* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
- * SPDX-License-Identifier: GPL-2.0+
+ * SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config.h>
#include <string.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
+#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#include "caputils/ws80211_utils.h"
-#ifdef HAVE_EXTCAP
#include "extcap.h"
-#endif
/*
* Get information about libpcap format from "wiretap/libpcap.h".
/** Close a pipe, or socket if \a from_socket is TRUE */
static void cap_pipe_close(int pipe_fd, gboolean from_socket _U_);
-#ifdef __linux__
-/*
- * Enable kernel BPF JIT compiler if available.
- * If any calls fail, just drive on - the JIT compiler might not be
- * enabled, but filtering will still work, and it's not clear what
- * we could do if the calls fail; should we just report the error
- * and not continue to capture, should we report it as a warning, or
- * what?
- */
-static void
-enable_kernel_bpf_jit_compiler(void)
-{
- int fd;
- ssize_t written _U_;
- static const char file[] = "/proc/sys/net/core/bpf_jit_enable";
-
- fd = ws_open(file, O_WRONLY);
- if (fd < 0)
- return;
-
- written = ws_write(fd, "1", strlen("1"));
-
- ws_close(fd);
-}
-#endif
-
#if !defined (__linux__)
#ifndef HAVE_PCAP_BREAKLOOP
/*
const u_char *pd);
static void capture_loop_write_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd);
static void capture_loop_queue_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_header_s *bh, const u_char *pd);
-static void capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
- int err, gboolean is_close);
+static void capture_loop_get_errmsg(char *errmsg, size_t errmsglen,
+ char *secondary_errmsg,
+ size_t secondary_errmsglen,
+ const char *fname, int err,
+ gboolean is_close);
static void WS_NORETURN exit_main(int err);
fprintf(output, " -h display this help and exit\n");
fprintf(output, "\n");
#ifdef __linux__
- fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
- fprintf(output, "You might want to reset it\n");
- fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "Dumpcap can benefit from an enabled BPF JIT compiler if available.\n");
+ fprintf(output, "You might want to enable it by executing:\n");
+ fprintf(output, " \"echo 1 > /proc/sys/net/core/bpf_jit_enable\"\n");
+ fprintf(output, "Note that this can make your system less secure!\n");
fprintf(output, "\n");
#endif
fprintf(output, "Example: dumpcap -i eth0 -a duration:60 -w output.pcapng\n");
"%s: EUID: %d Capabilities: %s", pfx,
geteuid(), cap_to_text(caps, NULL));
cap_free(caps);
+}
#else
print_caps(const char *pfx _U_) {
-#endif
}
+#endif
static void
relinquish_all_capabilities(void)
}
#endif
-static void
-get_capture_device_open_failure_messages(const char *open_err_str,
- const char *iface,
- char *errmsg, size_t errmsg_len,
- char *secondary_errmsg,
- size_t secondary_errmsg_len)
-{
-#ifndef _WIN32
- const char *libpcap_warn;
- static const char ppamsg[] = "can't find PPA for ";
+/*
+ * Platform-dependent suggestions for fixing permissions.
+ */
+#if defined(__linux__)
+ #define PLATFORM_PERMISSIONS_SUGGESTION \
+ "\n\n" \
+ "On Debian and Debian derivatives such as Ubuntu, if you have " \
+ "installed Wireshark from a package, try running" \
+ "\n\n" \
+ " sudo dpkg-reconfigure wireshark-common" \
+ "\n\n" \
+ "selecting \"<Yes>\" in response to the question" \
+ "\n\n" \
+ " Should non-superusers be able to capture packets?" \
+ "\n\n" \
+ "adding yourself to the \"wireshark\" group by running" \
+ "\n\n" \
+ " sudo usermod -a -G wireshark {your username}" \
+ "\n\n" \
+ "and then logging out and logging back in again."
+#elif defined(__APPLE__)
+ #define PLATFORM_PERMISSIONS_SUGGESTION \
+ "\n\n" \
+ "If you installed Wireshark using the package from wireshark.org, "\
+ "Try re-installing it and checking the box for the \"Set capture " \
+ "permissions on startup\" item."
+#else
+ #define PLATFORM_PERMISSIONS_SUGGESTION
#endif
- g_snprintf(errmsg, (gulong) errmsg_len,
- "The capture session could not be initiated on interface '%s' (%s).",
- iface, open_err_str);
+static const char *
+get_pcap_failure_secondary_error_message(cap_device_open_err open_err,
+ const char *open_err_str
+#ifndef __hpux
+ _U_
+#endif
+ )
+{
#ifdef _WIN32
+ /*
+ * On Windows, first make sure they *have* WinPcap installed.
+ */
if (!has_wpcap) {
- g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
- "\n"
- "In order to capture packets, WinPcap must be installed; see\n"
- "\n"
- " https://www.winpcap.org/\n"
- "\n"
- "for a downloadable version of WinPcap and for instructions on how to install\n"
- "WinPcap.");
- } else {
- g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
- "\n"
- "Please check that \"%s\" is the proper interface.\n"
- "\n"
- "\n"
- "Help can be found on the following pages:\n"
- "\n"
- " https://wiki.wireshark.org/WinPcap\n"
- " https://wiki.wireshark.org/CaptureSetup\n",
- iface);
+ return
+ "In order to capture packets, WinPcap must be installed; see\n"
+ "\n"
+ " https://www.winpcap.org/\n"
+ "\n"
+ "for a downloadable version of WinPcap and for instructions on how to install\n"
+ "WinPcap.";
}
-#else
- /* If we got a "can't find PPA for X" message, warn the user (who
- is running dumpcap on HP-UX) that they don't have a version of
- libpcap that properly handles HP-UX (libpcap 0.6.x and later
- versions, which properly handle HP-UX, say "can't find /dev/dlpi
- PPA for X" rather than "can't find PPA for X"). */
- if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
- libpcap_warn =
- "\n\n"
+#endif
+
+ /*
+ * Now deal with ancient versions of libpcap that, on HP-UX, don't
+ * correctly figure out how to open a device given the device name.
+ */
+#ifdef __hpux
+ /* HP-UX-specific suggestion. */
+ static const char ppamsg[] = "can't find PPA for ";
+
+ if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0) {
+ return
"You are running (T)Wireshark with a version of the libpcap library\n"
"that doesn't handle HP-UX network devices well; this means that\n"
"(T)Wireshark may not be able to capture packets.\n"
"packaged binary form from the Software Porting And Archive Centre\n"
"for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
"at the URL lists a number of mirror sites.";
- else
- libpcap_warn = "";
+ }
+#endif
- g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
+ /*
+ * OK, now just return a largely platform-independent error that might
+ * have platform-specific suggestions at the end (for example, suggestions
+ * for how to get permission to capture).
+ */
+ if (open_err == CAP_DEVICE_OPEN_ERR_GENERIC) {
+ /*
+ * We don't know what kind of error it is, so throw all the
+ * suggestions at the user.
+ */
+ return
"Please check to make sure you have sufficient permissions, and that you have "
- "the proper interface or pipe specified.%s", libpcap_warn);
-#endif /* _WIN32 */
+ "the proper interface or pipe specified."
+ PLATFORM_PERMISSIONS_SUGGESTION;
+ } else if (open_err == CAP_DEVICE_OPEN_ERR_PERMISSIONS) {
+ /*
+ * This is a permissions error, so no need to specify any other
+ * warnings.
+ */
+ return
+ "Please check to make sure you have sufficient permissions."
+ PLATFORM_PERMISSIONS_SUGGESTION;
+ } else {
+ /*
+ * This is not a permissons error, so no need to suggest
+ * checking permissions.
+ */
+ return
+ "Please check that you have the proper interface or pipe specified.";
+ }
+}
+
+static void
+get_capture_device_open_failure_messages(cap_device_open_err open_err,
+ const char *open_err_str,
+ const char *iface,
+ char *errmsg, size_t errmsg_len,
+ char *secondary_errmsg,
+ size_t secondary_errmsg_len)
+{
+ g_snprintf(errmsg, (gulong) errmsg_len,
+ "The capture session could not be initiated on interface '%s' (%s).",
+ iface, open_err_str);
+ g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len, "%s",
+ get_pcap_failure_secondary_error_message(open_err, open_err_str));
}
static gboolean
{
interface_options *interface_opts;
pcap_t *pcap_h;
+ cap_device_open_err open_err;
gchar open_err_str[PCAP_ERRBUF_SIZE];
char errmsg[MSG_MAX_LENGTH+1];
char secondary_errmsg[MSG_MAX_LENGTH+1];
for (j = 0; j < capture_opts->ifaces->len; j++) {
interface_opts = &g_array_index(capture_opts->ifaces, interface_options, j);
pcap_h = open_capture_device(capture_opts, interface_opts,
- CAP_READ_TIMEOUT, &open_err_str);
+ CAP_READ_TIMEOUT, &open_err, &open_err_str);
if (pcap_h == NULL) {
/* Open failed; get messages */
- get_capture_device_open_failure_messages(open_err_str,
+ get_capture_device_open_failure_messages(open_err, open_err_str,
interface_opts->name,
errmsg, sizeof errmsg,
secondary_errmsg,
printf("\tloopback");
else
printf("\tnetwork");
-#ifdef HAVE_EXTCAP
printf("\t%s", if_info->extcap);
-#endif
printf("\n");
}
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Console: Control signal");
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Console: Control signal, CtrlType: %u", dwCtrlType);
+ "Console: Control signal, CtrlType: %lu", dwCtrlType);
/* Keep capture running if we're a service and a user logs off */
if (capture_child || (dwCtrlType != CTRL_LOGOFF_EVENT)) {
#else /* _WIN32 */
size_t bytes_read;
#endif /* _WIN32 */
- ssize_t b;
pcap_src = (capture_src *)arg;
while (pcap_src->cap_pipe_err == PIPOK) {
#endif
)
{
+ ssize_t b;
b = cap_pipe_read(pcap_src->cap_pipe_fd, pcap_src->cap_pipe_buf+bytes_read,
pcap_src->cap_pipe_bytes_to_read - bytes_read, pcap_src->from_cap_socket);
if (b <= 0) {
/* If we try to use read() on a named pipe on Windows with partial
* data it appears to return EOF.
*/
+ DWORD b;
res = ReadFile(pcap_src->cap_pipe_h, pcap_src->cap_pipe_buf+bytes_read,
pcap_src->cap_pipe_bytes_to_read - bytes_read,
&b, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated due to the socket error: \n"
#ifdef _WIN32
- " %d: %S", lastError, errorText ? (char *)errorText : "Unknown");
+ " %d: %s", lastError, errorText ? (char *)errorText : "Unknown");
if (errorText)
LocalFree(errorText);
#else
#endif /* _WIN32 */
ssize_t b;
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_read_data_bytes read %lu of %lu",
+ pcap_src->cap_pipe_bytes_read, pcap_src->cap_pipe_bytes_to_read);
+#endif
sz = pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read;
while (bytes_read < sz) {
if (fd == -1) {
sz-bytes_read, pcap_src->from_cap_socket);
if (b <= 0) {
if (b == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open.");
- else
- g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s.",
+ g_snprintf(errmsg, errmsgl, "End of file on pipe during cap_pipe_read.");
+ else {
+#ifdef _WIN32
+ LPTSTR errorText = NULL;
+ int lastError = WSAGetLastError();
+ errno = lastError;
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
+ FORMAT_MESSAGE_ALLOCATE_BUFFER |
+ FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, lastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+ (LPTSTR)&errorText, 0, NULL);
+ g_snprintf(errmsg, errmsgl, "Error on pipe data during cap_pipe_read: "
+ " %d: %s", lastError, errorText ? (char *)errorText : "Unknown");
+ if (errorText)
+ LocalFree(errorText);
+#else
+ g_snprintf(errmsg, errmsgl, "Error on pipe data during cap_pipe_read: %s.",
g_strerror(errno));
+#endif
+ }
return -1;
}
bytes_read += b;
}
}
pcap_src->cap_pipe_bytes_read += bytes_read;
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_read_data_bytes read %lu of %lu",
+ pcap_src->cap_pipe_bytes_read, pcap_src->cap_pipe_bytes_to_read);
+#endif
return 0;
}
#else /* _WIN32 */
char *pncopy, *pos;
wchar_t *err_str;
-#ifdef HAVE_EXTCAP
char* extcap_pipe_name;
#endif
-#endif
-#ifdef HAVE_EXTCAP
gboolean extcap_pipe = FALSE;
-#endif
ssize_t b;
int fd = -1, sel_ret;
size_t bytes_read;
}
} else {
#ifndef _WIN32
-#ifdef HAVE_EXTCAP
if ( g_strrstr(pipename, EXTCAP_PIPE_PREFIX) != NULL )
extcap_pipe = TRUE;
-#endif
if (ws_stat64(pipename, &pipe_stat) < 0) {
if (errno == ENOENT || errno == ENOTDIR)
pcap_src->cap_pipe_err = PIPNEXIST;
return;
}
-#ifdef HAVE_EXTCAP
extcap_pipe_name = g_strconcat("\\\\.\\pipe\\", EXTCAP_PIPE_PREFIX, NULL);
extcap_pipe = strstr(pipename, extcap_pipe_name) ? TRUE : FALSE;
g_free(extcap_pipe_name);
-#endif
/* Wait for the pipe to appear */
while (1) {
-
-#ifdef HAVE_EXTCAP
if(extcap_pipe)
pcap_src->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
else
-#endif
pcap_src->cap_pipe_h = CreateFile(utf_8to16(pipename), GENERIC_READ, 0, NULL,
OPEN_EXISTING, 0, NULL);
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" could not be started "
- "due to error on pipe open: %s (error %d).",
+ "due to error on pipe open: %s (error %lu).",
pipename, utf_16to8(err_str), GetLastError());
LocalFree(err_str);
pcap_src->cap_pipe_err = PIPERR;
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" timed out during "
- "pipe open: %s (error %d).",
+ "pipe open: %s (error %lu).",
pipename, utf_16to8(err_str), GetLastError());
LocalFree(err_str);
pcap_src->cap_pipe_err = PIPERR;
* large enough for most regular network packets. We increase it,
* up to the maximum size we allow, as necessary.
*/
- pcap_src->cap_pipe_databuf = (guchar*)g_malloc(2048);
+ pcap_src->cap_pipe_databuf = (char*)g_malloc(2048);
pcap_src->cap_pipe_databuf_size = 2048;
#ifdef _WIN32
/* read the pcap header */
bytes_read = 0;
while (bytes_read < sizeof magic) {
- if (fd == -1) {
- g_snprintf(errmsg, errmsgl, "Invalid file descriptor.");
- goto error;
- }
-
sel_ret = cap_pipe_select(fd);
if (sel_ret < 0) {
g_snprintf(errmsg, errmsgl,
b = cap_pipe_read(fd, ((char *)&magic)+bytes_read,
sizeof magic-bytes_read,
pcap_src->from_cap_socket);
-#ifdef HAVE_EXTCAP
/* jump messaging, if extcap had an error, stderr will provide the correct message */
if (extcap_pipe && b <= 0)
goto error;
-#endif
+
if (b <= 0) {
if (b == 0)
g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open.");
g_strerror(errno));
return -1;
}
+ /* Continuing with STATE_EXPECT_DATA requires reading into cap_pipe_databuf at offset cap_pipe_bytes_read */
pcap_src->cap_pipe_bytes_read = sizeof(struct pcapng_block_header_s) + sizeof(struct pcapng_section_header_block_s);
}
#endif
switch (shb->magic)
{
case PCAPNG_MAGIC:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng SHB MAGIC");
pcap_src->cap_pipe_byte_swapped = FALSE;
break;
case PCAPNG_SWAPPED_MAGIC:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng SHB SWAPPED MAGIC");
pcap_src->cap_pipe_byte_swapped = TRUE;
break;
default:
pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_STANDARD;
- /* Setup state to capture the rest of the section header block */
+ /* Setup state to capture any options following the section header block */
pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
return 0;
guint32 type = BLOCK_TYPE_SHB;
struct pcapng_block_header_s *bh = &pcap_src->cap_pipe_info.pcapng.bh;
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_open_live: fd %d", fd);
#ifdef _WIN32
if (pcap_src->from_cap_socket)
#endif
}
#ifdef _WIN32
else {
-#if GLIB_CHECK_VERSION(2,31,0)
g_thread_new("cap_pipe_open_live", &cap_thread_read, pcap_src);
-#else
- g_thread_create(&cap_thread_read, pcap_src, FALSE, NULL);
-#endif
bh->block_type = type;
pcap_src->cap_pipe_buf = (char *) &bh->block_total_length;
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
PD_ERR } result;
#ifdef _WIN32
-#if !GLIB_CHECK_VERSION(2,31,18)
- GTimeVal wait_time;
-#endif
gpointer q_status;
wchar_t *err_str;
#endif
}
#ifdef _WIN32
else {
-#if GLIB_CHECK_VERSION(2,31,18)
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
#ifdef _WIN32
else {
-#if GLIB_CHECK_VERSION(2,31,18)
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif /* GLIB_CHECK_VERSION(2,31,18) */
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
new_bufsize |= new_bufsize >> 8;
new_bufsize |= new_bufsize >> 16;
new_bufsize++;
- pcap_src->cap_pipe_databuf = (guchar*)g_realloc(pcap_src->cap_pipe_databuf, new_bufsize);
+ pcap_src->cap_pipe_databuf = (char*)g_realloc(pcap_src->cap_pipe_databuf, new_bufsize);
pcap_src->cap_pipe_databuf_size = new_bufsize;
}
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
- "Error reading from pipe: %s (error %d)",
+ "Error reading from pipe: %s (error %lu)",
utf_16to8(err_str), GetLastError());
LocalFree(err_str);
#else
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
PD_ERR } result;
#ifdef _WIN32
-#if !GLIB_CHECK_VERSION(2,31,18)
- GTimeVal wait_time;
-#endif
gpointer q_status;
wchar_t *err_str;
#endif
switch (pcap_src->cap_pipe_state) {
case STATE_EXPECT_REC_HDR:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_EXPECT_REC_HDR");
+#endif
#ifdef _WIN32
if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
#endif
pcap_src->cap_pipe_bytes_read = 0;
#ifdef _WIN32
- pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf;
- g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ if (!pcap_src->from_cap_socket) {
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ }
g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
#endif
/* Fall through */
case STATE_READ_REC_HDR:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_READ_REC_HDR");
+#endif
#ifdef _WIN32
- if (pcap_src->from_cap_socket)
+ if (pcap_src->from_cap_socket) {
#endif
- {
if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
return -1;
}
- }
#ifdef _WIN32
- else {
-#if GLIB_CHECK_VERSION(2,31,18)
+ } else {
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
break;
case STATE_EXPECT_DATA:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_EXPECT_DATA");
+#endif
#ifdef _WIN32
if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
#endif
pcap_src->cap_pipe_state = STATE_READ_DATA;
pcap_src->cap_pipe_bytes_to_read = bh->block_total_length;
-
#ifdef _WIN32
- pcap_src->cap_pipe_bytes_to_read -= pcap_src->cap_pipe_bytes_read;
- pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf + pcap_src->cap_pipe_bytes_read;
- g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ if (!pcap_src->from_cap_socket) {
+ pcap_src->cap_pipe_bytes_to_read -= pcap_src->cap_pipe_bytes_read;
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf + pcap_src->cap_pipe_bytes_read;
+ pcap_src->cap_pipe_bytes_read = 0;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ }
g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
#endif
/* Fall through */
case STATE_READ_DATA:
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "pcapng_pipe_dispatch STATE_READ_DATA");
+#endif
#ifdef _WIN32
- if (pcap_src->from_cap_socket)
+ if (pcap_src->from_cap_socket) {
#endif
- {
if (cap_pipe_read_data_bytes(pcap_src, errmsg, errmsgl)) {
return -1;
}
- if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
- return 0;
- }
#ifdef _WIN32
- else {
+ } else {
-#if GLIB_CHECK_VERSION(2,31,18)
q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
-#else
- g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
-#endif /* GLIB_CHECK_VERSION(2,31,18) */
if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
if (!q_status) {
return 0;
}
- if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read) {
- return 0;
- }
- pcap_src->cap_pipe_bytes_read = bh->block_total_length;
}
#endif /* _WIN32 */
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read) {
+ return 0;
+ }
result = PD_DATA_READ;
break;
case PD_DATA_READ:
if (!pcapng_block_save(pcap_src)) {
+ g_snprintf(errmsg, errmsgl, "pcapng_pipe_dispatch block save failed");
return -1;
}
if (use_threads) {
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
- "Error reading from pipe: %s (error %d)",
+ "Error reading from pipe: %s (error %lu)",
utf_16to8(err_str), GetLastError());
LocalFree(err_str);
#else
char *errmsg, size_t errmsg_len,
char *secondary_errmsg, size_t secondary_errmsg_len)
{
- gchar open_err_str[PCAP_ERRBUF_SIZE];
- gchar *sync_msg_str;
- interface_options *interface_opts;
- capture_src *pcap_src;
- guint i;
+ cap_device_open_err open_err;
+ gchar open_err_str[PCAP_ERRBUF_SIZE];
+ gchar *sync_msg_str;
+ interface_options *interface_opts;
+ capture_src *pcap_src;
+ guint i;
#ifdef _WIN32
- int err;
- WORD wVersionRequested;
- WSADATA wsaData;
+ int err;
+ WORD wVersionRequested;
+ WSADATA wsaData;
#endif
/* XXX - opening Winsock on tshark? */
pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
pcap_src->cap_pipe_err = PIPOK;
#ifdef _WIN32
-#if GLIB_CHECK_VERSION(2,31,0)
pcap_src->cap_pipe_read_mtx = g_malloc(sizeof(GMutex));
g_mutex_init(pcap_src->cap_pipe_read_mtx);
-#else
- pcap_src->cap_pipe_read_mtx = g_mutex_new();
-#endif
pcap_src->cap_pipe_pending_q = g_async_queue_new();
pcap_src->cap_pipe_done_q = g_async_queue_new();
#endif
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts->name);
pcap_src->pcap_h = open_capture_device(capture_opts, interface_opts,
- CAP_READ_TIMEOUT, &open_err_str);
+ CAP_READ_TIMEOUT, &open_err, &open_err_str);
if (pcap_src->pcap_h != NULL) {
/* we've opened "iface" as a network device */
} else {
/* We couldn't open "iface" as a network device. */
/* Try to open it as a pipe */
+ gboolean pipe_err = FALSE;
cap_pipe_open_live(interface_opts->name, pcap_src, &pcap_src->cap_pipe_info.pcap.hdr, errmsg, (int) errmsg_len);
-#ifndef _WIN32
- if (pcap_src->cap_pipe_fd == -1) {
-#else
- if (pcap_src->cap_pipe_h == INVALID_HANDLE_VALUE) {
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket) {
+#endif
+ if (pcap_src->cap_pipe_fd == -1) {
+ pipe_err = TRUE;
+ }
+#ifdef _WIN32
+ } else {
+ if (pcap_src->cap_pipe_h == INVALID_HANDLE_VALUE) {
+ pipe_err = TRUE;
+ }
+ }
#endif
+
+ if (pipe_err) {
if (pcap_src->cap_pipe_err == PIPNEXIST) {
/*
* We tried opening as an interface, and that failed,
* doesn't exist. Report the error message for
* the interface.
*/
- get_capture_device_open_failure_messages(open_err_str,
+ get_capture_device_open_failure_messages(open_err,
+ open_err_str,
interface_opts->name,
errmsg,
errmsg_len,
g_list_free_full(pcap_src->cap_pipe_info.pcapng.saved_blocks, g_free);
pcap_src->cap_pipe_info.pcapng.saved_blocks = NULL;
}
- } else {
- /* Capture device. If open, close the pcap_t. */
+ } else {
+ /* Capture device. If open, close the pcap_t. */
if (pcap_src->pcap_h != NULL) {
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input: closing %p", (void *)pcap_src->pcap_h);
pcap_close(pcap_src->pcap_h);
capture_loop_dispatch(loop_data *ld,
char *errmsg, int errmsg_len, capture_src *pcap_src)
{
- int inpkts;
+ int inpkts = 0;
gint packet_count_before;
-#ifndef _WIN32
int sel_ret;
-#endif
packet_count_before = ld->packet_count;
if (pcap_src->from_cap_pipe) {
#ifdef LOG_CAPTURE_VERBOSE
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from capture pipe");
#endif
-#ifndef _WIN32
- sel_ret = cap_pipe_select(pcap_src->cap_pipe_fd);
- if (sel_ret <= 0) {
- if (sel_ret < 0 && errno != EINTR) {
- g_snprintf(errmsg, errmsg_len,
- "Unexpected error from select: %s", g_strerror(errno));
- report_capture_error(errmsg, please_report);
- ld->go = FALSE;
+#ifdef _WIN32
+ if (pcap_src->from_cap_socket) {
+#endif
+ sel_ret = cap_pipe_select(pcap_src->cap_pipe_fd);
+ if (sel_ret <= 0) {
+ if (sel_ret < 0 && errno != EINTR) {
+ g_snprintf(errmsg, errmsg_len,
+ "Unexpected error from select: %s", g_strerror(errno));
+ report_capture_error(errmsg, please_report);
+ ld->go = FALSE;
+ }
}
+#ifdef _WIN32
} else {
+ /* Windows does not have select() for pipes. */
+ /* Proceed with _dispatch() which waits for cap_pipe_done_q
+ * notification from cap_thread_read() when ReadFile() on
+ * the pipe has read enough bytes. */
+ sel_ret = 1;
+ }
+#endif
+ if (sel_ret > 0) {
/*
* "select()" says we can read from the pipe without blocking
*/
-#endif
inpkts = pcap_src->cap_pipe_dispatch(ld, pcap_src, errmsg, errmsg_len);
if (inpkts < 0) {
ld->go = FALSE;
}
-#ifndef _WIN32
}
-#endif
}
else
{
} else {
/* Choose a random name for the temporary capture buffer */
if (global_capture_opts.ifaces->len > 1) {
+ /*
+ * More than one interface; just use the number of interfaces
+ * to generate the temporary file name prefix.
+ */
prefix = g_strdup_printf("wireshark_%d_interfaces", global_capture_opts.ifaces->len);
- if (capture_opts->use_pcapng) {
- suffix = ".pcapng";
- }else{
- suffix = ".pcap";
- }
} else {
+ /*
+ * One interface; use its description, if it has one, to generate
+ * the temporary file name, otherwise use its name.
+ */
gchar *basename;
- basename = g_path_get_basename((&g_array_index(global_capture_opts.ifaces, interface_options, 0))->console_display_name);
+ const interface_options *interface_opts;
+
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, 0);
+
+ /*
+ * Do we have a description?
+ */
+ if (interface_opts->descr) {
+ /*
+ * Yes - use it.
+ *
+ * Strip off any stuff we shouldn't use in the file name,
+ * by getting the last component of what would be a file
+ * name.
+ */
+ basename = g_path_get_basename(interface_opts->descr);
+ } else {
+ /*
+ * No - use the name.
+ *
+ * Strip off any stuff we shouldn't use in the file name,
+ * by getting the last component of what would be a file
+ * name.
+ */
+ basename = g_path_get_basename(interface_opts->name);
#ifdef _WIN32
- /* use the generic portion of the interface guid to form the basis of the filename */
- if (strncmp("NPF_{", basename, 5)==0)
- {
- /* we have a windows guid style device name, extract the guid digits as the basis of the filename */
- GString *iface;
- iface = isolate_uuid(basename);
- g_free(basename);
- basename = g_strdup(iface->str);
- g_string_free(iface, TRUE);
- }
+ /*
+ * This is Windows, where we might have an ugly GUID-based
+ * interface name.
+ *
+ * If it's an ugly GUID-based name, use the generic portion
+ * of the interface GUID to form the basis of the filename.
+ */
+ if (strncmp("NPF_{", basename, 5) == 0) {
+ /*
+ * We have a GUID-based name; extract the GUID digits
+ * as the basis of the filename.
+ */
+ GString *iface;
+ iface = isolate_uuid(basename);
+ g_free(basename);
+ basename = g_strdup(iface->str);
+ g_string_free(iface, TRUE);
+ }
#endif
- /* generate the temp file name prefix and suffix */
- if (capture_opts->use_pcapng) {
- prefix = g_strconcat("wireshark_", basename, NULL);
- suffix = ".pcapng";
- }else{
- prefix = g_strconcat("wireshark_", basename, NULL);
- suffix = ".pcap";
}
+ /* generate the temp file name prefix */
+ prefix = g_strconcat("wireshark_", basename, NULL);
g_free(basename);
}
+
+ /* Generate the appropriate suffix. */
+ if (capture_opts->use_pcapng) {
+ suffix = ".pcapng";
+ } else {
+ suffix = ".pcap";
+ }
*save_file_fd = create_tempfile(&tmpname, prefix, suffix);
g_free(prefix);
capfile_name = g_strdup(tmpname);
/* dispatch incoming packets */
if (use_threads) {
pcap_queue_element *queue_element;
-#if GLIB_CHECK_VERSION(2,31,18)
g_async_queue_lock(pcap_queue);
queue_element = (pcap_queue_element *)g_async_queue_timeout_pop_unlocked(pcap_queue, WRITER_THREAD_TIMEOUT);
-#else
- GTimeVal write_thread_time;
-
- g_get_current_time(&write_thread_time);
- g_time_val_add(&write_thread_time, WRITER_THREAD_TIMEOUT);
- g_async_queue_lock(pcap_queue);
- queue_element = (pcap_queue_element *)g_async_queue_timed_pop_unlocked(pcap_queue, &write_thread_time);
-#endif
if (queue_element) {
if (queue_element->pcap_src->from_pcapng) {
pcap_queue_bytes -= queue_element->u.bh.block_total_length;
#ifdef _WIN32
cur_time = GetTickCount(); /* Note: wraps to 0 if sys runs for 49.7 days */
- if ((cur_time - upd_time) > DUMPCAP_UPD_TIME) { /* wrap just causes an extra update */
+ if ((cur_time - upd_time) > DUMPCAP_UPD_TIME) /* wrap just causes an extra update */
#else
gettimeofday(&cur_time, NULL);
if (((guint64)cur_time.tv_sec * 1000000 + cur_time.tv_usec) >
- ((guint64)upd_time.tv_sec * 1000000 + upd_time.tv_usec + DUMPCAP_UPD_TIME*1000)) {
+ ((guint64)upd_time.tv_sec * 1000000 + upd_time.tv_usec + DUMPCAP_UPD_TIME*1000))
#endif
+ {
upd_time = cur_time;
if (global_ld.err == 0) {
write_ok = TRUE;
} else {
- capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file,
- global_ld.err, FALSE);
- report_capture_error(errmsg, please_report);
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), secondary_errmsg,
+ sizeof(secondary_errmsg),
+ capture_opts->save_file, global_ld.err, FALSE);
+ report_capture_error(errmsg, secondary_errmsg);
write_ok = FALSE;
}
/* If we've displayed a message about a write error, there's no point
in displaying another message about an error on close. */
if (!close_ok && write_ok) {
- capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file, err_close,
- TRUE);
- report_capture_error(errmsg, "");
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), secondary_errmsg,
+ sizeof(secondary_errmsg),
+ capture_opts->save_file, err_close, TRUE);
+ report_capture_error(errmsg, secondary_errmsg);
}
/*
report_capture_error(errmsg, please_report);
}
}
- report_packet_drops(received, pcap_dropped, pcap_src->dropped, pcap_src->flushed, stats->ps_ifdrop, interface_opts->console_display_name);
+ report_packet_drops(received, pcap_dropped, pcap_src->dropped, pcap_src->flushed, stats->ps_ifdrop, interface_opts->display_name);
}
/* close the input file (pcap or capture pipe) */
static void
-capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
+capture_loop_get_errmsg(char *errmsg, size_t errmsglen, char *secondary_errmsg,
+ size_t secondary_errmsglen, const char *fname,
int err, gboolean is_close)
{
+ static const char find_space[] =
+ "You will need to free up space on that file system"
+ " or put the capture file on a different file system.";
+
switch (err) {
case ENOSPC:
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"Not all the packets could be written to the file"
" to which the capture was being saved\n"
"(\"%s\") because there is no space left on the file system\n"
"on which that file resides.",
fname);
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen, "%s",
+ find_space);
break;
#ifdef EDQUOT
case EDQUOT:
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"Not all the packets could be written to the file"
" to which the capture was being saved\n"
"(\"%s\") because you are too close to, or over,"
" your disk quota\n"
"on the file system on which that file resides.",
fname);
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen, "%s",
+ find_space);
break;
#endif
default:
if (is_close) {
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"The file to which the capture was being saved\n"
"(\"%s\") could not be closed: %s.",
fname, g_strerror(err));
} else {
- g_snprintf(errmsg, errmsglen,
+ g_snprintf(errmsg, (gulong)errmsglen,
"An error occurred while writing to the file"
" to which the capture was being saved\n"
"(\"%s\"): %s.",
fname, g_strerror(err));
}
+ g_snprintf(secondary_errmsg, (gulong)secondary_errmsglen,
+ "%s", please_report);
break;
}
}
global_ld.go = FALSE;
global_ld.err = err;
pcap_src->dropped++;
- } else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB) {
+ } else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB || bh->block_type == BLOCK_TYPE_SYSTEMD_JOURNAL) {
/* count packet only if we actually have an EPB or SPB */
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Wrote a packet of length %d captured on interface %u.",
- phdr->caplen, pcap_src->interface_id);
+ bh->block_total_length, pcap_src->interface_id);
#endif
global_ld.packet_count++;
pcap_src->received++;
int err;
guint ts_mul = pcap_src->ts_nsec ? 1000000000 : 1000000;
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_write_packet_cb");
+
/* We may be called multiple times from pcap_dispatch(); if we've set
the "stop capturing" flag, ignore this packet, as we're not
supposed to be saving any more packets. */
}
/* And now our feature presentation... [ fade to music ] */
-int
-main(int argc, char *argv[])
+static int
+real_main(int argc, char *argv[])
{
GString *comp_info_str;
GString *runtime_info_str;
g_string_free(runtime_info_str, TRUE);
#ifdef _WIN32
- arg_list_utf_16to8(argc, argv);
create_app_running_mutex();
/*
/* Initialize the pcaps list */
global_ld.pcaps = g_array_new(FALSE, FALSE, sizeof(capture_src *));
-#if !GLIB_CHECK_VERSION(2,31,0)
- /* Initialize the thread system */
- g_thread_init(NULL);
-#endif
-
#ifdef _WIN32
/* Load wpcap if possible. Do this before collecting the run-time version information */
load_wpcap();
#endif /* SIGINFO */
#endif /* _WIN32 */
-#ifdef __linux__
- enable_kernel_bpf_jit_compiler();
-#endif
-
/* ----------------------------------------------------------------- */
/* Privilege and capability handling */
/* Cases: */
if (caps_queries) {
/* Get the list of link-layer and/or timestamp types for the capture device. */
if_capabilities_t *caps;
+ cap_device_open_err err;
gchar *err_str;
guint ii;
interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, ii);
- caps = get_if_capabilities(interface_opts, &err_str);
+ caps = get_if_capabilities(interface_opts, &err, &err_str);
if (caps == NULL) {
cmdarg_err("The capabilities of the capture device \"%s\" could not be obtained (%s).\n"
- "Please check to make sure you have sufficient permissions, and that\n"
- "you have the proper interface or pipe specified.", interface_opts->name, err_str);
+ "%s", interface_opts->name, err_str,
+ get_pcap_failure_secondary_error_message(err, err_str));
g_free(err_str);
exit_main(2);
}
g_string_append_printf(str, "and ");
}
}
- g_string_append_printf(str, "'%s'", interface_opts->console_display_name);
+ g_string_append_printf(str, "'%s'", interface_opts->display_name);
}
} else {
g_string_append_printf(str, "%u interfaces", global_capture_opts.ifaces->len);
return 0; /* never here, make compiler happy */
}
+#ifdef _WIN32
+int
+wmain(int argc, wchar_t *wc_argv[])
+{
+ char **argv;
+
+ argv = arg_list_utf_16to8(argc, wc_argv);
+ return real_main(argc, argv);
+}
+#else
+int
+main(int argc, char *argv[])
+{
+ return real_main(argc, argv);
+}
+#endif
static void
console_log_handler(const char *log_domain, GLogLevelFlags log_level,
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Signal pipe: Stop capture: %s", sig_pipe_name);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Signal pipe: %s (%p) result: %u avail: %u", sig_pipe_name,
+ "Signal pipe: %s (%p) result: %u avail: %lu", sig_pipe_name,
sig_pipe_handle, result, avail);
return FALSE;
} else {