2 * Capture options (all parameters needed to do the actual capture)
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * SPDX-License-Identifier: GPL-2.0-or-later
14 * Capture options (all parameters needed to do the actual capture)
18 #ifndef __CAPTURE_OPTS_H__
19 #define __CAPTURE_OPTS_H__
21 #include <sys/types.h> /* for gid_t */
23 #include <caputils/capture_ifinfo.h>
31 #endif /* __cplusplus */
35 * We do not currently have long options corresponding to all short
36 * options; we should probably pick appropriate option names for them.
38 * For long options with no corresponding short options, we define values
39 * outside the range of ASCII graphic characters, make that the last
40 * component of the entry for the long option, and have a case for that
41 * option in the switch statement.
43 * We also pick values < 4096, so as to leave values >= 4096 for
47 * for tshark, we're using a leading - in the optstring to prevent getopt()
48 * from permuting the argv[] entries, in this case, unknown argv[] entries
49 * will be returned as parameters to a dummy-option 1.
50 * In short: we must not use 1 here, which is another reason to use
51 * values outside the range of ASCII graphic characters.
53 #define LONGOPT_NUM_CAP_COMMENT 128
54 #define LONGOPT_LIST_TSTAMP_TYPES 129
55 #define LONGOPT_SET_TSTAMP_TYPE 130
58 * Options for capturing common to all capturing programs.
60 #ifdef HAVE_PCAP_REMOTE
61 #define OPTSTRING_A "A:"
63 #define OPTSTRING_A ""
66 #ifdef CAN_SET_CAPTURE_BUFFER_SIZE
67 #define LONGOPT_BUFFER_SIZE \
68 {"buffer-size", required_argument, NULL, 'B'},
69 #define OPTSTRING_B "B:"
71 #define LONGOPT_BUFFER_SIZE
72 #define OPTSTRING_B ""
75 #ifdef HAVE_PCAP_CREATE
76 #define LONGOPT_MONITOR_MODE {"monitor-mode", no_argument, NULL, 'I'},
77 #define OPTSTRING_I "I"
79 #define LONGOPT_MONITOR_MODE
80 #define OPTSTRING_I ""
83 #define LONGOPT_CAPTURE_COMMON \
84 {"capture-comment", required_argument, NULL, LONGOPT_NUM_CAP_COMMENT}, \
85 {"autostop", required_argument, NULL, 'a'}, \
86 {"ring-buffer", required_argument, NULL, 'b'}, \
88 {"list-interfaces", no_argument, NULL, 'D'}, \
89 {"interface", required_argument, NULL, 'i'}, \
90 LONGOPT_MONITOR_MODE \
91 {"list-data-link-types", no_argument, NULL, 'L'}, \
92 {"no-promiscuous-mode", no_argument, NULL, 'p'}, \
93 {"snapshot-length", required_argument, NULL, 's'}, \
94 {"linktype", required_argument, NULL, 'y'}, \
95 {"list-time-stamp-types", no_argument, NULL, LONGOPT_LIST_TSTAMP_TYPES}, \
96 {"time-stamp-type", required_argument, NULL, LONGOPT_SET_TSTAMP_TYPE},
99 #define OPTSTRING_CAPTURE_COMMON \
100 "a:" OPTSTRING_A "b:" OPTSTRING_B "c:Df:i:" OPTSTRING_I "Lps:y:"
102 #ifdef HAVE_PCAP_REMOTE
103 /* Type of capture source */
105 CAPTURE_IFLOCAL, /**< Local network interface */
106 CAPTURE_IFREMOTE /**< Remote network interface */
109 /* Type of RPCAPD Authentication */
111 CAPTURE_AUTH_NULL, /**< No authentication */
112 CAPTURE_AUTH_PWD /**< User/password authentication */
115 #ifdef HAVE_PCAP_SETSAMPLING
117 * Method of packet sampling (dropping some captured packets),
118 * may require additional integer parameter, marked here as N
121 CAPTURE_SAMP_NONE, /**< No sampling - capture all packets */
122 CAPTURE_SAMP_BY_COUNT, /**< Counter-based sampling -
123 capture 1 packet from every N */
124 CAPTURE_SAMP_BY_TIMER /**< Timer-based sampling -
125 capture no more than 1 packet
130 #ifdef HAVE_PCAP_REMOTE
131 struct remote_host_info {
132 gchar *remote_host; /**< Host name or network address for remote capturing */
133 gchar *remote_port; /**< TCP port of remote RPCAP server */
134 capture_auth auth_type; /**< Authentication type */
135 gchar *auth_username; /**< Remote authentication parameters */
136 gchar *auth_password; /**< Remote authentication parameters */
138 gboolean nocap_rpcap;
139 gboolean nocap_local;
143 gchar *r_host; /**< Host name or network address for remote capturing */
144 gchar *remote_port; /**< TCP port of remote RPCAP server */
145 capture_auth auth_type; /**< Authentication type */
146 gchar *auth_username; /**< Remote authentication parameters */
147 gchar *auth_password; /**< Remote authentication parameters */
150 typedef struct remote_options_tag {
151 capture_source src_type;
152 struct remote_host_info remote_host_opts;
153 #ifdef HAVE_PCAP_SETSAMPLING
154 capture_sampling sampling_method;
158 #endif /* HAVE_PCAP_REMOTE */
160 typedef struct interface_tag {
163 gchar *friendly_name;
171 gboolean has_snaplen;
174 #ifdef CAN_SET_CAPTURE_BUFFER_SIZE
177 #ifdef HAVE_PCAP_CREATE
178 gboolean monitor_mode_enabled;
179 gboolean monitor_mode_supported;
181 #ifdef HAVE_PCAP_REMOTE
182 remote_options remote_opts;
184 guint32 last_packets;
189 /* External capture cached data */
190 GHashTable *external_cap_args_settings;
191 gchar *timestamp_type;
194 typedef struct link_row_tag {
199 typedef struct interface_options_tag {
200 gchar *name; /* the name of the interface supplied to libpcap/WinPcap/Npcap to specify the interface */
201 gchar *descr; /* a more user-friendly description of the interface; may be NULL if none */
202 gchar *display_name; /* the name displayed in the console and title bar */
204 gboolean has_snaplen;
207 gboolean promisc_mode;
208 interface_type if_type;
211 GHashTable *extcap_args;
212 GPid extcap_pid; /* pid of running process or WS_INVALID_PID */
213 gpointer extcap_pipedata;
214 guint extcap_child_watch;
216 HANDLE extcap_pipe_h;
217 HANDLE extcap_control_in_h;
218 HANDLE extcap_control_out_h;
220 gchar *extcap_control_in;
221 gchar *extcap_control_out;
222 #ifdef CAN_SET_CAPTURE_BUFFER_SIZE
225 gboolean monitor_mode;
226 #ifdef HAVE_PCAP_REMOTE
227 capture_source src_type;
230 capture_auth auth_type;
231 gchar *auth_username;
232 gchar *auth_password;
234 gboolean nocap_rpcap;
235 gboolean nocap_local;
237 #ifdef HAVE_PCAP_SETSAMPLING
238 capture_sampling sampling_method;
241 gchar *timestamp_type; /* requested timestamp as string */
242 int timestamp_type_id; /* Timestamp type to pass to pcap_set_tstamp_type.
243 only valid if timestamp_type != NULL */
246 /** Capture options coming from user interface */
247 typedef struct capture_options_tag {
249 GArray *ifaces; /**< the interfaces to use for the
250 next capture, entries are of
251 type interface_options */
252 GArray *all_ifaces; /**< all interfaces, entries are
253 of type interface_t */
254 int ifaces_err; /**< if all_ifaces is null, the error
255 when it was fetched, if any */
256 gchar *ifaces_err_info; /**< error string for that error */
260 * Options to be applied to all interfaces.
262 * Some of these can be set from the GUI, others can't; setting
263 * the link-layer header type, for example, doesn't necessarily
264 * make sense, as different interfaces may support different sets
265 * of link-layer header types.
267 * Some that can't be set from the GUI can be set from the command
268 * line, by specifying them before any interface is specified.
269 * This includes the link-layer header type, so if somebody asks
270 * for a link-layer header type that an interface on which they're
271 * capturing doesn't support, we should report an error and fail
274 * These can be overridden per-interface.
276 interface_options default_options;
278 gboolean saving_to_file; /**< TRUE if capture is writing to a file */
279 gchar *save_file; /**< the capture file name */
280 gboolean group_read_access; /**< TRUE is group read permission needs to be set */
281 gboolean use_pcapng; /**< TRUE if file format is pcapng */
284 gboolean real_time_mode; /**< Update list of packets in real time */
285 gboolean show_info; /**< show the info dialog. */
286 gboolean restart; /**< restart after closing is done */
287 gchar *orig_save_file; /**< the original capture file name (saved for a restart) */
289 /* multiple files (and ringbuffer) */
290 gboolean multi_files_on; /**< TRUE if ring buffer in use */
292 gboolean has_file_duration; /**< TRUE if ring duration specified */
293 gdouble file_duration; /**< Switch file after n seconds */
294 gboolean has_file_interval; /**< TRUE if ring interval specified */
295 gint32 file_interval; /**< Create time intervals of n seconds */
296 gboolean has_ring_num_files; /**< TRUE if ring num_files specified */
297 guint32 ring_num_files; /**< Number of multiple buffer files */
299 /* autostop conditions */
300 gboolean has_autostop_files; /**< TRUE if maximum number of capture files
302 gint32 autostop_files; /**< Maximum number of capture files */
304 gboolean has_autostop_packets; /**< TRUE if maximum packet count is
306 int autostop_packets; /**< Maximum packet count */
307 gboolean has_autostop_filesize; /**< TRUE if maximum capture file size
309 guint32 autostop_filesize; /**< Maximum capture file size in kB */
310 gboolean has_autostop_duration; /**< TRUE if maximum capture duration
312 gdouble autostop_duration; /**< Maximum capture duration */
314 gchar *capture_comment; /** capture comment to write to the
317 /* internally used (don't touch from outside) */
318 gboolean output_to_pipe; /**< save_file is a pipe (named or stdout) */
319 gboolean capture_child; /**< hidden option: Wireshark child mode */
322 /* initialize the capture_options with some reasonable values */
324 capture_opts_init(capture_options *capture_opts);
326 /* clean internal structures */
328 capture_opts_cleanup(capture_options *capture_opts);
330 /* set a command line option value */
332 capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg, gboolean *start_capture);
334 /* log content of capture_opts */
336 capture_opts_log(const char *log_domain, GLogLevelFlags log_level, capture_options *capture_opts);
339 CAPS_MONITOR_MODE = 0x1,
340 CAPS_QUERY_LINK_TYPES = 0x2,
341 CAPS_QUERY_TIMESTAMP_TYPES = 0x4
344 /* print interface capabilities, including link layer types */
346 capture_opts_print_if_capabilities(if_capabilities_t *caps, char *name, int queries);
348 /* print list of interfaces */
350 capture_opts_print_interfaces(GList *if_list);
352 /* trim the snaplen entry */
354 capture_opts_trim_snaplen(capture_options *capture_opts, int snaplen_min);
356 /* trim the ring_num_files entry */
358 capture_opts_trim_ring_num_files(capture_options *capture_opts);
360 /* pick default interface if none was specified */
362 capture_opts_default_iface_if_necessary(capture_options *capture_opts,
363 const char *capture_device);
366 capture_opts_del_iface(capture_options *capture_opts, guint if_index);
369 collect_ifaces(capture_options *capture_opts);
372 capture_opts_free_interface_t(interface_t *device);
374 /* Default capture buffer size in Mbytes. */
375 #define DEFAULT_CAPTURE_BUFFER_SIZE 2
379 #endif /* __cplusplus */
381 #endif /* capture_opts.h */
384 * Editor modelines - http://www.wireshark.org/tools/modelines.html
389 * indent-tabs-mode: nil
392 * vi: set shiftwidth=4 tabstop=8 expandtab:
393 * :indentSize=4:tabSize=8:noTabs=true: