2 * Routines for capture options setting
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
40 #include <epan/packet.h>
42 #include "capture_opts.h"
43 #include "ringbuffer.h"
44 #include "clopts_common.h"
45 #include "console_io.h"
46 #include "cmdarg_err.h"
48 #include "capture_ifinfo.h"
49 #include "capture-pcap-util.h"
50 #include <wsutil/file_util.h>
52 static gboolean capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe);
56 capture_opts_init(capture_options *capture_opts, void *cf)
58 capture_opts->cf = cf;
59 capture_opts->cfilter = g_strdup(""); /* No capture filter string specified */
60 capture_opts->iface = NULL; /* Default is "pick the first interface" */
61 capture_opts->iface_descr = NULL;
62 #ifdef HAVE_PCAP_REMOTE
63 capture_opts->src_type = CAPTURE_IFLOCAL;
64 capture_opts->remote_host = NULL;
65 capture_opts->remote_port = NULL;
66 capture_opts->auth_type = CAPTURE_AUTH_NULL;
67 capture_opts->auth_username = NULL;
68 capture_opts->auth_password = NULL;
69 capture_opts->datatx_udp = FALSE;
70 capture_opts->nocap_rpcap = TRUE;
71 capture_opts->nocap_local = FALSE;
72 #ifdef HAVE_PCAP_SETSAMPLING
73 capture_opts->sampling_method = CAPTURE_SAMP_NONE;
74 capture_opts->sampling_param = 0;
77 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
78 capture_opts->buffer_size = 1; /* 1 MB */
80 capture_opts->has_snaplen = FALSE;
81 capture_opts->snaplen = WTAP_MAX_PACKET_SIZE; /* snapshot length - default is
82 infinite, in effect */
83 capture_opts->promisc_mode = TRUE; /* promiscuous mode is the default */
84 capture_opts->monitor_mode = FALSE;
85 capture_opts->linktype = -1; /* the default linktype */
86 capture_opts->saving_to_file = FALSE;
87 capture_opts->save_file = NULL;
88 capture_opts->group_read_access = FALSE;
89 capture_opts->use_pcapng = FALSE; /* the default is pcap */
90 capture_opts->real_time_mode = TRUE;
91 capture_opts->show_info = TRUE;
92 capture_opts->quit_after_cap = FALSE;
93 capture_opts->restart = FALSE;
95 capture_opts->multi_files_on = FALSE;
96 capture_opts->has_file_duration = FALSE;
97 capture_opts->file_duration = 60; /* 1 min */
98 capture_opts->has_ring_num_files = FALSE;
99 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
101 capture_opts->has_autostop_files = FALSE;
102 capture_opts->autostop_files = 1;
103 capture_opts->has_autostop_packets = FALSE;
104 capture_opts->autostop_packets = 0;
105 capture_opts->has_autostop_filesize = FALSE;
106 capture_opts->autostop_filesize = 1024; /* 1 MB */
107 capture_opts->has_autostop_duration = FALSE;
108 capture_opts->autostop_duration = 60; /* 1 min */
111 capture_opts->fork_child = -1; /* invalid process handle */
113 capture_opts->signal_pipe_write_fd = -1;
115 capture_opts->state = CAPTURE_STOPPED;
116 capture_opts->output_to_pipe = FALSE;
118 capture_opts->owner = getuid();
119 capture_opts->group = getgid();
124 /* log content of capture_opts */
126 capture_opts_log(const char *log_domain, GLogLevelFlags log_level, capture_options *capture_opts) {
127 g_log(log_domain, log_level, "CAPTURE OPTIONS :");
128 g_log(log_domain, log_level, "CFile : 0x%p", capture_opts->cf);
129 g_log(log_domain, log_level, "Filter : %s", capture_opts->cfilter);
130 g_log(log_domain, log_level, "Interface : %s", capture_opts->iface);
131 /* iface_descr may not been filled in and some C Libraries hate a null ptr for %s */
132 g_log(log_domain, log_level, "Interface Descr : %s",
133 capture_opts->iface_descr ? capture_opts->iface_descr : "<null>");
134 #ifdef HAVE_PCAP_REMOTE
135 g_log(log_domain, log_level, "Capture source : %s",
136 capture_opts->src_type == CAPTURE_IFLOCAL ? "Local interface" :
137 capture_opts->src_type == CAPTURE_IFREMOTE ? "Remote interface" :
139 if (capture_opts->src_type == CAPTURE_IFREMOTE) {
140 g_log(log_domain, log_level, "Remote host : %s", capture_opts->remote_host);
141 g_log(log_domain, log_level, "Remote port : %s", capture_opts->remote_port);
143 g_log(log_domain, log_level, "Authentication : %s",
144 capture_opts->auth_type == CAPTURE_AUTH_NULL ? "Null" :
145 capture_opts->auth_type == CAPTURE_AUTH_PWD ? "By username/password" :
147 if (capture_opts->auth_type == CAPTURE_AUTH_PWD) {
148 g_log(log_domain, log_level, "Auth username : %s", capture_opts->auth_password);
149 g_log(log_domain, log_level, "Auth password : <hidden>");
151 g_log(log_domain, log_level, "UDP data transfer : %u", capture_opts->datatx_udp);
152 g_log(log_domain, log_level, "No capture RPCAP : %u", capture_opts->nocap_rpcap);
153 g_log(log_domain, log_level, "No capture local : %u", capture_opts->nocap_local);
155 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
156 g_log(log_domain, log_level, "BufferSize : %u (MB)", capture_opts->buffer_size);
158 g_log(log_domain, log_level, "SnapLen (%u): %u", capture_opts->has_snaplen, capture_opts->snaplen);
159 g_log(log_domain, log_level, "Promisc : %u", capture_opts->promisc_mode);
160 g_log(log_domain, log_level, "LinkType : %d", capture_opts->linktype);
161 g_log(log_domain, log_level, "SavingToFile : %u", capture_opts->saving_to_file);
162 g_log(log_domain, log_level, "SaveFile : %s", (capture_opts->save_file) ? capture_opts->save_file : "");
163 g_log(log_domain, log_level, "GroupReadAccess : %u", capture_opts->group_read_access);
164 g_log(log_domain, log_level, "Fileformat : %s", (capture_opts->use_pcapng) ? "PCAPNG" : "PCAP");
165 g_log(log_domain, log_level, "RealTimeMode : %u", capture_opts->real_time_mode);
166 g_log(log_domain, log_level, "ShowInfo : %u", capture_opts->show_info);
167 g_log(log_domain, log_level, "QuitAfterCap : %u", capture_opts->quit_after_cap);
169 g_log(log_domain, log_level, "MultiFilesOn : %u", capture_opts->multi_files_on);
170 g_log(log_domain, log_level, "FileDuration (%u): %u", capture_opts->has_file_duration, capture_opts->file_duration);
171 g_log(log_domain, log_level, "RingNumFiles (%u): %u", capture_opts->has_ring_num_files, capture_opts->ring_num_files);
173 g_log(log_domain, log_level, "AutostopFiles (%u): %u", capture_opts->has_autostop_files, capture_opts->autostop_files);
174 g_log(log_domain, log_level, "AutostopPackets (%u): %u", capture_opts->has_autostop_packets, capture_opts->autostop_packets);
175 g_log(log_domain, log_level, "AutostopFilesize(%u): %u (KB)", capture_opts->has_autostop_filesize, capture_opts->autostop_filesize);
176 g_log(log_domain, log_level, "AutostopDuration(%u): %u", capture_opts->has_autostop_duration, capture_opts->autostop_duration);
178 g_log(log_domain, log_level, "ForkChild : %d", capture_opts->fork_child);
180 g_log(log_domain, log_level, "SignalPipeWrite : %d", capture_opts->signal_pipe_write_fd);
185 * Given a string of the form "<autostop criterion>:<value>", as might appear
186 * as an argument to a "-a" option, parse it and set the criterion in
187 * question. Return an indication of whether it succeeded or failed
191 set_autostop_criterion(capture_options *capture_opts, const char *autostoparg)
195 colonp = strchr(autostoparg, ':');
203 * Skip over any white space (there probably won't be any, but
204 * as we allow it in the preferences file, we might as well
207 while (isspace((guchar)*p))
211 * Put the colon back, so if our caller uses, in an
212 * error message, the string they passed us, the message
218 if (strcmp(autostoparg,"duration") == 0) {
219 capture_opts->has_autostop_duration = TRUE;
220 capture_opts->autostop_duration = get_positive_int(p,"autostop duration");
221 } else if (strcmp(autostoparg,"filesize") == 0) {
222 capture_opts->has_autostop_filesize = TRUE;
223 capture_opts->autostop_filesize = get_positive_int(p,"autostop filesize");
224 } else if (strcmp(autostoparg,"files") == 0) {
225 capture_opts->multi_files_on = TRUE;
226 capture_opts->has_autostop_files = TRUE;
227 capture_opts->autostop_files = get_positive_int(p,"autostop files");
231 *colonp = ':'; /* put the colon back */
236 * Given a string of the form "<ring buffer file>:<duration>", as might appear
237 * as an argument to a "-b" option, parse it and set the arguments in
238 * question. Return an indication of whether it succeeded or failed
242 get_ring_arguments(capture_options *capture_opts, const char *arg)
244 gchar *p = NULL, *colonp;
246 colonp = strchr(arg, ':');
254 * Skip over any white space (there probably won't be any, but
255 * as we allow it in the preferences file, we might as well
258 while (isspace((guchar)*p))
262 * Put the colon back, so if our caller uses, in an
263 * error message, the string they passed us, the message
270 if (strcmp(arg,"files") == 0) {
271 capture_opts->has_ring_num_files = TRUE;
272 capture_opts->ring_num_files = get_positive_int(p, "number of ring buffer files");
273 } else if (strcmp(arg,"filesize") == 0) {
274 capture_opts->has_autostop_filesize = TRUE;
275 capture_opts->autostop_filesize = get_positive_int(p, "ring buffer filesize");
276 } else if (strcmp(arg,"duration") == 0) {
277 capture_opts->has_file_duration = TRUE;
278 capture_opts->file_duration = get_positive_int(p, "ring buffer duration");
281 *colonp = ':'; /* put the colon back */
285 #ifdef HAVE_PCAP_SETSAMPLING
287 * Given a string of the form "<sampling type>:<value>", as might appear
288 * as an argument to a "-m" option, parse it and set the arguments in
289 * question. Return an indication of whether it succeeded or failed
293 get_sampling_arguments(capture_options *capture_opts, const char *arg)
295 gchar *p = NULL, *colonp;
297 colonp = strchr(arg, ':');
304 while (isspace((guchar)*p))
311 if (strcmp(arg, "count") == 0) {
312 capture_opts->sampling_method = CAPTURE_SAMP_BY_COUNT;
313 capture_opts->sampling_param = get_positive_int(p, "sampling count");
314 } else if (strcmp(arg, "timer") == 0) {
315 capture_opts->sampling_method = CAPTURE_SAMP_BY_TIMER;
316 capture_opts->sampling_param = get_positive_int(p, "sampling timer");
323 #ifdef HAVE_PCAP_REMOTE
325 * Given a string of the form "<username>:<password>", as might appear
326 * as an argument to a "-A" option, parse it and set the arguments in
327 * question. Return an indication of whether it succeeded or failed
331 get_auth_arguments(capture_options *capture_opts, const char *arg)
333 gchar *p = NULL, *colonp;
335 colonp = strchr(arg, ':');
342 while (isspace((guchar)*p))
345 capture_opts->auth_type = CAPTURE_AUTH_PWD;
346 capture_opts->auth_username = g_strdup(arg);
347 capture_opts->auth_password = g_strdup(p);
354 capture_opts_add_iface_opt(capture_options *capture_opts, const char *optarg_str_p)
365 * If the argument is a number, treat it as an index into the list
366 * of adapters, as printed by "tshark -D".
368 * This should be OK on UNIX systems, as interfaces shouldn't have
369 * names that begin with digits. It can be useful on Windows, where
370 * more than one interface can have the same name.
372 adapter_index = strtol(optarg_str_p, &p, 10);
373 if (p != NULL && *p == '\0') {
374 if (adapter_index < 0) {
375 cmdarg_err("The specified adapter index is a negative number");
378 if (adapter_index > INT_MAX) {
379 cmdarg_err("The specified adapter index is too large (greater than %d)",
383 if (adapter_index == 0) {
384 cmdarg_err("There is no interface with that adapter index");
387 if_list = capture_interface_list(&err, &err_str);
388 if (if_list == NULL) {
391 case CANT_GET_INTERFACE_LIST:
392 cmdarg_err("%s", err_str);
396 case NO_INTERFACES_FOUND:
397 cmdarg_err("There are no interfaces on which a capture can be done");
402 if_info = (if_info_t *)g_list_nth_data(if_list, adapter_index - 1);
403 if (if_info == NULL) {
404 cmdarg_err("There is no interface with that adapter index");
407 capture_opts->iface = g_strdup(if_info->name);
408 /* We don't set iface_descr here because doing so requires
409 * capture_ui_utils.c which requires epan/prefs.c which is
410 * probably a bit too much dependency for here...
412 free_interface_list(if_list);
414 capture_opts->iface = g_strdup(optarg_str_p);
421 capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg_str_p, gboolean *start_capture)
426 case 'a': /* autostop criteria */
427 if (set_autostop_criterion(capture_opts, optarg_str_p) == FALSE) {
428 cmdarg_err("Invalid or unknown -a flag \"%s\"", optarg_str_p);
432 #ifdef HAVE_PCAP_REMOTE
434 if (get_auth_arguments(capture_opts, optarg_str_p) == FALSE) {
435 cmdarg_err("Invalid or unknown -A arg \"%s\"", optarg_str_p);
440 case 'b': /* Ringbuffer option */
441 capture_opts->multi_files_on = TRUE;
442 if (get_ring_arguments(capture_opts, optarg_str_p) == FALSE) {
443 cmdarg_err("Invalid or unknown -b arg \"%s\"", optarg_str_p);
447 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
448 case 'B': /* Buffer size */
449 capture_opts->buffer_size = get_positive_int(optarg_str_p, "buffer size");
452 case 'c': /* Capture n packets */
453 capture_opts->has_autostop_packets = TRUE;
454 capture_opts->autostop_packets = get_positive_int(optarg_str_p, "packet count");
456 case 'f': /* capture filter */
457 if (capture_opts->has_cfilter) {
458 cmdarg_err("More than one -f argument specified");
461 capture_opts->has_cfilter = TRUE;
462 g_free(capture_opts->cfilter);
463 capture_opts->cfilter = g_strdup(optarg_str_p);
465 case 'H': /* Hide capture info dialog box */
466 capture_opts->show_info = FALSE;
468 case 'i': /* Use interface x */
469 status = capture_opts_add_iface_opt(capture_opts, optarg_str_p);
474 #ifdef HAVE_PCAP_CREATE
475 case 'I': /* Capture in monitor mode */
476 capture_opts->monitor_mode = TRUE;
479 case 'k': /* Start capture immediately */
480 *start_capture = TRUE;
482 /*case 'l':*/ /* Automatic scrolling in live capture mode */
483 #ifdef HAVE_PCAP_SETSAMPLING
485 if (get_sampling_arguments(capture_opts, optarg_str_p) == FALSE) {
486 cmdarg_err("Invalid or unknown -m arg \"%s\"", optarg_str_p);
491 case 'n': /* Use pcapng format */
492 capture_opts->use_pcapng = TRUE;
494 case 'p': /* Don't capture in promiscuous mode */
495 capture_opts->promisc_mode = FALSE;
497 case 'Q': /* Quit after capture (just capture to file) */
498 capture_opts->quit_after_cap = TRUE;
499 *start_capture = TRUE; /*** -Q implies -k !! ***/
501 #ifdef HAVE_PCAP_REMOTE
503 capture_opts->nocap_rpcap = FALSE;
506 case 's': /* Set the snapshot (capture) length */
507 capture_opts->has_snaplen = TRUE;
508 capture_opts->snaplen = get_natural_int(optarg_str_p, "snapshot length");
510 * Make a snapshot length of 0 equivalent to the maximum packet
511 * length, mirroring what tcpdump does.
513 if (capture_opts->snaplen == 0)
514 capture_opts->snaplen = WTAP_MAX_PACKET_SIZE;
516 case 'S': /* "Real-Time" mode: used for following file ala tail -f */
517 capture_opts->real_time_mode = TRUE;
519 #ifdef HAVE_PCAP_REMOTE
521 capture_opts->datatx_udp = TRUE;
524 case 'w': /* Write to capture file x */
525 capture_opts->saving_to_file = TRUE;
526 g_free(capture_opts->save_file);
527 #if defined _WIN32 && GLIB_CHECK_VERSION(2,6,0)
528 /* since GLib 2.6, we need to convert filenames to utf8 for Win32 */
529 capture_opts->save_file = g_locale_to_utf8(optarg_str_p, -1, NULL, NULL, NULL);
531 capture_opts->save_file = g_strdup(optarg_str_p);
533 status = capture_opts_output_to_pipe(capture_opts->save_file, &capture_opts->output_to_pipe);
535 case 'g': /* enable group read access on the capture file(s) */
536 capture_opts->group_read_access = TRUE;
538 case 'y': /* Set the pcap data link type */
539 capture_opts->linktype = linktype_name_to_val(optarg_str_p);
540 if (capture_opts->linktype == -1) {
541 cmdarg_err("The specified data link type \"%s\" isn't valid",
547 /* the caller is responsible to send us only the right opt's */
548 g_assert_not_reached();
555 capture_opts_print_if_capabilities(if_capabilities_t *caps,
556 gboolean monitor_mode)
559 data_link_info_t *data_link_info;
561 if (caps->can_set_rfmon)
562 fprintf_stderr("Data link types when %sin monitor mode (use option -y to set):\n",
563 monitor_mode ? "" : "not ");
565 fprintf_stderr("Data link types (use option -y to set):\n");
566 for (lt_entry = caps->data_link_types; lt_entry != NULL;
567 lt_entry = g_list_next(lt_entry)) {
568 data_link_info = (data_link_info_t *)lt_entry->data;
569 fprintf_stderr(" %s", data_link_info->name);
570 if (data_link_info->description != NULL)
571 fprintf_stderr(" (%s)", data_link_info->description);
573 fprintf_stderr(" (not supported)");
574 fprintf_stderr("\n");
578 /* Print an ASCII-formatted list of interfaces. */
580 capture_opts_print_interfaces(GList *if_list)
586 i = 1; /* Interface id number */
587 for (if_entry = g_list_first(if_list); if_entry != NULL;
588 if_entry = g_list_next(if_entry)) {
589 if_info = (if_info_t *)if_entry->data;
590 printf("%d. %s", i++, if_info->name);
592 /* Print the description if it exists */
593 if (if_info->description != NULL)
594 printf(" (%s)", if_info->description);
600 void capture_opts_trim_snaplen(capture_options *capture_opts, int snaplen_min)
602 if (capture_opts->snaplen < 1)
603 capture_opts->snaplen = WTAP_MAX_PACKET_SIZE;
604 else if (capture_opts->snaplen < snaplen_min)
605 capture_opts->snaplen = snaplen_min;
609 void capture_opts_trim_ring_num_files(capture_options *capture_opts)
611 /* Check the value range of the ring_num_files parameter */
612 if (capture_opts->ring_num_files > RINGBUFFER_MAX_NUM_FILES) {
613 cmdarg_err("Too many ring buffer files (%u). Reducing to %u.\n", capture_opts->ring_num_files, RINGBUFFER_MAX_NUM_FILES);
614 capture_opts->ring_num_files = RINGBUFFER_MAX_NUM_FILES;
615 } else if (capture_opts->ring_num_files > RINGBUFFER_WARN_NUM_FILES) {
616 cmdarg_err("%u is a lot of ring buffer files.\n", capture_opts->ring_num_files);
618 #if RINGBUFFER_MIN_NUM_FILES > 0
619 else if (capture_opts->ring_num_files < RINGBUFFER_MIN_NUM_FILES)
620 cmdarg_err("Too few ring buffer files (%u). Increasing to %u.\n", capture_opts->ring_num_files, RINGBUFFER_MIN_NUM_FILES);
621 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
626 gboolean capture_opts_trim_iface(capture_options *capture_opts, const char *capture_device)
634 /* Did the user specify an interface to use? */
635 if (capture_opts->iface == NULL) {
636 /* No - is a default specified in the preferences file? */
637 if (capture_device != NULL) {
639 capture_opts->iface = g_strdup(capture_device);
640 /* We don't set iface_descr here because doing so requires
641 * capture_ui_utils.c which requires epan/prefs.c which is
642 * probably a bit too much dependency for here...
645 /* No - pick the first one from the list of interfaces. */
646 if_list = capture_interface_list(&err, &err_str);
647 if (if_list == NULL) {
650 case CANT_GET_INTERFACE_LIST:
651 cmdarg_err("%s", err_str);
655 case NO_INTERFACES_FOUND:
656 cmdarg_err("There are no interfaces on which a capture can be done");
661 if_info = (if_info_t *)if_list->data; /* first interface */
662 capture_opts->iface = g_strdup(if_info->name);
663 /* We don't set iface_descr here because doing so requires
664 * capture_ui_utils.c which requires epan/prefs.c which is
665 * probably a bit too much dependency for here...
667 free_interface_list(if_list);
677 #define S_IFIFO _S_IFIFO
680 #define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
683 /* copied from filesystem.c */
684 static int capture_opts_test_for_fifo(const char *path)
688 if (ws_stat(path, &statb) < 0)
691 if (S_ISFIFO(statb.st_mode))
697 static gboolean capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe)
703 if (save_file != NULL) {
704 /* We're writing to a capture file. */
705 if (strcmp(save_file, "-") == 0) {
706 /* Writing to stdout. */
707 /* XXX - should we check whether it's a pipe? It's arguably
708 silly to do "-w - >output_file" rather than "-w output_file",
709 but by not checking we might be violating the Principle Of
710 Least Astonishment. */
713 /* not writing to stdout, test for a FIFO (aka named pipe) */
714 err = capture_opts_test_for_fifo(save_file);
717 case ENOENT: /* it doesn't exist, so we'll be creating it,
718 and it won't be a FIFO */
719 case 0: /* found it, but it's not a FIFO */
722 case ESPIPE: /* it is a FIFO */
726 default: /* couldn't stat it */
727 break; /* ignore: later attempt to open */
728 /* will generate a nice msg */
736 #endif /* HAVE_LIBPCAP */