2 * Routines for packet capture windows
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 * <laurent.deniel@free.fr>
28 * Almost completely rewritten in order to:
30 * - be able to use a unlimited number of ringbuffer files
31 * - close the current file and open (truncating) the next file at switch
32 * - set the final file name once open (or reopen)
33 * - avoid the deletion of files that could not be truncated (can't arise now)
34 * and do not erase empty files
36 * The idea behind that is to remove the limitation of the maximum # of
37 * ringbuffer files being less than the maximum # of open fd per process
38 * and to be able to reduce the amount of virtual memory usage (having only
39 * one file open at most) or the amount of file system usage (by truncating
40 * the files at switch and not the capture stop, and by closing them which
41 * makes possible their move or deletion after a switch).
69 #include "ringbuffer.h"
70 #include "file_util.h"
73 /* Ringbuffer file structure */
74 typedef struct _rb_file {
78 /* Ringbuffer data structure */
79 typedef struct _ringbuf_data {
81 guint num_files; /* Number of ringbuffer files (1 to ...) */
82 guint curr_file_num; /* Number of the current file (ever increasing) */
83 gchar *fprefix; /* Filename prefix */
84 gchar *fsuffix; /* Filename suffix */
85 gboolean unlimited; /* TRUE if unlimited number of files */
89 int fd; /* Current ringbuffer file descriptor */
93 static ringbuf_data rb_data;
97 * create the next filename and open a new binary file with that name
99 static int ringbuf_open_file(rb_file *rfile, int *err)
105 if (rfile->name != NULL) {
106 if (rb_data.unlimited == FALSE) {
107 /* remove old file (if any, so ignore error) */
108 eth_unlink(rfile->name);
116 current_time = time(NULL);
118 g_snprintf(filenum, sizeof(filenum), "%05u", (rb_data.curr_file_num + 1) % 100000);
119 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(¤t_time));
120 rfile->name = g_strconcat(rb_data.fprefix, "_", filenum, "_", timestr,
121 rb_data.fsuffix, NULL);
123 if (rfile->name == NULL) {
128 rb_data.fd = eth_open(rfile->name, O_RDWR|O_BINARY|O_TRUNC|O_CREAT, 0600);
130 if (rb_data.fd == -1 && err != NULL) {
138 * Initialize the ringbuffer data structures
141 ringbuf_init(const char *capfile_name, guint num_files)
144 char *pfx, *last_pathsep;
147 rb_data.files = NULL;
148 rb_data.curr_file_num = 0;
149 rb_data.fprefix = NULL;
150 rb_data.fsuffix = NULL;
151 rb_data.unlimited = FALSE;
155 /* just to be sure ... */
156 if (num_files <= RINGBUFFER_MAX_NUM_FILES) {
157 rb_data.num_files = num_files;
159 rb_data.num_files = RINGBUFFER_MAX_NUM_FILES;
162 /* Check file name */
163 if (capfile_name == NULL) {
164 /* ringbuffer does not work with temporary files! */
168 /* set file name prefix/suffix */
170 save_file = g_strdup(capfile_name);
171 last_pathsep = strrchr(save_file, G_DIR_SEPARATOR);
172 pfx = strrchr(save_file,'.');
173 if (pfx != NULL && (last_pathsep == NULL || pfx > last_pathsep)) {
174 /* The pathname has a "." in it, and it's in the last component
175 of the pathname (because there is either only one component,
176 i.e. last_pathsep is null as there are no path separators,
177 or the "." is after the path separator before the last
180 Treat it as a separator between the rest of the file name and
181 the file name suffix, and arrange that the names given to the
182 ring buffer files have the specified suffix, i.e. put the
183 changing part of the name *before* the suffix. */
185 rb_data.fprefix = g_strdup(save_file);
186 pfx[0] = '.'; /* restore capfile_name */
187 rb_data.fsuffix = g_strdup(pfx);
189 /* Either there's no "." in the pathname, or it's in a directory
190 component, so the last component has no suffix. */
191 rb_data.fprefix = g_strdup(save_file);
192 rb_data.fsuffix = NULL;
197 /* allocate rb_file structures (only one if unlimited since there is no
198 need to save all file names in that case) */
200 if (num_files == RINGBUFFER_UNLIMITED_FILES) {
201 rb_data.unlimited = TRUE;
202 rb_data.num_files = 1;
205 rb_data.files = g_malloc(rb_data.num_files * sizeof(rb_file));
206 if (rb_data.files == NULL) {
210 for (i=0; i < rb_data.num_files; i++) {
211 rb_data.files[i].name = NULL;
214 /* create the first file */
215 if (ringbuf_open_file(&rb_data.files[0], NULL) == -1) {
216 ringbuf_error_cleanup();
224 const gchar *ringbuf_current_filename(void)
226 return rb_data.files[rb_data.curr_file_num % rb_data.num_files].name;
230 * Calls libpcap_fdopen() for the current ringbuffer file
233 ringbuf_init_libpcap_fdopen(int linktype, int snaplen,
234 long *bytes_written, int *err)
237 rb_data.linktype = linktype;
238 rb_data.snaplen = snaplen;
240 rb_data.pdh = libpcap_fdopen(rb_data.fd, linktype, snaplen, bytes_written,
246 * Switches to the next ringbuffer file
249 ringbuf_switch_file(FILE **pdh, gchar **save_file, int *save_file_fd,
250 long *bytes_written, int *err)
253 rb_file *next_rfile = NULL;
255 /* close current file */
257 if (!libpcap_dump_close(rb_data.pdh, err)) {
258 eth_close(rb_data.fd); /* XXX - the above should have closed this already */
259 rb_data.pdh = NULL; /* it's still closed, we just got an error while closing */
267 /* get the next file number and open it */
269 rb_data.curr_file_num++ /* = next_file_num*/;
270 next_file_index = (rb_data.curr_file_num) % rb_data.num_files;
271 next_rfile = &rb_data.files[next_file_index];
273 if (ringbuf_open_file(next_rfile, err) == -1) {
277 if (ringbuf_init_libpcap_fdopen(rb_data.linktype, rb_data.snaplen,
278 bytes_written, err) == NULL) {
282 /* switch to the new file */
283 *save_file = next_rfile->name;
284 *save_file_fd = rb_data.fd;
285 (*pdh) = rb_data.pdh;
291 * Calls libpcap_dump_close() for the current ringbuffer file
294 ringbuf_libpcap_dump_close(gchar **save_file, int *err)
296 gboolean ret_val = TRUE;
298 /* close current file, if it's open */
299 if (rb_data.pdh != NULL) {
300 if (!libpcap_dump_close(rb_data.pdh, err)) {
301 eth_close(rb_data.fd);
309 /* set the save file name to the current file */
310 *save_file = rb_data.files[rb_data.curr_file_num % rb_data.num_files].name;
315 * Frees all memory allocated by the ringbuffer
322 if (rb_data.files != NULL) {
323 for (i=0; i < rb_data.num_files; i++) {
324 if (rb_data.files[i].name != NULL) {
325 g_free(rb_data.files[i].name);
326 rb_data.files[i].name = NULL;
329 g_free(rb_data.files);
330 rb_data.files = NULL;
332 if (rb_data.fprefix != NULL) {
333 g_free(rb_data.fprefix);
334 rb_data.fprefix = NULL;
336 if (rb_data.fsuffix != NULL) {
337 g_free(rb_data.fsuffix);
338 rb_data.fsuffix = NULL;
343 * Frees all memory allocated by the ringbuffer
346 ringbuf_error_cleanup(void)
350 /* try to close via wtap */
351 if (rb_data.pdh != NULL) {
352 if (libpcap_dump_close(rb_data.pdh, NULL)) {
358 /* close directly if still open */
359 /* XXX - it shouldn't still be open; "libpcap_dump_close()" should leave the
360 file closed even if it fails */
361 if (rb_data.fd != -1) {
362 eth_close(rb_data.fd);
366 if (rb_data.files != NULL) {
367 for (i=0; i < rb_data.num_files; i++) {
368 if (rb_data.files[i].name != NULL) {
369 eth_unlink(rb_data.files[i].name);
373 /* free the memory */
377 #endif /* HAVE_LIBPCAP */
git.samba.org / obnox / wireshark / wip.git / blob