#include <epan/conversation.h>
#include <epan/plugins.h>
#include "register.h"
-#include "conditions.h"
-#include "capture_stop_conditions.h"
-#include "ringbuffer.h"
-#include "capture_ui_utils.h"
#include <epan/epan_dissect.h>
#include <epan/tap.h>
#include <epan/stat_cmd_args.h>
#include <epan/ex-opt.h>
#ifdef HAVE_LIBPCAP
+#include "capture_ui_utils.h"
#include <pcap.h>
-#include <setjmp.h>
#include "capture-pcap-util.h"
-#include "pcapio.h"
-#include <wiretap/wtap-capture.h>
#ifdef _WIN32
#include "capture-wpcap.h"
#include "capture_errs.h"
#endif /* _WIN32 */
-#include "capture.h"
-#include "capture_loop.h"
#include "capture_sync.h"
#endif /* HAVE_LIBPCAP */
#include "epan/emem.h"
#include "log.h"
#include <epan/funnel.h>
+
/*
* This is the template for the decode as option; it is shared between the
* various functions that output the usage for this parameter.
static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>";
static nstime_t first_ts;
-static nstime_t prev_ts;
+static nstime_t prev_dis_ts;
+static nstime_t prev_cap_ts;
static GString *comp_info_str, *runtime_info_str;
static gboolean print_packet_info; /* TRUE if we're to print packet information */
*/
typedef enum {
WRITE_TEXT, /* summary or detail text */
- WRITE_XML /* PDML or PSML */
+ WRITE_XML, /* PDML or PSML */
+ WRITE_FIELDS /* User defined list of fields */
/* Add CSV and the like here */
} output_action_e;
static output_action_e output_action;
static print_format_e print_format = PR_FMT_TEXT;
static print_stream_t *print_stream;
+static output_fields_t* output_fields = NULL;
+
/*
* Standard secondary message for unexpected errors.
*/
static gboolean print_packet_counts;
-static loop_data ld;
-
-#ifdef HAVE_LIBPCAP
static capture_options capture_opts;
-
#ifdef SIGINFO
static gboolean infodelay; /* if TRUE, don't print capture info in SIGINFO handler */
static gboolean infoprint; /* if TRUE, print capture info after clearing infodelay */
#endif /* SIGINFO */
-#endif /* HAVE_LIBPCAP */
-
static int capture(void);
-static void capture_pcap_cb(u_char *, const struct pcap_pkthdr *,
- const u_char *);
static void report_counts(void);
#ifdef _WIN32
static BOOL WINAPI capture_cleanup(DWORD);
#endif /* _WIN32 */
#endif /* HAVE_LIBPCAP */
-static int load_cap_file(capture_file *, char *, int);
-static gboolean process_packet(capture_file *cf, long offset,
+static int load_cap_file(capture_file *, char *, int, int, gint64);
+static gboolean process_packet(capture_file *cf, gint64 offset,
const struct wtap_pkthdr *whdr, union wtap_pseudo_header *pseudo_header,
const guchar *pd);
static void show_capture_file_io_error(const char *, int, gboolean);
if (print_ver) {
output = stdout;
- fprintf(output,
+ fprintf(output,
"TShark " VERSION "%s\n"
"Dump and analyze network traffic.\n"
"See http://www.wireshark.org for more information.\n"
"\n"
"%s",
- svnversion, get_copyright_info());
+ wireshark_svnversion, get_copyright_info());
} else {
output = stderr;
}
fprintf(output, " -F <output file type> set the output file type, default is libpcap\n");
fprintf(output, " an empty \"-F\" option will list the file types\n");
fprintf(output, " -V add output of packet tree (Packet Details)\n");
+ fprintf(output, " -S display packets even when writing to a file\n");
fprintf(output, " -x add output of hex and ASCII dump (Packet Bytes)\n");
- fprintf(output, " -T pdml|ps|psml|text output format of text output (def: text)\n");
- fprintf(output, " -t ad|a|r|d output format of time stamps (def: r: rel. to first)\n");
- fprintf(output, " -l flush output after each packet\n");
+ fprintf(output, " -T pdml|ps|psml|text|fields\n");
+ fprintf(output, " format of text output (def: text)\n");
+ fprintf(output, " -e <field> field to print if -Tfields selected (e.g. tcp.port);\n");
+ fprintf(output, " this option can be repeated to print multiple fields\n");
+ fprintf(output, " -E<fieldsoption>=<value> set options for output when -Tfields selected:\n");
+ fprintf(output, " header=y|n switch headers on and off\n");
+ fprintf(output, " separator=/t|/s|<char> select tab, space, printable character as separator\n");
+ fprintf(output, " quote=d|s|n select double, single, no quotes for values\n");
+ fprintf(output, " -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)\n");
+ fprintf(output, " -l flush standard output after each packet\n");
fprintf(output, " -q be more quiet on stdout (e.g. when using statistics)\n");
fprintf(output, " -X <key>:<value> eXtension options, see the man page for details\n");
fprintf(output, " -z <statistics> various statistics, see the man page for details\n");
* descriptive name.
*/
static void
-display_dissector_table_names(char *table_name, const char *ui_name,
+display_dissector_table_names(const char *table_name, const char *ui_name,
gpointer output)
{
fprintf((FILE *)output, "\t%s (%s)\n", table_name, ui_name);
/* Remove leading and trailing spaces from the table name */
while ( table_name[0] == ' ' )
- table_name++;
+ table_name++;
while ( table_name[strlen(table_name) - 1] == ' ' )
table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
}
if (!table_matching) {
- /* Display a list of supported layer types to help the user, if the
+ /* Display a list of supported layer types to help the user, if the
specified layer type was not found */
cmdarg_err("Valid layer types are:");
fprint_all_layer_types(stderr);
if (remaining_param == NULL || !table_matching) {
/* Exit if the layer type was not found, or if no '=' separator was found
(see above) */
- g_free(decoded_param);
+ g_free(decoded_param);
return FALSE;
}
-
+
if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */
cmdarg_err("WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"", table_name, remaining_param + 1);
}
/* Exit if no ',' separator was found (see above) */
cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name);
fprint_all_protocols_for_layer_types(stderr, table_name);
- g_free(decoded_param);
+ g_free(decoded_param);
return FALSE;
}
/* This section extracts a protocol filter name (dissector_str) from decoded_param */
dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */
-
+
/* Remove leading and trailing spaces from the dissector name */
while ( dissector_str[0] == ' ' )
- dissector_str++;
+ dissector_str++;
while ( dissector_str[strlen(dissector_str) - 1] == ' ' )
dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
dissector_matching = NULL;
-
+
/* We now have a pointer to the handle for the requested table inside the variable table_matching */
if ( ! (*dissector_str) ) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */
cmdarg_err("No protocol name specified"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */
user_protocol_name.nb_match = 0;
user_protocol_name.searched_name = dissector_str;
user_protocol_name.matched_handle = NULL;
-
+
dissector_table_foreach_handle(table_name, find_protocol_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */
-
+
if (user_protocol_name.nb_match != 0) {
dissector_matching = user_protocol_name.matched_handle;
if (user_protocol_name.nb_match > 1) {
if (!dissector_matching) {
cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name);
fprint_all_protocols_for_layer_types(stderr, table_name);
- g_free(decoded_param);
+ g_free(decoded_param);
return FALSE;
}
selector
dissector_matching
The above variables that are strings are still pointing to areas within
- decoded_parm. decoded_parm thus still needs to be kept allocated in
+ decoded_parm. decoded_parm thus still needs to be kept allocated in
until we stop needing these variables
decoded_param will be deallocated at each exit point of this function */
return save_file_string;
}
+static void
+print_current_user() {
+ gchar *cur_user, *cur_group;
+ if (started_with_special_privs()) {
+ cur_user = get_cur_username();
+ cur_group = get_cur_groupname();
+ fprintf(stderr, "Running as user \"%s\" and group \"%s\".",
+ cur_user, cur_group);
+ g_free(cur_user);
+ g_free(cur_group);
+ if (running_with_special_privs()) {
+ fprintf(stderr, " This could be dangerous.");
+ }
+ fprintf(stderr, "\n");
+ }
+}
+
+static void
+check_capture_privs() {
+#ifdef _WIN32
+ load_wpcap();
+ /* Warn the user if npf.sys isn't loaded. */
+ if (!npf_sys_is_running() && get_os_major_version() >= 6) {
+ fprintf(stderr, "The NPF driver isn't running. You may have trouble "
+ "capturing or\nlisting interfaces.\n");
+ }
+#endif
+}
+
+
+
int
main(int argc, char *argv[])
{
#ifdef HAVE_LIBPCAP
gboolean list_link_layer_types = FALSE;
gboolean start_capture = FALSE;
+ int status;
#else
gboolean capture_option_specified = FALSE;
#endif
e_prefs *prefs;
char badopt;
GLogLevelFlags log_flags;
- int status;
+ int optind_initial;
-#define OPTSTRING_INIT "a:b:c:d:Df:F:hi:lLnN:o:pqr:R:s:St:T:vVw:xX:y:z:"
+#define OPTSTRING_INIT "a:b:c:d:De:E:f:F:G:hi:lLnN:o:pqr:R:s:St:T:vVw:xX:y:z:"
#ifdef HAVE_LIBPCAP
#ifdef _WIN32
#define OPTSTRING_WIN32 "B:"
static const char optstring[] = OPTSTRING_INIT OPTSTRING_WIN32;
+ /*
+ * Get credential information for later use.
+ */
+ get_credential_info();
+
/*
* Attempt to get the pathname of the executable file.
*/
}
/*
- * Get credential information for later use.
+ * In order to have the -X opts assigned before the wslua machine starts
+ * we need to call getopts before epan_init() gets called.
*/
- get_credential_info();
+ opterr = 0;
+ optind_initial = optind;
+
+ while ((opt = getopt(argc, argv, optstring)) != -1) {
+ switch (opt) {
+ case 'X':
+ ex_opt_add(optarg);
+ break;
+ default:
+ break;
+ }
+ }
+
+ optind = optind_initial;
+ opterr = 1;
/* nothing more than the standard GLib handler, but without a warning */
- log_flags =
- G_LOG_LEVEL_ERROR|
- G_LOG_LEVEL_CRITICAL|
+ log_flags =
G_LOG_LEVEL_WARNING|
G_LOG_LEVEL_MESSAGE|
G_LOG_LEVEL_INFO|
- G_LOG_LEVEL_DEBUG|
- G_LOG_FLAG_FATAL|G_LOG_FLAG_RECURSION;
+ G_LOG_LEVEL_DEBUG;
g_log_set_handler(NULL,
log_flags,
log_func_ignore, NULL /* user_data */);
- g_log_set_handler(LOG_DOMAIN_CAPTURE_CHILD,
+ g_log_set_handler(LOG_DOMAIN_CAPTURE,
log_flags,
log_func_ignore, NULL /* user_data */);
- /* initialize memory allocation subsystem */
- ep_init_chunk();
- se_init_chunk();
-
- /* initialize the GUID to name mapping table */
- guids_init();
-
initialize_funnel_ops();
-
+
#ifdef HAVE_LIBPCAP
capture_opts_init(&capture_opts, NULL /* cfile */);
#endif
"-G" flag, as the "-G" flag dumps information registered by the
dissectors, and we must do it before we read the preferences, in
case any dissectors register preferences. */
- epan_init(PLUGIN_DIR,register_all_protocols,register_all_protocol_handoffs,
- failure_message,open_failure_message,read_failure_message);
+ epan_init(register_all_protocols, register_all_protocol_handoffs, NULL, NULL,
+ failure_message, open_failure_message, read_failure_message);
/* Register all tap listeners; we do this before we parse the arguments,
as the "-z" argument can specify a registered tap. */
-
+
/* we register the plugin taps before the other taps because
stats_tree taps plugins will be registered as tap listeners
by stats_tree_stat.c and need to registered before that */
g_free(dp_path);
}
-#ifdef _WIN32
- /* Load Wpcap, if possible */
- load_wpcap();
-#endif
+ check_capture_privs();
init_cap_file(&cfile);
/* Assemble the compile-time version information string */
comp_info_str = g_string_new("Compiled ");
- get_compiled_version_info(comp_info_str);
+ get_compiled_version_info(comp_info_str, get_epan_compiled_version_info);
/* Assemble the run-time version information string */
runtime_info_str = g_string_new("Running ");
- get_runtime_version_info(runtime_info_str);
+ get_runtime_version_info(runtime_info_str, NULL);
/* Print format defaults to this. */
print_format = PR_FMT_TEXT;
+ output_fields = output_fields_new();
+
/* Now get our args */
while ((opt = getopt(argc, argv, optstring)) != -1) {
switch (opt) {
case 'a': /* autostop criteria */
case 'b': /* Ringbuffer option */
- case 'c': /* Capture xxx packets */
+ case 'c': /* Capture x packets */
case 'f': /* capture filter */
- case 'i': /* Use interface xxx */
+ case 'i': /* Use interface x */
case 'p': /* Don't capture in promiscuous mode */
case 's': /* Set the snapshot (capture) length */
- case 'w': /* Write to capture file xxx */
+ case 'w': /* Write to capture file x */
case 'y': /* Set the pcap data link type */
#ifdef _WIN32
case 'B': /* Buffer size */
break;
case 'D': /* Print a list of capture devices and exit */
#ifdef HAVE_LIBPCAP
- status = capture_opts_list_interfaces();
+ status = capture_opts_list_interfaces(FALSE);
exit(status);
#else
capture_option_specified = TRUE;
arg_error = TRUE;
#endif
break;
+ case 'e':
+ /* Field entry */
+ output_fields_add(output_fields, optarg);
+ break;
+ case 'E':
+ /* Field option */
+ if(!output_fields_set_option(output_fields, optarg)) {
+ cmdarg_err("\"%s\" is not a valid field output option=value pair.", optarg);
+ output_fields_list_options(stderr);
+ exit(1);
+ }
+ break;
case 'F':
out_file_type = wtap_short_string_to_file_type(optarg);
if (out_file_type < 0) {
g_resolv_flags = RESOLV_NONE;
badopt = string_to_name_resolve(optarg, &g_resolv_flags);
if (badopt != '\0') {
- cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+ cmdarg_err("-N specifies unknown resolving option '%c';",
badopt);
+ cmdarg_err_cont( " Valid options are 'm', 'n', 't', and 'C'");
exit(1);
}
break;
case 'o': /* Override preference from command line */
switch (prefs_set_pref(optarg)) {
+ case PREFS_SET_OK:
+ break;
+
case PREFS_SET_SYNTAX_ERR:
cmdarg_err("Invalid -o flag \"%s\"", optarg);
exit(1);
case 'q': /* Quiet */
quiet = TRUE;
break;
- case 'r': /* Read capture file xxx */
+ case 'r': /* Read capture file x */
cf_name = g_strdup(optarg);
break;
case 'R': /* Read file filter */
timestamp_set_type(TS_ABSOLUTE_WITH_DATE);
else if (strcmp(optarg, "d") == 0)
timestamp_set_type(TS_DELTA);
+ else if (strcmp(optarg, "dd") == 0)
+ timestamp_set_type(TS_DELTA_DIS);
+ else if (strcmp(optarg, "e") == 0)
+ timestamp_set_type(TS_EPOCH);
else {
cmdarg_err("Invalid time stamp type \"%s\"",
optarg);
} else if (strcmp(optarg, "psml") == 0) {
output_action = WRITE_XML;
verbose = FALSE;
+ } else if(strcmp(optarg, "fields") == 0) {
+ output_action = WRITE_FIELDS;
+ verbose = TRUE; /* Need full tree info */
} else {
cmdarg_err("Invalid -T parameter.");
- cmdarg_err_cont("It must be \"ps\", \"text\", \"pdml\", or \"psml\".");
+ cmdarg_err_cont("It must be \"ps\", \"text\", \"pdml\", \"psml\" or \"fields\".");
exit(1);
}
break;
"%s"
"\n"
"%s",
- svnversion, get_copyright_info(), comp_info_str->str,
+ wireshark_svnversion, get_copyright_info(), comp_info_str->str,
runtime_info_str->str);
exit(0);
break;
print_hex = TRUE;
break;
case 'X':
- ex_opt_add(optarg);
break;
case 'z':
/* We won't call the init function for the stat this soon
}
}
+ /* If we specified output fields, but not the output field type... */
+ if(WRITE_FIELDS != output_action && 0 != output_fields_num_fields(output_fields)) {
+ cmdarg_err("Output fields were specified with \"-e\", "
+ "but \"-Tfields\" was not specified.");
+ exit(1);
+ } else if(WRITE_FIELDS == output_action && 0 == output_fields_num_fields(output_fields)) {
+ cmdarg_err("\"-Tfields\" was specified, but no fields were "
+ "specified with \"-e\".");
+
+ exit(1);
+ }
+
/* If no capture filter or read filter has been specified, and there are
still command-line arguments, treat them as the tokens of a capture
filter (if no "-r" flag was specified) or a read filter (if a "-r"
rfilter = get_args_as_string(argc, argv, optind);
} else {
#ifdef HAVE_LIBPCAP
- if (capture_opts.cfilter != NULL) {
+ if (capture_opts.has_cfilter) {
cmdarg_err("Capture filters were specified both with \"-f\""
" and with additional command-line arguments");
exit(1);
}
+ capture_opts.has_cfilter = TRUE;
capture_opts.cfilter = get_args_as_string(argc, argv, optind);
#else
capture_option_specified = TRUE;
}
}
+#ifdef HAVE_LIBPCAP
if (!capture_opts.saving_to_file) {
/* We're not saving the capture to a file; if "-q" wasn't specified,
we should print packet information */
exit(1);
}
}
+#else
+ /* We're not saving the capture to a file; if "-q" wasn't specified,
+ we should print packet information */
+ if (!quiet)
+ print_packet_info = TRUE;
+#endif
#ifndef HAVE_LIBPCAP
if (capture_option_specified)
support in capture files we read). */
#ifdef HAVE_LIBPCAP
if (cf_name != NULL) {
- if (capture_opts.cfilter != NULL) {
+ if (capture_opts.has_cfilter) {
cmdarg_err("Only read filters, not capture filters, "
"can be specified when reading a capture file.");
exit(1);
exit(1);
}
} else {
- /* If they didn't specify a "-w" flag, but specified a maximum capture
- file size, tell them that this doesn't work, and exit. */
- if (capture_opts.has_autostop_filesize && capture_opts.save_file == NULL) {
- cmdarg_err("Maximum capture file size specified, but "
- "capture isn't being saved to a file.");
- exit(1);
- }
-
if (cf_name) {
/*
* "-r" was specified, so we're reading a capture file.
"a capture isn't being done.");
exit(1);
}
- if (capture_opts.has_autostop_packets) {
- cmdarg_err("A maximum number of captured packets was specified, but "
- "a capture isn't being done.");
- exit(1);
- }
- if (capture_opts.has_autostop_filesize) {
- cmdarg_err("A maximum capture file size was specified, but "
- "a capture isn't being done.");
- exit(1);
- }
+
+ /* Note: TShark now allows the restriction of a _read_ file by packet count
+ * and byte count as well as a write file. Other autostop options remain valid
+ * only for a write file.
+ */
if (capture_opts.has_autostop_duration) {
cmdarg_err("A maximum capture time was specified, but "
"a capture isn't being done.");
*/
if (capture_opts.saving_to_file) {
/* They specified a "-w" flag, so we'll be saving to a capture file. */
-
+
/* When capturing, we only support writing libpcap format. */
if (out_file_type != WTAP_FILE_PCAP) {
cmdarg_err("Live captures can only be saved in libpcap format.");
exit(1);
}
if (capture_opts.multi_files_on) {
- /* Multiple-file mode works only under certain conditions:
+ /* Multiple-file mode doesn't work under certain conditions:
a) it doesn't work if you're writing to the standard output;
b) it doesn't work if you're writing to a pipe;
- c) it makes no sense if the maximum file size is set to "infinite"
- (XXX - shouldn't that be "if there is no stop criterion",
- as you might want to switch files based on a packet count
- or a time). */
+ */
if (strcmp(capture_opts.save_file, "-") == 0) {
cmdarg_err("Multiple capture files requested, but "
"the capture is being written to the standard output.");
"the capture file is a pipe.");
exit(1);
}
- if (!capture_opts.has_autostop_filesize) {
+ if (!capture_opts.has_autostop_filesize &&
+ !capture_opts.has_file_duration) {
cmdarg_err("Multiple capture files requested, but "
- "no maximum capture file size was specified.");
+ "no maximum capture file size or duration was specified.");
exit(1);
}
}
have a tap filter with one of MATE's late-registered fields as part
of the filter. We can now process all the "-z" arguments. */
start_requested_stats();
-
+
/* disabled protocols as per configuration file */
if (gdp_path == NULL && dp_path == NULL) {
set_disabled_protos_list();
for (j = 0; j < NUM_COL_FMTS; j++) {
if (!cfile.cinfo.fmt_matx[i][j])
continue;
-
+
if (cfile.cinfo.col_first[j] == -1)
cfile.cinfo.col_first[j] = i;
cfile.cinfo.col_last[j] = i;
* can't open.
*/
relinquish_special_privs_perm();
+ print_current_user();
if (cf_open(&cfile, cf_name, FALSE, &err) != CF_OK) {
epan_cleanup();
}
/* Process the packets in the file */
- err = load_cap_file(&cfile, capture_opts.save_file, out_file_type);
+#ifdef HAVE_LIBPCAP
+ err = load_cap_file(&cfile, capture_opts.save_file, out_file_type,
+ capture_opts.has_autostop_packets ? capture_opts.autostop_packets : 0,
+ capture_opts.has_autostop_filesize ? capture_opts.autostop_filesize : 0);
+#else
+ err = load_cap_file(&cfile, NULL, out_file_type, 0, 0);
+#endif
if (err != 0) {
epan_cleanup();
exit(2);
#endif
/* trim the interface name and exit if that failed */
- if (!capture_opts_trim_iface(&capture_opts,
+ if (!capture_opts_trim_iface(&capture_opts,
(prefs->capture_device) ? get_if_name(prefs->capture_device) : NULL)) {
exit(2);
}
/* if requested, list the link layer types and exit */
if (list_link_layer_types) {
- status = capture_opts_list_link_layer_types(&capture_opts);
+ status = capture_opts_list_link_layer_types(&capture_opts, FALSE);
exit(status);
}
- if (!print_packet_info && !quiet) {
+ if (print_packet_info) {
+ if (!write_preamble(NULL)) {
+ err = errno;
+ show_print_file_io_error(err);
+ return err;
+ }
+ } else if (!quiet) {
/*
* We're not printing information for each packet, and the user
* didn't ask us not to print a count of packets as they arrive,
capture();
- if (capture_opts.multi_files_on) {
- ringbuf_free();
+ if (print_packet_info) {
+ if (!write_finale()) {
+ err = errno;
+ show_print_file_io_error(err);
+ }
}
#else
/* No - complain. */
funnel_dump_all_text_windows();
epan_cleanup();
+ output_fields_free(output_fields);
+ output_fields = NULL;
+
return 0;
}
-#ifdef HAVE_LIBPCAP
-/* Do the low-level work of a capture.
- Returns TRUE if it succeeds, FALSE otherwise. */
+/*#define USE_BROKEN_G_MAIN_LOOP*/
-static condition *volatile cnd_file_duration = NULL; /* this must be visible in process_packet */
+#ifdef USE_BROKEN_G_MAIN_LOOP
+ GMainLoop *loop;
+#else
+ gboolean loop_running = FALSE;
+#endif
+ guint32 packet_count = 0;
-static int
-capture(void)
-{
- int err = 0;
- int volatile volatile_err = 0;
- int volatile inpkts = 0;
- int pcap_cnt;
- condition *volatile cnd_autostop_size = NULL;
- condition *volatile cnd_autostop_duration = NULL;
- char *descr;
-#ifndef _WIN32
- void (*oldhandler)(int);
- guchar pcap_data[WTAP_MAX_PACKET_SIZE];
+
+/* XXX - move to the right position / file */
+/* read from a pipe (callback) */
+typedef gboolean (*pipe_input_cb_t) (gint source, gpointer user_data);
+
+typedef struct pipe_input_tag {
+ gint source;
+ gpointer user_data;
+ int *child_process;
+ pipe_input_cb_t input_cb;
+ guint pipe_input_id;
+#ifdef _WIN32
+ GStaticMutex callback_running;
#endif
- struct pcap_stat stats;
- gboolean write_ok;
- gboolean close_ok;
- gboolean cfilter_error = FALSE;
- char errmsg[1024+1];
- char secondary_errmsg[4096+1];
- int save_file_fd;
+} pipe_input_t;
- /* Initialize all data structures used for dissection. */
- init_dissection();
+static pipe_input_t pipe_input;
+
+#ifdef _WIN32
+/* The timer has expired, see if there's stuff to read from the pipe,
+ if so, do the callback */
+static gint
+pipe_timer_cb(gpointer data)
+{
+ HANDLE handle;
+ DWORD avail = 0;
+ gboolean result, result1;
+ DWORD childstatus;
+ pipe_input_t *pipe_input = data;
+ gint iterations = 0;
+
+
+ g_static_mutex_lock (&pipe_input->callback_running);
+
+ /* try to read data from the pipe only 5 times, to avoid blocking */
+ while(iterations < 5) {
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: new iteration");*/
- ld.wtap_linktype = WTAP_ENCAP_UNKNOWN;
- ld.pdh = NULL;
- ld.packet_cb = capture_pcap_cb;
+ /* Oddly enough although Named pipes don't work on win9x,
+ PeekNamedPipe does !!! */
+ handle = (HANDLE) _get_osfhandle (pipe_input->source);
+ result = PeekNamedPipe(handle, NULL, 0, NULL, &avail, NULL);
+ /* Get the child process exit status */
+ result1 = GetExitCodeProcess((HANDLE)*(pipe_input->child_process),
+ &childstatus);
- /* open the "input file" from network interface or capture pipe */
- if (!capture_loop_open_input(&capture_opts, &ld, errmsg, sizeof(errmsg),
- secondary_errmsg, sizeof(secondary_errmsg))) {
- goto error;
+ /* If the Peek returned an error, or there are bytes to be read
+ or the childwatcher thread has terminated then call the normal
+ callback */
+ if (!result || avail > 0 || childstatus != STILL_ACTIVE) {
+
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: data avail");*/
+
+ /* And call the real handler */
+ if (!pipe_input->input_cb(pipe_input->source, pipe_input->user_data)) {
+ g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: input pipe closed, iterations: %u", iterations);
+ /* pipe closed, return false so that the timer is stopped */
+ g_static_mutex_unlock (&pipe_input->callback_running);
+ return FALSE;
+ }
+ }
+ else {
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: no data avail");*/
+ /* No data, stop now */
+ break;
+ }
+
+ iterations++;
}
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_timer_cb: finished with iterations: %u, new timer", iterations);*/
+
+ g_static_mutex_unlock (&pipe_input->callback_running);
+
+ /* we didn't stopped the timer, so let it run */
+ return TRUE;
+}
+#endif
+
+
+void
+pipe_input_set_handler(gint source, gpointer user_data, int *child_process, pipe_input_cb_t input_cb)
+{
+
+ pipe_input.source = source;
+ pipe_input.child_process = child_process;
+ pipe_input.user_data = user_data;
+ pipe_input.input_cb = input_cb;
+
+#ifdef _WIN32
+ g_static_mutex_init(&pipe_input.callback_running);
+ /* Tricky to use pipes in win9x, as no concept of wait. NT can
+ do this but that doesn't cover all win32 platforms. GTK can do
+ this but doesn't seem to work over processes. Attempt to do
+ something similar here, start a timer and check for data on every
+ timeout. */
+ /*g_log(NULL, G_LOG_LEVEL_DEBUG, "pipe_input_set_handler: new");*/
+ pipe_input.pipe_input_id = g_timeout_add(200, pipe_timer_cb, &pipe_input);
+#endif
+}
+
+
+#ifdef HAVE_LIBPCAP
+static int
+capture(void)
+{
+ gboolean ret;
+#ifdef USE_TSHARK_SELECT
+ fd_set readfds;
+#endif
+#ifndef _WIN32
+ struct sigaction action, oldaction;
+#endif
+
/*
+ * XXX - dropping privileges is still required, until code cleanup is done
+ *
+ * remove all dependencies to pcap specific code and using only dumpcap is almost done.
+ * when it's done, we don't need special privileges to run tshark at all,
+ * therefore we don't need to drop these privileges
+ * The only thing we might want to keep is a warning if tshark is run as root,
+ * as it's no longer necessary and potentially dangerous.
+ *
+ * THE FOLLOWING IS THE FORMER COMMENT WHICH IS NO LONGER REALLY VALID:
* We've opened the capture device, so we shouldn't need any special
* privileges any more; relinquish those privileges.
*
* not special privileges.
*/
relinquish_special_privs_perm();
+ print_current_user();
- /*
- * Some older Linux versions of libpcap don't work right without
- * a capture filter; if none was specified, use an empty string.
- * (Yes, that's a libpcap bug, and has been fixed for a while.)
- */
- if (capture_opts.cfilter == NULL)
- capture_opts.cfilter = g_strdup("");
-
- /* init the input filter from the network interface (capture pipe will do nothing) */
- switch (capture_loop_init_filter(ld.pcap_h, ld.from_cap_pipe, capture_opts.iface, capture_opts.cfilter)) {
-
- case INITFILTER_NO_ERROR:
- break;
-
- case INITFILTER_BAD_FILTER:
- cfilter_error = TRUE;
- g_snprintf(errmsg, sizeof(errmsg), "%s", pcap_geterr(ld.pcap_h));
- *secondary_errmsg = '\0';
- goto error;
-
- case INITFILTER_OTHER_ERROR:
- g_snprintf(errmsg, sizeof(errmsg), "Can't install filter (%s).",
- pcap_geterr(ld.pcap_h));
- g_snprintf(secondary_errmsg, sizeof(secondary_errmsg), "%s", please_report);
- goto error;
- }
-
- if (capture_opts.saving_to_file) {
- /* open the output file (temporary/specified name/ringbuffer/named pipe/stdout) */
- if (!capture_loop_open_output(&capture_opts, &save_file_fd, errmsg, sizeof(errmsg))) {
- *secondary_errmsg = '\0';
- goto error;
- }
-
- /* set up to write to the already-opened capture output file/files */
- if(!capture_loop_init_output(&capture_opts, save_file_fd, &ld, errmsg, sizeof errmsg)) {
- *secondary_errmsg = '\0';
- goto error;
- }
-
- /* Save the capture file name. */
- ld.save_file = capture_opts.save_file;
- }
-
- ld.wtap_linktype = wtap_pcap_encap_to_wtap_encap(ld.linktype);
+ /* Initialize all data structures used for dissection. */
+ init_dissection();
#ifdef _WIN32
/* Catch a CTRL+C event and, if we get it, clean up and exit. */
SetConsoleCtrlHandler(capture_cleanup, TRUE);
#else /* _WIN32 */
/* Catch SIGINT and SIGTERM and, if we get either of them, clean up
- and exit.
- XXX - deal with signal semantics on various UNIX platforms. Or just
- use "sigaction()" and be done with it? */
- signal(SIGTERM, capture_cleanup);
- signal(SIGINT, capture_cleanup);
- if ((oldhandler = signal(SIGHUP, capture_cleanup)) != SIG_DFL)
- signal(SIGHUP, oldhandler);
+ and exit. */
+ action.sa_handler = capture_cleanup;
+ action.sa_flags = 0;
+ sigemptyset(&action.sa_mask);
+ sigaction(SIGTERM, &action, NULL);
+ sigaction(SIGINT, &action, NULL);
+ sigaction(SIGHUP, NULL, &oldaction);
+ if (oldaction.sa_handler == SIG_DFL)
+ sigaction(SIGHUP, &action, NULL);
#ifdef SIGINFO
/* Catch SIGINFO and, if we get it and we're capturing to a file in
quiet mode, report the number of packets we've captured. */
- signal(SIGINFO, report_counts_siginfo);
+ action.sa_handler = report_counts_siginfo;
+ action.sa_flags = 0;
+ sigemptyset(&action.sa_mask);
+ sigaction(SIGINFO, &action, NULL);
#endif /* SIGINFO */
#endif /* _WIN32 */
+ capture_opts.state = CAPTURE_PREPARING;
+
/* Let the user know what interface was chosen. */
- descr = get_interface_descriptive_name(capture_opts.iface);
- fprintf(stderr, "Capturing on %s\n", descr);
- g_free(descr);
-
- /* initialize capture stop conditions */
- init_capture_stop_conditions();
- /* create stop conditions */
- if (capture_opts.has_autostop_filesize)
- cnd_autostop_size = cnd_new((const char*)CND_CLASS_CAPTURESIZE,
- (long)capture_opts.autostop_filesize * 1024);
- if (capture_opts.has_autostop_duration)
- cnd_autostop_duration = cnd_new((const char*)CND_CLASS_TIMEOUT,
- (gint32)capture_opts.autostop_duration);
-
- if (capture_opts.multi_files_on && capture_opts.has_file_duration)
- cnd_file_duration = cnd_new(CND_CLASS_TIMEOUT, capture_opts.file_duration);
-
- if (!setjmp(ld.stopenv)) {
- ld.go = TRUE;
- ld.packet_count = 0;
- } else
- ld.go = FALSE;
-
- while (ld.go) {
- /* We need to be careful with automatic variables defined in the
- outer scope which are changed inside the loop. Most compilers
- don't try to roll them back to their original values after the
- longjmp which causes the loop to finish, but all that the
- standards say is that their values are indeterminate. If we
- don't want them to be rolled back, we should define them with the
- volatile attribute (paraphrasing W. Richard Stevens, Advanced
- Programming in the UNIX Environment, p. 178).
-
- The "err" variable causes a particular problem. If we give it
- the volatile attribute, then when we pass a reference to it (as
- in "&err") to a function, GCC warns: "passing arg <n> of
- <function> discards qualifiers from pointer target type".
- Therefore within the loop and just beyond we don't use "err".
- Within the loop we define "loop_err", and assign its value to
- "volatile_err", which is in the outer scope and is checked when
- the loop finishes.
-
- We also define "packet_count_prev" here to keep things tidy,
- since it's used only inside the loop. If it were defined in the
- outer scope, GCC would give a warning (unnecessary in this case)
- that it might be clobbered, and we'd need to give it the volatile
- attribute to suppress the warning. */
-
- int loop_err = 0;
- int packet_count_prev = 0;
-
- if (cnd_autostop_size == NULL && cnd_autostop_duration == NULL) {
- /* We're not stopping at a particular capture file size, and we're
- not stopping after some particular amount of time has expired,
- so either we have no stop condition or the only stop condition
- is a maximum packet count.
-
- If there's no maximum packet count, pass it -1, meaning "until
- you run out of packets in the bufferful you read". Otherwise,
- pass it the number of packets we have left to capture.
-
- We don't call "pcap_loop()" as, if we're saving to a file that's
- a FIFO, we want to flush the FIFO after we're done processing
- this libpcap bufferful of packets, so that the program
- reading the FIFO sees the packets immediately and doesn't get
- any partial packet, forcing it to block in the middle of reading
- that packet. */
- if (capture_opts.autostop_packets == 0)
- pcap_cnt = -1;
- else {
- if (ld.packet_count >= capture_opts.autostop_packets) {
- /* XXX do we need this test here? */
- /* It appears there's nothing more to capture. */
- break;
- }
- pcap_cnt = capture_opts.autostop_packets - ld.packet_count;
- }
- } else {
- /* We need to check the capture file size or the timeout after
- each packet. */
- pcap_cnt = 1;
- }
-#ifndef _WIN32
- if (ld.from_cap_pipe) {
- inpkts = cap_pipe_dispatch(&ld, pcap_data, errmsg, sizeof errmsg);
- } else
-#endif
- inpkts = pcap_dispatch(ld.pcap_h, pcap_cnt, ld.packet_cb, (u_char *) &ld);
- if (inpkts < 0) {
- /* Error from "pcap_dispatch()", or error or "no more packets" from
- "cap_pipe_dispatch(). */
- ld.go = FALSE;
- } else if (cnd_autostop_duration != NULL && cnd_eval(cnd_autostop_duration)) {
- /* The specified capture time has elapsed; stop the capture. */
- ld.go = FALSE;
- } else if (inpkts > 0) {
- if (capture_opts.autostop_packets != 0 &&
- ld.packet_count >= capture_opts.autostop_packets) {
- /* The specified number of packets have been captured and have
- passed both any capture filter in effect and any read filter
- in effect. */
- ld.go = FALSE;
- } else if (cnd_autostop_size != NULL &&
- cnd_eval(cnd_autostop_size, (guint32)ld.bytes_written)) {
- /* We're saving the capture to a file, and the capture file reached
- its maximum size. */
- if (capture_opts.multi_files_on) {
- /* Switch to the next ringbuffer file */
- if (ringbuf_switch_file(&ld.pdh, &capture_opts.save_file,
- &save_file_fd, &ld.bytes_written,
- &loop_err)) {
- /* File switch succeeded: reset the condition */
- cnd_reset(cnd_autostop_size);
- if (cnd_file_duration) {
- cnd_reset(cnd_file_duration);
- }
- } else {
- /* File switch failed: stop here */
- volatile_err = loop_err;
- ld.go = FALSE;
- }
- } else {
- /* No ringbuffer - just stop. */
- ld.go = FALSE;
- }
- }
- if (capture_opts.output_to_pipe) {
- if (ld.packet_count > packet_count_prev) {
- libpcap_dump_flush(ld.pdh, NULL);
- packet_count_prev = ld.packet_count;
- }
- }
- } /* inpkts > 0 */
- } /* while (ld.go) */
+ capture_opts.iface_descr = get_interface_descriptive_name(capture_opts.iface);
+ fprintf(stderr, "Capturing on %s\n", capture_opts.iface_descr);
- /* delete stop conditions */
- if (cnd_autostop_size != NULL)
- cnd_delete(cnd_autostop_size);
- if (cnd_autostop_duration != NULL)
- cnd_delete(cnd_autostop_duration);
- if (cnd_file_duration != NULL)
- cnd_delete(cnd_file_duration);
+ ret = sync_pipe_start(&capture_opts);
- if (print_packet_counts) {
- /* We're printing packet counts to stderr.
- Send a newline so that we move to the line after the packet count. */
- fprintf(stderr, "\n");
- }
+ if (!ret)
+ return FALSE;
- /* If we got an error while capturing, report it. */
- if (inpkts < 0) {
-#ifndef _WIN32
- if (ld.from_cap_pipe) {
- if (ld.cap_pipe_err == PIPERR) {
- cmdarg_err("Error while capturing packets: %s", errmsg);
- }
- } else
-#endif
- {
- cmdarg_err("Error while capturing packets: %s", pcap_geterr(ld.pcap_h));
- }
- }
+ /* the actual capture loop
+ *
+ * XXX - glib doesn't seem to provide any event based loop handling.
+ *
+ * XXX - for whatever reason,
+ * calling g_main_loop_new() ends up in 100% cpu load.
+ *
+ * But that doesn't matter: in UNIX we can use select() to find an input
+ * source with something to do.
+ *
+ * But that doesn't matter because we're in a CLI (that doesn't need to
+ * update a GUI or something at the same time) so it's OK if we block
+ * trying to read from the pipe.
+ *
+ * So all the stuff in USE_TSHARK_SELECT could be removed unless I'm
+ * wrong (but I leave it there in case I am...).
+ */
- if (volatile_err == 0)
- write_ok = TRUE;
- else {
- show_capture_file_io_error(capture_opts.save_file, volatile_err, FALSE);
- write_ok = FALSE;
- }
+#ifdef USE_TSHARK_SELECT
+ FD_ZERO(&readfds);
+ FD_SET(pipe_input.source, &readfds);
+#endif
- if (capture_opts.save_file != NULL) {
- /* We're saving to a file or files; close all files. */
- close_ok = capture_loop_close_output(&capture_opts, &ld, &err);
+ loop_running = TRUE;
- /* If we've displayed a message about a write error, there's no point
- in displaying another message about an error on close. */
- if (!close_ok && write_ok)
- show_capture_file_io_error(capture_opts.save_file, err, TRUE);
- }
+ while (loop_running)
+ {
+#ifdef USE_TSHARK_SELECT
+ ret = select(pipe_input.source+1, &readfds, NULL, NULL, NULL);
-#ifndef _WIN32
- if (ld.from_cap_pipe && ld.cap_pipe_fd >= 0)
- eth_close(ld.cap_pipe_fd);
- else
+ if (ret == -1)
+ {
+ perror("select()");
+ return TRUE;
+ } else if (ret == 1) {
#endif
- {
- /* Get the capture statistics, and, if any packets were dropped, report
- that. */
- if (pcap_stats(ld.pcap_h, &stats) >= 0) {
- if (stats.ps_drop != 0) {
- fprintf(stderr, "%u packets dropped\n", stats.ps_drop);
+ /* Call the real handler */
+ if (!pipe_input.input_cb(pipe_input.source, pipe_input.user_data)) {
+ g_log(NULL, G_LOG_LEVEL_DEBUG, "input pipe closed");
+ return FALSE;
}
- } else {
- cmdarg_err("Can't get packet-drop statistics: %s", pcap_geterr(ld.pcap_h));
+#ifdef USE_TSHARK_SELECT
}
- pcap_close(ld.pcap_h);
+#endif
}
- /* Report the number of captured packets if not reported during capture
- and we are saving to a file. */
- report_counts();
-
return TRUE;
+}
-error:
- if (capture_opts.multi_files_on) {
- ringbuf_error_cleanup();
- }
- g_free(capture_opts.save_file);
- capture_opts.save_file = NULL;
- if (cfilter_error) {
+
+/* XXX - move the call to main_window_update() out of capture_sync.c */
+/* dummy for capture_sync.c to make linker happy */
+void main_window_update(void)
+{
+}
+
+/* XXX - move the call to simple_dialog() out of capture_sync.c */
+#include "simple_dialog.h"
+
+/* capture_sync.c want's to tell us an error */
+gpointer simple_dialog(ESD_TYPE_E type _U_, gint btn_mask _U_,
+ const gchar *msg_format, ...)
+{
+ va_list ap;
+
+ /* XXX - do we need to display buttons and alike? */
+ va_start(ap, msg_format);
+ fprintf(stderr, "tshark: ");
+ vfprintf(stderr, msg_format, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+
+ return NULL;
+}
+
+
+/* capture child detected an error */
+void
+capture_input_error_message(capture_options *capture_opts _U_, char *error_msg, char *secondary_error_msg)
+{
+ cmdarg_err("%s", error_msg);
+ cmdarg_err_cont("%s", secondary_error_msg);
+}
+
+
+/* capture child detected an capture filter related error */
+void
+capture_input_cfilter_error_message(capture_options *capture_opts, char *error_message)
+{
dfilter_t *rfcode = NULL;
- if (dfilter_compile(capture_opts.cfilter, &rfcode) && rfcode != NULL) {
+
+
+ if (dfilter_compile(capture_opts->cfilter, &rfcode) && rfcode != NULL) {
cmdarg_err(
"Invalid capture filter: \"%s\"!\n"
"\n"
"so you can't use most display filter expressions as capture filters.\n"
"\n"
"See the User's Guide for a description of the capture filter syntax.",
- capture_opts.cfilter, errmsg);
+ capture_opts->cfilter, error_message);
dfilter_free(rfcode);
} else {
cmdarg_err(
"\n"
"That string isn't a valid capture filter (%s).\n"
"See the User's Guide for a description of the capture filter syntax.",
- capture_opts.cfilter, errmsg);
+ capture_opts->cfilter, error_message);
}
- } else {
- cmdarg_err("%s", errmsg);
- if (*secondary_errmsg != '\0') {
- fprintf(stderr, "\n");
- cmdarg_err_cont("%s", secondary_errmsg);
+}
+
+
+/* capture child tells us we have a new (or the first) capture file */
+gboolean
+capture_input_new_file(capture_options *capture_opts, gchar *new_file)
+{
+ gboolean is_tempfile;
+ int err;
+
+
+ if(capture_opts->state == CAPTURE_PREPARING) {
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture started!");
+ }
+ g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "File: \"%s\"", new_file);
+
+ g_assert(capture_opts->state == CAPTURE_PREPARING || capture_opts->state == CAPTURE_RUNNING);
+
+ capture_opts->cf = &cfile;
+
+ /* free the old filename */
+ if(capture_opts->save_file != NULL) {
+ /* we start a new capture file, close the old one (if we had one before) */
+ if( ((capture_file *) capture_opts->cf)->state != FILE_CLOSED) {
+ if(capture_opts->cf != NULL && ((capture_file *) capture_opts->cf)->wth != NULL) {
+ wtap_close(((capture_file *) capture_opts->cf)->wth);
+ }
}
+ g_free(capture_opts->save_file);
+ is_tempfile = FALSE;
+ } else {
+ /* we didn't had a save_file before, must be a tempfile */
+ is_tempfile = TRUE;
}
-#ifndef _WIN32
- if (ld.from_cap_pipe) {
- if (ld.cap_pipe_fd >= 0)
- eth_close(ld.cap_pipe_fd);
- } else
-#endif
- {
- if (ld.pcap_h != NULL)
- pcap_close(ld.pcap_h);
+
+ /* save the new filename */
+ capture_opts->save_file = g_strdup(new_file);
+
+ /* if we are in real-time mode, open the new file now */
+ if(do_dissection) {
+ /* Attempt to open the capture file and set up to read from it. */
+ switch(cf_open(capture_opts->cf, capture_opts->save_file, is_tempfile, &err)) {
+ case CF_OK:
+ break;
+ case CF_ERROR:
+ /* Don't unlink (delete) the save file - leave it around,
+ for debugging purposes. */
+ g_free(capture_opts->save_file);
+ capture_opts->save_file = NULL;
+ return FALSE;
+ break;
+ }
}
- return FALSE;
+ capture_opts->state = CAPTURE_RUNNING;
+
+ return TRUE;
}
-static void
-capture_pcap_cb(u_char *user, const struct pcap_pkthdr *phdr,
- const u_char *pd)
+
+/* capture child tells us we have new packets to read */
+void
+capture_input_new_packets(capture_options *capture_opts, int to_read)
{
- struct wtap_pkthdr whdr;
- union wtap_pseudo_header pseudo_header;
- const guchar *wtap_pd;
- loop_data *ld = (loop_data *) user;
- int loop_err;
- int err;
- int save_file_fd;
- gboolean packet_accepted;
+ gboolean ret;
+ int err;
+ gchar *err_info;
+ gint64 data_offset;
+ capture_file *cf = capture_opts->cf;
+
#ifdef SIGINFO
/*
infodelay = TRUE;
#endif /* SIGINFO */
- /* The current packet may have arrived after a very long silence,
- * way past the time to switch files. In order not to have
- * the first packet of a new series of events as the last
- * [or only] packet in the file, switch before writing!
- */
- if (cnd_file_duration != NULL && cnd_eval(cnd_file_duration)) {
- /* time elapsed for this ring file, switch to the next */
- if (ringbuf_switch_file(&ld->pdh, &ld->save_file, &save_file_fd,
- &ld->bytes_written, &loop_err)) {
- /* File switch succeeded: reset the condition */
- cnd_reset(cnd_file_duration);
- } else {
- /* File switch failed: stop here */
- /* XXX - we should do something with "loop_err" */
- ld->go = FALSE;
+ if(do_dissection) {
+ while (to_read-- && cf->wth) {
+ ret = wtap_read(cf->wth, &err, &err_info, &data_offset);
+ if(ret == FALSE) {
+ /* read from file failed, tell the capture child to stop */
+ sync_pipe_stop(capture_opts);
+ wtap_close(cf->wth);
+ cf->wth = NULL;
+ } else {
+ ret = process_packet(cf, data_offset, wtap_phdr(cf->wth),
+ wtap_pseudoheader(cf->wth), wtap_buf_ptr(cf->wth));
+ }
+ if (ret != FALSE) {
+ /* packet sucessfully read and gone through the "Read Filter" */
+ packet_count++;
+ }
}
- }
-
- if (do_dissection) {
- /* We're goint to print packet information, run a read filter, or
- process taps. Use process_packet() to handle that; in order
- to do that, we need to convert from libpcap to Wiretap format.
- If that fails, ignore the packet (wtap_process_pcap_packet has
- written an error message). */
- wtap_pd = wtap_process_pcap_packet(ld->wtap_linktype, phdr, pd,
- &pseudo_header, &whdr, &err);
- if (wtap_pd == NULL)
- return;
-
- packet_accepted = process_packet(&cfile, 0, &whdr, &pseudo_header, wtap_pd);
} else {
- /* We're just writing out packets. */
- packet_accepted = TRUE;
+ /*
+ * Dumpcap's doing all the work; we're not doing any dissection.
+ * Count all the packets it wrote.
+ */
+ packet_count += to_read;
}
- if (packet_accepted) {
- /* Count this packet. */
-#ifdef HAVE_LIBPCAP
- ld->packet_count++;
-#endif
-
- if (ld->pdh != NULL) {
- if (!libpcap_write_packet(ld->pdh, phdr, pd, &ld->bytes_written, &err)) {
- /* Error writing to a capture file */
- if (print_packet_counts) {
- /* We're printing counts of packets captured; move to the line after
- the count. */
- fprintf(stderr, "\n");
- }
- show_capture_file_io_error(ld->save_file, err, FALSE);
- pcap_close(ld->pcap_h);
- libpcap_dump_close(ld->pdh, &err);
- exit(2);
- }
- }
- if (print_packet_counts) {
+ if (print_packet_counts) {
/* We're printing packet counts. */
- if (ld->packet_count != 0) {
- fprintf(stderr, "\r%u ", ld->packet_count);
+ if (packet_count != 0) {
+ fprintf(stderr, "\r%u ", packet_count);
/* stderr could be line buffered */
fflush(stderr);
}
- }
}
#ifdef SIGINFO
#endif /* SIGINFO */
}
+static void
+report_counts(void)
+{
+ if (!print_packet_counts) {
+ /* Report the count only if we aren't printing a packet count
+ as packets arrive. */
+ fprintf(stderr, "%u packets captured\n", packet_count);
+ }
+#ifdef SIGINFO
+ infoprint = FALSE; /* we just reported it */
+#endif /* SIGINFO */
+}
+
+#ifdef SIGINFO
+static void
+report_counts_siginfo(int signum _U_)
+{
+ int sav_errno = errno;
+ /* If we've been told to delay printing, just set a flag asking
+ that we print counts (if we're supposed to), otherwise print
+ the count of packets captured (if we're supposed to). */
+ if (infodelay)
+ infoprint = TRUE;
+ else
+ report_counts();
+ errno = sav_errno;
+}
+#endif /* SIGINFO */
+
+
+/* capture child detected any packet drops? */
+void
+capture_input_drops(capture_options *capture_opts _U_, int dropped)
+{
+ if (print_packet_counts) {
+ /* We're printing packet counts to stderr.
+ Send a newline so that we move to the line after the packet count. */
+ fprintf(stderr, "\n");
+ }
+
+ if(dropped != 0) {
+ /* We're printing packet counts to stderr.
+ Send a newline so that we move to the line after the packet count. */
+ fprintf(stderr, "%u packet%s dropped\n", dropped, plurality(dropped, "", "s"));
+ }
+}
+
+
+/* capture child closed its side of the pipe, do the required cleanup */
+void
+capture_input_closed(capture_options *capture_opts)
+{
+ report_counts();
+
+ if(capture_opts->cf != NULL && ((capture_file *) capture_opts->cf)->wth != NULL) {
+ wtap_close(((capture_file *) capture_opts->cf)->wth);
+ }
+#ifdef USE_BROKEN_G_MAIN_LOOP
+ /*g_main_loop_quit(loop);*/
+ g_main_quit(loop);
+#else
+ loop_running = FALSE;
+#endif
+}
+
+
+
+
#ifdef _WIN32
static BOOL WINAPI
capture_cleanup(DWORD ctrltype _U_)
C++ (i.e., it's a property of the Cygwin console window or Bash;
it happens if TShark is not built with Cygwin - for all I know,
building it with Cygwin may make the problem go away). */
- ld.go = FALSE;
+
+ /* tell the capture child to stop */
+ sync_pipe_stop(&capture_opts);
+
+ /* don't stop our own loop already here, otherwise status messages and
+ * cleanup wouldn't be done properly. The child will indicate the stop of
+ * everything by calling capture_input_closed() later */
+
return TRUE;
}
#else
static void
capture_cleanup(int signum _U_)
{
- /* Longjmp back to the starting point; "pcap_dispatch()", on many
- UNIX platforms, just keeps looping if it gets EINTR, so if we set
- "ld.go" to FALSE and return, we won't break out of it and quit
- capturing. */
- longjmp(ld.stopenv, 1);
+ /* tell the capture child to stop */
+ sync_pipe_stop(&capture_opts);
}
#endif /* _WIN32 */
-
-static void
-report_counts(void)
-{
-#ifdef SIGINFO
- /* XXX - if we use sigaction, this doesn't have to be done.
- (Yes, this isn't necessary on BSD, but just in case a system
- where "signal()" has AT&T semantics adopts SIGINFO....) */
- signal(SIGINFO, report_counts_siginfo);
-#endif /* SIGINFO */
-
- if (!print_packet_counts) {
- /* Report the count only if we aren't printing a packet count
- as packets arrive. */
- fprintf(stderr, "%u packets captured\n", ld.packet_count);
- }
-#ifdef SIGINFO
- infoprint = FALSE; /* we just reported it */
-#endif /* SIGINFO */
-}
-
-#ifdef SIGINFO
-static void
-report_counts_siginfo(int signum _U_)
-{
- int sav_errno = errno;
- /* If we've been told to delay printing, just set a flag asking
- that we print counts (if we're supposed to), otherwise print
- the count of packets captured (if we're supposed to). */
- if (infodelay)
- infoprint = TRUE;
- else
- report_counts();
- errno = sav_errno;
-}
-#endif /* SIGINFO */
#endif /* HAVE_LIBPCAP */
static int
-load_cap_file(capture_file *cf, char *save_file, int out_file_type)
+load_cap_file(capture_file *cf, char *save_file, int out_file_type,
+ int max_packet_count, gint64 max_byte_count)
{
gint linktype;
int snapshot_length;
wtap_dumper *pdh;
int err;
gchar *err_info;
- long data_offset;
+ gint64 data_offset;
char *save_file_string = NULL;
linktype = wtap_file_encap(cf->wth);
exit(2);
}
}
+ /* Stop reading if we have the maximum number of packets;
+ * note that a zero max_packet_count will never be matched
+ * (unless we roll over the packet number?)
+ */
+ if(max_packet_count == cf->count || (max_byte_count != 0 && data_offset >= max_byte_count)) {
+ err = 0; /* This is not an error */
+ break;
+ }
}
}
if (err != 0) {
static void
fill_in_fdata(frame_data *fdata, capture_file *cf,
- const struct wtap_pkthdr *phdr, long offset)
+ const struct wtap_pkthdr *phdr, gint64 offset)
{
fdata->next = NULL;
fdata->prev = NULL;
fdata->cap_len = phdr->caplen;
fdata->file_off = offset;
fdata->lnk_t = phdr->pkt_encap;
- fdata->abs_ts = *((nstime_t *) &phdr->ts);
+ fdata->abs_ts.secs = phdr->ts.secs;
+ fdata->abs_ts.nsecs = phdr->ts.nsecs;
fdata->flags.passed_dfilter = 0;
fdata->flags.encoding = CHAR_ASCII;
fdata->flags.visited = 0;
/* If we don't have the time stamp of the first packet in the
capture, it's because this is the first packet. Save the time
stamp of this packet as the time stamp of the first packet. */
- if (nstime_is_zero(&first_ts)) {
+ if (nstime_is_unset(&first_ts)) {
first_ts = fdata->abs_ts;
}
- /* If we don't have the time stamp of the previous displayed packet,
- it's because this is the first displayed packet. Save the time
- stamp of this packet as the time stamp of the previous displayed
+ /* If we don't have the time stamp of the previous captured packet,
+ it's because this is the first packet. Save the time
+ stamp of this packet as the time stamp of the previous captured
packet. */
- if (nstime_is_zero(&prev_ts)) {
- prev_ts = fdata->abs_ts;
+ if (nstime_is_unset(&prev_cap_ts)) {
+ prev_cap_ts = fdata->abs_ts;
}
/* Get the time elapsed between the first packet and this packet. */
/* Get the time elapsed between the previous displayed packet and
this packet. */
- nstime_delta(&fdata->del_ts, &fdata->abs_ts, &prev_ts);
- prev_ts = fdata->abs_ts;
+ if (nstime_is_unset(&prev_dis_ts))
+ nstime_set_zero(&fdata->del_dis_ts);
+ else
+ nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
+
+ /* Get the time elapsed between the previous captured packet and
+ this packet. */
+ nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &prev_cap_ts);
+ prev_cap_ts = fdata->abs_ts;
}
/* Free up all data attached to a "frame_data" structure. */
}
static gboolean
-process_packet(capture_file *cf, long offset, const struct wtap_pkthdr *whdr,
+process_packet(capture_file *cf, gint64 offset, const struct wtap_pkthdr *whdr,
union wtap_pseudo_header *pseudo_header, const guchar *pd)
{
frame_data fdata;
if (print_packet_info) {
/* Grab any resolved addresses */
-
+
if (g_resolv_flags) {
host_name_lookup_process(NULL);
}
}
if (passed) {
+ /* Keep the time of the current packet if the packet passed
+ the read filter so that the delta time since last displayed
+ packet can be calculated */
+ prev_dis_ts = fdata.abs_ts;
+
/* Process this packet. */
if (print_packet_info) {
/* We're printing packet information; print the information for
switch (output_action) {
case WRITE_TEXT:
- return print_preamble(print_stream, cf->filename);
+ return print_preamble(print_stream, cf ? cf->filename : NULL);
break;
case WRITE_XML:
write_psml_preamble(stdout);
return !ferror(stdout);
+ case WRITE_FIELDS:
+ write_fields_preamble(output_fields, stdout);
+ return !ferror(stdout);
+
default:
g_assert_not_reached();
return FALSE;
proto_tree_write_pdml(edt, stdout);
printf("\n");
return !ferror(stdout);
+ case WRITE_FIELDS:
+ proto_tree_write_fields(output_fields, edt, stdout);
+ printf("\n");
+ return !ferror(stdout);
}
} else {
/* Just fill in the columns. */
case WRITE_XML:
proto_tree_write_psml(edt, stdout);
return !ferror(stdout);
+ case WRITE_FIELDS: /*No non-verbose "fields" format */
+ g_assert_not_reached();
+ break;
}
}
if (print_hex) {
write_psml_finale(stdout);
return !ferror(stdout);
+ case WRITE_FIELDS:
+ write_fields_finale(output_fields, stdout);
+ return !ferror(stdout);
+
default:
g_assert_not_reached();
return FALSE;
} else
cf->has_snap = TRUE;
nstime_set_zero(&cf->elapsed_time);
- nstime_set_zero(&first_ts);
- nstime_set_zero(&prev_ts);
+ nstime_set_unset(&first_ts);
+ nstime_set_unset(&prev_dis_ts);
+ nstime_set_unset(&prev_cap_ts);
return CF_OK;
}
-/****************************************************************************************************************/
-/* indication report "dummies", needed for capture_loop.c */
-
-#ifdef HAVE_LIBPCAP
-
-/** Report a new capture file having been opened. */
-void
-report_new_capture_file(const char *filename)
-{
- /* shouldn't happen */
- g_assert_not_reached();
-}
-
-/** Report a number of new packets captured. */
-void
-report_packet_count(int packet_count)
-{
- /* shouldn't happen */
- g_assert_not_reached();
-}
-
-/** Report the packet drops once the capture finishes. */
-void
-report_packet_drops(int drops)
-{
- /* shouldn't happen */
- g_assert_not_reached();
-}
-
-/** Report an error in the capture. */
-void
-report_capture_error(const char *errmsg, const char *secondary_error_msg)
-{
- cmdarg_err(errmsg);
- cmdarg_err_cont(secondary_error_msg);
-}
-
-/** Report an error with a capture filter. */
-void
-report_cfilter_error(const char *cfilter, const char *errmsg)
-{
-
- cmdarg_err(
- "Invalid capture filter: \"%s\"!\n"
- "\n"
- "That string isn't a valid capture filter (%s).\n"
- "See the User's Guide for a description of the capture filter syntax.",
- cfilter, errmsg);
-}
-
-#endif /* HAVE_LIBPCAP */
-
-
-/****************************************************************************************************************/
-/* signal pipe "dummies", needed for capture_loop.c */
-
-#ifdef HAVE_LIBPCAP
-
-#ifdef _WIN32
-gboolean
-signal_pipe_check_running(void)
-{
- /* currently, no check required */
- return TRUE;
-}
-#endif /* _WIN32 */
-
-#endif /* HAVE_LIBPCAP */
git.samba.org / obnox / wireshark / wip.git / blobdiff