3 * Routines for extcap external capture
4 * Copyright 2013, Mike Ryan <mikeryan@lacklustre.net>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
36 /* Include for unlink */
43 #include <wsutil/file_util.h>
44 #include <wsutil/filesystem.h>
45 #include <wsutil/tempfile.h>
47 #include "capture_opts.h"
52 #include "extcap_parser.h"
55 static HANDLE pipe_h = NULL;
58 /* internal container, for all the extcap interfaces that have been found.
59 * will be resetted by every call to extcap_interface_list() and is being
60 * used in extcap_get_if_* as well as extcap_init_interfaces to ensure,
61 * that only extcap interfaces are being given to underlying extcap programs
63 static GHashTable *ifaces = NULL;
65 /* Callback definition for extcap_foreach */
66 typedef gboolean (*extcap_cb_t)(const gchar *extcap, gchar *output, void *data,
69 /* #define ARG_DEBUG */
71 static void extcap_debug_arguments ( extcap_arg *arg_iter );
75 extcap_if_exists(const char *ifname)
81 if ( g_hash_table_size(ifaces) > 0 )
83 if ( g_hash_table_lookup(ifaces, (const gchar *)ifname) != NULL )
94 extcap_if_exists_for_extcap(const char *ifname, const char *extcap)
98 if ( extcap_if_exists(ifname) )
100 if ( ( entry = (gchar *)g_hash_table_lookup(ifaces, (const gchar *)ifname) ) != NULL )
102 if ( strcmp(entry, extcap) == 0 )
111 extcap_if_executable(const char *ifname)
113 if ( extcap_if_exists(ifname) )
114 return (gchar *)g_hash_table_lookup(ifaces, (const gchar *)ifname);
116 return (gchar *)NULL;
120 extcap_if_reset(void)
123 ifaces = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
125 g_hash_table_remove_all(ifaces);
129 extcap_if_add(gchar *ifname, gchar *extcap)
131 if ( g_hash_table_lookup(ifaces, ifname) == NULL )
132 g_hash_table_insert(ifaces, ifname, extcap);
139 /* Note: args does not need to be NULL-terminated. */
140 static void extcap_foreach(gint argc, gchar **args, extcap_cb_t cb,
141 void *cb_data, char **err_str, const char * ifname _U_) {
142 const char *dirname = get_extcap_dir();
149 gchar **dll_search_envp;
155 argv = (gchar **) g_malloc0(sizeof(gchar *) * (argc + 2));
159 * Make sure executables can find dependent DLLs and that they're *our*
160 * DLLs: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586.aspx
161 * Alternatively we could create a simple wrapper exe similar to Create
162 * Hidden Process (http://www.commandline.co.uk/chp/).
164 dll_search_envp = g_get_environ();
165 progfile_dir = g_strdup_printf("%s;%s", get_progfile_dir(), g_environ_getenv(dll_search_envp, "Path"));
166 dll_search_envp = g_environ_setenv(dll_search_envp, "Path", progfile_dir, TRUE);
167 g_free(progfile_dir);
170 if ((dir = g_dir_open(dirname, 0, NULL)) != NULL) {
171 GString *extcap_path = NULL;
173 extcap_path = g_string_new("");
174 while (keep_going && (file = g_dir_read_name(dir)) != NULL ) {
175 gchar *command_output = NULL;
176 gboolean status = FALSE;
177 gint exit_status = 0;
178 GError *error = NULL;
181 /* full path to extcap binary */
183 g_string_printf(extcap_path, "%s\\%s", dirname, file);
184 envp = dll_search_envp;
186 g_string_printf(extcap_path, "%s/%s", dirname, file);
188 if ( extcap_if_exists(ifname) && !extcap_if_exists_for_extcap(ifname, extcap_path->str ) )
192 argv[0] = g_strescape(extcap_path->str, NULL);
194 argv[0] = g_strdup(extcap_path->str);
196 for (i = 0; i < argc; ++i)
200 status = g_spawn_sync(dirname, argv, envp,
201 (GSpawnFlags) 0, NULL, NULL,
202 &command_output, NULL, &exit_status, &error);
204 if (status && exit_status == 0)
205 keep_going = cb(extcap_path->str, command_output, cb_data, err_str);
208 g_free(command_output);
212 g_string_free(extcap_path, TRUE);
216 g_strfreev(dll_search_envp);
221 static gboolean dlt_cb(const gchar *extcap _U_, gchar *output, void *data,
223 extcap_token_sentence *tokens;
224 extcap_dlt *dlts, *dlt_iter, *next;
225 if_capabilities_t *caps;
226 GList *linktype_list = NULL;
227 data_link_info_t *data_link_info;
229 tokens = extcap_tokenize_sentences(output);
230 extcap_parse_dlts(tokens, &dlts);
232 extcap_free_tokenized_sentence_list(tokens);
234 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "Extcap pipe %s ", extcap);
237 * Allocate the interface capabilities structure.
239 caps = (if_capabilities_t *) g_malloc(sizeof *caps);
240 caps->can_set_rfmon = FALSE;
243 while (dlt_iter != NULL ) {
244 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
245 " DLT %d name=\"%s\" display=\"%s\" ", dlt_iter->number,
246 dlt_iter->name, dlt_iter->display);
248 data_link_info = g_new(data_link_info_t, 1);
249 data_link_info->dlt = dlt_iter->number;
250 data_link_info->name = g_strdup(dlt_iter->name);
251 data_link_info->description = g_strdup(dlt_iter->display);
252 linktype_list = g_list_append(linktype_list, data_link_info);
253 dlt_iter = dlt_iter->next_dlt;
256 /* Check to see if we built a list */
257 if (linktype_list != NULL && data != NULL) {
258 caps->data_link_types = linktype_list;
259 *(if_capabilities_t **) data = caps;
262 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, " returned no DLTs");
263 *err_str = g_strdup("Extcap returned no DLTs");
269 while (dlt_iter != NULL ) {
270 next = dlt_iter->next_dlt;
271 extcap_free_dlt(dlt_iter);
279 extcap_get_if_dlts(const gchar *ifname, char **err_str) {
282 if_capabilities_t *caps = NULL;
284 if (ifname != NULL && err_str != NULL)
287 if ( extcap_if_exists(ifname) )
289 argv[0] = g_strdup(EXTCAP_ARGUMENT_LIST_DLTS);
290 argv[1] = g_strdup(EXTCAP_ARGUMENT_INTERFACE);
291 argv[2] = g_strdup(ifname);
295 extcap_foreach(3, argv, dlt_cb, &caps, err_str, ifname);
297 for (i = 0; i < 3; ++i)
304 static gboolean interfaces_cb(const gchar *extcap, gchar *output, void *data,
305 char **err_str _U_) {
306 GList **il = (GList **) data;
307 extcap_token_sentence *tokens;
308 extcap_interface *interfaces, *int_iter; /*, *next; */
311 tokens = extcap_tokenize_sentences(output);
312 extcap_parse_interfaces(tokens, &interfaces);
314 extcap_free_tokenized_sentence_list(tokens);
316 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "Extcap pipe %s ", extcap);
318 int_iter = interfaces;
319 while (int_iter != NULL ) {
320 if ( extcap_if_exists(int_iter->call) )
322 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_WARNING, "Extcap interface \"%s\" is already provided by \"%s\" ",
323 int_iter->call, (gchar *)extcap_if_executable(int_iter->call) );
324 int_iter = int_iter->next_interface;
328 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, " Interface [%s] \"%s\" ",
329 int_iter->call, int_iter->display);
331 if_info = g_new0(if_info_t, 1);
332 if_info->name = g_strdup(int_iter->call);
333 if_info->friendly_name = g_strdup(int_iter->display);
335 if_info->type = IF_EXTCAP;
337 if_info->extcap = g_strdup(extcap);
338 *il = g_list_append(*il, if_info);
340 extcap_if_add(g_strdup(int_iter->call), g_strdup(extcap) );
341 int_iter = int_iter->next_interface;
343 extcap_free_interface(interfaces);
349 if_info_compare(gconstpointer a, gconstpointer b)
352 if_info_t * if_a = (if_info_t *)a;
353 if_info_t * if_b = (if_info_t *)b;
355 if ( (comp = g_strcmp0(if_a->name, if_b->name)) == 0 )
356 return g_strcmp0(if_a->friendly_name, if_b->friendly_name);
362 extcap_interface_list(char **err_str) {
370 /* ifaces is used as cache, do not destroy its contents when
371 * returning or no extcap interfaces can be queried for options */
374 argv = g_strdup(EXTCAP_ARGUMENT_LIST_INTERFACES);
378 extcap_foreach(1, &argv, interfaces_cb, &ret, err_str, NULL);
382 return g_list_sort ( ret, if_info_compare );
385 static void extcap_free_if_configuration(GList *list)
389 for (elem = g_list_first(list); elem; elem = elem->next)
391 if (elem->data != NULL)
392 g_list_free_full(g_list_first((GList *)elem->data), g_free);
397 static gboolean search_cb(const gchar *extcap _U_, gchar *output, void *data,
398 char **err_str _U_) {
399 extcap_token_sentence *tokens = NULL;
400 GList *arguments = NULL;
401 GList **il = (GList **) data;
403 tokens = extcap_tokenize_sentences(output);
404 arguments = extcap_parse_args(tokens);
406 extcap_free_tokenized_sentence_list(tokens);
409 extcap_debug_arguments ( arguments );
412 *il = g_list_append(*il, arguments);
414 /* By returning false, extcap_foreach will break on first found */
419 extcap_get_if_configuration(const char * ifname) {
422 gchar **err_str = NULL;
425 if ( extcap_if_exists(ifname) )
427 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "Extcap path %s",
430 argv[0] = g_strdup(EXTCAP_ARGUMENT_CONFIG);
431 argv[1] = g_strdup(EXTCAP_ARGUMENT_INTERFACE);
432 argv[2] = g_strdup(ifname);
434 extcap_foreach(3, argv, search_cb, &ret, err_str, ifname);
436 for (i = 0; i < 3; i++)
444 extcap_has_configuration(const char * ifname, gboolean is_required) {
445 GList * arguments = 0;
446 GList * walker = 0, * item = 0;
448 gboolean found = FALSE;
450 arguments = extcap_get_if_configuration((const char *)( ifname ) );
451 walker = g_list_first(arguments);
453 while ( walker != NULL && ! found )
455 item = g_list_first((GList *)(walker->data));
456 while ( item != NULL && ! found )
458 if ( (extcap_arg *)(item->data) != NULL )
460 /* Should required options be present, or any kind of options */
461 if ( ! is_required || ((extcap_arg *)(item->data))->is_required )
467 walker = walker->next;
473 void extcap_cleanup(capture_options * capture_opts) {
474 interface_options interface_opts;
477 for (icnt = 0; icnt < capture_opts->ifaces->len; icnt++) {
478 interface_opts = g_array_index(capture_opts->ifaces, interface_options,
481 /* skip native interfaces */
482 if (interface_opts.if_type != IF_EXTCAP)
485 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
486 "Extcap [%s] - Cleaning up fifo: %s; PID: %d", interface_opts.name,
487 interface_opts.extcap_fifo, interface_opts.extcap_pid);
491 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
492 "Extcap [%s] - Closing pipe", interface_opts.name);
493 FlushFileBuffers(pipe_h);
494 DisconnectNamedPipe(pipe_h);
498 if (interface_opts.extcap_fifo != NULL && file_exists(interface_opts.extcap_fifo))
500 /* the fifo will not be freed here, but with the other capture_opts in capture_sync */
501 ws_unlink(interface_opts.extcap_fifo);
502 interface_opts.extcap_fifo = NULL;
505 /* Maybe the client closed and removed fifo, but ws should check if
506 * pid should be closed */
507 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
508 "Extcap [%s] - Closing spawned PID: %d", interface_opts.name,
509 interface_opts.extcap_pid);
511 if (interface_opts.extcap_child_watch > 0)
513 g_source_remove(interface_opts.extcap_child_watch);
514 interface_opts.extcap_child_watch = 0;
517 if (interface_opts.extcap_pid != INVALID_EXTCAP_PID)
520 TerminateProcess(interface_opts.extcap_pid, 0);
522 g_spawn_close_pid(interface_opts.extcap_pid);
523 interface_opts.extcap_pid = INVALID_EXTCAP_PID;
526 /* Make sure modified interface_opts is saved in capture_opts. */
527 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, icnt);
528 g_array_insert_val(capture_opts->ifaces, icnt, interface_opts);
533 extcap_arg_cb(gpointer key, gpointer value, gpointer data) {
534 GPtrArray *args = (GPtrArray *)data;
538 g_ptr_array_add(args, g_strdup((const gchar*)key));
541 g_ptr_array_add(args, g_strdup((const gchar*)value));
545 static void extcap_child_watch_cb(GPid pid, gint status _U_, gpointer user_data)
548 interface_options interface_opts;
549 capture_options *capture_opts = (capture_options *)user_data;
551 /* Close handle to child process. */
552 g_spawn_close_pid(pid);
554 /* Update extcap_pid in interface options structure. */
555 for (i = 0; i < capture_opts->ifaces->len; i++)
557 interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
558 if (interface_opts.extcap_pid == pid)
560 interface_opts.extcap_pid = INVALID_EXTCAP_PID;
561 interface_opts.extcap_child_watch = 0;
562 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, i);
563 g_array_insert_val(capture_opts->ifaces, i, interface_opts);
569 /* call mkfifo for each extcap,
570 * returns FALSE if there's an error creating a FIFO */
572 extcap_init_interfaces(capture_options *capture_opts)
575 interface_options interface_opts;
577 for (i = 0; i < capture_opts->ifaces->len; i++)
579 GPtrArray *args = NULL;
580 GPid pid = INVALID_EXTCAP_PID;
584 interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
586 /* skip native interfaces */
587 if (interface_opts.if_type != IF_EXTCAP )
590 /* create pipe for fifo */
591 if ( ! extcap_create_pipe ( &interface_opts.extcap_fifo ) )
594 /* Create extcap call */
595 args = g_ptr_array_new();
596 #define add_arg(X) g_ptr_array_add(args, g_strdup(X))
598 add_arg(interface_opts.extcap);
599 add_arg(EXTCAP_ARGUMENT_RUN_CAPTURE);
600 add_arg(EXTCAP_ARGUMENT_INTERFACE);
601 add_arg(interface_opts.name);
602 if (interface_opts.cfilter && strlen(interface_opts.cfilter) > 0) {
603 add_arg(EXTCAP_ARGUMENT_CAPTURE_FILTER);
604 add_arg(interface_opts.cfilter);
606 add_arg(EXTCAP_ARGUMENT_RUN_PIPE);
607 add_arg(interface_opts.extcap_fifo);
608 if (interface_opts.extcap_args == NULL)
610 /* User did not perform interface configuration.
612 * Check if there are any boolean flags that are set by default
613 * and hence their argument should be added.
618 arglist = extcap_get_if_configuration(interface_opts.name);
619 for (elem = g_list_first(arglist); elem; elem = elem->next)
622 extcap_arg *arg_iter;
624 if (elem->data == NULL)
629 arg_list = g_list_first((GList *)elem->data);
630 while (arg_list != NULL)
632 /* In case of boolflags only first element in arg_list is relevant. */
633 arg_iter = (extcap_arg*) (arg_list->data);
635 if (arg_iter->arg_type == EXTCAP_ARG_BOOLFLAG)
637 if (arg_iter->default_complex != NULL
638 && extcap_complex_get_bool(arg_iter->default_complex))
640 add_arg(arg_iter->call);
644 arg_list = arg_list->next;
648 extcap_free_if_configuration(arglist);
652 g_hash_table_foreach(interface_opts.extcap_args, extcap_arg_cb, args);
657 /* Dump commandline parameters sent to extcap. */
658 for (tmp = (gchar **)args->pdata, tmp_i = 0; *tmp && **tmp; ++tmp_i, ++tmp)
660 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "argv[%d]: %s", tmp_i, *tmp);
663 /* Wireshark for windows crashes here sometimes *
664 * Access violation reading location 0x... */
665 g_spawn_async(NULL, (gchar **)args->pdata, NULL,
666 (GSpawnFlags) G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL,
669 g_ptr_array_foreach(args, (GFunc)g_free, NULL);
670 g_ptr_array_free(args, TRUE);
671 interface_opts.extcap_pid = pid;
672 interface_opts.extcap_child_watch =
673 g_child_watch_add(pid, extcap_child_watch_cb, (gpointer)capture_opts);
674 capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, i);
675 g_array_insert_val(capture_opts->ifaces, i, interface_opts);
678 /* On Windows, wait for extcap to connect to named pipe.
679 * Some extcaps will present UAC screen to user.
680 * 30 second timeout should be reasonable timeout for extcap to
681 * connect to named pipe (including user interaction).
682 * Wait on multiple object in case of extcap termination
683 * without opening pipe.
685 * Minimum supported version of Windows: XP / Server 2003.
687 if (pid != INVALID_EXTCAP_PID)
693 ov.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
695 ConnectNamedPipe(pipe_h, &ov);
696 handles[0] = ov.hEvent;
699 if (GetLastError() == ERROR_PIPE_CONNECTED)
701 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "extcap connected to pipe");
705 dw = WaitForMultipleObjects(2, handles, FALSE, 30000);
706 if (dw == WAIT_OBJECT_0)
708 /* ConnectNamedPipe finished. */
711 code = GetLastError();
712 if (code == ERROR_IO_PENDING)
715 if (!GetOverlappedResult(ov.hEvent, &ov, &dummy, TRUE))
717 code = GetLastError();
721 code = ERROR_SUCCESS;
725 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "ConnectNamedPipe code: %d", code);
727 else if (dw == (WAIT_OBJECT_0 + 1))
729 /* extcap process terminated. */
730 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "extcap terminated without connecting to pipe!");
732 else if (dw == WAIT_TIMEOUT)
734 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "extcap didn't connect to pipe within 30 seconds!");
738 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "WaitForMultipleObjects returned 0x%08X. Error %d", dw, GetLastError());
742 CloseHandle(ov.hEvent);
751 /* called by capture_sync to get the CreatNamedPipe handle*/
753 extcap_get_win32_handle()
759 gboolean extcap_create_pipe(char ** fifo)
762 gchar timestr[ 14+1 ];
765 gchar *pipename = NULL;
767 SECURITY_ATTRIBUTES security;
768 /* create pipename */
769 current_time = time(NULL);
770 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(¤t_time));
771 pipename = g_strconcat ( "\\\\.\\pipe\\", EXTCAP_PIPE_PREFIX, "_", timestr, NULL );
773 /* Security struct to enable Inheritable HANDLE */
774 memset(&security, 0, sizeof(SECURITY_ATTRIBUTES));
775 security.nLength = sizeof(SECURITY_ATTRIBUTES);
776 security.bInheritHandle = TRUE;
777 security.lpSecurityDescriptor = NULL;
779 /* create a namedPipe*/
780 pipe_h = CreateNamedPipe(
782 PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
783 PIPE_TYPE_MESSAGE| PIPE_READMODE_MESSAGE | PIPE_WAIT,
788 if (pipe_h == INVALID_HANDLE_VALUE)
790 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,"\nError creating pipe => (%d)", GetLastError());
795 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,"\nWireshark Created pipe =>(%s)",pipename);
796 *fifo = g_strdup(pipename);
799 gchar *temp_name = NULL;
802 if ((fd = create_tempfile(&temp_name, EXTCAP_PIPE_PREFIX)) < 0 )
807 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
808 "Extcap - Creating fifo: %s", temp_name);
810 if ( file_exists(temp_name) )
811 ws_unlink(temp_name);
813 if (mkfifo(temp_name, 0600) == 0)
814 *fifo = g_strdup(temp_name);
821 void extcap_debug_arguments ( extcap_arg *arg_iter )
823 extcap_value *v = NULL;
824 GList *walker = NULL;
826 printf("debug - parser dump\n");
827 while (arg_iter != NULL) {
828 printf("ARG %d call=%s display=\"%s\" type=", arg_iter->arg_num, arg_iter->call, arg_iter->display);
830 switch (arg_iter->arg_type) {
831 case EXTCAP_ARG_INTEGER:
834 case EXTCAP_ARG_UNSIGNED:
835 printf("unsigned\n");
837 case EXTCAP_ARG_LONG:
840 case EXTCAP_ARG_DOUBLE:
843 case EXTCAP_ARG_BOOLEAN:
846 case EXTCAP_ARG_MENU:
849 case EXTCAP_ARG_RADIO:
852 case EXTCAP_ARG_SELECTOR:
855 case EXTCAP_ARG_STRING:
856 printf ( "string\n" );
858 case EXTCAP_ARG_MULTICHECK:
859 printf ( "unknown\n" );
861 case EXTCAP_ARG_UNKNOWN:
862 printf ( "unknown\n" );
866 if (arg_iter->range_start != NULL && arg_iter->range_end != NULL) {
868 extcap_printf_complex(arg_iter->range_start);
870 extcap_printf_complex(arg_iter->range_end);
874 for ( walker = g_list_first ( arg_iter->value_list ); walker; walker = walker->next )
876 v = (extcap_value *)walker->data;
879 printf("\tcall=\"%p\" display=\"%p\"\n", v->call, v->display);
880 printf("\tcall=\"%s\" display=\"%s\"\n", v->call, v->display);
883 arg_iter = arg_iter->next_arg;
890 * Editor modelines - http://www.wireshark.org/tools/modelines.html
895 * indent-tabs-mode: nil
898 * vi: set shiftwidth=4 tabstop=8 expandtab:
899 * :indentSize=4:tabSize=8:noTabs=true: