3 * Routines for extcap external capture
4 * Copyright 2013, Mike Ryan <mikeryan@lacklustre.net>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
36 /* Include for unlink */
43 #include <wsutil/file_util.h>
44 #include <wsutil/filesystem.h>
45 #include <wsutil/tempfile.h>
47 #include "capture_opts.h"
52 #include "extcap_parser.h"
55 static HANDLE pipe_h = NULL;
58 /* internal container, for all the extcap interfaces that have been found.
59 * will be resetted by every call to extcap_interface_list() and is being
60 * used in extcap_get_if_* as well as extcaps_init_initerfaces to ensure,
61 * that only extcap interfaces are being given to underlying extcap programs
63 static GHashTable *ifaces = NULL;
65 /* Callback definition for extcap_foreach */
66 typedef gboolean (*extcap_cb_t)(const gchar *extcap, gchar *output, void *data,
69 /* #define ARG_DEBUG */
71 static void extcap_debug_arguments ( extcap_arg *arg_iter );
75 extcap_if_exists(const char *ifname)
81 if ( g_hash_table_size(ifaces) > 0 )
83 if ( g_hash_table_lookup(ifaces, (const gchar *)ifname) != NULL )
94 extcap_if_exists_for_extcap(const char *ifname, const char *extcap)
98 if ( extcap_if_exists(ifname) )
100 if ( ( entry = (gchar *)g_hash_table_lookup(ifaces, (const gchar *)ifname) ) != NULL )
102 if ( strcmp(entry, extcap) == 0 )
111 extcap_if_executable(const char *ifname)
113 if ( extcap_if_exists(ifname) )
114 return (gchar *)g_hash_table_lookup(ifaces, (const gchar *)ifname);
116 return (gchar *)NULL;
120 extcap_if_cleanup(void)
122 if ( ifaces == NULL )
123 ifaces = g_hash_table_new(g_str_hash, g_str_equal);
125 g_hash_table_remove_all(ifaces);
129 extcap_if_add(gchar *ifname, gchar *extcap)
131 if ( g_hash_table_lookup(ifaces, ifname) == NULL )
132 g_hash_table_insert(ifaces, ifname, extcap);
135 static void extcap_foreach(gint argc, gchar **args, extcap_cb_t cb,
136 void *cb_data, char **err_str, const char * ifname _U_) {
137 const char *dirname = get_extcap_dir();
143 gchar **dll_search_envp;
149 argv = (gchar **) g_malloc0(sizeof(gchar *) * (argc + 2));
153 * Make sure executables can find dependent DLLs and that they're *our*
154 * DLLs: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586.aspx
155 * Alternatively we could create a simple wrapper exe similar to Create
156 * Hidden Process (http://www.commandline.co.uk/chp/).
158 dll_search_envp = g_get_environ();
159 progfile_dir = g_strdup_printf("%s;%s", get_progfile_dir(), g_environ_getenv(dll_search_envp, "Path"));
160 dll_search_envp = g_environ_setenv(dll_search_envp, "Path", progfile_dir, TRUE);
161 g_free(progfile_dir);
164 if ((dir = g_dir_open(dirname, 0, NULL)) != NULL) {
166 dirname = g_strescape(dirname,NULL);
168 while (keep_going && (file = g_dir_read_name(dir)) != NULL ) {
169 GString *extcap_string = NULL;
170 gchar *extcap = NULL;
171 gchar *command_output = NULL;
172 gboolean status = FALSE;
174 gint exit_status = 0;
175 GError *error = NULL;
178 /* full path to extcap binary */
179 extcap_string = g_string_new("");
181 g_string_printf(extcap_string, "%s\\\\%s",dirname,file);
182 extcap = g_string_free(extcap_string, FALSE);
183 envp = dll_search_envp;
185 g_string_printf(extcap_string, "%s/%s", dirname, file);
186 extcap = g_string_free(extcap_string, FALSE);
188 if ( extcap_if_exists(ifname) && !extcap_if_exists_for_extcap(ifname, extcap ) )
192 for (i = 0; i < argc; ++i)
196 status = g_spawn_sync(dirname, argv, envp,
197 (GSpawnFlags) 0, NULL, NULL,
198 &command_output, NULL, &exit_status, &error);
200 if (status && exit_status == 0)
201 keep_going = cb(extcap, command_output, cb_data, err_str);
204 g_free(command_output);
211 g_strfreev(dll_search_envp);
216 static gboolean dlt_cb(const gchar *extcap _U_, gchar *output, void *data,
218 extcap_token_sentence *tokens;
219 extcap_dlt *dlts, *dlt_iter, *next;
220 if_capabilities_t *caps;
221 GList *linktype_list = NULL;
222 data_link_info_t *data_link_info;
224 tokens = extcap_tokenize_sentences(output);
225 extcap_parse_dlts(tokens, &dlts);
227 extcap_free_tokenized_sentence_list(tokens);
229 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "Extcap pipe %s ", extcap);
232 * Allocate the interface capabilities structure.
234 caps = (if_capabilities_t *) g_malloc(sizeof *caps);
235 caps->can_set_rfmon = FALSE;
238 while (dlt_iter != NULL ) {
239 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
240 " DLT %d name=\"%s\" display=\"%s\" ", dlt_iter->number,
241 dlt_iter->name, dlt_iter->display);
243 data_link_info = g_new(data_link_info_t, 1);
244 data_link_info->dlt = dlt_iter->number;
245 data_link_info->name = g_strdup(dlt_iter->name);
246 data_link_info->description = g_strdup(dlt_iter->display);
247 linktype_list = g_list_append(linktype_list, data_link_info);
248 dlt_iter = dlt_iter->next_dlt;
251 /* Check to see if we built a list */
252 if (linktype_list != NULL && data != NULL) {
253 caps->data_link_types = linktype_list;
254 *(if_capabilities_t **) data = caps;
257 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, " returned no DLTs");
258 *err_str = g_strdup("Extcap returned no DLTs");
264 while (dlt_iter != NULL ) {
265 next = dlt_iter->next_dlt;
266 extcap_free_dlt(dlt_iter);
274 extcap_get_if_dlts(const gchar *ifname, char **err_str) {
277 if_capabilities_t *caps = NULL;
279 if (ifname != NULL && err_str != NULL)
282 if ( extcap_if_exists(ifname) )
284 argv[0] = g_strdup(EXTCAP_ARGUMENT_LIST_DLTS);
285 argv[1] = g_strdup(EXTCAP_ARGUMENT_INTERFACE);
286 argv[2] = g_strdup(ifname);
290 extcap_foreach(3, argv, dlt_cb, &caps, err_str, ifname);
292 for (i = 0; i < 3; ++i)
299 static gboolean interfaces_cb(const gchar *extcap, gchar *output, void *data,
300 char **err_str _U_) {
301 GList **il = (GList **) data;
302 extcap_token_sentence *tokens;
303 extcap_interface *interfaces, *int_iter; /*, *next; */
306 tokens = extcap_tokenize_sentences(output);
307 extcap_parse_interfaces(tokens, &interfaces);
309 extcap_free_tokenized_sentence_list(tokens);
311 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "Extcap pipe %s ", extcap);
313 int_iter = interfaces;
314 while (int_iter != NULL ) {
315 if ( extcap_if_exists(int_iter->call) )
317 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_WARNING, "Extcap interface \"%s\" is already provided by \"%s\" ",
318 int_iter->call, (gchar *)extcap_if_executable(int_iter->call) );
319 int_iter = int_iter->next_interface;
323 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, " Interface [%s] \"%s\" ",
324 int_iter->call, int_iter->display);
326 if_info = g_new0(if_info_t, 1);
327 if_info->name = g_strdup(int_iter->call);
328 if_info->friendly_name = g_strdup(int_iter->display);
330 if_info->type = IF_EXTCAP;
332 if_info->extcap = g_strdup(extcap);
333 *il = g_list_append(*il, if_info);
335 extcap_if_add(g_strdup(int_iter->call), g_strdup(extcap) );
336 int_iter = int_iter->next_interface;
343 extcap_interface_list(char **err_str) {
353 argv = g_strdup(EXTCAP_ARGUMENT_LIST_INTERFACES);
357 extcap_foreach(1, &argv, interfaces_cb, &ret, err_str, NULL);
364 static void g_free_1(gpointer data, gpointer user_data _U_)
369 static void extcap_free_if_configuration(GList *list)
373 for (elem = g_list_first(list); elem; elem = elem->next)
376 if (elem->data == NULL)
381 arg_list = g_list_first((GList *)elem->data);
382 g_list_foreach(arg_list, g_free_1, NULL);
383 g_list_free(arg_list);
388 static gboolean search_cb(const gchar *extcap _U_, gchar *output, void *data,
389 char **err_str _U_) {
390 extcap_token_sentence *tokens = NULL;
391 GList *arguments = NULL;
392 GList **il = (GList **) data;
394 tokens = extcap_tokenize_sentences(output);
395 arguments = extcap_parse_args(tokens);
397 extcap_free_tokenized_sentence_list(tokens);
400 extcap_debug_arguments ( arguments );
403 *il = g_list_append(*il, arguments);
405 /* By returning false, extcap_foreach will break on first found */
410 extcap_get_if_configuration(const char * ifname) {
413 gchar **err_str = NULL;
415 if ( extcap_if_exists(ifname) )
417 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "Extcap path %s",
420 argv[0] = g_strdup(EXTCAP_ARGUMENT_CONFIG);
421 argv[1] = g_strdup(EXTCAP_ARGUMENT_INTERFACE);
422 argv[2] = g_strdup(ifname);
425 extcap_foreach(4, argv, search_cb, &ret, err_str, ifname);
432 extcap_has_configuration(const char * ifname) {
433 GList * arguments = 0;
434 GList * walker = 0, * item = 0;
436 gboolean found = FALSE;
438 arguments = extcap_get_if_configuration((const char *)( ifname ) );
439 walker = g_list_first(arguments);
441 while ( walker != NULL && ! found )
443 item = g_list_first((GList *)(walker->data));
444 while ( item != NULL && ! found )
446 if ( (extcap_arg *)(item->data) != NULL )
451 walker = walker->next;
457 void extcap_cleanup(capture_options * capture_opts) {
458 interface_options interface_opts;
461 for (icnt = 0; icnt < capture_opts->ifaces->len; icnt++) {
462 interface_opts = g_array_index(capture_opts->ifaces, interface_options,
465 /* skip native interfaces */
466 if (interface_opts.if_type != IF_EXTCAP)
469 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
470 "Extcap [%s] - Cleaning up fifo: %s; PID: %d", interface_opts.name,
471 interface_opts.extcap_fifo, interface_opts.extcap_pid);
475 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
476 "Extcap [%s] - Closing pipe", interface_opts.name);
477 FlushFileBuffers(pipe_h);
478 DisconnectNamedPipe(pipe_h);
482 if (interface_opts.extcap_fifo != NULL && file_exists(interface_opts.extcap_fifo))
484 /* the fifo will not be freed here, but with the other capture_opts in capture_sync */
485 ws_unlink(interface_opts.extcap_fifo);
486 interface_opts.extcap_fifo = NULL;
489 /* Maybe the client closed and removed fifo, but ws should check if
490 * pid should be closed */
491 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
492 "Extcap [%s] - Closing spawned PID: %d", interface_opts.name,
493 interface_opts.extcap_pid);
495 if (interface_opts.extcap_child_watch > 0)
497 g_source_remove(interface_opts.extcap_child_watch);
498 interface_opts.extcap_child_watch = 0;
501 if (interface_opts.extcap_pid != INVALID_EXTCAP_PID)
504 TerminateProcess(interface_opts.extcap_pid, 0);
506 g_spawn_close_pid(interface_opts.extcap_pid);
507 interface_opts.extcap_pid = INVALID_EXTCAP_PID;
510 /* Make sure modified interface_opts is saved in capture_opts. */
511 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, icnt);
512 g_array_insert_val(capture_opts->ifaces, icnt, interface_opts);
517 extcap_arg_cb(gpointer key, gpointer value, gpointer data) {
518 GPtrArray *args = (GPtrArray *)data;
522 g_ptr_array_add(args, g_strdup((const gchar*)key));
525 g_ptr_array_add(args, g_strdup((const gchar*)value));
529 static void extcap_child_watch_cb(GPid pid, gint status _U_, gpointer user_data)
532 interface_options interface_opts;
533 capture_options *capture_opts = (capture_options *)user_data;
535 /* Close handle to child process. */
536 g_spawn_close_pid(pid);
538 /* Update extcap_pid in interface options structure. */
539 for (i = 0; i < capture_opts->ifaces->len; i++)
541 interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
542 if (interface_opts.extcap_pid == pid)
544 interface_opts.extcap_pid = INVALID_EXTCAP_PID;
545 interface_opts.extcap_child_watch = 0;
546 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, i);
547 g_array_insert_val(capture_opts->ifaces, i, interface_opts);
553 /* call mkfifo for each extcap,
554 * returns FALSE if there's an error creating a FIFO */
556 extcaps_init_initerfaces(capture_options *capture_opts)
559 interface_options interface_opts;
561 for (i = 0; i < capture_opts->ifaces->len; i++)
563 GPtrArray *args = NULL;
564 GPid pid = INVALID_EXTCAP_PID;
568 interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
570 /* skip native interfaces */
571 if (interface_opts.if_type != IF_EXTCAP )
574 /* create pipe for fifo */
575 if ( ! extcap_create_pipe ( &interface_opts.extcap_fifo ) )
578 /* Create extcap call */
579 args = g_ptr_array_new();
580 #define add_arg(X) g_ptr_array_add(args, g_strdup(X))
582 add_arg(interface_opts.extcap);
583 add_arg(EXTCAP_ARGUMENT_RUN_CAPTURE);
584 add_arg(EXTCAP_ARGUMENT_INTERFACE);
585 add_arg(interface_opts.name);
586 add_arg(EXTCAP_ARGUMENT_RUN_PIPE);
587 add_arg(interface_opts.extcap_fifo);
588 if (interface_opts.extcap_args == NULL)
590 /* User did not perform interface configuration.
592 * Check if there are any boolean flags that are set by default
593 * and hence their argument should be added.
598 arglist = extcap_get_if_configuration(interface_opts.name);
599 for (elem = g_list_first(arglist); elem; elem = elem->next)
602 extcap_arg *arg_iter;
604 if (elem->data == NULL)
609 arg_list = g_list_first((GList *)elem->data);
610 while (arg_list != NULL)
612 /* In case of boolflags only first element in arg_list is relevant. */
613 arg_iter = (extcap_arg*) (arg_list->data);
615 if (arg_iter->arg_type == EXTCAP_ARG_BOOLFLAG)
617 if (arg_iter->default_complex != NULL
618 && extcap_complex_get_bool(arg_iter->default_complex))
620 add_arg(arg_iter->call);
624 arg_list = arg_list->next;
628 extcap_free_if_configuration(arglist);
632 g_hash_table_foreach(interface_opts.extcap_args, extcap_arg_cb, args);
637 /* Dump commandline parameters sent to extcap. */
638 for (tmp = (gchar **)args->pdata, tmp_i = 0; *tmp && **tmp; ++tmp_i, ++tmp)
640 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "argv[%d]: %s", tmp_i, *tmp);
643 /* Wireshark for windows crashes here sometimes *
644 * Access violation reading location 0x... */
645 g_spawn_async(NULL, (gchar **)args->pdata, NULL,
646 (GSpawnFlags) G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL,
649 g_ptr_array_foreach(args, (GFunc)g_free, NULL);
650 g_ptr_array_free(args, TRUE);
651 interface_opts.extcap_pid = pid;
652 interface_opts.extcap_child_watch =
653 g_child_watch_add(pid, extcap_child_watch_cb, (gpointer)capture_opts);
654 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, i);
655 g_array_insert_val(capture_opts->ifaces, i, interface_opts);
658 /* On Windows, wait for extcap to connect to named pipe.
659 * Some extcaps will present UAC screen to user.
660 * 30 second timeout should be reasonable timeout for extcap to
661 * connect to named pipe (including user interaction).
662 * Wait on multiple object in case of extcap termination
663 * without opening pipe.
665 * Minimum supported version of Windows: XP / Server 2003.
667 if (pid != INVALID_EXTCAP_PID)
673 ov.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
675 ConnectNamedPipe(pipe_h, &ov);
676 handles[0] = ov.hEvent;
679 if (GetLastError() == ERROR_PIPE_CONNECTED)
681 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "extcap connected to pipe");
685 dw = WaitForMultipleObjects(2, handles, FALSE, 30000);
686 if (dw == WAIT_OBJECT_0)
688 /* ConnectNamedPipe finished. */
691 code = GetLastError();
692 if (code == ERROR_IO_PENDING)
695 if (!GetOverlappedResult(ov.hEvent, &ov, &dummy, TRUE))
697 code = GetLastError();
701 code = ERROR_SUCCESS;
705 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "ConnectNamedPipe code: %d", code);
707 else if (dw == (WAIT_OBJECT_0 + 1))
709 /* extcap process terminated. */
710 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "extcap terminated without connecting to pipe!");
712 else if (dw == WAIT_TIMEOUT)
714 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "extcap didn't connect to pipe within 30 seconds!");
718 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "WaitForMultipleObjects returned 0x%08X. Error %d", dw, GetLastError());
722 CloseHandle(ov.hEvent);
731 /* called by capture_sync to get the CreatNamedPipe handle*/
733 extcap_get_win32_handle()
739 gboolean extcap_create_pipe(char ** fifo)
742 gchar timestr[ 14+1 ];
745 gchar *pipename = NULL;
747 SECURITY_ATTRIBUTES security;
748 /* create pipename */
749 current_time = time(NULL);
750 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(¤t_time));
751 pipename = g_strconcat ( "\\\\.\\pipe\\", EXTCAP_PIPE_PREFIX, "_", timestr, NULL );
753 /* Security struct to enable Inheritable HANDLE */
754 memset(&security, 0, sizeof(SECURITY_ATTRIBUTES));
755 security.nLength = sizeof(SECURITY_ATTRIBUTES);
756 security.bInheritHandle = TRUE;
757 security.lpSecurityDescriptor = NULL;
759 /* create a namedPipe*/
760 pipe_h = CreateNamedPipe(
762 PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
763 PIPE_TYPE_MESSAGE| PIPE_READMODE_MESSAGE | PIPE_WAIT,
768 if (pipe_h == INVALID_HANDLE_VALUE)
770 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,"\nError creating pipe => (%d)", GetLastError());
775 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,"\nWireshark Created pipe =>(%s)",pipename);
776 *fifo = g_strdup(pipename);
779 gchar *temp_name = NULL;
782 if ((fd = create_tempfile(&temp_name, EXTCAP_PIPE_PREFIX)) < 0 )
787 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
788 "Extcap - Creating fifo: %s", temp_name);
790 if ( file_exists(temp_name) )
791 ws_unlink(temp_name);
793 if (mkfifo(temp_name, 0600) == 0)
794 *fifo = g_strdup(temp_name);
801 void extcap_debug_arguments ( extcap_arg *arg_iter )
803 extcap_value *v = NULL;
804 GList *walker = NULL;
806 printf("debug - parser dump\n");
807 while (arg_iter != NULL) {
808 printf("ARG %d call=%s display=\"%s\" type=", arg_iter->arg_num, arg_iter->call, arg_iter->display);
810 switch (arg_iter->arg_type) {
811 case EXTCAP_ARG_INTEGER:
814 case EXTCAP_ARG_UNSIGNED:
815 printf("unsigned\n");
817 case EXTCAP_ARG_LONG:
820 case EXTCAP_ARG_DOUBLE:
823 case EXTCAP_ARG_BOOLEAN:
826 case EXTCAP_ARG_MENU:
829 case EXTCAP_ARG_RADIO:
832 case EXTCAP_ARG_SELECTOR:
835 case EXTCAP_ARG_STRING:
836 printf ( "string\n" );
838 case EXTCAP_ARG_MULTICHECK:
839 printf ( "unknown\n" );
841 case EXTCAP_ARG_UNKNOWN:
842 printf ( "unknown\n" );
846 if (arg_iter->range_start != NULL && arg_iter->range_end != NULL) {
848 extcap_printf_complex(arg_iter->range_start);
850 extcap_printf_complex(arg_iter->range_end);
854 for ( walker = g_list_first ( arg_iter->value_list ); walker; walker = walker->next )
856 v = (extcap_value *)walker->data;
857 if (v->is_default == TRUE)
859 printf("\tcall=\"%p\" display=\"%p\"\n", v->call, v->display);
860 printf("\tcall=\"%s\" display=\"%s\"\n", v->call, v->display);
863 arg_iter = arg_iter->next_arg;
870 * Editor modelines - http://www.wireshark.org/tools/modelines.html
875 * indent-tabs-mode: nil
878 * vi: set shiftwidth=4 tabstop=8 expandtab:
879 * :indentSize=4:tabSize=8:noTabs=true: