*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include "config.h"
#include <stdio.h>
#include <stdlib.h> /* for exit() */
# include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#include <unistd.h>
#endif
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#endif
+
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#include <signal.h>
#include <errno.h>
+#include <wsutil/crash_info.h>
+
#ifndef HAVE_GETOPT
#include "wsutil/wsgetopt.h"
#endif
#include "ringbuffer.h"
#include "clopts_common.h"
-#include "console_io.h"
#include "cmdarg_err.h"
#include "version_info.h"
#endif
#ifndef _WIN32
-#include <sys/socket.h>
#include <sys/un.h>
#endif
#include "sync_pipe.h"
#include "capture_opts.h"
+#include "capture_session.h"
#include "capture_ifinfo.h"
#include "capture_sync.h"
#include "conditions.h"
#include "capture_stop_conditions.h"
-#include "tempfile.h"
+#include "wsutil/tempfile.h"
#include "log.h"
#include "wsutil/file_util.h"
+#include "ws80211_utils.h"
+
/*
* Get information about libpcap format from "wiretap/libpcap.h".
* XXX - can we just use pcap_open_offline() to read the pipe?
static GAsyncQueue *pcap_queue;
static gint64 pcap_queue_bytes;
static gint64 pcap_queue_packets;
-static gint64 pcap_queue_byte_limit = 1024 * 1024;
-static gint64 pcap_queue_packet_limit = 1000;
+static gint64 pcap_queue_byte_limit = 0;
+static gint64 pcap_queue_packet_limit = 0;
static gboolean capture_child = FALSE; /* FALSE: standalone call, TRUE: this is an Wireshark capture child */
#ifdef _WIN32
/** Stop a low-level capture (stops the capture child). */
static void capture_loop_stop(void);
+/** Close a pipe, or socket if \a from_socket is TRUE */
+static void cap_pipe_close(int pipe_fd, gboolean from_socket _U_);
+
+#ifdef __linux__
+/*
+ * Enable kernel BPF JIT compiler if available.
+ * If any calls fail, just drive on - the JIT compiler might not be
+ * enabled, but filtering will still work, and it's not clear what
+ * we could do if the calls fail; should we just report the error
+ * and not continue to capture, should we report it as a warning, or
+ * what?
+ */
+void
+enable_kernel_bpf_jit_compiler(void)
+{
+ int fd;
+ ssize_t written _U_;
+ static const char file[] = "/proc/sys/net/core/bpf_jit_enable";
+
+ fd = open(file, O_WRONLY);
+ if (fd < 0)
+ return;
+
+ written = write(fd, "1", strlen("1"));
+
+ close(fd);
+}
+#endif
#if !defined (__linux__)
#ifndef HAVE_PCAP_BREAKLOOP
/* whatever the deal with pcap_breakloop, linux doesn't support timeouts
* in pcap_dispatch(); on the other hand, select() works just fine there.
* Hence we use a select for that come what may.
+ *
+ * XXX - with TPACKET_V1 and TPACKET_V2, it currently uses select()
+ * internally, and, with TPACKET_V3, once that's supported, it'll
+ * support timeouts, at least as I understand the way the code works.
*/
#define MUST_DO_SELECT
#endif
INITFILTER_OTHER_ERROR
} initfilter_status_t;
+typedef enum {
+ STATE_EXPECT_REC_HDR,
+ STATE_READ_REC_HDR,
+ STATE_EXPECT_DATA,
+ STATE_READ_DATA
+} cap_pipe_state_t;
+
+typedef enum {
+ PIPOK,
+ PIPEOF,
+ PIPERR,
+ PIPNEXIST
+} cap_pipe_err_t;
+
typedef struct _pcap_options {
- guint32 received;
- guint32 dropped;
- pcap_t *pcap_h;
+ guint32 received;
+ guint32 dropped;
+ guint32 flushed;
+ pcap_t *pcap_h;
#ifdef MUST_DO_SELECT
- int pcap_fd; /* pcap file descriptor */
-#endif
- gboolean pcap_err;
- guint interface_id;
- GThread *tid;
- int snaplen;
- int linktype;
- gboolean ts_nsec; /* TRUE if we're using nanosecond precision. */
- /* capture pipe (unix only "input file") */
- gboolean from_cap_pipe; /* TRUE if we are capturing data from a capture pipe */
- struct pcap_hdr cap_pipe_hdr; /* Pcap header when capturing from a pipe */
- struct pcaprec_modified_hdr cap_pipe_rechdr; /* Pcap record header when capturing from a pipe */
+ int pcap_fd; /**< pcap file descriptor */
+#endif
+ gboolean pcap_err;
+ guint interface_id;
+ GThread *tid;
+ int snaplen;
+ int linktype;
+ gboolean ts_nsec; /**< TRUE if we're using nanosecond precision. */
+ /**< capture pipe (unix only "input file") */
+ gboolean from_cap_pipe; /**< TRUE if we are capturing data from a capture pipe */
+ gboolean from_cap_socket; /**< TRUE if we're capturing from socket */
+ struct pcap_hdr cap_pipe_hdr; /**< Pcap header when capturing from a pipe */
+ struct pcaprec_modified_hdr cap_pipe_rechdr; /**< Pcap record header when capturing from a pipe */
#ifdef _WIN32
- HANDLE cap_pipe_h; /* The handle of the capture pipe */
-#else
- int cap_pipe_fd; /* the file descriptor of the capture pipe */
+ HANDLE cap_pipe_h; /**< The handle of the capture pipe */
#endif
- gboolean cap_pipe_modified; /* TRUE if data in the pipe uses modified pcap headers */
- gboolean cap_pipe_byte_swapped; /* TRUE if data in the pipe is byte swapped */
+ int cap_pipe_fd; /**< the file descriptor of the capture pipe */
+ gboolean cap_pipe_modified; /**< TRUE if data in the pipe uses modified pcap headers */
+ gboolean cap_pipe_byte_swapped; /**< TRUE if data in the pipe is byte swapped */
#if defined(_WIN32)
- char * cap_pipe_buf; /* Pointer to the data buffer we read into */
-#endif
- int cap_pipe_bytes_to_read;/* Used by cap_pipe_dispatch */
- int cap_pipe_bytes_read; /* Used by cap_pipe_dispatch */
- enum {
- STATE_EXPECT_REC_HDR,
- STATE_READ_REC_HDR,
- STATE_EXPECT_DATA,
- STATE_READ_DATA
- } cap_pipe_state;
- enum { PIPOK, PIPEOF, PIPERR, PIPNEXIST } cap_pipe_err;
+ char * cap_pipe_buf; /**< Pointer to the data buffer we read into */
+ DWORD cap_pipe_bytes_to_read; /**< Used by cap_pipe_dispatch */
+ DWORD cap_pipe_bytes_read; /**< Used by cap_pipe_dispatch */
+#else
+ size_t cap_pipe_bytes_to_read; /**< Used by cap_pipe_dispatch */
+ size_t cap_pipe_bytes_read; /**< Used by cap_pipe_dispatch */
+#endif
+ cap_pipe_state_t cap_pipe_state;
+ cap_pipe_err_t cap_pipe_err;
+
#if defined(_WIN32)
- GMutex *cap_pipe_read_mtx;
- GAsyncQueue *cap_pipe_pending_q, *cap_pipe_done_q;
+ GMutex *cap_pipe_read_mtx;
+ GAsyncQueue *cap_pipe_pending_q, *cap_pipe_done_q;
#endif
} pcap_options;
typedef struct _loop_data {
/* common */
- gboolean go; /* TRUE as long as we're supposed to keep capturing */
- int err; /* if non-zero, error seen while capturing */
- gint packet_count; /* Number of packets we have already captured */
- gint packet_max; /* Number of packets we're supposed to capture - 0 means infinite */
- gint inpkts_to_sync_pipe; /* Packets not already send out to the sync_pipe */
+ gboolean go; /**< TRUE as long as we're supposed to keep capturing */
+ int err; /**< if non-zero, error seen while capturing */
+ gint packet_count; /**< Number of packets we have already captured */
+ gint packet_max; /**< Number of packets we're supposed to capture - 0 means infinite */
+ guint inpkts_to_sync_pipe; /**< Packets not already send out to the sync_pipe */
#ifdef SIGINFO
- gboolean report_packet_count; /* Set by SIGINFO handler; print packet count */
+ gboolean report_packet_count; /**< Set by SIGINFO handler; print packet count */
#endif
- GArray *pcaps;
+ GArray *pcaps;
/* output file(s) */
- FILE *pdh;
- int save_file_fd;
- long bytes_written;
- guint32 autostop_files;
+ FILE *pdh;
+ int save_file_fd;
+ guint64 bytes_written;
+ guint32 autostop_files;
} loop_data;
typedef struct _pcap_queue_element {
pcap_options *pcap_opts;
- struct pcap_pkthdr phdr;
+ struct pcap_pkthdr phdr;
u_char *pd;
} pcap_queue_element;
*/
static const char please_report[] =
"Please report this to the Wireshark developers.\n"
+ "http://bugs.wireshark.org/\n"
"(This is not a crash; please do not report it as such.)";
/*
static void WS_MSVC_NORETURN exit_main(int err) G_GNUC_NORETURN;
static void report_new_capture_file(const char *filename);
-static void report_packet_count(int packet_count);
-static void report_packet_drops(guint32 received, guint32 drops, gchar *name);
+static void report_packet_count(unsigned int packet_count);
+static void report_packet_drops(guint32 received, guint32 pcap_drops, guint32 drops, guint32 flushed, guint32 ps_ifdrop, gchar *name);
static void report_capture_error(const char *error_msg, const char *secondary_error_msg);
static void report_cfilter_error(capture_options *capture_opts, guint i, const char *errmsg);
#define MSG_MAX_LENGTH 4096
-/* Copied from pcapio.c libpcap_write_interface_statistics_block()*/
+/* Copied from pcapio.c pcapng_write_interface_statistics_block()*/
static guint64
create_timestamp(void) {
- guint64 timestamp;
+ guint64 timestamp;
#ifdef _WIN32
FILETIME now;
#else
fprintf(output, "\nUsage: dumpcap [options] ...\n");
fprintf(output, "\n");
fprintf(output, "Capture interface:\n");
- fprintf(output, " -i <interface> name or idx of interface (def: first non-loopback)\n");
+ fprintf(output, " -i <interface> name or idx of interface (def: first non-loopback),\n"
+ " or for remote capturing, use one of these formats:\n"
+ " rpcap://<host>/<interface>\n"
+ " TCP@<host>:<port>\n");
fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n");
fprintf(output, " -s <snaplen> packet snapshot length (def: 65535)\n");
fprintf(output, " -p don't capture in promiscuous mode\n");
fprintf(output, " -I capture in monitor mode, if available\n");
#endif
#if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
- fprintf(output, " -B <buffer size> size of kernel buffer (def: 1MB)\n");
+ fprintf(output, " -B <buffer size> size of kernel buffer in MiB (def: %dMiB)\n", DEFAULT_CAPTURE_BUFFER_SIZE);
#endif
fprintf(output, " -y <link type> link layer type (def: first appropriate)\n");
fprintf(output, " -D print list of interfaces and exit\n");
#ifdef HAVE_BPF_IMAGE
fprintf(output, " -d print generated BPF code for capture filter\n");
#endif
+ fprintf(output, " -k set channel on wifi interface <freq>,[<type>]\n");
fprintf(output, " -S print statistics for each interface once per second\n");
fprintf(output, " -M for -D, -L, and -S, produce machine-readable output\n");
fprintf(output, "\n");
fprintf(output, " files:NUM - ringbuffer: replace after NUM files\n");
fprintf(output, " -n use pcapng format instead of pcap (default)\n");
fprintf(output, " -P use libpcap format instead of pcapng\n");
+ fprintf(output, " --capture-comment <comment>\n");
+ fprintf(output, " add a capture comment to the output file\n");
+ fprintf(output, " (only for pcapng)\n");
fprintf(output, "\n");
fprintf(output, "Miscellaneous:\n");
+ fprintf(output, " -N <packet_limit> maximum number of packets buffered within dumpcap\n");
+ fprintf(output, " -C <byte_limit> maximum number of bytes used for buffering packets\n");
+ fprintf(output, " within dumpcap\n");
fprintf(output, " -t use a separate thread per interface\n");
fprintf(output, " -q don't report packet capture counts\n");
fprintf(output, " -v print version information and exit\n");
fprintf(output, " -h display this help and exit\n");
fprintf(output, "\n");
+#ifdef __linux__
+ fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
+ fprintf(output, "You might want to reset it\n");
+ fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "\n");
+#endif
fprintf(output, "Example: dumpcap -i eth0 -a duration:60 -w output.pcapng\n");
- fprintf(output, "\"Capture network packets from interface eth0 until 60s passed into output.pcapng\"\n");
+ fprintf(output, "\"Capture packets from interface eth0 until 60s passed into output.pcapng\"\n");
fprintf(output, "\n");
fprintf(output, "Use Ctrl-C to stop capturing at any time.\n");
}
"%s\n"
"%s\n"
"See http://www.wireshark.org for more information.\n",
- wireshark_svnversion, get_copyright_info() ,comp_info_str->str, runtime_info_str->str);
-}
-
-/*
- * Print to the standard error. This is a command-line tool, so there's
- * no need to pop up a console.
- */
-void
-vfprintf_stderr(const char *fmt, va_list ap)
-{
- vfprintf(stderr, fmt, ap);
-}
-
-void
-fprintf_stderr(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- vfprintf_stderr(fmt, ap);
- va_end(ap);
+ wireshark_svnversion, get_copyright_info(), comp_info_str->str, runtime_info_str->str);
}
/*
{
va_list ap;
- if(capture_child) {
+ if (capture_child) {
gchar *msg;
/* Generate a 'special format' message back to parent */
va_start(ap, fmt);
{
va_list ap;
- if(capture_child) {
+ if (capture_child) {
gchar *msg;
va_start(ap, fmt);
msg = g_strdup_vprintf(fmt, ap);
(interface_opts->datatx_udp ? PCAP_OPENFLAG_DATATX_UDP : 0) |
(interface_opts->nocap_rpcap ? PCAP_OPENFLAG_NOCAPTURE_RPCAP : 0),
CAP_READ_TIMEOUT, &auth, *open_err_str);
- if ((*open_err_str)[0] == '\0') {
- /* Work around known WinPcap bug wherein no error message is
- filled in on a failure to open an rpcap: URL. */
- g_strlcpy(*open_err_str,
- "Unknown error (pcap bug; actual error cause not reported)",
- sizeof *open_err_str);
+ if (pcap_h == NULL) {
+ /* Error - did pcap actually supply an error message? */
+ if ((*open_err_str)[0] == '\0') {
+ /* Work around known WinPcap bug wherein no error message is
+ filled in on a failure to open an rpcap: URL. */
+ g_strlcpy(*open_err_str,
+ "Unknown error (pcap bug; actual error cause not reported)",
+ sizeof *open_err_str);
+ }
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
"pcap_open() returned %p.", (void *)pcap_h);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
"buffersize %d.", interface_opts->buffer_size);
- if (interface_opts->buffer_size > 1) {
+ if (interface_opts->buffer_size != 0) {
pcap_set_buffer_size(pcap_h, interface_opts->buffer_size * 1024 * 1024);
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
static void
get_capture_device_open_failure_messages(const char *open_err_str,
- const char *iface
-#ifndef _WIN32
- _U_
-#endif
- ,
+ const char *iface,
char *errmsg, size_t errmsg_len,
char *secondary_errmsg,
size_t secondary_errmsg_len)
{
+#ifndef _WIN32
const char *libpcap_warn;
static const char ppamsg[] = "can't find PPA for ";
+#endif
- /* If we got a "can't find PPA for X" message, warn the user (who
- is running dumpcap on HP-UX) that they don't have a version of
- libpcap that properly handles HP-UX (libpcap 0.6.x and later
- versions, which properly handle HP-UX, say "can't find /dev/dlpi
- PPA for X" rather than "can't find PPA for X"). */
- if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
- libpcap_warn =
- "\n\n"
- "You are running (T)Wireshark with a version of the libpcap library\n"
- "that doesn't handle HP-UX network devices well; this means that\n"
- "(T)Wireshark may not be able to capture packets.\n"
- "\n"
- "To fix this, you should install libpcap 0.6.2, or a later version\n"
- "of libpcap, rather than libpcap 0.4 or 0.5.x. It is available in\n"
- "packaged binary form from the Software Porting And Archive Centre\n"
- "for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
- "at the URL lists a number of mirror sites.";
- else
- libpcap_warn = "";
g_snprintf(errmsg, (gulong) errmsg_len,
- "The capture session could not be initiated (%s).", open_err_str);
+ "The capture session could not be initiated on interface '%s' (%s).",
+ iface, open_err_str);
#ifdef _WIN32
if (!has_wpcap) {
g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
iface);
}
#else
+ /* If we got a "can't find PPA for X" message, warn the user (who
+ is running dumpcap on HP-UX) that they don't have a version of
+ libpcap that properly handles HP-UX (libpcap 0.6.x and later
+ versions, which properly handle HP-UX, say "can't find /dev/dlpi
+ PPA for X" rather than "can't find PPA for X"). */
+ if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
+ libpcap_warn =
+ "\n\n"
+ "You are running (T)Wireshark with a version of the libpcap library\n"
+ "that doesn't handle HP-UX network devices well; this means that\n"
+ "(T)Wireshark may not be able to capture packets.\n"
+ "\n"
+ "To fix this, you should install libpcap 0.6.2, or a later version\n"
+ "of libpcap, rather than libpcap 0.4 or 0.5.x. It is available in\n"
+ "packaged binary form from the Software Porting And Archive Centre\n"
+ "for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
+ "at the URL lists a number of mirror sites.";
+ else
+ libpcap_warn = "";
+
g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
"Please check to make sure you have sufficient permissions, and that you have "
"the proper interface or pipe specified.%s", libpcap_warn);
/* Set the data link type on a pcap. */
static gboolean
-set_pcap_linktype(pcap_t *pcap_h, int linktype,
-#ifdef HAVE_PCAP_SET_DATALINK
- char *name _U_,
-#else
- char *name,
-#endif
+set_pcap_linktype(pcap_t *pcap_h, int linktype, char *name,
char *errmsg, size_t errmsg_len,
char *secondary_errmsg, size_t secondary_errmsg_len)
{
set_linktype_err_str =
"That DLT isn't one of the DLTs supported by this device";
#endif
- g_snprintf(errmsg, (gulong) errmsg_len, "Unable to set data link type (%s).",
- set_linktype_err_str);
+ g_snprintf(errmsg, (gulong) errmsg_len, "Unable to set data link type on interface '%s' (%s).",
+ name, set_linktype_err_str);
/*
* If the error isn't "XXX is not one of the DLTs supported by this device",
* tell the user to tell the Wireshark developers about it.
* just call get_interface_list().
*/
GList *
-capture_interface_list(int *err, char **err_str)
+capture_interface_list(int *err, char **err_str, void(*update_cb)(void) _U_)
{
return get_interface_list(err, err_str);
}
* rest-of-the-universe libpcap.
*/
static int
-get_pcap_linktype(pcap_t *pch, const char *devname
+get_pcap_linktype(pcap_t *pch, const char *devicename
#ifndef _AIX
_U_
#endif
* Find the last component of the device name, which is the
* interface name.
*/
- ifacename = strchr(devname, '/');
+ ifacename = strchr(devicename, '/');
if (ifacename == NULL)
- ifacename = devname;
+ ifacename = devicename;
/* See if it matches any of the LAN device names. */
if (strncmp(ifacename, "en", 2) == 0) {
* Get the capabilities of a network device.
*/
static if_capabilities_t *
-get_if_capabilities(const char *devname, gboolean monitor_mode
+get_if_capabilities(const char *devicename, gboolean monitor_mode
#ifndef HAVE_PCAP_CREATE
_U_
#endif
/*
* Allocate the interface capabilities structure.
*/
- caps = g_malloc(sizeof *caps);
+ caps = (if_capabilities_t *)g_malloc(sizeof *caps);
/*
* WinPcap 4.1.2, and possibly earlier versions, have a bug
*/
errbuf[0] = '\0';
#ifdef HAVE_PCAP_OPEN
- pch = pcap_open(devname, MIN_PACKET_SIZE, 0, 0, NULL, errbuf);
+ pch = pcap_open(devicename, MIN_PACKET_SIZE, 0, 0, NULL, errbuf);
caps->can_set_rfmon = FALSE;
if (pch == NULL) {
if (err_str != NULL)
return NULL;
}
#elif defined(HAVE_PCAP_CREATE)
- pch = pcap_create(devname, errbuf);
+ pch = pcap_create(devicename, errbuf);
if (pch == NULL) {
if (err_str != NULL)
*err_str = g_strdup(errbuf);
return NULL;
}
#else
- pch = pcap_open_live(devname, MIN_PACKET_SIZE, 0, 0, errbuf);
+ pch = pcap_open_live(devicename, MIN_PACKET_SIZE, 0, 0, errbuf);
caps->can_set_rfmon = FALSE;
if (pch == NULL) {
if (err_str != NULL)
return NULL;
}
#endif
- deflt = get_pcap_linktype(pch, devname);
+ deflt = get_pcap_linktype(pch, devicename);
#ifdef HAVE_PCAP_LIST_DATALINKS
nlt = pcap_list_datalinks(pch, &linktypes);
if (nlt == 0 || linktypes == NULL) {
}
#define ADDRSTRLEN 46 /* Covers IPv4 & IPv6 */
+/*
+ * Output a machine readable list of the interfaces
+ * This list is retrieved by the sync_interface_list_open() function
+ * The actual output of this function can be viewed with the command "dumpcap -D -Z none"
+ */
static void
print_machine_readable_interfaces(GList *if_list)
{
for (if_entry = g_list_first(if_list); if_entry != NULL;
if_entry = g_list_next(if_entry)) {
if_info = (if_info_t *)if_entry->data;
- printf("%d. %s", i++, if_info->name);
+ printf("%d. %s\t", i++, if_info->name);
/*
* Print the contents of the if_entry struct in a parseable format.
* separated.
*/
/* XXX - Make sure our description doesn't contain a tab */
- if (if_info->description != NULL)
- printf("\t%s\t", if_info->description);
+ if (if_info->vendor_description != NULL)
+ printf("%s\t", if_info->vendor_description);
+ else
+ printf("\t");
+
+ /* XXX - Make sure our friendly name doesn't contain a tab */
+ if (if_info->friendly_name != NULL)
+ printf("%s\t", if_info->friendly_name);
else
- printf("\t\t");
+ printf("\t");
+
+ printf("%u\t", if_info->type);
- for(addr = g_slist_nth(if_info->addrs, 0); addr != NULL;
+ for (addr = g_slist_nth(if_info->addrs, 0); addr != NULL;
addr = g_slist_next(addr)) {
if (addr != g_slist_nth(if_info->addrs, 0))
printf(",");
}
}
#ifdef _WIN32
+ /* If we have a dummy signal pipe check it */
+ if (!signal_pipe_check_running()) {
+ global_ld.go = FALSE;
+ }
Sleep(1 * 1000);
#else
sleep(1);
#ifdef HAVE_LIBCAP
/*
- * If we were linked with libcap (not libpcap), make sure we have
+ * If we were linked with libcap (not related to libpcap), make sure we have
* CAP_NET_ADMIN and CAP_NET_RAW, then relinquish our permissions.
* (See comment in main() for details)
*/
{
if (byte_swapped) {
/* Byte-swap the record header fields. */
- rechdr->ts_sec = BSWAP32(rechdr->ts_sec);
- rechdr->ts_usec = BSWAP32(rechdr->ts_usec);
- rechdr->incl_len = BSWAP32(rechdr->incl_len);
- rechdr->orig_len = BSWAP32(rechdr->orig_len);
+ rechdr->ts_sec = GUINT32_SWAP_LE_BE(rechdr->ts_sec);
+ rechdr->ts_usec = GUINT32_SWAP_LE_BE(rechdr->ts_usec);
+ rechdr->incl_len = GUINT32_SWAP_LE_BE(rechdr->incl_len);
+ rechdr->orig_len = GUINT32_SWAP_LE_BE(rechdr->orig_len);
}
/* In file format version 2.3, the "incl_len" and "orig_len" fields were
}
}
+/* Wrapper: distinguish between recv/read if we're reading on Windows,
+ * or just read().
+ */
+static ssize_t
+cap_pipe_read(int pipe_fd, char *buf, size_t sz, gboolean from_socket _U_)
+{
+#ifdef _WIN32
+ if (from_socket) {
+ return recv(pipe_fd, buf, (int)sz, 0);
+ } else {
+ return -1;
+ }
+#else
+ return ws_read(pipe_fd, buf, sz);
+#endif
+}
+
#if defined(_WIN32)
/*
* Thread function that reads from a pipe and pushes the data
* the queues themselves (yet).
*
* We might want to move some of the cap_pipe_dispatch logic here so that
- * we can let cap_pipe_read run independently, queuing up multiple reads
+ * we can let cap_thread_read run independently, queuing up multiple reads
* for the main thread (and possibly get rid of cap_pipe_read_mtx).
*/
-static void *cap_pipe_read(void *arg)
+static void *cap_thread_read(void *arg)
{
pcap_options *pcap_opts;
- int bytes_read;
#ifdef _WIN32
BOOL res;
- DWORD b, last_err;
+ DWORD b, last_err, bytes_read;
#else /* _WIN32 */
+ size_t bytes_read;
int b;
#endif /* _WIN32 */
g_async_queue_pop(pcap_opts->cap_pipe_pending_q); /* Wait for our cue (ahem) from the main thread */
g_mutex_lock(pcap_opts->cap_pipe_read_mtx);
bytes_read = 0;
- while (bytes_read < (int) pcap_opts->cap_pipe_bytes_to_read) {
+ while (bytes_read < pcap_opts->cap_pipe_bytes_to_read) {
+ if ((pcap_opts->from_cap_socket)
+#ifndef _WIN32
+ || 1
+#endif
+ )
+ {
+ b = cap_pipe_read(pcap_opts->cap_pipe_fd, pcap_opts->cap_pipe_buf+bytes_read,
+ pcap_opts->cap_pipe_bytes_to_read - bytes_read, pcap_opts->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0) {
+ pcap_opts->cap_pipe_err = PIPEOF;
+ bytes_read = 0;
+ break;
+ } else {
+ pcap_opts->cap_pipe_err = PIPERR;
+ bytes_read = -1;
+ break;
+ }
+ } else {
+ bytes_read += b;
+ }
+ }
#ifdef _WIN32
- /* If we try to use read() on a named pipe on Windows with partial
- * data it appears to return EOF.
- */
- res = ReadFile(pcap_opts->cap_pipe_h, pcap_opts->cap_pipe_buf+bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - bytes_read,
- &b, NULL);
-
- bytes_read += b;
- if (!res) {
- last_err = GetLastError();
- if (last_err == ERROR_MORE_DATA) {
- continue;
- } else if (last_err == ERROR_HANDLE_EOF || last_err == ERROR_BROKEN_PIPE || last_err == ERROR_PIPE_NOT_CONNECTED) {
- pcap_opts->cap_pipe_err = PIPEOF;
- bytes_read = 0;
- break;
- }
- pcap_opts->cap_pipe_err = PIPERR;
- bytes_read = -1;
- break;
- } else if (b == 0 && pcap_opts->cap_pipe_bytes_to_read > 0) {
- pcap_opts->cap_pipe_err = PIPEOF;
- bytes_read = 0;
- break;
- }
-#else /* _WIN32 */
- b = read(pcap_opts->cap_pipe_fd, pcap_opts->cap_pipe_buf+bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - bytes_read);
- if (b <= 0) {
- if (b == 0) {
- pcap_opts->cap_pipe_err = PIPEOF;
- bytes_read = 0;
- break;
- } else {
- pcap_opts->cap_pipe_err = PIPERR;
- bytes_read = -1;
- break;
- }
- } else {
- bytes_read += b;
- }
+ else
+ {
+ /* If we try to use read() on a named pipe on Windows with partial
+ * data it appears to return EOF.
+ */
+ res = ReadFile(pcap_opts->cap_pipe_h, pcap_opts->cap_pipe_buf+bytes_read,
+ pcap_opts->cap_pipe_bytes_to_read - bytes_read,
+ &b, NULL);
+
+ bytes_read += b;
+ if (!res) {
+ last_err = GetLastError();
+ if (last_err == ERROR_MORE_DATA) {
+ continue;
+ } else if (last_err == ERROR_HANDLE_EOF || last_err == ERROR_BROKEN_PIPE || last_err == ERROR_PIPE_NOT_CONNECTED) {
+ pcap_opts->cap_pipe_err = PIPEOF;
+ bytes_read = 0;
+ break;
+ }
+ pcap_opts->cap_pipe_err = PIPERR;
+ bytes_read = -1;
+ break;
+ } else if (b == 0 && pcap_opts->cap_pipe_bytes_to_read > 0) {
+ pcap_opts->cap_pipe_err = PIPEOF;
+ bytes_read = 0;
+ break;
+ }
+ }
#endif /*_WIN32 */
}
pcap_opts->cap_pipe_bytes_read = bytes_read;
}
#endif
-#if !defined(_WIN32) || defined(MUST_DO_SELECT)
/* Provide select() functionality for a single file descriptor
* on UNIX/POSIX. Windows uses cap_pipe_read via a thread.
*
return select(pipe_fd+1, &rfds, NULL, NULL, &timeout);
}
+
+#define DEF_TCP_PORT 19000
+
+static int
+cap_open_socket(char *pipename, pcap_options *pcap_opts, char *errmsg, int errmsgl)
+{
+ char *sockname = pipename + 4;
+ struct sockaddr_in sa;
+ char buf[16];
+ char *p;
+ unsigned long port;
+ size_t len;
+ int fd;
+
+ memset(&sa, 0, sizeof(sa));
+
+ p = strchr(sockname, ':');
+ if (p == NULL) {
+ len = strlen(sockname);
+ port = DEF_TCP_PORT;
+ }
+ else {
+ len = p - sockname;
+ port = strtoul(p + 1, &p, 10);
+ if (*p || port > 65535) {
+ goto fail_invalid;
+ }
+ }
+
+ if (len > 15) {
+ goto fail_invalid;
+ }
+
+ strncpy(buf, sockname, len);
+ buf[len] = '\0';
+ if (inet_pton(AF_INET, buf, &sa.sin_addr) <= 0) {
+ goto fail_invalid;
+ }
+
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons((u_short)port);
+
+ if (((fd = (int)socket(AF_INET, SOCK_STREAM, 0)) < 0) ||
+ (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0)) {
+#ifdef _WIN32
+ LPTSTR errorText = NULL;
+ int lastError;
+
+ lastError = WSAGetLastError();
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
+ FORMAT_MESSAGE_ALLOCATE_BUFFER |
+ FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, lastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+ (LPTSTR)&errorText, 0, NULL);
+#endif
+ g_snprintf(errmsg, errmsgl,
+ "The capture session could not be initiated due to the socket error: \n"
+#ifdef _WIN32
+ " %d: %S", lastError, errorText ? (char *)errorText : "Unknown");
+ if (errorText)
+ LocalFree(errorText);
+#else
+ " %d: %s", errno, strerror(errno));
#endif
+ pcap_opts->cap_pipe_err = PIPERR;
+
+ if (fd >= 0)
+ cap_pipe_close(fd, TRUE);
+ return -1;
+ }
+ pcap_opts->from_cap_socket = TRUE;
+ return fd;
+
+fail_invalid:
+ g_snprintf(errmsg, errmsgl,
+ "The capture session could not be initiated because\n"
+ "\"%s\" is not a valid socket specification", pipename);
+ pcap_opts->cap_pipe_err = PIPERR;
+ return -1;
+}
+
+/* Wrapper: distinguish between closesocket on Windows; use ws_close
+ * otherwise.
+ */
+static void
+cap_pipe_close(int pipe_fd, gboolean from_socket _U_)
+{
+#ifdef _WIN32
+ if (from_socket) {
+ closesocket(pipe_fd);
+ }
+#else
+ ws_close(pipe_fd);
+#endif
+}
/* Mimic pcap_open_live() for pipe captures
char *errmsg, int errmsgl)
{
#ifndef _WIN32
- ws_statb64 pipe_stat;
+ ws_statb64 pipe_stat;
struct sockaddr_un sa;
- int b;
- int fd;
#else /* _WIN32 */
-#if 1
- char *pncopy, *pos;
+ char *pncopy, *pos;
wchar_t *err_str;
#endif
-#endif
-#ifndef _WIN32
- int sel_ret;
- unsigned int bytes_read;
-#endif
- guint32 magic = 0;
+ ssize_t b;
+ int fd, sel_ret;
+ size_t bytes_read;
+ guint32 magic = 0;
-#ifndef _WIN32
pcap_opts->cap_pipe_fd = -1;
-#else
+#ifdef _WIN32
pcap_opts->cap_pipe_h = INVALID_HANDLE_VALUE;
#endif
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: %s", pipename);
#else /* _WIN32 */
pcap_opts->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
#endif /* _WIN32 */
+ } else if (!strncmp(pipename, "TCP@", 4)) {
+ if ((fd = cap_open_socket(pipename, pcap_opts, errmsg, errmsgl)) < 0) {
+ return;
+ }
} else {
#ifndef _WIN32
if (ws_stat64(pipename, &pipe_stat) < 0) {
"The capture session coud not be initiated "
"due to error on socket connect: Path name too long");
pcap_opts->cap_pipe_err = PIPERR;
+ ws_close(fd);
return;
}
b = connect(fd, (struct sockaddr *)&sa, sizeof sa);
"The capture session coud not be initiated "
"due to error on socket connect: %s", g_strerror(errno));
pcap_opts->cap_pipe_err = PIPERR;
+ ws_close(fd);
return;
}
} else {
* interfaces are in /dev. Pretend we haven't seen it.
*/
pcap_opts->cap_pipe_err = PIPNEXIST;
- } else
- {
+ } else {
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated because\n"
"\"%s\" is neither an interface nor a socket nor a pipe", pipename);
break;
if (GetLastError() != ERROR_PIPE_BUSY) {
- FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" could not be started "
}
if (!WaitNamedPipe(utf_8to16(pipename), 30 * 1000)) {
- FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" timed out during "
pcap_opts->from_cap_pipe = TRUE;
-#ifndef _WIN32
- /* read the pcap header */
- bytes_read = 0;
- while (bytes_read < sizeof magic) {
- sel_ret = cap_pipe_select(fd);
- if (sel_ret < 0) {
- g_snprintf(errmsg, errmsgl,
- "Unexpected error from select: %s", g_strerror(errno));
- goto error;
- } else if (sel_ret > 0) {
- b = read(fd, ((char *)&magic)+bytes_read, sizeof magic-bytes_read);
- if (b <= 0) {
- if (b == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open");
- else
- g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s",
- g_strerror(errno));
+#ifdef _WIN32
+ if (pcap_opts->from_cap_socket)
+#endif
+ {
+ /* read the pcap header */
+ bytes_read = 0;
+ while (bytes_read < sizeof magic) {
+ sel_ret = cap_pipe_select(fd);
+ if (sel_ret < 0) {
+ g_snprintf(errmsg, errmsgl,
+ "Unexpected error from select: %s", g_strerror(errno));
goto error;
+ } else if (sel_ret > 0) {
+ b = cap_pipe_read(fd, ((char *)&magic)+bytes_read,
+ sizeof magic-bytes_read,
+ pcap_opts->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s",
+ g_strerror(errno));
+ goto error;
+ }
+ bytes_read += b;
}
- bytes_read += b;
}
}
+#ifdef _WIN32
+ else {
+#if GLIB_CHECK_VERSION(2,31,0)
+ g_thread_new("cap_pipe_open_live", &cap_thread_read, pcap_opts);
#else
- g_thread_create(&cap_pipe_read, pcap_opts, FALSE, NULL);
-
- pcap_opts->cap_pipe_buf = (char *) &magic;
- pcap_opts->cap_pipe_bytes_read = 0;
- pcap_opts->cap_pipe_bytes_to_read = sizeof(magic);
- /* We don't have to worry about cap_pipe_read_mtx here */
- g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
- g_async_queue_pop(pcap_opts->cap_pipe_done_q);
- if (pcap_opts->cap_pipe_bytes_read <= 0) {
- if (pcap_opts->cap_pipe_bytes_read == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open");
- else
- g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s",
- g_strerror(errno));
- goto error;
- }
+ g_thread_create(&cap_thread_read, pcap_opts, FALSE, NULL);
+#endif
+ pcap_opts->cap_pipe_buf = (char *) &magic;
+ pcap_opts->cap_pipe_bytes_read = 0;
+ pcap_opts->cap_pipe_bytes_to_read = sizeof(magic);
+ /* We don't have to worry about cap_pipe_read_mtx here */
+ g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
+ g_async_queue_pop(pcap_opts->cap_pipe_done_q);
+ if (pcap_opts->cap_pipe_bytes_read <= 0) {
+ if (pcap_opts->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s",
+ g_strerror(errno));
+ goto error;
+ }
+ }
#endif
switch (magic) {
goto error;
}
-#ifndef _WIN32
- /* Read the rest of the header */
- bytes_read = 0;
- while (bytes_read < sizeof(struct pcap_hdr)) {
- sel_ret = cap_pipe_select(fd);
- if (sel_ret < 0) {
- g_snprintf(errmsg, errmsgl,
- "Unexpected error from select: %s", g_strerror(errno));
- goto error;
- } else if (sel_ret > 0) {
- b = read(fd, ((char *)hdr)+bytes_read,
- sizeof(struct pcap_hdr) - bytes_read);
- if (b <= 0) {
- if (b == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe header during open");
- else
- g_snprintf(errmsg, errmsgl, "Error on pipe header during open: %s",
- g_strerror(errno));
+#ifdef _WIN32
+ if (pcap_opts->from_cap_socket)
+#endif
+ {
+ /* Read the rest of the header */
+ bytes_read = 0;
+ while (bytes_read < sizeof(struct pcap_hdr)) {
+ sel_ret = cap_pipe_select(fd);
+ if (sel_ret < 0) {
+ g_snprintf(errmsg, errmsgl,
+ "Unexpected error from select: %s", g_strerror(errno));
goto error;
+ } else if (sel_ret > 0) {
+ b = cap_pipe_read(fd, ((char *)hdr)+bytes_read,
+ sizeof(struct pcap_hdr) - bytes_read,
+ pcap_opts->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe header during open");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe header during open: %s",
+ g_strerror(errno));
+ goto error;
+ }
+ bytes_read += b;
}
- bytes_read += b;
}
}
-#else
- pcap_opts->cap_pipe_buf = (char *) hdr;
- pcap_opts->cap_pipe_bytes_read = 0;
- pcap_opts->cap_pipe_bytes_to_read = sizeof(struct pcap_hdr);
- g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
- g_async_queue_pop(pcap_opts->cap_pipe_done_q);
- if (pcap_opts->cap_pipe_bytes_read <= 0) {
- if (pcap_opts->cap_pipe_bytes_read == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe header during open");
- else
- g_snprintf(errmsg, errmsgl, "Error on pipe header header during open: %s",
- g_strerror(errno));
- goto error;
+#ifdef _WIN32
+ else {
+ pcap_opts->cap_pipe_buf = (char *) hdr;
+ pcap_opts->cap_pipe_bytes_read = 0;
+ pcap_opts->cap_pipe_bytes_to_read = sizeof(struct pcap_hdr);
+ g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
+ g_async_queue_pop(pcap_opts->cap_pipe_done_q);
+ if (pcap_opts->cap_pipe_bytes_read <= 0) {
+ if (pcap_opts->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe header during open");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe header header during open: %s",
+ g_strerror(errno));
+ goto error;
+ }
}
#endif
if (pcap_opts->cap_pipe_byte_swapped) {
/* Byte-swap the header fields about which we care. */
- hdr->version_major = BSWAP16(hdr->version_major);
- hdr->version_minor = BSWAP16(hdr->version_minor);
- hdr->snaplen = BSWAP32(hdr->snaplen);
- hdr->network = BSWAP32(hdr->network);
+ hdr->version_major = GUINT16_SWAP_LE_BE(hdr->version_major);
+ hdr->version_minor = GUINT16_SWAP_LE_BE(hdr->version_minor);
+ hdr->snaplen = GUINT32_SWAP_LE_BE(hdr->snaplen);
+ hdr->network = GUINT32_SWAP_LE_BE(hdr->network);
}
pcap_opts->linktype = hdr->network;
pcap_opts->cap_pipe_state = STATE_EXPECT_REC_HDR;
pcap_opts->cap_pipe_err = PIPOK;
-#ifndef _WIN32
pcap_opts->cap_pipe_fd = fd;
-#endif
return;
error:
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: error %s", errmsg);
pcap_opts->cap_pipe_err = PIPERR;
-#ifndef _WIN32
- ws_close(fd);
+ cap_pipe_close(fd, pcap_opts->from_cap_socket);
pcap_opts->cap_pipe_fd = -1;
-#endif
- return;
-
}
static int
cap_pipe_dispatch(loop_data *ld, pcap_options *pcap_opts, guchar *data, char *errmsg, int errmsgl)
{
- struct pcap_pkthdr phdr;
+ struct pcap_pkthdr phdr;
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
PD_ERR } result;
#ifdef _WIN32
#if !GLIB_CHECK_VERSION(2,31,18)
- GTimeVal wait_time;
-#endif
- gpointer q_status;
-#else
- int b;
+ GTimeVal wait_time;
#endif
-#ifdef _WIN32
- wchar_t *err_str;
+ gpointer q_status;
+ wchar_t *err_str;
#endif
+ ssize_t b;
#ifdef LOG_CAPTURE_VERBOSE
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_dispatch");
/* Fall through */
case STATE_READ_REC_HDR:
-#ifndef _WIN32
- b = read(pcap_opts->cap_pipe_fd, ((char *)&pcap_opts->cap_pipe_rechdr)+pcap_opts->cap_pipe_bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - pcap_opts->cap_pipe_bytes_read);
- if (b <= 0) {
- if (b == 0)
- result = PD_PIPE_EOF;
- else
- result = PD_PIPE_ERR;
- break;
+#ifdef _WIN32
+ if (pcap_opts->from_cap_socket)
+#endif
+ {
+ b = cap_pipe_read(pcap_opts->cap_pipe_fd, ((char *)&pcap_opts->cap_pipe_rechdr)+pcap_opts->cap_pipe_bytes_read,
+ pcap_opts->cap_pipe_bytes_to_read - pcap_opts->cap_pipe_bytes_read, pcap_opts->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ result = PD_PIPE_EOF;
+ else
+ result = PD_PIPE_ERR;
+ break;
+ }
+ pcap_opts->cap_pipe_bytes_read += b;
}
- pcap_opts->cap_pipe_bytes_read += b;
-#else
+#ifdef _WIN32
+ else {
#if GLIB_CHECK_VERSION(2,31,18)
- q_status = g_async_queue_timeout_pop(pcap_opts->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ q_status = g_async_queue_timeout_pop(pcap_opts->cap_pipe_done_q, PIPE_READ_TIMEOUT);
#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_opts->cap_pipe_done_q, &wait_time);
+ g_get_current_time(&wait_time);
+ g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
+ q_status = g_async_queue_timed_pop(pcap_opts->cap_pipe_done_q, &wait_time);
#endif
- if (pcap_opts->cap_pipe_err == PIPEOF) {
- result = PD_PIPE_EOF;
- break;
- } else if (pcap_opts->cap_pipe_err == PIPERR) {
- result = PD_PIPE_ERR;
- break;
- }
- if (!q_status) {
- return 0;
+ if (pcap_opts->cap_pipe_err == PIPEOF) {
+ result = PD_PIPE_EOF;
+ break;
+ } else if (pcap_opts->cap_pipe_err == PIPERR) {
+ result = PD_PIPE_ERR;
+ break;
+ }
+ if (!q_status) {
+ return 0;
+ }
}
#endif
- if ((pcap_opts->cap_pipe_bytes_read) < pcap_opts->cap_pipe_bytes_to_read)
+ if (pcap_opts->cap_pipe_bytes_read < pcap_opts->cap_pipe_bytes_to_read)
return 0;
result = PD_REC_HDR_READ;
break;
/* Fall through */
case STATE_READ_DATA:
-#ifndef _WIN32
- b = read(pcap_opts->cap_pipe_fd, data+pcap_opts->cap_pipe_bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - pcap_opts->cap_pipe_bytes_read);
- if (b <= 0) {
- if (b == 0)
- result = PD_PIPE_EOF;
- else
- result = PD_PIPE_ERR;
- break;
+#ifdef _WIN32
+ if (pcap_opts->from_cap_socket)
+#endif
+ {
+ b = cap_pipe_read(pcap_opts->cap_pipe_fd,
+ data+pcap_opts->cap_pipe_bytes_read,
+ pcap_opts->cap_pipe_bytes_to_read - pcap_opts->cap_pipe_bytes_read,
+ pcap_opts->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ result = PD_PIPE_EOF;
+ else
+ result = PD_PIPE_ERR;
+ break;
+ }
+ pcap_opts->cap_pipe_bytes_read += b;
}
- pcap_opts->cap_pipe_bytes_read += b;
-#else
+#ifdef _WIN32
+ else {
+
#if GLIB_CHECK_VERSION(2,31,18)
- q_status = g_async_queue_timeout_pop(pcap_opts->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ q_status = g_async_queue_timeout_pop(pcap_opts->cap_pipe_done_q, PIPE_READ_TIMEOUT);
#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_opts->cap_pipe_done_q, &wait_time);
-#endif
- if (pcap_opts->cap_pipe_err == PIPEOF) {
- result = PD_PIPE_EOF;
- break;
- } else if (pcap_opts->cap_pipe_err == PIPERR) {
- result = PD_PIPE_ERR;
- break;
- }
- if (!q_status) {
- return 0;
+ g_get_current_time(&wait_time);
+ g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
+ q_status = g_async_queue_timed_pop(pcap_opts->cap_pipe_done_q, &wait_time);
+#endif /* GLIB_CHECK_VERSION(2,31,18) */
+ if (pcap_opts->cap_pipe_err == PIPEOF) {
+ result = PD_PIPE_EOF;
+ break;
+ } else if (pcap_opts->cap_pipe_err == PIPERR) {
+ result = PD_PIPE_ERR;
+ break;
+ }
+ if (!q_status) {
+ return 0;
+ }
}
-#endif
- if ((pcap_opts->cap_pipe_bytes_read) < pcap_opts->cap_pipe_bytes_to_read)
+#endif /* _WIN32 */
+ if (pcap_opts->cap_pipe_bytes_read < pcap_opts->cap_pipe_bytes_to_read)
return 0;
result = PD_DATA_READ;
break;
case PD_PIPE_ERR:
#ifdef _WIN32
- FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"Error reading from pipe: %s (error %d)",
}
pcap_opts->received = 0;
pcap_opts->dropped = 0;
+ pcap_opts->flushed = 0;
pcap_opts->pcap_h = NULL;
#ifdef MUST_DO_SELECT
pcap_opts->pcap_fd = -1;
pcap_opts->linktype = -1;
pcap_opts->ts_nsec = FALSE;
pcap_opts->from_cap_pipe = FALSE;
+ pcap_opts->from_cap_socket = FALSE;
memset(&pcap_opts->cap_pipe_hdr, 0, sizeof(struct pcap_hdr));
memset(&pcap_opts->cap_pipe_rechdr, 0, sizeof(struct pcaprec_modified_hdr));
#ifdef _WIN32
pcap_opts->cap_pipe_h = INVALID_HANDLE_VALUE;
-#else
- pcap_opts->cap_pipe_fd = -1;
#endif
+ pcap_opts->cap_pipe_fd = -1;
pcap_opts->cap_pipe_modified = FALSE;
pcap_opts->cap_pipe_byte_swapped = FALSE;
#ifdef _WIN32
#endif
pcap_opts->cap_pipe_bytes_to_read = 0;
pcap_opts->cap_pipe_bytes_read = 0;
- pcap_opts->cap_pipe_state = 0;
+ pcap_opts->cap_pipe_state = STATE_EXPECT_REC_HDR;
pcap_opts->cap_pipe_err = PIPOK;
#ifdef _WIN32
#if GLIB_CHECK_VERSION(2,31,0)
if (interface_opts.buffer_size > 1 &&
pcap_setbuff(pcap_opts->pcap_h, interface_opts.buffer_size * 1024 * 1024) != 0) {
sync_secondary_msg_str = g_strdup_printf(
- "The capture buffer size of %dMB seems to be too high for your machine,\n"
- "the default of 1MB will be used.\n"
+ "The capture buffer size of %d MiB seems to be too high for your machine,\n"
+ "the default of %d MiB will be used.\n"
"\n"
"Nonetheless, the capture is started.\n",
- interface_opts.buffer_size);
+ interface_opts.buffer_size, DEFAULT_CAPTURE_BUFFER_SIZE);
report_capture_error("Couldn't set the capture buffer size!",
sync_secondary_msg_str);
g_free(sync_secondary_msg_str);
/* close the capture input file (pcap or capture pipe) */
static void capture_loop_close_input(loop_data *ld)
{
- guint i;
+ guint i;
pcap_options *pcap_opts;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input");
for (i = 0; i < ld->pcaps->len; i++) {
pcap_opts = g_array_index(ld->pcaps, pcap_options *, i);
/* if open, close the capture pipe "input file" */
-#ifndef _WIN32
if (pcap_opts->cap_pipe_fd >= 0) {
g_assert(pcap_opts->from_cap_pipe);
- ws_close(pcap_opts->cap_pipe_fd);
+ cap_pipe_close(pcap_opts->cap_pipe_fd, pcap_opts->from_cap_socket);
pcap_opts->cap_pipe_fd = -1;
}
-#else
+#ifdef _WIN32
if (pcap_opts->cap_pipe_h != INVALID_HANDLE_VALUE) {
CloseHandle(pcap_opts->cap_pipe_h);
pcap_opts->cap_pipe_h = INVALID_HANDLE_VALUE;
static gboolean
capture_loop_init_output(capture_options *capture_opts, loop_data *ld, char *errmsg, int errmsg_len)
{
- int err;
- guint i;
- pcap_options *pcap_opts;
- interface_options interface_opts;
- gboolean successful;
+ int err;
+ guint i;
+ pcap_options *pcap_opts;
+ interface_options interface_opts;
+ gboolean successful;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_init_output");
if (capture_opts->multi_files_on) {
ld->pdh = ringbuf_init_libpcap_fdopen(&err);
} else {
- ld->pdh = libpcap_fdopen(ld->save_file_fd, &err);
+ ld->pdh = ws_fdopen(ld->save_file_fd, "wb");
+ if (ld->pdh == NULL) {
+ err = errno;
+ }
}
if (ld->pdh) {
if (capture_opts->use_pcapng) {
get_os_version_info(os_info_str);
g_snprintf(appname, sizeof(appname), "Dumpcap " VERSION "%s", wireshark_svnversion);
- successful = libpcap_write_session_header_block(ld->pdh,
- NULL, /* Comment*/
+ successful = pcapng_write_session_header_block(ld->pdh,
+ (const char *)capture_opts->capture_comment, /* Comment*/
NULL, /* HW*/
os_info_str->str, /* OS*/
appname,
} else {
pcap_opts->snaplen = pcap_snapshot(pcap_opts->pcap_h);
}
- successful = libpcap_write_interface_description_block(global_ld.pdh,
- NULL, /* OPT_COMMENT 1 */
- interface_opts.name, /* IDB_NAME 2 */
- interface_opts.descr, /* IDB_DESCRIPTION 3 */
- interface_opts.cfilter, /* IDB_FILTER 11 */
- os_info_str->str, /* IDB_OS 12 */
- pcap_opts->linktype,
- pcap_opts->snaplen,
- &(global_ld.bytes_written),
- 0, /* IDB_IF_SPEED 8 */
- pcap_opts->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
- &global_ld.err);
+ successful = pcapng_write_interface_description_block(global_ld.pdh,
+ NULL, /* OPT_COMMENT 1 */
+ interface_opts.name, /* IDB_NAME 2 */
+ interface_opts.descr, /* IDB_DESCRIPTION 3 */
+ interface_opts.cfilter, /* IDB_FILTER 11 */
+ os_info_str->str, /* IDB_OS 12 */
+ pcap_opts->linktype,
+ pcap_opts->snaplen,
+ &(global_ld.bytes_written),
+ 0, /* IDB_IF_SPEED 8 */
+ pcap_opts->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ &global_ld.err);
}
g_string_free(os_info_str, TRUE);
capture_loop_close_output(capture_options *capture_opts, loop_data *ld, int *err_close)
{
- unsigned int i;
+ unsigned int i;
pcap_options *pcap_opts;
- guint64 end_time = create_timestamp();
+ guint64 end_time = create_timestamp();
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_output");
for (i = 0; i < global_ld.pcaps->len; i++) {
pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
if (!pcap_opts->from_cap_pipe) {
- libpcap_write_interface_statistics_block(ld->pdh,
- i,
- pcap_opts->pcap_h,
- &ld->bytes_written,
- "Counters provided by libpcap",
- start_time,
- end_time,
- err_close);
+ guint64 isb_ifrecv, isb_ifdrop;
+ struct pcap_stat stats;
+
+ if (pcap_stats(pcap_opts->pcap_h, &stats) >= 0) {
+ isb_ifrecv = pcap_opts->received;
+ isb_ifdrop = stats.ps_drop + pcap_opts->dropped + pcap_opts->flushed;
+ } else {
+ isb_ifrecv = G_MAXUINT64;
+ isb_ifdrop = G_MAXUINT64;
+ }
+ pcapng_write_interface_statistics_block(ld->pdh,
+ i,
+ &ld->bytes_written,
+ "Counters provided by dumpcap",
+ start_time,
+ end_time,
+ isb_ifrecv,
+ isb_ifdrop,
+ err_close);
}
}
}
- return libpcap_dump_close(ld->pdh, err_close);
+ if (fclose(ld->pdh) == EOF) {
+ if (err_close != NULL) {
+ *err_close = errno;
+ }
+ return (FALSE);
+ } else {
+ return (TRUE);
+ }
}
}
capture_loop_dispatch(loop_data *ld,
char *errmsg, int errmsg_len, pcap_options *pcap_opts)
{
- int inpkts;
- gint packet_count_before;
- guchar pcap_data[WTAP_MAX_PACKET_SIZE];
+ int inpkts;
+ gint packet_count_before;
+ guchar pcap_data[WTAP_MAX_PACKET_SIZE];
#ifndef _WIN32
- int sel_ret;
+ int sel_ret;
#endif
packet_count_before = ld->packet_count;
}
}
- if(in < 0) {
+ if (in < 0) {
pcap_opts->pcap_err = TRUE;
ld->go = FALSE;
}
static GString *
isolate_uuid(const char *iface)
{
- gchar *ptr;
+ gchar *ptr;
GString *gstr;
ptr = strchr(iface, '{');
capture_loop_open_output(capture_options *capture_opts, int *save_file_fd,
char *errmsg, int errmsg_len)
{
- char *tmpname;
- gchar *capfile_name;
- gchar *prefix;
- gboolean is_tempfile;
+ char *tmpname;
+ gchar *capfile_name;
+ gchar *prefix;
+ gboolean is_tempfile;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_output: %s",
(capture_opts->save_file) ? capture_opts->save_file : "(not specified)");
capture_opts->group_read_access);
/* we need the ringbuf name */
- if(*save_file_fd != -1) {
+ if (*save_file_fd != -1) {
g_free(capfile_name);
capfile_name = g_strdup(ringbuf_current_filename());
}
prefix = g_strdup_printf("wireshark_%d_interfaces", global_capture_opts.ifaces->len);
} else {
gchar *basename;
+ basename = g_path_get_basename(g_array_index(global_capture_opts.ifaces, interface_options, 0).console_display_name);
#ifdef _WIN32
- GString *iface;
- iface = isolate_uuid(g_array_index(global_capture_opts.ifaces, interface_options, 0).name);
- basename = g_path_get_basename(iface->str);
- g_string_free(iface, TRUE);
-#else
- basename = g_path_get_basename(g_array_index(global_capture_opts.ifaces, interface_options, 0).name);
+ /* use the generic portion of the interface guid to form the basis of the filename */
+ if (strncmp("NPF_{", basename, 5)==0)
+ {
+ /* we have a windows guid style device name, extract the guid digits as the basis of the filename */
+ GString *iface;
+ iface = isolate_uuid(basename);
+ g_free(basename);
+ basename = g_strdup(iface->str);
+ g_string_free(iface, TRUE);
+ }
#endif
- prefix = g_strconcat("wireshark_", basename, NULL);
+ /* generate the temp file name prefix...
+ * It would be nice if we could specify a pcapng/pcap filename suffix,
+ * create_tempfile() however currently uses mkstemp() which doesn't allow this - one day perhaps*/
+ if (capture_opts->use_pcapng) {
+ prefix = g_strconcat("wireshark_pcapng_", basename, NULL);
+ }else{
+ prefix = g_strconcat("wireshark_pcap_", basename, NULL);
+ }
g_free(basename);
}
*save_file_fd = create_tempfile(&tmpname, prefix);
return FALSE;
}
- if(capture_opts->save_file != NULL) {
+ if (capture_opts->save_file != NULL) {
g_free(capture_opts->save_file);
}
capture_opts->save_file = capfile_name;
condition *cnd_autostop_size,
condition *cnd_file_duration)
{
- guint i;
- pcap_options *pcap_opts;
- interface_options interface_opts;
- gboolean successful;
+ guint i;
+ pcap_options *pcap_opts;
+ interface_options interface_opts;
+ gboolean successful;
if (capture_opts->multi_files_on) {
if (cnd_autostop_files != NULL &&
get_os_version_info(os_info_str);
g_snprintf(appname, sizeof(appname), "Dumpcap " VERSION "%s", wireshark_svnversion);
- successful = libpcap_write_session_header_block(global_ld.pdh,
+ successful = pcapng_write_session_header_block(global_ld.pdh,
NULL, /* Comment */
NULL, /* HW */
os_info_str->str, /* OS */
for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
- successful = libpcap_write_interface_description_block(global_ld.pdh,
- NULL, /* OPT_COMMENT 1 */
- interface_opts.name, /* IDB_NAME 2 */
- interface_opts.descr, /* IDB_DESCRIPTION 3 */
- interface_opts.cfilter, /* IDB_FILTER 11 */
- os_info_str->str, /* IDB_OS 12 */
- pcap_opts->linktype,
- pcap_opts->snaplen,
- &(global_ld.bytes_written),
- 0, /* IDB_IF_SPEED 8 */
- pcap_opts->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
- &global_ld.err);
+ successful = pcapng_write_interface_description_block(global_ld.pdh,
+ NULL, /* OPT_COMMENT 1 */
+ interface_opts.name, /* IDB_NAME 2 */
+ interface_opts.descr, /* IDB_DESCRIPTION 3 */
+ interface_opts.cfilter, /* IDB_FILTER 11 */
+ os_info_str->str, /* IDB_OS 12 */
+ pcap_opts->linktype,
+ pcap_opts->snaplen,
+ &(global_ld.bytes_written),
+ 0, /* IDB_IF_SPEED 8 */
+ pcap_opts->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ &global_ld.err);
}
g_string_free(os_info_str, TRUE);
cnd_reset(cnd_autostop_size);
if (cnd_file_duration)
cnd_reset(cnd_file_duration);
- libpcap_dump_flush(global_ld.pdh, NULL);
+ fflush(global_ld.pdh);
if (!quiet)
report_packet_count(global_ld.inpkts_to_sync_pipe);
global_ld.inpkts_to_sync_pipe = 0;
pcap_read_handler(void* arg)
{
pcap_options *pcap_opts;
- char errmsg[MSG_MAX_LENGTH+1];
+ char errmsg[MSG_MAX_LENGTH+1];
pcap_opts = (pcap_options *)arg;
capture_loop_start(capture_options *capture_opts, gboolean *stats_known, struct pcap_stat *stats)
{
#ifdef WIN32
- DWORD upd_time, cur_time; /* GetTickCount() returns a "DWORD" (which is 'unsigned long') */
+ DWORD upd_time, cur_time; /* GetTickCount() returns a "DWORD" (which is 'unsigned long') */
#else
- struct timeval upd_time, cur_time;
-#endif
- int err_close;
- int inpkts;
- condition *cnd_file_duration = NULL;
- condition *cnd_autostop_files = NULL;
- condition *cnd_autostop_size = NULL;
- condition *cnd_autostop_duration = NULL;
- gboolean write_ok;
- gboolean close_ok;
- gboolean cfilter_error = FALSE;
- char errmsg[MSG_MAX_LENGTH+1];
- char secondary_errmsg[MSG_MAX_LENGTH+1];
- pcap_options *pcap_opts;
- interface_options interface_opts;
- guint i, error_index = 0;
+ struct timeval upd_time, cur_time;
+#endif
+ int err_close;
+ int inpkts;
+ condition *cnd_file_duration = NULL;
+ condition *cnd_autostop_files = NULL;
+ condition *cnd_autostop_size = NULL;
+ condition *cnd_autostop_duration = NULL;
+ gboolean write_ok;
+ gboolean close_ok;
+ gboolean cfilter_error = FALSE;
+ char errmsg[MSG_MAX_LENGTH+1];
+ char secondary_errmsg[MSG_MAX_LENGTH+1];
+ pcap_options *pcap_opts;
+ interface_options interface_opts;
+ guint i, error_index = 0;
*errmsg = '\0';
*secondary_errmsg = '\0';
message to our parent so that they'll open the capture file and
update its windows to indicate that we have a live capture in
progress. */
- libpcap_dump_flush(global_ld.pdh, NULL);
+ fflush(global_ld.pdh);
report_new_capture_file(capture_opts->save_file);
}
/* initialize capture stop (and alike) conditions */
init_capture_stop_conditions();
/* create stop conditions */
- if (capture_opts->has_autostop_filesize)
+ if (capture_opts->has_autostop_filesize) {
+ if (capture_opts->autostop_filesize > (((guint32)INT_MAX + 1) / 1000)) {
+ capture_opts->autostop_filesize = ((guint32)INT_MAX + 1) / 1000;
+ }
cnd_autostop_size =
- cnd_new(CND_CLASS_CAPTURESIZE,(long)capture_opts->autostop_filesize * 1024);
+ cnd_new(CND_CLASS_CAPTURESIZE, (guint64)capture_opts->autostop_filesize * 1000);
+ }
if (capture_opts->has_autostop_duration)
cnd_autostop_duration =
cnd_new(CND_CLASS_TIMEOUT,(gint32)capture_opts->autostop_duration);
#if GLIB_CHECK_VERSION(2,31,18)
g_async_queue_lock(pcap_queue);
- queue_element = g_async_queue_timeout_pop_unlocked(pcap_queue, WRITER_THREAD_TIMEOUT);
+ queue_element = (pcap_queue_element *)g_async_queue_timeout_pop_unlocked(pcap_queue, WRITER_THREAD_TIMEOUT);
#else
GTimeVal write_thread_time;
g_get_current_time(&write_thread_time);
g_time_val_add(&write_thread_time, WRITER_THREAD_TIMEOUT);
g_async_queue_lock(pcap_queue);
- queue_element = g_async_queue_timed_pop_unlocked(pcap_queue, &write_thread_time);
+ queue_element = (pcap_queue_element *)g_async_queue_timed_pop_unlocked(pcap_queue, &write_thread_time);
#endif
if (queue_element) {
pcap_queue_bytes -= queue_element->phdr.caplen;
/* check capture size condition */
if (cnd_autostop_size != NULL &&
- cnd_eval(cnd_autostop_size, (guint32)global_ld.bytes_written)) {
+ cnd_eval(cnd_autostop_size, global_ld.bytes_written)) {
/* Capture size limit reached, do we have another file? */
if (!do_file_switch_or_stop(capture_opts, cnd_autostop_files,
cnd_autostop_size, cnd_file_duration))
continue;
} /* cnd_autostop_size */
if (capture_opts->output_to_pipe) {
- libpcap_dump_flush(global_ld.pdh, NULL);
+ fflush(global_ld.pdh);
}
} /* inpkts */
/* Let the parent process know. */
if (global_ld.inpkts_to_sync_pipe) {
/* do sync here */
- libpcap_dump_flush(global_ld.pdh, NULL);
+ fflush(global_ld.pdh);
/* Send our parent a message saying we've written out
"global_ld.inpkts_to_sync_pipe" packets to the capture file. */
}
while (1) {
g_async_queue_lock(pcap_queue);
- queue_element = g_async_queue_try_pop_unlocked(pcap_queue);
+ queue_element = (pcap_queue_element *)g_async_queue_try_pop_unlocked(pcap_queue);
if (queue_element) {
pcap_queue_bytes -= queue_element->phdr.caplen;
pcap_queue_packets -= 1;
g_free(queue_element);
global_ld.inpkts_to_sync_pipe += 1;
if (capture_opts->output_to_pipe) {
- libpcap_dump_flush(global_ld.pdh, NULL);
+ fflush(global_ld.pdh);
}
}
}
/* there might be packets not yet notified to the parent */
/* (do this after closing the file, so all packets are already flushed) */
- if(global_ld.inpkts_to_sync_pipe) {
+ if (global_ld.inpkts_to_sync_pipe) {
if (!quiet)
report_packet_count(global_ld.inpkts_to_sync_pipe);
global_ld.inpkts_to_sync_pipe = 0;
/* get packet drop statistics from pcap */
for (i = 0; i < capture_opts->ifaces->len; i++) {
guint32 received;
- guint32 dropped;
+ guint32 pcap_dropped = 0;
pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
received = pcap_opts->received;
- dropped = pcap_opts->dropped;
if (pcap_opts->pcap_h != NULL) {
g_assert(!pcap_opts->from_cap_pipe);
/* Get the capture statistics, so we know how many packets were dropped. */
+ /*
+ * Older versions of libpcap didn't set ps_ifdrop on some
+ * platforms; initialize it to 0 to handle that.
+ */
+ stats->ps_ifdrop = 0;
if (pcap_stats(pcap_opts->pcap_h, stats) >= 0) {
*stats_known = TRUE;
/* Let the parent process know. */
- dropped += stats->ps_drop;
+ pcap_dropped += stats->ps_drop;
} else {
g_snprintf(errmsg, sizeof(errmsg),
"Can't get packet-drop statistics: %s",
report_capture_error(errmsg, please_report);
}
}
- report_packet_drops(received, dropped, interface_opts.name);
+ report_packet_drops(received, pcap_dropped, pcap_opts->dropped, pcap_opts->flushed, stats->ps_ifdrop, interface_opts.console_display_name);
}
/* close the input file (pcap or capture pipe) */
}
-static void capture_loop_stop(void)
+static void
+capture_loop_stop(void)
{
#ifdef HAVE_PCAP_BREAKLOOP
- guint i;
+ guint i;
pcap_options *pcap_opts;
for (i = 0; i < global_ld.pcaps->len; i++) {
const u_char *pd)
{
pcap_options *pcap_opts = (pcap_options *) (void *) pcap_opts_p;
- int err;
- guint ts_mul = pcap_opts->ts_nsec ? 1000000000 : 1000000;
+ int err;
+ guint ts_mul = pcap_opts->ts_nsec ? 1000000000 : 1000000;
/* We may be called multiple times from pcap_dispatch(); if we've set
the "stop capturing" flag, ignore this packet, as we're not
supposed to be saving any more packets. */
- if (!global_ld.go)
+ if (!global_ld.go) {
+ pcap_opts->flushed++;
return;
+ }
if (global_ld.pdh) {
gboolean successful;
If this fails, set "ld->go" to FALSE, to stop the capture, and set
"ld->err" to the error. */
if (global_capture_opts.use_pcapng) {
- successful = libpcap_write_enhanced_packet_block(global_ld.pdh, phdr, pcap_opts->interface_id, ts_mul, pd, &global_ld.bytes_written, &err);
+ successful = pcapng_write_enhanced_packet_block(global_ld.pdh,
+ NULL,
+ phdr->ts.tv_sec, (gint32)phdr->ts.tv_usec,
+ phdr->caplen, phdr->len,
+ pcap_opts->interface_id,
+ ts_mul,
+ pd, 0,
+ &global_ld.bytes_written, &err);
} else {
- successful = libpcap_write_packet(global_ld.pdh, phdr, pd, &global_ld.bytes_written, &err);
+ successful = libpcap_write_packet(global_ld.pdh,
+ phdr->ts.tv_sec, (gint32)phdr->ts.tv_usec,
+ phdr->caplen, phdr->len,
+ pd,
+ &global_ld.bytes_written, &err);
}
if (!successful) {
global_ld.go = FALSE;
global_ld.err = err;
+ pcap_opts->dropped++;
} else {
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Wrote a packet of length %d captured on interface %u.",
capture_loop_queue_packet_cb(u_char *pcap_opts_p, const struct pcap_pkthdr *phdr,
const u_char *pd)
{
- pcap_options *pcap_opts = (pcap_options *) (void *) pcap_opts_p;
+ pcap_options *pcap_opts = (pcap_options *) (void *) pcap_opts_p;
pcap_queue_element *queue_element;
- gboolean limit_reached;
+ gboolean limit_reached;
/* We may be called multiple times from pcap_dispatch(); if we've set
the "stop capturing" flag, ignore this packet, as we're not
supposed to be saving any more packets. */
- if (!global_ld.go)
+ if (!global_ld.go) {
+ pcap_opts->flushed++;
return;
+ }
queue_element = (pcap_queue_element *)g_malloc(sizeof(pcap_queue_element));
if (queue_element == NULL) {
}
memcpy(queue_element->pd, pd, phdr->caplen);
g_async_queue_lock(pcap_queue);
- if (((pcap_queue_byte_limit > 0) && (pcap_queue_bytes < pcap_queue_byte_limit)) &&
- ((pcap_queue_packet_limit > 0) && (pcap_queue_packets < pcap_queue_packet_limit))) {
+ if (((pcap_queue_byte_limit == 0) || (pcap_queue_bytes < pcap_queue_byte_limit)) &&
+ ((pcap_queue_packet_limit == 0) || (pcap_queue_packets < pcap_queue_packet_limit))) {
limit_reached = FALSE;
g_async_queue_push_unlocked(pcap_queue, queue_element);
pcap_queue_bytes += phdr->caplen;
pcap_queue_bytes, pcap_queue_packets);
}
+static int
+set_80211_channel(const char *iface, const char *opt)
+{
+ int freq = 0, type, ret;
+ gchar **options = NULL;
+
+ options = g_strsplit_set(opt, ",", 2);
+
+ if (options[0])
+ freq = atoi(options[0]);
+
+ if (options[1]) {
+ type = ws80211_str_to_chan_type(options[1]);
+ if (type == -1) {
+ ret = EINVAL;
+ goto out;
+ }
+ }
+ else
+ type = -1;
+
+ ret = ws80211_init();
+ if (ret) {
+ cmdarg_err("%d: Failed to init ws80211: %s\n", abs(ret), g_strerror(abs(ret)));
+ ret = 2;
+ goto out;
+ }
+ ret = ws80211_set_freq(iface, freq, type);
+
+ if (ret) {
+ cmdarg_err("%d: Failed to set channel: %s\n", abs(ret), g_strerror(abs(ret)));
+ ret = 2;
+ goto out;
+ }
+
+ if (capture_child)
+ pipe_write_block(2, SP_SUCCESS, NULL);
+ ret = 0;
+
+out:
+ g_strfreev(options);
+ return ret;
+}
+
/* And now our feature presentation... [ fade to music ] */
int
main(int argc, char *argv[])
{
- int opt;
- gboolean arg_error = FALSE;
+ GString *comp_info_str;
+ GString *runtime_info_str;
+ int opt;
+ struct option long_options[] = {
+ {(char *)"capture-comment", required_argument, NULL, LONGOPT_NUM_CAP_COMMENT },
+ {0, 0, 0, 0 }
+ };
+
+ gboolean arg_error = FALSE;
#ifdef _WIN32
- WSADATA wsaData;
+ WSADATA wsaData;
#else
- struct sigaction action, oldaction;
+ struct sigaction action, oldaction;
#endif
- gboolean start_capture = TRUE;
- gboolean stats_known;
- struct pcap_stat stats;
- GLogLevelFlags log_flags;
- gboolean list_interfaces = FALSE;
- gboolean list_link_layer_types = FALSE;
+ gboolean start_capture = TRUE;
+ gboolean stats_known;
+ struct pcap_stat stats;
+ GLogLevelFlags log_flags;
+ gboolean list_interfaces = FALSE;
+ gboolean list_link_layer_types = FALSE;
#ifdef HAVE_BPF_IMAGE
- gboolean print_bpf_code = FALSE;
-#endif
- gboolean machine_readable = FALSE;
- gboolean print_statistics = FALSE;
- int status, run_once_args = 0;
- gint i;
- guint j;
+ gboolean print_bpf_code = FALSE;
+#endif
+ gboolean set_chan = FALSE;
+ gchar *set_chan_arg = NULL;
+ gboolean machine_readable = FALSE;
+ gboolean print_statistics = FALSE;
+ int status, run_once_args = 0;
+ gint i;
+ guint j;
#if defined(__APPLE__) && defined(__LP64__)
- struct utsname osinfo;
+ struct utsname osinfo;
#endif
- GString *str;
+ GString *str;
+
+ /* Assemble the compile-time version information string */
+ comp_info_str = g_string_new("Compiled ");
+ get_compiled_version_info(comp_info_str, NULL, NULL);
+
+ /* Assemble the run-time version information string */
+ runtime_info_str = g_string_new("Running ");
+ get_runtime_version_info(runtime_info_str, NULL);
+
+ /* Add it to the information to be reported on a crash. */
+ ws_add_crash_info("Dumpcap " VERSION "%s\n"
+ "\n"
+ "%s"
+ "\n"
+ "%s",
+ wireshark_svnversion, comp_info_str->str, runtime_info_str->str);
#ifdef _WIN32
arg_list_utf_16to8(argc, argv);
-#endif /* _WIN32 */
+ create_app_running_mutex();
-#ifdef _WIN32
/*
* Initialize our DLL search path. MUST be called before LoadLibrary
* or g_module_open.
#define OPTSTRING_d ""
#endif
-#define OPTSTRING "a:" OPTSTRING_A "b:" OPTSTRING_B "c:" OPTSTRING_d "Df:ghi:" OPTSTRING_I "L" OPTSTRING_m "MnpPq" OPTSTRING_r "Ss:t" OPTSTRING_u "vw:y:Z:"
+#define OPTSTRING "a:" OPTSTRING_A "b:" OPTSTRING_B "C:c:" OPTSTRING_d "Df:ghi:" OPTSTRING_I "k:L" OPTSTRING_m "MN:npPq" OPTSTRING_r "Ss:t" OPTSTRING_u "vw:y:Z:"
#ifdef DEBUG_CHILD_DUMPCAP
if ((debug_log = ws_fopen("dumpcap_debug_log.tmp","w")) == NULL) {
for (i=1; i<argc; i++) {
if (strcmp("-Z", argv[i]) == 0) {
- capture_child = TRUE;
+ capture_child = TRUE;
machine_readable = TRUE; /* request machine-readable output */
#ifdef _WIN32
/* set output pipe to binary mode, to avoid ugly text conversions */
}
/* The default_log_handler will use stdout, which makes trouble in */
- /* capture child mode, as it uses stdout for it's sync_pipe. */
+ /* capture child mode, as it uses stdout for its sync_pipe. */
/* So: the filtering is done in the console_log_handler and not here.*/
/* We set the log handlers right up front to make sure that any log */
/* messages when running as child will be sent back to the parent */
/* with the correct format. */
log_flags =
+ (GLogLevelFlags)(
G_LOG_LEVEL_ERROR|
G_LOG_LEVEL_CRITICAL|
G_LOG_LEVEL_WARNING|
G_LOG_LEVEL_MESSAGE|
G_LOG_LEVEL_INFO|
G_LOG_LEVEL_DEBUG|
- G_LOG_FLAG_FATAL|G_LOG_FLAG_RECURSION;
+ G_LOG_FLAG_FATAL|
+ G_LOG_FLAG_RECURSION);
g_log_set_handler(NULL,
log_flags,
SetConsoleCtrlHandler(capture_cleanup_handler, TRUE);
#else
/* Catch SIGINT and SIGTERM and, if we get either of them, clean up
- and exit. */
+ and exit. Do the same with SIGPIPE, in case, for example,
+ we're writing to our standard output and it's a pipe.
+ Do the same with SIGHUP if it's not being ignored (if we're
+ being run under nohup, it might be ignored, in which case we
+ should leave it ignored).
+
+ XXX - apparently, Coverity complained that part of action
+ wasn't initialized. Perhaps it's running on Linux, where
+ struct sigaction has an ignored "sa_restorer" element and
+ where "sa_handler" and "sa_sigaction" might not be two
+ members of a union. */
+ memset(&action, 0, sizeof(action));
action.sa_handler = capture_cleanup_handler;
/*
* Arrange that system calls not get restarted, because when
#endif /* SIGINFO */
#endif /* _WIN32 */
+#ifdef __linux__
+ enable_kernel_bpf_jit_compiler();
+#endif
+
/* ----------------------------------------------------------------- */
/* Privilege and capability handling */
/* Cases: */
/* Set the initial values in the capture options. This might be overwritten
by the command line parameters. */
- capture_opts_init(&global_capture_opts, NULL);
+ capture_opts_init(&global_capture_opts);
/* We always save to a file - if no file was specified, we save to a
temporary file. */
global_capture_opts.saving_to_file = TRUE;
global_capture_opts.has_ring_num_files = TRUE;
+ /* Pass on capture_child mode for capture_opts */
+ global_capture_opts.capture_child = capture_child;
+
/* Now get our args */
- while ((opt = getopt(argc, argv, OPTSTRING)) != -1) {
+ while ((opt = getopt_long(argc, argv, OPTSTRING, long_options, NULL)) != -1) {
switch (opt) {
case 'h': /* Print help and exit */
print_usage(TRUE);
break;
case 'v': /* Show version and exit */
{
- GString *comp_info_str;
- GString *runtime_info_str;
- /* Assemble the compile-time version information string */
- comp_info_str = g_string_new("Compiled ");
- get_compiled_version_info(comp_info_str, NULL, NULL);
-
- /* Assemble the run-time version information string */
- runtime_info_str = g_string_new("Running ");
- get_runtime_version_info(runtime_info_str, NULL);
show_version(comp_info_str, runtime_info_str);
g_string_free(comp_info_str, TRUE);
g_string_free(runtime_info_str, TRUE);
case 'b': /* Ringbuffer option */
case 'c': /* Capture x packets */
case 'f': /* capture filter */
+ case 'g': /* enable group read access on file(s) */
case 'i': /* Use interface x */
case 'n': /* Use pcapng format */
case 'p': /* Don't capture in promiscuous mode */
case 'P': /* Use pcap format */
case 's': /* Set the snapshot (capture) length */
case 'w': /* Write to capture file x */
- case 'g': /* enable group read accesson file(s) */
case 'y': /* Set the pcap data link type */
+ case LONGOPT_NUM_CAP_COMMENT: /* add a capture comment */
#ifdef HAVE_PCAP_REMOTE
case 'u': /* Use UDP for data transfer */
case 'r': /* Capture own RPCAP traffic too */
case 'I': /* Monitor mode */
#endif
status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture);
- if(status != 0) {
+ if (status != 0) {
exit_main(status);
}
break;
print_statistics = TRUE;
run_once_args++;
break;
+ case 'k': /* Set wireless channel */
+ set_chan = TRUE;
+ set_chan_arg = optarg;
+ run_once_args++;
+ break;
case 'M': /* For -D, -L, and -S, print machine-readable output */
machine_readable = TRUE;
break;
+ case 'C':
+ pcap_queue_byte_limit = get_positive_int(optarg, "byte_limit");
+ break;
+ case 'N':
+ pcap_queue_packet_limit = get_positive_int(optarg, "packet_limit");
+ break;
default:
cmdarg_err("Invalid Option: %s", argv[optind-1]);
/* FALLTHROUGH */
}
}
+ if ((pcap_queue_byte_limit > 0) || (pcap_queue_packet_limit > 0)) {
+ use_threads = TRUE;
+ }
+ if ((pcap_queue_byte_limit == 0) && (pcap_queue_packet_limit == 0)) {
+ /* Use some default if the user hasn't specified some */
+ /* XXX: Are these defaults good enough? */
+ pcap_queue_byte_limit = 1000 * 1000;
+ pcap_queue_packet_limit = 1000;
+ }
if (arg_error) {
print_usage(FALSE);
exit_main(1);
}
} else {
/* We're supposed to capture traffic; */
+
/* Are we capturing on multiple interface? If so, use threads and pcapng. */
if (global_capture_opts.ifaces->len > 1) {
use_threads = TRUE;
global_capture_opts.use_pcapng = TRUE;
}
+
+ if (global_capture_opts.capture_comment &&
+ (!global_capture_opts.use_pcapng || global_capture_opts.multi_files_on)) {
+ /* XXX - for ringbuffer, should we apply the comment to each file? */
+ cmdarg_err("A capture comment can only be set if we capture into a single pcapng file.");
+ exit_main(1);
+ }
+
/* Was the ring buffer option specified and, if so, does it make sense? */
if (global_capture_opts.multi_files_on) {
/* Ring buffer works only under certain conditions:
*/
if (list_interfaces) {
/* Get the list of interfaces */
- GList *if_list;
- int err;
- gchar *err_str;
+ GList *if_list;
+ int err;
+ gchar *err_str;
- if_list = capture_interface_list(&err, &err_str);
+ if_list = capture_interface_list(&err, &err_str,NULL);
if (if_list == NULL) {
switch (err) {
case CANT_GET_INTERFACE_LIST:
exit_main(status);
}
+ if (set_chan) {
+ interface_options interface_opts;
+
+ if (global_capture_opts.ifaces->len != 1) {
+ cmdarg_err("Need one interface");
+ exit_main(2);
+ }
+
+ interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, 0);
+ status = set_80211_channel(interface_opts.name, set_chan_arg);
+ exit_main(status);
+ }
+
/*
* "-L", "-d", and capturing act on a particular interface, so we have to
* have an interface; if none was specified, pick a default.
*/
- if (capture_opts_trim_iface(&global_capture_opts, NULL) == FALSE) {
+ status = capture_opts_default_iface_if_necessary(&global_capture_opts, NULL);
+ if (status != 0) {
/* cmdarg_err() already called .... */
- exit_main(1);
+ exit_main(status);
}
/* Let the user know what interfaces were chosen. */
- /* get_interface_descriptive_name() is not available! */
if (capture_child) {
for (j = 0; j < global_capture_opts.ifaces->len; j++) {
interface_options interface_opts;
} else {
str = g_string_new("");
#ifdef _WIN32
- if (global_capture_opts.ifaces->len < 2) {
+ if (global_capture_opts.ifaces->len < 2)
#else
- if (global_capture_opts.ifaces->len < 4) {
+ if (global_capture_opts.ifaces->len < 4)
#endif
+ {
for (j = 0; j < global_capture_opts.ifaces->len; j++) {
interface_options interface_opts;
g_string_append_printf(str, "and ");
}
}
- g_string_append_printf(str, "%s", interface_opts.name);
+ g_string_append_printf(str, "'%s'", interface_opts.console_display_name);
}
} else {
g_string_append_printf(str, "%u interfaces", global_capture_opts.ifaces->len);
/* Get the list of link-layer types for the capture device. */
if_capabilities_t *caps;
gchar *err_str;
- guint i;
+ guint ii;
- for (i = 0; i < global_capture_opts.ifaces->len; i++) {
+ for (ii = 0; ii < global_capture_opts.ifaces->len; ii++) {
interface_options interface_opts;
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, i);
+ interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, ii);
caps = get_if_capabilities(interface_opts.name,
interface_opts.monitor_mode, &err_str);
if (caps == NULL) {
/* We're supposed to do a capture. Process the ring buffer arguments. */
capture_opts_trim_ring_num_files(&global_capture_opts);
+ /* flush stderr prior to starting the main capture loop */
+ fflush(stderr);
+
/* Now start the capture. */
- if(capture_loop_start(&global_capture_opts, &stats_known, &stats) == TRUE) {
+ if (capture_loop_start(&global_capture_opts, &stats_known, &stats) == TRUE) {
/* capture ok */
exit_main(0);
} else {
console_log_handler(const char *log_domain, GLogLevelFlags log_level,
const char *message, gpointer user_data _U_)
{
- time_t curr;
+ time_t curr;
struct tm *today;
const char *level;
gchar *msg;
/* ignore log message, if log_level isn't interesting */
- if( !(log_level & G_LOG_LEVEL_MASK & ~(G_LOG_LEVEL_DEBUG|G_LOG_LEVEL_INFO))) {
+ if ( !(log_level & G_LOG_LEVEL_MASK & ~(G_LOG_LEVEL_DEBUG|G_LOG_LEVEL_INFO))) {
#if !defined(DEBUG_DUMPCAP) && !defined(DEBUG_CHILD_DUMPCAP)
return;
#endif
}
/* Generate the output message */
- if(log_level & G_LOG_LEVEL_MESSAGE) {
+ if (log_level & G_LOG_LEVEL_MESSAGE) {
/* normal user messages without additional infos */
msg = g_strdup_printf("%s\n", message);
} else {
/* DEBUG & INFO msgs (if we're debugging today) */
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
- if( !(log_level & G_LOG_LEVEL_MASK & ~(G_LOG_LEVEL_DEBUG|G_LOG_LEVEL_INFO))) {
+ if ( !(log_level & G_LOG_LEVEL_MASK & ~(G_LOG_LEVEL_DEBUG|G_LOG_LEVEL_INFO))) {
#ifdef DEBUG_DUMPCAP
fprintf(stderr, "%s", msg);
fflush(stderr);
static void
-report_packet_count(int packet_count)
+report_packet_count(unsigned int packet_count)
{
char tmp[SP_DECISIZE+1+1];
- static int count = 0;
+ static unsigned int count = 0;
- if(capture_child) {
- g_snprintf(tmp, sizeof(tmp), "%d", packet_count);
+ if (capture_child) {
+ g_snprintf(tmp, sizeof(tmp), "%u", packet_count);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Packets: %s", tmp);
pipe_write_block(2, SP_PACKET_COUNT, tmp);
} else {
static void
report_new_capture_file(const char *filename)
{
- if(capture_child) {
+ if (capture_child) {
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "File: %s", filename);
pipe_write_block(2, SP_FILE, filename);
} else {
*/
interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
cmdarg_err(
- "Invalid capture filter: \"%s\" for interface %s!\n"
+ "Invalid capture filter \"%s\" for interface '%s'!\n"
"\n"
"That string isn't a valid capture filter (%s).\n"
"See the User's Guide for a description of the capture filter syntax.",
static void
report_capture_error(const char *error_msg, const char *secondary_error_msg)
{
- if(capture_child) {
+ if (capture_child) {
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
"Primary Error: %s", error_msg);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
}
static void
-report_packet_drops(guint32 received, guint32 drops, gchar *name)
+report_packet_drops(guint32 received, guint32 pcap_drops, guint32 drops, guint32 flushed, guint32 ps_ifdrop, gchar *name)
{
char tmp[SP_DECISIZE+1+1];
+ guint32 total_drops = pcap_drops + drops + flushed;
- g_snprintf(tmp, sizeof(tmp), "%u", drops);
+ g_snprintf(tmp, sizeof(tmp), "%u", total_drops);
- if(capture_child) {
+ if (capture_child) {
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Packets received/dropped on interface %s: %u/%u",
- name, received, drops);
+ "Packets received/dropped on interface '%s': %u/%u (pcap:%u/dumpcap:%u/flushed:%u/ps_ifdrop:%u)",
+ name, received, total_drops, pcap_drops, drops, flushed, ps_ifdrop);
/* XXX: Need to provide interface id, changes to consumers required. */
pipe_write_block(2, SP_DROPS, tmp);
} else {
fprintf(stderr,
- "Packets received/dropped on interface %s: %u/%u (%.1f%%)\n",
- name, received, drops,
- received ? 100.0 * received / (received + drops) : 0.0);
+ "Packets received/dropped on interface '%s': %u/%u (pcap:%u/dumpcap:%u/flushed:%u/ps_ifdrop:%u) (%.1f%%)\n",
+ name, received, total_drops, pcap_drops, drops, flushed, ps_ifdrop,
+ received ? 100.0 * received / (received + total_drops) : 0.0);
/* stderr could be line buffered */
fflush(stderr);
}
}
-/****************************************************************************************************************/
+/************************************************************************************************/
/* signal_pipe handling */
signal_pipe_check_running(void)
{
/* any news from our parent? -> just stop the capture */
- DWORD avail = 0;
+ DWORD avail = 0;
gboolean result;
/* if we are running standalone, no check required */
- if(!capture_child) {
+ if (!capture_child) {
return TRUE;
}
- if(!sig_pipe_name || !sig_pipe_handle) {
+ if (!sig_pipe_name || !sig_pipe_handle) {
/* This shouldn't happen */
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Signal pipe: No name or handle");
result = PeekNamedPipe(sig_pipe_handle, NULL, 0, NULL, &avail, NULL);
- if(!result || avail > 0) {
+ if (!result || avail > 0) {
/* peek failed or some bytes really available */
/* (if not piping from stdin this would fail) */
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
}
#endif
+
+
+
+
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*