/* capture.c
- * Routines for packet capture windows
+ * Routines for packet capture
*
* $Id$
*
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/* With MSVC and a libethereal.dll this file needs to import some variables
- in a special way. Therefore _NEED_VAR_IMPORT_ is defined. */
-#define _NEED_VAR_IMPORT_
-
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#ifdef HAVE_LIBPCAP
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
#include <stdlib.h>
#include <string.h>
+#include <ctype.h>
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
-#ifdef HAVE_IO_H
-# include <io.h>
-#endif
-
#include <signal.h>
#include <errno.h>
-#include <pcap.h>
-
#include <glib.h>
#include <epan/packet.h>
#include "file.h"
#include "capture.h"
#include "capture_sync.h"
+#include "capture_info.h"
+#include "capture_ui_utils.h"
#include "util.h"
-#include "pcap-util.h"
+#include "capture-pcap-util.h"
#include "alert_box.h"
#include "simple_dialog.h"
#include <epan/prefs.h>
-#include "globals.h"
#include "conditions.h"
#include "ringbuffer.h"
#include "capture-wpcap.h"
#endif
#include "ui_util.h"
+#include "file_util.h"
+#include "log.h"
+
-/*
- * Capture options.
+
+/**
+ * Start a capture.
+ *
+ * @return TRUE if the capture starts successfully, FALSE otherwise.
*/
-capture_options capture_opts;
-gboolean capture_child; /* if this is the child for "-S" */
+gboolean
+capture_start(capture_options *capture_opts)
+{
+ gboolean ret;
+
+
+ /* close the currently loaded capture file */
+ cf_close(capture_opts->cf);
+
+ g_assert(capture_opts->state == CAPTURE_STOPPED);
+ capture_opts->state = CAPTURE_PREPARING;
+
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Start ...");
+
+ /* try to start the capture child process */
+ ret = sync_pipe_start(capture_opts);
+ if(!ret) {
+ if(capture_opts->save_file != NULL) {
+ g_free(capture_opts->save_file);
+ capture_opts->save_file = NULL;
+ }
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Start failed!");
+ capture_opts->state = CAPTURE_STOPPED;
+ } else {
+ /* the capture child might not respond shortly after bringing it up */
+ /* (especially it will block, if no input coming from an input capture pipe (e.g. mkfifo) is coming in) */
+
+ /* to prevent problems, bring the main GUI into "capture mode" right after successfully */
+ /* spawn/exec the capture child, without waiting for any response from it */
+ cf_callback_invoke(cf_cb_live_capture_prepared, capture_opts);
+
+ if(capture_opts->show_info)
+ capture_info_open(capture_opts->iface);
+ }
+
+ return ret;
+}
+
+
+void
+capture_stop(capture_options *capture_opts)
+{
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Stop ...");
+
+ cf_callback_invoke(cf_cb_live_capture_stopping, capture_opts);
+
+ /* stop the capture child gracefully */
+ sync_pipe_stop(capture_opts);
+}
+
+
+void
+capture_restart(capture_options *capture_opts)
+{
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Restart");
-/* Win32 needs the O_BINARY flag for open() */
-#ifndef O_BINARY
-#define O_BINARY 0
+ capture_opts->restart = TRUE;
+ capture_stop(capture_opts);
+}
+
+
+void
+capture_kill_child(capture_options *capture_opts)
+{
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_INFO, "Capture Kill");
+
+ /* kill the capture child */
+ sync_pipe_kill(capture_opts);
+}
+
+
+
+/* We've succeeded a (non real-time) capture, try to read it into a new capture file */
+static gboolean
+capture_input_read_all(capture_options *capture_opts, gboolean is_tempfile, gboolean drops_known,
+guint32 drops)
+{
+ int err;
+
+
+ /* Capture succeeded; attempt to open the capture file. */
+ if (cf_open(capture_opts->cf, capture_opts->save_file, is_tempfile, &err) != CF_OK) {
+ /* We're not doing a capture any more, so we don't have a save
+ file. */
+ return FALSE;
+ }
+
+ /* Set the read filter to NULL. */
+ /* XXX - this is odd here, try to put it somewhere, where it fits better */
+ cf_set_rfcode(capture_opts->cf, NULL);
+
+ /* Get the packet-drop statistics.
+
+ XXX - there are currently no packet-drop statistics stored
+ in libpcap captures, and that's what we're reading.
+
+ At some point, we will add support in Wiretap to return
+ packet-drop statistics for capture file formats that store it,
+ and will make "cf_read()" get those statistics from Wiretap.
+ We clear the statistics (marking them as "not known") in
+ "cf_open()", and "cf_read()" will only fetch them and mark
+ them as known if Wiretap supplies them, so if we get the
+ statistics now, after calling "cf_open()" but before calling
+ "cf_read()", the values we store will be used by "cf_read()".
+
+ If a future libpcap capture file format stores the statistics,
+ we'll put them into the capture file that we write, and will
+ thus not have to set them here - "cf_read()" will get them from
+ the file and use them. */
+ if (drops_known) {
+ cf_set_drops_known(capture_opts->cf, TRUE);
+
+ /* XXX - on some systems, libpcap doesn't bother filling in
+ "ps_ifdrop" - it doesn't even set it to zero - so we don't
+ bother looking at it.
+
+ Ideally, libpcap would have an interface that gave us
+ several statistics - perhaps including various interface
+ error statistics - and would tell us which of them it
+ supplies, allowing us to display only the ones it does. */
+ cf_set_drops(capture_opts->cf, drops);
+ }
+
+ /* read in the packet data */
+ switch (cf_read(capture_opts->cf)) {
+
+ case CF_READ_OK:
+ case CF_READ_ERROR:
+ /* Just because we got an error, that doesn't mean we were unable
+ to read any of the file; we handle what we could get from the
+ file. */
+ break;
+
+ case CF_READ_ABORTED:
+ /* User wants to quit program. Exit by leaving the main loop,
+ so that any quit functions we registered get called. */
+ main_window_nested_quit();
+ return FALSE;
+ }
+
+ /* if we didn't captured even a single packet, close the file again */
+ if(cf_get_packet_count(capture_opts->cf) == 0 && !capture_opts->restart) {
+ simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
+"%sNo packets captured!%s\n"
+"\n"
+"As no data was captured, closing the %scapture file!\n"
+"\n"
+"\n"
+"Help about capturing can be found at:\n"
+"\n"
+" http://wiki.ethereal.com/CaptureSetup"
+#ifdef _WIN32
+"\n\n"
+"Wireless (Wi-Fi/WLAN):\n"
+"Try to switch off promiscuous mode in the Capture Options!"
#endif
+"",
+ simple_dialog_primary_start(), simple_dialog_primary_end(),
+ (cf_is_tempfile(capture_opts->cf)) ? "temporary " : "");
+ cf_close(capture_opts->cf);
+ }
+ return TRUE;
+}
-static gboolean normal_do_capture(gboolean is_tempfile);
-static void stop_capture_signal_handler(int signo);
-/* Open a specified file, or create a temporary file, and start a capture
- to the file in question. Returns TRUE if the capture starts
- successfully, FALSE otherwise. */
+/* capture child tells us, we have a new (or the first) capture file */
gboolean
-do_capture(const char *save_file)
+capture_input_new_file(capture_options *capture_opts, gchar *new_file)
{
- char tmpname[128+1];
gboolean is_tempfile;
- gchar *capfile_name;
- gboolean ret;
+ int err;
- if (save_file != NULL) {
- /* If the Sync option is set, we return to the caller while the capture
- * is in progress. Therefore we need to take a copy of save_file in
- * case the caller destroys it after we return.
- */
- capfile_name = g_strdup(save_file);
- if (capture_opts.multi_files_on) {
- /* ringbuffer is enabled */
- cfile.save_file_fd = ringbuf_init(capfile_name,
- (capture_opts.has_ring_num_files) ? capture_opts.ring_num_files : 0);
- } else {
- /* Try to open/create the specified file for use as a capture buffer. */
- cfile.save_file_fd = open(capfile_name, O_RDWR|O_BINARY|O_TRUNC|O_CREAT,
- 0600);
+
+ if(capture_opts->state == CAPTURE_PREPARING) {
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture started!");
+ }
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "File: \"%s\"", new_file);
+
+ g_assert(capture_opts->state == CAPTURE_PREPARING || capture_opts->state == CAPTURE_RUNNING);
+
+ /* free the old filename */
+ if(capture_opts->save_file != NULL) {
+ /* we start a new capture file, close the old one (if we had one before) */
+ /* (we can only have an open capture file in real_time_mode!) */
+ if( ((capture_file *) capture_opts->cf)->state != FILE_CLOSED) {
+ cf_callback_invoke(cf_cb_live_capture_update_finished, capture_opts->cf);
+ cf_finish_tail(capture_opts->cf, &err);
+ cf_close(capture_opts->cf);
}
+ g_free(capture_opts->save_file);
is_tempfile = FALSE;
+ cf_set_tempfile(capture_opts->cf, FALSE);
} else {
- /* Choose a random name for the capture buffer */
- cfile.save_file_fd = create_tempfile(tmpname, sizeof tmpname, "ether");
- capfile_name = g_strdup(tmpname);
+ /* we didn't had a save_file before, must be a tempfile */
is_tempfile = TRUE;
+ cf_set_tempfile(capture_opts->cf, TRUE);
}
- if (cfile.save_file_fd == -1) {
- if (is_tempfile) {
- simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
- "The temporary file to which the capture would be saved (\"%s\")"
- "could not be opened: %s.", capfile_name, strerror(errno));
- } else {
- if (capture_opts.multi_files_on) {
- ringbuf_error_cleanup();
- }
- open_failure_alert_box(capfile_name, errno, TRUE);
+
+ /* save the new filename */
+ capture_opts->save_file = g_strdup(new_file);
+
+ /* if we are in real-time mode, open the new file now */
+ if(capture_opts->real_time_mode) {
+ /* Attempt to open the capture file and set up to read from it. */
+ switch(cf_start_tail(capture_opts->cf, capture_opts->save_file, is_tempfile, &err)) {
+ case CF_OK:
+ break;
+ case CF_ERROR:
+ /* Don't unlink (delete) the save file - leave it around,
+ for debugging purposes. */
+ g_free(capture_opts->save_file);
+ capture_opts->save_file = NULL;
+ return FALSE;
+ break;
}
- g_free(capfile_name);
- return FALSE;
- }
- cf_close(&cfile);
- g_assert(cfile.save_file == NULL);
- cfile.save_file = capfile_name;
- /* cfile.save_file is "g_free"ed below, which is equivalent to
- "g_free(capfile_name)". */
-
- if (capture_opts.sync_mode) {
- /* sync mode: do the capture in a child process */
- ret = sync_pipe_do_capture(is_tempfile);
- /* capture is still running */
- set_main_window_name("(Live Capture in Progress) - Ethereal");
+
+ cf_callback_invoke(cf_cb_live_capture_update_started, capture_opts);
} else {
- /* normal mode: do the capture synchronously */
- set_main_window_name("(Live Capture in Progress) - Ethereal");
- ret = normal_do_capture(is_tempfile);
- /* capture is finished here */
+ cf_callback_invoke(cf_cb_live_capture_fixed_started, capture_opts);
}
- return ret;
-}
+ if(capture_opts->show_info)
+ capture_info_new_file(new_file);
+ capture_opts->state = CAPTURE_RUNNING;
-/* start a normal capture session */
-static gboolean
-normal_do_capture(gboolean is_tempfile)
+ return TRUE;
+}
+
+
+/* capture child tells us, we have new packets to read */
+void
+capture_input_new_packets(capture_options *capture_opts, int to_read)
{
- int capture_succeeded;
- gboolean stats_known;
- struct pcap_stat stats;
- int err;
-
- /* Not sync mode. */
- capture_succeeded = capture_start(&stats_known, &stats);
- if (capture_opts.quit_after_cap) {
- /* DON'T unlink the save file. Presumably someone wants it. */
- main_window_exit();
- }
- if (!capture_succeeded) {
- /* We didn't succeed in doing the capture, so we don't have a save
- file. */
- if (capture_opts.multi_files_on) {
- ringbuf_free();
- } else {
- g_free(cfile.save_file);
- }
- cfile.save_file = NULL;
- return FALSE;
- }
- /* Capture succeeded; attempt to read in the capture file. */
- if ((err = cf_open(cfile.save_file, is_tempfile, &cfile)) != 0) {
- /* We're not doing a capture any more, so we don't have a save
- file. */
- if (capture_opts.multi_files_on) {
- ringbuf_free();
- } else {
- g_free(cfile.save_file);
- }
- cfile.save_file = NULL;
- return FALSE;
- }
+ int err;
- /* Set the read filter to NULL. */
- cfile.rfcode = NULL;
-
- /* Get the packet-drop statistics.
-
- XXX - there are currently no packet-drop statistics stored
- in libpcap captures, and that's what we're reading.
-
- At some point, we will add support in Wiretap to return
- packet-drop statistics for capture file formats that store it,
- and will make "cf_read()" get those statistics from Wiretap.
- We clear the statistics (marking them as "not known") in
- "cf_open()", and "cf_read()" will only fetch them and mark
- them as known if Wiretap supplies them, so if we get the
- statistics now, after calling "cf_open()" but before calling
- "cf_read()", the values we store will be used by "cf_read()".
-
- If a future libpcap capture file format stores the statistics,
- we'll put them into the capture file that we write, and will
- thus not have to set them here - "cf_read()" will get them from
- the file and use them. */
- if (stats_known) {
- cfile.drops_known = TRUE;
-
- /* XXX - on some systems, libpcap doesn't bother filling in
- "ps_ifdrop" - it doesn't even set it to zero - so we don't
- bother looking at it.
-
- Ideally, libpcap would have an interface that gave us
- several statistics - perhaps including various interface
- error statistics - and would tell us which of them it
- supplies, allowing us to display only the ones it does. */
- cfile.drops = stats.ps_drop;
- }
- switch (cf_read(&cfile)) {
- case READ_SUCCESS:
- case READ_ERROR:
+ g_assert(capture_opts->save_file);
+
+ if(capture_opts->real_time_mode) {
+ /* Read from the capture file the number of records the child told us it added. */
+ switch (cf_continue_tail(capture_opts->cf, to_read, &err)) {
+
+ case CF_READ_OK:
+ case CF_READ_ERROR:
/* Just because we got an error, that doesn't mean we were unable
to read any of the file; we handle what we could get from the
- file. */
+ file.
+
+ XXX - abort on a read error? */
+ cf_callback_invoke(cf_cb_live_capture_update_continue, capture_opts->cf);
break;
- case READ_ABORTED:
- /* Exit by leaving the main loop, so that any quit functions
- we registered get called. */
- main_window_nested_quit();
- return FALSE;
+ case CF_READ_ABORTED:
+ /* Kill the child capture process; the user wants to exit, and we
+ shouldn't just leave it running. */
+ capture_kill_child(capture_opts);
+ break;
}
+ } else {
+ /* increase capture file packet counter by the number or incoming packets */
+ cf_set_packet_count(capture_opts->cf,
+ cf_get_packet_count(capture_opts->cf) + to_read);
- /* We're not doing a capture any more, so we don't have a save
- file. */
- if (capture_opts.multi_files_on) {
- ringbuf_free();
- } else {
- g_free(cfile.save_file);
- }
- cfile.save_file = NULL;
-
- /* if we didn't captured even a single packet, close the file again */
- if(cfile.count == 0) {
- simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
- "%sNo packets captured!%s\n\n"
- "As no data was captured, closing the %scapture file!",
- simple_dialog_primary_start(), simple_dialog_primary_end(),
- (cfile.is_tempfile) ? "temporary " : "");
- cf_close(&cfile);
- }
- return TRUE;
-}
+ cf_callback_invoke(cf_cb_live_capture_fixed_continue, capture_opts->cf);
+ }
+ /* update the main window, so we get events (e.g. from the stop toolbar button) */
+ main_window_update();
-static void
-stop_capture_signal_handler(int signo _U_)
-{
- capture_loop_stop();
+ if(capture_opts->show_info)
+ capture_info_new_packets(to_read);
}
-int
-capture_start(gboolean *stats_known, struct pcap_stat *stats)
+/* Capture child told us, how many dropped packets it counted.
+ */
+void
+capture_input_drops(capture_options *capture_opts, int dropped)
{
-#ifndef _WIN32
- /*
- * Catch SIGUSR1, so that we exit cleanly if the parent process
- * kills us with it due to the user selecting "Capture->Stop".
- */
- if (capture_child)
- signal(SIGUSR1, stop_capture_signal_handler);
-#endif
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_INFO, "%d packet%s dropped", dropped, plurality(dropped, "", "s"));
- return capture_loop_start(stats_known, stats);
+ g_assert(capture_opts->state == CAPTURE_RUNNING);
+
+ cf_set_drops_known(capture_opts->cf, TRUE);
+ cf_set_drops(capture_opts->cf, dropped);
}
+
+/* Capture child told us, that an error has occurred while starting/running the capture. */
void
-capture_stop(void)
+capture_input_error_message(capture_options *capture_opts, char *error_message)
{
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Error message from child: \"%s\"", error_message);
- if (capture_opts.sync_mode) {
- sync_pipe_stop();
- } else {
- capture_loop_stop();
- }
+ g_assert(capture_opts->state == CAPTURE_PREPARING || capture_opts->state == CAPTURE_RUNNING);
+
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", error_message);
+
+ /* the capture child will close the sync_pipe if required, nothing to do for now */
}
+
+/* capture child closed it's side ot the pipe, do the required cleanup */
void
-kill_capture_child(void)
+capture_input_closed(capture_options *capture_opts)
{
- if (capture_opts.sync_mode) {
- sync_pipe_kill();
- }
+ int err;
+
+
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture stopped!");
+ g_assert(capture_opts->state == CAPTURE_PREPARING || capture_opts->state == CAPTURE_RUNNING);
+
+ /* if we didn't started the capture, do a fake start */
+ /* (happens if we got an error message - we won't get a filename then) */
+ if(capture_opts->state == CAPTURE_PREPARING) {
+ if(capture_opts->real_time_mode) {
+ cf_callback_invoke(cf_cb_live_capture_update_started, capture_opts);
+ } else {
+ cf_callback_invoke(cf_cb_live_capture_fixed_started, capture_opts);
+ }
+ }
+
+ if(capture_opts->real_time_mode) {
+ cf_read_status_t status;
+
+ /* Read what remains of the capture file. */
+ status = cf_finish_tail(capture_opts->cf, &err);
+
+ /* Tell the GUI, we are not doing a capture any more.
+ Must be done after the cf_finish_tail(), so file lengths are displayed
+ correct. */
+ cf_callback_invoke(cf_cb_live_capture_update_finished, capture_opts->cf);
+
+ /* Finish the capture. */
+ switch (status) {
+
+ case CF_READ_OK:
+ if(cf_get_packet_count(capture_opts->cf) == 0 && !capture_opts->restart) {
+ simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
+"%sNo packets captured!%s\n"
+"\n"
+"As no data was captured, closing the %scapture file!\n"
+"\n"
+"\n"
+"Help about capturing can be found at:\n"
+"\n"
+" http://wiki.ethereal.com/CaptureSetup"
+#ifdef _WIN32
+"\n\n"
+"Wireless (Wi-Fi/WLAN):\n"
+"Try to switch off promiscuous mode in the Capture Options!"
+#endif
+"",
+ simple_dialog_primary_start(), simple_dialog_primary_end(),
+ cf_is_tempfile(capture_opts->cf) ? "temporary " : "");
+ cf_close(capture_opts->cf);
+ }
+ break;
+ case CF_READ_ERROR:
+ /* Just because we got an error, that doesn't mean we were unable
+ to read any of the file; we handle what we could get from the
+ file. */
+ break;
+
+ case CF_READ_ABORTED:
+ /* Exit by leaving the main loop, so that any quit functions
+ we registered get called. */
+ main_window_quit();
+ }
+
+ } else {
+ /* first of all, we are not doing a capture any more */
+ cf_callback_invoke(cf_cb_live_capture_fixed_finished, capture_opts->cf);
+
+ /* this is a normal mode capture and if no error happened, read in the capture file data */
+ if(capture_opts->save_file != NULL) {
+ capture_input_read_all(capture_opts, cf_is_tempfile(capture_opts->cf),
+ cf_get_drops_known(capture_opts->cf), cf_get_drops(capture_opts->cf));
+ }
+ }
+
+ if(capture_opts->show_info)
+ capture_info_close();
+
+ capture_opts->state = CAPTURE_STOPPED;
+
+ /* if we couldn't open a capture file, there's nothing more for us to do */
+ if(capture_opts->save_file == NULL) {
+ cf_close(capture_opts->cf);
+ return;
+ }
+
+ /* does the user wants to restart the current capture? */
+ if(capture_opts->restart) {
+ capture_opts->restart = FALSE;
+
+ eth_unlink(capture_opts->save_file);
+
+ /* if it was a tempfile, throw away the old filename (so it will become a tempfile again) */
+ if(cf_is_tempfile(capture_opts->cf)) {
+ g_free(capture_opts->save_file);
+ capture_opts->save_file = NULL;
+ }
+
+ /* ... and start the capture again */
+ capture_start(capture_opts);
+ } else {
+ /* We're not doing a capture any more, so we don't have a save file. */
+ g_free(capture_opts->save_file);
+ capture_opts->save_file = NULL;
+ }
}