2 * Synchronisation between Wireshark capture parent and child instances
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
47 #include <wsutil/unicode-utils.h>
50 #ifdef HAVE_SYS_WAIT_H
51 # include <sys/wait.h>
54 #include "capture-pcap-util.h"
58 * Define various POSIX macros (and, in the case of WCOREDUMP, non-POSIX
59 * macros) on UNIX systems that don't have them.
62 # define WIFEXITED(status) (((status) & 0177) == 0)
65 # define WIFSTOPPED(status) (((status) & 0177) == 0177)
68 # define WIFSIGNALED(status) (!WIFSTOPPED(status) && !WIFEXITED(status))
71 # define WEXITSTATUS(status) ((status) >> 8)
74 # define WTERMSIG(status) ((status) & 0177)
77 # define WCOREDUMP(status) ((status) & 0200)
80 # define WSTOPSIG(status) ((status) >> 8)
84 #include <epan/packet.h>
85 #include <epan/prefs.h>
89 #include <epan/filesystem.h>
90 #include <epan/report_err.h>
93 #include "capture_sync.h"
95 #include "sync_pipe.h"
98 #include "capture-wpcap.h"
101 #include <wsutil/file_util.h>
105 #include <process.h> /* For spawning child process */
111 static const char *sync_pipe_signame(int);
115 static gboolean sync_pipe_input_cb(gint source, gpointer user_data);
116 static int sync_pipe_wait_for_child(int fork_child, gchar **msgp);
117 static void pipe_convert_header(const guchar *header, int header_len, char *indicator, int *block_len);
118 static int pipe_read_block(int pipe_fd, char *indicator, int len, char *msg,
123 /* Append an arg (realloc) to an argc/argv array */
124 /* (add a string pointer to a NULL-terminated array of string pointers) */
126 sync_pipe_add_arg(const char **args, int *argc, const char *arg)
128 /* Grow the array; "*argc" currently contains the number of string
129 pointers, *not* counting the NULL pointer at the end, so we have
130 to add 2 in order to get the new size of the array, including the
131 new pointer and the terminating NULL pointer. */
132 args = g_realloc( (gpointer) args, (*argc + 2) * sizeof (char *));
134 /* Stuff the pointer into the penultimate element of the array, which
135 is the one at the index specified by "*argc". */
138 /* Now bump the count. */
141 /* We overwrite the NULL pointer; put it back right after the
151 /* Quote the argument element if necessary, so that it will get
152 * reconstructed correctly in the C runtime startup code. Note that
153 * the unquoting algorithm in the C runtime is really weird, and
154 * rather different than what Unix shells do. See stdargv.c in the C
155 * runtime sources (in the Platform SDK, in src/crt).
157 * Stolen from GLib's protect_argv(), an internal routine that quotes
158 * string in an argument list so that they arguments will be handled
159 * correctly in the command-line string passed to CreateProcess()
160 * if that string is constructed by gluing those strings together.
163 protect_arg (const gchar *argv)
166 const gchar *p = argv;
169 gboolean need_dblquotes = FALSE;
172 if (*p == ' ' || *p == '\t')
173 need_dblquotes = TRUE;
176 else if (*p == '\\') {
179 while (*pp && *pp == '\\')
188 q = new_arg = g_malloc (len + need_dblquotes*2 + 1);
197 else if (*p == '\\') {
200 while (*pp && *pp == '\\')
217 * Generate a string for a Win32 error.
219 #define ERRBUF_SIZE 1024
221 win32strerror(DWORD error)
223 static char errbuf[ERRBUF_SIZE+1];
227 FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
231 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
232 * message. Get rid of it.
234 errlen = strlen(errbuf);
236 errbuf[errlen - 1] = '\0';
237 errbuf[errlen - 2] = '\0';
239 p = strchr(errbuf, '\0');
240 g_snprintf(p, (gulong)(sizeof errbuf - (p-errbuf)), " (%lu)", error);
245 /* Initialize an argument list and add dumpcap to it. */
247 init_pipe_args(int *argc) {
249 const char *progfile_dir;
252 progfile_dir = get_progfile_dir();
253 if (progfile_dir == NULL) {
257 /* Allocate the string pointer array with enough space for the
258 terminating NULL pointer. */
260 argv = g_malloc(sizeof (char *));
263 /* take Wireshark's absolute program path and replace "Wireshark" with "dumpcap" */
264 exename = g_strdup_printf("%s" G_DIR_SEPARATOR_S "dumpcap", progfile_dir);
266 /* Make that the first argument in the argument list (argv[0]). */
267 argv = sync_pipe_add_arg(argv, argc, exename);
272 #define ARGV_NUMBER_LEN 24
273 /* a new capture run: start a new dumpcap task and hand over parameters through command line */
275 sync_pipe_start(capture_options *capture_opts) {
276 char ssnap[ARGV_NUMBER_LEN];
277 char sdlt[ARGV_NUMBER_LEN];
278 char scount[ARGV_NUMBER_LEN];
279 char sfilesize[ARGV_NUMBER_LEN];
280 char sfile_duration[ARGV_NUMBER_LEN];
281 char sring_num_files[ARGV_NUMBER_LEN];
282 char sautostop_files[ARGV_NUMBER_LEN];
283 char sautostop_filesize[ARGV_NUMBER_LEN];
284 char sautostop_duration[ARGV_NUMBER_LEN];
285 #ifdef HAVE_PCAP_REMOTE
288 #ifdef HAVE_PCAP_SETSAMPLING
289 char ssampling[ARGV_NUMBER_LEN];
291 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
292 char buffer_size[ARGV_NUMBER_LEN];
295 HANDLE sync_pipe_read; /* pipe used to send messages from child to parent */
296 HANDLE sync_pipe_write; /* pipe used to send messages from child to parent */
297 HANDLE signal_pipe; /* named pipe used to send messages from parent to child (currently only stop) */
298 GString *args = g_string_sized_new(200);
300 SECURITY_ATTRIBUTES sa;
302 PROCESS_INFORMATION pi;
304 char control_id[ARGV_NUMBER_LEN];
305 gchar *signal_pipe_name;
308 int sync_pipe[2]; /* pipe used to send messages from child to parent */
309 enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
311 int sync_pipe_read_fd;
316 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_start");
317 capture_opts_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, capture_opts);
319 capture_opts->fork_child = -1;
321 argv = init_pipe_args(&argc);
323 /* We don't know where to find dumpcap. */
324 report_failure("We don't know where to find dumpcap.");
328 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "argv[0]: %s", argv[0]);
330 argv = sync_pipe_add_arg(argv, &argc, "-i");
331 argv = sync_pipe_add_arg(argv, &argc, capture_opts->iface);
333 if (capture_opts->has_snaplen) {
334 argv = sync_pipe_add_arg(argv, &argc, "-s");
335 g_snprintf(ssnap, ARGV_NUMBER_LEN, "%d",capture_opts->snaplen);
336 argv = sync_pipe_add_arg(argv, &argc, ssnap);
339 if (capture_opts->linktype != -1) {
340 argv = sync_pipe_add_arg(argv, &argc, "-y");
341 g_snprintf(sdlt, ARGV_NUMBER_LEN, "%s",linktype_val_to_name(capture_opts->linktype));
342 argv = sync_pipe_add_arg(argv, &argc, sdlt);
345 if(capture_opts->multi_files_on) {
346 if (capture_opts->has_autostop_filesize) {
347 argv = sync_pipe_add_arg(argv, &argc, "-b");
348 g_snprintf(sfilesize, ARGV_NUMBER_LEN, "filesize:%d",capture_opts->autostop_filesize);
349 argv = sync_pipe_add_arg(argv, &argc, sfilesize);
352 if (capture_opts->has_file_duration) {
353 argv = sync_pipe_add_arg(argv, &argc, "-b");
354 g_snprintf(sfile_duration, ARGV_NUMBER_LEN, "duration:%d",capture_opts->file_duration);
355 argv = sync_pipe_add_arg(argv, &argc, sfile_duration);
358 if (capture_opts->has_ring_num_files) {
359 argv = sync_pipe_add_arg(argv, &argc, "-b");
360 g_snprintf(sring_num_files, ARGV_NUMBER_LEN, "files:%d",capture_opts->ring_num_files);
361 argv = sync_pipe_add_arg(argv, &argc, sring_num_files);
364 if (capture_opts->has_autostop_files) {
365 argv = sync_pipe_add_arg(argv, &argc, "-a");
366 g_snprintf(sautostop_files, ARGV_NUMBER_LEN, "files:%d",capture_opts->autostop_files);
367 argv = sync_pipe_add_arg(argv, &argc, sautostop_files);
370 if (capture_opts->has_autostop_filesize) {
371 argv = sync_pipe_add_arg(argv, &argc, "-a");
372 g_snprintf(sautostop_filesize, ARGV_NUMBER_LEN, "filesize:%d",capture_opts->autostop_filesize);
373 argv = sync_pipe_add_arg(argv, &argc, sautostop_filesize);
377 if (capture_opts->has_autostop_packets) {
378 argv = sync_pipe_add_arg(argv, &argc, "-c");
379 g_snprintf(scount, ARGV_NUMBER_LEN, "%d",capture_opts->autostop_packets);
380 argv = sync_pipe_add_arg(argv, &argc, scount);
383 if (capture_opts->has_autostop_duration) {
384 argv = sync_pipe_add_arg(argv, &argc, "-a");
385 g_snprintf(sautostop_duration, ARGV_NUMBER_LEN, "duration:%d",capture_opts->autostop_duration);
386 argv = sync_pipe_add_arg(argv, &argc, sautostop_duration);
389 if (!capture_opts->promisc_mode)
390 argv = sync_pipe_add_arg(argv, &argc, "-p");
391 #ifdef HAVE_PCAP_CREATE
392 if (capture_opts->monitor_mode)
393 argv = sync_pipe_add_arg(argv, &argc, "-I");
395 if (capture_opts->use_pcapng)
396 argv = sync_pipe_add_arg(argv, &argc, "-n");
397 #ifdef HAVE_PCAP_REMOTE
398 if (capture_opts->datatx_udp)
399 argv = sync_pipe_add_arg(argv, &argc, "-u");
401 if (!capture_opts->nocap_rpcap)
402 argv = sync_pipe_add_arg(argv, &argc, "-r");
404 if (capture_opts->auth_type == CAPTURE_AUTH_PWD)
406 argv = sync_pipe_add_arg(argv, &argc, "-A");
407 g_snprintf(sauth, sizeof(sauth), "%s:%s", capture_opts->auth_username,
408 capture_opts->auth_password);
409 argv = sync_pipe_add_arg(argv, &argc, sauth);
412 #ifdef HAVE_PCAP_SETSAMPLING
413 if (capture_opts->sampling_method != CAPTURE_SAMP_NONE)
415 argv = sync_pipe_add_arg(argv, &argc, "-m");
416 g_snprintf(ssampling, ARGV_NUMBER_LEN, "%s:%d",
417 capture_opts->sampling_method == CAPTURE_SAMP_BY_COUNT ? "count" :
418 capture_opts->sampling_method == CAPTURE_SAMP_BY_TIMER ? "timer" :
420 capture_opts->sampling_param);
421 argv = sync_pipe_add_arg(argv, &argc, ssampling);
425 /* dumpcap should be running in capture child mode (hidden feature) */
427 argv = sync_pipe_add_arg(argv, &argc, "-Z");
429 g_snprintf(control_id, ARGV_NUMBER_LEN, "%d", GetCurrentProcessId());
430 argv = sync_pipe_add_arg(argv, &argc, control_id);
432 argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
436 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
437 argv = sync_pipe_add_arg(argv, &argc, "-B");
438 #ifdef HAVE_PCAP_REMOTE
439 if (capture_opts->src_type == CAPTURE_IFREMOTE)
440 /* No buffer size when using remote interfaces */
441 g_snprintf(buffer_size, ARGV_NUMBER_LEN, "%d", 1);
444 g_snprintf(buffer_size, ARGV_NUMBER_LEN, "%d",capture_opts->buffer_size);
445 argv = sync_pipe_add_arg(argv, &argc, buffer_size);
448 if (capture_opts->cfilter != NULL && strlen(capture_opts->cfilter) != 0) {
449 argv = sync_pipe_add_arg(argv, &argc, "-f");
450 argv = sync_pipe_add_arg(argv, &argc, capture_opts->cfilter);
453 if(capture_opts->save_file) {
454 argv = sync_pipe_add_arg(argv, &argc, "-w");
455 argv = sync_pipe_add_arg(argv, &argc, capture_opts->save_file);
459 /* init SECURITY_ATTRIBUTES */
460 sa.nLength = sizeof(SECURITY_ATTRIBUTES);
461 sa.bInheritHandle = TRUE;
462 sa.lpSecurityDescriptor = NULL;
464 /* Create a pipe for the child process */
465 /* (increase this value if you have trouble while fast capture file switches) */
466 if (! CreatePipe(&sync_pipe_read, &sync_pipe_write, &sa, 5120)) {
467 /* Couldn't create the pipe between parent and child. */
468 report_failure("Couldn't create sync pipe: %s",
469 win32strerror(GetLastError()));
470 g_free( (gpointer) argv[0]);
471 g_free( (gpointer) argv);
475 /* Create the signal pipe */
476 signal_pipe_name = g_strdup_printf(SIGNAL_PIPE_FORMAT, control_id);
477 signal_pipe = CreateNamedPipe(utf_8to16(signal_pipe_name),
478 PIPE_ACCESS_OUTBOUND, PIPE_TYPE_BYTE, 1, 65535, 65535, 0, NULL);
479 g_free(signal_pipe_name);
481 if (signal_pipe == INVALID_HANDLE_VALUE) {
482 /* Couldn't create the signal pipe between parent and child. */
483 report_failure("Couldn't create signal pipe: %s",
484 win32strerror(GetLastError()));
485 g_free( (gpointer) argv[0]);
486 g_free( (gpointer) argv);
490 /* init STARTUPINFO */
491 memset(&si, 0, sizeof(si));
494 si.dwFlags = STARTF_USESHOWWINDOW;
495 si.wShowWindow = SW_SHOW;
497 si.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
498 si.wShowWindow = SW_HIDE; /* this hides the console window */
499 si.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
500 si.hStdOutput = GetStdHandle(STD_OUTPUT_HANDLE);
501 si.hStdError = sync_pipe_write;
502 /*si.hStdError = (HANDLE) _get_osfhandle(2);*/
505 /* convert args array into a single string */
506 /* XXX - could change sync_pipe_add_arg() instead */
507 /* there is a drawback here: the length is internally limited to 1024 bytes */
508 for(i=0; argv[i] != 0; i++) {
509 if(i != 0) g_string_append_c(args, ' '); /* don't prepend a space before the path!!! */
510 quoted_arg = protect_arg(argv[i]);
511 g_string_append(args, quoted_arg);
516 if(!CreateProcess(NULL, utf_8to16(args->str), NULL, NULL, TRUE,
517 CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi)) {
518 report_failure("Couldn't run %s in child process: %s",
519 args->str, win32strerror(GetLastError()));
520 CloseHandle(sync_pipe_read);
521 CloseHandle(sync_pipe_write);
522 g_free( (gpointer) argv[0]);
523 g_free( (gpointer) argv);
526 capture_opts->fork_child = (int) pi.hProcess;
527 g_string_free(args, TRUE);
529 /* associate the operating system filehandle to a C run-time file handle */
530 /* (good file handle infos at: http://www.flounder.com/handles.htm) */
531 sync_pipe_read_fd = _open_osfhandle( (long) sync_pipe_read, _O_BINARY);
533 /* associate the operating system filehandle to a C run-time file handle */
534 capture_opts->signal_pipe_write_fd = _open_osfhandle( (long) signal_pipe, _O_BINARY);
537 if (pipe(sync_pipe) < 0) {
538 /* Couldn't create the pipe between parent and child. */
539 report_failure("Couldn't create sync pipe: %s", strerror(errno));
540 g_free( (gpointer) argv[0]);
545 if ((capture_opts->fork_child = fork()) == 0) {
547 * Child process - run dumpcap with the right arguments to make
548 * it just capture with the specified capture parameters
550 dup2(sync_pipe[PIPE_WRITE], 2);
551 ws_close(sync_pipe[PIPE_READ]);
552 execv(argv[0], (gpointer)argv);
553 g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
554 argv[0], strerror(errno));
555 sync_pipe_errmsg_to_parent(2, errmsg, "");
557 /* Exit with "_exit()", so that we don't close the connection
558 to the X server (and cause stuff buffered up by our parent but
559 not yet sent to be sent, as that stuff should only be sent by
560 our parent). We've sent an error message to the parent, so
561 we exit with an exit status of 1 (any exit status other than
562 0 or 1 will cause an additional message to report that exit
563 status, over and above the error message we sent to the parent). */
567 sync_pipe_read_fd = sync_pipe[PIPE_READ];
570 g_free( (gpointer) argv[0]); /* exename */
572 /* Parent process - read messages from the child process over the
574 g_free( (gpointer) argv); /* free up arg array */
576 /* Close the write side of the pipe, so that only the child has it
577 open, and thus it completely closes, and thus returns to us
578 an EOF indication, if the child closes it (either deliberately
579 or by exiting abnormally). */
581 CloseHandle(sync_pipe_write);
583 ws_close(sync_pipe[PIPE_WRITE]);
586 if (capture_opts->fork_child == -1) {
587 /* We couldn't even create the child process. */
588 report_failure("Couldn't create child process: %s", strerror(errno));
589 ws_close(sync_pipe_read_fd);
591 ws_close(capture_opts->signal_pipe_write_fd);
596 /* we might wait for a moment till child is ready, so update screen now */
597 main_window_update();
599 /* We were able to set up to read the capture file;
600 arrange that our callback be called whenever it's possible
601 to read from the sync pipe, so that it's called when
602 the child process wants to tell us something. */
604 /* we have a running capture, now wait for the real capture filename */
605 pipe_input_set_handler(sync_pipe_read_fd, (gpointer) capture_opts,
606 &capture_opts->fork_child, sync_pipe_input_cb);
612 * Open two pipes to dumpcap with the supplied arguments, one for its
613 * standard output and one for its standard error.
615 * On success, *msg is unchanged and 0 is returned; data_read_fd,
616 * messsage_read_fd, and fork_child point to the standard output pipe's
617 * file descriptor, the standard error pipe's file descriptor, and
618 * the child's PID/handle, respectively.
620 * On failure, *msg points to an error message for the failure, and -1 is
621 * returned, in which case *msg must be freed with g_free().
623 /* XXX - This duplicates a lot of code in sync_pipe_start() */
624 /* XXX - assumes PIPE_BUF_SIZE > SP_MAX_MSG_LEN */
625 #define PIPE_BUF_SIZE 5120
627 sync_pipe_open_command(const char** argv, int *data_read_fd,
628 int *message_read_fd, int *fork_child, gchar **msg)
630 enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
632 HANDLE sync_pipe[2]; /* pipe used to send messages from child to parent */
633 HANDLE data_pipe[2]; /* pipe used to send data from child to parent */
634 GString *args = g_string_sized_new(200);
636 SECURITY_ATTRIBUTES sa;
638 PROCESS_INFORMATION pi;
642 int sync_pipe[2]; /* pipe used to send messages from child to parent */
643 int data_pipe[2]; /* pipe used to send data from child to parent */
648 *message_read_fd = -1;
649 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_open_command");
652 /* We can't return anything */
654 g_string_free(args, TRUE);
660 /* init SECURITY_ATTRIBUTES */
661 sa.nLength = sizeof(SECURITY_ATTRIBUTES);
662 sa.bInheritHandle = TRUE;
663 sa.lpSecurityDescriptor = NULL;
665 /* Create a pipe for the child process to send us messages */
666 /* (increase this value if you have trouble while fast capture file switches) */
667 if (! CreatePipe(&sync_pipe[PIPE_READ], &sync_pipe[PIPE_WRITE], &sa, 5120)) {
668 /* Couldn't create the message pipe between parent and child. */
669 *msg = g_strdup_printf("Couldn't create sync pipe: %s",
670 win32strerror(GetLastError()));
671 g_free( (gpointer) argv[0]);
672 g_free( (gpointer) argv);
676 /* Create a pipe for the child process to send us data */
677 /* (increase this value if you have trouble while fast capture file switches) */
678 if (! CreatePipe(&data_pipe[PIPE_READ], &data_pipe[PIPE_WRITE], &sa, 5120)) {
679 /* Couldn't create the message pipe between parent and child. */
680 *msg = g_strdup_printf("Couldn't create data pipe: %s",
681 win32strerror(GetLastError()));
682 CloseHandle(sync_pipe[PIPE_READ]);
683 CloseHandle(sync_pipe[PIPE_WRITE]);
684 g_free( (gpointer) argv[0]);
685 g_free( (gpointer) argv);
689 /* init STARTUPINFO */
690 memset(&si, 0, sizeof(si));
693 si.dwFlags = STARTF_USESHOWWINDOW;
694 si.wShowWindow = SW_SHOW;
696 si.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
697 si.wShowWindow = SW_HIDE; /* this hides the console window */
699 si.hStdOutput = data_pipe[PIPE_WRITE];
700 si.hStdError = sync_pipe[PIPE_WRITE];
703 /* convert args array into a single string */
704 /* XXX - could change sync_pipe_add_arg() instead */
705 /* there is a drawback here: the length is internally limited to 1024 bytes */
706 for(i=0; argv[i] != 0; i++) {
707 if(i != 0) g_string_append_c(args, ' '); /* don't prepend a space before the path!!! */
708 quoted_arg = protect_arg(argv[i]);
709 g_string_append(args, quoted_arg);
714 if(!CreateProcess(NULL, utf_8to16(args->str), NULL, NULL, TRUE,
715 CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi)) {
716 *msg = g_strdup_printf("Couldn't run %s in child process: %s",
717 args->str, win32strerror(GetLastError()));
718 CloseHandle(data_pipe[PIPE_READ]);
719 CloseHandle(data_pipe[PIPE_WRITE]);
720 CloseHandle(sync_pipe[PIPE_READ]);
721 CloseHandle(sync_pipe[PIPE_WRITE]);
722 g_free( (gpointer) argv[0]);
723 g_free( (gpointer) argv);
726 *fork_child = (int) pi.hProcess;
727 g_string_free(args, TRUE);
729 /* associate the operating system filehandles to C run-time file handles */
730 /* (good file handle infos at: http://www.flounder.com/handles.htm) */
731 *data_read_fd = _open_osfhandle( (long) data_pipe[PIPE_READ], _O_BINARY);
732 *message_read_fd = _open_osfhandle( (long) sync_pipe[PIPE_READ], _O_BINARY);
734 /* Create a pipe for the child process to send us messages */
735 if (pipe(sync_pipe) < 0) {
736 /* Couldn't create the message pipe between parent and child. */
737 *msg = g_strdup_printf("Couldn't create sync pipe: %s", strerror(errno));
738 g_free( (gpointer) argv[0]);
743 /* Create a pipe for the child process to send us data */
744 if (pipe(data_pipe) < 0) {
745 /* Couldn't create the data pipe between parent and child. */
746 *msg = g_strdup_printf("Couldn't create data pipe: %s", strerror(errno));
747 ws_close(sync_pipe[PIPE_READ]);
748 ws_close(sync_pipe[PIPE_WRITE]);
749 g_free( (gpointer) argv[0]);
754 if ((*fork_child = fork()) == 0) {
756 * Child process - run dumpcap with the right arguments to make
757 * it just capture with the specified capture parameters
759 dup2(data_pipe[PIPE_WRITE], 1);
760 ws_close(data_pipe[PIPE_READ]);
761 ws_close(data_pipe[PIPE_WRITE]);
762 dup2(sync_pipe[PIPE_WRITE], 2);
763 ws_close(sync_pipe[PIPE_READ]);
764 ws_close(sync_pipe[PIPE_WRITE]);
765 execv(argv[0], (gpointer)argv);
766 g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
767 argv[0], strerror(errno));
768 sync_pipe_errmsg_to_parent(2, errmsg, "");
770 /* Exit with "_exit()", so that we don't close the connection
771 to the X server (and cause stuff buffered up by our parent but
772 not yet sent to be sent, as that stuff should only be sent by
773 our parent). We've sent an error message to the parent, so
774 we exit with an exit status of 1 (any exit status other than
775 0 or 1 will cause an additional message to report that exit
776 status, over and above the error message we sent to the parent). */
780 *data_read_fd = data_pipe[PIPE_READ];
781 *message_read_fd = sync_pipe[PIPE_READ];
784 g_free( (gpointer) argv[0]); /* exename */
786 /* Parent process - read messages from the child process over the
788 g_free( (gpointer) argv); /* free up arg array */
790 /* Close the write sides of the pipes, so that only the child has them
791 open, and thus they completely close, and thus return to us
792 an EOF indication, if the child closes them (either deliberately
793 or by exiting abnormally). */
795 CloseHandle(data_pipe[PIPE_WRITE]);
796 CloseHandle(sync_pipe[PIPE_WRITE]);
798 ws_close(data_pipe[PIPE_WRITE]);
799 ws_close(sync_pipe[PIPE_WRITE]);
802 if (*fork_child == -1) {
803 /* We couldn't even create the child process. */
804 *msg = g_strdup_printf("Couldn't create child process: %s", strerror(errno));
805 ws_close(*data_read_fd);
806 ws_close(*message_read_fd);
810 /* we might wait for a moment till child is ready, so update screen now */
811 main_window_update();
816 * Wait for dumpcap to finish. On success, *msg is unchanged, and 0 is
817 * returned. On failure, *msg points to an error message for the
818 * failure, and -1 is returned. In the latter case, *msg must be
819 * freed with g_free().
822 sync_pipe_close_command(int *data_read_fd, int *message_read_fd,
823 int *fork_child, gchar **msg)
825 ws_close(*data_read_fd);
826 if (message_read_fd != NULL)
827 ws_close(*message_read_fd);
830 /* XXX - Should we signal the child somehow? */
831 sync_pipe_kill(*fork_child);
834 return sync_pipe_wait_for_child(*fork_child, msg);
838 * Run dumpcap with the supplied arguments.
840 * On success, *data points to a buffer containing the dumpcap output,
841 * *primary_msg and *secondary_message are NULL, and 0 is returned; *data
842 * must be freed with g_free().
844 * On failure, *data is NULL, *primary_msg points to an error message,
845 * *secondary_msg either points to an additional error message or is
846 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
847 * must be freed with g_free().
849 /* XXX - This duplicates a lot of code in sync_pipe_start() */
850 /* XXX - assumes PIPE_BUF_SIZE > SP_MAX_MSG_LEN */
851 #define PIPE_BUF_SIZE 5120
853 sync_pipe_run_command(const char** argv, gchar **data, gchar **primary_msg,
854 gchar **secondary_msg)
857 int data_pipe_read_fd, sync_pipe_read_fd, fork_child, ret;
859 gchar buffer[PIPE_BUF_SIZE+1];
863 char *primary_msg_text;
864 int secondary_msg_len;
865 char *secondary_msg_text;
867 GString *data_buf = NULL;
870 ret = sync_pipe_open_command(argv, &data_pipe_read_fd, &sync_pipe_read_fd,
874 *secondary_msg = NULL;
880 * We were able to set up to read dumpcap's output. Do so.
882 * First, wait for an SP_ERROR_MSG message or SP_SUCCESS message.
884 nread = pipe_read_block(sync_pipe_read_fd, &indicator, SP_MAX_MSG_LEN,
885 buffer, primary_msg);
887 /* We got a read error from the sync pipe, or we got no data at
888 all from the sync pipe, so we're not going to be getting any
889 data or error message from the child process. Pick up its
890 exit status, and complain.
892 We don't have to worry about killing the child, if the sync pipe
893 returned an error. Usually this error is caused as the child killed
894 itself while going down. Even in the rare cases that this isn't the
895 case, the child will get an error when writing to the broken pipe
896 the next time, cleaning itself up then. */
897 ret = sync_pipe_wait_for_child(fork_child, &wait_msg);
899 /* We got an EOF from the sync pipe. That means that it exited
900 before giving us any data to read. If ret is -1, we report
901 that as a bad exit (e.g., exiting due to a signal); otherwise,
902 we report it as a premature exit. */
904 *primary_msg = wait_msg;
906 *primary_msg = g_strdup("Child dumpcap closed sync pipe prematurely");
908 /* We got an error from the sync pipe. If ret is -1, report
909 both the sync pipe I/O error and the wait error. */
911 combined_msg = g_strdup_printf("%s\n\n%s", *primary_msg, wait_msg);
912 g_free(*primary_msg);
914 *primary_msg = combined_msg;
917 *secondary_msg = NULL;
922 /* we got a valid message block from the child, process it */
927 * Error from dumpcap; there will be a primary message and a
931 /* convert primary message */
932 pipe_convert_header(buffer, 4, &indicator, &primary_msg_len);
933 primary_msg_text = buffer+4;
934 /* convert secondary message */
935 pipe_convert_header(primary_msg_text + primary_msg_len, 4, &indicator,
937 secondary_msg_text = primary_msg_text + primary_msg_len + 4;
938 /* the capture child will close the sync_pipe, nothing to do */
941 * Pick up the child status.
943 ret = sync_pipe_close_command(&data_pipe_read_fd, &sync_pipe_read_fd,
947 * Child process failed unexpectedly, or wait failed; msg is the
951 *secondary_msg = NULL;
954 * Child process failed, but returned the expected exit status.
955 * Return the messages it gave us, and indicate failure.
957 *primary_msg = g_strdup(primary_msg_text);
958 *secondary_msg = g_strdup(secondary_msg_text);
965 /* read the output from the command */
966 data_buf = g_string_new("");
967 while ((count = ws_read(data_pipe_read_fd, buffer, PIPE_BUF_SIZE)) > 0) {
968 buffer[count] = '\0';
969 g_string_append(data_buf, buffer);
973 * Pick up the child status.
975 ret = sync_pipe_close_command(&data_pipe_read_fd, &sync_pipe_read_fd,
979 * Child process failed unexpectedly, or wait failed; msg is the
983 *secondary_msg = NULL;
984 g_string_free(data_buf, TRUE);
988 * Child process succeeded.
991 *secondary_msg = NULL;
992 *data = data_buf->str;
993 g_string_free(data_buf, FALSE);
999 * Pick up the child status.
1001 ret = sync_pipe_close_command(&data_pipe_read_fd, &sync_pipe_read_fd,
1005 * Child process failed unexpectedly, or wait failed; msg is the
1009 *secondary_msg = NULL;
1012 * Child process returned an unknown status.
1014 *primary_msg = g_strdup_printf("dumpcap process gave an unexpected message type: 0x%02x",
1016 *secondary_msg = NULL;
1026 * Get the list of interfaces using dumpcap.
1028 * On success, *data points to a buffer containing the dumpcap output,
1029 * *primary_msg and *secondary_msg are NULL, and 0 is returned. *data
1030 * must be freed with g_free().
1032 * On failure, *data is NULL, *primary_msg points to an error message,
1033 * *secondary_msg either points to an additional error message or is
1034 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
1035 * must be freed with g_free().
1038 sync_interface_list_open(gchar **data, gchar **primary_msg,
1039 gchar **secondary_msg)
1044 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_interface_list_open");
1046 argv = init_pipe_args(&argc);
1049 *primary_msg = g_strdup("We don't know where to find dumpcap.");
1050 *secondary_msg = NULL;
1055 /* Ask for the interface list */
1056 argv = sync_pipe_add_arg(argv, &argc, "-D");
1059 /* Run dumpcap in capture child mode */
1060 argv = sync_pipe_add_arg(argv, &argc, "-Z");
1061 argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
1063 return sync_pipe_run_command(argv, data, primary_msg, secondary_msg);
1067 * Get the capabilities of an interface using dumpcap.
1069 * On success, *data points to a buffer containing the dumpcap output,
1070 * *primary_msg and *secondary_msg are NULL, and 0 is returned. *data
1071 * must be freed with g_free().
1073 * On failure, *data is NULL, *primary_msg points to an error message,
1074 * *secondary_msg either points to an additional error message or is
1075 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
1076 * must be freed with g_free().
1079 sync_if_capabilities_open(const gchar *ifname, gboolean monitor_mode,
1080 gchar **data, gchar **primary_msg,
1081 gchar **secondary_msg)
1086 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_linktype_list_open");
1088 argv = init_pipe_args(&argc);
1091 *primary_msg = g_strdup("We don't know where to find dumpcap.");
1092 *secondary_msg = NULL;
1097 /* Ask for the interface capabilities */
1098 argv = sync_pipe_add_arg(argv, &argc, "-i");
1099 argv = sync_pipe_add_arg(argv, &argc, ifname);
1100 argv = sync_pipe_add_arg(argv, &argc, "-L");
1102 argv = sync_pipe_add_arg(argv, &argc, "-I");
1105 /* Run dumpcap in capture child mode */
1106 argv = sync_pipe_add_arg(argv, &argc, "-Z");
1107 argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
1109 return sync_pipe_run_command(argv, data, primary_msg, secondary_msg);
1113 * Start getting interface statistics using dumpcap. On success, read_fd
1114 * contains the file descriptor for the pipe's stdout, *msg is unchanged,
1115 * and zero is returned. On failure, *msg will point to an error message
1116 * that must be g_free()d, and -1 will be returned.
1119 sync_interface_stats_open(int *data_read_fd, int *fork_child, gchar **msg)
1123 int message_read_fd, ret;
1125 gchar buffer[PIPE_BUF_SIZE+1];
1128 int primary_msg_len;
1129 char *primary_msg_text;
1130 int secondary_msg_len;
1131 char *secondary_msg_text;
1134 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_interface_stats_open");
1136 argv = init_pipe_args(&argc);
1139 *msg = g_strdup("We don't know where to find dumpcap.");
1143 /* Ask for the interface statistics */
1144 argv = sync_pipe_add_arg(argv, &argc, "-S");
1147 argv = sync_pipe_add_arg(argv, &argc, "-Z");
1148 argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
1150 ret = sync_pipe_open_command(argv, data_read_fd, &message_read_fd,
1156 * We were able to set up to read dumpcap's output. Do so.
1158 * First, wait for an SP_ERROR_MSG message or SP_SUCCESS message.
1160 nread = pipe_read_block(message_read_fd, &indicator, SP_MAX_MSG_LEN,
1163 /* We got a read error from the sync pipe, or we got no data at
1164 all from the sync pipe, so we're not going to be getting any
1165 data or error message from the child process. Pick up its
1166 exit status, and complain.
1168 We don't have to worry about killing the child, if the sync pipe
1169 returned an error. Usually this error is caused as the child killed
1170 itself while going down. Even in the rare cases that this isn't the
1171 case, the child will get an error when writing to the broken pipe
1172 the next time, cleaning itself up then. */
1173 ret = sync_pipe_wait_for_child(*fork_child, &wait_msg);
1175 /* We got an EOF from the sync pipe. That means that it exited
1176 before giving us any data to read. If ret is -1, we report
1177 that as a bad exit (e.g., exiting due to a signal); otherwise,
1178 we report it as a premature exit. */
1182 *msg = g_strdup("Child dumpcap closed sync pipe prematurely");
1184 /* We got an error from the sync pipe. If ret is -1, report
1185 both the sync pipe I/O error and the wait error. */
1187 combined_msg = g_strdup_printf("%s\n\n%s", *msg, wait_msg);
1190 *msg = combined_msg;
1197 /* we got a valid message block from the child, process it */
1202 * Error from dumpcap; there will be a primary message and a
1203 * secondary message.
1206 /* convert primary message */
1207 pipe_convert_header(buffer, 4, &indicator, &primary_msg_len);
1208 primary_msg_text = buffer+4;
1209 /* convert secondary message */
1210 pipe_convert_header(primary_msg_text + primary_msg_len, 4, &indicator,
1211 &secondary_msg_len);
1212 secondary_msg_text = primary_msg_text + primary_msg_len + 4;
1213 /* the capture child will close the sync_pipe, nothing to do */
1216 * Pick up the child status.
1218 ret = sync_pipe_close_command(data_read_fd, &message_read_fd,
1222 * Child process failed unexpectedly, or wait failed; msg is the
1227 * Child process failed, but returned the expected exit status.
1228 * Return the messages it gave us, and indicate failure.
1230 *msg = g_strdup(primary_msg_text);
1236 /* Close the message pipe. */
1237 ws_close(message_read_fd);
1242 * Pick up the child status.
1244 ret = sync_pipe_close_command(data_read_fd, &message_read_fd,
1248 * Child process failed unexpectedly, or wait failed; msg is the
1253 * Child process returned an unknown status.
1255 *msg = g_strdup_printf("dumpcap process gave an unexpected message type: 0x%02x",
1264 /* Close down the stats process */
1266 sync_interface_stats_close(int *read_fd, int *fork_child, gchar **msg)
1268 return sync_pipe_close_command(read_fd, NULL, fork_child, msg);
1271 /* read a number of bytes from a pipe */
1272 /* (blocks until enough bytes read or an error occurs) */
1274 pipe_read_bytes(int pipe_fd, char *bytes, int required, char **msg)
1281 newly = read(pipe_fd, &bytes[offset], required);
1284 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1285 "read from pipe %d: EOF (capture closed?)", pipe_fd);
1292 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1293 "read from pipe %d: error(%u): %s", pipe_fd, error,
1295 *msg = g_strdup_printf("Error reading from sync pipe: %s",
1308 static gboolean pipe_data_available(int pipe_fd) {
1309 #ifdef _WIN32 /* PeekNamedPipe */
1310 HANDLE hPipe = (HANDLE) _get_osfhandle(pipe_fd);
1313 if (hPipe == INVALID_HANDLE_VALUE)
1316 if (! PeekNamedPipe(hPipe, NULL, 0, NULL, &bytes_avail, NULL))
1319 if (bytes_avail > 0)
1324 struct timeval timeout;
1327 FD_SET(pipe_fd, &rfds);
1329 timeout.tv_usec = 0;
1331 if (select(pipe_fd+1, &rfds, NULL, NULL, &timeout) > 0)
1338 /* Read a line from a pipe, similar to fgets */
1340 sync_pipe_gets_nonblock(int pipe_fd, char *bytes, int max) {
1344 while(offset < max - 1) {
1346 if (! pipe_data_available(pipe_fd))
1348 newly = read(pipe_fd, &bytes[offset], 1);
1350 /* EOF - not necessarily an error */
1352 } else if (newly < 0) {
1354 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1355 "read from pipe %d: error(%u): %s", pipe_fd, errno, strerror(errno));
1357 } else if (bytes[offset] == '\n') {
1363 bytes[offset] = '\0';
1369 /* convert header values (indicator and 3-byte length) */
1371 pipe_convert_header(const guchar *header, int header_len, char *indicator, int *block_len) {
1373 g_assert(header_len == 4);
1375 /* convert header values */
1376 *indicator = header[0];
1377 *block_len = header[1]<<16 | header[2]<<8 | header[3];
1380 /* read a message from the sending pipe in the standard format
1381 (1-byte message indicator, 3-byte message length (excluding length
1382 and indicator field), and the rest is the message) */
1384 pipe_read_block(int pipe_fd, char *indicator, int len, char *msg,
1391 /* read header (indicator and 3-byte length) */
1392 newly = pipe_read_bytes(pipe_fd, header, 4, err_msg);
1396 * Immediate EOF; if the capture child exits normally, this
1397 * is an "I'm done" indication, so don't report it as an
1400 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1401 "read %d got an EOF", pipe_fd);
1404 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1405 "read %d failed to read header: %u", pipe_fd, newly);
1408 * Short read, but not an immediate EOF.
1410 *err_msg = g_strdup_printf("Premature EOF reading from sync pipe: got only %d bytes",
1416 /* convert header values */
1417 pipe_convert_header(header, 4, indicator, &required);
1419 /* only indicator with no value? */
1421 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1422 "read %d indicator: %c empty value", pipe_fd, *indicator);
1426 /* does the data fit into the given buffer? */
1427 if(required > len) {
1428 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1429 "read %d length error, required %d > len %d, indicator: %u",
1430 pipe_fd, required, len, *indicator);
1432 /* we have a problem here, try to read some more bytes from the pipe to debug where the problem really is */
1433 memcpy(msg, header, sizeof(header));
1434 newly = read(pipe_fd, &msg[sizeof(header)], len-sizeof(header));
1435 *err_msg = g_strdup_printf("Unknown message from dumpcap, try to show it as a string: %s",
1441 /* read the actual block data */
1442 newly = pipe_read_bytes(pipe_fd, msg, required, err_msg);
1443 if(newly != required) {
1445 *err_msg = g_strdup_printf("Unknown message from dumpcap, try to show it as a string: %s",
1451 /* XXX If message is "2part", the msg probably won't be sent to debug log correctly */
1452 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG,
1453 "read %d ok indicator: %c len: %u msg: %s", pipe_fd, *indicator,
1460 /* There's stuff to read from the sync pipe, meaning the child has sent
1461 us a message, or the sync pipe has closed, meaning the child has
1462 closed it (perhaps because it exited). */
1464 sync_pipe_input_cb(gint source, gpointer user_data)
1466 capture_options *capture_opts = (capture_options *)user_data;
1468 char buffer[SP_MAX_MSG_LEN+1];
1474 char *secondary_msg;
1475 char *wait_msg, *combined_msg;
1477 nread = pipe_read_block(source, &indicator, SP_MAX_MSG_LEN, buffer,
1480 /* We got a read error, or a bad message, or an EOF, from the sync pipe.
1482 If we got a read error or a bad message, nread is -1 and
1483 primary_msg is set to point to an error message. We don't
1484 have to worry about killing the child; usually this error
1485 is caused as the child killed itself while going down.
1486 Even in the rare cases that this isn't the case, the child
1487 will get an error when writing to the broken pipe the next time,
1488 cleaning itself up then.
1490 If we got an EOF, nread is 0 and primary_msg isn't set. This
1491 is an indication that the capture is finished. */
1492 ret = sync_pipe_wait_for_child(capture_opts->fork_child, &wait_msg);
1494 /* We got an EOF from the sync pipe. That means that the capture
1495 child exited, and not in the middle of a message; we treat
1496 that as an indication that it's done, and only report an
1497 error if ret is -1, in which case wait_msg is the error
1500 primary_msg = wait_msg;
1502 /* We got an error from the sync pipe. If ret is -1, report
1503 both the sync pipe I/O error and the wait error. */
1505 combined_msg = g_strdup_printf("%s\n\n%s", primary_msg, wait_msg);
1506 g_free(primary_msg);
1508 primary_msg = combined_msg;
1512 /* No more child process. */
1513 capture_opts->fork_child = -1;
1516 ws_close(capture_opts->signal_pipe_write_fd);
1518 capture_input_closed(capture_opts, primary_msg);
1519 g_free(primary_msg);
1523 /* we got a valid message block from the child, process it */
1526 if(!capture_input_new_file(capture_opts, buffer)) {
1527 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_input_cb: file failed, closing capture");
1529 /* We weren't able to open the new capture file; user has been
1530 alerted. Close the sync pipe. */
1533 /* the child has send us a filename which we couldn't open.
1534 this probably means, the child is creating files faster than we can handle it.
1535 this should only be the case for very fast file switches
1536 we can't do much more than telling the child to stop
1537 (this is the "emergency brake" if user e.g. wants to switch files every second) */
1538 sync_pipe_stop(capture_opts);
1541 case SP_PACKET_COUNT:
1542 nread = atoi(buffer);
1543 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_input_cb: new packets %u", nread);
1544 capture_input_new_packets(capture_opts, nread);
1547 /* convert primary message */
1548 pipe_convert_header(buffer, 4, &indicator, &primary_len);
1549 primary_msg = buffer+4;
1550 /* convert secondary message */
1551 pipe_convert_header(primary_msg + primary_len, 4, &indicator, &secondary_len);
1552 secondary_msg = primary_msg + primary_len + 4;
1553 /* message output */
1554 capture_input_error_message(capture_opts, primary_msg, secondary_msg);
1555 /* the capture child will close the sync_pipe, nothing to do for now */
1556 /* (an error message doesn't mean we have to stop capturing) */
1559 capture_input_cfilter_error_message(capture_opts, buffer);
1560 /* the capture child will close the sync_pipe, nothing to do for now */
1563 capture_input_drops(capture_opts, (guint32)strtoul(buffer, NULL, 10));
1566 g_assert_not_reached();
1574 /* the child process is going down, wait until it's completely terminated */
1576 sync_pipe_wait_for_child(int fork_child, gchar **msgp)
1578 int fork_child_status;
1581 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_wait_for_child: wait till child closed");
1582 g_assert(fork_child != -1);
1584 *msgp = NULL; /* assume no error */
1587 if (_cwait(&fork_child_status, fork_child, _WAIT_CHILD) == -1) {
1588 *msgp = g_strdup_printf("Error from cwait(): %s", strerror(errno));
1592 if (waitpid(fork_child, &fork_child_status, 0) != -1) {
1593 if (WIFEXITED(fork_child_status)) {
1595 * The child exited; return its exit status. Do not treat this as
1598 ret = WEXITSTATUS(fork_child_status);
1599 } else if (WIFSTOPPED(fork_child_status)) {
1600 /* It stopped, rather than exiting. "Should not happen." */
1601 *msgp = g_strdup_printf("Child dumpcap process stopped: %s",
1602 sync_pipe_signame(WSTOPSIG(fork_child_status)));
1604 } else if (WIFSIGNALED(fork_child_status)) {
1605 /* It died with a signal. */
1606 *msgp = g_strdup_printf("Child dumpcap process died: %s%s",
1607 sync_pipe_signame(WTERMSIG(fork_child_status)),
1608 WCOREDUMP(fork_child_status) ? " - core dumped" : "");
1611 /* What? It had to either have exited, or stopped, or died with
1612 a signal; what happened here? */
1613 *msgp = g_strdup_printf("Bad status from waitpid(): %#o",
1618 *msgp = g_strdup_printf("Error from waitpid(): %s", strerror(errno));
1623 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_wait_for_child: capture child closed");
1629 /* convert signal to corresponding name */
1631 sync_pipe_signame(int sig)
1634 static char sigmsg_buf[6+1+3+1];
1643 sigmsg = "Interrupted";
1651 sigmsg = "Illegal instruction";
1655 sigmsg = "Trace trap";
1663 sigmsg = "Arithmetic exception";
1671 sigmsg = "Bus error";
1675 sigmsg = "Segmentation violation";
1678 /* http://metalab.unc.edu/pub/Linux/docs/HOWTO/GCC-HOWTO
1679 Linux is POSIX compliant. These are not POSIX-defined signals ---
1680 ISO/IEC 9945-1:1990 (IEEE Std 1003.1-1990), paragraph B.3.3.1.1 sez:
1682 ``The signals SIGBUS, SIGEMT, SIGIOT, SIGTRAP, and SIGSYS
1683 were omitted from POSIX.1 because their behavior is
1684 implementation dependent and could not be adequately catego-
1685 rized. Conforming implementations may deliver these sig-
1686 nals, but must document the circumstances under which they
1687 are delivered and note any restrictions concerning their
1690 So we only check for SIGSYS on those systems that happen to
1691 implement them (a system can be POSIX-compliant and implement
1692 them, it's just that POSIX doesn't *require* a POSIX-compliant
1693 system to implement them).
1698 sigmsg = "Bad system call";
1703 sigmsg = "Broken pipe";
1707 sigmsg = "Alarm clock";
1711 sigmsg = "Terminated";
1715 /* Returning a static buffer is ok in the context we use it here */
1716 g_snprintf(sigmsg_buf, sizeof sigmsg_buf, "Signal %d", sig);
1717 sigmsg = sigmsg_buf;
1726 /* tell the child through the signal pipe that we want to quit the capture */
1728 signal_pipe_capquit_to_child(capture_options *capture_opts)
1730 const char quit_msg[] = "QUIT";
1734 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "signal_pipe_capquit_to_child");
1736 /* it doesn't matter *what* we send here, the first byte will stop the capture */
1737 /* simply sending a "QUIT" string */
1738 /*pipe_write_block(capture_opts->signal_pipe_write_fd, SP_QUIT, quit_msg);*/
1739 ret = write(capture_opts->signal_pipe_write_fd, quit_msg, sizeof quit_msg);
1741 g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_WARNING,
1742 "signal_pipe_capquit_to_child: %d header: error %s", capture_opts->signal_pipe_write_fd, strerror(errno));
1748 /* user wants to stop the capture run */
1750 sync_pipe_stop(capture_options *capture_opts)
1755 gboolean terminate = TRUE;
1758 if (capture_opts->fork_child != -1) {
1760 /* send the SIGINT signal to close the capture child gracefully. */
1761 int sts = kill(capture_opts->fork_child, SIGINT);
1763 g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_WARNING,
1764 "Sending SIGINT to child failed: %s\n", strerror(errno));
1767 #define STOP_SLEEP_TIME 500 /* ms */
1768 #define STOP_CHECK_TIME 50
1769 /* First, use the special signal pipe to try to close the capture child
1772 signal_pipe_capquit_to_child(capture_opts);
1774 /* Next, wait for the process to exit on its own */
1775 for (count = 0; count < STOP_SLEEP_TIME / STOP_CHECK_TIME; count++) {
1776 if (GetExitCodeProcess((HANDLE) capture_opts->fork_child, &childstatus) &&
1777 childstatus != STILL_ACTIVE) {
1781 Sleep(STOP_CHECK_TIME);
1784 /* Force the issue. */
1786 g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_WARNING,
1787 "sync_pipe_stop: forcing child to exit");
1788 sync_pipe_kill(capture_opts->fork_child);
1795 /* Wireshark has to exit, force the capture child to close */
1797 sync_pipe_kill(int fork_child)
1799 if (fork_child != -1) {
1801 int sts = kill(fork_child, SIGTERM); /* SIGTERM so it can clean up if necessary */
1803 g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_WARNING,
1804 "Sending SIGTERM to child failed: %s\n", strerror(errno));
1807 /* Remark: This is not the preferred method of closing a process!
1808 * the clean way would be getting the process id of the child process,
1809 * then getting window handle hWnd of that process (using EnumChildWindows),
1810 * and then do a SendMessage(hWnd, WM_CLOSE, 0, 0)
1812 * Unfortunately, I don't know how to get the process id from the
1813 * handle. OpenProcess will get an handle (not a window handle)
1814 * from the process ID; it will not get a window handle from the
1815 * process ID. (How could it? A process can have more than one
1816 * window. For that matter, a process might have *no* windows,
1817 * as a process running dumpcap, the normal child process program,
1820 * Hint: GenerateConsoleCtrlEvent() will only work if both processes are
1821 * running in the same console; that's not necessarily the case for
1822 * us, as we might not be running in a console.
1823 * And this also will require to have the process id.
1825 TerminateProcess((HANDLE) (fork_child), 0);
1830 #endif /* HAVE_LIBPCAP */