/* capture.c
* Routines for packet capture windows
*
- * $Id: capture.c,v 1.224 2004/01/22 18:13:56 ulfl Exp $
+ * $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
+/* With MSVC and a libethereal.dll this file needs to import some variables
+ in a special way. Therefore _NEED_VAR_IMPORT_ is defined. */
+#define _NEED_VAR_IMPORT_
+
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include "capture.h"
#include "util.h"
#include "pcap-util.h"
+#include "alert_box.h"
#include "simple_dialog.h"
-#include "prefs.h"
+#include <epan/prefs.h>
#include "globals.h"
#include "conditions.h"
#include "capture_stop_conditions.h"
#include "wiretap/wtap.h"
#include "wiretap/wtap-capture.h"
-#include "packet-atalk.h"
-#include "packet-atm.h"
-#include "packet-clip.h"
-#include "packet-eth.h"
-#include "packet-fddi.h"
-#include "packet-null.h"
-#include "packet-ppp.h"
-#include "packet-raw.h"
-#include "packet-sll.h"
-#include "packet-tr.h"
-#include "packet-ieee80211.h"
-#include "packet-chdlc.h"
-#include "packet-prism.h"
-#include "packet-ipfc.h"
-#include "packet-arcnet.h"
+#include <epan/dissectors/packet-ap1394.h>
+#include <epan/dissectors/packet-atalk.h>
+#include <epan/dissectors/packet-atm.h>
+#include <epan/dissectors/packet-clip.h>
+#include <epan/dissectors/packet-eth.h>
+#include <epan/dissectors/packet-fddi.h>
+#include <epan/dissectors/packet-null.h>
+#include <epan/dissectors/packet-ppp.h>
+#include <epan/dissectors/packet-raw.h>
+#include <epan/dissectors/packet-sll.h>
+#include <epan/dissectors/packet-tr.h>
+#include <epan/dissectors/packet-ieee80211.h>
+#include <epan/dissectors/packet-chdlc.h>
+#include <epan/dissectors/packet-prism.h>
+#include <epan/dissectors/packet-ipfc.h>
+#include <epan/dissectors/packet-arcnet.h>
#ifdef _WIN32
#include "capture-wpcap.h"
* Capture options.
*/
capture_options capture_opts;
+gboolean quit_after_cap = FALSE;/* Makes a "capture only mode". Implies -k */
+gboolean capture_child; /* if this is the child for "-S" */
+
+static int sync_pipe[2]; /* used to sync father */
+enum PIPES { READ, WRITE }; /* Constants 0 and 1 for READ and WRITE */
+static int fork_child = -1; /* If not -1, in parent, process ID of child */
-static int sync_pipe[2]; /* used to sync father */
-enum PIPES { READ, WRITE }; /* Constants 0 and 1 for READ and WRITE */
-int quit_after_cap; /* Makes a "capture only mode". Implies -k */
-gboolean capture_child; /* if this is the child for "-S" */
-static int fork_child = -1; /* If not -1, in parent, process ID of child */
+/* Size of buffer to hold decimal representation of
+ signed/unsigned 64-bit int */
+#define SP_DECISIZE 20
/*
* Indications sent out on the sync pipe.
*/
-#define SP_CAPSTART ';' /* capture start message */
+#define SP_CAPSTART ';' /* capture start message */
#define SP_PACKET_COUNT '*' /* followed by count of packets captured since last message */
#define SP_ERROR_MSG '!' /* followed by length of error message that follows */
-#define SP_DROPS '#' /* followed by count of packets dropped in capture */
+#define SP_DROPS '#' /* followed by count of packets dropped in capture */
-static gboolean cap_pipe_input_cb(gint source, gpointer user_data);
-static void wait_for_child(gboolean);
-#ifndef _WIN32
-static char *signame(int);
-#endif
-static void capture_pcap_cb(guchar *, const struct pcap_pkthdr *,
- const guchar *);
-static void get_capture_file_io_error(char *, int, const char *, int, gboolean);
-static void popup_errmsg(const char *);
-static void send_errmsg_to_parent(const char *);
-static void stop_capture(int signo);
-
typedef struct _loop_data {
gboolean go; /* TRUE as long as we're supposed to keep capturing */
gint max; /* Number of packets we're supposed to capture - 0 means infinite */
gint linktype;
gint sync_packets;
gboolean pcap_err; /* TRUE if error from pcap */
- gboolean from_pipe; /* TRUE if we are capturing data from a pipe */
+ gboolean from_cap_pipe;/* TRUE if we are capturing data from a pipe */
packet_counts counts;
wtap_dumper *pdh;
#ifndef _WIN32
gboolean modified; /* TRUE if data in the pipe uses modified pcap headers */
gboolean byte_swapped; /* TRUE if data in the pipe is byte swapped */
- unsigned int bytes_to_read, bytes_read; /* Used by pipe_dispatch */
+ unsigned int bytes_to_read, bytes_read; /* Used by cap_pipe_dispatch */
enum {
STATE_EXPECT_REC_HDR, STATE_READ_REC_HDR,
STATE_EXPECT_DATA, STATE_READ_DATA
- } pipe_state;
+ } cap_pipe_state;
- enum { PIPOK, PIPEOF, PIPERR, PIPNEXIST } pipe_err;
+ enum { PIPOK, PIPEOF, PIPERR, PIPNEXIST } cap_pipe_err;
#endif
} loop_data;
-#ifndef _WIN32
-static void adjust_header(loop_data *, struct pcap_hdr *, struct pcaprec_hdr *);
-static int pipe_open_live(char *, struct pcap_hdr *, loop_data *, char *, int);
-static int pipe_dispatch(int, loop_data *, struct pcap_hdr *, \
- struct pcaprec_modified_hdr *, guchar *, char *, int);
-#endif
-
/* Win32 needs the O_BINARY flag for open() */
#ifndef O_BINARY
#define O_BINARY 0
#endif
-#ifdef _WIN32
-/* Win32 needs a handle to the child capture process */
-int child_process;
+static gboolean sync_pipe_do_capture(gboolean is_tempfile);
+static gboolean sync_pipe_input_cb(gint source, gpointer user_data);
+static void sync_pipe_wait_for_child(gboolean);
+static void sync_pipe_errmsg_to_parent(const char *);
+#ifndef _WIN32
+static char *sync_pipe_signame(int);
#endif
-/* Add a string pointer to a NULL-terminated array of string pointers. */
-static char **
-add_arg(char **args, int *argc, char *arg)
-{
- /* Grow the array; "*argc" currently contains the number of string
- pointers, *not* counting the NULL pointer at the end, so we have
- to add 2 in order to get the new size of the array, including the
- new pointer and the terminating NULL pointer. */
- args = g_realloc(args, (*argc + 2) * sizeof (char *));
+static gboolean normal_do_capture(gboolean is_tempfile);
+static void capture_pcap_cb(guchar *, const struct pcap_pkthdr *,
+ const guchar *);
+static void get_capture_file_io_error(char *, int, const char *, int, gboolean);
+static void popup_errmsg(const char *);
+static void stop_capture_signal_handler(int signo);
- /* Stuff the pointer into the penultimate element of the array, which
- is the one at the index specified by "*argc". */
- args[*argc] = arg;
+#ifndef _WIN32
+static void cap_pipe_adjust_header(loop_data *, struct pcap_hdr *, struct pcaprec_hdr *);
+static int cap_pipe_open_live(char *, struct pcap_hdr *, loop_data *, char *, int);
+static int cap_pipe_dispatch(int, loop_data *, struct pcap_hdr *, \
+ struct pcaprec_modified_hdr *, guchar *, char *, int);
+#endif
- /* Now bump the count. */
- (*argc)++;
- /* We overwrite the NULL pointer; put it back right after the
- element we added. */
- args[*argc] = NULL;
- return args;
-}
-#ifdef _WIN32
-/* Given a string, return a pointer to a quote-encapsulated version of
- the string, so we can pass it as an argument with "spawnvp" even
- if it contains blanks. */
-char *
-quote_encapsulate(const char *string)
-{
- char *encapsulated_string;
- encapsulated_string = g_new(char, strlen(string) + 3);
- sprintf(encapsulated_string, "\"%s\"", string);
- return encapsulated_string;
-}
-#endif
/* Open a specified file, or create a temporary file, and start a capture
to the file in question. Returns TRUE if the capture starts
{
char tmpname[128+1];
gboolean is_tempfile;
- guchar c;
- int i;
- guint byte_count;
- char *msg;
- int err;
- int capture_succeeded;
- gboolean stats_known;
- struct pcap_stat stats;
gchar *capfile_name;
+ gboolean ret;
if (save_file != NULL) {
/* If the Sync option is set, we return to the caller while the capture
* case the caller destroys it after we return.
*/
capfile_name = g_strdup(save_file);
- if (capture_opts.ringbuffer_on) {
+ if (capture_opts.multi_files_on) {
/* ringbuffer is enabled */
cfile.save_file_fd = ringbuf_init(capfile_name,
- capture_opts.ringbuffer_num_files);
+ (capture_opts.has_ring_num_files) ? capture_opts.ring_num_files : 0);
} else {
/* Try to open/create the specified file for use as a capture buffer. */
cfile.save_file_fd = open(capfile_name, O_RDWR|O_BINARY|O_TRUNC|O_CREAT,
}
if (cfile.save_file_fd == -1) {
if (is_tempfile) {
- simple_dialog(ESD_TYPE_CRIT, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"The temporary file to which the capture would be saved (\"%s\")"
"could not be opened: %s.", capfile_name, strerror(errno));
} else {
- if (capture_opts.ringbuffer_on) {
+ if (capture_opts.multi_files_on) {
ringbuf_error_cleanup();
}
- simple_dialog(ESD_TYPE_CRIT, NULL,
- file_open_error_message(errno, TRUE, WTAP_FILE_PCAP), capfile_name);
+ open_failure_alert_box(capfile_name, errno, TRUE);
}
g_free(capfile_name);
return FALSE;
cfile.save_file = capfile_name;
/* cfile.save_file is "g_free"ed below, which is equivalent to
"g_free(capfile_name)". */
+ fork_child = -1;
+
+ if (capture_opts.sync_mode) {
+ /* sync mode: do the capture in a child process */
+ ret = sync_pipe_do_capture(is_tempfile);
+ /* capture is still running */
+ set_main_window_name("(Live Capture in Progress) - Ethereal");
+ } else {
+ /* normal mode: do the capture synchronously */
+ set_main_window_name("(Live Capture in Progress) - Ethereal");
+ ret = normal_do_capture(is_tempfile);
+ /* capture is finished here */
+ }
+
+ return ret;
+}
+
- if (capture_opts.sync_mode) { /* do the capture in a child process */
+
+/* Add a string pointer to a NULL-terminated array of string pointers. */
+static char **
+sync_pipe_add_arg(char **args, int *argc, char *arg)
+{
+ /* Grow the array; "*argc" currently contains the number of string
+ pointers, *not* counting the NULL pointer at the end, so we have
+ to add 2 in order to get the new size of the array, including the
+ new pointer and the terminating NULL pointer. */
+ args = g_realloc(args, (*argc + 2) * sizeof (char *));
+
+ /* Stuff the pointer into the penultimate element of the array, which
+ is the one at the index specified by "*argc". */
+ args[*argc] = arg;
+
+ /* Now bump the count. */
+ (*argc)++;
+
+ /* We overwrite the NULL pointer; put it back right after the
+ element we added. */
+ args[*argc] = NULL;
+
+ return args;
+}
+
+#ifdef _WIN32
+/* Given a string, return a pointer to a quote-encapsulated version of
+ the string, so we can pass it as an argument with "spawnvp" even
+ if it contains blanks. */
+char *
+sync_pipe_quote_encapsulate(const char *string)
+{
+ char *encapsulated_string;
+
+ encapsulated_string = g_new(char, strlen(string) + 3);
+ sprintf(encapsulated_string, "\"%s\"", string);
+ return encapsulated_string;
+}
+#endif
+
+
+
+static gboolean
+sync_pipe_do_capture(gboolean is_tempfile) {
+ guint byte_count;
+ int i;
+ guchar c;
+ char *msg;
+ int err;
char ssnap[24];
char scount[24]; /* need a constant for len of numbers */
char sautostop_filesize[24]; /* need a constant for len of numbers */
*argv = NULL;
/* Now add those arguments used on all platforms. */
- argv = add_arg(argv, &argc, CHILD_NAME);
+ argv = sync_pipe_add_arg(argv, &argc, CHILD_NAME);
- argv = add_arg(argv, &argc, "-i");
- argv = add_arg(argv, &argc, cfile.iface);
+ argv = sync_pipe_add_arg(argv, &argc, "-i");
+ argv = sync_pipe_add_arg(argv, &argc, cfile.iface);
- argv = add_arg(argv, &argc, "-w");
- argv = add_arg(argv, &argc, cfile.save_file);
+ argv = sync_pipe_add_arg(argv, &argc, "-w");
+ argv = sync_pipe_add_arg(argv, &argc, cfile.save_file);
- argv = add_arg(argv, &argc, "-W");
+ argv = sync_pipe_add_arg(argv, &argc, "-W");
sprintf(save_file_fd,"%d",cfile.save_file_fd); /* in lieu of itoa */
- argv = add_arg(argv, &argc, save_file_fd);
+ argv = sync_pipe_add_arg(argv, &argc, save_file_fd);
- if (capture_opts.has_autostop_count) {
- argv = add_arg(argv, &argc, "-c");
- sprintf(scount,"%d",capture_opts.autostop_count);
- argv = add_arg(argv, &argc, scount);
+ if (capture_opts.has_autostop_packets) {
+ argv = sync_pipe_add_arg(argv, &argc, "-c");
+ sprintf(scount,"%d",capture_opts.autostop_packets);
+ argv = sync_pipe_add_arg(argv, &argc, scount);
}
if (capture_opts.has_snaplen) {
- argv = add_arg(argv, &argc, "-s");
+ argv = sync_pipe_add_arg(argv, &argc, "-s");
sprintf(ssnap,"%d",capture_opts.snaplen);
- argv = add_arg(argv, &argc, ssnap);
+ argv = sync_pipe_add_arg(argv, &argc, ssnap);
}
if (capture_opts.linktype != -1) {
- argv = add_arg(argv, &argc, "-y");
+ argv = sync_pipe_add_arg(argv, &argc, "-y");
+#ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
+ sprintf(ssnap,"%s",pcap_datalink_val_to_name(capture_opts.linktype));
+#else
+ /* XXX - just treat it as a number */
sprintf(ssnap,"%d",capture_opts.linktype);
- argv = add_arg(argv, &argc, ssnap);
+#endif
+ argv = sync_pipe_add_arg(argv, &argc, ssnap);
}
if (capture_opts.has_autostop_filesize) {
- argv = add_arg(argv, &argc, "-a");
+ argv = sync_pipe_add_arg(argv, &argc, "-a");
sprintf(sautostop_filesize,"filesize:%d",capture_opts.autostop_filesize);
- argv = add_arg(argv, &argc, sautostop_filesize);
+ argv = sync_pipe_add_arg(argv, &argc, sautostop_filesize);
}
if (capture_opts.has_autostop_duration) {
- argv = add_arg(argv, &argc, "-a");
+ argv = sync_pipe_add_arg(argv, &argc, "-a");
sprintf(sautostop_duration,"duration:%d",capture_opts.autostop_duration);
- argv = add_arg(argv, &argc, sautostop_duration);
+ argv = sync_pipe_add_arg(argv, &argc, sautostop_duration);
+ }
+
+ if (!capture_opts.show_info) {
+ argv = sync_pipe_add_arg(argv, &argc, "-H");
}
if (!capture_opts.promisc_mode)
- argv = add_arg(argv, &argc, "-p");
+ argv = sync_pipe_add_arg(argv, &argc, "-p");
#ifdef _WIN32
/* Create a pipe for the child process */
unlink(cfile.save_file);
g_free(cfile.save_file);
cfile.save_file = NULL;
- simple_dialog(ESD_TYPE_CRIT, NULL, "Couldn't create sync pipe: %s",
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "Couldn't create sync pipe: %s",
strerror(error));
return FALSE;
}
/* Convert font name to a quote-encapsulated string and pass to child */
- argv = add_arg(argv, &argc, "-m");
- fontstring = quote_encapsulate(prefs.PREFS_GUI_FONT_NAME);
- argv = add_arg(argv, &argc, fontstring);
+ argv = sync_pipe_add_arg(argv, &argc, "-m");
+ fontstring = sync_pipe_quote_encapsulate(prefs.PREFS_GUI_FONT_NAME);
+ argv = sync_pipe_add_arg(argv, &argc, fontstring);
/* Convert pipe write handle to a string and pass to child */
- argv = add_arg(argv, &argc, "-Z");
+ argv = sync_pipe_add_arg(argv, &argc, "-Z");
itoa(sync_pipe[WRITE], sync_pipe_fd, 10);
- argv = add_arg(argv, &argc, sync_pipe_fd);
+ argv = sync_pipe_add_arg(argv, &argc, sync_pipe_fd);
/* Convert filter string to a quote delimited string and pass to child */
filterstring = NULL;
if (cfile.cfilter != NULL && strlen(cfile.cfilter) != 0) {
- argv = add_arg(argv, &argc, "-f");
- filterstring = quote_encapsulate(cfile.cfilter);
- argv = add_arg(argv, &argc, filterstring);
+ argv = sync_pipe_add_arg(argv, &argc, "-f");
+ filterstring = sync_pipe_quote_encapsulate(cfile.cfilter);
+ argv = sync_pipe_add_arg(argv, &argc, filterstring);
}
/* Spawn process */
if (filterstring) {
g_free(filterstring);
}
- /* Keep a copy for later evaluation by _cwait() */
- child_process = fork_child;
#else
if (pipe(sync_pipe) < 0) {
/* Couldn't create the pipe between parent and child. */
unlink(cfile.save_file);
g_free(cfile.save_file);
cfile.save_file = NULL;
- simple_dialog(ESD_TYPE_CRIT, NULL, "Couldn't create sync pipe: %s",
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "Couldn't create sync pipe: %s",
strerror(error));
return FALSE;
}
- argv = add_arg(argv, &argc, "-m");
- argv = add_arg(argv, &argc, prefs.PREFS_GUI_FONT_NAME);
+ argv = sync_pipe_add_arg(argv, &argc, "-m");
+ argv = sync_pipe_add_arg(argv, &argc, prefs.PREFS_GUI_FONT_NAME);
if (cfile.cfilter != NULL && strlen(cfile.cfilter) != 0) {
- argv = add_arg(argv, &argc, "-f");
- argv = add_arg(argv, &argc, cfile.cfilter);
+ argv = sync_pipe_add_arg(argv, &argc, "-f");
+ argv = sync_pipe_add_arg(argv, &argc, cfile.cfilter);
}
if ((fork_child = fork()) == 0) {
execvp(ethereal_path, argv);
snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
ethereal_path, strerror(errno));
- send_errmsg_to_parent(errmsg);
+ sync_pipe_errmsg_to_parent(errmsg);
/* Exit with "_exit()", so that we don't close the connection
to the X server (and cause stuff buffered up by our parent but
unlink(cfile.save_file);
g_free(cfile.save_file);
cfile.save_file = NULL;
- simple_dialog(ESD_TYPE_CRIT, NULL, "Couldn't create child process: %s",
- strerror(error));
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
+ "Couldn't create child process: %s", strerror(error));
return FALSE;
}
unlink(cfile.save_file);
g_free(cfile.save_file);
cfile.save_file = NULL;
- wait_for_child(TRUE);
+ sync_pipe_wait_for_child(TRUE);
return FALSE;
}
if (c == SP_CAPSTART || c == SP_ERROR_MSG)
unlink(cfile.save_file);
g_free(cfile.save_file);
cfile.save_file = NULL;
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Capture child process sent us a bad message");
return FALSE;
}
what the problem was. */
if (byte_count == 0) {
/* Zero-length message? */
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Capture child process failed, but its error message was empty.");
} else {
msg = g_malloc(byte_count + 1);
if (msg == NULL) {
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Capture child process failed, but its error message was too big.");
} else {
i = read(sync_pipe[READ], msg, byte_count);
msg[byte_count] = '\0';
if (i < 0) {
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Capture child process failed: Error %s reading its error message.",
strerror(errno));
} else if (i == 0) {
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Capture child process failed: EOF reading its error message.");
- wait_for_child(FALSE);
+ sync_pipe_wait_for_child(FALSE);
} else
- simple_dialog(ESD_TYPE_CRIT, NULL, msg);
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, msg);
g_free(msg);
}
arrange that our callback be called whenever it's possible
to read from the sync pipe, so that it's called when
the child process wants to tell us something. */
- pipe_input_set_handler(sync_pipe[READ], (gpointer) &cfile, &child_process, cap_pipe_input_cb);
- } else {
- /* Not sync mode. */
- capture_succeeded = capture(&stats_known, &stats);
- if (quit_after_cap) {
- /* DON'T unlink the save file. Presumably someone wants it. */
- main_window_exit();
- }
- if (!capture_succeeded) {
- /* We didn't succeed in doing the capture, so we don't have a save
- file. */
- if (capture_opts.ringbuffer_on) {
- ringbuf_free();
- } else {
- g_free(cfile.save_file);
- }
- cfile.save_file = NULL;
- return FALSE;
- }
- /* Capture succeeded; attempt to read in the capture file. */
- if ((err = cf_open(cfile.save_file, is_tempfile, &cfile)) != 0) {
- /* We're not doing a capture any more, so we don't have a save
- file. */
- if (capture_opts.ringbuffer_on) {
- ringbuf_free();
- } else {
- g_free(cfile.save_file);
- }
- cfile.save_file = NULL;
- return FALSE;
- }
+ pipe_input_set_handler(sync_pipe[READ], (gpointer) &cfile, &fork_child, sync_pipe_input_cb);
- /* Set the read filter to NULL. */
- cfile.rfcode = NULL;
-
- /* Get the packet-drop statistics.
-
- XXX - there are currently no packet-drop statistics stored
- in libpcap captures, and that's what we're reading.
-
- At some point, we will add support in Wiretap to return
- packet-drop statistics for capture file formats that store it,
- and will make "cf_read()" get those statistics from Wiretap.
- We clear the statistics (marking them as "not known") in
- "cf_open()", and "cf_read()" will only fetch them and mark
- them as known if Wiretap supplies them, so if we get the
- statistics now, after calling "cf_open()" but before calling
- "cf_read()", the values we store will be used by "cf_read()".
-
- If a future libpcap capture file format stores the statistics,
- we'll put them into the capture file that we write, and will
- thus not have to set them here - "cf_read()" will get them from
- the file and use them. */
- if (stats_known) {
- cfile.drops_known = TRUE;
-
- /* XXX - on some systems, libpcap doesn't bother filling in
- "ps_ifdrop" - it doesn't even set it to zero - so we don't
- bother looking at it.
-
- Ideally, libpcap would have an interface that gave us
- several statistics - perhaps including various interface
- error statistics - and would tell us which of them it
- supplies, allowing us to display only the ones it does. */
- cfile.drops = stats.ps_drop;
- }
- switch (cf_read(&cfile, &err)) {
-
- case READ_SUCCESS:
- case READ_ERROR:
- /* Just because we got an error, that doesn't mean we were unable
- to read any of the file; we handle what we could get from the
- file. */
- break;
-
- case READ_ABORTED:
- /* Exit by leaving the main loop, so that any quit functions
- we registered get called. */
- main_window_nested_quit();
- return FALSE;
- }
-
- /* We're not doing a capture any more, so we don't have a save
- file. */
- if (capture_opts.ringbuffer_on) {
- ringbuf_free();
- } else {
- g_free(cfile.save_file);
- }
- cfile.save_file = NULL;
- }
- return TRUE;
+ return TRUE;
}
us a message, or the sync pipe has closed, meaning the child has
closed it (perhaps because it exited). */
static gboolean
-cap_pipe_input_cb(gint source, gpointer user_data)
+sync_pipe_input_cb(gint source, gpointer user_data)
{
- capture_file *cf = (capture_file *)data;
+ capture_file *cf = (capture_file *)user_data;
#define BUFSIZE 4096
char buffer[BUFSIZE+1], *p = buffer, *q = buffer, *msg, *r;
int nread, msglen, chars_to_copy;
/* The child has closed the sync pipe, meaning it's not going to be
capturing any more packets. Pick up its exit status, and
complain if it did anything other than exit with status 0. */
- wait_for_child(FALSE);
+ sync_pipe_wait_for_child(FALSE);
/* Read what remains of the capture file, and finish the capture.
XXX - do something if this fails? */
switch (cf_finish_tail(cf, &err)) {
case READ_SUCCESS:
+ if(cf->count == 0) {
+ simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
+ "%sNo packets captured!%s\n\n"
+ "As no data was captured, closing the %scapture file!",
+ simple_dialog_primary_start(), simple_dialog_primary_end(),
+ (cf->is_tempfile) ? "temporary " : "");
+ cf_close(cf);
+ }
+ break;
case READ_ERROR:
/* Just because we got an error, that doesn't mean we were unable
to read any of the file; we handle what we could get from the
msglen -= chars_to_copy;
}
*r = '\0';
- simple_dialog(ESD_TYPE_CRIT, NULL, msg);
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, msg);
g_free(msg);
break;
default :
}
static void
-wait_for_child(gboolean always_report)
+sync_pipe_wait_for_child(gboolean always_report)
{
int wstatus;
#ifdef _WIN32
/* XXX - analyze the wait status and display more information
- in the dialog box? */
- if (_cwait(&wstatus, child_process, _WAIT_CHILD) == -1) {
- simple_dialog(ESD_TYPE_WARN, NULL, "Child capture process stopped unexpectedly");
+ in the dialog box?
+ XXX - set "fork_child" to -1 if we find it exited? */
+ if (_cwait(&wstatus, fork_child, _WAIT_CHILD) == -1) {
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
+ "Child capture process stopped unexpectedly");
}
#else
if (wait(&wstatus) != -1) {
/* The child exited; display its exit status, if it's not zero,
and even if it's zero if "always_report" is true. */
if (always_report || WEXITSTATUS(wstatus) != 0) {
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Child capture process exited: exit status %d",
WEXITSTATUS(wstatus));
}
} else if (WIFSTOPPED(wstatus)) {
/* It stopped, rather than exiting. "Should not happen." */
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Child capture process stopped: %s",
- signame(WSTOPSIG(wstatus)));
+ sync_pipe_signame(WSTOPSIG(wstatus)));
} else if (WIFSIGNALED(wstatus)) {
/* It died with a signal. */
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Child capture process died: %s%s",
- signame(WTERMSIG(wstatus)),
+ sync_pipe_signame(WTERMSIG(wstatus)),
WCOREDUMP(wstatus) ? " - core dumped" : "");
} else {
/* What? It had to either have exited, or stopped, or died with
a signal; what happened here? */
- simple_dialog(ESD_TYPE_WARN, NULL,
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
"Child capture process died: wait status %#o", wstatus);
}
}
#endif
}
+static void
+sync_pipe_errmsg_to_parent(const char *errmsg)
+{
+ int msglen = strlen(errmsg);
+ char lenbuf[SP_DECISIZE+1+1];
+
+ sprintf(lenbuf, "%u%c", msglen, SP_ERROR_MSG);
+ write(1, lenbuf, strlen(lenbuf));
+ write(1, errmsg, msglen);
+}
+
+static void
+sync_pipe_drops_to_parent(int drops)
+{
+ char tmp[SP_DECISIZE+1+1];
+ sprintf(tmp, "%d%c", drops, SP_DROPS);
+ write(1, tmp, strlen(tmp));
+}
+
+static void
+sync_pipe_packet_count_to_parent(int packet_count)
+{
+ char tmp[SP_DECISIZE+1+1];
+ sprintf(tmp, "%d%c", packet_count, SP_PACKET_COUNT);
+ write(1, tmp, strlen(tmp));
+}
+
+static void
+sync_pipe_capstart_to_parent(void)
+{
+ static const char capstart_msg = SP_CAPSTART;
+
+ write(1, &capstart_msg, 1);
+}
+
#ifndef _WIN32
static char *
-signame(int sig)
+sync_pipe_signame(int sig)
{
char *sigmsg;
static char sigmsg_buf[6+1+3+1];
}
#endif
+
+
+
+
+
+static gboolean
+normal_do_capture(gboolean is_tempfile)
+{
+ int capture_succeeded;
+ gboolean stats_known;
+ struct pcap_stat stats;
+ int err;
+
+ /* Not sync mode. */
+ capture_succeeded = capture(&stats_known, &stats);
+ if (quit_after_cap) {
+ /* DON'T unlink the save file. Presumably someone wants it. */
+ main_window_exit();
+ }
+ if (!capture_succeeded) {
+ /* We didn't succeed in doing the capture, so we don't have a save
+ file. */
+ if (capture_opts.multi_files_on) {
+ ringbuf_free();
+ } else {
+ g_free(cfile.save_file);
+ }
+ cfile.save_file = NULL;
+ return FALSE;
+ }
+ /* Capture succeeded; attempt to read in the capture file. */
+ if ((err = cf_open(cfile.save_file, is_tempfile, &cfile)) != 0) {
+ /* We're not doing a capture any more, so we don't have a save
+ file. */
+ if (capture_opts.multi_files_on) {
+ ringbuf_free();
+ } else {
+ g_free(cfile.save_file);
+ }
+ cfile.save_file = NULL;
+ return FALSE;
+ }
+
+ /* Set the read filter to NULL. */
+ cfile.rfcode = NULL;
+
+ /* Get the packet-drop statistics.
+
+ XXX - there are currently no packet-drop statistics stored
+ in libpcap captures, and that's what we're reading.
+
+ At some point, we will add support in Wiretap to return
+ packet-drop statistics for capture file formats that store it,
+ and will make "cf_read()" get those statistics from Wiretap.
+ We clear the statistics (marking them as "not known") in
+ "cf_open()", and "cf_read()" will only fetch them and mark
+ them as known if Wiretap supplies them, so if we get the
+ statistics now, after calling "cf_open()" but before calling
+ "cf_read()", the values we store will be used by "cf_read()".
+
+ If a future libpcap capture file format stores the statistics,
+ we'll put them into the capture file that we write, and will
+ thus not have to set them here - "cf_read()" will get them from
+ the file and use them. */
+ if (stats_known) {
+ cfile.drops_known = TRUE;
+
+ /* XXX - on some systems, libpcap doesn't bother filling in
+ "ps_ifdrop" - it doesn't even set it to zero - so we don't
+ bother looking at it.
+
+ Ideally, libpcap would have an interface that gave us
+ several statistics - perhaps including various interface
+ error statistics - and would tell us which of them it
+ supplies, allowing us to display only the ones it does. */
+ cfile.drops = stats.ps_drop;
+ }
+ switch (cf_read(&cfile)) {
+
+ case READ_SUCCESS:
+ case READ_ERROR:
+ /* Just because we got an error, that doesn't mean we were unable
+ to read any of the file; we handle what we could get from the
+ file. */
+ break;
+
+ case READ_ABORTED:
+ /* Exit by leaving the main loop, so that any quit functions
+ we registered get called. */
+ main_window_nested_quit();
+ return FALSE;
+ }
+
+ /* We're not doing a capture any more, so we don't have a save
+ file. */
+ if (capture_opts.multi_files_on) {
+ ringbuf_free();
+ } else {
+ g_free(cfile.save_file);
+ }
+ cfile.save_file = NULL;
+
+ /* if we didn't captured even a single packet, close the file again */
+ if(cfile.count == 0) {
+ simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
+ "%sNo packets captured!%s\n\n"
+ "As no data was captured, closing the %scapture file!",
+ simple_dialog_primary_start(), simple_dialog_primary_end(),
+ (cfile.is_tempfile) ? "temporary " : "");
+ cf_close(&cfile);
+ }
+ return TRUE;
+}
+
/*
* Timeout, in milliseconds, for reads from the stream of captured packets.
*/
/* Take care of byte order in the libpcap headers read from pipes.
* (function taken from wiretap/libpcap.c) */
static void
-adjust_header(loop_data *ld, struct pcap_hdr *hdr, struct pcaprec_hdr *rechdr)
+cap_pipe_adjust_header(loop_data *ld, struct pcap_hdr *hdr, struct pcaprec_hdr *rechdr)
{
if (ld->byte_swapped) {
/* Byte-swap the record header fields. */
* N.B. : we can't read the libpcap formats used in RedHat 6.1 or SuSE 6.3
* because we can't seek on pipes (see wiretap/libpcap.c for details) */
static int
-pipe_open_live(char *pipename, struct pcap_hdr *hdr, loop_data *ld,
+cap_pipe_open_live(char *pipename, struct pcap_hdr *hdr, loop_data *ld,
char *errmsg, int errmsgl)
{
struct stat pipe_stat;
else {
if (stat(pipename, &pipe_stat) < 0) {
if (errno == ENOENT || errno == ENOTDIR)
- ld->pipe_err = PIPNEXIST;
+ ld->cap_pipe_err = PIPNEXIST;
else {
snprintf(errmsg, errmsgl,
"The capture session could not be initiated "
"due to error on pipe: %s", strerror(errno));
- ld->pipe_err = PIPERR;
+ ld->cap_pipe_err = PIPERR;
}
return -1;
}
* Assume the user specified an interface on a system where
* interfaces are in /dev. Pretend we haven't seen it.
*/
- ld->pipe_err = PIPNEXIST;
+ ld->cap_pipe_err = PIPNEXIST;
} else {
snprintf(errmsg, errmsgl,
"The capture session could not be initiated because\n"
"\"%s\" is neither an interface nor a pipe", pipename);
- ld->pipe_err = PIPERR;
+ ld->cap_pipe_err = PIPERR;
}
return -1;
}
snprintf(errmsg, errmsgl,
"The capture session could not be initiated "
"due to error on pipe open: %s", strerror(errno));
- ld->pipe_err = PIPERR;
+ ld->cap_pipe_err = PIPERR;
return -1;
}
}
- ld->from_pipe = TRUE;
+ ld->from_cap_pipe = TRUE;
/* read the pcap header */
FD_ZERO(&rfds);
goto error;
}
- ld->pipe_state = STATE_EXPECT_REC_HDR;
- ld->pipe_err = PIPOK;
+ ld->cap_pipe_state = STATE_EXPECT_REC_HDR;
+ ld->cap_pipe_err = PIPOK;
return fd;
error:
- ld->pipe_err = PIPERR;
+ ld->cap_pipe_err = PIPERR;
close(fd);
return -1;
* header, write the record in the capture file, and update capture statistics. */
static int
-pipe_dispatch(int fd, loop_data *ld, struct pcap_hdr *hdr,
+cap_pipe_dispatch(int fd, loop_data *ld, struct pcap_hdr *hdr,
struct pcaprec_modified_hdr *rechdr, guchar *data,
char *errmsg, int errmsgl)
{
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
PD_ERR } result;
- switch (ld->pipe_state) {
+ switch (ld->cap_pipe_state) {
case STATE_EXPECT_REC_HDR:
ld->bytes_to_read = ld->modified ?
sizeof(struct pcaprec_modified_hdr) : sizeof(struct pcaprec_hdr);
ld->bytes_read = 0;
- ld->pipe_state = STATE_READ_REC_HDR;
+ ld->cap_pipe_state = STATE_READ_REC_HDR;
/* Fall through */
case STATE_READ_REC_HDR:
case STATE_EXPECT_DATA:
ld->bytes_read = 0;
- ld->pipe_state = STATE_READ_DATA;
+ ld->cap_pipe_state = STATE_READ_DATA;
/* Fall through */
case STATE_READ_DATA:
break;
default:
- snprintf(errmsg, errmsgl, "pipe_dispatch: invalid state");
+ snprintf(errmsg, errmsgl, "cap_pipe_dispatch: invalid state");
result = PD_ERR;
- } /* switch (ld->pipe_state) */
+ } /* switch (ld->cap_pipe_state) */
/*
* We've now read as much data as we were expecting, so process it.
case PD_REC_HDR_READ:
/* We've read the header. Take care of byte order. */
- adjust_header(ld, hdr, &rechdr->hdr);
+ cap_pipe_adjust_header(ld, hdr, &rechdr->hdr);
if (rechdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)",
ld->counts.total+1, rechdr->hdr.incl_len);
break;
}
- ld->pipe_state = STATE_EXPECT_DATA;
+ ld->cap_pipe_state = STATE_EXPECT_DATA;
return 0;
case PD_DATA_READ:
capture_pcap_cb((guchar *)ld, &phdr, data);
- ld->pipe_state = STATE_EXPECT_REC_HDR;
+ ld->cap_pipe_state = STATE_EXPECT_REC_HDR;
return 1;
case PD_PIPE_EOF:
- ld->pipe_err = PIPEOF;
+ ld->cap_pipe_err = PIPEOF;
return -1;
case PD_PIPE_ERR:
break;
}
- ld->pipe_err = PIPERR;
+ ld->cap_pipe_err = PIPERR;
/* Return here rather than inside the switch to prevent GCC warning */
return -1;
}
-#endif
+#endif /* not _WIN32 */
/*
* This needs to be static, so that the SIGUSR1 handler can clear the "go"
time_t upd_time, cur_time;
time_t start_time;
int err, inpkts;
- condition *cnd_stop_capturesize = NULL;
- condition *cnd_stop_timeout = NULL;
- condition *cnd_ring_timeout = NULL;
- static const char capstart_msg = SP_CAPSTART;
+ condition *cnd_file_duration = NULL;
+ condition *cnd_autostop_files = NULL;
+ condition *cnd_autostop_size = NULL;
+ condition *cnd_autostop_duration = NULL;
+ guint32 autostop_files = 0;
char errmsg[4096+1];
gboolean write_ok;
gboolean close_ok;
#ifdef MUST_DO_SELECT
int pcap_fd = 0;
#endif
-
-/* Size of buffer to hold decimal representation of
- signed/unsigned 64-bit int */
-#define DECISIZE 20
+ gboolean show_info = capture_opts.show_info || !capture_opts.sync_mode;
/* Initialize Windows Socket if we are in a WIN32 OS
This needs to be done before querying the interface for network/netmask */
ld.go = TRUE;
ld.counts.total = 0;
- if (capture_opts.has_autostop_count)
- ld.max = capture_opts.autostop_count;
+ if (capture_opts.has_autostop_packets)
+ ld.max = capture_opts.autostop_packets;
else
ld.max = 0; /* no limit */
ld.err = 0; /* no error seen yet */
ld.linktype = WTAP_ENCAP_UNKNOWN;
ld.pcap_err = FALSE;
- ld.from_pipe = FALSE;
+ ld.from_cap_pipe = FALSE;
ld.sync_packets = 0;
ld.counts.sctp = 0;
ld.counts.tcp = 0;
open_err_str);
if (pch != NULL) {
+#ifdef _WIN32
+ /* try to set the capture buffer size */
+ if (pcap_setbuff(pch, capture_opts.buffer_size * 1024 * 1024) != 0) {
+ simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
+ "%sCouldn't set the capture buffer size!%s\n"
+ "\n"
+ "The capture buffer size of %luMB seems to be too high for your machine,\n"
+ "the default of 1MB will be used.\n"
+ "\n"
+ "Nonetheless, the capture is started.\n",
+ simple_dialog_primary_start(), simple_dialog_primary_end(), capture_opts.buffer_size);
+ }
+#endif
+
/* setting the data link type only works on real interfaces */
if (capture_opts.linktype != -1) {
set_linktype_err_str = set_pcap_linktype(pch, cfile.iface,
goto error;
#else
/* try to open cfile.iface as a pipe */
- pipe_fd = pipe_open_live(cfile.iface, &hdr, &ld, errmsg, sizeof errmsg);
+ pipe_fd = cap_pipe_open_live(cfile.iface, &hdr, &ld, errmsg, sizeof errmsg);
if (pipe_fd == -1) {
main_window_update();
}
- if (ld.pipe_err == PIPNEXIST) {
+ if (ld.cap_pipe_err == PIPNEXIST) {
/* Pipe doesn't exist, so output message for interface */
/* If we got a "can't find PPA for XXX" message, warn the user (who
libpcap_warn);
}
/*
- * Else pipe (or file) does exist and pipe_open_live() has
+ * Else pipe (or file) does exist and cap_pipe_open_live() has
* filled in errmsg
*/
goto error;
} else
- /* pipe_open_live() succeeded; don't want
+ /* cap_pipe_open_live() succeeded; don't want
error message from pcap_open_live() */
open_err_str[0] = '\0';
#endif
}
/* capture filters only work on real interfaces */
- if (cfile.cfilter && !ld.from_pipe) {
+ if (cfile.cfilter && !ld.from_cap_pipe) {
/* A capture filter was specified; set it up. */
if (pcap_lookupnet(cfile.iface, &netnum, &netmask, lookup_net_err_str) < 0) {
/*
}
if (pcap_compile(pch, &fcode, cfile.cfilter, 1, netmask) < 0) {
dfilter_t *rfcode = NULL;
- if (dfilter_compile(cfile.cfilter, &rfcode)) {
+ /* filter string invalid, did the user tried a display filter? */
+ if (dfilter_compile(cfile.cfilter, &rfcode) && rfcode != NULL) {
snprintf(errmsg, sizeof errmsg,
- "Unable to parse capture filter string (%s).\n"
- " Interestingly enough, this looks like a valid display filter\n"
- " Are you sure you didn't mix them up?",
+ "%sInvalid capture filter: \"%s\"!%s\n"
+ "\n"
+ "That string looks like a valid display filter; however, it is not a valid\n"
+ "capture filter (%s).\n"
+ "\n"
+ "Note that display filters and capture filters don't have the same syntax,\n"
+ "so you can't use most display filter expressions as capture filters.\n"
+ "\n"
+ "See the help for a description of the capture filter syntax.",
+ simple_dialog_primary_start(), cfile.cfilter, simple_dialog_primary_end(),
pcap_geterr(pch));
dfilter_free(rfcode);
} else {
snprintf(errmsg, sizeof errmsg,
- "Unable to parse capture filter string (%s).",
+ "%sInvalid capture filter: \"%s\"!%s\n"
+ "\n"
+ "That string is not a valid capture filter (%s).\n"
+ "See the help for a description of the capture filter syntax.",
+ simple_dialog_primary_start(), cfile.cfilter, simple_dialog_primary_end(),
pcap_geterr(pch));
}
goto error;
/* Set up to write to the capture file. */
#ifndef _WIN32
- if (ld.from_pipe) {
+ if (ld.from_cap_pipe) {
pcap_encap = hdr.network;
file_snaplen = hdr.snaplen;
} else
" that Ethereal doesn't support (data link type %d).", pcap_encap);
goto error;
}
- if (capture_opts.ringbuffer_on) {
+ if (capture_opts.multi_files_on) {
ld.pdh = ringbuf_init_wtap_dump_fdopen(WTAP_FILE_PCAP, ld.linktype,
file_snaplen, &err);
} else {
update its windows to indicate that we have a live capture in
progress. */
fflush(wtap_dump_file(ld.pdh));
- write(1, &capstart_msg, 1);
+ sync_pipe_capstart_to_parent();
}
/* start capture info dialog */
- capture_ui.callback_data = &ld;
- capture_ui.counts = &ld.counts;
- capture_info_create(&capture_ui);
+ if(show_info) {
+ capture_ui.callback_data = &ld;
+ capture_ui.counts = &ld.counts;
+ capture_info_create(&capture_ui, cfile.iface);
+ }
start_time = time(NULL);
upd_time = time(NULL);
#ifdef MUST_DO_SELECT
- if (!ld.from_pipe) pcap_fd = pcap_fileno(pch);
+ if (!ld.from_cap_pipe) pcap_fd = pcap_fileno(pch);
#endif
#ifndef _WIN32
* kills us with it due to the user selecting "Capture->Stop".
*/
if (capture_child)
- signal(SIGUSR1, stop_capture);
+ signal(SIGUSR1, stop_capture_signal_handler);
#endif
+
/* initialize capture stop conditions */
init_capture_stop_conditions();
/* create stop conditions */
if (capture_opts.has_autostop_filesize)
- cnd_stop_capturesize =
- cnd_new(CND_CLASS_CAPTURESIZE,(long)capture_opts.autostop_filesize * 1000);
+ cnd_autostop_size =
+ cnd_new(CND_CLASS_CAPTURESIZE,(long)capture_opts.autostop_filesize);
if (capture_opts.has_autostop_duration)
- cnd_stop_timeout =
+ cnd_autostop_duration =
cnd_new(CND_CLASS_TIMEOUT,(gint32)capture_opts.autostop_duration);
- if (capture_opts.ringbuffer_on && capture_opts.has_ring_duration)
- cnd_ring_timeout =
- cnd_new(CND_CLASS_TIMEOUT, capture_opts.ringbuffer_duration);
+ if (capture_opts.multi_files_on) {
+ if (capture_opts.has_file_duration)
+ cnd_file_duration =
+ cnd_new(CND_CLASS_TIMEOUT, capture_opts.file_duration);
+ if (capture_opts.has_autostop_files)
+ cnd_autostop_files =
+ cnd_new(CND_CLASS_CAPTURESIZE, capture_opts.autostop_files);
+ }
/* WOW, everything is prepared! */
/* please fasten your seat belts, we will enter now the actual capture loop */
main_window_update();
#ifndef _WIN32
- if (ld.from_pipe) {
+ if (ld.from_cap_pipe) {
FD_ZERO(&set1);
FD_SET(pipe_fd, &set1);
timeout.tv_sec = 0;
/*
* "select()" says we can read from the pipe without blocking
*/
- inpkts = pipe_dispatch(pipe_fd, &ld, &hdr, &rechdr, pcap_data,
+ inpkts = cap_pipe_dispatch(pipe_fd, &ld, &hdr, &rechdr, pcap_data,
errmsg, sizeof errmsg);
if (inpkts < 0) {
ld.go = FALSE;
}
}
else
-#endif
+#endif /* _WIN32 */
{
#ifdef MUST_DO_SELECT
/*
ld.pcap_err = TRUE;
ld.go = FALSE;
}
-#endif
+#endif /* MUST_DO_SELECT */
}
if (inpkts > 0) {
ld.sync_packets += inpkts;
- /* check capture stop conditons */
- if (cnd_stop_capturesize != NULL && cnd_eval(cnd_stop_capturesize,
+
+ /* check capture size condition */
+ if (cnd_autostop_size != NULL && cnd_eval(cnd_autostop_size,
(guint32)wtap_get_bytes_dumped(ld.pdh))){
- /* Capture file reached its maximum size. */
- if (capture_opts.ringbuffer_on) {
+ /* Capture size limit reached, do we have another file? */
+ if (capture_opts.multi_files_on) {
+ if (cnd_autostop_files != NULL && cnd_eval(cnd_autostop_files, ++autostop_files)) {
+ /* no files left: stop here */
+ ld.go = FALSE;
+ continue;
+ }
+
/* Switch to the next ringbuffer file */
if (ringbuf_switch_file(&cfile, &ld.pdh, &ld.err)) {
- /* File switch succeeded: reset the condition */
- cnd_reset(cnd_stop_capturesize);
- if (cnd_ring_timeout) {
- cnd_reset(cnd_ring_timeout);
- }
+ /* File switch succeeded: reset the conditions */
+ cnd_reset(cnd_autostop_size);
+ if (cnd_file_duration) {
+ cnd_reset(cnd_file_duration);
+ }
} else {
/* File switch failed: stop here */
ld.go = FALSE;
continue;
}
} else {
- /* no ringbuffer - just stop */
+ /* single file, stop now */
ld.go = FALSE;
+ continue;
}
- }
+ } /* cnd_autostop_size */
}
/* Only update once a second so as not to overload slow displays */
/* Let the parent process know. */
/* calculate and display running time */
- cur_time -= start_time;
- capture_ui.running_time = cur_time;
- capture_ui.new_packets = ld.sync_packets;
- capture_info_update(&capture_ui);
+ if(show_info) {
+ cur_time -= start_time;
+ capture_ui.running_time = cur_time;
+ capture_ui.new_packets = ld.sync_packets;
+ capture_info_update(&capture_ui);
+ }
if (ld.sync_packets) {
/* do sync here */
/* This is the child process for a sync mode capture, so send
our parent a message saying we've written out "ld.sync_packets"
packets to the capture file. */
- char tmp[DECISIZE+1+1];
- sprintf(tmp, "%d%c", ld.sync_packets, SP_PACKET_COUNT);
- write(1, tmp, strlen(tmp));
+ sync_pipe_packet_count_to_parent(ld.sync_packets);
}
- ld.sync_packets = 0;
-
+ ld.sync_packets = 0;
}
- if (cnd_stop_timeout != NULL && cnd_eval(cnd_stop_timeout)) {
- /* The specified capture time has elapsed; stop the capture. */
+ /* check capture duration condition */
+ if (cnd_autostop_duration != NULL && cnd_eval(cnd_autostop_duration)) {
+ /* The maximum capture time has elapsed; stop the capture. */
ld.go = FALSE;
- } else if (cnd_ring_timeout != NULL && cnd_eval(cnd_ring_timeout)) {
- /* time elasped for this ring file, swith to the next */
- if (ringbuf_switch_file(&cfile, &ld.pdh, &ld.err)) {
- /* File switch succeeded: reset the condition */
- cnd_reset(cnd_ring_timeout);
- } else {
- /* File switch failed: stop here */
- ld.go = FALSE;
- }
+ continue;
}
+
+ /* check capture file duration condition */
+ if (cnd_file_duration != NULL && cnd_eval(cnd_file_duration)) {
+ /* duration limit reached, do we have another file? */
+ if (capture_opts.multi_files_on) {
+ if (cnd_autostop_files != NULL && cnd_eval(cnd_autostop_files, ++autostop_files)) {
+ /* no files left: stop here */
+ ld.go = FALSE;
+ continue;
+ }
+
+ /* Switch to the next ringbuffer file */
+ if (ringbuf_switch_file(&cfile, &ld.pdh, &ld.err)) {
+ /* file switch succeeded: reset the conditions */
+ cnd_reset(cnd_file_duration);
+ if(cnd_autostop_size)
+ cnd_reset(cnd_autostop_size);
+ } else {
+ /* File switch failed: stop here */
+ ld.go = FALSE;
+ continue;
+ }
+ } else {
+ /* single file, stop now */
+ ld.go = FALSE;
+ continue;
+ }
+ } /* cnd_file_duration */
}
} /* while (ld.go) */
/* delete stop conditions */
- if (cnd_stop_capturesize != NULL)
- cnd_delete(cnd_stop_capturesize);
- if (cnd_stop_timeout != NULL)
- cnd_delete(cnd_stop_timeout);
- if (cnd_ring_timeout != NULL)
- cnd_delete(cnd_ring_timeout);
+ if (cnd_file_duration != NULL)
+ cnd_delete(cnd_file_duration);
+ if (cnd_autostop_files != NULL)
+ cnd_delete(cnd_autostop_files);
+ if (cnd_autostop_size != NULL)
+ cnd_delete(cnd_autostop_size);
+ if (cnd_autostop_duration != NULL)
+ cnd_delete(cnd_autostop_duration);
if (ld.pcap_err) {
snprintf(errmsg, sizeof(errmsg), "Error while capturing packets: %s",
#ifdef _WIN32
}
#else
- } else if (ld.from_pipe && ld.pipe_err == PIPERR)
+ } else if (ld.from_cap_pipe && ld.cap_pipe_err == PIPERR)
popup_errmsg(errmsg);
#endif
write_ok = FALSE;
}
- if (capture_opts.ringbuffer_on) {
+ if (capture_opts.multi_files_on) {
close_ok = ringbuf_wtap_dump_close(&cfile, &err);
} else {
close_ok = wtap_dump_close(ld.pdh, &err);
* XXX We exhibit different behaviour between normal mode and sync mode
* when the pipe is stdin and not already at EOF. If we're a child, the
* parent's stdin isn't closed, so if the user starts another capture,
- * pipe_open_live() will very likely not see the expected magic bytes and
+ * cap_pipe_open_live() will very likely not see the expected magic bytes and
* will say "Unrecognized libpcap format". On the other hand, in normal
- * mode, pipe_open_live() will say "End of file on pipe during open".
+ * mode, cap_pipe_open_live() will say "End of file on pipe during open".
*/
- if (ld.from_pipe && pipe_fd >= 0)
+ if (ld.from_cap_pipe && pipe_fd >= 0)
close(pipe_fd);
else
#endif
*stats_known = TRUE;
if (capture_child) {
/* Let the parent process know. */
- char tmp[DECISIZE+1+1];
- sprintf(tmp, "%d%c", stats->ps_drop, SP_DROPS);
- write(1, tmp, strlen(tmp));
+ sync_pipe_drops_to_parent(stats->ps_drop);
}
} else {
snprintf(errmsg, sizeof(errmsg),
WSACleanup();
#endif
- capture_info_destroy(&capture_ui);
+ if(show_info) {
+ capture_info_destroy(&capture_ui);
+ }
return write_ok;
error:
- if (capture_opts.ringbuffer_on) {
+ if (capture_opts.multi_files_on) {
/* cleanup ringbuffer */
ringbuf_error_cleanup();
} else {
popup_errmsg(errmsg);
#ifndef _WIN32
- if (ld.from_pipe) {
+ if (ld.from_cap_pipe) {
if (pipe_fd >= 0)
close(pipe_fd);
} else
/* This is the child process for a sync mode capture.
Send the error message to our parent, so they can display a
dialog box containing it. */
- send_errmsg_to_parent(errmsg);
+ sync_pipe_errmsg_to_parent(errmsg);
} else {
/* Display the dialog box ourselves; there's no parent. */
- simple_dialog(ESD_TYPE_CRIT, NULL, "%s", errmsg);
+ simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", errmsg);
}
}
static void
-send_errmsg_to_parent(const char *errmsg)
-{
- int msglen = strlen(errmsg);
- char lenbuf[DECISIZE+1+1];
-
- sprintf(lenbuf, "%u%c", msglen, SP_ERROR_MSG);
- write(1, lenbuf, strlen(lenbuf));
- write(1, errmsg, msglen);
-}
-
-static void
-stop_capture(int signo _U_)
+stop_capture_signal_handler(int signo _U_)
{
ld.go = FALSE;
}
-void capture_ui_stop_callback(
-gpointer callback_data)
-{
- loop_data *ld = (loop_data *) callback_data;
-
- ld->go = FALSE;
-}
-
void
capture_stop(void)
{
+ if (fork_child != -1) {
#ifndef _WIN32
- if (fork_child != -1)
kill(fork_child, SIGUSR1);
#else
- if (fork_child != -1) {
/* XXX: this is not the preferred method of closing a process!
* the clean way would be getting the process id of the child process,
* then getting window handle hWnd of that process (using EnumChildWindows),
* running in the same console, I don't know if that is true for our case.
* And this also will require to have the process id
*/
- TerminateProcess((HANDLE) child_process, 0);
- }
+ TerminateProcess((HANDLE) fork_child, 0);
#endif
+ } else {
+ ld.go = FALSE;
+ }
}
void
kill_capture_child(void)
{
-#ifndef _WIN32
if (fork_child != -1)
- kill(fork_child, SIGTERM); /* SIGTERM so it can clean up if necessary */
+#ifndef _WIN32
+ kill(fork_child, SIGTERM); /* SIGTERM so it can clean up if necessary */
#else
- capture_stop();
+ /* XXX: this is not the preferred method of closing a process!
+ * the clean way would be getting the process id of the child process,
+ * then getting window handle hWnd of that process (using EnumChildWindows),
+ * and then do a SendMessage(hWnd, WM_CLOSE, 0, 0)
+ *
+ * Unfortunately, I don't know how to get the process id from the handle */
+ /* Hint: OpenProcess will get an handle from the id, not vice versa :-(
+ *
+ * Hint: GenerateConsoleCtrlEvent() will only work, if both processes are
+ * running in the same console, I don't know if that is true for our case.
+ * And this also will require to have the process id
+ */
+ TerminateProcess((HANDLE) fork_child, 0);
#endif
}
+/* one packet was captured, process it */
static void
capture_pcap_cb(guchar *user, const struct pcap_pkthdr *phdr,
const guchar *pd)
loop_data *ld = (loop_data *) user;
int err;
+ /* user told us to stop after x packets, do we have enough? */
if ((++ld->counts.total >= ld->max) && (ld->max > 0))
{
ld->go = FALSE;
case WTAP_ENCAP_ARCNET_LINUX:
capture_arcnet(pd, whdr.caplen, &ld->counts, TRUE, FALSE);
break;
+ case WTAP_ENCAP_APPLE_IP_OVER_IEEE1394:
+ capture_ap1394(pd, 0, whdr.caplen, &ld->counts);
+ break;
/* XXX - some ATM drivers on FreeBSD might prepend a 4-byte ATM
pseudo-header to DLT_ATM_RFC1483, with LLC header following;
we might have to implement that at some point. */