* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
- * SPDX-License-Identifier: GPL-2.0+
+ * SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config.h>
#include <string.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
+#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#include "wsutil/os_version_info.h"
#include "wsutil/str_util.h"
#include "wsutil/inet_addr.h"
+#include "wsutil/time_util.h"
#include "caputils/ws80211_utils.h"
-#ifdef HAVE_EXTCAP
#include "extcap.h"
-#endif
/*
* Get information about libpcap format from "wiretap/libpcap.h".
*/
#include "wiretap/libpcap.h"
#include "wiretap/pcapng_module.h"
+#include "wiretap/pcapng.h"
/**#define DEBUG_DUMPCAP**/
/**#define DEBUG_CHILD_DUMPCAP**/
/** Close a pipe, or socket if \a from_socket is TRUE */
static void cap_pipe_close(int pipe_fd, gboolean from_socket _U_);
-#ifdef __linux__
-/*
- * Enable kernel BPF JIT compiler if available.
- * If any calls fail, just drive on - the JIT compiler might not be
- * enabled, but filtering will still work, and it's not clear what
- * we could do if the calls fail; should we just report the error
- * and not continue to capture, should we report it as a warning, or
- * what?
- */
-static void
-enable_kernel_bpf_jit_compiler(void)
-{
- int fd;
- ssize_t written _U_;
- static const char file[] = "/proc/sys/net/core/bpf_jit_enable";
-
- fd = ws_open(file, O_WRONLY);
- if (fd < 0)
- return;
-
- written = ws_write(fd, "1", strlen("1"));
-
- ws_close(fd);
-}
-#endif
-
#if !defined (__linux__)
#ifndef HAVE_PCAP_BREAKLOOP
/*
PIPNEXIST
} cap_pipe_err_t;
+typedef struct _pcap_pipe_info {
+ struct pcap_hdr hdr; /**< Pcap header when capturing from a pipe */
+ struct pcaprec_modified_hdr rechdr; /**< Pcap record header when capturing from a pipe */
+} pcap_pipe_info_t;
+
+typedef struct _pcapng_pipe_info {
+ struct pcapng_block_header_s bh; /**< Pcapng general block header when capturing from a pipe */
+ struct pcapng_section_header_block_s shb; /**< Pcapng section header when capturing from a pipe */
+ GList *saved_blocks; /**< Pcapng block list of SHB and IDBs for multi_file_on */
+} pcapng_pipe_info_t;
+
+struct _loop_data; /* forward declaration so we can use it in the cap_pipe_dispatch function pointer */
+
/*
* A source of packets from which we're capturing.
*/
/**< capture pipe (unix only "input file") */
gboolean from_cap_pipe; /**< TRUE if we are capturing data from a capture pipe */
gboolean from_cap_socket; /**< TRUE if we're capturing from socket */
- struct pcap_hdr cap_pipe_hdr; /**< Pcap header when capturing from a pipe */
- struct pcaprec_modified_hdr cap_pipe_rechdr; /**< Pcap record header when capturing from a pipe */
+ gboolean from_pcapng; /**< TRUE if we're capturing from pcapng format */
+ union {
+ pcap_pipe_info_t pcap; /**< Pcap info when capturing from a pipe */
+ pcapng_pipe_info_t pcapng; /**< Pcapng info when capturing from a pipe */
+ } cap_pipe_info;
#ifdef _WIN32
HANDLE cap_pipe_h; /**< The handle of the capture pipe */
#endif
size_t cap_pipe_bytes_to_read; /**< Used by cap_pipe_dispatch */
size_t cap_pipe_bytes_read; /**< Used by cap_pipe_dispatch */
#endif
+ int (*cap_pipe_dispatch)(struct _loop_data *, struct _capture_src *, char *, int);
cap_pipe_state_t cap_pipe_state;
cap_pipe_err_t cap_pipe_err;
typedef struct _pcap_queue_element {
capture_src *pcap_src;
- struct pcap_pkthdr phdr;
+ union {
+ struct pcap_pkthdr phdr;
+ struct pcapng_block_header_s bh;
+ } u;
u_char *pd;
} pcap_queue_element;
const u_char *pd);
static void capture_loop_queue_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr,
const u_char *pd);
-static void capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
- int err, gboolean is_close);
+static void capture_loop_write_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd);
+static void capture_loop_queue_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd);
+static void capture_loop_get_errmsg(char *errmsg, size_t errmsglen,
+ char *secondary_errmsg,
+ size_t secondary_errmsglen,
+ const char *fname, int err,
+ gboolean is_close);
static void WS_NORETURN exit_main(int err);
#define MSG_MAX_LENGTH 4096
-/* Copied from pcapio.c pcapng_write_interface_statistics_block()*/
-static guint64
-create_timestamp(void) {
- guint64 timestamp;
-#ifdef _WIN32
- FILETIME now;
-#else
- struct timeval now;
-#endif
-
-#ifdef _WIN32
- /*
- * Current time, represented as 100-nanosecond intervals since
- * January 1, 1601, 00:00:00 UTC.
- *
- * I think DWORD might be signed, so cast both parts of "now"
- * to guint32 so that the sign bit doesn't get treated specially.
- *
- * Windows 8 provides GetSystemTimePreciseAsFileTime which we
- * might want to use instead.
- */
- GetSystemTimeAsFileTime(&now);
- timestamp = (((guint64)(guint32)now.dwHighDateTime) << 32) +
- (guint32)now.dwLowDateTime;
-
- /*
- * Convert to same thing but as 1-microsecond, i.e. 1000-nanosecond,
- * intervals.
- */
- timestamp /= 10;
-
- /*
- * Subtract difference, in microseconds, between January 1, 1601
- * 00:00:00 UTC and January 1, 1970, 00:00:00 UTC.
- */
- timestamp -= G_GUINT64_CONSTANT(11644473600000000);
-#else
- /*
- * Current time, represented as seconds and microseconds since
- * January 1, 1970, 00:00:00 UTC.
- */
- gettimeofday(&now, NULL);
-
- /*
- * Convert to delta in microseconds.
- */
- timestamp = (guint64)(now.tv_sec) * 1000000 +
- (guint64)(now.tv_usec);
-#endif
- return timestamp;
-}
-
static void
print_usage(FILE *output)
{
fprintf(output, " -h display this help and exit\n");
fprintf(output, "\n");
#ifdef __linux__
- fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
- fprintf(output, "You might want to reset it\n");
- fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "Dumpcap can benefit from an enabled BPF JIT compiler if available.\n");
+ fprintf(output, "You might want to enable it by executing:\n");
+ fprintf(output, " \"echo 1 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "Note that this can make your system less secure!\n");
fprintf(output, "\n");
#endif
fprintf(output, "Example: dumpcap -i eth0 -a duration:60 -w output.pcapng\n");
"%s: EUID: %d Capabilities: %s", pfx,
geteuid(), cap_to_text(caps, NULL));
cap_free(caps);
+}
#else
print_caps(const char *pfx _U_) {
-#endif
}
+#endif
static void
relinquish_all_capabilities(void)
}
#endif
-static void
-get_capture_device_open_failure_messages(const char *open_err_str,
- const char *iface,
- char *errmsg, size_t errmsg_len,
- char *secondary_errmsg,
- size_t secondary_errmsg_len)
-{
-#ifndef _WIN32
- const char *libpcap_warn;
- static const char ppamsg[] = "can't find PPA for ";
+/*
+ * Platform-dependent suggestions for fixing permissions.
+ */
+#if defined(__linux__)
+ #define PLATFORM_PERMISSIONS_SUGGESTION \
+ "\n\n" \
+ "On Debian and Debian derivatives such as Ubuntu, if you have " \
+ "installed Wireshark from a package, try running" \
+ "\n\n" \
+ " sudo dpkg-reconfigure wireshark-common" \
+ "\n\n" \
+ "selecting \"<Yes>\" in response to the question" \
+ "\n\n" \
+ " Should non-superusers be able to capture packets?" \
+ "\n\n" \
+ "adding yourself to the \"wireshark\" group by running" \
+ "\n\n" \
+ " sudo usermod -a -G wireshark {your username}" \
+ "\n\n" \
+ "and then logging out and logging back in again."
+#elif defined(__APPLE__)
+ #define PLATFORM_PERMISSIONS_SUGGESTION \
+ "\n\n" \
+ "If you installed Wireshark using the package from wireshark.org, "\
+ "Try re-installing it and checking the box for the \"Set capture " \
+ "permissions on startup\" item."
+#else
+ #define PLATFORM_PERMISSIONS_SUGGESTION
#endif
- g_snprintf(errmsg, (gulong) errmsg_len,
- "The capture session could not be initiated on interface '%s' (%s).",
- iface, open_err_str);
+static const char *
+get_pcap_failure_secondary_error_message(cap_device_open_err open_err,
+ const char *open_err_str
+#ifndef __hpux
+ _U_
+#endif
+ )
+{
#ifdef _WIN32
+ /*
+ * On Windows, first make sure they *have* WinPcap installed.
+ */
if (!has_wpcap) {
- g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
- "\n"
- "In order to capture packets, WinPcap must be installed; see\n"
- "\n"
- " https://www.winpcap.org/\n"
- "\n"
- "for a downloadable version of WinPcap and for instructions on how to install\n"
- "WinPcap.");
- } else {
- g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
- "\n"
- "Please check that \"%s\" is the proper interface.\n"
- "\n"
- "\n"
- "Help can be found on the following pages:\n"
- "\n"
- " https://wiki.wireshark.org/WinPcap\n"
- " https://wiki.wireshark.org/CaptureSetup\n",
- iface);
+ return
+ "In order to capture packets, WinPcap must be installed; see\n"
+ "\n"
+ " https://www.winpcap.org/\n"
+ "\n"
+ "for a downloadable version of WinPcap and for instructions on how to install\n"
+ "WinPcap.";
}
-#else
- /* If we got a "can't find PPA for X" message, warn the user (who
- is running dumpcap on HP-UX) that they don't have a version of
- libpcap that properly handles HP-UX (libpcap 0.6.x and later
- versions, which properly handle HP-UX, say "can't find /dev/dlpi
- PPA for X" rather than "can't find PPA for X"). */
- if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
- libpcap_warn =
- "\n\n"
+#endif
+
+ /*
+ * Now deal with ancient versions of libpcap that, on HP-UX, don't
+ * correctly figure out how to open a device given the device name.
+ */
+#ifdef __hpux
+ /* HP-UX-specific suggestion. */
+ static const char ppamsg[] = "can't find PPA for ";
+
+ if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0) {
+ return
"You are running (T)Wireshark with a version of the libpcap library\n"
"that doesn't handle HP-UX network devices well; this means that\n"
"(T)Wireshark may not be able to capture packets.\n"
"packaged binary form from the Software Porting And Archive Centre\n"
"for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
"at the URL lists a number of mirror sites.";
- else
- libpcap_warn = "";
+ }
+#endif
- g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
+ /*
+ * OK, now just return a largely platform-independent error that might
+ * have platform-specific suggestions at the end (for example, suggestions
+ * for how to get permission to capture).
+ */
+ if (open_err == CAP_DEVICE_OPEN_ERR_GENERIC) {
+ /*
+ * We don't know what kind of error it is, so throw all the
+ * suggestions at the user.
+ */
+ return
"Please check to make sure you have sufficient permissions, and that you have "
- "the proper interface or pipe specified.%s", libpcap_warn);
-#endif /* _WIN32 */
+ "the proper interface or pipe specified."
+ PLATFORM_PERMISSIONS_SUGGESTION;
+ } else if (open_err == CAP_DEVICE_OPEN_ERR_PERMISSIONS) {
+ /*
+ * This is a permissions error, so no need to specify any other
+ * warnings.
+ */
+ return
+ "Please check to make sure you have sufficient permissions."
+ PLATFORM_PERMISSIONS_SUGGESTION;
+ } else {
+ /*
+ * This is not a permissons error, so no need to suggest
+ * checking permissions.
+ */
+ return
+ "Please check that you have the proper interface or pipe specified.";
+ }
+}
+
+static void
+get_capture_device_open_failure_messages(cap_device_open_err open_err,
+ const char *open_err_str,
+ const char *iface,
+ char *errmsg, size_t errmsg_len,
+ char *secondary_errmsg,
+ size_t secondary_errmsg_len)
+{
+ g_snprintf(errmsg, (gulong) errmsg_len,
+ "The capture session could not be initiated on interface '%s' (%s).",
+ iface, open_err_str);
+ g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len, "%s",
+ get_pcap_failure_secondary_error_message(open_err, open_err_str));
}
static gboolean
{
interface_options *interface_opts;
pcap_t *pcap_h;
+ cap_device_open_err open_err;
gchar open_err_str[PCAP_ERRBUF_SIZE];
char errmsg[MSG_MAX_LENGTH+1];
char secondary_errmsg[MSG_MAX_LENGTH+1];
for (j = 0; j < capture_opts->ifaces->len; j++) {
interface_opts = &g_array_index(capture_opts->ifaces, interface_options, j);
pcap_h = open_capture_device(capture_opts, interface_opts,
- CAP_READ_TIMEOUT, &open_err_str);
+ CAP_READ_TIMEOUT, &open_err, &open_err_str);
if (pcap_h == NULL) {
/* Open failed; get messages */
- get_capture_device_open_failure_messages(open_err_str,
+ get_capture_device_open_failure_messages(open_err, open_err_str,
interface_opts->name,
errmsg, sizeof errmsg,
secondary_errmsg,
printf("\tloopback");
else
printf("\tnetwork");
-#ifdef HAVE_EXTCAP
printf("\t%s", if_info->extcap);
-#endif
printf("\n");
}
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Console: Control signal");
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Console: Control signal, CtrlType: %u", dwCtrlType);
+ "Console: Control signal, CtrlType: %lu", dwCtrlType);
/* Keep capture running if we're a service and a user logs off */
if (capture_child || (dwCtrlType != CTRL_LOGOFF_EVENT)) {
capture_src *pcap_src;
#ifdef _WIN32
BOOL res;
- DWORD b, last_err, bytes_read;
+ DWORD last_err, bytes_read;
#else /* _WIN32 */
size_t bytes_read;
- int b;
#endif /* _WIN32 */
pcap_src = (capture_src *)arg;
#endif
)
{
+ ssize_t b;
b = cap_pipe_read(pcap_src->cap_pipe_fd, pcap_src->cap_pipe_buf+bytes_read,
pcap_src->cap_pipe_bytes_to_read - bytes_read, pcap_src->from_cap_socket);
if (b <= 0) {
/* If we try to use read() on a named pipe on Windows with partial
* data it appears to return EOF.
*/
+ DWORD b;
res = ReadFile(pcap_src->cap_pipe_h, pcap_src->cap_pipe_buf+bytes_read,
pcap_src->cap_pipe_bytes_to_read - bytes_read,
&b, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated due to the socket error: \n"
#ifdef _WIN32
- " %d: %S", lastError, errorText ? (char *)errorText : "Unknown");
+ " %d: %s", lastError, errorText ? (char *)errorText : "Unknown");
if (errorText)
LocalFree(errorText);
#else
#endif
}
+static int
+cap_pipe_read_data_bytes(capture_src *pcap_src, char *errmsg, int errmsgl)
+{
+ int sel_ret;
+ int fd = pcap_src->cap_pipe_fd;
+#ifdef _WIN32
+ DWORD sz, bytes_read = 0;
+#else /* _WIN32 */
+ size_t sz, bytes_read = 0;
+#endif /* _WIN32 */
+ ssize_t b;
+
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_read_data_bytes read %lu of %lu",
+ pcap_src->cap_pipe_bytes_read, pcap_src->cap_pipe_bytes_to_read);
+#endif
+ sz = pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read;
+ while (bytes_read < sz) {
+ if (fd == -1) {
+ g_snprintf(errmsg, errmsgl, "Invalid file descriptor.");
+ return -1;
+ }
+
+ sel_ret = cap_pipe_select(fd);
+ if (sel_ret < 0) {
+ g_snprintf(errmsg, errmsgl,
+ "Unexpected error from select: %s.", g_strerror(errno));
+ return -1;
+ } else if (sel_ret > 0) {
+ b = cap_pipe_read(fd, pcap_src->cap_pipe_databuf+pcap_src->cap_pipe_bytes_read+bytes_read,
+ sz-bytes_read, pcap_src->from_cap_socket);
+ if (b <= 0) {
+ if (b == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe during cap_pipe_read.");
+ else {
+#ifdef _WIN32
+ LPTSTR errorText = NULL;
+ int lastError = WSAGetLastError();
+ errno = lastError;
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
+ FORMAT_MESSAGE_ALLOCATE_BUFFER |
+ FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, lastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+ (LPTSTR)&errorText, 0, NULL);
+ g_snprintf(errmsg, errmsgl, "Error on pipe data during cap_pipe_read: "
+ " %d: %s", lastError, errorText ? (char *)errorText : "Unknown");
+ if (errorText)
+ LocalFree(errorText);
+#else
+ g_snprintf(errmsg, errmsgl, "Error on pipe data during cap_pipe_read: %s.",
+ g_strerror(errno));
+#endif
+ }
+ return -1;
+ }
+ bytes_read += b;
+ }
+ }
+ pcap_src->cap_pipe_bytes_read += bytes_read;
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_read_data_bytes read %lu of %lu",
+ pcap_src->cap_pipe_bytes_read, pcap_src->cap_pipe_bytes_to_read);
+#endif
+ return 0;
+}
+
+/* Some forward declarations for breaking up cap_pipe_open_live for pcap and pcapng formats */
+static void pcap_pipe_open_live(int fd, capture_src *pcap_src, struct pcap_hdr *hdr, char *errmsg, int errmsgl);
+static void pcapng_pipe_open_live(int fd, capture_src *pcap_src, char *errmsg, int errmsgl);
+static int pcapng_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl);
+
/* Mimic pcap_open_live() for pipe captures
* We check if "pipename" is "-" (stdin), a AF_UNIX socket, or a FIFO,
static void
cap_pipe_open_live(char *pipename,
capture_src *pcap_src,
- struct pcap_hdr *hdr,
+ void *hdr,
char *errmsg, int errmsgl)
{
#ifndef _WIN32
#else /* _WIN32 */
char *pncopy, *pos;
wchar_t *err_str;
-#ifdef HAVE_EXTCAP
char* extcap_pipe_name;
#endif
-#endif
-#ifdef HAVE_EXTCAP
gboolean extcap_pipe = FALSE;
-#endif
ssize_t b;
int fd = -1, sel_ret;
size_t bytes_read;
}
} else {
#ifndef _WIN32
-#ifdef HAVE_EXTCAP
if ( g_strrstr(pipename, EXTCAP_PIPE_PREFIX) != NULL )
extcap_pipe = TRUE;
-#endif
if (ws_stat64(pipename, &pipe_stat) < 0) {
if (errno == ENOENT || errno == ENOTDIR)
pcap_src->cap_pipe_err = PIPNEXIST;
return;
}
-#ifdef HAVE_EXTCAP
extcap_pipe_name = g_strconcat("\\\\.\\pipe\\", EXTCAP_PIPE_PREFIX, NULL);
extcap_pipe = strstr(pipename, extcap_pipe_name) ? TRUE : FALSE;
g_free(extcap_pipe_name);
-#endif
/* Wait for the pipe to appear */
while (1) {
-
-#ifdef HAVE_EXTCAP
if(extcap_pipe)
pcap_src->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
else
-#endif
pcap_src->cap_pipe_h = CreateFile(utf_8to16(pipename), GENERIC_READ, 0, NULL,
OPEN_EXISTING, 0, NULL);
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" could not be started "
- "due to error on pipe open: %s (error %d).",
+ "due to error on pipe open: %s (error %lu).",
pipename, utf_16to8(err_str), GetLastError());
LocalFree(err_str);
pcap_src->cap_pipe_err = PIPERR;
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" timed out during "
- "pipe open: %s (error %d).",
+ "pipe open: %s (error %lu).",
pipename, utf_16to8(err_str), GetLastError());
LocalFree(err_str);
pcap_src->cap_pipe_err = PIPERR;
* large enough for most regular network packets. We increase it,
* up to the maximum size we allow, as necessary.
*/
- pcap_src->cap_pipe_databuf = (guchar*)g_malloc(2048);
+ pcap_src->cap_pipe_databuf = (char*)g_malloc(2048);
pcap_src->cap_pipe_databuf_size = 2048;
#ifdef _WIN32
/* read the pcap header */
bytes_read = 0;
while (bytes_read < sizeof magic) {
- if (fd == -1) {
- g_snprintf(errmsg, errmsgl, "Invalid file descriptor.");
- goto error;
- }
-
sel_ret = cap_pipe_select(fd);
if (sel_ret < 0) {
g_snprintf(errmsg, errmsgl,
b = cap_pipe_read(fd, ((char *)&magic)+bytes_read,
sizeof magic-bytes_read,
pcap_src->from_cap_socket);
-#ifdef HAVE_EXTCAP
/* jump messaging, if extcap had an error, stderr will provide the correct message */
if (extcap_pipe && b <= 0)
goto error;
-#endif
+
if (b <= 0) {
if (b == 0)
g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open.");
pcap_src->cap_pipe_modified = TRUE;
break;
case BLOCK_TYPE_SHB:
- /* This isn't pcap, it's pcapng. We don't yet support
- reading it. */
- g_snprintf(errmsg, errmsgl, "Capturing from a pipe doesn't support pcapng format.");
- goto error;
+ /* This isn't pcap, it's pcapng. */
+ pcap_src->from_pcapng = TRUE;
+ pcap_src->cap_pipe_dispatch = pcapng_pipe_dispatch;
+ global_capture_opts.use_pcapng = TRUE; /* we can only output in pcapng format */
+ pcapng_pipe_open_live(fd, pcap_src, errmsg, errmsgl);
+ return;
default:
/* Not a pcap type we know about, or not pcap at all. */
g_snprintf(errmsg, errmsgl, "Unrecognized libpcap format or not libpcap data.");
goto error;
}
+ pcap_pipe_open_live(fd, pcap_src, (struct pcap_hdr *) hdr, errmsg, errmsgl);
+ return;
+
+error:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: error %s", errmsg);
+ pcap_src->cap_pipe_err = PIPERR;
+ cap_pipe_close(fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+#ifdef _WIN32
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+#endif
+}
+
+static void
+pcap_pipe_open_live(int fd,
+ capture_src *pcap_src,
+ struct pcap_hdr *hdr,
+ char *errmsg, int errmsgl)
+{
+ size_t bytes_read;
+ ssize_t b;
+ int sel_ret;
#ifdef _WIN32
if (pcap_src->from_cap_socket)
#endif
pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_STANDARD;
if (hdr->version_major < 2) {
- g_snprintf(errmsg, errmsgl, "Unable to read old libpcap format");
+ g_snprintf(errmsg, errmsgl, "Unable to read old libpcap format version %d.%d",
+ hdr->version_major, hdr->version_minor);
goto error;
}
return;
error:
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: error %s", errmsg);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcap_pipe_open_live: error %s", errmsg);
pcap_src->cap_pipe_err = PIPERR;
cap_pipe_close(fd, pcap_src->from_cap_socket);
pcap_src->cap_pipe_fd = -1;
#endif
}
+/* Read the pcapng section header block */
+static int
+pcapng_read_shb(capture_src *pcap_src,
+ char *errmsg,
+ int errmsgl)
+{
+ struct pcapng_block_header_s *bh = &pcap_src->cap_pipe_info.pcapng.bh;
+ struct pcapng_section_header_block_s *shb = &pcap_src->cap_pipe_info.pcapng.shb;
+
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket)
+#endif
+ {
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_block_header_s) + sizeof(struct pcapng_section_header_block_s);
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ return -1;
+ }
+ }
+#ifdef _WIN32
+ else {
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf + sizeof(struct pcapng_block_header_s);
+ pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_section_header_block_s);
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_async_queue_pop(pcap_src->cap_pipe_done_q);
+ if (pcap_src->cap_pipe_bytes_read <= 0) {
+ if (pcap_src->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe section header during open.");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe section header during open: %s.",
+ g_strerror(errno));
+ return -1;
+ }
+ /* Continuing with STATE_EXPECT_DATA requires reading into cap_pipe_databuf at offset cap_pipe_bytes_read */
+ pcap_src->cap_pipe_bytes_read = sizeof(struct pcapng_block_header_s) + sizeof(struct pcapng_section_header_block_s);
+ }
+#endif
+ memcpy(shb, pcap_src->cap_pipe_databuf + sizeof(struct pcapng_block_header_s), sizeof(struct pcapng_section_header_block_s));
+ switch (shb->magic)
+ {
+ case PCAPNG_MAGIC:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng SHB MAGIC");
+ pcap_src->cap_pipe_byte_swapped = FALSE;
+ break;
+ case PCAPNG_SWAPPED_MAGIC:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng SHB SWAPPED MAGIC");
+ pcap_src->cap_pipe_byte_swapped = TRUE;
+ break;
+ default:
+ /* Not a pcapng type we know about, or not pcapng at all. */
+ g_snprintf(errmsg, errmsgl, "Unrecognized pcapng format or not pcapng data.");
+ return -1;
+ }
+
+ if (pcap_src->cap_pipe_byte_swapped) {
+ /* Byte-swap the header fields about which we care. */
+ shb->version_major = GUINT16_SWAP_LE_BE(shb->version_major);
+ shb->version_minor = GUINT16_SWAP_LE_BE(shb->version_minor);
+ shb->section_length = GUINT64_SWAP_LE_BE(shb->section_length);
+ bh->block_total_length = GUINT32_SWAP_LE_BE(bh->block_total_length);
+ }
+
+ pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_STANDARD;
+
+ /* Setup state to capture any options following the section header block */
+ pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
+
+ return 0;
+}
+
+static int
+pcapng_write_saved_block(capture_src *pcap_src, struct pcapng_block_header_s *bh)
+{
+ guint32 length = bh->block_total_length;
+
+ if (pcap_src->cap_pipe_byte_swapped) {
+ length = GUINT32_SWAP_LE_BE(length);
+ }
+
+ return pcapng_write_block(global_ld.pdh,
+ (const guint8 *) bh,
+ length,
+ &global_ld.bytes_written, &global_ld.err);
+}
+
+/* Save SHB and IDB blocks to playback whenever we change output files. */
+/* The list is saved in reverse order of blocks added */
+static gboolean
+pcapng_block_save(capture_src *pcap_src)
+{
+ pcapng_pipe_info_t *pcapng = &pcap_src->cap_pipe_info.pcapng;
+ struct pcapng_block_header_s *bh = &pcapng->bh;
+
+ /* Delete all the old blocks first whenever we get a SHB */
+ if (bh->block_type == BLOCK_TYPE_SHB) {
+ g_list_free_full(pcapng->saved_blocks, g_free);
+ pcapng->saved_blocks = NULL;
+ } else if (bh->block_type != BLOCK_TYPE_IDB) {
+ return TRUE;
+ }
+
+ gpointer data = g_malloc(bh->block_total_length);
+ if (data == NULL) {
+ return FALSE;
+ }
+ memcpy(data, pcap_src->cap_pipe_databuf, bh->block_total_length);
+
+ pcapng->saved_blocks = g_list_prepend(pcapng->saved_blocks, data);
+
+ return TRUE;
+}
+
+static void
+pcapng_pipe_open_live(int fd,
+ capture_src *pcap_src,
+ char *errmsg,
+ int errmsgl)
+{
+ guint32 type = BLOCK_TYPE_SHB;
+ struct pcapng_block_header_s *bh = &pcap_src->cap_pipe_info.pcapng.bh;
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_open_live: fd %d", fd);
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket)
+#endif
+ {
+ memcpy(pcap_src->cap_pipe_databuf, &type, sizeof(guint32));
+ /* read the rest of the pcapng general block header */
+ pcap_src->cap_pipe_bytes_read = sizeof(guint32);
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_block_header_s);
+ pcap_src->cap_pipe_err = PIPOK;
+ pcap_src->cap_pipe_fd = fd;
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ goto error;
+ }
+ memcpy(bh, pcap_src->cap_pipe_databuf, sizeof(struct pcapng_block_header_s));
+ }
+#ifdef _WIN32
+ else {
+ g_thread_new("cap_pipe_open_live", &cap_thread_read, pcap_src);
+
+ bh->block_type = type;
+ pcap_src->cap_pipe_buf = (char *) &bh->block_total_length;
+ pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_to_read = sizeof(bh->block_total_length);
+ /* We don't have to worry about cap_pipe_read_mtx here */
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_async_queue_pop(pcap_src->cap_pipe_done_q);
+ if (pcap_src->cap_pipe_bytes_read <= 0) {
+ if (pcap_src->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe block_total_length during open.");
+ else
+ g_snprintf(errmsg, errmsgl, "Error on pipe block_total_length during open: %s.",
+ g_strerror(errno));
+ goto error;
+ }
+ pcap_src->cap_pipe_bytes_read = sizeof(struct pcapng_block_header_s);
+ memcpy(pcap_src->cap_pipe_databuf, bh, sizeof(struct pcapng_block_header_s));
+ pcap_src->cap_pipe_err = PIPOK;
+ pcap_src->cap_pipe_fd = fd;
+ }
+#endif
+ if (pcapng_read_shb(pcap_src, errmsg, errmsgl)) {
+ goto error;
+ }
+
+ return;
+
+error:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_open_live: error %s", errmsg);
+ pcap_src->cap_pipe_err = PIPERR;
+ cap_pipe_close(fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+#ifdef _WIN32
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+#endif
+}
/* We read one record from the pipe, take care of byte order in the record
* header, write the record to the capture file, and update capture statistics. */
static int
-cap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl)
+pcap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl)
{
struct pcap_pkthdr phdr;
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
PD_ERR } result;
#ifdef _WIN32
-#if !GLIB_CHECK_VERSION(2,31,18)
- GTimeVal wait_time;
-#endif
gpointer q_status;
wchar_t *err_str;
#endif
ssize_t b;
guint new_bufsize;
+ pcap_pipe_info_t *pcap_info = &pcap_src->cap_pipe_info.pcap;
#ifdef LOG_CAPTURE_VERBOSE
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_dispatch");
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcap_pipe_dispatch");
#endif
switch (pcap_src->cap_pipe_state) {
pcap_src->cap_pipe_bytes_read = 0;
#ifdef _WIN32
- pcap_src->cap_pipe_buf = (char *) &pcap_src->cap_pipe_rechdr;
+ pcap_src->cap_pipe_buf = (char *) &pcap_info->rechdr;
g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
if (pcap_src->from_cap_socket)
#endif
{
- b = cap_pipe_read(pcap_src->cap_pipe_fd, ((char *)&pcap_src->cap_pipe_rechdr)+pcap_src->cap_pipe_bytes_read,
+ b = cap_pipe_read(pcap_src->cap_pipe_fd, ((char *)&pcap_info->rechdr)+pcap_src->cap_pipe_bytes_read,
pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read, pcap_src->from_cap_socket);
if (b <= 0) {
if (b == 0)
}
#ifdef _WIN32
else {
-#if GLIB_CHECK_VERSION(2,31,18)
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
#endif
pcap_src->cap_pipe_state = STATE_READ_DATA;
- pcap_src->cap_pipe_bytes_to_read = pcap_src->cap_pipe_rechdr.hdr.incl_len;
+ pcap_src->cap_pipe_bytes_to_read = pcap_info->rechdr.hdr.incl_len;
pcap_src->cap_pipe_bytes_read = 0;
#ifdef _WIN32
result = PD_PIPE_ERR;
break;
}
- pcap_src->cap_pipe_bytes_read += b;
+ pcap_src->cap_pipe_bytes_read += b;
+ }
+#ifdef _WIN32
+ else {
+
+ q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ if (pcap_src->cap_pipe_err == PIPEOF) {
+ result = PD_PIPE_EOF;
+ break;
+ } else if (pcap_src->cap_pipe_err == PIPERR) {
+ result = PD_PIPE_ERR;
+ break;
+ }
+ if (!q_status) {
+ return 0;
+ }
+ }
+#endif /* _WIN32 */
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
+ return 0;
+ result = PD_DATA_READ;
+ break;
+
+ default:
+ g_snprintf(errmsg, errmsgl, "pcap_pipe_dispatch: invalid state");
+ result = PD_ERR;
+
+ } /* switch (pcap_src->cap_pipe_state) */
+
+ /*
+ * We've now read as much data as we were expecting, so process it.
+ */
+ switch (result) {
+
+ case PD_REC_HDR_READ:
+ /* We've read the header. Take care of byte order. */
+ cap_pipe_adjust_header(pcap_src->cap_pipe_byte_swapped, &pcap_info->hdr,
+ &pcap_info->rechdr.hdr);
+ if (pcap_info->rechdr.hdr.incl_len > pcap_src->cap_pipe_max_pkt_size) {
+ /*
+ * The record contains more data than the advertised/allowed in the
+ * pcap header, do not try to read more data (do not change to
+ * STATE_EXPECT_DATA) as that would not fit in the buffer and
+ * instead stop with an error.
+ */
+ g_snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)",
+ ld->packet_count+1, pcap_info->rechdr.hdr.incl_len);
+ break;
+ }
+
+ if (pcap_info->rechdr.hdr.incl_len > pcap_src->cap_pipe_databuf_size) {
+ /*
+ * Grow the buffer to the packet size, rounded up to a power of
+ * 2.
+ */
+ new_bufsize = pcap_info->rechdr.hdr.incl_len;
+ /*
+ * http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
+ */
+ new_bufsize--;
+ new_bufsize |= new_bufsize >> 1;
+ new_bufsize |= new_bufsize >> 2;
+ new_bufsize |= new_bufsize >> 4;
+ new_bufsize |= new_bufsize >> 8;
+ new_bufsize |= new_bufsize >> 16;
+ new_bufsize++;
+ pcap_src->cap_pipe_databuf = (char*)g_realloc(pcap_src->cap_pipe_databuf, new_bufsize);
+ pcap_src->cap_pipe_databuf_size = new_bufsize;
+ }
+
+ /*
+ * The record has some data following the header, try to read it next
+ * time.
+ */
+ if (pcap_info->rechdr.hdr.incl_len) {
+ pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
+ return 0;
+ }
+
+ /*
+ * No data following the record header? Then no more data needs to be
+ * read and we will fallthrough and emit an empty packet.
+ */
+ /* FALLTHROUGH */
+ case PD_DATA_READ:
+ /* Fill in a "struct pcap_pkthdr", and process the packet. */
+ phdr.ts.tv_sec = pcap_info->rechdr.hdr.ts_sec;
+ phdr.ts.tv_usec = pcap_info->rechdr.hdr.ts_usec;
+ phdr.caplen = pcap_info->rechdr.hdr.incl_len;
+ phdr.len = pcap_info->rechdr.hdr.orig_len;
+
+ if (use_threads) {
+ capture_loop_queue_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
+ } else {
+ capture_loop_write_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
+ }
+ pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
+ return 1;
+
+ case PD_PIPE_EOF:
+ pcap_src->cap_pipe_err = PIPEOF;
+ return -1;
+
+ case PD_PIPE_ERR:
+#ifdef _WIN32
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
+ g_snprintf(errmsg, errmsgl,
+ "Error reading from pipe: %s (error %lu)",
+ utf_16to8(err_str), GetLastError());
+ LocalFree(err_str);
+#else
+ g_snprintf(errmsg, errmsgl, "Error reading from pipe: %s",
+ g_strerror(errno));
+#endif
+ /* Fall through */
+ case PD_ERR:
+ break;
+ }
+
+ pcap_src->cap_pipe_err = PIPERR;
+ /* Return here rather than inside the switch to prevent GCC warning */
+ return -1;
+}
+
+static int
+pcapng_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl)
+{
+ enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
+ PD_ERR } result;
+#ifdef _WIN32
+ gpointer q_status;
+ wchar_t *err_str;
+#endif
+ guint new_bufsize;
+ struct pcapng_block_header_s *bh = &pcap_src->cap_pipe_info.pcapng.bh;
+
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch");
+#endif
+
+ switch (pcap_src->cap_pipe_state) {
+
+ case STATE_EXPECT_REC_HDR:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_EXPECT_REC_HDR");
+#endif
+#ifdef _WIN32
+ if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
+#endif
+
+ pcap_src->cap_pipe_state = STATE_READ_REC_HDR;
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcapng_block_header_s);
+ pcap_src->cap_pipe_bytes_read = 0;
+
+#ifdef _WIN32
+ if (!pcap_src->from_cap_socket) {
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ }
+ g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
+ }
+#endif
+ /* Fall through */
+
+ case STATE_READ_REC_HDR:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_READ_REC_HDR");
+#endif
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket) {
+#endif
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ return -1;
+ }
+#ifdef _WIN32
+ } else {
+ q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ if (pcap_src->cap_pipe_err == PIPEOF) {
+ result = PD_PIPE_EOF;
+ break;
+ } else if (pcap_src->cap_pipe_err == PIPERR) {
+ result = PD_PIPE_ERR;
+ break;
+ }
+ if (!q_status) {
+ return 0;
+ }
+ }
+#endif
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
+ return 0;
+ memcpy(bh, pcap_src->cap_pipe_databuf, sizeof(struct pcapng_block_header_s));
+ result = PD_REC_HDR_READ;
+ break;
+
+ case STATE_EXPECT_DATA:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_EXPECT_DATA");
+#endif
+#ifdef _WIN32
+ if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
+#endif
+ pcap_src->cap_pipe_state = STATE_READ_DATA;
+ pcap_src->cap_pipe_bytes_to_read = bh->block_total_length;
+
+#ifdef _WIN32
+ if (!pcap_src->from_cap_socket) {
+ pcap_src->cap_pipe_bytes_to_read -= pcap_src->cap_pipe_bytes_read;
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf + pcap_src->cap_pipe_bytes_read;
+ pcap_src->cap_pipe_bytes_read = 0;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ }
+ g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
+#endif
+ /* Fall through */
+
+ case STATE_READ_DATA:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_READ_DATA");
+#endif
#ifdef _WIN32
- else {
+ if (pcap_src->from_cap_socket) {
+#endif
+ if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
+ return -1;
+ }
+#ifdef _WIN32
+ } else {
-#if GLIB_CHECK_VERSION(2,31,18)
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif /* GLIB_CHECK_VERSION(2,31,18) */
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
}
}
#endif /* _WIN32 */
- if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read) {
return 0;
+ }
result = PD_DATA_READ;
break;
default:
- g_snprintf(errmsg, errmsgl, "cap_pipe_dispatch: invalid state");
+ g_snprintf(errmsg, errmsgl, "pcapng_pipe_dispatch: invalid state");
result = PD_ERR;
} /* switch (pcap_src->cap_pipe_state) */
switch (result) {
case PD_REC_HDR_READ:
+ if (bh->block_type == BLOCK_TYPE_SHB) {
+ /* we need to read ahead to get the endianess before getting the block type and length */
+ pcapng_read_shb(pcap_src, errmsg, errmsgl);
+ return 1;
+ }
+
/* We've read the header. Take care of byte order. */
- cap_pipe_adjust_header(pcap_src->cap_pipe_byte_swapped, &pcap_src->cap_pipe_hdr,
- &pcap_src->cap_pipe_rechdr.hdr);
- if (pcap_src->cap_pipe_rechdr.hdr.incl_len > pcap_src->cap_pipe_max_pkt_size) {
+ if (pcap_src->cap_pipe_byte_swapped) {
+ /* Byte-swap the record header fields. */
+ bh->block_type = GUINT32_SWAP_LE_BE(bh->block_type);
+ bh->block_total_length = GUINT32_SWAP_LE_BE(bh->block_total_length);
+ }
+ if (bh->block_total_length > pcap_src->cap_pipe_max_pkt_size) {
/*
- * The record contains more data than the advertised/allowed in the
- * pcap header, do not try to read more data (do not change to
- * STATE_EXPECT_DATA) as that would not fit in the buffer and
- * instead stop with an error.
- */
+ * The record contains more data than the advertised/allowed in the
+ * pcapng header, do not try to read more data (do not change to
+ * STATE_EXPECT_DATA) as that would not fit in the buffer and
+ * instead stop with an error.
+ */
g_snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)",
- ld->packet_count+1, pcap_src->cap_pipe_rechdr.hdr.incl_len);
+ ld->packet_count+1, bh->block_total_length);
break;
}
- if (pcap_src->cap_pipe_rechdr.hdr.incl_len > pcap_src->cap_pipe_databuf_size) {
+ if (bh->block_total_length > pcap_src->cap_pipe_databuf_size) {
/*
- * Grow the buffer to the packet size, rounded up to a power of
- * 2.
- */
- new_bufsize = pcap_src->cap_pipe_rechdr.hdr.incl_len;
+ * Grow the buffer to the packet size, rounded up to a power of
+ * 2.
+ */
+ new_bufsize = bh->block_total_length;
/*
- * http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
- */
+ * http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
+ */
new_bufsize--;
new_bufsize |= new_bufsize >> 1;
new_bufsize |= new_bufsize >> 2;
pcap_src->cap_pipe_databuf_size = new_bufsize;
}
- /*
- * The record has some data following the header, try to read it next
- * time.
- */
- if (pcap_src->cap_pipe_rechdr.hdr.incl_len) {
- pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
- return 0;
+ /* The record always has at least the block total length following the header */
+ if (bh->block_total_length < sizeof(struct pcapng_block_header_s)+sizeof(guint32)) {
+ g_snprintf(errmsg, errmsgl, "malformed pcapng block_total_length < minimum");
+ pcap_src->cap_pipe_err = PIPEOF;
+ return -1;
}
+ pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
+ return 0;
- /*
- * No data following the record header? Then no more data needs to be
- * read and we will fallthrough and emit an empty packet.
- */
- /* FALLTHROUGH */
case PD_DATA_READ:
- /* Fill in a "struct pcap_pkthdr", and process the packet. */
- phdr.ts.tv_sec = pcap_src->cap_pipe_rechdr.hdr.ts_sec;
- phdr.ts.tv_usec = pcap_src->cap_pipe_rechdr.hdr.ts_usec;
- phdr.caplen = pcap_src->cap_pipe_rechdr.hdr.incl_len;
- phdr.len = pcap_src->cap_pipe_rechdr.hdr.orig_len;
-
+ if (!pcapng_block_save(pcap_src)) {
+ g_snprintf(errmsg, errmsgl, "pcapng_pipe_dispatch block save failed");
+ return -1;
+ }
if (use_threads) {
- capture_loop_queue_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
+ capture_loop_queue_pcapng_cb(pcap_src, bh, pcap_src->cap_pipe_databuf);
} else {
- capture_loop_write_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
+ capture_loop_write_pcapng_cb(pcap_src, bh, pcap_src->cap_pipe_databuf);
}
pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
return 1;
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
- "Error reading from pipe: %s (error %d)",
+ "Error reading from pipe: %s (error %lu)",
utf_16to8(err_str), GetLastError());
LocalFree(err_str);
#else
return -1;
}
-
/** Open the capture input file (pcap or capture pipe).
* Returns TRUE if it succeeds, FALSE otherwise. */
static gboolean
char *errmsg, size_t errmsg_len,
char *secondary_errmsg, size_t secondary_errmsg_len)
{
- gchar open_err_str[PCAP_ERRBUF_SIZE];
- gchar *sync_msg_str;
- interface_options *interface_opts;
- capture_src *pcap_src;
- guint i;
+ cap_device_open_err open_err;
+ gchar open_err_str[PCAP_ERRBUF_SIZE];
+ gchar *sync_msg_str;
+ interface_options *interface_opts;
+ capture_src *pcap_src;
+ guint i;
#ifdef _WIN32
- int err;
- WORD wVersionRequested;
- WSADATA wsaData;
+ int err;
+ WORD wVersionRequested;
+ WSADATA wsaData;
#endif
/* XXX - opening Winsock on tshark? */
"Could not allocate memory.");
return FALSE;
}
- pcap_src->received = 0;
- pcap_src->dropped = 0;
- pcap_src->flushed = 0;
- pcap_src->pcap_h = NULL;
+ memset(pcap_src, 0, sizeof(capture_src));
#ifdef MUST_DO_SELECT
pcap_src->pcap_fd = -1;
#endif
- pcap_src->pcap_err = FALSE;
pcap_src->interface_id = i;
- pcap_src->tid = NULL;
- pcap_src->snaplen = 0;
pcap_src->linktype = -1;
- pcap_src->ts_nsec = FALSE;
- pcap_src->from_cap_pipe = FALSE;
- pcap_src->from_cap_socket = FALSE;
- memset(&pcap_src->cap_pipe_hdr, 0, sizeof(struct pcap_hdr));
- memset(&pcap_src->cap_pipe_rechdr, 0, sizeof(struct pcaprec_modified_hdr));
#ifdef _WIN32
pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
#endif
pcap_src->cap_pipe_fd = -1;
- pcap_src->cap_pipe_modified = FALSE;
- pcap_src->cap_pipe_byte_swapped = FALSE;
-#ifdef _WIN32
- pcap_src->cap_pipe_buf = NULL;
-#endif
- pcap_src->cap_pipe_bytes_to_read = 0;
- pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_dispatch = pcap_pipe_dispatch;
pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
pcap_src->cap_pipe_err = PIPOK;
#ifdef _WIN32
-#if GLIB_CHECK_VERSION(2,31,0)
pcap_src->cap_pipe_read_mtx = g_malloc(sizeof(GMutex));
g_mutex_init(pcap_src->cap_pipe_read_mtx);
-#else
- pcap_src->cap_pipe_read_mtx = g_mutex_new();
-#endif
pcap_src->cap_pipe_pending_q = g_async_queue_new();
pcap_src->cap_pipe_done_q = g_async_queue_new();
#endif
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts->name);
pcap_src->pcap_h = open_capture_device(capture_opts, interface_opts,
- CAP_READ_TIMEOUT, &open_err_str);
+ CAP_READ_TIMEOUT, &open_err, &open_err_str);
if (pcap_src->pcap_h != NULL) {
/* we've opened "iface" as a network device */
} else {
/* We couldn't open "iface" as a network device. */
/* Try to open it as a pipe */
- cap_pipe_open_live(interface_opts->name, pcap_src, &pcap_src->cap_pipe_hdr, errmsg, (int) errmsg_len);
+ gboolean pipe_err = FALSE;
+ cap_pipe_open_live(interface_opts->name, pcap_src, &pcap_src->cap_pipe_info.pcap.hdr, errmsg, (int) errmsg_len);
-#ifndef _WIN32
- if (pcap_src->cap_pipe_fd == -1) {
-#else
- if (pcap_src->cap_pipe_h == INVALID_HANDLE_VALUE) {
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket) {
+#endif
+ if (pcap_src->cap_pipe_fd == -1) {
+ pipe_err = TRUE;
+ }
+#ifdef _WIN32
+ } else {
+ if (pcap_src->cap_pipe_h == INVALID_HANDLE_VALUE) {
+ pipe_err = TRUE;
+ }
+ }
#endif
+
+ if (pipe_err) {
if (pcap_src->cap_pipe_err == PIPNEXIST) {
/*
* We tried opening as an interface, and that failed,
* doesn't exist. Report the error message for
* the interface.
*/
- get_capture_device_open_failure_messages(open_err_str,
+ get_capture_device_open_failure_messages(open_err,
+ open_err_str,
interface_opts->name,
errmsg,
errmsg_len,
g_free(pcap_src->cap_pipe_databuf);
pcap_src->cap_pipe_databuf = NULL;
}
- } else {
- /* Capture device. If open, close the pcap_t. */
+ if (pcap_src->from_pcapng) {
+ g_list_free_full(pcap_src->cap_pipe_info.pcapng.saved_blocks, g_free);
+ pcap_src->cap_pipe_info.pcapng.saved_blocks = NULL;
+ }
+ } else {
+ /* Capture device. If open, close the pcap_t. */
if (pcap_src->pcap_h != NULL) {
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input: closing %p", (void *)pcap_src->pcap_h);
pcap_close(pcap_src->pcap_h);
}
}
if (ld->pdh) {
+ pcap_src = g_array_index(ld->pcaps, capture_src *, 0);
+ if (pcap_src->from_pcapng) {
+ /* We are just going to rewrite the source SHB and IDB blocks */
+ return TRUE;
+ }
if (capture_opts->use_pcapng) {
char *appname;
GString *cpu_info_str;
interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
pcap_src = g_array_index(ld->pcaps, capture_src *, i);
if (pcap_src->from_cap_pipe) {
- pcap_src->snaplen = pcap_src->cap_pipe_hdr.snaplen;
+ pcap_src->snaplen = pcap_src->cap_pipe_info.pcap.hdr.snaplen;
} else {
pcap_src->snaplen = pcap_snapshot(pcap_src->pcap_h);
}
successful = pcapng_write_interface_description_block(global_ld.pdh,
- NULL, /* OPT_COMMENT 1 */
- interface_opts->name, /* IDB_NAME 2 */
- interface_opts->descr, /* IDB_DESCRIPTION 3 */
- interface_opts->cfilter, /* IDB_FILTER 11 */
- os_info_str->str, /* IDB_OS 12 */
- pcap_src->linktype,
- pcap_src->snaplen,
- &(global_ld.bytes_written),
- 0, /* IDB_IF_SPEED 8 */
- pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
- &global_ld.err);
+ NULL, /* OPT_COMMENT 1 */
+ interface_opts->name, /* IDB_NAME 2 */
+ interface_opts->descr, /* IDB_DESCRIPTION 3 */
+ interface_opts->cfilter, /* IDB_FILTER 11 */
+ os_info_str->str, /* IDB_OS 12 */
+ pcap_src->linktype,
+ pcap_src->snaplen,
+ &(global_ld.bytes_written),
+ 0, /* IDB_IF_SPEED 8 */
+ pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ &global_ld.err);
}
g_string_free(os_info_str, TRUE);
} else {
pcap_src = g_array_index(ld->pcaps, capture_src *, 0);
if (pcap_src->from_cap_pipe) {
- pcap_src->snaplen = pcap_src->cap_pipe_hdr.snaplen;
+ pcap_src->snaplen = pcap_src->cap_pipe_info.pcap.hdr.snaplen;
} else {
pcap_src->snaplen = pcap_snapshot(pcap_src->pcap_h);
}
successful = libpcap_write_file_header(ld->pdh, pcap_src->linktype, pcap_src->snaplen,
- pcap_src->ts_nsec, &ld->bytes_written, &err);
+ pcap_src->ts_nsec, &ld->bytes_written, &err);
}
if (!successful) {
fclose(ld->pdh);
capture_loop_dispatch(loop_data *ld,
char *errmsg, int errmsg_len, capture_src *pcap_src)
{
- int inpkts;
+ int inpkts = 0;
gint packet_count_before;
-#ifndef _WIN32
int sel_ret;
-#endif
packet_count_before = ld->packet_count;
if (pcap_src->from_cap_pipe) {
#ifdef LOG_CAPTURE_VERBOSE
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from capture pipe");
#endif
-#ifndef _WIN32
- sel_ret = cap_pipe_select(pcap_src->cap_pipe_fd);
- if (sel_ret <= 0) {
- if (sel_ret < 0 && errno != EINTR) {
- g_snprintf(errmsg, errmsg_len,
- "Unexpected error from select: %s", g_strerror(errno));
- report_capture_error(errmsg, please_report);
- ld->go = FALSE;
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket) {
+#endif
+ sel_ret = cap_pipe_select(pcap_src->cap_pipe_fd);
+ if (sel_ret <= 0) {
+ if (sel_ret < 0 && errno != EINTR) {
+ g_snprintf(errmsg, errmsg_len,
+ "Unexpected error from select: %s", g_strerror(errno));
+ report_capture_error(errmsg, please_report);
+ ld->go = FALSE;
+ }
}
+#ifdef _WIN32
} else {
+ /* Windows does not have select() for pipes. */
+ /* Proceed with _dispatch() which waits for cap_pipe_done_q
+ * notification from cap_thread_read() when ReadFile() on
+ * the pipe has read enough bytes. */
+ sel_ret = 1;
+ }
+#endif
+ if (sel_ret > 0) {
/*
* "select()" says we can read from the pipe without blocking
*/
-#endif
- inpkts = cap_pipe_dispatch(ld, pcap_src, errmsg, errmsg_len);
+ inpkts = pcap_src->cap_pipe_dispatch(ld, pcap_src, errmsg, errmsg_len);
if (inpkts < 0) {
ld->go = FALSE;
}
-#ifndef _WIN32
}
-#endif
}
else
{
} else {
/* Choose a random name for the temporary capture buffer */
if (global_capture_opts.ifaces->len > 1) {
+ /*
+ * More than one interface; just use the number of interfaces
+ * to generate the temporary file name prefix.
+ */
prefix = g_strdup_printf("wireshark_%d_interfaces", global_capture_opts.ifaces->len);
- if (capture_opts->use_pcapng) {
- suffix = ".pcapng";
- }else{
- suffix = ".pcap";
- }
} else {
+ /*
+ * One interface; use its description, if it has one, to generate
+ * the temporary file name, otherwise use its name.
+ */
gchar *basename;
- basename = g_path_get_basename((&g_array_index(global_capture_opts.ifaces, interface_options, 0))->console_display_name);
+ const interface_options *interface_opts;
+
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, 0);
+
+ /*
+ * Do we have a description?
+ */
+ if (interface_opts->descr) {
+ /*
+ * Yes - use it.
+ *
+ * Strip off any stuff we shouldn't use in the file name,
+ * by getting the last component of what would be a file
+ * name.
+ */
+ basename = g_path_get_basename(interface_opts->descr);
+ } else {
+ /*
+ * No - use the name.
+ *
+ * Strip off any stuff we shouldn't use in the file name,
+ * by getting the last component of what would be a file
+ * name.
+ */
+ basename = g_path_get_basename(interface_opts->name);
#ifdef _WIN32
- /* use the generic portion of the interface guid to form the basis of the filename */
- if (strncmp("NPF_{", basename, 5)==0)
- {
- /* we have a windows guid style device name, extract the guid digits as the basis of the filename */
- GString *iface;
- iface = isolate_uuid(basename);
- g_free(basename);
- basename = g_strdup(iface->str);
- g_string_free(iface, TRUE);
- }
+ /*
+ * This is Windows, where we might have an ugly GUID-based
+ * interface name.
+ *
+ * If it's an ugly GUID-based name, use the generic portion
+ * of the interface GUID to form the basis of the filename.
+ */
+ if (strncmp("NPF_{", basename, 5) == 0) {
+ /*
+ * We have a GUID-based name; extract the GUID digits
+ * as the basis of the filename.
+ */
+ GString *iface;
+ iface = isolate_uuid(basename);
+ g_free(basename);
+ basename = g_strdup(iface->str);
+ g_string_free(iface, TRUE);
+ }
#endif
- /* generate the temp file name prefix and suffix */
- if (capture_opts->use_pcapng) {
- prefix = g_strconcat("wireshark_", basename, NULL);
- suffix = ".pcapng";
- }else{
- prefix = g_strconcat("wireshark_", basename, NULL);
- suffix = ".pcap";
}
+ /* generate the temp file name prefix */
+ prefix = g_strconcat("wireshark_", basename, NULL);
g_free(basename);
}
+
+ /* Generate the appropriate suffix. */
+ if (capture_opts->use_pcapng) {
+ suffix = ".pcapng";
+ } else {
+ suffix = ".pcap";
+ }
*save_file_fd = create_tempfile(&tmpname, prefix, suffix);
g_free(prefix);
capfile_name = g_strdup(tmpname);
/* File switch succeeded: reset the conditions */
global_ld.bytes_written = 0;
- if (capture_opts->use_pcapng) {
- char *appname;
- GString *cpu_info_str;
- GString *os_info_str;
-
- cpu_info_str = g_string_new("");
- os_info_str = g_string_new("");
- get_cpu_info(cpu_info_str);
- get_os_version_info(os_info_str);
-
- appname = g_strdup_printf("Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
- successful = pcapng_write_session_header_block(global_ld.pdh,
- (const char *)capture_opts->capture_comment, /* Comment */
- cpu_info_str->str, /* HW */
- os_info_str->str, /* OS */
- appname,
- -1, /* section_length */
- &(global_ld.bytes_written),
- &global_ld.err);
- g_string_free(cpu_info_str, TRUE);
- g_free(appname);
-
- for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
- interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
- pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
- successful = pcapng_write_interface_description_block(global_ld.pdh,
- NULL, /* OPT_COMMENT 1 */
- interface_opts->name, /* IDB_NAME 2 */
- interface_opts->descr, /* IDB_DESCRIPTION 3 */
- interface_opts->cfilter, /* IDB_FILTER 11 */
- os_info_str->str, /* IDB_OS 12 */
- pcap_src->linktype,
- pcap_src->snaplen,
- &(global_ld.bytes_written),
- 0, /* IDB_IF_SPEED 8 */
- pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
- &global_ld.err);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
+ if (pcap_src->from_pcapng) {
+ /* Write the saved SHB and all IDBs to start of next file */
+ /* The blocks were saved in reverse so reverse it before iterating */
+ GList *rlist = g_list_reverse(pcap_src->cap_pipe_info.pcapng.saved_blocks);
+ GList *list = rlist;
+ successful = TRUE;
+ while (list && successful) {
+ successful = pcapng_write_saved_block(pcap_src, (struct pcapng_block_header_s *) list->data);
+ list = g_list_next(list);
}
+ pcap_src->cap_pipe_info.pcapng.saved_blocks = g_list_reverse(rlist);
+ } else {
+ if (capture_opts->use_pcapng) {
+ char *appname;
+ GString *cpu_info_str;
+ GString *os_info_str;
+
+ cpu_info_str = g_string_new("");
+ os_info_str = g_string_new("");
+ get_cpu_info(cpu_info_str);
+ get_os_version_info(os_info_str);
+
+ appname = g_strdup_printf("Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
+ successful = pcapng_write_session_header_block(global_ld.pdh,
+ (const char *)capture_opts->capture_comment, /* Comment */
+ cpu_info_str->str, /* HW */
+ os_info_str->str, /* OS */
+ appname,
+ -1, /* section_length */
+ &(global_ld.bytes_written),
+ &global_ld.err);
+ g_string_free(cpu_info_str, TRUE);
+ g_free(appname);
+
+ for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
+ successful = pcapng_write_interface_description_block(global_ld.pdh,
+ NULL, /* OPT_COMMENT 1 */
+ interface_opts->name, /* IDB_NAME 2 */
+ interface_opts->descr, /* IDB_DESCRIPTION 3 */
+ interface_opts->cfilter, /* IDB_FILTER 11 */
+ os_info_str->str, /* IDB_OS 12 */
+ pcap_src->linktype,
+ pcap_src->snaplen,
+ &(global_ld.bytes_written),
+ 0, /* IDB_IF_SPEED 8 */
+ pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ &global_ld.err);
+ }
- g_string_free(os_info_str, TRUE);
+ g_string_free(os_info_str, TRUE);
- } else {
- pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
- successful = libpcap_write_file_header(global_ld.pdh, pcap_src->linktype, pcap_src->snaplen,
- pcap_src->ts_nsec, &global_ld.bytes_written, &global_ld.err);
+ } else {
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
+ successful = libpcap_write_file_header(global_ld.pdh, pcap_src->linktype, pcap_src->snaplen,
+ pcap_src->ts_nsec, &global_ld.bytes_written, &global_ld.err);
+ }
}
if (!successful) {
fclose(global_ld.pdh);
/* dispatch incoming packets */
if (use_threads) {
pcap_queue_element *queue_element;
-#if GLIB_CHECK_VERSION(2,31,18)
g_async_queue_lock(pcap_queue);
queue_element = (pcap_queue_element *)g_async_queue_timeout_pop_unlocked(pcap_queue, WRITER_THREAD_TIMEOUT);
-#else
- GTimeVal write_thread_time;
-
- g_get_current_time(&write_thread_time);
- g_time_val_add(&write_thread_time, WRITER_THREAD_TIMEOUT);
- g_async_queue_lock(pcap_queue);
- queue_element = (pcap_queue_element *)g_async_queue_timed_pop_unlocked(pcap_queue, &write_thread_time);
-#endif
if (queue_element) {
- pcap_queue_bytes -= queue_element->phdr.caplen;
- pcap_queue_packets -= 1;
+ if (queue_element->pcap_src->from_pcapng) {
+ pcap_queue_bytes -= queue_element->u.bh.block_total_length;
+ pcap_queue_packets -= 1;
+ } else {
+ pcap_queue_bytes -= queue_element->u.phdr.caplen;
+ pcap_queue_packets -= 1;
+ }
}
g_async_queue_unlock(pcap_queue);
if (queue_element) {
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
- "Dequeued a packet of length %d captured on interface %d.",
- queue_element->phdr.caplen, queue_element->pcap_src->interface_id);
+ if (queue_element->pcap_src->from_pcapng) {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Dequeued a block of length %d captured on interface %d.",
+ queue_element->u.bh.block_total_length, queue_element->pcap_src->interface_id);
+
+ capture_loop_write_pcapng_cb(queue_element->pcap_src,
+ &queue_element->u.bh,
+ queue_element->pd);
+ } else {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Dequeued a packet of length %d captured on interface %d.",
+ queue_element->u.phdr.caplen, queue_element->pcap_src->interface_id);
- capture_loop_write_packet_cb((u_char *) queue_element->pcap_src,
- &queue_element->phdr,
- queue_element->pd);
+ capture_loop_write_packet_cb((u_char *) queue_element->pcap_src,
+ &queue_element->u.phdr,
+ queue_element->pd);
+ }
g_free(queue_element->pd);
g_free(queue_element);
inpkts = 1;
#ifdef _WIN32
cur_time = GetTickCount(); /* Note: wraps to 0 if sys runs for 49.7 days */
- if ((cur_time - upd_time) > DUMPCAP_UPD_TIME) { /* wrap just causes an extra update */
+ if ((cur_time - upd_time) > DUMPCAP_UPD_TIME) /* wrap just causes an extra update */
#else
gettimeofday(&cur_time, NULL);
if (((guint64)cur_time.tv_sec * 1000000 + cur_time.tv_usec) >
- ((guint64)upd_time.tv_sec * 1000000 + upd_time.tv_usec + DUMPCAP_UPD_TIME*1000)) {
+ ((guint64)upd_time.tv_sec * 1000000 + upd_time.tv_usec + DUMPCAP_UPD_TIME*1000))
#endif
+ {
upd_time = cur_time;
g_async_queue_lock(pcap_queue);
queue_element = (pcap_queue_element *)g_async_queue_try_pop_unlocked(pcap_queue);
if (queue_element) {
- pcap_queue_bytes -= queue_element->phdr.caplen;
+ pcap_queue_bytes -= queue_element->u.phdr.caplen;
pcap_queue_packets -= 1;
}
g_async_queue_unlock(pcap_queue);
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Dequeued a packet of length %d captured on interface %d.",
- queue_element->phdr.caplen, queue_element->pcap_src->interface_id);
+ queue_element->u.phdr.caplen, queue_element->pcap_src->interface_id);
capture_loop_write_packet_cb((u_char *)queue_element->pcap_src,
- &queue_element->phdr,
+ &queue_element->u.phdr,
queue_element->pd);
g_free(queue_element->pd);
g_free(queue_element);
if (global_ld.err == 0) {
write_ok = TRUE;
} else {
- capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file,
- global_ld.err, FALSE);
- report_capture_error(errmsg, please_report);
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), secondary_errmsg,
+ sizeof(secondary_errmsg),
+ capture_opts->save_file, global_ld.err, FALSE);
+ report_capture_error(errmsg, secondary_errmsg);
write_ok = FALSE;
}
/* If we've displayed a message about a write error, there's no point
in displaying another message about an error on close. */
if (!close_ok && write_ok) {
- capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file, err_close,
- TRUE);
- report_capture_error(errmsg, "");
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), secondary_errmsg,
+ sizeof(secondary_errmsg),
+ capture_opts->save_file, err_close, TRUE);
+ report_capture_error(errmsg, secondary_errmsg);
}
/*
report_capture_error(errmsg, please_report);
}
}
- report_packet_drops(received, pcap_dropped, pcap_src->dropped, pcap_src->flushed, stats->ps_ifdrop, interface_opts->console_display_name);
+ report_packet_drops(received, pcap_dropped, pcap_src->dropped, pcap_src->flushed, stats->ps_ifdrop, interface_opts->display_name);
}
/* close the input file (pcap or capture pipe) */
static void
-capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
+capture_loop_get_errmsg(char *errmsg, size_t errmsglen, char *secondary_errmsg,
+ size_t secondary_errmsglen, const char *fname,
int err, gboolean is_close)
{
+ static const char find_space[] =
+ "You will need to free up space on that file system"
+ " or put the capture file on a different file system.";
+
switch (err) {
case ENOSPC:
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"Not all the packets could be written to the file"
" to which the capture was being saved\n"
"(\"%s\") because there is no space left on the file system\n"
"on which that file resides.",
fname);
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen, "%s",
+ find_space);
break;
#ifdef EDQUOT
case EDQUOT:
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"Not all the packets could be written to the file"
" to which the capture was being saved\n"
"(\"%s\") because you are too close to, or over,"
" your disk quota\n"
"on the file system on which that file resides.",
fname);
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen, "%s",
+ find_space);
break;
#endif
default:
if (is_close) {
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"The file to which the capture was being saved\n"
"(\"%s\") could not be closed: %s.",
fname, g_strerror(err));
} else {
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"An error occurred while writing to the file"
" to which the capture was being saved\n"
"(\"%s\"): %s.",
fname, g_strerror(err));
}
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen,
+ "%s", please_report);
break;
}
}
+/* one pcapng block was captured, process it */
+static void
+capture_loop_write_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd)
+{
+ int err;
+
+ if (!global_capture_opts.use_pcapng) {
+ return;
+ }
+ /* We may be called multiple times from pcap_dispatch(); if we've set
+ the "stop capturing" flag, ignore this packet, as we're not
+ supposed to be saving any more packets. */
+ if (!global_ld.go) {
+ pcap_src->flushed++;
+ return;
+ }
+
+ if (global_ld.pdh) {
+ gboolean successful;
+
+ /* We're supposed to write the packet to a file; do so.
+ If this fails, set "ld->go" to FALSE, to stop the capture, and set
+ "ld->err" to the error. */
+ successful = pcapng_write_block(global_ld.pdh,
+ pd,
+ bh->block_total_length,
+ &global_ld.bytes_written, &err);
+
+ fflush(global_ld.pdh);
+ if (!successful) {
+ global_ld.go = FALSE;
+ global_ld.err = err;
+ pcap_src->dropped++;
+ } else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB || bh->block_type == BLOCK_TYPE_SYSTEMD_JOURNAL) {
+ /* count packet only if we actually have an EPB or SPB */
+#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Wrote a packet of length %d captured on interface %u.",
+ bh->block_total_length, pcap_src->interface_id);
+#endif
+ global_ld.packet_count++;
+ pcap_src->received++;
+ /* if the user told us to stop after x packets, do we already have enough? */
+ if ((global_ld.packet_max > 0) && (global_ld.packet_count >= global_ld.packet_max)) {
+ global_ld.go = FALSE;
+ }
+ }
+ }
+}
/* one packet was captured, process it */
static void
int err;
guint ts_mul = pcap_src->ts_nsec ? 1000000000 : 1000000;
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_write_packet_cb");
+
/* We may be called multiple times from pcap_dispatch(); if we've set
the "stop capturing" flag, ignore this packet, as we're not
supposed to be saving any more packets. */
return;
}
queue_element->pcap_src = pcap_src;
- queue_element->phdr = *phdr;
+ queue_element->u.phdr = *phdr;
queue_element->pd = (u_char *)g_malloc(phdr->caplen);
if (queue_element->pd == NULL) {
pcap_src->dropped++;
pcap_queue_bytes, pcap_queue_packets);
}
+/* one pcapng block was captured, queue it */
+static void
+capture_loop_queue_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd)
+{
+ pcap_queue_element *queue_element;
+ gboolean limit_reached;
+
+ /* We may be called multiple times from pcap_dispatch(); if we've set
+ the "stop capturing" flag, ignore this packet, as we're not
+ supposed to be saving any more packets. */
+ if (!global_ld.go) {
+ pcap_src->flushed++;
+ return;
+ }
+
+ queue_element = (pcap_queue_element *)g_malloc(sizeof(pcap_queue_element));
+ if (queue_element == NULL) {
+ pcap_src->dropped++;
+ return;
+ }
+ queue_element->pcap_src = pcap_src;
+ queue_element->u.bh = *bh;
+ queue_element->pd = (u_char *)g_malloc(bh->block_total_length);
+ if (queue_element->pd == NULL) {
+ pcap_src->dropped++;
+ g_free(queue_element);
+ return;
+ }
+ memcpy(queue_element->pd, pd, bh->block_total_length);
+ g_async_queue_lock(pcap_queue);
+ if (((pcap_queue_byte_limit == 0) || (pcap_queue_bytes < pcap_queue_byte_limit)) &&
+ ((pcap_queue_packet_limit == 0) || (pcap_queue_packets < pcap_queue_packet_limit))) {
+ limit_reached = FALSE;
+ g_async_queue_push_unlocked(pcap_queue, queue_element);
+ pcap_queue_bytes += bh->block_total_length;
+ pcap_queue_packets += 1;
+ } else {
+ limit_reached = TRUE;
+ }
+ g_async_queue_unlock(pcap_queue);
+ if (limit_reached) {
+ pcap_src->dropped++;
+ g_free(queue_element->pd);
+ g_free(queue_element);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Dropped a packet of length %d captured on interface %u.",
+ bh->block_total_length, pcap_src->interface_id);
+ } else {
+ pcap_src->received++;
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Queued a packet of length %d captured on interface %u.",
+ bh->block_total_length, pcap_src->interface_id);
+ }
+ /* I don't want to hold the mutex over the debug output. So the
+ output may be wrong */
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Queue size is now %" G_GINT64_MODIFIER "d bytes (%" G_GINT64_MODIFIER "d packets)",
+ pcap_queue_bytes, pcap_queue_packets);
+}
+
static int
set_80211_channel(const char *iface, const char *opt)
{
}
/* And now our feature presentation... [ fade to music ] */
-int
-main(int argc, char *argv[])
+static int
+real_main(int argc, char *argv[])
{
GString *comp_info_str;
GString *runtime_info_str;
g_string_free(runtime_info_str, TRUE);
#ifdef _WIN32
- arg_list_utf_16to8(argc, argv);
create_app_running_mutex();
/*
/* Initialize the pcaps list */
global_ld.pcaps = g_array_new(FALSE, FALSE, sizeof(capture_src *));
-#if !GLIB_CHECK_VERSION(2,31,0)
- /* Initialize the thread system */
- g_thread_init(NULL);
-#endif
-
#ifdef _WIN32
/* Load wpcap if possible. Do this before collecting the run-time version information */
load_wpcap();
#endif /* SIGINFO */
#endif /* _WIN32 */
-#ifdef __linux__
- enable_kernel_bpf_jit_compiler();
-#endif
-
/* ----------------------------------------------------------------- */
/* Privilege and capability handling */
/* Cases: */
if (caps_queries) {
/* Get the list of link-layer and/or timestamp types for the capture device. */
if_capabilities_t *caps;
+ cap_device_open_err err;
gchar *err_str;
guint ii;
interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, ii);
- caps = get_if_capabilities(interface_opts, &err_str);
+ caps = get_if_capabilities(interface_opts, &err, &err_str);
if (caps == NULL) {
cmdarg_err("The capabilities of the capture device \"%s\" could not be obtained (%s).\n"
- "Please check to make sure you have sufficient permissions, and that\n"
- "you have the proper interface or pipe specified.", interface_opts->name, err_str);
+ "%s", interface_opts->name, err_str,
+ get_pcap_failure_secondary_error_message(err, err_str));
g_free(err_str);
exit_main(2);
}
g_string_append_printf(str, "and ");
}
}
- g_string_append_printf(str, "'%s'", interface_opts->console_display_name);
+ g_string_append_printf(str, "'%s'", interface_opts->display_name);
}
} else {
g_string_append_printf(str, "%u interfaces", global_capture_opts.ifaces->len);
return 0; /* never here, make compiler happy */
}
+#ifdef _WIN32
+int
+wmain(int argc, wchar_t *wc_argv[])
+{
+ char **argv;
+
+ argv = arg_list_utf_16to8(argc, wc_argv);
+ return real_main(argc, argv);
+}
+#else
+int
+main(int argc, char *argv[])
+{
+ return real_main(argc, argv);
+}
+#endif
static void
console_log_handler(const char *log_domain, GLogLevelFlags log_level,
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Signal pipe: Stop capture: %s", sig_pipe_name);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Signal pipe: %s (%p) result: %u avail: %u", sig_pipe_name,
+ "Signal pipe: %s (%p) result: %u avail: %lu", sig_pipe_name,
sig_pipe_handle, result, avail);
return FALSE;
} else {
git.samba.org / metze / wireshark / wip.git / blobdiff