2 * Routines for capture options setting
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #include <epan/packet.h>
39 #include "capture_opts.h"
40 #include "ringbuffer.h"
41 #include "clopts_common.h"
42 #include "cmdarg_err.h"
44 #include "capture-pcap-util.h"
45 #include <wiretap/file_util.h>
48 static gboolean capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe);
52 capture_opts_init(capture_options *capture_opts, void *cfile)
54 capture_opts->cf = cfile;
55 capture_opts->cfilter = g_strdup(""); /* No capture filter string specified */
56 capture_opts->iface = NULL; /* Default is "pick the first interface" */
58 capture_opts->buffer_size = 1; /* 1 MB */
60 capture_opts->has_snaplen = FALSE;
61 capture_opts->snaplen = WTAP_MAX_PACKET_SIZE; /* snapshot length - default is
62 infinite, in effect */
63 capture_opts->promisc_mode = TRUE; /* promiscuous mode is the default */
64 capture_opts->linktype = -1; /* the default linktype */
65 capture_opts->saving_to_file = FALSE;
66 capture_opts->save_file = NULL;
67 capture_opts->real_time_mode = TRUE;
68 capture_opts->show_info = TRUE;
69 capture_opts->quit_after_cap = FALSE;
70 capture_opts->restart = FALSE;
72 capture_opts->multi_files_on = FALSE;
73 capture_opts->has_file_duration = FALSE;
74 capture_opts->file_duration = 60; /* 1 min */
75 capture_opts->has_ring_num_files = FALSE;
76 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
78 capture_opts->has_autostop_files = FALSE;
79 capture_opts->autostop_files = 1;
80 capture_opts->has_autostop_packets = FALSE;
81 capture_opts->autostop_packets = 0;
82 capture_opts->has_autostop_filesize = FALSE;
83 capture_opts->autostop_filesize = 1024; /* 1 MB */
84 capture_opts->has_autostop_duration = FALSE;
85 capture_opts->autostop_duration = 60; /* 1 min */
88 capture_opts->fork_child = -1; /* invalid process handle */
90 capture_opts->signal_pipe_write_fd = -1;
92 capture_opts->state = CAPTURE_STOPPED;
93 capture_opts->output_to_pipe = FALSE;
97 /* log content of capture_opts */
99 capture_opts_log(const char *log_domain, GLogLevelFlags log_level, capture_options *capture_opts) {
100 g_log(log_domain, log_level, "CAPTURE OPTIONS :");
101 g_log(log_domain, log_level, "CFile : 0x%p", capture_opts->cf);
102 g_log(log_domain, log_level, "Filter : %s", capture_opts->cfilter);
103 g_log(log_domain, log_level, "Interface : %s", capture_opts->iface);
105 g_log(log_domain, log_level, "BufferSize : %u (MB)", capture_opts->buffer_size);
107 g_log(log_domain, log_level, "SnapLen (%u): %u", capture_opts->has_snaplen, capture_opts->snaplen);
108 g_log(log_domain, log_level, "Promisc : %u", capture_opts->promisc_mode);
109 g_log(log_domain, log_level, "LinkType : %d", capture_opts->linktype);
110 g_log(log_domain, log_level, "SavingToFile : %u", capture_opts->saving_to_file);
111 g_log(log_domain, log_level, "SaveFile : %s", (capture_opts->save_file) ? capture_opts->save_file : "");
112 g_log(log_domain, log_level, "RealTimeMode : %u", capture_opts->real_time_mode);
113 g_log(log_domain, log_level, "ShowInfo : %u", capture_opts->show_info);
114 g_log(log_domain, log_level, "QuitAfterCap : %u", capture_opts->quit_after_cap);
116 g_log(log_domain, log_level, "MultiFilesOn : %u", capture_opts->multi_files_on);
117 g_log(log_domain, log_level, "FileDuration (%u): %u", capture_opts->has_file_duration, capture_opts->file_duration);
118 g_log(log_domain, log_level, "RingNumFiles (%u): %u", capture_opts->has_ring_num_files, capture_opts->ring_num_files);
120 g_log(log_domain, log_level, "AutostopFiles (%u): %u", capture_opts->has_autostop_files, capture_opts->autostop_files);
121 g_log(log_domain, log_level, "AutostopPackets (%u): %u", capture_opts->has_autostop_packets, capture_opts->autostop_packets);
122 g_log(log_domain, log_level, "AutostopFilesize(%u): %u (KB)", capture_opts->has_autostop_filesize, capture_opts->autostop_filesize);
123 g_log(log_domain, log_level, "AutostopDuration(%u): %u", capture_opts->has_autostop_duration, capture_opts->autostop_duration);
125 g_log(log_domain, log_level, "ForkChild : %d", capture_opts->fork_child);
127 g_log(log_domain, log_level, "SignalPipeWrite : %d", capture_opts->signal_pipe_write_fd);
132 * Given a string of the form "<autostop criterion>:<value>", as might appear
133 * as an argument to a "-a" option, parse it and set the criterion in
134 * question. Return an indication of whether it succeeded or failed
138 set_autostop_criterion(capture_options *capture_opts, const char *autostoparg)
142 colonp = strchr(autostoparg, ':');
150 * Skip over any white space (there probably won't be any, but
151 * as we allow it in the preferences file, we might as well
154 while (isspace((guchar)*p))
158 * Put the colon back, so if our caller uses, in an
159 * error message, the string they passed us, the message
165 if (strcmp(autostoparg,"duration") == 0) {
166 capture_opts->has_autostop_duration = TRUE;
167 capture_opts->autostop_duration = get_positive_int(p,"autostop duration");
168 } else if (strcmp(autostoparg,"filesize") == 0) {
169 capture_opts->has_autostop_filesize = TRUE;
170 capture_opts->autostop_filesize = get_positive_int(p,"autostop filesize");
171 } else if (strcmp(autostoparg,"files") == 0) {
172 capture_opts->multi_files_on = TRUE;
173 capture_opts->has_autostop_files = TRUE;
174 capture_opts->autostop_files = get_positive_int(p,"autostop files");
178 *colonp = ':'; /* put the colon back */
183 * Given a string of the form "<ring buffer file>:<duration>", as might appear
184 * as an argument to a "-b" option, parse it and set the arguments in
185 * question. Return an indication of whether it succeeded or failed
189 get_ring_arguments(capture_options *capture_opts, const char *arg)
191 gchar *p = NULL, *colonp;
193 colonp = strchr(arg, ':');
201 * Skip over any white space (there probably won't be any, but
202 * as we allow it in the preferences file, we might as well
205 while (isspace((guchar)*p))
209 * Put the colon back, so if our caller uses, in an
210 * error message, the string they passed us, the message
217 if (strcmp(arg,"files") == 0) {
218 capture_opts->has_ring_num_files = TRUE;
219 capture_opts->ring_num_files = get_natural_int(p, "number of ring buffer files");
220 } else if (strcmp(arg,"filesize") == 0) {
221 capture_opts->has_autostop_filesize = TRUE;
222 capture_opts->autostop_filesize = get_positive_int(p, "ring buffer filesize");
223 } else if (strcmp(arg,"duration") == 0) {
224 capture_opts->has_file_duration = TRUE;
225 capture_opts->file_duration = get_positive_int(p, "ring buffer duration");
228 *colonp = ':'; /* put the colon back */
234 capture_opts_add_iface_opt(capture_options *capture_opts, const char *optarg)
241 gchar err_str[CAPTURE_PCAP_ERRBUF_SIZE];
242 gchar *cant_get_if_list_errstr;
246 * If the argument is a number, treat it as an index into the list
247 * of adapters, as printed by "tshark -D".
249 * This should be OK on UNIX systems, as interfaces shouldn't have
250 * names that begin with digits. It can be useful on Windows, where
251 * more than one interface can have the same name.
253 adapter_index = strtol(optarg, &p, 10);
254 if (p != NULL && *p == '\0') {
255 if (adapter_index < 0) {
256 cmdarg_err("The specified adapter index is a negative number");
259 if (adapter_index > INT_MAX) {
260 cmdarg_err("The specified adapter index is too large (greater than %d)",
264 if (adapter_index == 0) {
265 cmdarg_err("there is no interface with that adapter index");
268 if_list = get_interface_list(&err, err_str);
269 if (if_list == NULL) {
272 case CANT_GET_INTERFACE_LIST:
273 cant_get_if_list_errstr =
274 cant_get_if_list_error_message(err_str);
275 cmdarg_err("%s", cant_get_if_list_errstr);
276 g_free(cant_get_if_list_errstr);
279 case NO_INTERFACES_FOUND:
280 cmdarg_err("There are no interfaces on which a capture can be done");
285 if_info = g_list_nth_data(if_list, adapter_index - 1);
286 if (if_info == NULL) {
287 cmdarg_err("there is no interface with that adapter index");
290 capture_opts->iface = g_strdup(if_info->name);
291 free_interface_list(if_list);
293 capture_opts->iface = g_strdup(optarg);
300 capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg, gboolean *start_capture)
305 case 'a': /* autostop criteria */
306 if (set_autostop_criterion(capture_opts, optarg) == FALSE) {
307 cmdarg_err("Invalid or unknown -a flag \"%s\"", optarg);
311 case 'b': /* Ringbuffer option */
312 capture_opts->multi_files_on = TRUE;
313 if (get_ring_arguments(capture_opts, optarg) == FALSE) {
314 cmdarg_err("Invalid or unknown -b arg \"%s\"", optarg);
319 case 'B': /* Buffer size */
320 capture_opts->buffer_size = get_positive_int(optarg, "buffer size");
323 case 'c': /* Capture n packets */
324 capture_opts->has_autostop_packets = TRUE;
325 capture_opts->autostop_packets = get_positive_int(optarg, "packet count");
327 case 'f': /* capture filter */
328 if (capture_opts->has_cfilter) {
329 cmdarg_err("More than one -f argument specified");
332 capture_opts->has_cfilter = TRUE;
333 g_free(capture_opts->cfilter);
334 capture_opts->cfilter = g_strdup(optarg);
336 case 'H': /* Hide capture info dialog box */
337 capture_opts->show_info = FALSE;
339 case 'i': /* Use interface x */
340 status = capture_opts_add_iface_opt(capture_opts, optarg);
345 case 'k': /* Start capture immediately */
346 *start_capture = TRUE;
348 /*case 'l':*/ /* Automatic scrolling in live capture mode */
349 case 'p': /* Don't capture in promiscuous mode */
350 capture_opts->promisc_mode = FALSE;
352 case 'Q': /* Quit after capture (just capture to file) */
353 capture_opts->quit_after_cap = TRUE;
354 *start_capture = TRUE; /*** -Q implies -k !! ***/
356 case 's': /* Set the snapshot (capture) length */
357 capture_opts->has_snaplen = TRUE;
358 capture_opts->snaplen = get_positive_int(optarg, "snapshot length");
360 case 'S': /* "Real-Time" mode: used for following file ala tail -f */
361 capture_opts->real_time_mode = TRUE;
363 case 'w': /* Write to capture file x */
364 capture_opts->saving_to_file = TRUE;
365 g_free(capture_opts->save_file);
366 #if defined _WIN32 && (GLIB_MAJOR_VERSION > 2 || (GLIB_MAJOR_VERSION == 2 && GLIB_MINOR_VERSION >= 6))
367 /* since GLib 2.6, we need to convert filenames to utf8 for Win32 */
368 capture_opts->save_file = g_locale_to_utf8(optarg, -1, NULL, NULL, NULL);
370 capture_opts->save_file = g_strdup(optarg);
372 status = capture_opts_output_to_pipe(capture_opts->save_file, &capture_opts->output_to_pipe);
375 case 'y': /* Set the pcap data link type */
376 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
377 capture_opts->linktype = linktype_name_to_val(optarg);
378 if (capture_opts->linktype == -1) {
379 cmdarg_err("The specified data link type \"%s\" isn't valid",
383 #else /* HAVE_PCAP_DATALINK_NAME_TO_VAL */
384 /* we can't get the type name, just treat it as a number */
385 capture_opts->linktype = get_natural_int(optarg, "data link type");
386 #endif /* HAVE_PCAP_DATALINK_NAME_TO_VAL */
389 /* the caller is responsible to send us only the right opt's */
390 g_assert_not_reached();
397 int capture_opts_list_link_layer_types(capture_options *capture_opts)
399 gchar err_str[CAPTURE_PCAP_ERRBUF_SIZE];
400 GList *lt_list, *lt_entry;
401 data_link_info_t *data_link_info;
403 /* Get the list of link-layer types for the capture device. */
404 lt_list = get_pcap_linktype_list(capture_opts->iface, err_str);
405 if (lt_list == NULL) {
406 if (err_str[0] != '\0') {
407 cmdarg_err("The list of data link types for the capture device \"%s\" could not be obtained (%s)."
408 "Please check to make sure you have sufficient permissions, and that\n"
409 "you have the proper interface or pipe specified.\n", capture_opts->iface, err_str);
411 cmdarg_err("The capture device \"%s\" has no data link types.", capture_opts->iface);
414 cmdarg_err_cont("Data link types (use option -y to set):");
415 for (lt_entry = lt_list; lt_entry != NULL;
416 lt_entry = g_list_next(lt_entry)) {
417 data_link_info = lt_entry->data;
418 cmdarg_err_cont(" %s", data_link_info->name);
419 if (data_link_info->description != NULL)
420 cmdarg_err_cont(" (%s)", data_link_info->description);
422 cmdarg_err_cont(" (not supported)");
425 free_pcap_linktype_list(lt_list);
431 int capture_opts_list_interfaces()
437 gchar err_str[CAPTURE_PCAP_ERRBUF_SIZE];
438 gchar *cant_get_if_list_errstr;
447 if_list = get_interface_list(&err, err_str);
448 if (if_list == NULL) {
450 case CANT_GET_INTERFACE_LIST:
451 cant_get_if_list_errstr = cant_get_if_list_error_message(err_str);
452 cmdarg_err("%s", cant_get_if_list_errstr);
453 g_free(cant_get_if_list_errstr);
456 case NO_INTERFACES_FOUND:
457 cmdarg_err("There are no interfaces on which a capture can be done");
463 i = 1; /* Interface id number */
464 for (if_entry = g_list_first(if_list); if_entry != NULL;
465 if_entry = g_list_next(if_entry)) {
466 if_info = if_entry->data;
467 printf("%d. %s", i++, if_info->name);
468 if (if_info->description != NULL)
469 printf(" (%s)", if_info->description);
471 for(ip_addr = g_slist_nth(if_info->ip_addr, 0); ip_addr != NULL;
472 ip_addr = g_slist_next(ip_addr)) {
473 if_addr = ip_addr->data;
474 switch(if_addr->type) {
476 memcpy(ipv4, (void *) &if_addr->ip_addr.ip4_addr, 4);
477 printf(" %u.%u.%u.%u", ipv4[0], ipv4[1], ipv4[2], ipv4[3]);
480 /* XXX - display the IPv6 address without using stuff from epan */
484 printf(" unknown address type %u", if_addr->type);
491 free_interface_list(if_list);
497 void capture_opts_trim_snaplen(capture_options *capture_opts, int snaplen_min)
499 if (capture_opts->snaplen < 1)
500 capture_opts->snaplen = WTAP_MAX_PACKET_SIZE;
501 else if (capture_opts->snaplen < snaplen_min)
502 capture_opts->snaplen = snaplen_min;
506 void capture_opts_trim_ring_num_files(capture_options *capture_opts)
508 /* Check the value range of the ring_num_files parameter */
509 if (capture_opts->ring_num_files > RINGBUFFER_MAX_NUM_FILES)
510 capture_opts->ring_num_files = RINGBUFFER_MAX_NUM_FILES;
511 #if RINGBUFFER_MIN_NUM_FILES > 0
512 else if (capture_opts->ring_num_files < RINGBUFFER_MIN_NUM_FILES)
513 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
518 gboolean capture_opts_trim_iface(capture_options *capture_opts, const char *capture_device)
523 gchar err_str[CAPTURE_PCAP_ERRBUF_SIZE];
524 gchar *cant_get_if_list_errstr;
527 /* Did the user specify an interface to use? */
528 if (capture_opts->iface == NULL) {
529 /* No - is a default specified in the preferences file? */
530 if (capture_device != NULL) {
532 capture_opts->iface = g_strdup(capture_device);
534 /* No - pick the first one from the list of interfaces. */
535 if_list = get_interface_list(&err, err_str);
536 if (if_list == NULL) {
539 case CANT_GET_INTERFACE_LIST:
540 cant_get_if_list_errstr = cant_get_if_list_error_message(err_str);
541 cmdarg_err("%s", cant_get_if_list_errstr);
542 g_free(cant_get_if_list_errstr);
545 case NO_INTERFACES_FOUND:
546 cmdarg_err("There are no interfaces on which a capture can be done");
551 if_info = if_list->data; /* first interface */
552 capture_opts->iface = g_strdup(if_info->name);
553 free_interface_list(if_list);
563 #define S_IFIFO _S_IFIFO
566 #define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
569 /* copied from filesystem.c */
570 static int capture_opts_test_for_fifo(const char *path)
574 if (eth_stat(path, &statb) < 0)
577 if (S_ISFIFO(statb.st_mode))
583 static gboolean capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe)
587 if (save_file != NULL) {
588 /* We're writing to a capture file. */
589 if (strcmp(save_file, "-") == 0) {
590 /* Writing to stdout. */
591 /* XXX - should we check whether it's a pipe? It's arguably
592 silly to do "-w - >output_file" rather than "-w output_file",
593 but by not checking we might be violating the Principle Of
594 Least Astonishment. */
597 /* not a capture file, test for a FIFO (aka named pipe) */
598 err = capture_opts_test_for_fifo(save_file);
601 case ENOENT: /* it doesn't exist, so we'll be creating it,
602 and it won't be a FIFO */
603 case 0: /* found it, but it's not a FIFO */
606 case ESPIPE: /* it is a FIFO */
610 default: /* couldn't stat it */
611 cmdarg_err("Error testing whether capture file is a pipe: %s",
623 #endif /* HAVE_LIBPCAP */