#include <netinet/in.h>
#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#include <signal.h>
#include <errno.h>
-#ifdef HAVE_LIBZ
-#include <zlib.h> /* to get the libz version number */
-#endif
-
#include <wsutil/cmdarg_err.h>
#include <wsutil/crash_info.h>
-#include <wsutil/copyright_info.h>
-#include <wsutil/ws_version_info.h>
+#include <wsutil/strtoi.h>
+#include <ws_version_info.h>
-#ifndef HAVE_GETOPT
+#ifndef HAVE_GETOPT_LONG
#include "wsutil/wsgetopt.h"
#endif
#endif
#include "ringbuffer.h"
-#include "version_info.h"
#include "caputils/capture_ifinfo.h"
#include "caputils/capture-pcap-util.h"
#include "caputils/capture-wpcap.h"
#endif /* _WIN32 */
-#include "pcapio.h"
+#include "writecap/pcapio.h"
#ifdef _WIN32
-#include "caputils/capture-wpcap.h"
#include <wsutil/unicode-utils.h>
#endif
#include <sys/un.h>
#endif
-#ifdef NEED_INET_V6DEFS_H
-# include "wsutil/inet_v6defs.h"
-#endif
-
#include <wsutil/clopts_common.h>
#include <wsutil/privileges.h>
#include "wsutil/tempfile.h"
#include "log.h"
#include "wsutil/file_util.h"
+#include "wsutil/cpu_info.h"
#include "wsutil/os_version_info.h"
+#include "wsutil/str_util.h"
+#include "wsutil/inet_addr.h"
#include "caputils/ws80211_utils.h"
+#ifdef HAVE_EXTCAP
+#include "extcap.h"
+#endif
+
/*
* Get information about libpcap format from "wiretap/libpcap.h".
+ * Get information about pcapng format from "wiretap/pcapng_module.h".
* XXX - can we just use pcap_open_offline() to read the pipe?
*/
#include "wiretap/libpcap.h"
+#include "wiretap/pcapng_module.h"
/**#define DEBUG_DUMPCAP**/
/**#define DEBUG_CHILD_DUMPCAP**/
if (fd < 0)
return;
- written = write(fd, "1", strlen("1"));
+ written = ws_write(fd, "1", strlen("1"));
- close(fd);
+ ws_close(fd);
}
#endif
PIPNEXIST
} cap_pipe_err_t;
-typedef struct _pcap_options {
+/*
+ * A source of packets from which we're capturing.
+ */
+typedef struct _capture_src {
guint32 received;
guint32 dropped;
guint32 flushed;
int cap_pipe_fd; /**< the file descriptor of the capture pipe */
gboolean cap_pipe_modified; /**< TRUE if data in the pipe uses modified pcap headers */
gboolean cap_pipe_byte_swapped; /**< TRUE if data in the pipe is byte swapped */
+ char * cap_pipe_databuf; /**< Pointer to the data buffer we've allocated */
+ size_t cap_pipe_databuf_size; /**< Current size of the data buffer */
+ guint cap_pipe_max_pkt_size; /**< Maximum packet size allowed */
#if defined(_WIN32)
- char * cap_pipe_buf; /**< Pointer to the data buffer we read into */
+ char * cap_pipe_buf; /**< Pointer to the buffer we read into */
DWORD cap_pipe_bytes_to_read; /**< Used by cap_pipe_dispatch */
DWORD cap_pipe_bytes_read; /**< Used by cap_pipe_dispatch */
#else
GMutex *cap_pipe_read_mtx;
GAsyncQueue *cap_pipe_pending_q, *cap_pipe_done_q;
#endif
-} pcap_options;
+} capture_src;
+/*
+ * Global capture loop state.
+ */
typedef struct _loop_data {
/* common */
- gboolean go; /**< TRUE as long as we're supposed to keep capturing */
- int err; /**< if non-zero, error seen while capturing */
- gint packet_count; /**< Number of packets we have already captured */
- gint packet_max; /**< Number of packets we're supposed to capture - 0 means infinite */
+ gboolean go; /**< TRUE as long as we're supposed to keep capturing */
+ int err; /**< if non-zero, error seen while capturing */
+ gint packet_count; /**< Number of packets we have already captured */
+ gint packet_max; /**< Number of packets we're supposed to capture - 0 means infinite */
guint inpkts_to_sync_pipe; /**< Packets not already send out to the sync_pipe */
#ifdef SIGINFO
gboolean report_packet_count; /**< Set by SIGINFO handler; print packet count */
#endif
- GArray *pcaps;
+ GArray *pcaps; /**< Array of capture_src's on which we're capturing */
/* output file(s) */
FILE *pdh;
int save_file_fd;
} loop_data;
typedef struct _pcap_queue_element {
- pcap_options *pcap_opts;
+ capture_src *pcap_src;
struct pcap_pkthdr phdr;
u_char *pd;
} pcap_queue_element;
*/
static const char please_report[] =
"Please report this to the Wireshark developers.\n"
- "http://bugs.wireshark.org/\n"
+ "https://bugs.wireshark.org/\n"
"(This is not a crash; please do not report it as such.)";
/*
*/
static loop_data global_ld;
-
/*
* Timeout, in milliseconds, for reads from the stream of captured packets
* from a capture device.
/*
* Timeout, in microseconds, for reads from the stream of captured packets
* from a pipe. Pipes don't have the same problem that BPF devices do
- * in OS X 10.6, 10.6.1, 10.6.3, and 10.6.4, so we always use a timeout
+ * in Mac OS X 10.6, 10.6.1, 10.6.3, and 10.6.4, so we always use a timeout
* of 250ms, i.e. the same value as CAP_READ_TIMEOUT when not on one
* of the offending versions of Snow Leopard.
*
static gboolean use_threads = FALSE;
static guint64 start_time;
-static void capture_loop_write_packet_cb(u_char *pcap_opts_p, const struct pcap_pkthdr *phdr,
+static void capture_loop_write_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr,
const u_char *pd);
-static void capture_loop_queue_packet_cb(u_char *pcap_opts_p, const struct pcap_pkthdr *phdr,
+static void capture_loop_queue_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr,
const u_char *pd);
static void capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
int err, gboolean is_close);
-static void WS_MSVC_NORETURN exit_main(int err) G_GNUC_NORETURN;
+static void WS_NORETURN exit_main(int err);
static void report_new_capture_file(const char *filename);
static void report_packet_count(unsigned int packet_count);
" rpcap://<host>/<interface>\n"
" TCP@<host>:<port>\n");
fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n");
- fprintf(output, " -s <snaplen> packet snapshot length (def: 65535)\n");
+#ifdef HAVE_PCAP_CREATE
+ fprintf(output, " -s <snaplen> packet snapshot length (def: appropriate maximum)\n");
+#else
+ fprintf(output, " -s <snaplen> packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE_STANDARD);
+#endif
fprintf(output, " -p don't capture in promiscuous mode\n");
#ifdef HAVE_PCAP_CREATE
fprintf(output, " -I capture in monitor mode, if available\n");
#endif
-#if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
+#ifdef CAN_SET_CAPTURE_BUFFER_SIZE
fprintf(output, " -B <buffer size> size of kernel buffer in MiB (def: %dMiB)\n", DEFAULT_CAPTURE_BUFFER_SIZE);
#endif
fprintf(output, " -y <link type> link layer type (def: first appropriate)\n");
+ fprintf(output, " --time-stamp-type <type> timestamp method for interface\n");
fprintf(output, " -D print list of interfaces and exit\n");
fprintf(output, " -L print list of link-layer types of iface and exit\n");
+ fprintf(output, " --list-time-stamp-types print list of timestamp types for iface and exit\n");
#ifdef HAVE_BPF_IMAGE
fprintf(output, " -d print generated BPF code for capture filter\n");
#endif
- fprintf(output, " -k set channel on wifi interface <freq>,[<type>]\n");
+ fprintf(output, " -k set channel on wifi interface:\n"
+ " <freq>,[<type>],[<center_freq1>],[<center_freq2>]\n");
fprintf(output, " -S print statistics for each interface once per second\n");
fprintf(output, " -M for -D, -L, and -S, produce machine-readable output\n");
fprintf(output, "\n");
fprintf(output, " -w <filename> name of file to save (def: tempfile)\n");
fprintf(output, " -g enable group read access on the output file(s)\n");
fprintf(output, " -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs\n");
+ fprintf(output, " interval:NUM - create time intervals of NUM secs\n");
fprintf(output, " filesize:NUM - switch to next file after NUM KB\n");
fprintf(output, " files:NUM - ringbuffer: replace after NUM files\n");
fprintf(output, " -n use pcapng format instead of pcap (default)\n");
fprintf(output, "Use Ctrl-C to stop capturing at any time.\n");
}
-static void
-show_version(GString *comp_info_str, GString *runtime_info_str)
-{
- printf("Dumpcap (Wireshark) %s\n"
- "\n"
- "%s"
- "\n"
- "%s"
- "\n"
- "%s",
- get_ws_vcs_version_info(), get_copyright_info(), comp_info_str->str, runtime_info_str->str);
-}
-
/*
* Report an error in command-line arguments.
* If we're a capture child, send a message back to the parent, otherwise
}
#endif
-static pcap_t *
-open_capture_device(capture_options *capture_opts
-#ifndef HAVE_PCAP_SET_TSTAMP_PRECISION
- _U_
-#endif
- ,
- interface_options *interface_opts,
- char (*open_err_str)[PCAP_ERRBUF_SIZE])
-{
- pcap_t *pcap_h;
-#ifdef HAVE_PCAP_CREATE
- int err;
-#endif
-#if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
- struct pcap_rmtauth auth;
-#endif
-
- /* Open the network interface to capture from it.
- Some versions of libpcap may put warnings into the error buffer
- if they succeed; to tell if that's happened, we have to clear
- the error buffer, and check if it's still a null string. */
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Entering open_capture_device().");
- (*open_err_str)[0] = '\0';
-#if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
- /*
- * If we're opening a remote device, use pcap_open(); that's currently
- * the only open routine that supports remote devices.
- */
- if (strncmp (interface_opts->name, "rpcap://", 8) == 0) {
- auth.type = interface_opts->auth_type == CAPTURE_AUTH_PWD ?
- RPCAP_RMTAUTH_PWD : RPCAP_RMTAUTH_NULL;
- auth.username = interface_opts->auth_username;
- auth.password = interface_opts->auth_password;
-
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Calling pcap_open() using name %s, snaplen %d, promisc_mode %d, datatx_udp %d, nocap_rpcap %d.",
- interface_opts->name, interface_opts->snaplen, interface_opts->promisc_mode,
- interface_opts->datatx_udp, interface_opts->nocap_rpcap);
- pcap_h = pcap_open(interface_opts->name, interface_opts->snaplen,
- /* flags */
- (interface_opts->promisc_mode ? PCAP_OPENFLAG_PROMISCUOUS : 0) |
- (interface_opts->datatx_udp ? PCAP_OPENFLAG_DATATX_UDP : 0) |
- (interface_opts->nocap_rpcap ? PCAP_OPENFLAG_NOCAPTURE_RPCAP : 0),
- CAP_READ_TIMEOUT, &auth, *open_err_str);
- if (pcap_h == NULL) {
- /* Error - did pcap actually supply an error message? */
- if ((*open_err_str)[0] == '\0') {
- /* Work around known WinPcap bug wherein no error message is
- filled in on a failure to open an rpcap: URL. */
- g_strlcpy(*open_err_str,
- "Unknown error (pcap bug; actual error cause not reported)",
- sizeof *open_err_str);
- }
- }
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "pcap_open() returned %p.", (void *)pcap_h);
- } else
-#endif
- {
- /*
- * If we're not opening a remote device, use pcap_create() and
- * pcap_activate() if we have them, so that we can set the buffer
- * size, otherwise use pcap_open_live().
- */
-#ifdef HAVE_PCAP_CREATE
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Calling pcap_create() using %s.", interface_opts->name);
- pcap_h = pcap_create(interface_opts->name, *open_err_str);
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "pcap_create() returned %p.", (void *)pcap_h);
- if (pcap_h != NULL) {
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Calling pcap_set_snaplen() with snaplen %d.", interface_opts->snaplen);
- pcap_set_snaplen(pcap_h, interface_opts->snaplen);
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "Calling pcap_set_promisc() with promisc_mode %d.", interface_opts->promisc_mode);
- pcap_set_promisc(pcap_h, interface_opts->promisc_mode);
- pcap_set_timeout(pcap_h, CAP_READ_TIMEOUT);
-
-#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
- /*
- * If we're writing pcap-ng files, try to enable
- * nanosecond-resolution capture; any code that
- * can read pcap-ng files must be able to handle
- * nanosecond-resolution time stamps.
- *
- * If we're writing pcap files, don't try to enable
- * nanosecond-resolution capture, as not all code
- * that reads pcap files recognizes the nanosecond-
- * resolution pcap file magic number.
- */
- if (capture_opts->use_pcapng)
- request_high_resolution_timestamp(pcap_h);
-#endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
-
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "buffersize %d.", interface_opts->buffer_size);
- if (interface_opts->buffer_size != 0) {
- pcap_set_buffer_size(pcap_h, interface_opts->buffer_size * 1024 * 1024);
- }
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "monitor_mode %d.", interface_opts->monitor_mode);
- if (interface_opts->monitor_mode)
- pcap_set_rfmon(pcap_h, 1);
- err = pcap_activate(pcap_h);
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "pcap_activate() returned %d.", err);
- if (err < 0) {
- /* Failed to activate, set to NULL */
- if (err == PCAP_ERROR)
- g_strlcpy(*open_err_str, pcap_geterr(pcap_h), sizeof *open_err_str);
- else
- g_strlcpy(*open_err_str, pcap_statustostr(err), sizeof *open_err_str);
- pcap_close(pcap_h);
- pcap_h = NULL;
- }
- }
-#else
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "pcap_open_live() calling using name %s, snaplen %d, promisc_mode %d.",
- interface_opts->name, interface_opts->snaplen, interface_opts->promisc_mode);
- pcap_h = pcap_open_live(interface_opts->name, interface_opts->snaplen,
- interface_opts->promisc_mode, CAP_READ_TIMEOUT,
- *open_err_str);
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
- "pcap_open_live() returned %p.", (void *)pcap_h);
-#endif
- }
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "open_capture_device %s : %s", pcap_h ? "SUCCESS" : "FAILURE", interface_opts->name);
- return pcap_h;
-}
-
static void
get_capture_device_open_failure_messages(const char *open_err_str,
const char *iface,
"\n"
"In order to capture packets, WinPcap must be installed; see\n"
"\n"
- " http://www.winpcap.org/\n"
- "\n"
- "or the mirror at\n"
- "\n"
- " http://www.mirrors.wiretapped.net/security/packet-capture/winpcap/\n"
- "\n"
- "or the mirror at\n"
- "\n"
- " http://winpcap.cs.pu.edu.tw/\n"
+ " https://www.winpcap.org/\n"
"\n"
"for a downloadable version of WinPcap and for instructions on how to install\n"
"WinPcap.");
"Please check that \"%s\" is the proper interface.\n"
"\n"
"\n"
- "Help can be found at:\n"
+ "Help can be found on the following pages:\n"
"\n"
- " http://wiki.wireshark.org/WinPcap\n"
- " http://wiki.wireshark.org/CaptureSetup\n",
+ " https://wiki.wireshark.org/WinPcap\n"
+ " https://wiki.wireshark.org/CaptureSetup\n",
iface);
}
#else
#endif /* _WIN32 */
}
-/* Set the data link type on a pcap. */
-static gboolean
-set_pcap_linktype(pcap_t *pcap_h, int linktype, char *name,
- char *errmsg, size_t errmsg_len,
- char *secondary_errmsg, size_t secondary_errmsg_len)
-{
- char *set_linktype_err_str;
-
- if (linktype == -1)
- return TRUE; /* just use the default */
-#ifdef HAVE_PCAP_SET_DATALINK
- if (pcap_set_datalink(pcap_h, linktype) == 0)
- return TRUE; /* no error */
- set_linktype_err_str = pcap_geterr(pcap_h);
-#else
- /* Let them set it to the type it is; reject any other request. */
- if (get_pcap_linktype(pcap_h, name) == linktype)
- return TRUE; /* no error */
- set_linktype_err_str =
- "That DLT isn't one of the DLTs supported by this device";
-#endif
- g_snprintf(errmsg, (gulong) errmsg_len, "Unable to set data link type on interface '%s' (%s).",
- name, set_linktype_err_str);
- /*
- * If the error isn't "XXX is not one of the DLTs supported by this device",
- * tell the user to tell the Wireshark developers about it.
- */
- if (strstr(set_linktype_err_str, "is not one of the DLTs supported by this device") == NULL)
- g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len, please_report);
- else
- secondary_errmsg[0] = '\0';
- return FALSE;
-}
-
static gboolean
compile_capture_filter(const char *iface, pcap_t *pcap_h,
struct bpf_program *fcode, const char *cfilter)
* third argument to pcap_compile() as a const pointer. Cast
* away the warning.
*/
+DIAG_OFF(cast-qual)
if (pcap_compile(pcap_h, fcode, (char *)cfilter, 1, netmask) < 0)
return FALSE;
+DIAG_ON(cast-qual)
return TRUE;
}
static gboolean
show_filter_code(capture_options *capture_opts)
{
- interface_options interface_opts;
+ interface_options *interface_opts;
pcap_t *pcap_h;
gchar open_err_str[PCAP_ERRBUF_SIZE];
char errmsg[MSG_MAX_LENGTH+1];
guint j;
for (j = 0; j < capture_opts->ifaces->len; j++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, j);
- pcap_h = open_capture_device(capture_opts, &interface_opts, &open_err_str);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, j);
+ pcap_h = open_capture_device(capture_opts, interface_opts,
+ CAP_READ_TIMEOUT, &open_err_str);
if (pcap_h == NULL) {
/* Open failed; get messages */
get_capture_device_open_failure_messages(open_err_str,
- interface_opts.name,
+ interface_opts->name,
errmsg, sizeof errmsg,
secondary_errmsg,
sizeof secondary_errmsg);
}
/* Set the link-layer type. */
- if (!set_pcap_linktype(pcap_h, interface_opts.linktype, interface_opts.name,
+ if (!set_pcap_datalink(pcap_h, interface_opts->linktype, interface_opts->name,
errmsg, sizeof errmsg,
secondary_errmsg, sizeof secondary_errmsg)) {
pcap_close(pcap_h);
}
/* OK, try to compile the capture filter. */
- if (!compile_capture_filter(interface_opts.name, pcap_h, &fcode,
- interface_opts.cfilter)) {
+ if (!compile_capture_filter(interface_opts->name, pcap_h, &fcode,
+ interface_opts->cfilter)) {
pcap_close(pcap_h);
report_cfilter_error(capture_opts, j, errmsg);
return FALSE;
return get_interface_list(err, err_str);
}
-/*
- * Get the data-link type for a libpcap device.
- * This works around AIX 5.x's non-standard and incompatible-with-the-
- * rest-of-the-universe libpcap.
- */
-static int
-get_pcap_linktype(pcap_t *pch, const char *devicename
-#ifndef _AIX
- _U_
-#endif
-)
-{
- int linktype;
-#ifdef _AIX
- const char *ifacename;
-#endif
-
- linktype = pcap_datalink(pch);
-#ifdef _AIX
-
- /*
- * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
- * rather than DLT_ values for link-layer types; the ifType values
- * for LAN devices are:
- *
- * Ethernet 6
- * 802.3 7
- * Token Ring 9
- * FDDI 15
- *
- * and the ifType value for a loopback device is 24.
- *
- * The AIX names for LAN devices begin with:
- *
- * Ethernet en
- * 802.3 et
- * Token Ring tr
- * FDDI fi
- *
- * and the AIX names for loopback devices begin with "lo".
- *
- * (The difference between "Ethernet" and "802.3" is presumably
- * whether packets have an Ethernet header, with a packet type,
- * or an 802.3 header, with a packet length, followed by an 802.2
- * header and possibly a SNAP header.)
- *
- * If the device name matches "linktype" interpreted as an ifType
- * value, rather than as a DLT_ value, we will assume this is AIX's
- * non-standard, incompatible libpcap, rather than a standard libpcap,
- * and will map the link-layer type to the standard DLT_ value for
- * that link-layer type, as that's what the rest of Wireshark expects.
- *
- * (This means the capture files won't be readable by a tcpdump
- * linked with AIX's non-standard libpcap, but so it goes. They
- * *will* be readable by standard versions of tcpdump, Wireshark,
- * and so on.)
- *
- * XXX - if we conclude we're using AIX libpcap, should we also
- * set a flag to cause us to assume the time stamps are in
- * seconds-and-nanoseconds form, and to convert them to
- * seconds-and-microseconds form before processing them and
- * writing them out?
- */
-
- /*
- * Find the last component of the device name, which is the
- * interface name.
- */
- ifacename = strchr(devicename, '/');
- if (ifacename == NULL)
- ifacename = devicename;
-
- /* See if it matches any of the LAN device names. */
- if (strncmp(ifacename, "en", 2) == 0) {
- if (linktype == 6) {
- /*
- * That's the RFC 1573 value for Ethernet; map it to DLT_EN10MB.
- */
- linktype = 1;
- }
- } else if (strncmp(ifacename, "et", 2) == 0) {
- if (linktype == 7) {
- /*
- * That's the RFC 1573 value for 802.3; map it to DLT_EN10MB.
- * (libpcap, tcpdump, Wireshark, etc. don't care if it's Ethernet
- * or 802.3.)
- */
- linktype = 1;
- }
- } else if (strncmp(ifacename, "tr", 2) == 0) {
- if (linktype == 9) {
- /*
- * That's the RFC 1573 value for 802.5 (Token Ring); map it to
- * DLT_IEEE802, which is what's used for Token Ring.
- */
- linktype = 6;
- }
- } else if (strncmp(ifacename, "fi", 2) == 0) {
- if (linktype == 15) {
- /*
- * That's the RFC 1573 value for FDDI; map it to DLT_FDDI.
- */
- linktype = 10;
- }
- } else if (strncmp(ifacename, "lo", 2) == 0) {
- if (linktype == 24) {
- /*
- * That's the RFC 1573 value for "software loopback" devices; map it
- * to DLT_NULL, which is what's used for loopback devices on BSD.
- */
- linktype = 0;
- }
- }
-#endif
-
- return linktype;
-}
-
-static data_link_info_t *
-create_data_link_info(int dlt)
-{
- data_link_info_t *data_link_info;
- const char *text;
-
- data_link_info = (data_link_info_t *)g_malloc(sizeof (data_link_info_t));
- data_link_info->dlt = dlt;
- text = pcap_datalink_val_to_name(dlt);
- if (text != NULL)
- data_link_info->name = g_strdup(text);
- else
- data_link_info->name = g_strdup_printf("DLT %d", dlt);
- text = pcap_datalink_val_to_description(dlt);
- if (text != NULL)
- data_link_info->description = g_strdup(text);
- else
- data_link_info->description = NULL;
- return data_link_info;
-}
-
-/*
- * Get the capabilities of a network device.
- */
-static if_capabilities_t *
-get_if_capabilities(const char *devicename, gboolean monitor_mode
-#ifndef HAVE_PCAP_CREATE
- _U_
-#endif
-, char **err_str)
-{
- if_capabilities_t *caps;
- char errbuf[PCAP_ERRBUF_SIZE];
- pcap_t *pch;
-#ifdef HAVE_PCAP_CREATE
- int status;
-#endif
- int deflt;
-#ifdef HAVE_PCAP_LIST_DATALINKS
- int *linktypes;
- int i, nlt;
-#endif
- data_link_info_t *data_link_info;
-
- /*
- * Allocate the interface capabilities structure.
- */
- caps = (if_capabilities_t *)g_malloc(sizeof *caps);
-
- /*
- * WinPcap 4.1.2, and possibly earlier versions, have a bug
- * wherein, when an open with an rpcap: URL fails, the error
- * message for the error is not copied to errbuf and whatever
- * on-the-stack junk is in errbuf is treated as the error
- * message.
- *
- * To work around that (and any other bugs of that sort, we
- * initialize errbuf to an empty string. If we get an error
- * and the string is empty, we report it as an unknown error.
- * (If we *don't* get an error, and the string is *non*-empty,
- * that could be a warning returned, such as "can't turn
- * promiscuous mode on"; we currently don't do so.)
- */
- errbuf[0] = '\0';
-#ifdef HAVE_PCAP_OPEN
- pch = pcap_open(devicename, MIN_PACKET_SIZE, 0, 0, NULL, errbuf);
- caps->can_set_rfmon = FALSE;
- if (pch == NULL) {
- if (err_str != NULL)
- *err_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
- g_free(caps);
- return NULL;
- }
-#elif defined(HAVE_PCAP_CREATE)
- pch = pcap_create(devicename, errbuf);
- if (pch == NULL) {
- if (err_str != NULL)
- *err_str = g_strdup(errbuf);
- g_free(caps);
- return NULL;
- }
- status = pcap_can_set_rfmon(pch);
- if (status < 0) {
- /* Error. */
- if (status == PCAP_ERROR)
- *err_str = g_strdup_printf("pcap_can_set_rfmon() failed: %s",
- pcap_geterr(pch));
- else
- *err_str = g_strdup(pcap_statustostr(status));
- pcap_close(pch);
- g_free(caps);
- return NULL;
- }
- if (status == 0)
- caps->can_set_rfmon = FALSE;
- else if (status == 1) {
- caps->can_set_rfmon = TRUE;
- if (monitor_mode)
- pcap_set_rfmon(pch, 1);
- } else {
- if (err_str != NULL) {
- *err_str = g_strdup_printf("pcap_can_set_rfmon() returned %d",
- status);
- }
- pcap_close(pch);
- g_free(caps);
- return NULL;
- }
-
- status = pcap_activate(pch);
- if (status < 0) {
- /* Error. We ignore warnings (status > 0). */
- if (err_str != NULL) {
- if (status == PCAP_ERROR)
- *err_str = g_strdup_printf("pcap_activate() failed: %s",
- pcap_geterr(pch));
- else
- *err_str = g_strdup(pcap_statustostr(status));
- }
- pcap_close(pch);
- g_free(caps);
- return NULL;
- }
-#else
- pch = pcap_open_live(devicename, MIN_PACKET_SIZE, 0, 0, errbuf);
- caps->can_set_rfmon = FALSE;
- if (pch == NULL) {
- if (err_str != NULL)
- *err_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
- g_free(caps);
- return NULL;
- }
-#endif
- deflt = get_pcap_linktype(pch, devicename);
-#ifdef HAVE_PCAP_LIST_DATALINKS
- nlt = pcap_list_datalinks(pch, &linktypes);
- if (nlt == 0 || linktypes == NULL) {
- pcap_close(pch);
- if (err_str != NULL)
- *err_str = NULL; /* an empty list doesn't mean an error */
- g_free(caps);
- return NULL;
- }
- caps->data_link_types = NULL;
- for (i = 0; i < nlt; i++) {
- data_link_info = create_data_link_info(linktypes[i]);
-
- /*
- * XXX - for 802.11, make the most detailed 802.11
- * version the default, rather than the one the
- * device has as the default?
- */
- if (linktypes[i] == deflt)
- caps->data_link_types = g_list_prepend(caps->data_link_types,
- data_link_info);
- else
- caps->data_link_types = g_list_append(caps->data_link_types,
- data_link_info);
- }
-#ifdef HAVE_PCAP_FREE_DATALINKS
- pcap_free_datalinks(linktypes);
-#else
- /*
- * In Windows, there's no guarantee that if you have a library
- * built with one version of the MSVC++ run-time library, and
- * it returns a pointer to allocated data, you can free that
- * data from a program linked with another version of the
- * MSVC++ run-time library.
- *
- * This is not an issue on UN*X.
- *
- * See the mail threads starting at
- *
- * http://www.winpcap.org/pipermail/winpcap-users/2006-September/001421.html
- *
- * and
- *
- * http://www.winpcap.org/pipermail/winpcap-users/2008-May/002498.html
- */
-#ifndef _WIN32
-#define xx_free free /* hack so checkAPIs doesn't complain */
- xx_free(linktypes);
-#endif /* _WIN32 */
-#endif /* HAVE_PCAP_FREE_DATALINKS */
-#else /* HAVE_PCAP_LIST_DATALINKS */
-
- data_link_info = create_data_link_info(deflt);
- caps->data_link_types = g_list_append(caps->data_link_types,
- data_link_info);
-#endif /* HAVE_PCAP_LIST_DATALINKS */
-
- pcap_close(pch);
-
- if (err_str != NULL)
- *err_str = NULL;
- return caps;
-}
-
#define ADDRSTRLEN 46 /* Covers IPv4 & IPv6 */
/*
* Output a machine readable list of the interfaces
if_addr = (if_addr_t *)addr->data;
switch(if_addr->ifat_type) {
case IF_AT_IPv4:
- if (inet_ntop(AF_INET, &if_addr->addr.ip4_addr, addr_str,
+ if (ws_inet_ntop4(&if_addr->addr.ip4_addr, addr_str,
ADDRSTRLEN)) {
printf("%s", addr_str);
} else {
}
break;
case IF_AT_IPv6:
- if (inet_ntop(AF_INET6, &if_addr->addr.ip6_addr,
+ if (ws_inet_ntop6(&if_addr->addr.ip6_addr,
addr_str, ADDRSTRLEN)) {
printf("%s", addr_str);
} else {
* you MUST update capture_ifinfo.c:capture_get_if_capabilities() accordingly!
*/
static void
-print_machine_readable_if_capabilities(if_capabilities_t *caps)
+print_machine_readable_if_capabilities(if_capabilities_t *caps, int queries)
{
- GList *lt_entry;
- data_link_info_t *data_link_info;
+ GList *lt_entry, *ts_entry;
const gchar *desc_str;
if (capture_child) {
pipe_write_block(2, SP_SUCCESS, NULL);
}
- if (caps->can_set_rfmon)
- printf("1\n");
- else
- printf("0\n");
- for (lt_entry = caps->data_link_types; lt_entry != NULL;
- lt_entry = g_list_next(lt_entry)) {
- data_link_info = (data_link_info_t *)lt_entry->data;
- if (data_link_info->description != NULL)
- desc_str = data_link_info->description;
- else
- desc_str = "(not supported)";
- printf("%d\t%s\t%s\n", data_link_info->dlt, data_link_info->name,
- desc_str);
+ if (queries & CAPS_QUERY_LINK_TYPES) {
+ if (caps->can_set_rfmon)
+ printf("1\n");
+ else
+ printf("0\n");
+ for (lt_entry = caps->data_link_types; lt_entry != NULL;
+ lt_entry = g_list_next(lt_entry)) {
+ data_link_info_t *data_link_info = (data_link_info_t *)lt_entry->data;
+ if (data_link_info->description != NULL)
+ desc_str = data_link_info->description;
+ else
+ desc_str = "(not supported)";
+ printf("%d\t%s\t%s\n", data_link_info->dlt, data_link_info->name,
+ desc_str);
+ }
+ }
+ printf("\n");
+ if (queries & CAPS_QUERY_TIMESTAMP_TYPES) {
+ for (ts_entry = caps->timestamp_types; ts_entry != NULL;
+ ts_entry = g_list_next(ts_entry)) {
+ timestamp_info_t *timestamp = (timestamp_info_t *)ts_entry->data;
+ if (timestamp->description != NULL)
+ desc_str = timestamp->description;
+ else
+ desc_str = "(none)";
+ printf("%s\t%s\n", timestamp->name, desc_str);
+ }
}
}
for (if_entry = g_list_first(if_list); if_entry != NULL; if_entry = g_list_next(if_entry)) {
if_info = (if_info_t *)if_entry->data;
+
+#ifdef __linux__
+ /* On Linux nf* interfaces don't collect stats properly and don't allows multiple
+ * connections. We avoid collecting stats on them.
+ */
+ if (!strncmp(if_info->name, "nf", 2)) {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Skipping interface %s for stats",
+ if_info->name);
+ continue;
+ }
+#endif
+
#ifdef HAVE_PCAP_OPEN
pch = pcap_open(if_info->name, MIN_PACKET_SIZE, 0, 0, NULL, errbuf);
#else
{
/* Don't print this if we're a capture child. */
if (!capture_child && reportit) {
- fprintf(stderr, "\rPackets captured: %u\n", global_ld.packet_count);
+ fprintf(stderr, "\rPackets captured: %d\n", global_ld.packet_count);
/* stderr could be line buffered */
fflush(stderr);
}
#endif /* _WIN32 */
+ capture_opts_cleanup(&global_capture_opts);
exit(status);
}
cap_pipe_read(int pipe_fd, char *buf, size_t sz, gboolean from_socket _U_)
{
#ifdef _WIN32
- if (from_socket) {
- return recv(pipe_fd, buf, (int)sz, 0);
- } else {
- return -1;
- }
+ if (from_socket) {
+ return recv(pipe_fd, buf, (int)sz, 0);
+ } else {
+ return -1;
+ }
#else
- return ws_read(pipe_fd, buf, sz);
+ return ws_read(pipe_fd, buf, sz);
#endif
}
*/
static void *cap_thread_read(void *arg)
{
- pcap_options *pcap_opts;
+ capture_src *pcap_src;
#ifdef _WIN32
BOOL res;
DWORD b, last_err, bytes_read;
int b;
#endif /* _WIN32 */
- pcap_opts = (pcap_options *)arg;
- while (pcap_opts->cap_pipe_err == PIPOK) {
- g_async_queue_pop(pcap_opts->cap_pipe_pending_q); /* Wait for our cue (ahem) from the main thread */
- g_mutex_lock(pcap_opts->cap_pipe_read_mtx);
+ pcap_src = (capture_src *)arg;
+ while (pcap_src->cap_pipe_err == PIPOK) {
+ g_async_queue_pop(pcap_src->cap_pipe_pending_q); /* Wait for our cue (ahem) from the main thread */
+ g_mutex_lock(pcap_src->cap_pipe_read_mtx);
bytes_read = 0;
- while (bytes_read < pcap_opts->cap_pipe_bytes_to_read) {
- if ((pcap_opts->from_cap_socket)
+ while (bytes_read < pcap_src->cap_pipe_bytes_to_read) {
+ if ((pcap_src->from_cap_socket)
#ifndef _WIN32
|| 1
#endif
)
{
- b = cap_pipe_read(pcap_opts->cap_pipe_fd, pcap_opts->cap_pipe_buf+bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - bytes_read, pcap_opts->from_cap_socket);
+ b = cap_pipe_read(pcap_src->cap_pipe_fd, pcap_src->cap_pipe_buf+bytes_read,
+ pcap_src->cap_pipe_bytes_to_read - bytes_read, pcap_src->from_cap_socket);
if (b <= 0) {
if (b == 0) {
- pcap_opts->cap_pipe_err = PIPEOF;
+ pcap_src->cap_pipe_err = PIPEOF;
bytes_read = 0;
break;
} else {
- pcap_opts->cap_pipe_err = PIPERR;
+ pcap_src->cap_pipe_err = PIPERR;
bytes_read = -1;
break;
}
/* If we try to use read() on a named pipe on Windows with partial
* data it appears to return EOF.
*/
- res = ReadFile(pcap_opts->cap_pipe_h, pcap_opts->cap_pipe_buf+bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - bytes_read,
+ res = ReadFile(pcap_src->cap_pipe_h, pcap_src->cap_pipe_buf+bytes_read,
+ pcap_src->cap_pipe_bytes_to_read - bytes_read,
&b, NULL);
bytes_read += b;
if (last_err == ERROR_MORE_DATA) {
continue;
} else if (last_err == ERROR_HANDLE_EOF || last_err == ERROR_BROKEN_PIPE || last_err == ERROR_PIPE_NOT_CONNECTED) {
- pcap_opts->cap_pipe_err = PIPEOF;
+ pcap_src->cap_pipe_err = PIPEOF;
bytes_read = 0;
break;
}
- pcap_opts->cap_pipe_err = PIPERR;
+ pcap_src->cap_pipe_err = PIPERR;
bytes_read = -1;
break;
- } else if (b == 0 && pcap_opts->cap_pipe_bytes_to_read > 0) {
- pcap_opts->cap_pipe_err = PIPEOF;
+ } else if (b == 0 && pcap_src->cap_pipe_bytes_to_read > 0) {
+ pcap_src->cap_pipe_err = PIPEOF;
bytes_read = 0;
break;
}
}
#endif /*_WIN32 */
}
- pcap_opts->cap_pipe_bytes_read = bytes_read;
- if (pcap_opts->cap_pipe_bytes_read >= pcap_opts->cap_pipe_bytes_to_read) {
- g_async_queue_push(pcap_opts->cap_pipe_done_q, pcap_opts->cap_pipe_buf); /* Any non-NULL value will do */
+ pcap_src->cap_pipe_bytes_read = bytes_read;
+ if (pcap_src->cap_pipe_bytes_read >= pcap_src->cap_pipe_bytes_to_read) {
+ g_async_queue_push(pcap_src->cap_pipe_done_q, pcap_src->cap_pipe_buf); /* Any non-NULL value will do */
}
- g_mutex_unlock(pcap_opts->cap_pipe_read_mtx);
+ g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
return NULL;
}
#define DEF_TCP_PORT 19000
static int
-cap_open_socket(char *pipename, pcap_options *pcap_opts, char *errmsg, int errmsgl)
+cap_open_socket(char *pipename, capture_src *pcap_src, char *errmsg, int errmsgl)
{
- char *sockname = pipename + 4;
- struct sockaddr_in sa;
- char buf[16];
- char *p;
- unsigned long port;
- size_t len;
- int fd;
-
- memset(&sa, 0, sizeof(sa));
-
- p = strchr(sockname, ':');
- if (p == NULL) {
- len = strlen(sockname);
- port = DEF_TCP_PORT;
- }
- else {
- len = p - sockname;
- port = strtoul(p + 1, &p, 10);
- if (*p || port > 65535) {
- goto fail_invalid;
+ char *sockname = pipename + 4;
+ struct sockaddr_in sa;
+ char buf[16];
+ char *p;
+ unsigned long port;
+ size_t len;
+ int fd;
+
+ memset(&sa, 0, sizeof(sa));
+
+ p = strchr(sockname, ':');
+ if (p == NULL) {
+ len = strlen(sockname);
+ port = DEF_TCP_PORT;
+ }
+ else {
+ len = p - sockname;
+ port = strtoul(p + 1, &p, 10);
+ if (*p || port > 65535) {
+ goto fail_invalid;
+ }
}
- }
- if (len > 15) {
- goto fail_invalid;
- }
+ if (len > 15) {
+ goto fail_invalid;
+ }
- g_snprintf ( buf,(gulong)len + 1, "%s", sockname );
- buf[len] = '\0';
- if (inet_pton(AF_INET, buf, &sa.sin_addr) <= 0) {
- goto fail_invalid;
- }
+ g_snprintf ( buf,(gulong)len + 1, "%s", sockname );
+ buf[len] = '\0';
+ if (!ws_inet_pton4(buf, (guint32 *)&sa.sin_addr)) {
+ goto fail_invalid;
+ }
- sa.sin_family = AF_INET;
- sa.sin_port = g_htons((u_short)port);
+ sa.sin_family = AF_INET;
+ sa.sin_port = g_htons((u_short)port);
- if (((fd = (int)socket(AF_INET, SOCK_STREAM, 0)) < 0) ||
- (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0)) {
+ if (((fd = (int)socket(AF_INET, SOCK_STREAM, 0)) < 0) ||
+ (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0)) {
#ifdef _WIN32
- LPTSTR errorText = NULL;
- int lastError;
-
- lastError = WSAGetLastError();
- FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
- FORMAT_MESSAGE_ALLOCATE_BUFFER |
- FORMAT_MESSAGE_IGNORE_INSERTS,
- NULL, lastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
- (LPTSTR)&errorText, 0, NULL);
-#endif
- g_snprintf(errmsg, errmsgl,
- "The capture session could not be initiated due to the socket error: \n"
+ LPTSTR errorText = NULL;
+ int lastError;
+
+ lastError = WSAGetLastError();
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
+ FORMAT_MESSAGE_ALLOCATE_BUFFER |
+ FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, lastError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+ (LPTSTR)&errorText, 0, NULL);
+#endif
+ g_snprintf(errmsg, errmsgl,
+ "The capture session could not be initiated due to the socket error: \n"
#ifdef _WIN32
- " %d: %S", lastError, errorText ? (char *)errorText : "Unknown");
- if (errorText)
- LocalFree(errorText);
+ " %d: %S", lastError, errorText ? (char *)errorText : "Unknown");
+ if (errorText)
+ LocalFree(errorText);
#else
- " %d: %s", errno, g_strerror(errno));
+ " %d: %s", errno, g_strerror(errno));
#endif
- pcap_opts->cap_pipe_err = PIPERR;
+ pcap_src->cap_pipe_err = PIPERR;
- if (fd >= 0)
- cap_pipe_close(fd, TRUE);
- return -1;
- }
+ if (fd >= 0)
+ cap_pipe_close(fd, TRUE);
+ return -1;
+ }
- pcap_opts->from_cap_socket = TRUE;
- return fd;
+ pcap_src->from_cap_socket = TRUE;
+ return fd;
fail_invalid:
- g_snprintf(errmsg, errmsgl,
- "The capture session could not be initiated because\n"
- "\"%s\" is not a valid socket specification", pipename);
- pcap_opts->cap_pipe_err = PIPERR;
- return -1;
+ g_snprintf(errmsg, errmsgl,
+ "The capture session could not be initiated because\n"
+ "\"%s\" is not a valid socket specification", pipename);
+ pcap_src->cap_pipe_err = PIPERR;
+ return -1;
}
/* Wrapper: distinguish between closesocket on Windows; use ws_close
cap_pipe_close(int pipe_fd, gboolean from_socket _U_)
{
#ifdef _WIN32
- if (from_socket) {
- closesocket(pipe_fd);
- }
+ if (from_socket) {
+ closesocket(pipe_fd);
+ }
#else
- ws_close(pipe_fd);
+ ws_close(pipe_fd);
#endif
}
* because we can't seek on pipes (see wiretap/libpcap.c for details) */
static void
cap_pipe_open_live(char *pipename,
- pcap_options *pcap_opts,
+ capture_src *pcap_src,
struct pcap_hdr *hdr,
char *errmsg, int errmsgl)
{
#else /* _WIN32 */
char *pncopy, *pos;
wchar_t *err_str;
- interface_options interface_opts;
+#ifdef HAVE_EXTCAP
+ char* extcap_pipe_name;
+#endif
+#endif
+#ifdef HAVE_EXTCAP
+ gboolean extcap_pipe = FALSE;
#endif
ssize_t b;
int fd = -1, sel_ret;
size_t bytes_read;
guint32 magic = 0;
- pcap_opts->cap_pipe_fd = -1;
+ pcap_src->cap_pipe_fd = -1;
#ifdef _WIN32
- pcap_opts->cap_pipe_h = INVALID_HANDLE_VALUE;
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
#endif
+
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: %s", pipename);
/*
#ifndef _WIN32
fd = 0; /* read from stdin */
#else /* _WIN32 */
- pcap_opts->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
+ pcap_src->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
#endif /* _WIN32 */
} else if (!strncmp(pipename, "TCP@", 4)) {
- if ((fd = cap_open_socket(pipename, pcap_opts, errmsg, errmsgl)) < 0) {
+ if ((fd = cap_open_socket(pipename, pcap_src, errmsg, errmsgl)) < 0) {
return;
}
} else {
#ifndef _WIN32
+#ifdef HAVE_EXTCAP
+ if ( g_strrstr(pipename, EXTCAP_PIPE_PREFIX) != NULL )
+ extcap_pipe = TRUE;
+#endif
+
if (ws_stat64(pipename, &pipe_stat) < 0) {
if (errno == ENOENT || errno == ENOTDIR)
- pcap_opts->cap_pipe_err = PIPNEXIST;
+ pcap_src->cap_pipe_err = PIPNEXIST;
else {
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated "
- "due to error getting information on pipe/socket: %s", g_strerror(errno));
- pcap_opts->cap_pipe_err = PIPERR;
+ "due to error getting information on pipe/socket: %s.", g_strerror(errno));
+ pcap_src->cap_pipe_err = PIPERR;
}
return;
}
if (fd == -1) {
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated "
- "due to error on pipe open: %s", g_strerror(errno));
- pcap_opts->cap_pipe_err = PIPERR;
+ "due to error on pipe open: %s.", g_strerror(errno));
+ pcap_src->cap_pipe_err = PIPERR;
return;
}
} else if (S_ISSOCK(pipe_stat.st_mode)) {
if (fd == -1) {
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated "
- "due to error on socket create: %s", g_strerror(errno));
- pcap_opts->cap_pipe_err = PIPERR;
+ "due to error on socket create: %s.", g_strerror(errno));
+ pcap_src->cap_pipe_err = PIPERR;
return;
}
sa.sun_family = AF_UNIX;
/* Path name too long */
g_snprintf(errmsg, errmsgl,
"The capture session coud not be initiated "
- "due to error on socket connect: Path name too long");
- pcap_opts->cap_pipe_err = PIPERR;
+ "due to error on socket connect: Path name too long.");
+ pcap_src->cap_pipe_err = PIPERR;
ws_close(fd);
return;
}
if (b == -1) {
g_snprintf(errmsg, errmsgl,
"The capture session coud not be initiated "
- "due to error on socket connect: %s", g_strerror(errno));
- pcap_opts->cap_pipe_err = PIPERR;
+ "due to error on socket connect: %s.", g_strerror(errno));
+ pcap_src->cap_pipe_err = PIPERR;
ws_close(fd);
return;
}
* Assume the user specified an interface on a system where
* interfaces are in /dev. Pretend we haven't seen it.
*/
- pcap_opts->cap_pipe_err = PIPNEXIST;
+ pcap_src->cap_pipe_err = PIPNEXIST;
} else {
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated because\n"
- "\"%s\" is neither an interface nor a socket nor a pipe", pipename);
- pcap_opts->cap_pipe_err = PIPERR;
+ "\"%s\" is neither an interface nor a socket nor a pipe.", pipename);
+ pcap_src->cap_pipe_err = PIPERR;
}
return;
}
+
#else /* _WIN32 */
#define PIPE_STR "\\pipe\\"
/* Under Windows, named pipes _must_ have the form
if (!pos) {
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated because\n"
- "\"%s\" is neither an interface nor a pipe", pipename);
- pcap_opts->cap_pipe_err = PIPNEXIST;
+ "\"%s\" is neither an interface nor a pipe.", pipename);
+ pcap_src->cap_pipe_err = PIPNEXIST;
return;
}
-
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, 0);
+#ifdef HAVE_EXTCAP
+ extcap_pipe_name = g_strconcat("\\\\.\\pipe\\", EXTCAP_PIPE_PREFIX, NULL);
+ extcap_pipe = strstr(pipename, extcap_pipe_name) ? TRUE : FALSE;
+ g_free(extcap_pipe_name);
+#endif
/* Wait for the pipe to appear */
while (1) {
- if(strncmp(interface_opts.name,"\\\\.\\pipe\\",9)== 0)
- pcap_opts->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
+#ifdef HAVE_EXTCAP
+ if(extcap_pipe)
+ pcap_src->cap_pipe_h = GetStdHandle(STD_INPUT_HANDLE);
else
- pcap_opts->cap_pipe_h = CreateFile(utf_8to16(pipename), GENERIC_READ, 0, NULL,
+#endif
+ pcap_src->cap_pipe_h = CreateFile(utf_8to16(pipename), GENERIC_READ, 0, NULL,
OPEN_EXISTING, 0, NULL);
- if (pcap_opts->cap_pipe_h != INVALID_HANDLE_VALUE)
+ if (pcap_src->cap_pipe_h != INVALID_HANDLE_VALUE)
break;
if (GetLastError() != ERROR_PIPE_BUSY) {
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" could not be started "
- "due to error on pipe open: %s (error %d)",
+ "due to error on pipe open: %s (error %d).",
pipename, utf_16to8(err_str), GetLastError());
LocalFree(err_str);
- pcap_opts->cap_pipe_err = PIPERR;
+ pcap_src->cap_pipe_err = PIPERR;
return;
}
NULL, GetLastError(), 0, (LPTSTR) &err_str, 0, NULL);
g_snprintf(errmsg, errmsgl,
"The capture session on \"%s\" timed out during "
- "pipe open: %s (error %d)",
+ "pipe open: %s (error %d).",
pipename, utf_16to8(err_str), GetLastError());
LocalFree(err_str);
- pcap_opts->cap_pipe_err = PIPERR;
+ pcap_src->cap_pipe_err = PIPERR;
return;
}
}
#endif /* _WIN32 */
}
- pcap_opts->from_cap_pipe = TRUE;
+ pcap_src->from_cap_pipe = TRUE;
+
+ /*
+ * We start with a 2KB buffer for packet data, which should be
+ * large enough for most regular network packets. We increase it,
+ * up to the maximum size we allow, as necessary.
+ */
+ pcap_src->cap_pipe_databuf = (guchar*)g_malloc(2048);
+ pcap_src->cap_pipe_databuf_size = 2048;
#ifdef _WIN32
- if (pcap_opts->from_cap_socket)
+ if (pcap_src->from_cap_socket)
#endif
{
/* read the pcap header */
bytes_read = 0;
while (bytes_read < sizeof magic) {
if (fd == -1) {
- g_snprintf(errmsg, errmsgl, "Invalid file descriptor");
+ g_snprintf(errmsg, errmsgl, "Invalid file descriptor.");
goto error;
}
sel_ret = cap_pipe_select(fd);
if (sel_ret < 0) {
g_snprintf(errmsg, errmsgl,
- "Unexpected error from select: %s", g_strerror(errno));
+ "Unexpected error from select: %s.", g_strerror(errno));
goto error;
} else if (sel_ret > 0) {
b = cap_pipe_read(fd, ((char *)&magic)+bytes_read,
sizeof magic-bytes_read,
- pcap_opts->from_cap_socket);
+ pcap_src->from_cap_socket);
+#ifdef HAVE_EXTCAP
+ /* jump messaging, if extcap had an error, stderr will provide the correct message */
+ if (extcap_pipe && b <= 0)
+ goto error;
+#endif
if (b <= 0) {
if (b == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open");
+ g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open.");
else
- g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s",
+ g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s.",
g_strerror(errno));
goto error;
}
#ifdef _WIN32
else {
#if GLIB_CHECK_VERSION(2,31,0)
- g_thread_new("cap_pipe_open_live", &cap_thread_read, pcap_opts);
+ g_thread_new("cap_pipe_open_live", &cap_thread_read, pcap_src);
#else
- g_thread_create(&cap_thread_read, pcap_opts, FALSE, NULL);
+ g_thread_create(&cap_thread_read, pcap_src, FALSE, NULL);
#endif
- pcap_opts->cap_pipe_buf = (char *) &magic;
- pcap_opts->cap_pipe_bytes_read = 0;
- pcap_opts->cap_pipe_bytes_to_read = sizeof(magic);
+ pcap_src->cap_pipe_buf = (char *) &magic;
+ pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_to_read = sizeof(magic);
/* We don't have to worry about cap_pipe_read_mtx here */
- g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
- g_async_queue_pop(pcap_opts->cap_pipe_done_q);
- if (pcap_opts->cap_pipe_bytes_read <= 0) {
- if (pcap_opts->cap_pipe_bytes_read == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open");
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_async_queue_pop(pcap_src->cap_pipe_done_q);
+ /* jump messaging, if extcap had an error, stderr will provide the correct message */
+ if (pcap_src->cap_pipe_bytes_read <= 0 && extcap_pipe)
+ goto error;
+
+ if (pcap_src->cap_pipe_bytes_read <= 0) {
+ if (pcap_src->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe magic during open.");
else
- g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s",
+ g_snprintf(errmsg, errmsgl, "Error on pipe magic during open: %s.",
g_strerror(errno));
goto error;
}
case PCAP_NSEC_MAGIC:
/* Host that wrote it has our byte order, and was running
a program using either standard or ss990417 libpcap. */
- pcap_opts->cap_pipe_byte_swapped = FALSE;
- pcap_opts->cap_pipe_modified = FALSE;
- pcap_opts->ts_nsec = magic == PCAP_NSEC_MAGIC;
+ pcap_src->cap_pipe_byte_swapped = FALSE;
+ pcap_src->cap_pipe_modified = FALSE;
+ pcap_src->ts_nsec = magic == PCAP_NSEC_MAGIC;
break;
case PCAP_MODIFIED_MAGIC:
/* Host that wrote it has our byte order, but was running
a program using either ss990915 or ss991029 libpcap. */
- pcap_opts->cap_pipe_byte_swapped = FALSE;
- pcap_opts->cap_pipe_modified = TRUE;
+ pcap_src->cap_pipe_byte_swapped = FALSE;
+ pcap_src->cap_pipe_modified = TRUE;
break;
case PCAP_SWAPPED_MAGIC:
case PCAP_SWAPPED_NSEC_MAGIC:
/* Host that wrote it has a byte order opposite to ours,
and was running a program using either standard or
ss990417 libpcap. */
- pcap_opts->cap_pipe_byte_swapped = TRUE;
- pcap_opts->cap_pipe_modified = FALSE;
- pcap_opts->ts_nsec = magic == PCAP_SWAPPED_NSEC_MAGIC;
+ pcap_src->cap_pipe_byte_swapped = TRUE;
+ pcap_src->cap_pipe_modified = FALSE;
+ pcap_src->ts_nsec = magic == PCAP_SWAPPED_NSEC_MAGIC;
break;
case PCAP_SWAPPED_MODIFIED_MAGIC:
/* Host that wrote it out has a byte order opposite to
ours, and was running a program using either ss990915
or ss991029 libpcap. */
- pcap_opts->cap_pipe_byte_swapped = TRUE;
- pcap_opts->cap_pipe_modified = TRUE;
+ pcap_src->cap_pipe_byte_swapped = TRUE;
+ pcap_src->cap_pipe_modified = TRUE;
break;
+ case BLOCK_TYPE_SHB:
+ /* This isn't pcap, it's pcapng. We don't yet support
+ reading it. */
+ g_snprintf(errmsg, errmsgl, "Capturing from a pipe doesn't support pcapng format.");
+ goto error;
default:
- /* Not a "libpcap" type we know about. */
- g_snprintf(errmsg, errmsgl, "Unrecognized libpcap format");
+ /* Not a pcap type we know about, or not pcap at all. */
+ g_snprintf(errmsg, errmsgl, "Unrecognized libpcap format or not libpcap data.");
goto error;
}
#ifdef _WIN32
- if (pcap_opts->from_cap_socket)
+ if (pcap_src->from_cap_socket)
#endif
{
/* Read the rest of the header */
sel_ret = cap_pipe_select(fd);
if (sel_ret < 0) {
g_snprintf(errmsg, errmsgl,
- "Unexpected error from select: %s", g_strerror(errno));
+ "Unexpected error from select: %s.", g_strerror(errno));
goto error;
} else if (sel_ret > 0) {
b = cap_pipe_read(fd, ((char *)hdr)+bytes_read,
sizeof(struct pcap_hdr) - bytes_read,
- pcap_opts->from_cap_socket);
+ pcap_src->from_cap_socket);
if (b <= 0) {
if (b == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe header during open");
+ g_snprintf(errmsg, errmsgl, "End of file on pipe header during open.");
else
- g_snprintf(errmsg, errmsgl, "Error on pipe header during open: %s",
+ g_snprintf(errmsg, errmsgl, "Error on pipe header during open: %s.",
g_strerror(errno));
goto error;
}
}
#ifdef _WIN32
else {
- pcap_opts->cap_pipe_buf = (char *) hdr;
- pcap_opts->cap_pipe_bytes_read = 0;
- pcap_opts->cap_pipe_bytes_to_read = sizeof(struct pcap_hdr);
- g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
- g_async_queue_pop(pcap_opts->cap_pipe_done_q);
- if (pcap_opts->cap_pipe_bytes_read <= 0) {
- if (pcap_opts->cap_pipe_bytes_read == 0)
- g_snprintf(errmsg, errmsgl, "End of file on pipe header during open");
+ pcap_src->cap_pipe_buf = (char *) hdr;
+ pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_to_read = sizeof(struct pcap_hdr);
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_async_queue_pop(pcap_src->cap_pipe_done_q);
+ if (pcap_src->cap_pipe_bytes_read <= 0) {
+ if (pcap_src->cap_pipe_bytes_read == 0)
+ g_snprintf(errmsg, errmsgl, "End of file on pipe header during open.");
else
- g_snprintf(errmsg, errmsgl, "Error on pipe header header during open: %s",
+ g_snprintf(errmsg, errmsgl, "Error on pipe header header during open: %s.",
g_strerror(errno));
goto error;
}
}
#endif
- if (pcap_opts->cap_pipe_byte_swapped) {
+ if (pcap_src->cap_pipe_byte_swapped) {
/* Byte-swap the header fields about which we care. */
hdr->version_major = GUINT16_SWAP_LE_BE(hdr->version_major);
hdr->version_minor = GUINT16_SWAP_LE_BE(hdr->version_minor);
hdr->snaplen = GUINT32_SWAP_LE_BE(hdr->snaplen);
hdr->network = GUINT32_SWAP_LE_BE(hdr->network);
}
- pcap_opts->linktype = hdr->network;
+ pcap_src->linktype = hdr->network;
+#ifdef DLT_DBUS
+ if (pcap_src->linktype == DLT_DBUS) {
+ /*
+ * The maximum D-Bus message size is 128MB, so allow packets up
+ * to that size.
+ */
+ pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_DBUS;
+ } else
+#endif
+ pcap_src->cap_pipe_max_pkt_size = WTAP_MAX_PACKET_SIZE_STANDARD;
if (hdr->version_major < 2) {
g_snprintf(errmsg, errmsgl, "Unable to read old libpcap format");
goto error;
}
- pcap_opts->cap_pipe_state = STATE_EXPECT_REC_HDR;
- pcap_opts->cap_pipe_err = PIPOK;
- pcap_opts->cap_pipe_fd = fd;
+ pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
+ pcap_src->cap_pipe_err = PIPOK;
+ pcap_src->cap_pipe_fd = fd;
return;
error:
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: error %s", errmsg);
- pcap_opts->cap_pipe_err = PIPERR;
- cap_pipe_close(fd, pcap_opts->from_cap_socket);
- pcap_opts->cap_pipe_fd = -1;
+ pcap_src->cap_pipe_err = PIPERR;
+ cap_pipe_close(fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+#ifdef _WIN32
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+#endif
}
/* We read one record from the pipe, take care of byte order in the record
* header, write the record to the capture file, and update capture statistics. */
static int
-cap_pipe_dispatch(loop_data *ld, pcap_options *pcap_opts, guchar *data, char *errmsg, int errmsgl)
+cap_pipe_dispatch(loop_data *ld, capture_src *pcap_src, char *errmsg, int errmsgl)
{
struct pcap_pkthdr phdr;
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
wchar_t *err_str;
#endif
ssize_t b;
+ guint new_bufsize;
#ifdef LOG_CAPTURE_VERBOSE
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_dispatch");
#endif
- switch (pcap_opts->cap_pipe_state) {
+ switch (pcap_src->cap_pipe_state) {
case STATE_EXPECT_REC_HDR:
#ifdef _WIN32
- if (g_mutex_trylock(pcap_opts->cap_pipe_read_mtx)) {
+ if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
#endif
- pcap_opts->cap_pipe_state = STATE_READ_REC_HDR;
- pcap_opts->cap_pipe_bytes_to_read = pcap_opts->cap_pipe_modified ?
+ pcap_src->cap_pipe_state = STATE_READ_REC_HDR;
+ pcap_src->cap_pipe_bytes_to_read = pcap_src->cap_pipe_modified ?
sizeof(struct pcaprec_modified_hdr) : sizeof(struct pcaprec_hdr);
- pcap_opts->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_bytes_read = 0;
#ifdef _WIN32
- pcap_opts->cap_pipe_buf = (char *) &pcap_opts->cap_pipe_rechdr;
- g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
- g_mutex_unlock(pcap_opts->cap_pipe_read_mtx);
+ pcap_src->cap_pipe_buf = (char *) &pcap_src->cap_pipe_rechdr;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
#endif
/* Fall through */
case STATE_READ_REC_HDR:
#ifdef _WIN32
- if (pcap_opts->from_cap_socket)
+ if (pcap_src->from_cap_socket)
#endif
{
- b = cap_pipe_read(pcap_opts->cap_pipe_fd, ((char *)&pcap_opts->cap_pipe_rechdr)+pcap_opts->cap_pipe_bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - pcap_opts->cap_pipe_bytes_read, pcap_opts->from_cap_socket);
+ b = cap_pipe_read(pcap_src->cap_pipe_fd, ((char *)&pcap_src->cap_pipe_rechdr)+pcap_src->cap_pipe_bytes_read,
+ pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read, pcap_src->from_cap_socket);
if (b <= 0) {
if (b == 0)
result = PD_PIPE_EOF;
result = PD_PIPE_ERR;
break;
}
- pcap_opts->cap_pipe_bytes_read += b;
+ pcap_src->cap_pipe_bytes_read += b;
}
#ifdef _WIN32
else {
#if GLIB_CHECK_VERSION(2,31,18)
- q_status = g_async_queue_timeout_pop(pcap_opts->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
#else
g_get_current_time(&wait_time);
g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_opts->cap_pipe_done_q, &wait_time);
+ q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
#endif
- if (pcap_opts->cap_pipe_err == PIPEOF) {
+ if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
- } else if (pcap_opts->cap_pipe_err == PIPERR) {
+ } else if (pcap_src->cap_pipe_err == PIPERR) {
result = PD_PIPE_ERR;
break;
}
}
}
#endif
- if (pcap_opts->cap_pipe_bytes_read < pcap_opts->cap_pipe_bytes_to_read)
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
return 0;
result = PD_REC_HDR_READ;
break;
case STATE_EXPECT_DATA:
#ifdef _WIN32
- if (g_mutex_trylock(pcap_opts->cap_pipe_read_mtx)) {
+ if (g_mutex_trylock(pcap_src->cap_pipe_read_mtx)) {
#endif
- pcap_opts->cap_pipe_state = STATE_READ_DATA;
- pcap_opts->cap_pipe_bytes_to_read = pcap_opts->cap_pipe_rechdr.hdr.incl_len;
- pcap_opts->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_state = STATE_READ_DATA;
+ pcap_src->cap_pipe_bytes_to_read = pcap_src->cap_pipe_rechdr.hdr.incl_len;
+ pcap_src->cap_pipe_bytes_read = 0;
#ifdef _WIN32
- pcap_opts->cap_pipe_buf = (char *) data;
- g_async_queue_push(pcap_opts->cap_pipe_pending_q, pcap_opts->cap_pipe_buf);
- g_mutex_unlock(pcap_opts->cap_pipe_read_mtx);
+ pcap_src->cap_pipe_buf = pcap_src->cap_pipe_databuf;
+ g_async_queue_push(pcap_src->cap_pipe_pending_q, pcap_src->cap_pipe_buf);
+ g_mutex_unlock(pcap_src->cap_pipe_read_mtx);
}
#endif
/* Fall through */
case STATE_READ_DATA:
#ifdef _WIN32
- if (pcap_opts->from_cap_socket)
+ if (pcap_src->from_cap_socket)
#endif
{
- b = cap_pipe_read(pcap_opts->cap_pipe_fd,
- data+pcap_opts->cap_pipe_bytes_read,
- pcap_opts->cap_pipe_bytes_to_read - pcap_opts->cap_pipe_bytes_read,
- pcap_opts->from_cap_socket);
+ b = cap_pipe_read(pcap_src->cap_pipe_fd,
+ pcap_src->cap_pipe_databuf+pcap_src->cap_pipe_bytes_read,
+ pcap_src->cap_pipe_bytes_to_read - pcap_src->cap_pipe_bytes_read,
+ pcap_src->from_cap_socket);
if (b <= 0) {
if (b == 0)
result = PD_PIPE_EOF;
result = PD_PIPE_ERR;
break;
}
- pcap_opts->cap_pipe_bytes_read += b;
+ pcap_src->cap_pipe_bytes_read += b;
}
#ifdef _WIN32
else {
#if GLIB_CHECK_VERSION(2,31,18)
- q_status = g_async_queue_timeout_pop(pcap_opts->cap_pipe_done_q, PIPE_READ_TIMEOUT);
+ q_status = g_async_queue_timeout_pop(pcap_src->cap_pipe_done_q, PIPE_READ_TIMEOUT);
#else
g_get_current_time(&wait_time);
g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
- q_status = g_async_queue_timed_pop(pcap_opts->cap_pipe_done_q, &wait_time);
+ q_status = g_async_queue_timed_pop(pcap_src->cap_pipe_done_q, &wait_time);
#endif /* GLIB_CHECK_VERSION(2,31,18) */
- if (pcap_opts->cap_pipe_err == PIPEOF) {
+ if (pcap_src->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
break;
- } else if (pcap_opts->cap_pipe_err == PIPERR) {
+ } else if (pcap_src->cap_pipe_err == PIPERR) {
result = PD_PIPE_ERR;
break;
}
}
}
#endif /* _WIN32 */
- if (pcap_opts->cap_pipe_bytes_read < pcap_opts->cap_pipe_bytes_to_read)
+ if (pcap_src->cap_pipe_bytes_read < pcap_src->cap_pipe_bytes_to_read)
return 0;
result = PD_DATA_READ;
break;
g_snprintf(errmsg, errmsgl, "cap_pipe_dispatch: invalid state");
result = PD_ERR;
- } /* switch (pcap_opts->cap_pipe_state) */
+ } /* switch (pcap_src->cap_pipe_state) */
/*
* We've now read as much data as we were expecting, so process it.
case PD_REC_HDR_READ:
/* We've read the header. Take care of byte order. */
- cap_pipe_adjust_header(pcap_opts->cap_pipe_byte_swapped, &pcap_opts->cap_pipe_hdr,
- &pcap_opts->cap_pipe_rechdr.hdr);
- if (pcap_opts->cap_pipe_rechdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
+ cap_pipe_adjust_header(pcap_src->cap_pipe_byte_swapped, &pcap_src->cap_pipe_hdr,
+ &pcap_src->cap_pipe_rechdr.hdr);
+ if (pcap_src->cap_pipe_rechdr.hdr.incl_len > pcap_src->cap_pipe_max_pkt_size) {
+ /*
+ * The record contains more data than the advertised/allowed in the
+ * pcap header, do not try to read more data (do not change to
+ * STATE_EXPECT_DATA) as that would not fit in the buffer and
+ * instead stop with an error.
+ */
g_snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)",
- ld->packet_count+1, pcap_opts->cap_pipe_rechdr.hdr.incl_len);
+ ld->packet_count+1, pcap_src->cap_pipe_rechdr.hdr.incl_len);
break;
}
- if (pcap_opts->cap_pipe_rechdr.hdr.incl_len) {
- pcap_opts->cap_pipe_state = STATE_EXPECT_DATA;
+ if (pcap_src->cap_pipe_rechdr.hdr.incl_len > pcap_src->cap_pipe_databuf_size) {
+ /*
+ * Grow the buffer to the packet size, rounded up to a power of
+ * 2.
+ */
+ new_bufsize = pcap_src->cap_pipe_rechdr.hdr.incl_len;
+ /*
+ * http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
+ */
+ new_bufsize--;
+ new_bufsize |= new_bufsize >> 1;
+ new_bufsize |= new_bufsize >> 2;
+ new_bufsize |= new_bufsize >> 4;
+ new_bufsize |= new_bufsize >> 8;
+ new_bufsize |= new_bufsize >> 16;
+ new_bufsize++;
+ pcap_src->cap_pipe_databuf = (guchar*)g_realloc(pcap_src->cap_pipe_databuf, new_bufsize);
+ pcap_src->cap_pipe_databuf_size = new_bufsize;
+ }
+
+ /*
+ * The record has some data following the header, try to read it next
+ * time.
+ */
+ if (pcap_src->cap_pipe_rechdr.hdr.incl_len) {
+ pcap_src->cap_pipe_state = STATE_EXPECT_DATA;
return 0;
}
- /* no data to read? fall through */
+ /*
+ * No data following the record header? Then no more data needs to be
+ * read and we will fallthrough and emit an empty packet.
+ */
+ /* FALLTHROUGH */
case PD_DATA_READ:
/* Fill in a "struct pcap_pkthdr", and process the packet. */
- phdr.ts.tv_sec = pcap_opts->cap_pipe_rechdr.hdr.ts_sec;
- phdr.ts.tv_usec = pcap_opts->cap_pipe_rechdr.hdr.ts_usec;
- phdr.caplen = pcap_opts->cap_pipe_rechdr.hdr.incl_len;
- phdr.len = pcap_opts->cap_pipe_rechdr.hdr.orig_len;
+ phdr.ts.tv_sec = pcap_src->cap_pipe_rechdr.hdr.ts_sec;
+ phdr.ts.tv_usec = pcap_src->cap_pipe_rechdr.hdr.ts_usec;
+ phdr.caplen = pcap_src->cap_pipe_rechdr.hdr.incl_len;
+ phdr.len = pcap_src->cap_pipe_rechdr.hdr.orig_len;
if (use_threads) {
- capture_loop_queue_packet_cb((u_char *)pcap_opts, &phdr, data);
+ capture_loop_queue_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
} else {
- capture_loop_write_packet_cb((u_char *)pcap_opts, &phdr, data);
+ capture_loop_write_packet_cb((u_char *)pcap_src, &phdr, pcap_src->cap_pipe_databuf);
}
- pcap_opts->cap_pipe_state = STATE_EXPECT_REC_HDR;
+ pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
return 1;
case PD_PIPE_EOF:
- pcap_opts->cap_pipe_err = PIPEOF;
+ pcap_src->cap_pipe_err = PIPEOF;
return -1;
case PD_PIPE_ERR:
break;
}
- pcap_opts->cap_pipe_err = PIPERR;
+ pcap_src->cap_pipe_err = PIPERR;
/* Return here rather than inside the switch to prevent GCC warning */
return -1;
}
char *secondary_errmsg, size_t secondary_errmsg_len)
{
gchar open_err_str[PCAP_ERRBUF_SIZE];
- gchar *sync_msg_str;
- interface_options interface_opts;
- pcap_options *pcap_opts;
+ gchar *sync_msg_str;
+ interface_options *interface_opts;
+ capture_src *pcap_src;
guint i;
#ifdef _WIN32
int err;
- gchar *sync_secondary_msg_str;
WORD wVersionRequested;
WSADATA wsaData;
#endif
/* XXX - opening Winsock on tshark? */
- /* Initialize Windows Socket if we are in a WIN32 OS
+ /* Initialize Windows Socket if we are in a Win32 OS
This needs to be done before querying the interface for network/netmask */
#ifdef _WIN32
/* XXX - do we really require 1.1 or earlier?
}
for (i = 0; i < capture_opts->ifaces->len; i++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
- pcap_opts = (pcap_options *)g_malloc(sizeof (pcap_options));
- if (pcap_opts == NULL) {
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
+ pcap_src = (capture_src *)g_malloc(sizeof (capture_src));
+ if (pcap_src == NULL) {
g_snprintf(errmsg, (gulong) errmsg_len,
"Could not allocate memory.");
return FALSE;
}
- pcap_opts->received = 0;
- pcap_opts->dropped = 0;
- pcap_opts->flushed = 0;
- pcap_opts->pcap_h = NULL;
+ pcap_src->received = 0;
+ pcap_src->dropped = 0;
+ pcap_src->flushed = 0;
+ pcap_src->pcap_h = NULL;
#ifdef MUST_DO_SELECT
- pcap_opts->pcap_fd = -1;
-#endif
- pcap_opts->pcap_err = FALSE;
- pcap_opts->interface_id = i;
- pcap_opts->tid = NULL;
- pcap_opts->snaplen = 0;
- pcap_opts->linktype = -1;
- pcap_opts->ts_nsec = FALSE;
- pcap_opts->from_cap_pipe = FALSE;
- pcap_opts->from_cap_socket = FALSE;
- memset(&pcap_opts->cap_pipe_hdr, 0, sizeof(struct pcap_hdr));
- memset(&pcap_opts->cap_pipe_rechdr, 0, sizeof(struct pcaprec_modified_hdr));
+ pcap_src->pcap_fd = -1;
+#endif
+ pcap_src->pcap_err = FALSE;
+ pcap_src->interface_id = i;
+ pcap_src->tid = NULL;
+ pcap_src->snaplen = 0;
+ pcap_src->linktype = -1;
+ pcap_src->ts_nsec = FALSE;
+ pcap_src->from_cap_pipe = FALSE;
+ pcap_src->from_cap_socket = FALSE;
+ memset(&pcap_src->cap_pipe_hdr, 0, sizeof(struct pcap_hdr));
+ memset(&pcap_src->cap_pipe_rechdr, 0, sizeof(struct pcaprec_modified_hdr));
#ifdef _WIN32
- pcap_opts->cap_pipe_h = INVALID_HANDLE_VALUE;
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
#endif
- pcap_opts->cap_pipe_fd = -1;
- pcap_opts->cap_pipe_modified = FALSE;
- pcap_opts->cap_pipe_byte_swapped = FALSE;
+ pcap_src->cap_pipe_fd = -1;
+ pcap_src->cap_pipe_modified = FALSE;
+ pcap_src->cap_pipe_byte_swapped = FALSE;
#ifdef _WIN32
- pcap_opts->cap_pipe_buf = NULL;
+ pcap_src->cap_pipe_buf = NULL;
#endif
- pcap_opts->cap_pipe_bytes_to_read = 0;
- pcap_opts->cap_pipe_bytes_read = 0;
- pcap_opts->cap_pipe_state = STATE_EXPECT_REC_HDR;
- pcap_opts->cap_pipe_err = PIPOK;
+ pcap_src->cap_pipe_bytes_to_read = 0;
+ pcap_src->cap_pipe_bytes_read = 0;
+ pcap_src->cap_pipe_state = STATE_EXPECT_REC_HDR;
+ pcap_src->cap_pipe_err = PIPOK;
#ifdef _WIN32
#if GLIB_CHECK_VERSION(2,31,0)
- pcap_opts->cap_pipe_read_mtx = g_malloc(sizeof(GMutex));
- g_mutex_init(pcap_opts->cap_pipe_read_mtx);
+ pcap_src->cap_pipe_read_mtx = g_malloc(sizeof(GMutex));
+ g_mutex_init(pcap_src->cap_pipe_read_mtx);
#else
- pcap_opts->cap_pipe_read_mtx = g_mutex_new();
+ pcap_src->cap_pipe_read_mtx = g_mutex_new();
#endif
- pcap_opts->cap_pipe_pending_q = g_async_queue_new();
- pcap_opts->cap_pipe_done_q = g_async_queue_new();
+ pcap_src->cap_pipe_pending_q = g_async_queue_new();
+ pcap_src->cap_pipe_done_q = g_async_queue_new();
#endif
- g_array_append_val(ld->pcaps, pcap_opts);
+ g_array_append_val(ld->pcaps, pcap_src);
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts.name);
- pcap_opts->pcap_h = open_capture_device(capture_opts, &interface_opts, &open_err_str);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", interface_opts->name);
+ pcap_src->pcap_h = open_capture_device(capture_opts, interface_opts,
+ CAP_READ_TIMEOUT, &open_err_str);
- if (pcap_opts->pcap_h != NULL) {
+ if (pcap_src->pcap_h != NULL) {
/* we've opened "iface" as a network device */
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
/* Find out if we're getting nanosecond-precision time stamps */
- pcap_opts->ts_nsec = pcap_get_tstamp_precision(pcap_opts->pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
-#endif
-
-#ifdef _WIN32
- /* try to set the capture buffer size */
- if (interface_opts.buffer_size > 1 &&
- pcap_setbuff(pcap_opts->pcap_h, interface_opts.buffer_size * 1024 * 1024) != 0) {
- sync_secondary_msg_str = g_strdup_printf(
- "The capture buffer size of %d MiB seems to be too high for your machine,\n"
- "the default of %d MiB will be used.\n"
- "\n"
- "Nonetheless, the capture is started.\n",
- interface_opts.buffer_size, DEFAULT_CAPTURE_BUFFER_SIZE);
- report_capture_error("Couldn't set the capture buffer size.",
- sync_secondary_msg_str);
- g_free(sync_secondary_msg_str);
- }
+ pcap_src->ts_nsec = have_high_resolution_timestamp(pcap_src->pcap_h);
#endif
#if defined(HAVE_PCAP_SETSAMPLING)
- if (interface_opts.sampling_method != CAPTURE_SAMP_NONE) {
+ if (interface_opts->sampling_method != CAPTURE_SAMP_NONE) {
struct pcap_samp *samp;
- if ((samp = pcap_setsampling(pcap_opts->pcap_h)) != NULL) {
- switch (interface_opts.sampling_method) {
+ if ((samp = pcap_setsampling(pcap_src->pcap_h)) != NULL) {
+ switch (interface_opts->sampling_method) {
case CAPTURE_SAMP_BY_COUNT:
samp->method = PCAP_SAMP_1_EVERY_N;
break;
sync_msg_str = g_strdup_printf(
"Unknown sampling method %d specified,\n"
"continue without packet sampling",
- interface_opts.sampling_method);
+ interface_opts->sampling_method);
report_capture_error("Couldn't set the capture "
"sampling", sync_msg_str);
g_free(sync_msg_str);
}
- samp->value = interface_opts.sampling_param;
+ samp->value = interface_opts->sampling_param;
} else {
report_capture_error("Couldn't set the capture sampling",
"Cannot get packet sampling data structure");
#endif
/* setting the data link type only works on real interfaces */
- if (!set_pcap_linktype(pcap_opts->pcap_h, interface_opts.linktype, interface_opts.name,
+ if (!set_pcap_datalink(pcap_src->pcap_h, interface_opts->linktype,
+ interface_opts->name,
errmsg, errmsg_len,
secondary_errmsg, secondary_errmsg_len)) {
return FALSE;
}
- pcap_opts->linktype = get_pcap_linktype(pcap_opts->pcap_h, interface_opts.name);
+ pcap_src->linktype = get_pcap_datalink(pcap_src->pcap_h, interface_opts->name);
} else {
/* We couldn't open "iface" as a network device. */
/* Try to open it as a pipe */
- cap_pipe_open_live(interface_opts.name, pcap_opts, &pcap_opts->cap_pipe_hdr, errmsg, (int) errmsg_len);
+ cap_pipe_open_live(interface_opts->name, pcap_src, &pcap_src->cap_pipe_hdr, errmsg, (int) errmsg_len);
#ifndef _WIN32
- if (pcap_opts->cap_pipe_fd == -1) {
+ if (pcap_src->cap_pipe_fd == -1) {
#else
- if (pcap_opts->cap_pipe_h == INVALID_HANDLE_VALUE) {
-#endif
- if (pcap_opts->cap_pipe_err == PIPNEXIST) {
- /* Pipe doesn't exist, so output message for interface */
+ if (pcap_src->cap_pipe_h == INVALID_HANDLE_VALUE) {
+#endif
+ if (pcap_src->cap_pipe_err == PIPNEXIST) {
+ /*
+ * We tried opening as an interface, and that failed,
+ * so we tried to open it as a pipe, but the pipe
+ * doesn't exist. Report the error message for
+ * the interface.
+ */
get_capture_device_open_failure_messages(open_err_str,
- interface_opts.name,
+ interface_opts->name,
errmsg,
errmsg_len,
secondary_errmsg,
/* XXX - will this work for tshark? */
#ifdef MUST_DO_SELECT
- if (!pcap_opts->from_cap_pipe) {
+ if (!pcap_src->from_cap_pipe) {
#ifdef HAVE_PCAP_GET_SELECTABLE_FD
- pcap_opts->pcap_fd = pcap_get_selectable_fd(pcap_opts->pcap_h);
+ pcap_src->pcap_fd = pcap_get_selectable_fd(pcap_src->pcap_h);
#else
- pcap_opts->pcap_fd = pcap_fileno(pcap_opts->pcap_h);
+ pcap_src->pcap_fd = pcap_fileno(pcap_src->pcap_h);
#endif
}
#endif
report_capture_error(sync_msg_str, "");
g_free(sync_msg_str);
}
- capture_opts->ifaces = g_array_remove_index(capture_opts->ifaces, i);
- g_array_insert_val(capture_opts->ifaces, i, interface_opts);
}
/* If not using libcap: we now can now set euid/egid to ruid/rgid */
/* close the capture input file (pcap or capture pipe) */
static void capture_loop_close_input(loop_data *ld)
{
- guint i;
- pcap_options *pcap_opts;
+ guint i;
+ capture_src *pcap_src;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input");
for (i = 0; i < ld->pcaps->len; i++) {
- pcap_opts = g_array_index(ld->pcaps, pcap_options *, i);
- /* if open, close the capture pipe "input file" */
- if (pcap_opts->cap_pipe_fd >= 0) {
- g_assert(pcap_opts->from_cap_pipe);
- cap_pipe_close(pcap_opts->cap_pipe_fd, pcap_opts->from_cap_socket);
- pcap_opts->cap_pipe_fd = -1;
- }
+ pcap_src = g_array_index(ld->pcaps, capture_src *, i);
+ /* Pipe, or capture device? */
+ if (pcap_src->from_cap_pipe) {
+ /* Pipe. If open, close the capture pipe "input file". */
+ if (pcap_src->cap_pipe_fd >= 0) {
+ cap_pipe_close(pcap_src->cap_pipe_fd, pcap_src->from_cap_socket);
+ pcap_src->cap_pipe_fd = -1;
+ }
#ifdef _WIN32
- if (pcap_opts->cap_pipe_h != INVALID_HANDLE_VALUE) {
- CloseHandle(pcap_opts->cap_pipe_h);
- pcap_opts->cap_pipe_h = INVALID_HANDLE_VALUE;
- }
+ if (pcap_src->cap_pipe_h != INVALID_HANDLE_VALUE) {
+ CloseHandle(pcap_src->cap_pipe_h);
+ pcap_src->cap_pipe_h = INVALID_HANDLE_VALUE;
+ }
#endif
- /* if open, close the pcap "input file" */
- if (pcap_opts->pcap_h != NULL) {
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input: closing %p", (void *)pcap_opts->pcap_h);
- pcap_close(pcap_opts->pcap_h);
- pcap_opts->pcap_h = NULL;
+ if (pcap_src->cap_pipe_databuf != NULL) {
+ /* Free the buffer. */
+ g_free(pcap_src->cap_pipe_databuf);
+ pcap_src->cap_pipe_databuf = NULL;
+ }
+ } else {
+ /* Capture device. If open, close the pcap_t. */
+ if (pcap_src->pcap_h != NULL) {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input: closing %p", (void *)pcap_src->pcap_h);
+ pcap_close(pcap_src->pcap_h);
+ pcap_src->pcap_h = NULL;
+ }
}
}
static gboolean
capture_loop_init_output(capture_options *capture_opts, loop_data *ld, char *errmsg, int errmsg_len)
{
- int err;
- guint i;
- pcap_options *pcap_opts;
- interface_options interface_opts;
- gboolean successful;
+ int err;
+ guint i;
+ capture_src *pcap_src;
+ interface_options *interface_opts;
+ gboolean successful;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_init_output");
}
if (ld->pdh) {
if (capture_opts->use_pcapng) {
- char appname[100];
- GString *os_info_str;
+ char *appname;
+ GString *cpu_info_str;
+ GString *os_info_str;
+ cpu_info_str = g_string_new("");
os_info_str = g_string_new("");
+ get_cpu_info(cpu_info_str);
get_os_version_info(os_info_str);
- g_snprintf(appname, sizeof(appname), "Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
+ appname = g_strdup_printf("Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
successful = pcapng_write_session_header_block(ld->pdh,
- (const char *)capture_opts->capture_comment, /* Comment*/
- NULL, /* HW*/
- os_info_str->str, /* OS*/
+ (const char *)capture_opts->capture_comment, /* Comment */
+ cpu_info_str->str, /* HW */
+ os_info_str->str, /* OS */
appname,
-1, /* section_length */
&ld->bytes_written,
&err);
+ g_string_free(cpu_info_str, TRUE);
+ g_free(appname);
for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
- pcap_opts = g_array_index(ld->pcaps, pcap_options *, i);
- if (pcap_opts->from_cap_pipe) {
- pcap_opts->snaplen = pcap_opts->cap_pipe_hdr.snaplen;
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
+ pcap_src = g_array_index(ld->pcaps, capture_src *, i);
+ if (pcap_src->from_cap_pipe) {
+ pcap_src->snaplen = pcap_src->cap_pipe_hdr.snaplen;
} else {
- pcap_opts->snaplen = pcap_snapshot(pcap_opts->pcap_h);
+ pcap_src->snaplen = pcap_snapshot(pcap_src->pcap_h);
}
successful = pcapng_write_interface_description_block(global_ld.pdh,
NULL, /* OPT_COMMENT 1 */
- interface_opts.name, /* IDB_NAME 2 */
- interface_opts.descr, /* IDB_DESCRIPTION 3 */
- interface_opts.cfilter, /* IDB_FILTER 11 */
+ interface_opts->name, /* IDB_NAME 2 */
+ interface_opts->descr, /* IDB_DESCRIPTION 3 */
+ interface_opts->cfilter, /* IDB_FILTER 11 */
os_info_str->str, /* IDB_OS 12 */
- pcap_opts->linktype,
- pcap_opts->snaplen,
+ pcap_src->linktype,
+ pcap_src->snaplen,
&(global_ld.bytes_written),
0, /* IDB_IF_SPEED 8 */
- pcap_opts->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
&global_ld.err);
}
g_string_free(os_info_str, TRUE);
} else {
- pcap_opts = g_array_index(ld->pcaps, pcap_options *, 0);
- if (pcap_opts->from_cap_pipe) {
- pcap_opts->snaplen = pcap_opts->cap_pipe_hdr.snaplen;
+ pcap_src = g_array_index(ld->pcaps, capture_src *, 0);
+ if (pcap_src->from_cap_pipe) {
+ pcap_src->snaplen = pcap_src->cap_pipe_hdr.snaplen;
} else {
- pcap_opts->snaplen = pcap_snapshot(pcap_opts->pcap_h);
+ pcap_src->snaplen = pcap_snapshot(pcap_src->pcap_h);
}
- successful = libpcap_write_file_header(ld->pdh, pcap_opts->linktype, pcap_opts->snaplen,
- pcap_opts->ts_nsec, &ld->bytes_written, &err);
+ successful = libpcap_write_file_header(ld->pdh, pcap_src->linktype, pcap_src->snaplen,
+ pcap_src->ts_nsec, &ld->bytes_written, &err);
}
if (!successful) {
fclose(ld->pdh);
capture_loop_close_output(capture_options *capture_opts, loop_data *ld, int *err_close)
{
- unsigned int i;
- pcap_options *pcap_opts;
- guint64 end_time = create_timestamp();
+ unsigned int i;
+ capture_src *pcap_src;
+ guint64 end_time = create_timestamp();
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_output");
} else {
if (capture_opts->use_pcapng) {
for (i = 0; i < global_ld.pcaps->len; i++) {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
- if (!pcap_opts->from_cap_pipe) {
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
+ if (!pcap_src->from_cap_pipe) {
guint64 isb_ifrecv, isb_ifdrop;
struct pcap_stat stats;
- if (pcap_stats(pcap_opts->pcap_h, &stats) >= 0) {
- isb_ifrecv = pcap_opts->received;
- isb_ifdrop = stats.ps_drop + pcap_opts->dropped + pcap_opts->flushed;
+ if (pcap_stats(pcap_src->pcap_h, &stats) >= 0) {
+ isb_ifrecv = pcap_src->received;
+ isb_ifdrop = stats.ps_drop + pcap_src->dropped + pcap_src->flushed;
} else {
isb_ifrecv = G_MAXUINT64;
isb_ifdrop = G_MAXUINT64;
*/
static int
capture_loop_dispatch(loop_data *ld,
- char *errmsg, int errmsg_len, pcap_options *pcap_opts)
+ char *errmsg, int errmsg_len, capture_src *pcap_src)
{
int inpkts;
gint packet_count_before;
- guchar pcap_data[WTAP_MAX_PACKET_SIZE];
#ifndef _WIN32
int sel_ret;
#endif
packet_count_before = ld->packet_count;
- if (pcap_opts->from_cap_pipe) {
+ if (pcap_src->from_cap_pipe) {
/* dispatch from capture pipe */
#ifdef LOG_CAPTURE_VERBOSE
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from capture pipe");
#endif
#ifndef _WIN32
- sel_ret = cap_pipe_select(pcap_opts->cap_pipe_fd);
+ sel_ret = cap_pipe_select(pcap_src->cap_pipe_fd);
if (sel_ret <= 0) {
if (sel_ret < 0 && errno != EINTR) {
g_snprintf(errmsg, errmsg_len,
* "select()" says we can read from the pipe without blocking
*/
#endif
- inpkts = cap_pipe_dispatch(ld, pcap_opts, pcap_data, errmsg, errmsg_len);
+ inpkts = cap_pipe_dispatch(ld, pcap_src, errmsg, errmsg_len);
if (inpkts < 0) {
ld->go = FALSE;
}
#ifdef LOG_CAPTURE_VERBOSE
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from pcap_dispatch with select");
#endif
- if (pcap_opts->pcap_fd != -1) {
- sel_ret = cap_pipe_select(pcap_opts->pcap_fd);
+ if (pcap_src->pcap_fd != -1) {
+ sel_ret = cap_pipe_select(pcap_src->pcap_fd);
if (sel_ret > 0) {
/*
* "select()" says we can read from it without blocking; go for
* in a batch before quitting.
*/
if (use_threads) {
- inpkts = pcap_dispatch(pcap_opts->pcap_h, 1, capture_loop_queue_packet_cb, (u_char *)pcap_opts);
+ inpkts = pcap_dispatch(pcap_src->pcap_h, 1, capture_loop_queue_packet_cb, (u_char *)pcap_src);
} else {
- inpkts = pcap_dispatch(pcap_opts->pcap_h, 1, capture_loop_write_packet_cb, (u_char *)pcap_opts);
+ inpkts = pcap_dispatch(pcap_src->pcap_h, 1, capture_loop_write_packet_cb, (u_char *)pcap_src);
}
if (inpkts < 0) {
if (inpkts == -1) {
/* Error, rather than pcap_breakloop(). */
- pcap_opts->pcap_err = TRUE;
+ pcap_src->pcap_err = TRUE;
}
ld->go = FALSE; /* error or pcap_breakloop() - stop capturing */
}
* at a time, so that we can check the pipe after every packet.
*/
if (use_threads) {
- inpkts = pcap_dispatch(pcap_opts->pcap_h, 1, capture_loop_queue_packet_cb, (u_char *)pcap_opts);
+ inpkts = pcap_dispatch(pcap_src->pcap_h, 1, capture_loop_queue_packet_cb, (u_char *)pcap_src);
} else {
- inpkts = pcap_dispatch(pcap_opts->pcap_h, 1, capture_loop_write_packet_cb, (u_char *)pcap_opts);
+ inpkts = pcap_dispatch(pcap_src->pcap_h, 1, capture_loop_write_packet_cb, (u_char *)pcap_src);
}
#else
if (use_threads) {
- inpkts = pcap_dispatch(pcap_opts->pcap_h, -1, capture_loop_queue_packet_cb, (u_char *)pcap_opts);
+ inpkts = pcap_dispatch(pcap_src->pcap_h, -1, capture_loop_queue_packet_cb, (u_char *)pcap_src);
} else {
- inpkts = pcap_dispatch(pcap_opts->pcap_h, -1, capture_loop_write_packet_cb, (u_char *)pcap_opts);
+ inpkts = pcap_dispatch(pcap_src->pcap_h, -1, capture_loop_write_packet_cb, (u_char *)pcap_src);
}
#endif
if (inpkts < 0) {
if (inpkts == -1) {
/* Error, rather than pcap_breakloop(). */
- pcap_opts->pcap_err = TRUE;
+ pcap_src->pcap_err = TRUE;
}
ld->go = FALSE; /* error or pcap_breakloop() - stop capturing */
}
/*
* WinPcap's remote capturing feature doesn't work with pcap_dispatch(),
- * see http://wiki.wireshark.org/CaptureSetup_2fWinPcapRemote
+ * see https://wiki.wireshark.org/CaptureSetup/WinPcapRemote
* This should be fixed in the WinPcap 4.0 alpha release.
*
* For reference, an example remote interface:
in = 0;
while(ld->go &&
- (in = pcap_next_ex(pcap_opts->pcap_h, &pkt_header, &pkt_data)) == 1) {
+ (in = pcap_next_ex(pcap_src->pcap_h, &pkt_header, &pkt_data)) == 1) {
if (use_threads) {
- capture_loop_queue_packet_cb((u_char *)pcap_opts, pkt_header, pkt_data);
+ capture_loop_queue_packet_cb((u_char *)pcap_src, pkt_header, pkt_data);
} else {
- capture_loop_write_packet_cb((u_char *)pcap_opts, pkt_header, pkt_data);
+ capture_loop_write_packet_cb((u_char *)pcap_src, pkt_header, pkt_data);
}
}
if (in < 0) {
- pcap_opts->pcap_err = TRUE;
+ pcap_src->pcap_err = TRUE;
ld->go = FALSE;
}
}
{
char *tmpname;
gchar *capfile_name;
- gchar *prefix;
+ gchar *prefix, *suffix;
gboolean is_tempfile;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_output: %s",
/* Choose a random name for the temporary capture buffer */
if (global_capture_opts.ifaces->len > 1) {
prefix = g_strdup_printf("wireshark_%d_interfaces", global_capture_opts.ifaces->len);
+ if (capture_opts->use_pcapng) {
+ suffix = ".pcapng";
+ }else{
+ suffix = ".pcap";
+ }
} else {
gchar *basename;
- basename = g_path_get_basename(g_array_index(global_capture_opts.ifaces, interface_options, 0).console_display_name);
+ basename = g_path_get_basename((&g_array_index(global_capture_opts.ifaces, interface_options, 0))->console_display_name);
#ifdef _WIN32
/* use the generic portion of the interface guid to form the basis of the filename */
if (strncmp("NPF_{", basename, 5)==0)
g_string_free(iface, TRUE);
}
#endif
- /* generate the temp file name prefix...
- * It would be nice if we could specify a pcapng/pcap filename suffix,
- * create_tempfile() however currently uses mkstemp() which doesn't allow this - one day perhaps*/
+ /* generate the temp file name prefix and suffix */
if (capture_opts->use_pcapng) {
- prefix = g_strconcat("wireshark_pcapng_", basename, NULL);
+ prefix = g_strconcat("wireshark_", basename, NULL);
+ suffix = ".pcapng";
}else{
- prefix = g_strconcat("wireshark_pcap_", basename, NULL);
+ prefix = g_strconcat("wireshark_", basename, NULL);
+ suffix = ".pcap";
}
g_free(basename);
}
- *save_file_fd = create_tempfile(&tmpname, prefix);
+ *save_file_fd = create_tempfile(&tmpname, prefix, suffix);
g_free(prefix);
capfile_name = g_strdup(tmpname);
is_tempfile = TRUE;
do_file_switch_or_stop(capture_options *capture_opts,
condition *cnd_autostop_files,
condition *cnd_autostop_size,
- condition *cnd_file_duration)
+ condition *cnd_file_duration,
+ condition *cnd_file_interval)
{
- guint i;
- pcap_options *pcap_opts;
- interface_options interface_opts;
- gboolean successful;
+ guint i;
+ capture_src *pcap_src;
+ interface_options *interface_opts;
+ gboolean successful;
if (capture_opts->multi_files_on) {
if (cnd_autostop_files != NULL &&
- cnd_eval(cnd_autostop_files, ++global_ld.autostop_files)) {
+ cnd_eval(cnd_autostop_files, (guint64)++global_ld.autostop_files)) {
/* no files left: stop here */
global_ld.go = FALSE;
return FALSE;
/* File switch succeeded: reset the conditions */
global_ld.bytes_written = 0;
if (capture_opts->use_pcapng) {
- char appname[100];
- GString *os_info_str;
+ char *appname;
+ GString *cpu_info_str;
+ GString *os_info_str;
+ cpu_info_str = g_string_new("");
os_info_str = g_string_new("");
+ get_cpu_info(cpu_info_str);
get_os_version_info(os_info_str);
- g_snprintf(appname, sizeof(appname), "Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
+ appname = g_strdup_printf("Dumpcap (Wireshark) %s", get_ws_vcs_version_info());
successful = pcapng_write_session_header_block(global_ld.pdh,
- NULL, /* Comment */
- NULL, /* HW */
+ (const char *)capture_opts->capture_comment, /* Comment */
+ cpu_info_str->str, /* HW */
os_info_str->str, /* OS */
appname,
- -1, /* section_length */
+ -1, /* section_length */
&(global_ld.bytes_written),
&global_ld.err);
+ g_string_free(cpu_info_str, TRUE);
+ g_free(appname);
for (i = 0; successful && (i < capture_opts->ifaces->len); i++) {
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
successful = pcapng_write_interface_description_block(global_ld.pdh,
- NULL, /* OPT_COMMENT 1 */
- interface_opts.name, /* IDB_NAME 2 */
- interface_opts.descr, /* IDB_DESCRIPTION 3 */
- interface_opts.cfilter, /* IDB_FILTER 11 */
- os_info_str->str, /* IDB_OS 12 */
- pcap_opts->linktype,
- pcap_opts->snaplen,
+ NULL, /* OPT_COMMENT 1 */
+ interface_opts->name, /* IDB_NAME 2 */
+ interface_opts->descr, /* IDB_DESCRIPTION 3 */
+ interface_opts->cfilter, /* IDB_FILTER 11 */
+ os_info_str->str, /* IDB_OS 12 */
+ pcap_src->linktype,
+ pcap_src->snaplen,
&(global_ld.bytes_written),
0, /* IDB_IF_SPEED 8 */
- pcap_opts->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
+ pcap_src->ts_nsec ? 9 : 6, /* IDB_TSRESOL 9 */
&global_ld.err);
}
g_string_free(os_info_str, TRUE);
} else {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, 0);
- successful = libpcap_write_file_header(global_ld.pdh, pcap_opts->linktype, pcap_opts->snaplen,
- pcap_opts->ts_nsec, &global_ld.bytes_written, &global_ld.err);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
+ successful = libpcap_write_file_header(global_ld.pdh, pcap_src->linktype, pcap_src->snaplen,
+ pcap_src->ts_nsec, &global_ld.bytes_written, &global_ld.err);
}
if (!successful) {
fclose(global_ld.pdh);
cnd_reset(cnd_autostop_size);
if (cnd_file_duration)
cnd_reset(cnd_file_duration);
+ if (cnd_file_interval)
+ cnd_reset(cnd_file_interval);
fflush(global_ld.pdh);
if (!quiet)
report_packet_count(global_ld.inpkts_to_sync_pipe);
static void *
pcap_read_handler(void* arg)
{
- pcap_options *pcap_opts;
- char errmsg[MSG_MAX_LENGTH+1];
+ capture_src *pcap_src;
+ char errmsg[MSG_MAX_LENGTH+1];
- pcap_opts = (pcap_options *)arg;
+ pcap_src = (capture_src *)arg;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Started thread for interface %d.",
- pcap_opts->interface_id);
+ pcap_src->interface_id);
while (global_ld.go) {
/* dispatch incoming packets */
- capture_loop_dispatch(&global_ld, errmsg, sizeof(errmsg), pcap_opts);
+ capture_loop_dispatch(&global_ld, errmsg, sizeof(errmsg), pcap_src);
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Stopped thread for interface %d.",
- pcap_opts->interface_id);
+ pcap_src->interface_id);
g_thread_exit(NULL);
return (NULL);
}
static gboolean
capture_loop_start(capture_options *capture_opts, gboolean *stats_known, struct pcap_stat *stats)
{
-#ifdef WIN32
- DWORD upd_time, cur_time; /* GetTickCount() returns a "DWORD" (which is 'unsigned long') */
+#ifdef _WIN32
+ DWORD upd_time, cur_time; /* GetTickCount() returns a "DWORD" (which is 'unsigned long') */
#else
- struct timeval upd_time, cur_time;
-#endif
- int err_close;
- int inpkts;
- condition *cnd_file_duration = NULL;
- condition *cnd_autostop_files = NULL;
- condition *cnd_autostop_size = NULL;
- condition *cnd_autostop_duration = NULL;
- gboolean write_ok;
- gboolean close_ok;
- gboolean cfilter_error = FALSE;
- char errmsg[MSG_MAX_LENGTH+1];
- char secondary_errmsg[MSG_MAX_LENGTH+1];
- pcap_options *pcap_opts;
- interface_options interface_opts;
- guint i, error_index = 0;
+ struct timeval upd_time, cur_time;
+#endif
+ int err_close;
+ int inpkts;
+ condition *cnd_file_duration = NULL;
+ condition *cnd_file_interval = NULL;
+ condition *cnd_autostop_files = NULL;
+ condition *cnd_autostop_size = NULL;
+ condition *cnd_autostop_duration = NULL;
+ gboolean write_ok;
+ gboolean close_ok;
+ gboolean cfilter_error = FALSE;
+ char errmsg[MSG_MAX_LENGTH+1];
+ char secondary_errmsg[MSG_MAX_LENGTH+1];
+ capture_src *pcap_src;
+ interface_options *interface_opts;
+ guint i, error_index = 0;
*errmsg = '\0';
*secondary_errmsg = '\0';
goto error;
}
for (i = 0; i < capture_opts->ifaces->len; i++) {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
/* init the input filter from the network interface (capture pipe will do nothing) */
/*
* When remote capturing WinPCap crashes when the capture filter
* is NULL. This might be a bug in WPCap. Therefore we provide an empty
* string.
*/
- switch (capture_loop_init_filter(pcap_opts->pcap_h, pcap_opts->from_cap_pipe,
- interface_opts.name,
- interface_opts.cfilter?interface_opts.cfilter:"")) {
+ switch (capture_loop_init_filter(pcap_src->pcap_h, pcap_src->from_cap_pipe,
+ interface_opts->name,
+ interface_opts->cfilter?interface_opts->cfilter:"")) {
case INITFILTER_NO_ERROR:
break;
case INITFILTER_BAD_FILTER:
cfilter_error = TRUE;
error_index = i;
- g_snprintf(errmsg, sizeof(errmsg), "%s", pcap_geterr(pcap_opts->pcap_h));
+ g_snprintf(errmsg, sizeof(errmsg), "%s", pcap_geterr(pcap_src->pcap_h));
goto error;
case INITFILTER_OTHER_ERROR:
g_snprintf(errmsg, sizeof(errmsg), "Can't install filter (%s).",
- pcap_geterr(pcap_opts->pcap_h));
+ pcap_geterr(pcap_src->pcap_h));
g_snprintf(secondary_errmsg, sizeof(secondary_errmsg), "%s", please_report);
goto error;
}
if (capture_opts->has_autostop_files)
cnd_autostop_files =
- cnd_new(CND_CLASS_CAPTURESIZE, capture_opts->autostop_files);
+ cnd_new(CND_CLASS_CAPTURESIZE, (guint64)capture_opts->autostop_files);
+
+ if (capture_opts->has_file_interval)
+ cnd_file_interval =
+ cnd_new(CND_CLASS_INTERVAL, capture_opts->file_interval);
}
/* init the time values */
-#ifdef WIN32
+#ifdef _WIN32
upd_time = GetTickCount();
#else
gettimeofday(&upd_time, NULL);
#endif
start_time = create_timestamp();
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Capture loop running.");
+ capture_opts_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, capture_opts);
/* WOW, everything is prepared! */
/* please fasten your seat belts, we will enter now the actual capture loop */
pcap_queue_bytes = 0;
pcap_queue_packets = 0;
for (i = 0; i < global_ld.pcaps->len; i++) {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
#if GLIB_CHECK_VERSION(2,31,0)
/* XXX - Add an interface name here? */
- pcap_opts->tid = g_thread_new("Capture read", pcap_read_handler, pcap_opts);
+ pcap_src->tid = g_thread_new("Capture read", pcap_read_handler, pcap_src);
#else
- pcap_opts->tid = g_thread_create(pcap_read_handler, pcap_opts, TRUE, NULL);
+ pcap_src->tid = g_thread_create(pcap_read_handler, pcap_src, TRUE, NULL);
#endif
}
}
if (queue_element) {
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Dequeued a packet of length %d captured on interface %d.",
- queue_element->phdr.caplen, queue_element->pcap_opts->interface_id);
+ queue_element->phdr.caplen, queue_element->pcap_src->interface_id);
- capture_loop_write_packet_cb((u_char *) queue_element->pcap_opts,
+ capture_loop_write_packet_cb((u_char *) queue_element->pcap_src,
&queue_element->phdr,
queue_element->pd);
g_free(queue_element->pd);
inpkts = 0;
}
} else {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, 0);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, 0);
inpkts = capture_loop_dispatch(&global_ld, errmsg,
- sizeof(errmsg), pcap_opts);
+ sizeof(errmsg), pcap_src);
}
#ifdef SIGINFO
/* Were we asked to print packet counts by the SIGINFO handler? */
if (cnd_autostop_size != NULL &&
cnd_eval(cnd_autostop_size, global_ld.bytes_written)) {
/* Capture size limit reached, do we have another file? */
- if (!do_file_switch_or_stop(capture_opts, cnd_autostop_files,
- cnd_autostop_size, cnd_file_duration))
+ if (!do_file_switch_or_stop(capture_opts,
+ cnd_autostop_files,
+ cnd_autostop_size,
+ cnd_file_duration,
+ cnd_file_interval))
continue;
} /* cnd_autostop_size */
if (capture_opts->output_to_pipe) {
*/
#define DUMPCAP_UPD_TIME 500
-#ifdef WIN32
+#ifdef _WIN32
cur_time = GetTickCount(); /* Note: wraps to 0 if sys runs for 49.7 days */
if ((cur_time - upd_time) > DUMPCAP_UPD_TIME) { /* wrap just causes an extra update */
#else
/* check capture file duration condition */
if (cnd_file_duration != NULL && cnd_eval(cnd_file_duration)) {
/* duration limit reached, do we have another file? */
- if (!do_file_switch_or_stop(capture_opts, cnd_autostop_files,
- cnd_autostop_size, cnd_file_duration))
+ if (!do_file_switch_or_stop(capture_opts,
+ cnd_autostop_files,
+ cnd_autostop_size,
+ cnd_file_duration,
+ cnd_file_interval))
continue;
} /* cnd_file_duration */
+
+ /* check capture file interval condition */
+ if (cnd_file_interval != NULL && cnd_eval(cnd_file_interval)) {
+ /* end of interval reached, do we have another file? */
+ if (!do_file_switch_or_stop(capture_opts,
+ cnd_autostop_files,
+ cnd_autostop_size,
+ cnd_file_duration,
+ cnd_file_interval))
+ continue;
+ } /* cnd_file_interval */
}
}
pcap_queue_element *queue_element;
for (i = 0; i < global_ld.pcaps->len; i++) {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Waiting for thread of interface %u...",
- pcap_opts->interface_id);
- g_thread_join(pcap_opts->tid);
+ pcap_src->interface_id);
+ g_thread_join(pcap_src->tid);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Thread of interface %u terminated.",
- pcap_opts->interface_id);
+ pcap_src->interface_id);
}
while (1) {
g_async_queue_lock(pcap_queue);
}
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Dequeued a packet of length %d captured on interface %d.",
- queue_element->phdr.caplen, queue_element->pcap_opts->interface_id);
- capture_loop_write_packet_cb((u_char *)queue_element->pcap_opts,
+ queue_element->phdr.caplen, queue_element->pcap_src->interface_id);
+ capture_loop_write_packet_cb((u_char *)queue_element->pcap_src,
&queue_element->phdr,
queue_element->pd);
g_free(queue_element->pd);
/* delete stop conditions */
if (cnd_file_duration != NULL)
cnd_delete(cnd_file_duration);
+ if (cnd_file_interval != NULL)
+ cnd_delete(cnd_file_interval);
if (cnd_autostop_files != NULL)
cnd_delete(cnd_autostop_files);
if (cnd_autostop_size != NULL)
/* did we have a pcap (input) error? */
for (i = 0; i < capture_opts->ifaces->len; i++) {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
- if (pcap_opts->pcap_err) {
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
+ if (pcap_src->pcap_err) {
/* On Linux, if an interface goes down while you're capturing on it,
you'll get a "recvfrom: Network is down" or
"The interface went down" error (ENETDOWN).
(At least you will if g_strerror() doesn't show a local translation
of the error.)
- On FreeBSD and OS X, if a network adapter disappears while
- you're capturing on it, you'll get a "read: Device not configured"
- error (ENXIO). (See previous parenthetical note.)
+ On FreeBSD, DragonFly BSD, and macOS, if a network adapter
+ disappears while you're capturing on it, you'll get a
+ "read: Device not configured" error (ENXIO). (See previous
+ parenthetical note.)
On OpenBSD, you get "read: I/O error" (EIO) in the same case.
These should *not* be reported to the Wireshark developers. */
char *cap_err_str;
- cap_err_str = pcap_geterr(pcap_opts->pcap_h);
+ cap_err_str = pcap_geterr(pcap_src->pcap_h);
if (strcmp(cap_err_str, "recvfrom: Network is down") == 0 ||
strcmp(cap_err_str, "The interface went down") == 0 ||
strcmp(cap_err_str, "read: Device not configured") == 0 ||
report_capture_error(errmsg, please_report);
}
break;
- } else if (pcap_opts->from_cap_pipe && pcap_opts->cap_pipe_err == PIPERR) {
+ } else if (pcap_src->from_cap_pipe && pcap_src->cap_pipe_err == PIPERR) {
report_capture_error(errmsg, "");
break;
}
guint32 received;
guint32 pcap_dropped = 0;
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
- received = pcap_opts->received;
- if (pcap_opts->pcap_h != NULL) {
- g_assert(!pcap_opts->from_cap_pipe);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
+ received = pcap_src->received;
+ if (pcap_src->pcap_h != NULL) {
+ g_assert(!pcap_src->from_cap_pipe);
/* Get the capture statistics, so we know how many packets were dropped. */
/*
* Older versions of libpcap didn't set ps_ifdrop on some
* platforms; initialize it to 0 to handle that.
*/
stats->ps_ifdrop = 0;
- if (pcap_stats(pcap_opts->pcap_h, stats) >= 0) {
+ if (pcap_stats(pcap_src->pcap_h, stats) >= 0) {
*stats_known = TRUE;
/* Let the parent process know. */
pcap_dropped += stats->ps_drop;
} else {
g_snprintf(errmsg, sizeof(errmsg),
"Can't get packet-drop statistics: %s",
- pcap_geterr(pcap_opts->pcap_h));
+ pcap_geterr(pcap_src->pcap_h));
report_capture_error(errmsg, please_report);
}
}
- report_packet_drops(received, pcap_dropped, pcap_opts->dropped, pcap_opts->flushed, stats->ps_ifdrop, interface_opts.console_display_name);
+ report_packet_drops(received, pcap_dropped, pcap_src->dropped, pcap_src->flushed, stats->ps_ifdrop, interface_opts->console_display_name);
}
/* close the input file (pcap or capture pipe) */
capture_loop_stop(void)
{
#ifdef HAVE_PCAP_BREAKLOOP
- guint i;
- pcap_options *pcap_opts;
+ guint i;
+ capture_src *pcap_src;
for (i = 0; i < global_ld.pcaps->len; i++) {
- pcap_opts = g_array_index(global_ld.pcaps, pcap_options *, i);
- if (pcap_opts->pcap_h != NULL)
- pcap_breakloop(pcap_opts->pcap_h);
+ pcap_src = g_array_index(global_ld.pcaps, capture_src *, i);
+ if (pcap_src->pcap_h != NULL)
+ pcap_breakloop(pcap_src->pcap_h);
}
#endif
global_ld.go = FALSE;
/* one packet was captured, process it */
static void
-capture_loop_write_packet_cb(u_char *pcap_opts_p, const struct pcap_pkthdr *phdr,
+capture_loop_write_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr,
const u_char *pd)
{
- pcap_options *pcap_opts = (pcap_options *) (void *) pcap_opts_p;
- int err;
- guint ts_mul = pcap_opts->ts_nsec ? 1000000000 : 1000000;
+ capture_src *pcap_src = (capture_src *) (void *) pcap_src_p;
+ int err;
+ guint ts_mul = pcap_src->ts_nsec ? 1000000000 : 1000000;
/* We may be called multiple times from pcap_dispatch(); if we've set
the "stop capturing" flag, ignore this packet, as we're not
supposed to be saving any more packets. */
if (!global_ld.go) {
- pcap_opts->flushed++;
+ pcap_src->flushed++;
return;
}
NULL,
phdr->ts.tv_sec, (gint32)phdr->ts.tv_usec,
phdr->caplen, phdr->len,
- pcap_opts->interface_id,
+ pcap_src->interface_id,
ts_mul,
pd, 0,
&global_ld.bytes_written, &err);
if (!successful) {
global_ld.go = FALSE;
global_ld.err = err;
- pcap_opts->dropped++;
+ pcap_src->dropped++;
} else {
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Wrote a packet of length %d captured on interface %u.",
- phdr->caplen, pcap_opts->interface_id);
+ phdr->caplen, pcap_src->interface_id);
#endif
global_ld.packet_count++;
- pcap_opts->received++;
+ pcap_src->received++;
/* if the user told us to stop after x packets, do we already have enough? */
if ((global_ld.packet_max > 0) && (global_ld.packet_count >= global_ld.packet_max)) {
global_ld.go = FALSE;
/* one packet was captured, queue it */
static void
-capture_loop_queue_packet_cb(u_char *pcap_opts_p, const struct pcap_pkthdr *phdr,
+capture_loop_queue_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr,
const u_char *pd)
{
- pcap_options *pcap_opts = (pcap_options *) (void *) pcap_opts_p;
+ capture_src *pcap_src = (capture_src *) (void *) pcap_src_p;
pcap_queue_element *queue_element;
gboolean limit_reached;
the "stop capturing" flag, ignore this packet, as we're not
supposed to be saving any more packets. */
if (!global_ld.go) {
- pcap_opts->flushed++;
+ pcap_src->flushed++;
return;
}
queue_element = (pcap_queue_element *)g_malloc(sizeof(pcap_queue_element));
if (queue_element == NULL) {
- pcap_opts->dropped++;
+ pcap_src->dropped++;
return;
}
- queue_element->pcap_opts = pcap_opts;
+ queue_element->pcap_src = pcap_src;
queue_element->phdr = *phdr;
queue_element->pd = (u_char *)g_malloc(phdr->caplen);
if (queue_element->pd == NULL) {
- pcap_opts->dropped++;
+ pcap_src->dropped++;
g_free(queue_element);
return;
}
}
g_async_queue_unlock(pcap_queue);
if (limit_reached) {
- pcap_opts->dropped++;
+ pcap_src->dropped++;
g_free(queue_element->pd);
g_free(queue_element);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Dropped a packet of length %d captured on interface %u.",
- phdr->caplen, pcap_opts->interface_id);
+ phdr->caplen, pcap_src->interface_id);
} else {
- pcap_opts->received++;
+ pcap_src->received++;
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
"Queued a packet of length %d captured on interface %u.",
- phdr->caplen, pcap_opts->interface_id);
+ phdr->caplen, pcap_src->interface_id);
}
/* I don't want to hold the mutex over the debug output. So the
output may be wrong */
static int
set_80211_channel(const char *iface, const char *opt)
{
- int freq = 0, type, ret;
+ guint32 freq = 0;
+ int type = -1;
+ guint32 center_freq1 = 0;
+ guint32 center_freq2 = 0;
+ int args;
+ int ret = 0;
gchar **options = NULL;
- options = g_strsplit_set(opt, ",", 2);
+ options = g_strsplit_set(opt, ",", 4);
+ for (args = 0; options[args]; args++);
if (options[0])
- freq = atoi(options[0]);
+ freq = get_nonzero_guint32(options[0], "802.11 channel frequency");
- if (options[1]) {
+ if (args >= 1 && options[1]) {
type = ws80211_str_to_chan_type(options[1]);
if (type == -1) {
+ cmdarg_err("\"%s\" is not a valid 802.11 channel type", options[1]);
ret = EINVAL;
goto out;
}
}
- else
- type = -1;
+
+ if (args >= 2 && options[2])
+ center_freq1 = get_nonzero_guint32(options[2], "VHT center frequency");
+
+ if (args >= 3 && options[3])
+ center_freq2 = get_nonzero_guint32(options[3], "VHT center frequency 2");
ret = ws80211_init();
if (ret) {
ret = 2;
goto out;
}
- ret = ws80211_set_freq(iface, freq, type);
+ ret = ws80211_set_freq(iface, freq, type, center_freq1, center_freq2);
if (ret) {
cmdarg_err("%d: Failed to set channel: %s\n", abs(ret), g_strerror(abs(ret)));
if (capture_child)
pipe_write_block(2, SP_SUCCESS, NULL);
- ret = 0;
out:
g_strfreev(options);
/* Capture libraries */
g_string_append(str, ", ");
get_compiled_caplibs_version(str);
-
- /* LIBZ */
- g_string_append(str, ", ");
-#ifdef HAVE_LIBZ
- g_string_append(str, "with libz ");
-#ifdef ZLIB_VERSION
- g_string_append(str, ZLIB_VERSION);
-#else /* ZLIB_VERSION */
- g_string_append(str, "(version unknown)");
-#endif /* ZLIB_VERSION */
-#else /* HAVE_LIBZ */
- g_string_append(str, "without libz");
-#endif /* HAVE_LIBZ */
}
static void
/* Capture libraries */
g_string_append(str, ", ");
get_runtime_caplibs_version(str);
-
- /* zlib */
-#if defined(HAVE_LIBZ) && !defined(_WIN32)
- g_string_append_printf(str, ", with libz %s", zlibVersion());
-#endif
}
/* And now our feature presentation... [ fade to music ] */
GString *runtime_info_str;
int opt;
static const struct option long_options[] = {
- {(char *)"help", no_argument, NULL, 'h'},
- {(char *)"version", no_argument, NULL, 'v'},
+ {"help", no_argument, NULL, 'h'},
+ {"version", no_argument, NULL, 'v'},
LONGOPT_CAPTURE_COMMON
{0, 0, 0, 0 }
};
gboolean arg_error = FALSE;
#ifdef _WIN32
+ int result;
WSADATA wsaData;
#else
struct sigaction action, oldaction;
struct pcap_stat stats;
GLogLevelFlags log_flags;
gboolean list_interfaces = FALSE;
- gboolean list_link_layer_types = FALSE;
+ int caps_queries = 0;
#ifdef HAVE_BPF_IMAGE
gboolean print_bpf_code = FALSE;
#endif
cmdarg_err_init(dumpcap_cmdarg_err, dumpcap_cmdarg_err_cont);
- /* Assemble the compile-time version information string */
- comp_info_str = g_string_new("Compiled ");
- get_compiled_version_info(comp_info_str, NULL, get_dumpcap_compiled_info);
+ /* Get the compile-time version information string */
+ comp_info_str = get_compiled_version_info(NULL, get_dumpcap_compiled_info);
- /* Assemble the run-time version information string */
- runtime_info_str = g_string_new("Running ");
- get_runtime_version_info(runtime_info_str, get_dumpcap_runtime_info);
+ /* Get the run-time version information string */
+ runtime_info_str = get_runtime_version_info(get_dumpcap_runtime_info);
/* Add it to the information to be reported on a crash. */
ws_add_crash_info("Dumpcap (Wireshark) %s\n"
"\n"
"%s",
get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str);
+ g_string_free(comp_info_str, TRUE);
+ g_string_free(runtime_info_str, TRUE);
#ifdef _WIN32
arg_list_utf_16to8(argc, argv);
*/
if (uname(&osinfo) == 0) {
/*
- * Mac OS X 10.x uses Darwin {x+4}.0.0. Mac OS X 10.x.y uses Darwin
+ * {Mac} OS X/macOS 10.x uses Darwin {x+4}.0.0; 10.x.y uses Darwin
* {x+4}.y.0 (except that 10.6.1 appears to have a uname version
* number of 10.0.0, not 10.1.0 - go figure).
*/
console_log_handler, NULL /* user_data */);
/* Initialize the pcaps list */
- global_ld.pcaps = g_array_new(FALSE, FALSE, sizeof(pcap_options *));
+ global_ld.pcaps = g_array_new(FALSE, FALSE, sizeof(capture_src *));
#if !GLIB_CHECK_VERSION(2,31,0)
/* Initialize the thread system */
/*wpcap_packet_load();*/
/* Start windows sockets */
- WSAStartup( MAKEWORD( 1, 1 ), &wsaData );
+ result = WSAStartup( MAKEWORD( 1, 1 ), &wsaData );
+ if (result != 0)
+ {
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_ERROR,
+ "ERROR: WSAStartup failed with error: %d", result);
+ exit_main(1);
+ }
/* Set handler for Ctrl+C key */
SetConsoleCtrlHandler(capture_cleanup_handler, TRUE);
/* This behaviour will apparently be changed in the kernel */
/* to allow the kill (signal) in this case. */
/* See the following for details: */
- /* http://www.mail-archive.com/ [wrapped] */
+ /* https://www.mail-archive.com/ [wrapped] */
/* linux-security-module@vger.kernel.org/msg02913.html */
/* */
/* It is therefore conceivable that if dumpcap somehow hangs */
case 'h': /* Print help and exit */
printf("Dumpcap (Wireshark) %s\n"
"Capture network packets and dump them into a pcapng or pcap file.\n"
- "See http://www.wireshark.org for more information.\n",
+ "See https://www.wireshark.org for more information.\n",
get_ws_vcs_version_info());
print_usage(stdout);
exit_main(0);
break;
case 'v': /* Show version and exit */
- {
- show_version(comp_info_str, runtime_info_str);
+ comp_info_str = get_compiled_version_info(NULL, get_dumpcap_compiled_info);
+ runtime_info_str = get_runtime_version_info(get_dumpcap_runtime_info);
+ show_version("Dumpcap (Wireshark)", comp_info_str, runtime_info_str);
g_string_free(comp_info_str, TRUE);
g_string_free(runtime_info_str, TRUE);
exit_main(0);
break;
- }
/*** capture option specific ***/
case 'a': /* autostop criteria */
case 'b': /* Ringbuffer option */
case 'f': /* capture filter */
case 'g': /* enable group read access on file(s) */
case 'i': /* Use interface x */
+ case LONGOPT_SET_TSTAMP_TYPE: /* Set capture timestamp type */
case 'n': /* Use pcapng format */
case 'p': /* Don't capture in promiscuous mode */
case 'P': /* Use pcap format */
#ifdef HAVE_PCAP_SETSAMPLING
case 'm': /* Sampling */
#endif
-#if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
+#ifdef CAN_SET_CAPTURE_BUFFER_SIZE
case 'B': /* Buffer size */
-#endif /* _WIN32 or HAVE_PCAP_CREATE */
+#endif
#ifdef HAVE_PCAP_CREATE
case 'I': /* Monitor mode */
#endif
break;
/*** all non capture option specific ***/
case 'D': /* Print a list of capture devices and exit */
- list_interfaces = TRUE;
- run_once_args++;
+ if (!list_interfaces) {
+ list_interfaces = TRUE;
+ run_once_args++;
+ }
break;
case 'L': /* Print list of link-layer types and exit */
- list_link_layer_types = TRUE;
- run_once_args++;
+ if (!(caps_queries & CAPS_QUERY_LINK_TYPES)) {
+ caps_queries |= CAPS_QUERY_LINK_TYPES;
+ run_once_args++;
+ }
break;
+ case LONGOPT_LIST_TSTAMP_TYPES:
+ caps_queries |= CAPS_QUERY_TIMESTAMP_TYPES;
+ break;
#ifdef HAVE_BPF_IMAGE
case 'd': /* Print BPF code for capture filter and exit */
- print_bpf_code = TRUE;
- run_once_args++;
+ if (!print_bpf_code) {
+ print_bpf_code = TRUE;
+ run_once_args++;
+ }
break;
#endif
case 'S': /* Print interface statistics once a second */
- print_statistics = TRUE;
- run_once_args++;
+ if (!print_statistics) {
+ print_statistics = TRUE;
+ run_once_args++;
+ }
break;
case 'k': /* Set wireless channel */
- set_chan = TRUE;
- set_chan_arg = optarg;
- run_once_args++;
- break;
+ if (!set_chan) {
+ set_chan = TRUE;
+ set_chan_arg = optarg;
+ run_once_args++;
+ } else {
+ cmdarg_err("Only one -k flag may be specified");
+ arg_error = TRUE;
+ }
+ break;
case 'M': /* For -D, -L, and -S, print machine-readable output */
machine_readable = TRUE;
break;
}
if (run_once_args > 1) {
- cmdarg_err("Only one of -D, -L, or -S may be supplied.");
+#ifdef HAVE_BPF_IMAGE
+ cmdarg_err("Only one of -D, -L, -d, -k or -S may be supplied.");
+#else
+ cmdarg_err("Only one of -D, -L, -k or -S may be supplied.");
+#endif
exit_main(1);
} else if (run_once_args == 1) {
/* We're supposed to print some information, rather than
cmdarg_err("Ring buffer requested, but capture isn't being saved to a permanent file.");
global_capture_opts.multi_files_on = FALSE;
}
- if (!global_capture_opts.has_autostop_filesize && !global_capture_opts.has_file_duration) {
- cmdarg_err("Ring buffer requested, but no maximum capture file size or duration were specified.");
+ if (!global_capture_opts.has_autostop_filesize &&
+ !global_capture_opts.has_file_duration &&
+ !global_capture_opts.has_file_interval) {
+ cmdarg_err("Ring buffer requested, but no maximum capture file size, duration"
+ "or interval were specified.");
#if 0
/* XXX - this must be redesigned as the conditions changed */
global_capture_opts.multi_files_on = FALSE;
#endif
}
+ if (global_capture_opts.has_file_duration && global_capture_opts.has_file_interval) {
+ cmdarg_err("Ring buffer file duration and interval can't be used at the same time.");
+ exit_main(1);
+ }
}
}
int err;
gchar *err_str;
- if_list = capture_interface_list(&err, &err_str,NULL);
+ if_list = capture_interface_list(&err, &err_str, NULL);
if (if_list == NULL) {
if (err == 0) {
/*
}
if (set_chan) {
- interface_options interface_opts;
+ interface_options *interface_opts;
if (global_capture_opts.ifaces->len != 1) {
cmdarg_err("Need one interface");
exit_main(2);
}
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, 0);
- status = set_80211_channel(interface_opts.name, set_chan_arg);
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, 0);
+ status = set_80211_channel(interface_opts->name, set_chan_arg);
exit_main(status);
}
exit_main(status);
}
+ if (caps_queries) {
+ /* Get the list of link-layer and/or timestamp types for the capture device. */
+ if_capabilities_t *caps;
+ gchar *err_str;
+ guint ii;
+
+ for (ii = 0; ii < global_capture_opts.ifaces->len; ii++) {
+ int if_caps_queries = caps_queries;
+ interface_options *interface_opts;
+
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, ii);
+
+ caps = get_if_capabilities(interface_opts, &err_str);
+ if (caps == NULL) {
+ cmdarg_err("The capabilities of the capture device \"%s\" could not be obtained (%s).\n"
+ "Please check to make sure you have sufficient permissions, and that\n"
+ "you have the proper interface or pipe specified.", interface_opts->name, err_str);
+ g_free(err_str);
+ exit_main(2);
+ }
+ if ((if_caps_queries & CAPS_QUERY_LINK_TYPES) && caps->data_link_types == NULL) {
+ cmdarg_err("The capture device \"%s\" has no data link types.", interface_opts->name);
+ exit_main(2);
+ } /* No timestamp types is no big deal. So we will just ignore it */
+
+ if (interface_opts->monitor_mode)
+ if_caps_queries |= CAPS_MONITOR_MODE;
+
+ if (machine_readable) /* tab-separated values to stdout */
+ /* XXX: We need to change the format and adapt consumers */
+ print_machine_readable_if_capabilities(caps, if_caps_queries);
+ else
+ /* XXX: We might want to print also the interface name */
+ capture_opts_print_if_capabilities(caps, interface_opts->name, if_caps_queries);
+ free_if_capabilities(caps);
+ }
+ exit_main(0);
+ }
+
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+ for (j = 0; j < global_capture_opts.ifaces->len; j++) {
+ interface_options *interface_opts;
+
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, j);
+ if (interface_opts->timestamp_type) {
+ interface_opts->timestamp_type_id = pcap_tstamp_type_name_to_val(interface_opts->timestamp_type);
+ if (interface_opts->timestamp_type_id < 0) {
+ cmdarg_err("Invalid argument to option: --time-stamp-type=%s", interface_opts->timestamp_type);
+ exit_main(1);
+ }
+ }
+ }
+#endif
+
+ /* We're supposed to do a capture, or print the BPF code for a filter. */
+
/* Let the user know what interfaces were chosen. */
if (capture_child) {
for (j = 0; j < global_capture_opts.ifaces->len; j++) {
- interface_options interface_opts;
+ interface_options *interface_opts;
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, j);
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, j);
g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Interface: %s\n",
- interface_opts.name);
+ interface_opts->name);
}
} else {
str = g_string_new("");
#endif
{
for (j = 0; j < global_capture_opts.ifaces->len; j++) {
- interface_options interface_opts;
+ interface_options *interface_opts;
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, j);
+ interface_opts = &g_array_index(global_capture_opts.ifaces, interface_options, j);
if (j > 0) {
if (global_capture_opts.ifaces->len > 2) {
g_string_append_printf(str, ",");
g_string_append_printf(str, "and ");
}
}
- g_string_append_printf(str, "'%s'", interface_opts.console_display_name);
+ g_string_append_printf(str, "'%s'", interface_opts->console_display_name);
}
} else {
g_string_append_printf(str, "%u interfaces", global_capture_opts.ifaces->len);
g_string_free(str, TRUE);
}
- if (list_link_layer_types) {
- /* Get the list of link-layer types for the capture device. */
- if_capabilities_t *caps;
- gchar *err_str;
- guint ii;
-
- for (ii = 0; ii < global_capture_opts.ifaces->len; ii++) {
- interface_options interface_opts;
-
- interface_opts = g_array_index(global_capture_opts.ifaces, interface_options, ii);
-
- caps = get_if_capabilities(interface_opts.name,
- interface_opts.monitor_mode, &err_str);
- if (caps == NULL) {
- cmdarg_err("The capabilities of the capture device \"%s\" could not be obtained (%s).\n"
- "Please check to make sure you have sufficient permissions, and that\n"
- "you have the proper interface or pipe specified.", interface_opts.name, err_str);
- g_free(err_str);
- exit_main(2);
- }
- if (caps->data_link_types == NULL) {
- cmdarg_err("The capture device \"%s\" has no data link types.", interface_opts.name);
- exit_main(2);
- }
- if (machine_readable) /* tab-separated values to stdout */
- /* XXX: We need to change the format and adopt consumers */
- print_machine_readable_if_capabilities(caps);
- else
- /* XXX: We might want to print also the interface name */
- capture_opts_print_if_capabilities(caps, interface_opts.name,
- interface_opts.monitor_mode);
- free_if_capabilities(caps);
- }
- exit_main(0);
- }
-
- /* We're supposed to do a capture, or print the BPF code for a filter.
- Process the snapshot length, as that affects the generated BPF code. */
+ /* Process the snapshot length, as that affects the generated BPF code. */
capture_opts_trim_snaplen(&global_capture_opts, MIN_PACKET_SIZE);
#ifdef HAVE_BPF_IMAGE
#endif
}
- /* create a "timestamp" */
- time(&curr);
- today = localtime(&curr);
-
switch(log_level & G_LOG_LEVEL_MASK) {
case G_LOG_LEVEL_ERROR:
level = "Err ";
level = "Dbg ";
break;
default:
- fprintf(stderr, "unknown log_level %u\n", log_level);
+ fprintf(stderr, "unknown log_level %d\n", log_level);
level = NULL;
g_assert_not_reached();
}
/* normal user messages without additional infos */
msg = g_strdup_printf("%s\n", message);
} else {
+ /* create a "timestamp" */
+ time(&curr);
+ today = localtime(&curr);
+
/* info/debug messages with additional infos */
- msg = g_strdup_printf("%02u:%02u:%02u %8s %s %s\n",
- today->tm_hour, today->tm_min, today->tm_sec,
- log_domain != NULL ? log_domain : "",
- level, message);
+ if (today != NULL)
+ msg = g_strdup_printf("%02u:%02u:%02u %8s %s %s\n",
+ today->tm_hour, today->tm_min, today->tm_sec,
+ log_domain != NULL ? log_domain : "",
+ level, message);
+ else
+ msg = g_strdup_printf("Time not representable %8s %s %s\n",
+ log_domain != NULL ? log_domain : "",
+ level, message);
}
/* DEBUG & INFO msgs (if we're debugging today) */
static void
report_cfilter_error(capture_options *capture_opts, guint i, const char *errmsg)
{
- interface_options interface_opts;
+ interface_options *interface_opts;
char tmp[MSG_MAX_LENGTH+1+6];
if (i < capture_opts->ifaces->len) {
* clopts_step_invalid_capfilter in test/suite-clopts.sh MUST match
* the error message below.
*/
- interface_opts = g_array_index(capture_opts->ifaces, interface_options, i);
+ interface_opts = &g_array_index(capture_opts->ifaces, interface_options, i);
cmdarg_err(
"Invalid capture filter \"%s\" for interface '%s'.\n"
"\n"
"That string isn't a valid capture filter (%s).\n"
"See the User's Guide for a description of the capture filter syntax.",
- interface_opts.cfilter, interface_opts.name, errmsg);
+ interface_opts->cfilter, interface_opts->name, errmsg);
}
}
}
}
#endif
-
-
-
-
/*
- * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ * Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
git.samba.org / metze / wireshark / wip.git / blobdiff