* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config.h>
#include <wsutil/cmdarg_err.h>
#include <wsutil/crash_info.h>
#include <wsutil/strtoi.h>
-#include <ws_version_info.h>
+#include <version_info.h>
#ifndef HAVE_GETOPT_LONG
#include "wsutil/wsgetopt.h"
#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
#ifdef HAVE_LIBCAP
# include <sys/prctl.h>
# include <sys/capability.h>
#include "wsutil/os_version_info.h"
#include "wsutil/str_util.h"
#include "wsutil/inet_addr.h"
+#include "wsutil/time_util.h"
#include "caputils/ws80211_utils.h"
-#ifdef HAVE_EXTCAP
#include "extcap.h"
-#endif
/*
* Get information about libpcap format from "wiretap/libpcap.h".
*/
#include "wiretap/libpcap.h"
#include "wiretap/pcapng_module.h"
+#include "wiretap/pcapng.h"
/**#define DEBUG_DUMPCAP**/
/**#define DEBUG_CHILD_DUMPCAP**/
/** Close a pipe, or socket if \a from_socket is TRUE */
static void cap_pipe_close(int pipe_fd, gboolean from_socket _U_);
-#ifdef __linux__
-/*
- * Enable kernel BPF JIT compiler if available.
- * If any calls fail, just drive on - the JIT compiler might not be
- * enabled, but filtering will still work, and it's not clear what
- * we could do if the calls fail; should we just report the error
- * and not continue to capture, should we report it as a warning, or
- * what?
- */
-static void
-enable_kernel_bpf_jit_compiler(void)
-{
- int fd;
- ssize_t written _U_;
- static const char file[] = "/proc/sys/net/core/bpf_jit_enable";
-
- fd = ws_open(file, O_WRONLY);
- if (fd < 0)
- return;
-
- written = ws_write(fd, "1", strlen("1"));
-
- ws_close(fd);
-}
-#endif
-
#if !defined (__linux__)
#ifndef HAVE_PCAP_BREAKLOOP
/*
PIPNEXIST
} cap_pipe_err_t;
+typedef struct _pcap_pipe_info {
+ struct pcap_hdr hdr; /**< Pcap header when capturing from a pipe */
+ struct pcaprec_modified_hdr rechdr; /**< Pcap record header when capturing from a pipe */
+} pcap_pipe_info_t;
+
+typedef struct _pcapng_pipe_info {
+ struct pcapng_block_header_s bh; /**< Pcapng general block header when capturing from a pipe */
+ struct pcapng_section_header_block_s shb; /**< Pcapng section header when capturing from a pipe */
+ GList *saved_blocks; /**< Pcapng block list of SHB and IDBs for multi_file_on */
+} pcapng_pipe_info_t;
+
+struct _loop_data; /* forward declaration so we can use it in the cap_pipe_dispatch function pointer */
+
/*
* A source of packets from which we're capturing.
*/
/**< capture pipe (unix only "input file") */
gboolean from_cap_pipe; /**< TRUE if we are capturing data from a capture pipe */
gboolean from_cap_socket; /**< TRUE if we're capturing from socket */
- struct pcap_hdr cap_pipe_hdr; /**< Pcap header when capturing from a pipe */
- struct pcaprec_modified_hdr cap_pipe_rechdr; /**< Pcap record header when capturing from a pipe */
+ gboolean from_pcapng; /**< TRUE if we're capturing from pcapng format */
+ union {
+ pcap_pipe_info_t pcap; /**< Pcap info when capturing from a pipe */
+ pcapng_pipe_info_t pcapng; /**< Pcapng info when capturing from a pipe */
+ } cap_pipe_info;
#ifdef _WIN32
HANDLE cap_pipe_h; /**< The handle of the capture pipe */
#endif
int cap_pipe_fd; /**< the file descriptor of the capture pipe */
gboolean cap_pipe_modified; /**< TRUE if data in the pipe uses modified pcap headers */
gboolean cap_pipe_byte_swapped; /**< TRUE if data in the pipe is byte swapped */
+ char * cap_pipe_databuf; /**< Pointer to the data buffer we've allocated */
+ size_t cap_pipe_databuf_size; /**< Current size of the data buffer */
+ guint cap_pipe_max_pkt_size; /**< Maximum packet size allowed */
#if defined(_WIN32)
- char * cap_pipe_buf; /**< Pointer to the data buffer we read into */
+ char * cap_pipe_buf; /**< Pointer to the buffer we read into */
DWORD cap_pipe_bytes_to_read; /**< Used by cap_pipe_dispatch */
DWORD cap_pipe_bytes_read; /**< Used by cap_pipe_dispatch */
#else
size_t cap_pipe_bytes_to_read; /**< Used by cap_pipe_dispatch */
size_t cap_pipe_bytes_read; /**< Used by cap_pipe_dispatch */
#endif
+ int (*cap_pipe_dispatch)(struct _loop_data *, struct _capture_src *, char *, int);
cap_pipe_state_t cap_pipe_state;
cap_pipe_err_t cap_pipe_err;
typedef struct _pcap_queue_element {
capture_src *pcap_src;
- struct pcap_pkthdr phdr;
+ union {
+ struct pcap_pkthdr phdr;
+ struct pcapng_block_header_s bh;
+ } u;
u_char *pd;
} pcap_queue_element;
/*
* Timeout, in microseconds, for reads from the stream of captured packets
* from a pipe. Pipes don't have the same problem that BPF devices do
- * in OS X 10.6, 10.6.1, 10.6.3, and 10.6.4, so we always use a timeout
+ * in Mac OS X 10.6, 10.6.1, 10.6.3, and 10.6.4, so we always use a timeout
* of 250ms, i.e. the same value as CAP_READ_TIMEOUT when not on one
* of the offending versions of Snow Leopard.
*
const u_char *pd);
static void capture_loop_queue_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr,
const u_char *pd);
-static void capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
- int err, gboolean is_close);
+static void capture_loop_write_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd);
+static void capture_loop_queue_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd);
+static void capture_loop_get_errmsg(char *errmsg, size_t errmsglen,
+ char *secondary_errmsg,
+ size_t secondary_errmsglen,
+ const char *fname, int err,
+ gboolean is_close);
static void WS_NORETURN exit_main(int err);
#define MSG_MAX_LENGTH 4096
-/* Copied from pcapio.c pcapng_write_interface_statistics_block()*/
-static guint64
-create_timestamp(void) {
- guint64 timestamp;
-#ifdef _WIN32
- FILETIME now;
-#else
- struct timeval now;
-#endif
-
-#ifdef _WIN32
- /*
- * Current time, represented as 100-nanosecond intervals since
- * January 1, 1601, 00:00:00 UTC.
- *
- * I think DWORD might be signed, so cast both parts of "now"
- * to guint32 so that the sign bit doesn't get treated specially.
- *
- * Windows 8 provides GetSystemTimePreciseAsFileTime which we
- * might want to use instead.
- */
- GetSystemTimeAsFileTime(&now);
- timestamp = (((guint64)(guint32)now.dwHighDateTime) << 32) +
- (guint32)now.dwLowDateTime;
-
- /*
- * Convert to same thing but as 1-microsecond, i.e. 1000-nanosecond,
- * intervals.
- */
- timestamp /= 10;
-
- /*
- * Subtract difference, in microseconds, between January 1, 1601
- * 00:00:00 UTC and January 1, 1970, 00:00:00 UTC.
- */
- timestamp -= G_GUINT64_CONSTANT(11644473600000000);
-#else
- /*
- * Current time, represented as seconds and microseconds since
- * January 1, 1970, 00:00:00 UTC.
- */
- gettimeofday(&now, NULL);
-
- /*
- * Convert to delta in microseconds.
- */
- timestamp = (guint64)(now.tv_sec) * 1000000 +
- (guint64)(now.tv_usec);
-#endif
- return timestamp;
-}
-
static void
print_usage(FILE *output)
{
" rpcap://<host>/<interface>\n"
" TCP@<host>:<port>\n");
fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n");
- fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE);
+#ifdef HAVE_PCAP_CREATE
+ fprintf(output, " -s <snaplen> packet snapshot length (def: appropriate maximum)\n");
+#else
+ fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE_STANDARD);
+#endif
fprintf(output, " -p don't capture in promiscuous mode\n");
#ifdef HAVE_PCAP_CREATE
fprintf(output, " -I capture in monitor mode, if available\n");
fprintf(output, " -B <buffer size> size of kernel buffer in MiB (def: %dMiB)\n", DEFAULT_CAPTURE_BUFFER_SIZE);
#endif
fprintf(output, " -y <link type> link layer type (def: first appropriate)\n");
+ fprintf(output, " --time-stamp-type <type> timestamp method for interface\n");
fprintf(output, " -D print list of interfaces and exit\n");
fprintf(output, " -L print list of link-layer types of iface and exit\n");
+ fprintf(output, " --list-time-stamp-types print list of timestamp types for iface and exit\n");
#ifdef HAVE_BPF_IMAGE
fprintf(output, " -d print generated BPF code for capture filter\n");
#endif
fprintf(output, " -w <filename> name of file to save (def: tempfile)\n");
fprintf(output, " -g enable group read access on the output file(s)\n");
fprintf(output, " -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs\n");
+ fprintf(output, " interval:NUM - create time intervals of NUM secs\n");
fprintf(output, " filesize:NUM - switch to next file after NUM KB\n");
fprintf(output, " files:NUM - ringbuffer: replace after NUM files\n");
fprintf(output, " -n use pcapng format instead of pcap (default)\n");
fprintf(output, " -h display this help and exit\n");
fprintf(output, "\n");
#ifdef __linux__
- fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
- fprintf(output, "You might want to reset it\n");
- fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "Dumpcap can benefit from an enabled BPF JIT compiler if available.\n");
+ fprintf(output, "You might want to enable it by executing:\n");
+ fprintf(output, " \"echo 1 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "Note that this can make your system less secure!\n");
fprintf(output, "\n");
#endif
fprintf(output, "Example: dumpcap -i eth0 -a duration:60 -w output.pcapng\n");
static gboolean
show_filter_code(capture_options *capture_opts)
{
- interface_options interface_opts;
+ interface_options *interface_opts;
pcap_t *pcap_h;
gchar open_err_str[PCAP_ERRBUF_SIZE];
char errmsg[MSG_MAX_LENGTH+1];
guint j;
for (j = 0; j < capture_opts->ifaces->len; j++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, j);
- pcap_h = open_capture_device(capture_opts, &interface_opts,
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, j);
+ pcap_h = open_capture_device(capture_opts, interface_opts,
CAP_READ_TIMEOUT, &open_err_str);
if (pcap_h == NULL) {
/* Open failed; get messages */
get_capture_device_open_failure_messages(open_err_str,
- interface_opts.name,
+ interface_opts->name,
errmsg, sizeof errmsg,
secondary_errmsg,
sizeof secondary_errmsg);
}
/* Set the link-layer type. */
- if (!set_pcap_datalink(pcap_h, interface_opts.linktype, interface_opts.name,
+ if (!set_pcap_datalink(pcap_h, interface_opts->linktype, interface_opts->name,
errmsg, sizeof errmsg,
secondary_errmsg, sizeof secondary_errmsg)) {
pcap_close(pcap_h);
}
/* OK, try to compile the capture filter. */
- if (!compile_capture_filter(interface_opts.name, pcap_h, &fcode,
- interface_opts.cfilter)) {
+ if (!compile_capture_filter(interface_opts->name, pcap_h, &fcode,
+ interface_opts->cfilter)) {
pcap_close(pcap_h);
report_cfilter_error(capture_opts, j, errmsg);
return FALSE;
return get_interface_list(err, err_str);
}
-#define ADDRSTRLEN 46 /* Covers IPv4 & IPv6 */
/*
* Output a machine readable list of the interfaces
* This list is retrieved by the sync_interface_list_open() function
if_info_t *if_info;
GSList *addr;
if_addr_t *if_addr;
- char addr_str[ADDRSTRLEN];
+ char addr_str[WS_INET6_ADDRSTRLEN];
if (capture_child) {
/* Let our parent know we succeeded. */
if_addr = (if_addr_t *)addr->data;
switch(if_addr->ifat_type) {
case IF_AT_IPv4:
- if (ws_inet_ntop4(&if_addr->addr.ip4_addr, addr_str,
- ADDRSTRLEN)) {
- printf("%s", addr_str);
- } else {
- printf("<unknown IPv4>");
- }
+ printf("%s", ws_inet_ntop4(&if_addr->addr.ip4_addr, addr_str, sizeof(addr_str)));
break;
case IF_AT_IPv6:
- if (ws_inet_ntop6(&if_addr->addr.ip6_addr,
- addr_str, ADDRSTRLEN)) {
- printf("%s", addr_str);
- } else {
- printf("<unknown IPv6>");
- }
+ printf("%s", ws_inet_ntop6(&if_addr->addr.ip6_addr, addr_str, sizeof(addr_str)));
break;
default:
printf("<type unknown %i>", if_addr->ifat_type);
printf("\tloopback");
else
printf("\tnetwork");
-#ifdef HAVE_EXTCAP
printf("\t%s", if_info->extcap);
-#endif
printf("\n");
}
}
* you MUST update capture_ifinfo.c:capture_get_if_capabilities() accordingly!
*/
static void
-print_machine_readable_if_capabilities(if_capabilities_t *caps)
+print_machine_readable_if_capabilities(if_capabilities_t *caps, int queries)
{
- GList *lt_entry;
- data_link_info_t *data_link_info;
+ GList *lt_entry, *ts_entry;
const gchar *desc_str;
if (capture_child) {
pipe_write_block(2, SP_SUCCESS, NULL);
}
- if (caps->can_set_rfmon)
- printf("1\n");
- else
- printf("0\n");
- for (lt_entry = caps->data_link_types; lt_entry != NULL;
- lt_entry = g_list_next(lt_entry)) {
- data_link_info = (data_link_info_t *)lt_entry->data;
- if (data_link_info->description != NULL)
- desc_str = data_link_info->description;
- else
- desc_str = "(not supported)";
- printf("%d\t%s\t%s\n", data_link_info->dlt, data_link_info->name,
- desc_str);
+ if (queries & CAPS_QUERY_LINK_TYPES) {
+ if (caps->can_set_rfmon)
+ printf("1\n");
+ else
+ printf("0\n");
+ for (lt_entry = caps->data_link_types; lt_entry != NULL;
+ lt_entry = g_list_next(lt_entry)) {
+ data_link_info_t *data_link_info = (data_link_info_t *)lt_entry->data;
+ if (data_link_info->description != NULL)
+ desc_str = data_link_info->description;
+ else
+ desc_str = "(not supported)";
+ printf("%d\t%s\t%s\n", data_link_info->dlt, data_link_info->name,
+ desc_str);
+ }
+ }
+ printf("\n");
+ if (queries & CAPS_QUERY_TIMESTAMP_TYPES) {
+ for (ts_entry = caps->timestamp_types; ts_entry != NULL;
+ ts_entry = g_list_next(ts_entry)) {
+ timestamp_info_t *timestamp = (timestamp_info_t *)ts_entry->data;
+ if (timestamp->description != NULL)
+ desc_str = timestamp->description;
+ else
+ desc_str = "(none)";
+ printf("%s\t%s\n", timestamp->name, desc_str);
+ }
}
}
capture_src *pcap_src;
#ifdef _WIN32
BOOL res;
- DWORD b, last_err, bytes_read;
+ DWORD last_err, bytes_read;
#else /* _WIN32 */
size_t bytes_read;
- int b;
#endif /* _WIN32 */
+ ssize_t b;
pcap_src = (capture_src *)arg;
while (pcap_src->cap_pipe_err == PIPOK) {
#endif
}
+static int
+cap_pipe_read_data_bytes(capture_src *pcap_src, char *errmsg, int errmsgl)
+{
+ int sel_ret;
+ int fd = pcap_src->cap_pipe_fd;
+#ifdef _WIN32
+ DWORD sz, bytes_read = 0;
+#else /* _WIN32 */
+ size_t sz, bytes_read = 0;
+#endif /* _WIN32 */
+ ssize_t b;
+
+ sz = pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read;
+ while (bytes_read < sz) {
+ if (fd == -1) {
+ g_snprintf(errmsg, errmsgl, "Invalid file descriptor.");
+ return -1;
+ }
+
+ sel_ret = cap_pipe_select(fd);
+ if (sel_ret < 0) {
+ g_snprintf(errmsg, errmsgl,
+ "Unexpected error from select: %s.", g_strerror(errno));
+ return -1;
+ } else if (sel_ret > 0) {
+ b = cap_pipe_read(fd, pcap_src->cap_pipe_databuf+pcap_src->cap_pipe_bytes_read+bytes_read,
+ sz-bytes_read, pcap_src->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open.");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s.",
+ g_strerror(errno));
+ return -1;
+ }
+ bytes_read += b;
+ }
+ }
+ pcap_src->cap_pipe_bytes_read += bytes_read;
+ return 0;
+}
+
+/* Some forward declarations for breaking up cap_pipe_open_live for pcap and pcapng formats */
+static void pcap_pipe_open_live(int fd, capture_src *pcap_src, struct pcap_hdr *hdr, char *errmsg, int errmsgl);
+static void pcapng_pipe_open_live(int fd, capture_src *pcap_src, char *errmsg, int errmsgl);
+static int pcapng_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl);
+
/* Mimic pcap_open_live() for pipe captures
* We check if "pipename" is "-" (stdin), a AF_UNIX socket, or a FIFO,
static void
cap_pipe_open_live(char *pipename,
capture_src *pcap_src,
- struct pcap_hdr *hdr,
+ void *hdr,
char *errmsg, int errmsgl)
{
#ifndef _WIN32
#else /* _WIN32 */
char *pncopy, *pos;
wchar_t *err_str;
-#ifdef HAVE_EXTCAP
char* extcap_pipe_name;
#endif
-#endif
-#ifdef HAVE_EXTCAP
gboolean extcap_pipe = FALSE;
- interface_options interface_opts;
-#endif
ssize_t b;
int fd = -1, sel_ret;
size_t bytes_read;
return;
}
} else {
-
-#ifdef HAVE_EXTCAP
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, 0);
-#endif
-
#ifndef _WIN32
-#ifdef HAVE_EXTCAP
- if ( g_strrstr(interface_opts.name, EXTCAP_PIPE_PREFIX) != NULL )
+ if ( g_strrstr(pipename, EXTCAP_PIPE_PREFIX) != NULL )
extcap_pipe = TRUE;
-#endif
if (ws_stat64(pipename, &pipe_stat) < 0) {
if (errno == ENOENT || errno == ENOTDIR)
pcap_src->cap_pipe_err = PIPNEXIST;
return;
}
-#ifdef HAVE_EXTCAP
extcap_pipe_name = g_strconcat("\\\\.\\pipe\\", EXTCAP_PIPE_PREFIX, NULL);
- extcap_pipe = strstr(interface_opts.name, extcap_pipe_name) ? TRUE : FALSE;
+ extcap_pipe = strstr(pipename, extcap_pipe_name) ? TRUE : FALSE;
g_free(extcap_pipe_name);
-#endif
/* Wait for the pipe to appear */
while (1) {
-
-#ifdef HAVE_EXTCAP
if(extcap_pipe)
pcap_src->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
else
-#endif
pcap_src->cap_pipe_h = CreateFile(utf_8to16(pipename), GENERIC_READ, 0, NULL,
OPEN_EXISTING, 0, NULL);
pcap_src->from_cap_pipe = TRUE;
+ /*
+ * We start with a 2KB buffer for packet data, which should be
+ * large enough for most regular network packets. We increase it,
+ * up to the maximum size we allow, as necessary.
+ */
+ pcap_src->cap_pipe_databuf = (guchar*)g_malloc(2048);
+ pcap_src->cap_pipe_databuf_size = 2048;
+
#ifdef _WIN32
if (pcap_src->from_cap_socket)
#endif
/* read the pcap header */
bytes_read = 0;
while (bytes_read < sizeof magic) {
- if (fd == -1) {
- g_snprintf(errmsg, errmsgl, "Invalid file descriptor.");
- goto error;
- }
-
sel_ret = cap_pipe_select(fd);
if (sel_ret < 0) {
g_snprintf(errmsg, errmsgl,
b = cap_pipe_read(fd, ((char *)&magic)+bytes_read,
sizeof magic-bytes_read,
pcap_src->from_cap_socket);
-#ifdef HAVE_EXTCAP
/* jump messaging, if extcap had an error, stderr will provide the correct message */
if (extcap_pipe && b <= 0)
goto error;
-#endif
+
if (b <= 0) {
if (b == 0)
g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open.");
}
#ifdef _WIN32
else {
-#if GLIB_CHECK_VERSION(2,31,0)
g_thread_new("cap_pipe_open_live", &cap_thread_read, pcap_src);
-#else
- g_thread_create(&cap_thread_read, pcap_src, FALSE, NULL);
-#endif
pcap_src->cap_pipe_buf = (char *) &magic;
pcap_src->cap_pipe_bytes_read = 0;
pcap_src->cap_pipe_modified = TRUE;
break;
case BLOCK_TYPE_SHB:
- /* This isn't pcap, it's pcapng. We don't yet support
- reading it. */
- g_snprintf(errmsg, errmsgl, "Capturing from a pipe doesn't support pcapng format.");
- goto error;
+ /* This isn't pcap, it's pcapng. */
+ pcap_src->from_pcapng = TRUE;
+ pcap_src->cap_pipe_dispatch = pcapng_pipe_dispatch;
+ global_capture_opts.use_pcapng = TRUE; /* we can only output in pcapng format */
+ pcapng_pipe_open_live(fd, pcap_src, errmsg, errmsgl);
+ return;
default:
/* Not a pcap type we know about, or not pcap at all. */
g_snprintf(errmsg, errmsgl, "Unrecognized libpcap format or not libpcap data.");
goto error;
}
+ pcap_pipe_open_live(fd, pcap_src, (struct pcap_hdr *) hdr, errmsg, errmsgl);
+ return;
+
+error:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: error %s", errmsg);
+ pcap_src->cap_pipe_err = PIPERR;
+ cap_pipe_close(fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+#ifdef _WIN32
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+#endif
+}
+
+static void
+pcap_pipe_open_live(int fd,
+ capture_src *pcap_src,
+ struct pcap_hdr *hdr,
+ char *errmsg, int errmsgl)
+{
+ size_t bytes_read;
+ ssize_t b;
+ int sel_ret;
#ifdef _WIN32
if (pcap_src->from_cap_socket)
#endif
hdr->network = GUINT32_SWAP_LE_BE(hdr->network);
}
pcap_src->linktype = hdr->network;
+#ifdef DLT_DBUS
+ if (pcap_src->linktype == DLT_DBUS) {
+ /*
+ * The maximum D-Bus message size is 128MB, so allow packets up
+ * to that size.
+ */
+ pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_DBUS;
+ } else
+#endif
+ pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_STANDARD;
+
+ if (hdr->version_major < 2) {
+ g_snprintf(errmsg, errmsgl, "Unable to read old libpcap format version %d.%d",
+ hdr->version_major, hdr->version_minor);
+ goto error;
+ }
+
+ pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
+ pcap_src->cap_pipe_err = PIPOK;
+ pcap_src->cap_pipe_fd = fd;
+ return;
+
+error:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcap_pipe_open_live: error %s", errmsg);
+ pcap_src->cap_pipe_err = PIPERR;
+ cap_pipe_close(fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+#ifdef _WIN32
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+#endif
+}
+
+/* Read the pcapng section header block */
+static int
+pcapng_read_shb(capture_src *pcap_src,
+ char *errmsg,
+ int errmsgl)
+{
+ struct pcapng_block_header_s *bh = &pcap_src->cap_pipe_info.pcapng.bh;
+ struct pcapng_section_header_block_s *shb = &pcap_src->cap_pipe_info.pcapng.shb;
+
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket)
+#endif
+ {
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_block_header_s) + sizeof(struct pcapng_section_header_block_s);
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ return -1;
+ }
+ }
+#ifdef _WIN32
+ else {
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf + sizeof(struct pcapng_block_header_s);
+ pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_section_header_block_s);
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_async_queue_pop(pcap_src->cap_pipe_done_q);
+ if (pcap_src->cap_pipe_bytes_read <= 0) {
+ if (pcap_src->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe section header during open.");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe section header during open: %s.",
+ g_strerror(errno));
+ return -1;
+ }
+ pcap_src->cap_pipe_bytes_read = sizeof(struct pcapng_block_header_s) + sizeof(struct pcapng_section_header_block_s);
+ }
+#endif
+ memcpy(shb, pcap_src->cap_pipe_databuf + sizeof(struct pcapng_block_header_s), sizeof(struct pcapng_section_header_block_s));
+ switch (shb->magic)
+ {
+ case PCAPNG_MAGIC:
+ pcap_src->cap_pipe_byte_swapped = FALSE;
+ break;
+ case PCAPNG_SWAPPED_MAGIC:
+ pcap_src->cap_pipe_byte_swapped = TRUE;
+ break;
+ default:
+ /* Not a pcapng type we know about, or not pcapng at all. */
+ g_snprintf(errmsg, errmsgl, "Unrecognized pcapng format or not pcapng data.");
+ return -1;
+ }
+
+ if (pcap_src->cap_pipe_byte_swapped) {
+ /* Byte-swap the header fields about which we care. */
+ shb->version_major = GUINT16_SWAP_LE_BE(shb->version_major);
+ shb->version_minor = GUINT16_SWAP_LE_BE(shb->version_minor);
+ shb->section_length = GUINT64_SWAP_LE_BE(shb->section_length);
+ bh->block_total_length = GUINT32_SWAP_LE_BE(bh->block_total_length);
+ }
+
+ pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_STANDARD;
+
+ /* Setup state to capture the rest of the section header block */
+ pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
+
+ return 0;
+}
+
+static int
+pcapng_write_saved_block(capture_src *pcap_src, struct pcapng_block_header_s *bh)
+{
+ guint32 length = bh->block_total_length;
+
+ if (pcap_src->cap_pipe_byte_swapped) {
+ length = GUINT32_SWAP_LE_BE(length);
+ }
+
+ return pcapng_write_block(global_ld.pdh,
+ (const guint8 *) bh,
+ length,
+ &global_ld.bytes_written, &global_ld.err);
+}
+
+/* Save SHB and IDB blocks to playback whenever we change output files. */
+/* The list is saved in reverse order of blocks added */
+static gboolean
+pcapng_block_save(capture_src *pcap_src)
+{
+ pcapng_pipe_info_t *pcapng = &pcap_src->cap_pipe_info.pcapng;
+ struct pcapng_block_header_s *bh = &pcapng->bh;
+
+ /* Delete all the old blocks first whenever we get a SHB */
+ if (bh->block_type == BLOCK_TYPE_SHB) {
+ g_list_free_full(pcapng->saved_blocks, g_free);
+ pcapng->saved_blocks = NULL;
+ } else if (bh->block_type != BLOCK_TYPE_IDB) {
+ return TRUE;
+ }
+
+ gpointer data = g_malloc(bh->block_total_length);
+ if (data == NULL) {
+ return FALSE;
+ }
+ memcpy(data, pcap_src->cap_pipe_databuf, bh->block_total_length);
+
+ pcapng->saved_blocks = g_list_prepend(pcapng->saved_blocks, data);
+
+ return TRUE;
+}
+
+static void
+pcapng_pipe_open_live(int fd,
+ capture_src *pcap_src,
+ char *errmsg,
+ int errmsgl)
+{
+ guint32 type = BLOCK_TYPE_SHB;
+ struct pcapng_block_header_s *bh = &pcap_src->cap_pipe_info.pcapng.bh;
+
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket)
+#endif
+ {
+ memcpy(pcap_src->cap_pipe_databuf, &type, sizeof(guint32));
+ /* read the rest of the pcapng general block header */
+ pcap_src->cap_pipe_bytes_read = sizeof(guint32);
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_block_header_s);
+ pcap_src->cap_pipe_err = PIPOK;
+ pcap_src->cap_pipe_fd = fd;
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ goto error;
+ }
+ memcpy(bh, pcap_src->cap_pipe_databuf, sizeof(struct pcapng_block_header_s));
+ }
+#ifdef _WIN32
+ else {
+ g_thread_new("cap_pipe_open_live", &cap_thread_read, pcap_src);
+
+ bh->block_type = type;
+ pcap_src->cap_pipe_buf = (char *) &bh->block_total_length;
+ pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_to_read = sizeof(bh->block_total_length);
+ /* We don't have to worry about cap_pipe_read_mtx here */
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_async_queue_pop(pcap_src->cap_pipe_done_q);
+ if (pcap_src->cap_pipe_bytes_read <= 0) {
+ if (pcap_src->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe block_total_length during open.");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe block_total_length during open: %s.",
+ g_strerror(errno));
+ goto error;
+ }
+ pcap_src->cap_pipe_bytes_read = sizeof(struct pcapng_block_header_s);
+ memcpy(pcap_src->cap_pipe_databuf, bh, sizeof(struct pcapng_block_header_s));
+ pcap_src->cap_pipe_err = PIPOK;
+ pcap_src->cap_pipe_fd = fd;
+ }
+#endif
+ if (pcapng_read_shb(pcap_src, errmsg, errmsgl)) {
+ goto error;
+ }
+
+ return;
+
+error:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_open_live: error %s", errmsg);
+ pcap_src->cap_pipe_err = PIPERR;
+ cap_pipe_close(fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+#ifdef _WIN32
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+#endif
+}
+
+/* We read one record from the pipe, take care of byte order in the record
+ * header, write the record to the capture file, and update capture statistics. */
+static int
+pcap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl)
+{
+ struct pcap_pkthdr phdr;
+ enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
+ PD_ERR } result;
+#ifdef _WIN32
+ gpointer q_status;
+ wchar_t *err_str;
+#endif
+ ssize_t b;
+ guint new_bufsize;
+ pcap_pipe_info_t *pcap_info = &pcap_src->cap_pipe_info.pcap;
+
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcap_pipe_dispatch");
+#endif
+
+ switch (pcap_src->cap_pipe_state) {
+
+ case STATE_EXPECT_REC_HDR:
+#ifdef _WIN32
+ if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
+#endif
+
+ pcap_src->cap_pipe_state = STATE_READ_REC_HDR;
+ pcap_src->cap_pipe_bytes_to_read = pcap_src->cap_pipe_modified ?
+ sizeof(struct pcaprec_modified_hdr) : sizeof(struct pcaprec_hdr);
+ pcap_src->cap_pipe_bytes_read = 0;
+
+#ifdef _WIN32
+ pcap_src->cap_pipe_buf = (char *) &pcap_info->rechdr;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
+ }
+#endif
+ /* Fall through */
+
+ case STATE_READ_REC_HDR:
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket)
+#endif
+ {
+ b = cap_pipe_read(pcap_src->cap_pipe_fd, ((char *)&pcap_info->rechdr)+pcap_src->cap_pipe_bytes_read,
+ pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read, pcap_src->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ result = PD_PIPE_EOF;
+ else
+ result = PD_PIPE_ERR;
+ break;
+ }
+ pcap_src->cap_pipe_bytes_read += b;
+ }
+#ifdef _WIN32
+ else {
+ q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ if (pcap_src->cap_pipe_err == PIPEOF) {
+ result = PD_PIPE_EOF;
+ break;
+ } else if (pcap_src->cap_pipe_err == PIPERR) {
+ result = PD_PIPE_ERR;
+ break;
+ }
+ if (!q_status) {
+ return 0;
+ }
+ }
+#endif
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
+ return 0;
+ result = PD_REC_HDR_READ;
+ break;
+
+ case STATE_EXPECT_DATA:
+#ifdef _WIN32
+ if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
+#endif
+
+ pcap_src->cap_pipe_state = STATE_READ_DATA;
+ pcap_src->cap_pipe_bytes_to_read = pcap_info->rechdr.hdr.incl_len;
+ pcap_src->cap_pipe_bytes_read = 0;
+
+#ifdef _WIN32
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
+ }
+#endif
+ /* Fall through */
+
+ case STATE_READ_DATA:
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket)
+#endif
+ {
+ b = cap_pipe_read(pcap_src->cap_pipe_fd,
+ pcap_src->cap_pipe_databuf+pcap_src->cap_pipe_bytes_read,
+ pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read,
+ pcap_src->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ result = PD_PIPE_EOF;
+ else
+ result = PD_PIPE_ERR;
+ break;
+ }
+ pcap_src->cap_pipe_bytes_read += b;
+ }
+#ifdef _WIN32
+ else {
+
+ q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ if (pcap_src->cap_pipe_err == PIPEOF) {
+ result = PD_PIPE_EOF;
+ break;
+ } else if (pcap_src->cap_pipe_err == PIPERR) {
+ result = PD_PIPE_ERR;
+ break;
+ }
+ if (!q_status) {
+ return 0;
+ }
+ }
+#endif /* _WIN32 */
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
+ return 0;
+ result = PD_DATA_READ;
+ break;
+
+ default:
+ g_snprintf(errmsg, errmsgl, "pcap_pipe_dispatch: invalid state");
+ result = PD_ERR;
+
+ } /* switch (pcap_src->cap_pipe_state) */
+
+ /*
+ * We've now read as much data as we were expecting, so process it.
+ */
+ switch (result) {
+
+ case PD_REC_HDR_READ:
+ /* We've read the header. Take care of byte order. */
+ cap_pipe_adjust_header(pcap_src->cap_pipe_byte_swapped, &pcap_info->hdr,
+ &pcap_info->rechdr.hdr);
+ if (pcap_info->rechdr.hdr.incl_len > pcap_src->cap_pipe_max_pkt_size) {
+ /*
+ * The record contains more data than the advertised/allowed in the
+ * pcap header, do not try to read more data (do not change to
+ * STATE_EXPECT_DATA) as that would not fit in the buffer and
+ * instead stop with an error.
+ */
+ g_snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)",
+ ld->packet_count+1, pcap_info->rechdr.hdr.incl_len);
+ break;
+ }
+
+ if (pcap_info->rechdr.hdr.incl_len > pcap_src->cap_pipe_databuf_size) {
+ /*
+ * Grow the buffer to the packet size, rounded up to a power of
+ * 2.
+ */
+ new_bufsize = pcap_info->rechdr.hdr.incl_len;
+ /*
+ * http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
+ */
+ new_bufsize--;
+ new_bufsize |= new_bufsize >> 1;
+ new_bufsize |= new_bufsize >> 2;
+ new_bufsize |= new_bufsize >> 4;
+ new_bufsize |= new_bufsize >> 8;
+ new_bufsize |= new_bufsize >> 16;
+ new_bufsize++;
+ pcap_src->cap_pipe_databuf = (guchar*)g_realloc(pcap_src->cap_pipe_databuf, new_bufsize);
+ pcap_src->cap_pipe_databuf_size = new_bufsize;
+ }
+
+ /*
+ * The record has some data following the header, try to read it next
+ * time.
+ */
+ if (pcap_info->rechdr.hdr.incl_len) {
+ pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
+ return 0;
+ }
+
+ /*
+ * No data following the record header? Then no more data needs to be
+ * read and we will fallthrough and emit an empty packet.
+ */
+ /* FALLTHROUGH */
+ case PD_DATA_READ:
+ /* Fill in a "struct pcap_pkthdr", and process the packet. */
+ phdr.ts.tv_sec = pcap_info->rechdr.hdr.ts_sec;
+ phdr.ts.tv_usec = pcap_info->rechdr.hdr.ts_usec;
+ phdr.caplen = pcap_info->rechdr.hdr.incl_len;
+ phdr.len = pcap_info->rechdr.hdr.orig_len;
- if (hdr->version_major < 2) {
- g_snprintf(errmsg, errmsgl, "Unable to read old libpcap format");
- goto error;
- }
+ if (use_threads) {
+ capture_loop_queue_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
+ } else {
+ capture_loop_write_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
+ }
+ pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
+ return 1;
- pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
- pcap_src->cap_pipe_err = PIPOK;
- pcap_src->cap_pipe_fd = fd;
- return;
+ case PD_PIPE_EOF:
+ pcap_src->cap_pipe_err = PIPEOF;
+ return -1;
-error:
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: error %s", errmsg);
- pcap_src->cap_pipe_err = PIPERR;
- cap_pipe_close(fd, pcap_src->from_cap_socket);
- pcap_src->cap_pipe_fd = -1;
+ case PD_PIPE_ERR:
#ifdef _WIN32
- pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
+ g_snprintf(errmsg, errmsgl,
+ "Error reading from pipe: %s (error %d)",
+ utf_16to8(err_str), GetLastError());
+ LocalFree(err_str);
+#else
+ g_snprintf(errmsg, errmsgl, "Error reading from pipe: %s",
+ g_strerror(errno));
#endif
-}
+ /* Fall through */
+ case PD_ERR:
+ break;
+ }
+ pcap_src->cap_pipe_err = PIPERR;
+ /* Return here rather than inside the switch to prevent GCC warning */
+ return -1;
+}
-/* We read one record from the pipe, take care of byte order in the record
- * header, write the record to the capture file, and update capture statistics. */
static int
-cap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, guchar *data, char *errmsg, int errmsgl)
+pcapng_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl)
{
- struct pcap_pkthdr phdr;
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
PD_ERR } result;
#ifdef _WIN32
-#if !GLIB_CHECK_VERSION(2,31,18)
- GTimeVal wait_time;
-#endif
gpointer q_status;
wchar_t *err_str;
#endif
- ssize_t b;
+ guint new_bufsize;
+ struct pcapng_block_header_s *bh = &pcap_src->cap_pipe_info.pcapng.bh;
#ifdef LOG_CAPTURE_VERBOSE
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_dispatch");
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch");
#endif
switch (pcap_src->cap_pipe_state) {
#endif
pcap_src->cap_pipe_state = STATE_READ_REC_HDR;
- pcap_src->cap_pipe_bytes_to_read = pcap_src->cap_pipe_modified ?
- sizeof(struct pcaprec_modified_hdr) : sizeof(struct pcaprec_hdr);
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_block_header_s);
pcap_src->cap_pipe_bytes_read = 0;
#ifdef _WIN32
- pcap_src->cap_pipe_buf = (char *) &pcap_src->cap_pipe_rechdr;
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf;
g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
if (pcap_src->from_cap_socket)
#endif
{
- b = cap_pipe_read(pcap_src->cap_pipe_fd, ((char *)&pcap_src->cap_pipe_rechdr)+pcap_src->cap_pipe_bytes_read,
- pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read, pcap_src->from_cap_socket);
- if (b <= 0) {
- if (b == 0)
- result = PD_PIPE_EOF;
- else
- result = PD_PIPE_ERR;
- break;
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ return -1;
}
- pcap_src->cap_pipe_bytes_read += b;
}
#ifdef _WIN32
else {
-#if GLIB_CHECK_VERSION(2,31,18)
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
#endif
if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
return 0;
+ memcpy(bh, pcap_src->cap_pipe_databuf, sizeof(struct pcapng_block_header_s));
result = PD_REC_HDR_READ;
break;
#ifdef _WIN32
if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
#endif
-
pcap_src->cap_pipe_state = STATE_READ_DATA;
- pcap_src->cap_pipe_bytes_to_read = pcap_src->cap_pipe_rechdr.hdr.incl_len;
- pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_to_read = bh->block_total_length;
+
#ifdef _WIN32
- pcap_src->cap_pipe_buf = (char *) data;
+ pcap_src->cap_pipe_bytes_to_read -= pcap_src->cap_pipe_bytes_read;
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf + pcap_src->cap_pipe_bytes_read;
g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
if (pcap_src->from_cap_socket)
#endif
{
- b = cap_pipe_read(pcap_src->cap_pipe_fd,
- data+pcap_src->cap_pipe_bytes_read,
- pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read,
- pcap_src->from_cap_socket);
- if (b <= 0) {
- if (b == 0)
- result = PD_PIPE_EOF;
- else
- result = PD_PIPE_ERR;
- break;
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ return -1;
}
- pcap_src->cap_pipe_bytes_read += b;
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
+ return 0;
}
#ifdef _WIN32
else {
-#if GLIB_CHECK_VERSION(2,31,18)
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif /* GLIB_CHECK_VERSION(2,31,18) */
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
if (!q_status) {
return 0;
}
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read) {
+ return 0;
+ }
+ pcap_src->cap_pipe_bytes_read = bh->block_total_length;
}
#endif /* _WIN32 */
- if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
- return 0;
result = PD_DATA_READ;
break;
default:
- g_snprintf(errmsg, errmsgl, "cap_pipe_dispatch: invalid state");
+ g_snprintf(errmsg, errmsgl, "pcapng_pipe_dispatch: invalid state");
result = PD_ERR;
} /* switch (pcap_src->cap_pipe_state) */
switch (result) {
case PD_REC_HDR_READ:
+ if (bh->block_type == BLOCK_TYPE_SHB) {
+ /* we need to read ahead to get the endianess before getting the block type and length */
+ pcapng_read_shb(pcap_src, errmsg, errmsgl);
+ return 1;
+ }
+
/* We've read the header. Take care of byte order. */
- cap_pipe_adjust_header(pcap_src->cap_pipe_byte_swapped, &pcap_src->cap_pipe_hdr,
- &pcap_src->cap_pipe_rechdr.hdr);
- if (pcap_src->cap_pipe_rechdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
+ if (pcap_src->cap_pipe_byte_swapped) {
+ /* Byte-swap the record header fields. */
+ bh->block_type = GUINT32_SWAP_LE_BE(bh->block_type);
+ bh->block_total_length = GUINT32_SWAP_LE_BE(bh->block_total_length);
+ }
+ if (bh->block_total_length > pcap_src->cap_pipe_max_pkt_size) {
+ /*
+ * The record contains more data than the advertised/allowed in the
+ * pcapng header, do not try to read more data (do not change to
+ * STATE_EXPECT_DATA) as that would not fit in the buffer and
+ * instead stop with an error.
+ */
g_snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)",
- ld->packet_count+1, pcap_src->cap_pipe_rechdr.hdr.incl_len);
+ ld->packet_count+1, bh->block_total_length);
break;
}
- if (pcap_src->cap_pipe_rechdr.hdr.incl_len) {
- pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
- return 0;
+ if (bh->block_total_length > pcap_src->cap_pipe_databuf_size) {
+ /*
+ * Grow the buffer to the packet size, rounded up to a power of
+ * 2.
+ */
+ new_bufsize = bh->block_total_length;
+ /*
+ * http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
+ */
+ new_bufsize--;
+ new_bufsize |= new_bufsize >> 1;
+ new_bufsize |= new_bufsize >> 2;
+ new_bufsize |= new_bufsize >> 4;
+ new_bufsize |= new_bufsize >> 8;
+ new_bufsize |= new_bufsize >> 16;
+ new_bufsize++;
+ pcap_src->cap_pipe_databuf = (guchar*)g_realloc(pcap_src->cap_pipe_databuf, new_bufsize);
+ pcap_src->cap_pipe_databuf_size = new_bufsize;
}
- /* no data to read? */
- /* FALLTHROUGH */
- case PD_DATA_READ:
- /* Fill in a "struct pcap_pkthdr", and process the packet. */
- phdr.ts.tv_sec = pcap_src->cap_pipe_rechdr.hdr.ts_sec;
- phdr.ts.tv_usec = pcap_src->cap_pipe_rechdr.hdr.ts_usec;
- phdr.caplen = pcap_src->cap_pipe_rechdr.hdr.incl_len;
- phdr.len = pcap_src->cap_pipe_rechdr.hdr.orig_len;
+ /* The record always has at least the block total length following the header */
+ if (bh->block_total_length < sizeof(struct pcapng_block_header_s)+sizeof(guint32)) {
+ g_snprintf(errmsg, errmsgl, "malformed pcapng block_total_length < minimum");
+ pcap_src->cap_pipe_err = PIPEOF;
+ return -1;
+ }
+ pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
+ return 0;
+
+ case PD_DATA_READ:
+ if (!pcapng_block_save(pcap_src)) {
+ return -1;
+ }
if (use_threads) {
- capture_loop_queue_packet_cb((u_char *)pcap_src, &phdr, data);
+ capture_loop_queue_pcapng_cb(pcap_src, bh, pcap_src->cap_pipe_databuf);
} else {
- capture_loop_write_packet_cb((u_char *)pcap_src, &phdr, data);
+ capture_loop_write_pcapng_cb(pcap_src, bh, pcap_src->cap_pipe_databuf);
}
pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
return 1;
return -1;
}
-
/** Open the capture input file (pcap or capture pipe).
* Returns TRUE if it succeeds, FALSE otherwise. */
static gboolean
{
gchar open_err_str[PCAP_ERRBUF_SIZE];
gchar *sync_msg_str;
- interface_options interface_opts;
+ interface_options *interface_opts;
capture_src *pcap_src;
guint i;
#ifdef _WIN32
}
for (i = 0; i < capture_opts->ifaces->len; i++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
pcap_src = (capture_src *)g_malloc(sizeof (capture_src));
if (pcap_src == NULL) {
g_snprintf(errmsg, (gulong) errmsg_len,
"Could not allocate memory.");
return FALSE;
}
- pcap_src->received = 0;
- pcap_src->dropped = 0;
- pcap_src->flushed = 0;
- pcap_src->pcap_h = NULL;
+ memset(pcap_src, 0, sizeof(capture_src));
#ifdef MUST_DO_SELECT
pcap_src->pcap_fd = -1;
#endif
- pcap_src->pcap_err = FALSE;
pcap_src->interface_id = i;
- pcap_src->tid = NULL;
- pcap_src->snaplen = 0;
pcap_src->linktype = -1;
- pcap_src->ts_nsec = FALSE;
- pcap_src->from_cap_pipe = FALSE;
- pcap_src->from_cap_socket = FALSE;
- memset(&pcap_src->cap_pipe_hdr, 0, sizeof(struct pcap_hdr));
- memset(&pcap_src->cap_pipe_rechdr, 0, sizeof(struct pcaprec_modified_hdr));
#ifdef _WIN32
pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
#endif
pcap_src->cap_pipe_fd = -1;
- pcap_src->cap_pipe_modified = FALSE;
- pcap_src->cap_pipe_byte_swapped = FALSE;
-#ifdef _WIN32
- pcap_src->cap_pipe_buf = NULL;
-#endif
- pcap_src->cap_pipe_bytes_to_read = 0;
- pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_dispatch = pcap_pipe_dispatch;
pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
pcap_src->cap_pipe_err = PIPOK;
#ifdef _WIN32
-#if GLIB_CHECK_VERSION(2,31,0)
pcap_src->cap_pipe_read_mtx = g_malloc(sizeof(GMutex));
g_mutex_init(pcap_src->cap_pipe_read_mtx);
-#else
- pcap_src->cap_pipe_read_mtx = g_mutex_new();
-#endif
pcap_src->cap_pipe_pending_q = g_async_queue_new();
pcap_src->cap_pipe_done_q = g_async_queue_new();
#endif
g_array_append_val(ld->pcaps, pcap_src);
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts.name);
- pcap_src->pcap_h = open_capture_device(capture_opts, &interface_opts,
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts->name);
+ pcap_src->pcap_h = open_capture_device(capture_opts, interface_opts,
CAP_READ_TIMEOUT, &open_err_str);
if (pcap_src->pcap_h != NULL) {
#endif
#if defined(HAVE_PCAP_SETSAMPLING)
- if (interface_opts.sampling_method != CAPTURE_SAMP_NONE) {
+ if (interface_opts->sampling_method != CAPTURE_SAMP_NONE) {
struct pcap_samp *samp;
if ((samp = pcap_setsampling(pcap_src->pcap_h)) != NULL) {
- switch (interface_opts.sampling_method) {
+ switch (interface_opts->sampling_method) {
case CAPTURE_SAMP_BY_COUNT:
samp->method = PCAP_SAMP_1_EVERY_N;
break;
sync_msg_str = g_strdup_printf(
"Unknown sampling method %d specified,\n"
"continue without packet sampling",
- interface_opts.sampling_method);
+ interface_opts->sampling_method);
report_capture_error("Couldn't set the capture "
"sampling", sync_msg_str);
g_free(sync_msg_str);
}
- samp->value = interface_opts.sampling_param;
+ samp->value = interface_opts->sampling_param;
} else {
report_capture_error("Couldn't set the capture sampling",
"Cannot get packet sampling data structure");
#endif
/* setting the data link type only works on real interfaces */
- if (!set_pcap_datalink(pcap_src->pcap_h, interface_opts.linktype,
- interface_opts.name,
+ if (!set_pcap_datalink(pcap_src->pcap_h, interface_opts->linktype,
+ interface_opts->name,
errmsg, errmsg_len,
secondary_errmsg, secondary_errmsg_len)) {
return FALSE;
}
- pcap_src->linktype = get_pcap_datalink(pcap_src->pcap_h, interface_opts.name);
+ pcap_src->linktype = get_pcap_datalink(pcap_src->pcap_h, interface_opts->name);
} else {
/* We couldn't open "iface" as a network device. */
/* Try to open it as a pipe */
- cap_pipe_open_live(interface_opts.name, pcap_src, &pcap_src->cap_pipe_hdr, errmsg, (int) errmsg_len);
+ cap_pipe_open_live(interface_opts->name, pcap_src, &pcap_src->cap_pipe_info.pcap.hdr, errmsg, (int) errmsg_len);
#ifndef _WIN32
if (pcap_src->cap_pipe_fd == -1) {
* the interface.
*/
get_capture_device_open_failure_messages(open_err_str,
- interface_opts.name,
+ interface_opts->name,
errmsg,
errmsg_len,
secondary_errmsg,
report_capture_error(sync_msg_str, "");
g_free(sync_msg_str);
}
- capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, i);
- g_array_insert_val(capture_opts->ifaces, i, interface_opts);
}
/* If not using libcap: we now can now set euid/egid to ruid/rgid */
for (i = 0; i < ld->pcaps->len; i++) {
pcap_src = g_array_index(ld->pcaps, capture_src *, i);
- /* if open, close the capture pipe "input file" */
- if (pcap_src->cap_pipe_fd >= 0) {
- g_assert(pcap_src->from_cap_pipe);
- cap_pipe_close(pcap_src->cap_pipe_fd, pcap_src->from_cap_socket);
- pcap_src->cap_pipe_fd = -1;
- }
+ /* Pipe, or capture device? */
+ if (pcap_src->from_cap_pipe) {
+ /* Pipe. If open, close the capture pipe "input file". */
+ if (pcap_src->cap_pipe_fd >= 0) {
+ cap_pipe_close(pcap_src->cap_pipe_fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+ }
#ifdef _WIN32
- if (pcap_src->cap_pipe_h != INVALID_HANDLE_VALUE) {
- CloseHandle(pcap_src->cap_pipe_h);
- pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
- }
+ if (pcap_src->cap_pipe_h != INVALID_HANDLE_VALUE) {
+ CloseHandle(pcap_src->cap_pipe_h);
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+ }
#endif
- /* if open, close the pcap "input file" */
- if (pcap_src->pcap_h != NULL) {
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input: closing %p", (void *)pcap_src->pcap_h);
- pcap_close(pcap_src->pcap_h);
- pcap_src->pcap_h = NULL;
+ if (pcap_src->cap_pipe_databuf != NULL) {
+ /* Free the buffer. */
+ g_free(pcap_src->cap_pipe_databuf);
+ pcap_src->cap_pipe_databuf = NULL;
+ }
+ if (pcap_src->from_pcapng) {
+ g_list_free_full(pcap_src->cap_pipe_info.pcapng.saved_blocks, g_free);
+ pcap_src->cap_pipe_info.pcapng.saved_blocks = NULL;
+ }
+ } else {
+ /* Capture device. If open, close the pcap_t. */
+ if (pcap_src->pcap_h != NULL) {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input: closing %p", (void *)pcap_src->pcap_h);
+ pcap_close(pcap_src->pcap_h);
+ pcap_src->pcap_h = NULL;
+ }
}
}
int err;
guint i;
capture_src *pcap_src;
- interface_options interface_opts;
+ interface_options *interface_opts;
gboolean successful;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_init_output");
}
}
if (ld->pdh) {
+ pcap_src = g_array_index(ld->pcaps, capture_src *, 0);
+ if (pcap_src->from_pcapng) {
+ /* We are just going to rewrite the source SHB and IDB blocks */
+ return TRUE;
+ }
if (capture_opts->use_pcapng) {
char *appname;
GString *cpu_info_str;
-1, /* section_length */
&ld->bytes_written,
&err);
+ g_string_free(cpu_info_str, TRUE);
g_free(appname);
for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
pcap_src = g_array_index(ld->pcaps, capture_src *, i);
if (pcap_src->from_cap_pipe) {
- pcap_src->snaplen = pcap_src->cap_pipe_hdr.snaplen;
+ pcap_src->snaplen = pcap_src->cap_pipe_info.pcap.hdr.snaplen;
} else {
pcap_src->snaplen = pcap_snapshot(pcap_src->pcap_h);
}
successful = pcapng_write_interface_description_block(global_ld.pdh,
- NULL, /* OPT_COMMENT 1 */
- interface_opts.name, /* IDB_NAME 2 */
- interface_opts.descr, /* IDB_DESCRIPTION 3 */
- interface_opts.cfilter, /* IDB_FILTER 11 */
- os_info_str->str, /* IDB_OS 12 */
- pcap_src->linktype,
- pcap_src->snaplen,
- &(global_ld.bytes_written),
- 0, /* IDB_IF_SPEED 8 */
- pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
- &global_ld.err);
+ NULL, /* OPT_COMMENT 1 */
+ interface_opts->name, /* IDB_NAME 2 */
+ interface_opts->descr, /* IDB_DESCRIPTION 3 */
+ interface_opts->cfilter, /* IDB_FILTER 11 */
+ os_info_str->str, /* IDB_OS 12 */
+ pcap_src->linktype,
+ pcap_src->snaplen,
+ &(global_ld.bytes_written),
+ 0, /* IDB_IF_SPEED 8 */
+ pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ &global_ld.err);
}
g_string_free(os_info_str, TRUE);
} else {
pcap_src = g_array_index(ld->pcaps, capture_src *, 0);
if (pcap_src->from_cap_pipe) {
- pcap_src->snaplen = pcap_src->cap_pipe_hdr.snaplen;
+ pcap_src->snaplen = pcap_src->cap_pipe_info.pcap.hdr.snaplen;
} else {
pcap_src->snaplen = pcap_snapshot(pcap_src->pcap_h);
}
successful = libpcap_write_file_header(ld->pdh, pcap_src->linktype, pcap_src->snaplen,
- pcap_src->ts_nsec, &ld->bytes_written, &err);
+ pcap_src->ts_nsec, &ld->bytes_written, &err);
}
if (!successful) {
fclose(ld->pdh);
{
int inpkts;
gint packet_count_before;
- guchar *pcap_data;
#ifndef _WIN32
int sel_ret;
#endif
- pcap_data = (guchar*)g_malloc(WTAP_MAX_PACKET_SIZE);
packet_count_before = ld->packet_count;
if (pcap_src->from_cap_pipe) {
/* dispatch from capture pipe */
* "select()" says we can read from the pipe without blocking
*/
#endif
- inpkts = cap_pipe_dispatch(ld, pcap_src, pcap_data, errmsg, errmsg_len);
+ inpkts = pcap_src->cap_pipe_dispatch(ld, pcap_src, errmsg, errmsg_len);
if (inpkts < 0) {
ld->go = FALSE;
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: %d new packet%s", inpkts, plurality(inpkts, "", "s"));
#endif
- g_free(pcap_data);
return ld->packet_count - packet_count_before;
}
/* set output pipe to binary mode to avoid Windows text-mode processing (eg: for CR/LF) */
_setmode(1, O_BINARY);
#endif
+ } else {
+ /* Try to open the specified FIFO for use as a capture buffer.
+ Do *not* create it if it doesn't exist. There's nothing
+ to truncate. If we need to read it, We Have A Problem. */
+ *save_file_fd = ws_open(capfile_name, O_WRONLY|O_BINARY, 0);
}
} /* if (...output_to_pipe ... */
}
} else {
/* Try to open/create the specified file for use as a capture buffer. */
- *save_file_fd = ws_open(capfile_name, O_RDWR|O_BINARY|O_TRUNC|O_CREAT,
+ *save_file_fd = ws_open(capfile_name, O_WRONLY|O_BINARY|O_TRUNC|O_CREAT,
(capture_opts->group_read_access) ? 0640 : 0600);
}
}
}
} else {
gchar *basename;
- basename = g_path_get_basename(g_array_index(global_capture_opts.ifaces, interface_options, 0).console_display_name);
+ basename = g_path_get_basename((&g_array_index(global_capture_opts.ifaces, interface_options, 0))->console_display_name);
#ifdef _WIN32
/* use the generic portion of the interface guid to form the basis of the filename */
if (strncmp("NPF_{", basename, 5)==0)
do_file_switch_or_stop(capture_options *capture_opts,
condition *cnd_autostop_files,
condition *cnd_autostop_size,
- condition *cnd_file_duration)
+ condition *cnd_file_duration,
+ condition *cnd_file_interval)
{
guint i;
capture_src *pcap_src;
- interface_options interface_opts;
+ interface_options *interface_opts;
gboolean successful;
if (capture_opts->multi_files_on) {
/* File switch succeeded: reset the conditions */
global_ld.bytes_written = 0;
- if (capture_opts->use_pcapng) {
- char *appname;
- GString *cpu_info_str;
- GString *os_info_str;
-
- cpu_info_str = g_string_new("");
- os_info_str = g_string_new("");
- get_cpu_info(cpu_info_str);
- get_os_version_info(os_info_str);
-
- appname = g_strdup_printf("Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
- successful = pcapng_write_session_header_block(global_ld.pdh,
- (const char *)capture_opts->capture_comment, /* Comment */
- cpu_info_str->str, /* HW */
- os_info_str->str, /* OS */
- appname,
- -1, /* section_length */
- &(global_ld.bytes_written),
- &global_ld.err);
- g_free(appname);
-
- for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
- pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
- successful = pcapng_write_interface_description_block(global_ld.pdh,
- NULL, /* OPT_COMMENT 1 */
- interface_opts.name, /* IDB_NAME 2 */
- interface_opts.descr, /* IDB_DESCRIPTION 3 */
- interface_opts.cfilter, /* IDB_FILTER 11 */
- os_info_str->str, /* IDB_OS 12 */
- pcap_src->linktype,
- pcap_src->snaplen,
- &(global_ld.bytes_written),
- 0, /* IDB_IF_SPEED 8 */
- pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
- &global_ld.err);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
+ if (pcap_src->from_pcapng) {
+ /* Write the saved SHB and all IDBs to start of next file */
+ /* The blocks were saved in reverse so reverse it before iterating */
+ GList *rlist = g_list_reverse(pcap_src->cap_pipe_info.pcapng.saved_blocks);
+ GList *list = rlist;
+ successful = TRUE;
+ while (list && successful) {
+ successful = pcapng_write_saved_block(pcap_src, (struct pcapng_block_header_s *) list->data);
+ list = g_list_next(list);
}
+ pcap_src->cap_pipe_info.pcapng.saved_blocks = g_list_reverse(rlist);
+ } else {
+ if (capture_opts->use_pcapng) {
+ char *appname;
+ GString *cpu_info_str;
+ GString *os_info_str;
+
+ cpu_info_str = g_string_new("");
+ os_info_str = g_string_new("");
+ get_cpu_info(cpu_info_str);
+ get_os_version_info(os_info_str);
+
+ appname = g_strdup_printf("Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
+ successful = pcapng_write_session_header_block(global_ld.pdh,
+ (const char *)capture_opts->capture_comment, /* Comment */
+ cpu_info_str->str, /* HW */
+ os_info_str->str, /* OS */
+ appname,
+ -1, /* section_length */
+ &(global_ld.bytes_written),
+ &global_ld.err);
+ g_string_free(cpu_info_str, TRUE);
+ g_free(appname);
+
+ for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
+ successful = pcapng_write_interface_description_block(global_ld.pdh,
+ NULL, /* OPT_COMMENT 1 */
+ interface_opts->name, /* IDB_NAME 2 */
+ interface_opts->descr, /* IDB_DESCRIPTION 3 */
+ interface_opts->cfilter, /* IDB_FILTER 11 */
+ os_info_str->str, /* IDB_OS 12 */
+ pcap_src->linktype,
+ pcap_src->snaplen,
+ &(global_ld.bytes_written),
+ 0, /* IDB_IF_SPEED 8 */
+ pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ &global_ld.err);
+ }
- g_string_free(os_info_str, TRUE);
+ g_string_free(os_info_str, TRUE);
- } else {
- pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
- successful = libpcap_write_file_header(global_ld.pdh, pcap_src->linktype, pcap_src->snaplen,
- pcap_src->ts_nsec, &global_ld.bytes_written, &global_ld.err);
+ } else {
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
+ successful = libpcap_write_file_header(global_ld.pdh, pcap_src->linktype, pcap_src->snaplen,
+ pcap_src->ts_nsec, &global_ld.bytes_written, &global_ld.err);
+ }
}
if (!successful) {
fclose(global_ld.pdh);
cnd_reset(cnd_autostop_size);
if (cnd_file_duration)
cnd_reset(cnd_file_duration);
+ if (cnd_file_interval)
+ cnd_reset(cnd_file_interval);
fflush(global_ld.pdh);
if (!quiet)
report_packet_count(global_ld.inpkts_to_sync_pipe);
int err_close;
int inpkts;
condition *cnd_file_duration = NULL;
+ condition *cnd_file_interval = NULL;
condition *cnd_autostop_files = NULL;
condition *cnd_autostop_size = NULL;
condition *cnd_autostop_duration = NULL;
char errmsg[MSG_MAX_LENGTH+1];
char secondary_errmsg[MSG_MAX_LENGTH+1];
capture_src *pcap_src;
- interface_options interface_opts;
+ interface_options *interface_opts;
guint i, error_index = 0;
*errmsg = '\0';
}
for (i = 0; i < capture_opts->ifaces->len; i++) {
pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
/* init the input filter from the network interface (capture pipe will do nothing) */
/*
* When remote capturing WinPCap crashes when the capture filter
* string.
*/
switch (capture_loop_init_filter(pcap_src->pcap_h, pcap_src->from_cap_pipe,
- interface_opts.name,
- interface_opts.cfilter?interface_opts.cfilter:"")) {
+ interface_opts->name,
+ interface_opts->cfilter?interface_opts->cfilter:"")) {
case INITFILTER_NO_ERROR:
break;
if (capture_opts->has_autostop_files)
cnd_autostop_files =
cnd_new(CND_CLASS_CAPTURESIZE, (guint64)capture_opts->autostop_files);
+
+ if (capture_opts->has_file_interval)
+ cnd_file_interval =
+ cnd_new(CND_CLASS_INTERVAL, capture_opts->file_interval);
}
/* init the time values */
pcap_queue_packets = 0;
for (i = 0; i < global_ld.pcaps->len; i++) {
pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
-#if GLIB_CHECK_VERSION(2,31,0)
/* XXX - Add an interface name here? */
pcap_src->tid = g_thread_new("Capture read", pcap_read_handler, pcap_src);
-#else
- pcap_src->tid = g_thread_create(pcap_read_handler, pcap_src, TRUE, NULL);
-#endif
}
}
while (global_ld.go) {
/* dispatch incoming packets */
if (use_threads) {
pcap_queue_element *queue_element;
-#if GLIB_CHECK_VERSION(2,31,18)
g_async_queue_lock(pcap_queue);
queue_element = (pcap_queue_element *)g_async_queue_timeout_pop_unlocked(pcap_queue, WRITER_THREAD_TIMEOUT);
-#else
- GTimeVal write_thread_time;
-
- g_get_current_time(&write_thread_time);
- g_time_val_add(&write_thread_time, WRITER_THREAD_TIMEOUT);
- g_async_queue_lock(pcap_queue);
- queue_element = (pcap_queue_element *)g_async_queue_timed_pop_unlocked(pcap_queue, &write_thread_time);
-#endif
if (queue_element) {
- pcap_queue_bytes -= queue_element->phdr.caplen;
- pcap_queue_packets -= 1;
+ if (queue_element->pcap_src->from_pcapng) {
+ pcap_queue_bytes -= queue_element->u.bh.block_total_length;
+ pcap_queue_packets -= 1;
+ } else {
+ pcap_queue_bytes -= queue_element->u.phdr.caplen;
+ pcap_queue_packets -= 1;
+ }
}
g_async_queue_unlock(pcap_queue);
if (queue_element) {
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
- "Dequeued a packet of length %d captured on interface %d.",
- queue_element->phdr.caplen, queue_element->pcap_src->interface_id);
+ if (queue_element->pcap_src->from_pcapng) {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Dequeued a block of length %d captured on interface %d.",
+ queue_element->u.bh.block_total_length, queue_element->pcap_src->interface_id);
+
+ capture_loop_write_pcapng_cb(queue_element->pcap_src,
+ &queue_element->u.bh,
+ queue_element->pd);
+ } else {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Dequeued a packet of length %d captured on interface %d.",
+ queue_element->u.phdr.caplen, queue_element->pcap_src->interface_id);
- capture_loop_write_packet_cb((u_char *) queue_element->pcap_src,
- &queue_element->phdr,
- queue_element->pd);
+ capture_loop_write_packet_cb((u_char *) queue_element->pcap_src,
+ &queue_element->u.phdr,
+ queue_element->pd);
+ }
g_free(queue_element->pd);
g_free(queue_element);
inpkts = 1;
if (cnd_autostop_size != NULL &&
cnd_eval(cnd_autostop_size, global_ld.bytes_written)) {
/* Capture size limit reached, do we have another file? */
- if (!do_file_switch_or_stop(capture_opts, cnd_autostop_files,
- cnd_autostop_size, cnd_file_duration))
+ if (!do_file_switch_or_stop(capture_opts,
+ cnd_autostop_files,
+ cnd_autostop_size,
+ cnd_file_duration,
+ cnd_file_interval))
continue;
} /* cnd_autostop_size */
if (capture_opts->output_to_pipe) {
/* check capture file duration condition */
if (cnd_file_duration != NULL && cnd_eval(cnd_file_duration)) {
/* duration limit reached, do we have another file? */
- if (!do_file_switch_or_stop(capture_opts, cnd_autostop_files,
- cnd_autostop_size, cnd_file_duration))
+ if (!do_file_switch_or_stop(capture_opts,
+ cnd_autostop_files,
+ cnd_autostop_size,
+ cnd_file_duration,
+ cnd_file_interval))
continue;
} /* cnd_file_duration */
+
+ /* check capture file interval condition */
+ if (cnd_file_interval != NULL && cnd_eval(cnd_file_interval)) {
+ /* end of interval reached, do we have another file? */
+ if (!do_file_switch_or_stop(capture_opts,
+ cnd_autostop_files,
+ cnd_autostop_size,
+ cnd_file_duration,
+ cnd_file_interval))
+ continue;
+ } /* cnd_file_interval */
}
}
g_async_queue_lock(pcap_queue);
queue_element = (pcap_queue_element *)g_async_queue_try_pop_unlocked(pcap_queue);
if (queue_element) {
- pcap_queue_bytes -= queue_element->phdr.caplen;
+ pcap_queue_bytes -= queue_element->u.phdr.caplen;
pcap_queue_packets -= 1;
}
g_async_queue_unlock(pcap_queue);
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Dequeued a packet of length %d captured on interface %d.",
- queue_element->phdr.caplen, queue_element->pcap_src->interface_id);
+ queue_element->u.phdr.caplen, queue_element->pcap_src->interface_id);
capture_loop_write_packet_cb((u_char *)queue_element->pcap_src,
- &queue_element->phdr,
+ &queue_element->u.phdr,
queue_element->pd);
g_free(queue_element->pd);
g_free(queue_element);
/* delete stop conditions */
if (cnd_file_duration != NULL)
cnd_delete(cnd_file_duration);
+ if (cnd_file_interval != NULL)
+ cnd_delete(cnd_file_interval);
if (cnd_autostop_files != NULL)
cnd_delete(cnd_autostop_files);
if (cnd_autostop_size != NULL)
(At least you will if g_strerror() doesn't show a local translation
of the error.)
- On FreeBSD and OS X, if a network adapter disappears while
- you're capturing on it, you'll get a "read: Device not configured"
- error (ENXIO). (See previous parenthetical note.)
+ On FreeBSD, DragonFly BSD, and macOS, if a network adapter
+ disappears while you're capturing on it, you'll get a
+ "read: Device not configured" error (ENXIO). (See previous
+ parenthetical note.)
On OpenBSD, you get "read: I/O error" (EIO) in the same case.
if (global_ld.err == 0) {
write_ok = TRUE;
} else {
- capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file,
- global_ld.err, FALSE);
- report_capture_error(errmsg, please_report);
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), secondary_errmsg,
+ sizeof(secondary_errmsg),
+ capture_opts->save_file, global_ld.err, FALSE);
+ report_capture_error(errmsg, secondary_errmsg);
write_ok = FALSE;
}
/* If we've displayed a message about a write error, there's no point
in displaying another message about an error on close. */
if (!close_ok && write_ok) {
- capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file, err_close,
- TRUE);
- report_capture_error(errmsg, "");
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), secondary_errmsg,
+ sizeof(secondary_errmsg),
+ capture_opts->save_file, err_close, TRUE);
+ report_capture_error(errmsg, secondary_errmsg);
}
/*
guint32 pcap_dropped = 0;
pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
received = pcap_src->received;
if (pcap_src->pcap_h != NULL) {
g_assert(!pcap_src->from_cap_pipe);
report_capture_error(errmsg, please_report);
}
}
- report_packet_drops(received, pcap_dropped, pcap_src->dropped, pcap_src->flushed, stats->ps_ifdrop, interface_opts.console_display_name);
+ report_packet_drops(received, pcap_dropped, pcap_src->dropped, pcap_src->flushed, stats->ps_ifdrop, interface_opts->console_display_name);
}
/* close the input file (pcap or capture pipe) */
static void
-capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
+capture_loop_get_errmsg(char *errmsg, size_t errmsglen, char *secondary_errmsg,
+ size_t secondary_errmsglen, const char *fname,
int err, gboolean is_close)
{
+ static const char find_space[] =
+ "You will need to free up space on that file system"
+ " or put the capture file on a different file system.";
+
switch (err) {
case ENOSPC:
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"Not all the packets could be written to the file"
" to which the capture was being saved\n"
"(\"%s\") because there is no space left on the file system\n"
"on which that file resides.",
fname);
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen, "%s",
+ find_space);
break;
#ifdef EDQUOT
case EDQUOT:
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"Not all the packets could be written to the file"
" to which the capture was being saved\n"
"(\"%s\") because you are too close to, or over,"
" your disk quota\n"
"on the file system on which that file resides.",
fname);
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen, "%s",
+ find_space);
break;
#endif
default:
if (is_close) {
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"The file to which the capture was being saved\n"
"(\"%s\") could not be closed: %s.",
fname, g_strerror(err));
} else {
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"An error occurred while writing to the file"
" to which the capture was being saved\n"
"(\"%s\"): %s.",
fname, g_strerror(err));
}
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen,
+ "%s", please_report);
break;
}
}
+/* one pcapng block was captured, process it */
+static void
+capture_loop_write_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd)
+{
+ int err;
+
+ if (!global_capture_opts.use_pcapng) {
+ return;
+ }
+ /* We may be called multiple times from pcap_dispatch(); if we've set
+ the "stop capturing" flag, ignore this packet, as we're not
+ supposed to be saving any more packets. */
+ if (!global_ld.go) {
+ pcap_src->flushed++;
+ return;
+ }
+
+ if (global_ld.pdh) {
+ gboolean successful;
+
+ /* We're supposed to write the packet to a file; do so.
+ If this fails, set "ld->go" to FALSE, to stop the capture, and set
+ "ld->err" to the error. */
+ successful = pcapng_write_block(global_ld.pdh,
+ pd,
+ bh->block_total_length,
+ &global_ld.bytes_written, &err);
+
+ fflush(global_ld.pdh);
+ if (!successful) {
+ global_ld.go = FALSE;
+ global_ld.err = err;
+ pcap_src->dropped++;
+ } else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB) {
+ /* count packet only if we actually have an EPB or SPB */
+#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Wrote a packet of length %d captured on interface %u.",
+ phdr->caplen, pcap_src->interface_id);
+#endif
+ global_ld.packet_count++;
+ pcap_src->received++;
+ /* if the user told us to stop after x packets, do we already have enough? */
+ if ((global_ld.packet_max > 0) && (global_ld.packet_count >= global_ld.packet_max)) {
+ global_ld.go = FALSE;
+ }
+ }
+ }
+}
/* one packet was captured, process it */
static void
return;
}
queue_element->pcap_src = pcap_src;
- queue_element->phdr = *phdr;
+ queue_element->u.phdr = *phdr;
queue_element->pd = (u_char *)g_malloc(phdr->caplen);
if (queue_element->pd == NULL) {
pcap_src->dropped++;
pcap_queue_bytes, pcap_queue_packets);
}
+/* one pcapng block was captured, queue it */
+static void
+capture_loop_queue_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd)
+{
+ pcap_queue_element *queue_element;
+ gboolean limit_reached;
+
+ /* We may be called multiple times from pcap_dispatch(); if we've set
+ the "stop capturing" flag, ignore this packet, as we're not
+ supposed to be saving any more packets. */
+ if (!global_ld.go) {
+ pcap_src->flushed++;
+ return;
+ }
+
+ queue_element = (pcap_queue_element *)g_malloc(sizeof(pcap_queue_element));
+ if (queue_element == NULL) {
+ pcap_src->dropped++;
+ return;
+ }
+ queue_element->pcap_src = pcap_src;
+ queue_element->u.bh = *bh;
+ queue_element->pd = (u_char *)g_malloc(bh->block_total_length);
+ if (queue_element->pd == NULL) {
+ pcap_src->dropped++;
+ g_free(queue_element);
+ return;
+ }
+ memcpy(queue_element->pd, pd, bh->block_total_length);
+ g_async_queue_lock(pcap_queue);
+ if (((pcap_queue_byte_limit == 0) || (pcap_queue_bytes < pcap_queue_byte_limit)) &&
+ ((pcap_queue_packet_limit == 0) || (pcap_queue_packets < pcap_queue_packet_limit))) {
+ limit_reached = FALSE;
+ g_async_queue_push_unlocked(pcap_queue, queue_element);
+ pcap_queue_bytes += bh->block_total_length;
+ pcap_queue_packets += 1;
+ } else {
+ limit_reached = TRUE;
+ }
+ g_async_queue_unlock(pcap_queue);
+ if (limit_reached) {
+ pcap_src->dropped++;
+ g_free(queue_element->pd);
+ g_free(queue_element);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Dropped a packet of length %d captured on interface %u.",
+ bh->block_total_length, pcap_src->interface_id);
+ } else {
+ pcap_src->received++;
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Queued a packet of length %d captured on interface %u.",
+ bh->block_total_length, pcap_src->interface_id);
+ }
+ /* I don't want to hold the mutex over the debug output. So the
+ output may be wrong */
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Queue size is now %" G_GINT64_MODIFIER "d bytes (%" G_GINT64_MODIFIER "d packets)",
+ pcap_queue_bytes, pcap_queue_packets);
+}
+
static int
set_80211_channel(const char *iface, const char *opt)
{
struct pcap_stat stats;
GLogLevelFlags log_flags;
gboolean list_interfaces = FALSE;
- gboolean list_link_layer_types = FALSE;
+ int caps_queries = 0;
#ifdef HAVE_BPF_IMAGE
gboolean print_bpf_code = FALSE;
#endif
*/
if (uname(&osinfo) == 0) {
/*
- * Mac OS X 10.x uses Darwin {x+4}.0.0. Mac OS X 10.x.y uses Darwin
+ * {Mac} OS X/macOS 10.x uses Darwin {x+4}.0.0; 10.x.y uses Darwin
* {x+4}.y.0 (except that 10.6.1 appears to have a uname version
* number of 10.0.0, not 10.1.0 - go figure).
*/
/* Initialize the pcaps list */
global_ld.pcaps = g_array_new(FALSE, FALSE, sizeof(capture_src *));
-#if !GLIB_CHECK_VERSION(2,31,0)
- /* Initialize the thread system */
- g_thread_init(NULL);
-#endif
-
#ifdef _WIN32
/* Load wpcap if possible. Do this before collecting the run-time version information */
load_wpcap();
#endif /* SIGINFO */
#endif /* _WIN32 */
-#ifdef __linux__
- enable_kernel_bpf_jit_compiler();
-#endif
-
/* ----------------------------------------------------------------- */
/* Privilege and capability handling */
/* Cases: */
case 'f': /* capture filter */
case 'g': /* enable group read access on file(s) */
case 'i': /* Use interface x */
+ case LONGOPT_SET_TSTAMP_TYPE: /* Set capture timestamp type */
case 'n': /* Use pcapng format */
case 'p': /* Don't capture in promiscuous mode */
case 'P': /* Use pcap format */
}
break;
case 'L': /* Print list of link-layer types and exit */
- if (!list_link_layer_types) {
- list_link_layer_types = TRUE;
+ if (!(caps_queries & CAPS_QUERY_LINK_TYPES)) {
+ caps_queries |= CAPS_QUERY_LINK_TYPES;
run_once_args++;
}
break;
+ case LONGOPT_LIST_TSTAMP_TYPES:
+ caps_queries |= CAPS_QUERY_TIMESTAMP_TYPES;
+ break;
#ifdef HAVE_BPF_IMAGE
case 'd': /* Print BPF code for capture filter and exit */
if (!print_bpf_code) {
if (run_once_args > 1) {
#ifdef HAVE_BPF_IMAGE
- cmdarg_err("Only one of -D, -L, -d, -k, or -S may be supplied.");
+ cmdarg_err("Only one of -D, -L, -d, -k or -S may be supplied.");
#else
- cmdarg_err("Only one of -D, -L, -k, or -S may be supplied.");
+ cmdarg_err("Only one of -D, -L, -k or -S may be supplied.");
#endif
exit_main(1);
} else if (run_once_args == 1) {
cmdarg_err("Ring buffer requested, but capture isn't being saved to a permanent file.");
global_capture_opts.multi_files_on = FALSE;
}
- if (!global_capture_opts.has_autostop_filesize && !global_capture_opts.has_file_duration) {
- cmdarg_err("Ring buffer requested, but no maximum capture file size or duration were specified.");
+ if (!global_capture_opts.has_autostop_filesize &&
+ !global_capture_opts.has_file_duration &&
+ !global_capture_opts.has_file_interval) {
+ cmdarg_err("Ring buffer requested, but no maximum capture file size, duration"
+ "or interval were specified.");
#if 0
/* XXX - this must be redesigned as the conditions changed */
global_capture_opts.multi_files_on = FALSE;
#endif
}
+ if (global_capture_opts.has_file_duration && global_capture_opts.has_file_interval) {
+ cmdarg_err("Ring buffer file duration and interval can't be used at the same time.");
+ exit_main(1);
+ }
}
}
int err;
gchar *err_str;
- if_list = capture_interface_list(&err, &err_str,NULL);
+ if_list = capture_interface_list(&err, &err_str, NULL);
if (if_list == NULL) {
if (err == 0) {
/*
}
if (set_chan) {
- interface_options interface_opts;
+ interface_options *interface_opts;
if (global_capture_opts.ifaces->len != 1) {
cmdarg_err("Need one interface");
exit_main(2);
}
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, 0);
- status = set_80211_channel(interface_opts.name, set_chan_arg);
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, 0);
+ status = set_80211_channel(interface_opts->name, set_chan_arg);
exit_main(status);
}
exit_main(status);
}
- if (list_link_layer_types) {
- /* Get the list of link-layer types for the capture device. */
+ if (caps_queries) {
+ /* Get the list of link-layer and/or timestamp types for the capture device. */
if_capabilities_t *caps;
gchar *err_str;
guint ii;
for (ii = 0; ii < global_capture_opts.ifaces->len; ii++) {
- interface_options interface_opts;
+ int if_caps_queries = caps_queries;
+ interface_options *interface_opts;
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, ii);
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, ii);
- caps = get_if_capabilities(&interface_opts, &err_str);
+ caps = get_if_capabilities(interface_opts, &err_str);
if (caps == NULL) {
cmdarg_err("The capabilities of the capture device \"%s\" could not be obtained (%s).\n"
"Please check to make sure you have sufficient permissions, and that\n"
- "you have the proper interface or pipe specified.", interface_opts.name, err_str);
+ "you have the proper interface or pipe specified.", interface_opts->name, err_str);
g_free(err_str);
exit_main(2);
}
- if (caps->data_link_types == NULL) {
- cmdarg_err("The capture device \"%s\" has no data link types.", interface_opts.name);
+ if ((if_caps_queries & CAPS_QUERY_LINK_TYPES) && caps->data_link_types == NULL) {
+ cmdarg_err("The capture device \"%s\" has no data link types.", interface_opts->name);
exit_main(2);
- }
+ } /* No timestamp types is no big deal. So we will just ignore it */
+
+ if (interface_opts->monitor_mode)
+ if_caps_queries |= CAPS_MONITOR_MODE;
+
if (machine_readable) /* tab-separated values to stdout */
- /* XXX: We need to change the format and adopt consumers */
- print_machine_readable_if_capabilities(caps);
+ /* XXX: We need to change the format and adapt consumers */
+ print_machine_readable_if_capabilities(caps, if_caps_queries);
else
/* XXX: We might want to print also the interface name */
- capture_opts_print_if_capabilities(caps, interface_opts.name,
- interface_opts.monitor_mode);
+ capture_opts_print_if_capabilities(caps, interface_opts->name, if_caps_queries);
free_if_capabilities(caps);
}
exit_main(0);
}
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+ for (j = 0; j < global_capture_opts.ifaces->len; j++) {
+ interface_options *interface_opts;
+
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, j);
+ if (interface_opts->timestamp_type) {
+ interface_opts->timestamp_type_id = pcap_tstamp_type_name_to_val(interface_opts->timestamp_type);
+ if (interface_opts->timestamp_type_id < 0) {
+ cmdarg_err("Invalid argument to option: --time-stamp-type=%s", interface_opts->timestamp_type);
+ exit_main(1);
+ }
+ }
+ }
+#endif
+
/* We're supposed to do a capture, or print the BPF code for a filter. */
/* Let the user know what interfaces were chosen. */
if (capture_child) {
for (j = 0; j < global_capture_opts.ifaces->len; j++) {
- interface_options interface_opts;
+ interface_options *interface_opts;
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, j);
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, j);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Interface: %s\n",
- interface_opts.name);
+ interface_opts->name);
}
} else {
str = g_string_new("");
#endif
{
for (j = 0; j < global_capture_opts.ifaces->len; j++) {
- interface_options interface_opts;
+ interface_options *interface_opts;
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, j);
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, j);
if (j > 0) {
if (global_capture_opts.ifaces->len > 2) {
g_string_append_printf(str, ",");
g_string_append_printf(str, "and ");
}
}
- g_string_append_printf(str, "'%s'", interface_opts.console_display_name);
+ g_string_append_printf(str, "'%s'", interface_opts->console_display_name);
}
} else {
g_string_append_printf(str, "%u interfaces", global_capture_opts.ifaces->len);
static void
report_cfilter_error(capture_options *capture_opts, guint i, const char *errmsg)
{
- interface_options interface_opts;
+ interface_options *interface_opts;
char tmp[MSG_MAX_LENGTH+1+6];
if (i < capture_opts->ifaces->len) {
* clopts_step_invalid_capfilter in test/suite-clopts.sh MUST match
* the error message below.
*/
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
cmdarg_err(
"Invalid capture filter \"%s\" for interface '%s'.\n"
"\n"
"That string isn't a valid capture filter (%s).\n"
"See the User's Guide for a description of the capture filter syntax.",
- interface_opts.cfilter, interface_opts.name, errmsg);
+ interface_opts->cfilter, interface_opts->name, errmsg);
}
}
}