2 * Routines for capture options setting
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 #ifdef HAVE_SYS_TYPES_H
39 # include <sys/types.h>
42 #ifdef HAVE_NETINET_IN_H
43 #include <netinet/in.h>
46 #ifdef HAVE_ARPA_INET_H
47 #include <arpa/inet.h>
50 #ifdef HAVE_SYS_SOCKET_H
51 #include <sys/socket.h> /* needed to define AF_ values on UNIX */
54 #ifdef HAVE_WINSOCK2_H
55 #include <winsock2.h> /* needed to define AF_ values on Windows */
58 #ifdef NEED_INET_V6DEFS_H
59 # include "inet_v6defs.h"
64 #include <epan/packet.h>
66 #include "capture_opts.h"
67 #include "ringbuffer.h"
68 #include "clopts_common.h"
69 #include "cmdarg_err.h"
71 #include "capture-pcap-util.h"
72 #include <wiretap/file_util.h>
79 static gboolean capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe);
83 capture_opts_init(capture_options *capture_opts, void *cfile)
85 capture_opts->cf = cfile;
86 capture_opts->cfilter = g_strdup(""); /* No capture filter string specified */
87 capture_opts->iface = NULL; /* Default is "pick the first interface" */
88 capture_opts->iface_descr = NULL;
90 capture_opts->buffer_size = 1; /* 1 MB */
92 capture_opts->has_snaplen = FALSE;
93 capture_opts->snaplen = WTAP_MAX_PACKET_SIZE; /* snapshot length - default is
94 infinite, in effect */
95 capture_opts->promisc_mode = TRUE; /* promiscuous mode is the default */
96 capture_opts->linktype = -1; /* the default linktype */
97 capture_opts->saving_to_file = FALSE;
98 capture_opts->save_file = NULL;
99 capture_opts->real_time_mode = TRUE;
100 capture_opts->show_info = TRUE;
101 capture_opts->quit_after_cap = FALSE;
102 capture_opts->restart = FALSE;
104 capture_opts->multi_files_on = FALSE;
105 capture_opts->has_file_duration = FALSE;
106 capture_opts->file_duration = 60; /* 1 min */
107 capture_opts->has_ring_num_files = FALSE;
108 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
110 capture_opts->has_autostop_files = FALSE;
111 capture_opts->autostop_files = 1;
112 capture_opts->has_autostop_packets = FALSE;
113 capture_opts->autostop_packets = 0;
114 capture_opts->has_autostop_filesize = FALSE;
115 capture_opts->autostop_filesize = 1024; /* 1 MB */
116 capture_opts->has_autostop_duration = FALSE;
117 capture_opts->autostop_duration = 60; /* 1 min */
120 capture_opts->fork_child = -1; /* invalid process handle */
122 capture_opts->signal_pipe_write_fd = -1;
124 capture_opts->state = CAPTURE_STOPPED;
125 capture_opts->output_to_pipe = FALSE;
127 capture_opts->owner = getuid();
128 capture_opts->group = getgid();
133 /* log content of capture_opts */
135 capture_opts_log(const char *log_domain, GLogLevelFlags log_level, capture_options *capture_opts) {
136 g_log(log_domain, log_level, "CAPTURE OPTIONS :");
137 g_log(log_domain, log_level, "CFile : 0x%p", capture_opts->cf);
138 g_log(log_domain, log_level, "Filter : %s", capture_opts->cfilter);
139 g_log(log_domain, log_level, "Interface : %s", capture_opts->iface);
140 /* iface_descr may not been filled in and some C Libraries hate a null ptr for %s */
141 g_log(log_domain, log_level, "Interface Descr : %s",
142 capture_opts->iface_descr ? capture_opts->iface_descr : "<null>");
144 g_log(log_domain, log_level, "BufferSize : %u (MB)", capture_opts->buffer_size);
146 g_log(log_domain, log_level, "SnapLen (%u): %u", capture_opts->has_snaplen, capture_opts->snaplen);
147 g_log(log_domain, log_level, "Promisc : %u", capture_opts->promisc_mode);
148 g_log(log_domain, log_level, "LinkType : %d", capture_opts->linktype);
149 g_log(log_domain, log_level, "SavingToFile : %u", capture_opts->saving_to_file);
150 g_log(log_domain, log_level, "SaveFile : %s", (capture_opts->save_file) ? capture_opts->save_file : "");
151 g_log(log_domain, log_level, "RealTimeMode : %u", capture_opts->real_time_mode);
152 g_log(log_domain, log_level, "ShowInfo : %u", capture_opts->show_info);
153 g_log(log_domain, log_level, "QuitAfterCap : %u", capture_opts->quit_after_cap);
155 g_log(log_domain, log_level, "MultiFilesOn : %u", capture_opts->multi_files_on);
156 g_log(log_domain, log_level, "FileDuration (%u): %u", capture_opts->has_file_duration, capture_opts->file_duration);
157 g_log(log_domain, log_level, "RingNumFiles (%u): %u", capture_opts->has_ring_num_files, capture_opts->ring_num_files);
159 g_log(log_domain, log_level, "AutostopFiles (%u): %u", capture_opts->has_autostop_files, capture_opts->autostop_files);
160 g_log(log_domain, log_level, "AutostopPackets (%u): %u", capture_opts->has_autostop_packets, capture_opts->autostop_packets);
161 g_log(log_domain, log_level, "AutostopFilesize(%u): %u (KB)", capture_opts->has_autostop_filesize, capture_opts->autostop_filesize);
162 g_log(log_domain, log_level, "AutostopDuration(%u): %u", capture_opts->has_autostop_duration, capture_opts->autostop_duration);
164 g_log(log_domain, log_level, "ForkChild : %d", capture_opts->fork_child);
166 g_log(log_domain, log_level, "SignalPipeWrite : %d", capture_opts->signal_pipe_write_fd);
171 * Given a string of the form "<autostop criterion>:<value>", as might appear
172 * as an argument to a "-a" option, parse it and set the criterion in
173 * question. Return an indication of whether it succeeded or failed
177 set_autostop_criterion(capture_options *capture_opts, const char *autostoparg)
181 colonp = strchr(autostoparg, ':');
189 * Skip over any white space (there probably won't be any, but
190 * as we allow it in the preferences file, we might as well
193 while (isspace((guchar)*p))
197 * Put the colon back, so if our caller uses, in an
198 * error message, the string they passed us, the message
204 if (strcmp(autostoparg,"duration") == 0) {
205 capture_opts->has_autostop_duration = TRUE;
206 capture_opts->autostop_duration = get_positive_int(p,"autostop duration");
207 } else if (strcmp(autostoparg,"filesize") == 0) {
208 capture_opts->has_autostop_filesize = TRUE;
209 capture_opts->autostop_filesize = get_positive_int(p,"autostop filesize");
210 } else if (strcmp(autostoparg,"files") == 0) {
211 capture_opts->multi_files_on = TRUE;
212 capture_opts->has_autostop_files = TRUE;
213 capture_opts->autostop_files = get_positive_int(p,"autostop files");
217 *colonp = ':'; /* put the colon back */
222 * Given a string of the form "<ring buffer file>:<duration>", as might appear
223 * as an argument to a "-b" option, parse it and set the arguments in
224 * question. Return an indication of whether it succeeded or failed
228 get_ring_arguments(capture_options *capture_opts, const char *arg)
230 gchar *p = NULL, *colonp;
232 colonp = strchr(arg, ':');
240 * Skip over any white space (there probably won't be any, but
241 * as we allow it in the preferences file, we might as well
244 while (isspace((guchar)*p))
248 * Put the colon back, so if our caller uses, in an
249 * error message, the string they passed us, the message
256 if (strcmp(arg,"files") == 0) {
257 capture_opts->has_ring_num_files = TRUE;
258 capture_opts->ring_num_files = get_natural_int(p, "number of ring buffer files");
259 } else if (strcmp(arg,"filesize") == 0) {
260 capture_opts->has_autostop_filesize = TRUE;
261 capture_opts->autostop_filesize = get_positive_int(p, "ring buffer filesize");
262 } else if (strcmp(arg,"duration") == 0) {
263 capture_opts->has_file_duration = TRUE;
264 capture_opts->file_duration = get_positive_int(p, "ring buffer duration");
267 *colonp = ':'; /* put the colon back */
273 capture_opts_add_iface_opt(capture_options *capture_opts, const char *optarg)
284 * If the argument is a number, treat it as an index into the list
285 * of adapters, as printed by "tshark -D".
287 * This should be OK on UNIX systems, as interfaces shouldn't have
288 * names that begin with digits. It can be useful on Windows, where
289 * more than one interface can have the same name.
291 adapter_index = strtol(optarg, &p, 10);
292 if (p != NULL && *p == '\0') {
293 if (adapter_index < 0) {
294 cmdarg_err("The specified adapter index is a negative number");
297 if (adapter_index > INT_MAX) {
298 cmdarg_err("The specified adapter index is too large (greater than %d)",
302 if (adapter_index == 0) {
303 cmdarg_err("There is no interface with that adapter index");
306 if_list = get_interface_list(&err, &err_str);
307 if (if_list == NULL) {
310 case CANT_GET_INTERFACE_LIST:
311 cmdarg_err("%s", err_str);
315 case NO_INTERFACES_FOUND:
316 cmdarg_err("There are no interfaces on which a capture can be done");
321 if_info = g_list_nth_data(if_list, adapter_index - 1);
322 if (if_info == NULL) {
323 cmdarg_err("There is no interface with that adapter index");
326 capture_opts->iface = g_strdup(if_info->name);
327 /* We don't set iface_descr here because doing so requires
328 * capture_ui_utils.c which requires epan/prefs.c which is
329 * probably a bit too much dependency for here...
331 free_interface_list(if_list);
333 capture_opts->iface = g_strdup(optarg);
340 capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg, gboolean *start_capture)
345 case 'a': /* autostop criteria */
346 if (set_autostop_criterion(capture_opts, optarg) == FALSE) {
347 cmdarg_err("Invalid or unknown -a flag \"%s\"", optarg);
351 case 'b': /* Ringbuffer option */
352 capture_opts->multi_files_on = TRUE;
353 if (get_ring_arguments(capture_opts, optarg) == FALSE) {
354 cmdarg_err("Invalid or unknown -b arg \"%s\"", optarg);
359 case 'B': /* Buffer size */
360 capture_opts->buffer_size = get_positive_int(optarg, "buffer size");
363 case 'c': /* Capture n packets */
364 capture_opts->has_autostop_packets = TRUE;
365 capture_opts->autostop_packets = get_positive_int(optarg, "packet count");
367 case 'f': /* capture filter */
368 if (capture_opts->has_cfilter) {
369 cmdarg_err("More than one -f argument specified");
372 capture_opts->has_cfilter = TRUE;
373 g_free(capture_opts->cfilter);
374 capture_opts->cfilter = g_strdup(optarg);
376 case 'H': /* Hide capture info dialog box */
377 capture_opts->show_info = FALSE;
379 case 'i': /* Use interface x */
380 status = capture_opts_add_iface_opt(capture_opts, optarg);
385 case 'k': /* Start capture immediately */
386 *start_capture = TRUE;
388 /*case 'l':*/ /* Automatic scrolling in live capture mode */
389 case 'p': /* Don't capture in promiscuous mode */
390 capture_opts->promisc_mode = FALSE;
392 case 'Q': /* Quit after capture (just capture to file) */
393 capture_opts->quit_after_cap = TRUE;
394 *start_capture = TRUE; /*** -Q implies -k !! ***/
396 case 's': /* Set the snapshot (capture) length */
397 capture_opts->has_snaplen = TRUE;
398 capture_opts->snaplen = get_positive_int(optarg, "snapshot length");
400 case 'S': /* "Real-Time" mode: used for following file ala tail -f */
401 capture_opts->real_time_mode = TRUE;
403 case 'w': /* Write to capture file x */
404 capture_opts->saving_to_file = TRUE;
405 g_free(capture_opts->save_file);
406 #if defined _WIN32 && (GLIB_MAJOR_VERSION > 2 || (GLIB_MAJOR_VERSION == 2 && GLIB_MINOR_VERSION >= 6))
407 /* since GLib 2.6, we need to convert filenames to utf8 for Win32 */
408 capture_opts->save_file = g_locale_to_utf8(optarg, -1, NULL, NULL, NULL);
410 capture_opts->save_file = g_strdup(optarg);
412 status = capture_opts_output_to_pipe(capture_opts->save_file, &capture_opts->output_to_pipe);
415 case 'y': /* Set the pcap data link type */
416 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
417 capture_opts->linktype = linktype_name_to_val(optarg);
418 if (capture_opts->linktype == -1) {
419 cmdarg_err("The specified data link type \"%s\" isn't valid",
423 #else /* HAVE_PCAP_DATALINK_NAME_TO_VAL */
424 /* we can't get the type name, just treat it as a number */
425 capture_opts->linktype = get_natural_int(optarg, "data link type");
426 #endif /* HAVE_PCAP_DATALINK_NAME_TO_VAL */
429 /* the caller is responsible to send us only the right opt's */
430 g_assert_not_reached();
437 * If you change the output format of this function, you MUST update
438 * capture_sync.c:sync_linktype_list_open() accordingly!
441 capture_opts_list_link_layer_types(capture_options *capture_opts, gboolean machine_readable)
443 gchar *err_str, *desc_str;
444 GList *lt_list, *lt_entry;
445 data_link_info_t *data_link_info;
447 /* Get the list of link-layer types for the capture device. */
448 lt_list = get_pcap_linktype_list(capture_opts->iface, &err_str);
449 if (lt_list == NULL) {
450 if (err_str != NULL) {
451 cmdarg_err("The list of data link types for the capture device \"%s\" could not be obtained (%s)."
452 "Please check to make sure you have sufficient permissions, and that\n"
453 "you have the proper interface or pipe specified.\n", capture_opts->iface, err_str);
456 cmdarg_err("The capture device \"%s\" has no data link types.", capture_opts->iface);
459 if (machine_readable) { /* tab-separated values to stdout */
460 for (lt_entry = lt_list; lt_entry != NULL; lt_entry = g_list_next(lt_entry)) {
461 data_link_info = lt_entry->data;
462 if (data_link_info->description != NULL)
463 desc_str = data_link_info->description;
465 desc_str = "(not supported)";
466 printf("%d\t%s\t%s\n", data_link_info->dlt, data_link_info->name,
470 cmdarg_err_cont("Data link types (use option -y to set):");
471 for (lt_entry = lt_list; lt_entry != NULL;
472 lt_entry = g_list_next(lt_entry)) {
473 data_link_info = lt_entry->data;
474 cmdarg_err_cont(" %s", data_link_info->name);
475 if (data_link_info->description != NULL)
476 cmdarg_err_cont(" (%s)", data_link_info->description);
478 cmdarg_err_cont(" (not supported)");
482 free_pcap_linktype_list(lt_list);
487 /* Return an ASCII-formatted list of interfaces. */
488 #define ADDRSTRLEN 46 /* Covers IPv4 & IPv6 */
490 capture_opts_list_interfaces(gboolean machine_readable)
500 char addr_str[ADDRSTRLEN];
502 if_list = get_interface_list(&err, &err_str);
503 if (if_list == NULL) {
505 case CANT_GET_INTERFACE_LIST:
506 cmdarg_err("%s", err_str);
510 case NO_INTERFACES_FOUND:
511 cmdarg_err("There are no interfaces on which a capture can be done");
517 i = 1; /* Interface id number */
518 for (if_entry = g_list_first(if_list); if_entry != NULL;
519 if_entry = g_list_next(if_entry)) {
520 if_info = if_entry->data;
521 printf("%d. %s", i++, if_info->name);
523 if (!machine_readable) {
524 /* Add the description if it exists */
525 if (if_info->description != NULL)
526 printf(" (%s)", if_info->description);
529 * Add the contents of the if_entry struct in a parseable format.
530 * Each if_entry element is tab-separated. Addresses are comma-
533 /* XXX - Make sure our description doesn't contain a tab */
534 if (if_info->description != NULL)
535 printf("\t%s\t", if_info->description);
539 for(ip_addr = g_slist_nth(if_info->ip_addr, 0); ip_addr != NULL;
540 ip_addr = g_slist_next(ip_addr)) {
541 if (ip_addr != g_slist_nth(if_info->ip_addr, 0))
544 if_addr = ip_addr->data;
545 switch(if_addr->type) {
547 if (inet_ntop(AF_INET, &if_addr->ip_addr.ip4_addr, addr_str,
551 printf("<unknown IPv4>");
555 if (inet_ntop(AF_INET6, &if_addr->ip_addr.ip6_addr,
556 addr_str, ADDRSTRLEN)) {
559 printf("<unknown IPv6>");
563 printf("<type unknown %u>", if_addr->type);
567 if (if_info->loopback)
568 printf("\tloopback");
575 free_interface_list(if_list);
580 /* Print the number of packets captured for each interface until we're killed. */
582 capture_opts_print_statistics(gboolean machine_readable)
584 GList *if_list, *if_entry, *stat_list = NULL, *stat_entry;
590 char errbuf[PCAP_ERRBUF_SIZE];
593 if_list = get_interface_list(&err, &err_str);
594 if (if_list == NULL) {
596 case CANT_GET_INTERFACE_LIST:
597 cmdarg_err("%s", err_str);
601 case NO_INTERFACES_FOUND:
602 cmdarg_err("There are no interfaces on which a capture can be done");
608 for (if_entry = g_list_first(if_list); if_entry != NULL; if_entry = g_list_next(if_entry)) {
609 if_info = if_entry->data;
610 pch = pcap_open_live(if_info->name, MIN_PACKET_SIZE, 0, 0, errbuf);
613 if_stat = g_malloc(sizeof(if_stat_t));
614 if_stat->name = g_strdup(if_info->name);
616 stat_list = g_list_append(stat_list, if_stat);
621 cmdarg_err("There are no interfaces on which a capture can be done");
625 if (!machine_readable) {
626 printf("%-15s %10s %10s\n", "Interface", "Received",
630 while (1) { /* XXX - Add signal handling? */
631 for (stat_entry = g_list_first(stat_list); stat_entry != NULL; stat_entry = g_list_next(stat_entry)) {
632 if_stat = stat_entry->data;
633 pcap_stats(if_stat->pch, &ps);
635 if (!machine_readable) {
636 printf("%-15s %10d %10d\n", if_stat->name,
637 ps.ps_recv, ps.ps_drop);
639 printf("%s\t%d\t%d\n", if_stat->name,
640 ps.ps_recv, ps.ps_drop);
651 /* XXX - Not reached. Should we look for 'q' in stdin? */
652 for (stat_entry = g_list_first(stat_list); stat_entry != NULL; stat_entry = g_list_next(stat_entry)) {
653 if_stat = stat_entry->data;
654 pcap_close(if_stat->pch);
655 g_free(if_stat->name);
658 g_list_free(stat_list);
659 free_interface_list(if_list);
665 void capture_opts_trim_snaplen(capture_options *capture_opts, int snaplen_min)
667 if (capture_opts->snaplen < 1)
668 capture_opts->snaplen = WTAP_MAX_PACKET_SIZE;
669 else if (capture_opts->snaplen < snaplen_min)
670 capture_opts->snaplen = snaplen_min;
674 void capture_opts_trim_ring_num_files(capture_options *capture_opts)
676 /* Check the value range of the ring_num_files parameter */
677 if (capture_opts->ring_num_files > RINGBUFFER_MAX_NUM_FILES)
678 capture_opts->ring_num_files = RINGBUFFER_MAX_NUM_FILES;
679 #if RINGBUFFER_MIN_NUM_FILES > 0
680 else if (capture_opts->ring_num_files < RINGBUFFER_MIN_NUM_FILES)
681 capture_opts->ring_num_files = RINGBUFFER_MIN_NUM_FILES;
686 gboolean capture_opts_trim_iface(capture_options *capture_opts, const char *capture_device)
694 /* Did the user specify an interface to use? */
695 if (capture_opts->iface == NULL) {
696 /* No - is a default specified in the preferences file? */
697 if (capture_device != NULL) {
699 capture_opts->iface = g_strdup(capture_device);
700 /* We don't set iface_descr here because doing so requires
701 * capture_ui_utils.c which requires epan/prefs.c which is
702 * probably a bit too much dependency for here...
705 /* No - pick the first one from the list of interfaces. */
706 if_list = get_interface_list(&err, &err_str);
707 if (if_list == NULL) {
710 case CANT_GET_INTERFACE_LIST:
711 cmdarg_err("%s", err_str);
715 case NO_INTERFACES_FOUND:
716 cmdarg_err("There are no interfaces on which a capture can be done");
721 if_info = if_list->data; /* first interface */
722 capture_opts->iface = g_strdup(if_info->name);
723 /* We don't set iface_descr here because doing so requires
724 * capture_ui_utils.c which requires epan/prefs.c which is
725 * probably a bit too much dependency for here...
727 free_interface_list(if_list);
737 #define S_IFIFO _S_IFIFO
740 #define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
743 /* copied from filesystem.c */
744 static int capture_opts_test_for_fifo(const char *path)
748 if (eth_stat(path, &statb) < 0)
751 if (S_ISFIFO(statb.st_mode))
757 static gboolean capture_opts_output_to_pipe(const char *save_file, gboolean *is_pipe)
763 if (save_file != NULL) {
764 /* We're writing to a capture file. */
765 if (strcmp(save_file, "-") == 0) {
766 /* Writing to stdout. */
767 /* XXX - should we check whether it's a pipe? It's arguably
768 silly to do "-w - >output_file" rather than "-w output_file",
769 but by not checking we might be violating the Principle Of
770 Least Astonishment. */
773 /* not writing to stdout, test for a FIFO (aka named pipe) */
774 err = capture_opts_test_for_fifo(save_file);
777 case ENOENT: /* it doesn't exist, so we'll be creating it,
778 and it won't be a FIFO */
779 case 0: /* found it, but it's not a FIFO */
782 case ESPIPE: /* it is a FIFO */
786 default: /* couldn't stat it */
787 cmdarg_err("Error testing whether capture file is a pipe: %s",
797 #endif /* HAVE_LIBPCAP */
git.samba.org / obnox / wireshark / wip.git / blob