface name, so that the user can try specifying an
508 * interface explicitly for testing purposes.
510 if_list = capture_interface_list(&err, NULL, NULL);
511 if (if_list != NULL) {
512 /* try and do an exact match (case insensitive) */
517 for (if_entry = g_list_first(if_list); if_entry != NULL;
518 if_entry = g_list_next(if_entry))
520 if_info = (if_info_t *)if_entry->data;
521 /* exact name check */
522 if (g_ascii_strcasecmp(if_info->name, optarg_str_p) == 0) {
523 /* exact match on the interface name, use that for displaying etc */
524 interface_opts.name = g_strdup(if_info->name);
526 if (if_info->friendly_name != NULL) {
528 * If we have a friendly name, use that for the
529 * console display name, as it is the basis for
530 * the auto generated temp filename.
532 interface_opts.console_display_name = g_strdup(if_info->friendly_name);
534 interface_opts.console_display_name = g_strdup(if_info->name);
540 /* exact friendly name check */
541 if (if_info->friendly_name != NULL &&
542 g_ascii_strcasecmp(if_info->friendly_name, optarg_str_p) == 0) {
543 /* exact match - use the friendly name for display */
544 interface_opts.name = g_strdup(if_info->name);
545 interface_opts.console_display_name = g_strdup(if_info->friendly_name);
551 /* didn't find, attempt a case insensitive prefix match of the friendly name*/
553 size_t prefix_length;
555 prefix_length = strlen(optarg_str_p);
556 for (if_entry = g_list_first(if_list); if_entry != NULL;
557 if_entry = g_list_next(if_entry))
559 if_info = (if_info_t *)if_entry->data;
561 if (if_info->friendly_name != NULL &&
562 g_ascii_strncasecmp(if_info->friendly_name, optarg_str_p, prefix_length) == 0) {
563 /* prefix match - use the friendly name for display */
564 interface_opts.name = g_strdup(if_info->name);
565 interface_opts.console_display_name = g_strdup(if_info->friendly_name);
573 * We didn't find the interface in the list; just use
574 * the specified name, so that, for example, if an
575 * interface doesn't show up in the list for some
576 * reason, the user can try specifying it explicitly
577 * for testing purposes.
579 interface_opts.name = g_strdup(optarg_str_p);
580 interface_opts.console_display_name = g_strdup(optarg_str_p);
582 free_interface_list(if_list);
584 interface_opts.name = g_strdup(optarg_str_p);
585 interface_opts.console_display_name = g_strdup(optarg_str_p);
589 /* We don't set iface_descr here because doing so requires
590 * capture_ui_utils.c which requires epan/prefs.c which is
591 * probably a bit too much dependency for here...
593 interface_opts.descr = g_strdup(capture_opts->default_options.descr);
594 interface_opts.cfilter = g_strdup(capture_opts->default_options.cfilter);
595 interface_opts.snaplen = capture_opts->default_options.snaplen;
596 interface_opts.has_snaplen = capture_opts->default_options.has_snaplen;
597 interface_opts.linktype = capture_opts->default_options.linktype;
598 interface_opts.promisc_mode = capture_opts->default_options.promisc_mode;
599 interface_opts.if_type = capture_opts->default_options.if_type;
600 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
601 interface_opts.buffer_size = capture_opts->default_options.buffer_size;
603 interface_opts.monitor_mode = capture_opts->default_options.monitor_mode;
604 #ifdef HAVE_PCAP_REMOTE
605 interface_opts.src_type = capture_opts->default_options.src_type;
606 interface_opts.remote_host = g_strdup(capture_opts->default_options.remote_host);
607 interface_opts.remote_port = g_strdup(capture_opts->default_options.remote_port);
608 interface_opts.auth_type = capture_opts->default_options.auth_type;
609 interface_opts.auth_username = g_strdup(capture_opts->default_options.auth_username);
610 interface_opts.auth_password = g_strdup(capture_opts->default_options.auth_password);
611 interface_opts.datatx_udp = capture_opts->default_options.datatx_udp;
612 interface_opts.nocap_rpcap = capture_opts->default_options.nocap_rpcap;
613 interface_opts.nocap_local = capture_opts->default_options.nocap_local;
615 #ifdef HAVE_PCAP_SETSAMPLING
616 interface_opts.sampling_method = capture_opts->default_options.sampling_method;
617 interface_opts.sampling_param = capture_opts->default_options.sampling_param;
620 g_array_append_val(capture_opts->ifaces, interface_opts);
627 capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg_str_p, gboolean *start_capture)
632 case LONGOPT_NUM_CAP_COMMENT: /* capture comment */
633 if (capture_opts->capture_comment) {
634 cmdarg_err("--capture-comment can be set only once per file");
637 capture_opts->capture_comment = g_strdup(optarg_str_p);
639 case 'a': /* autostop criteria */
640 if (set_autostop_criterion(capture_opts, optarg_str_p) == FALSE) {
641 cmdarg_err("Invalid or unknown -a flag \"%s\"", optarg_str_p);
645 #ifdef HAVE_PCAP_REMOTE
647 if (get_auth_arguments(capture_opts, optarg_str_p) == FALSE) {
648 cmdarg_err("Invalid or unknown -A arg \"%s\"", optarg_str_p);
653 case 'b': /* Ringbuffer option */
654 capture_opts->multi_files_on = TRUE;
655 if (get_ring_arguments(capture_opts, optarg_str_p) == FALSE) {
656 cmdarg_err("Invalid or unknown -b arg \"%s\"", optarg_str_p);
660 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
661 case 'B': /* Buffer size */
662 if (capture_opts->ifaces->len > 0) {
663 interface_options interface_opts;
665 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
666 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
667 interface_opts.buffer_size = get_positive_int(optarg_str_p, "buffer size");
668 g_array_append_val(capture_opts->ifaces, interface_opts);
670 capture_opts->default_options.buffer_size = get_positive_int(optarg_str_p, "buffer size");
674 case 'c': /* Capture n packets */
675 capture_opts->has_autostop_packets = TRUE;
676 capture_opts->autostop_packets = get_positive_int(optarg_str_p, "packet count");
678 case 'f': /* capture filter */
679 if (capture_opts->ifaces->len > 0) {
680 interface_options interface_opts;
682 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
683 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
684 g_free(interface_opts.cfilter);
685 interface_opts.cfilter = g_strdup(optarg_str_p);
686 g_array_append_val(capture_opts->ifaces, interface_opts);
688 g_free(capture_opts->default_options.cfilter);
689 capture_opts->default_options.cfilter = g_strdup(optarg_str_p);
692 case 'g': /* enable group read access on the capture file(s) */
693 capture_opts->group_read_access = TRUE;
695 case 'H': /* Hide capture info dialog box */
696 capture_opts->show_info = FALSE;
698 case 'i': /* Use interface x */
699 status = capture_opts_add_iface_opt(capture_opts, optarg_str_p);
704 #ifdef HAVE_PCAP_CREATE
705 case 'I': /* Capture in monitor mode */
706 if (capture_opts->ifaces->len > 0) {
707 interface_options interface_opts;
709 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
710 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
711 interface_opts.monitor_mode = TRUE;
712 g_array_append_val(capture_opts->ifaces, interface_opts);
714 capture_opts->default_options.monitor_mode = TRUE;
718 case 'k': /* Start capture immediately */
719 *start_capture = TRUE;
721 /*case 'l':*/ /* Automatic scrolling in live capture mode */
722 #ifdef HAVE_PCAP_SETSAMPLING
724 if (get_sampling_arguments(capture_opts, optarg_str_p) == FALSE) {
725 cmdarg_err("Invalid or unknown -m arg \"%s\"", optarg_str_p);
730 case 'n': /* Use pcapng format */
731 capture_opts->use_pcapng = TRUE;
733 case 'p': /* Don't capture in promiscuous mode */
734 if (capture_opts->ifaces->len > 0) {
735 interface_options interface_opts;
737 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
738 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
739 interface_opts.promisc_mode = FALSE;
740 g_array_append_val(capture_opts->ifaces, interface_opts);
742 capture_opts->default_options.promisc_mode = FALSE;
745 case 'P': /* Use pcap format */
746 capture_opts->use_pcapng = FALSE;
748 #ifdef HAVE_PCAP_REMOTE
750 if (capture_opts->ifaces->len > 0) {
751 interface_options interface_opts;
753 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
754 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
755 interface_opts.nocap_rpcap = FALSE;
756 g_array_append_val(capture_opts->ifaces, interface_opts);
758 capture_opts->default_options.nocap_rpcap = FALSE;
762 case 's': /* Set the snapshot (capture) length */
763 snaplen = get_natural_int(optarg_str_p, "snapshot length");
765 * Make a snapshot length of 0 equivalent to the maximum packet
766 * length, mirroring what tcpdump does.
769 snaplen = WTAP_MAX_PACKET_SIZE;
770 if (capture_opts->ifaces->len > 0) {
771 interface_options interface_opts;
773 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
774 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
775 interface_opts.has_snaplen = TRUE;
776 interface_opts.snaplen = snaplen;
777 g_array_append_val(capture_opts->ifaces, interface_opts);
779 capture_opts->default_options.snaplen = snaplen;
780 capture_opts->default_options.has_snaplen = TRUE;
783 case 'S': /* "Real-Time" mode: used for following file ala tail -f */
784 capture_opts->real_time_mode = TRUE;
786 #ifdef HAVE_PCAP_REMOTE
788 if (capture_opts->ifaces->len > 0) {
789 interface_options interface_opts;
791 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
792 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
793 interface_opts.datatx_udp = TRUE;
794 g_array_append_val(capture_opts->ifaces, interface_opts);
796 capture_opts->default_options.datatx_udp = TRUE;
800 case 'w': /* Write to capture file x */
801 capture_opts->saving_to_file = TRUE;
802 g_free(capture_opts->save_file);
803 capture_opts->save_file = g_strdup(optarg_str_p);
804 status = capture_opts_output_to_pipe(capture_opts->save_file, &capture_opts->output_to_pipe);
806 case 'y': /* Set the pcap data link type */
807 if (capture_opts->ifaces->len > 0) {
808 interface_options interface_opts;
810 interface_opts = g_array_index(capture_opts->ifaces, interface_options, capture_opts->ifaces->len - 1);
811 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, capture_opts->ifaces->len - 1);
812 interface_opts.linktype = linktype_name_to_val(optarg_str_p);
813 if (interface_opts.linktype == -1) {
814 cmdarg_err("The specified data link type \"%s\" isn't valid",
818 g_array_append_val(capture_opts->ifaces, interface_opts);
820 capture_opts->default_options.linktype = linktype_name_to_val(optarg_str_p);
821 if (capture_opts->default_options.linktype == -1) {
822 cmdarg_err("The specified data link type \"%s\" isn't valid",
829 /* the caller is responsible to send us only the right opt's */
830 g_assert_not_reached();
837 capture_opts_print_if_capabilities(if_capabilities_t *caps, char *name,
838 gboolean monitor_mode)
841 data_link_info_t *data_link_info;
843 if (caps->can_set_rfmon)
844 printf("Data link types of interface %s when %sin monitor mode (use option -y to set):\n",
845 name, monitor_mode ? "" : "not ");
847 printf("Data link types of interface %s (use option -y to set):\n", name);
848 for (lt_entry = caps->data_link_types; lt_entry != NULL;
849 lt_entry = g_list_next(lt_entry)) {
850 data_link_info = (data_link_info_t *)lt_entry->data;
851 printf(" %s", data_link_info->name);
852 if (data_link_info->description != NULL)
853 printf(" (%s)", data_link_info->description);
855 printf(" (not supported)");
860 /* Print an ASCII-formatted list of interfaces. */
862 capture_opts_print_interfaces(GList *if_list)
868 i = 1; /* Interface id number */
869 for (if_entry = g_list_first(if_list); if_entry != NULL;
870 if_entry = g_list_next(if_entry)) {
871 if_info = (if_info_t *)if_entry->data;
872 printf("%d. %s", i++, if_info->name);
874 /* Print the interface friendly name, if it exists;
875 if not fall back to vendor description, if it exists. */
876 if (if_info->friendly_name != NULL){
877 printf(" (%s)", if_info->friendly_name);
879 if (if_info->vendor_description != NULL)
880 printf(" (%s)", if_info->vendor_description);
888 capture_opts_trim_snaplen(capture_options *capture_opts, int snaplen_min)
891 interface_options interface_opts;
893 if (capture_opts->ifaces->len > 0) {
894 for (i = 0; i < capture_opts->ifaces->len; i++) {
895 interface_opts = g_array_index(capture_opts->ifaces, interface_options, 0);
896 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, 0);
897 if (interface_opts.snaplen < 1)
898 interface_opts.snaplen = WTAP_MAX_PACKET_SIZE;
899 else if (interface_opts.snaplen < snaplen_min)
900 interface_opts.snaplen = snaplen_min;
901 g_array_append_val(capture_opts->ifaces, interface_opts);
904 if (capture_opts->default_options.snaplen < 1)
905 capture_opts->default_options.snaplen = WTAP_MAX_PACKET_SIZE;
906 else if (capture_opts->default_options.snaplen < snaplen_min)
907 capture_opts->default_options.snaplen = snaplen_min;
913 capture_opts_trim_ring_num_files(capture_options *capture_opts)
915 /* Check the value range of the ring_num_files parameter */
916 if (capture_opts->ring_num_files > RINGBUFFER_MAX_NUM_FILES) {
917 cmdarg_err("Too many ring buffer files (%u). Reducing to %u.\n", capture_opts->ring_num_files, RINGBUFFER_MAX_NUM_FILES);
918 capture_opts->ring_num_files = RINGBUFFER_MAX_NUM_FILES;
919 } else if (capture_opts->ring_num_files > RINGBUFFER_WARN_NUM_FILES) {
920 cmdarg_err("%u is a lot of ring buffer files.\n", capture_opts->ring_num_files);
922 #if RINGBUFFER_MIN_NUM_FILES > 0
923 else if (capture_opts->ring_num_files < RINGBUFFER_MIN_NUM_FILES)
924 cmdarg_err("Too few ring buffer files (%u). Increasing to %u.\n", capture_opts->ring_num_files, RINGBUFFER_MIN_NUM_FILES);
925 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
930 * If no interface was specified explicitly, pick a default.
933 capture_opts_default_iface_if_necessary(capture_options *capture_opts,
934 const char *capture_device)
938 /* Did the user specify an interface to use? */
939 if (capture_opts->num_selected != 0 || capture_opts->ifaces->len != 0) {
940 /* yes they did, return immediately - nothing further to do here */
944 /* No - is a default specified in the preferences file? */
945 if (capture_device != NULL) {
947 status = capture_opts_add_iface_opt(capture_opts, capture_device);
950 /* No default in preferences file, just pick the first interface from the list of interfaces. */
951 return capture_opts_add_iface_opt(capture_opts, "1");
955 #define S_IFIFO _S_IFIFO
958 #define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
961 /* copied from filesystem.c */
963 capture_opts_test_for_fifo(const char *path)
967 if (ws_stat64(path, &statb) < 0)
970 if (S_ISFIFO(statb.st_mode))
977 capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe)
983 if (save_file != NULL) {
984 /* We're writing to a capture file. */
985 if (strcmp(save_file, "-") == 0) {
986 /* Writing to stdout. */
987 /* XXX - should we check whether it's a pipe? It's arguably
988 silly to do "-w - >output_file" rather than "-w output_file",
989 but by not checking we might be violating the Principle Of
990 Least Astonishment. */
993 /* not writing to stdout, test for a FIFO (aka named pipe) */
994 err = capture_opts_test_for_fifo(save_file);
997 case ENOENT: /* it doesn't exist, so we'll be creating it,
998 and it won't be a FIFO */
999 case 0: /* found it, but it's not a FIFO */
1002 case ESPIPE: /* it is a FIFO */
1006 default: /* couldn't stat it */
1007 break; /* ignore: later attempt to open */
1008 /* will generate a nice msg */
1017 * Add all non-hidden selected interfaces in the "all interfaces" list
1018 * to the list of interfaces for the capture.
1021 collect_ifaces(capture_options *capture_opts)
1025 interface_options interface_opts;
1027 /* Empty out the existing list of interfaces. */
1028 for (i = capture_opts->ifaces->len; i != 0; i--) {
1029 interface_opts = g_array_index(capture_opts->ifaces, interface_options, i - 1);
1030 g_free(interface_opts.name);
1031 g_free(interface_opts.descr);
1032 if (interface_opts.console_display_name != NULL)
1033 g_free(interface_opts.console_display_name);
1034 g_free(interface_opts.cfilter);
1035 #ifdef HAVE_PCAP_REMOTE
1036 if (interface_opts.src_type == CAPTURE_IFREMOTE) {
1037 g_free(interface_opts.remote_host);
1038 g_free(interface_opts.remote_port);
1039 g_free(interface_opts.auth_username);
1040 g_free(interface_opts.auth_password);
1043 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, i - 1);
1046 /* Now fill the list up again. */
1047 for (i = 0; i < capture_opts->all_ifaces->len; i++) {
1048 device = g_array_index(capture_opts->all_ifaces, interface_t, i);
1049 if (!device.hidden && device.selected) {
1050 interface_opts.name = g_strdup(device.name);
1051 interface_opts.descr = g_strdup(device.display_name);
1052 interface_opts.console_display_name = g_strdup(device.name);
1053 interface_opts.linktype = device.active_dlt;
1054 interface_opts.cfilter = g_strdup(device.cfilter);
1055 interface_opts.snaplen = device.snaplen;
1056 interface_opts.has_snaplen = device.has_snaplen;
1057 interface_opts.promisc_mode = device.pmode;
1058 interface_opts.if_type = device.if_info.type;
1059 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
1060 interface_opts.buffer_size = device.buffer;
1062 #ifdef HAVE_PCAP_CREATE
1063 interface_opts.monitor_mode = device.monitor_mode_enabled;
1065 #ifdef HAVE_PCAP_REMOTE
1066 interface_opts.src_type = CAPTURE_IFREMOTE;
1067 interface_opts.remote_host = g_strdup(device.remote_opts.remote_host_opts.remote_host);
1068 interface_opts.remote_port = g_strdup(device.remote_opts.remote_host_opts.remote_port);
1069 interface_opts.auth_type = device.remote_opts.remote_host_opts.auth_type;
1070 interface_opts.auth_username = g_strdup(device.remote_opts.remote_host_opts.auth_username);
1071 interface_opts.auth_password = g_strdup(device.remote_opts.remote_host_opts.auth_password);
1072 interface_opts.datatx_udp = device.remote_opts.remote_host_opts.datatx_udp;
1073 interface_opts.nocap_rpcap = device.remote_opts.remote_host_opts.nocap_rpcap;
1074 interface_opts.nocap_local = device.remote_opts.remote_host_opts.nocap_local;
1076 #ifdef HAVE_PCAP_SETSAMPLING
1077 interface_opts.sampling_method = device.remote_opts.sampling_method;
1078 interface_opts.sampling_param = device.remote_opts.sampling_param;
1080 g_array_append_val(capture_opts->ifaces, interface_opts);
1088 #endif /* HAVE_LIBPCAP */