/** @file
*
- * Capture loop (internal interface).
+ * Capture loop (internal interface).
+ *
+ * It will open the input and output files, capture the packets,
+ * change ringbuffer output files while capturing and close all files again.
+ *
+ * The input file can be a network interface or capture pipe (unix only).
+ * The output file can be a single or a ringbuffer file handled by wiretap.
*
*/
#ifdef HAVE_LIBPCAP
-#include <pcap.h>
+#include <string.h>
-#include <glib.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
#include <signal.h>
#include <errno.h>
+#include <pcap.h>
+
+#include <glib.h>
+
#include <epan/packet.h>
#include "capture.h"
#include "capture_sync.h"
#include "pcap-util.h"
#include "simple_dialog.h"
-#include "globals.h"
#include "conditions.h"
#include "capture_stop_conditions.h"
#include "ringbuffer.h"
+#include "wiretap/libpcap.h"
#include "wiretap/wtap.h"
#include "wiretap/wtap-capture.h"
/* XXX - try to remove this later */
#include "ui_util.h"
/* XXX - try to remove this later */
+#include "util.h"
+#include "alert_box.h"
+#include "log.h"
+#include "file_util.h"
#include <epan/dissectors/packet-ap1394.h>
#include <epan/dissectors/packet-clip.h>
#include <epan/dissectors/packet-eth.h>
#include <epan/dissectors/packet-fddi.h>
+#include <epan/dissectors/packet-fr.h>
#include <epan/dissectors/packet-null.h>
#include <epan/dissectors/packet-ppp.h>
#include <epan/dissectors/packet-raw.h>
-
/*
* We don't want to do a "select()" on the pcap_t's file descriptor on
* BSD (because "select()" doesn't work correctly on BPF devices on at
typedef struct _loop_data {
- gboolean go; /* TRUE as long as we're supposed to keep capturing */
- gint max; /* Number of packets we're supposed to capture - 0 means infinite */
- int err; /* if non-zero, error seen while capturing */
- gint linktype;
- gint sync_packets;
- gboolean pcap_err; /* TRUE if error from pcap */
- gboolean from_cap_pipe;/* TRUE if we are capturing data from a pipe */
- packet_counts counts;
- wtap_dumper *pdh;
+ /* common */
+ gboolean go; /* TRUE as long as we're supposed to keep capturing */
+ int err; /* if non-zero, error seen while capturing */
+ gint packets_max; /* Number of packets we're supposed to capture - 0 means infinite */
+ gint packets_sync_pipe; /* packets not already send out to the sync_pipe */
+ packet_counts counts; /* several packet type counters */
+
+ /* pcap "input file" */
+ pcap_t *pcap_h; /* pcap handle */
+ gboolean pcap_err; /* TRUE if error from pcap */
+#ifdef MUST_DO_SELECT
+ int pcap_fd; /* pcap file descriptor */
+#endif
+
+ /* capture pipe (unix only "input file") */
+ gboolean from_cap_pipe; /* TRUE if we are capturing data from a capture pipe */
#ifndef _WIN32
- gboolean modified; /* TRUE if data in the pipe uses modified pcap headers */
- gboolean byte_swapped; /* TRUE if data in the pipe is byte swapped */
- unsigned int bytes_to_read, bytes_read; /* Used by cap_pipe_dispatch */
+ struct pcap_hdr cap_pipe_hdr;
+ struct pcaprec_modified_hdr cap_pipe_rechdr;
+ int cap_pipe_fd; /* the file descriptor of the capture pipe */
+ gboolean cap_pipe_modified; /* TRUE if data in the pipe uses modified pcap headers */
+ gboolean cap_pipe_byte_swapped; /* TRUE if data in the pipe is byte swapped */
+ unsigned int cap_pipe_bytes_to_read;/* Used by cap_pipe_dispatch */
+ unsigned int cap_pipe_bytes_read; /* Used by cap_pipe_dispatch */
enum {
- STATE_EXPECT_REC_HDR, STATE_READ_REC_HDR,
- STATE_EXPECT_DATA, STATE_READ_DATA
+ STATE_EXPECT_REC_HDR,
+ STATE_READ_REC_HDR,
+ STATE_EXPECT_DATA,
+ STATE_READ_DATA
} cap_pipe_state;
enum { PIPOK, PIPEOF, PIPERR, PIPNEXIST } cap_pipe_err;
#endif
+
+ /* wiretap (output file) */
+ wtap_dumper *wtap_pdh;
+ gint wtap_linktype;
+
} loop_data;
*/
#define CAP_READ_TIMEOUT 250
-static void capture_pcap_cb(guchar *, const struct pcap_pkthdr *,
- const guchar *);
-static void popup_errmsg(const char *);
-static void get_capture_file_io_error(char *, int, const char *, int, gboolean);
+static void capture_loop_packet_cb(u_char *user, const struct pcap_pkthdr *phdr,
+ const u_char *pd);
+static void capture_loop_popup_errmsg(capture_options *capture_opts, const char *errmsg);
+static void capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
+ int err, gboolean is_close);
static void
cap_pipe_adjust_header(loop_data *ld, struct pcap_hdr *hdr, struct pcaprec_hdr *rechdr)
{
- if (ld->byte_swapped) {
+ if (ld->cap_pipe_byte_swapped) {
/* Byte-swap the record header fields. */
rechdr->ts_sec = BSWAP32(rechdr->ts_sec);
rechdr->ts_usec = BSWAP32(rechdr->ts_usec);
fd_set rfds;
struct timeval timeout;
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: %s", pipename);
+
/*
* XXX Ethereal blocks until we return
*/
if (strcmp(pipename, "-") == 0)
fd = 0; /* read from stdin */
else {
- if (stat(pipename, &pipe_stat) < 0) {
+ if (eth_stat(pipename, &pipe_stat) < 0) {
if (errno == ENOENT || errno == ENOTDIR)
ld->cap_pipe_err = PIPNEXIST;
else {
}
return -1;
}
- fd = open(pipename, O_RDONLY | O_NONBLOCK);
+ fd = eth _open(pipename, O_RDONLY | O_NONBLOCK, 0000 /* no creation so don't matter */);
if (fd == -1) {
g_snprintf(errmsg, errmsgl,
"The capture session could not be initiated "
case PCAP_MAGIC:
/* Host that wrote it has our byte order, and was running
a program using either standard or ss990417 libpcap. */
- ld->byte_swapped = FALSE;
- ld->modified = FALSE;
+ ld->cap_pipe_byte_swapped = FALSE;
+ ld->cap_pipe_modified = FALSE;
break;
case PCAP_MODIFIED_MAGIC:
/* Host that wrote it has our byte order, but was running
a program using either ss990915 or ss991029 libpcap. */
- ld->byte_swapped = FALSE;
- ld->modified = TRUE;
+ ld->cap_pipe_byte_swapped = FALSE;
+ ld->cap_pipe_modified = TRUE;
break;
case PCAP_SWAPPED_MAGIC:
/* Host that wrote it has a byte order opposite to ours,
and was running a program using either standard or
ss990417 libpcap. */
- ld->byte_swapped = TRUE;
- ld->modified = FALSE;
+ ld->cap_pipe_byte_swapped = TRUE;
+ ld->cap_pipe_modified = FALSE;
break;
case PCAP_SWAPPED_MODIFIED_MAGIC:
/* Host that wrote it out has a byte order opposite to
ours, and was running a program using either ss990915
or ss991029 libpcap. */
- ld->byte_swapped = TRUE;
- ld->modified = TRUE;
+ ld->cap_pipe_byte_swapped = TRUE;
+ ld->cap_pipe_modified = TRUE;
break;
default:
/* Not a "libpcap" type we know about. */
}
}
- if (ld->byte_swapped) {
+ if (ld->cap_pipe_byte_swapped) {
/* Byte-swap the header fields about which we care. */
hdr->version_major = BSWAP16(hdr->version_major);
hdr->version_minor = BSWAP16(hdr->version_minor);
return fd;
error:
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: error %s", errmsg);
ld->cap_pipe_err = PIPERR;
- close(fd);
+ eth_close(fd);
return -1;
}
-/* We read one record from the pipe, take care of byte order in the record
- * header, write the record in the capture file, and update capture statistics. */
+/* We read one record from the pipe, take care of byte order in the record
+ * header, write the record to the capture file, and update capture statistics. */
static int
cap_pipe_dispatch(int fd, loop_data *ld, struct pcap_hdr *hdr,
struct pcaprec_modified_hdr *rechdr, guchar *data,
enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
PD_ERR } result;
+
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_dispatch");
+#endif
+
switch (ld->cap_pipe_state) {
case STATE_EXPECT_REC_HDR:
- ld->bytes_to_read = ld->modified ?
+ ld->cap_pipe_bytes_to_read = ld->cap_pipe_modified ?
sizeof(struct pcaprec_modified_hdr) : sizeof(struct pcaprec_hdr);
- ld->bytes_read = 0;
+ ld->cap_pipe_bytes_read = 0;
ld->cap_pipe_state = STATE_READ_REC_HDR;
/* Fall through */
case STATE_READ_REC_HDR:
- b = read(fd, ((char *)rechdr)+ld->bytes_read,
- ld->bytes_to_read - ld->bytes_read);
+ b = read(fd, ((char *)rechdr)+ld->cap_pipe_bytes_read,
+ ld->cap_pipe_bytes_to_read - ld->cap_pipe_bytes_read);
if (b <= 0) {
if (b == 0)
result = PD_PIPE_EOF;
result = PD_PIPE_ERR;
break;
}
- if ((ld->bytes_read += b) < ld->bytes_to_read)
+ if ((ld->cap_pipe_bytes_read += b) < ld->cap_pipe_bytes_to_read)
return 0;
result = PD_REC_HDR_READ;
break;
case STATE_EXPECT_DATA:
- ld->bytes_read = 0;
+ ld->cap_pipe_bytes_read = 0;
ld->cap_pipe_state = STATE_READ_DATA;
/* Fall through */
case STATE_READ_DATA:
- b = read(fd, data+ld->bytes_read, rechdr->hdr.incl_len - ld->bytes_read);
+ b = read(fd, data+ld->cap_pipe_bytes_read, rechdr->hdr.incl_len - ld->cap_pipe_bytes_read);
if (b <= 0) {
if (b == 0)
result = PD_PIPE_EOF;
result = PD_PIPE_ERR;
break;
}
- if ((ld->bytes_read += b) < rechdr->hdr.incl_len)
+ if ((ld->cap_pipe_bytes_read += b) < rechdr->hdr.incl_len)
return 0;
result = PD_DATA_READ;
break;
phdr.caplen = rechdr->hdr.incl_len;
phdr.len = rechdr->hdr.orig_len;
- capture_pcap_cb((guchar *)ld, &phdr, data);
+ capture_loop_packet_cb((u_char *)ld, &phdr, data);
ld->cap_pipe_state = STATE_EXPECT_REC_HDR;
return 1;
}
#endif /* not _WIN32 */
-/*
- * This needs to be static, so that the SIGUSR1 handler can clear the "go"
- * flag.
- */
-static loop_data ld;
-/* Do the low-level work of a capture.
- Returns TRUE if it succeeds, FALSE otherwise. */
-int
-capture_loop_start(gboolean *stats_known, struct pcap_stat *stats)
-{
- pcap_t *pch;
- int pcap_encap;
- int file_snaplen;
+/* open the capture input file (pcap or capture pipe) */
+static int capture_loop_open_input(capture_options *capture_opts, loop_data *ld, char *errmsg, int errmsg_len) {
gchar open_err_str[PCAP_ERRBUF_SIZE];
- gchar lookup_net_err_str[PCAP_ERRBUF_SIZE];
- bpf_u_int32 netnum, netmask;
- struct bpf_program fcode;
const char *set_linktype_err_str;
- time_t upd_time, cur_time;
- time_t start_time;
- int err, inpkts;
- condition *cnd_file_duration = NULL;
- condition *cnd_autostop_files = NULL;
- condition *cnd_autostop_size = NULL;
- condition *cnd_autostop_duration = NULL;
- guint32 autostop_files = 0;
- char errmsg[4096+1];
- gboolean write_ok;
- gboolean close_ok;
- capture_info capture_ui;
-
#ifdef _WIN32
+ int err;
WORD wVersionRequested;
WSADATA wsaData;
#else
- fd_set set1;
- struct timeval timeout;
static const char ppamsg[] = "can't find PPA for ";
- char *libpcap_warn;
- int sel_ret;
- int pipe_fd = -1;
- struct pcap_hdr hdr;
- struct pcaprec_modified_hdr rechdr;
- guchar pcap_data[WTAP_MAX_PACKET_SIZE];
-#endif
-#ifdef MUST_DO_SELECT
- int pcap_fd = 0;
+ const char *libpcap_warn;
#endif
- gboolean show_info = capture_opts.show_info || !capture_opts.sync_mode;
+
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_input : %s", capture_opts->iface);
/* Initialize Windows Socket if we are in a WIN32 OS
This needs to be done before querying the interface for network/netmask */
switch (err) {
case WSASYSNOTREADY:
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"Couldn't initialize Windows Sockets: Network system not ready for network communication");
break;
case WSAVERNOTSUPPORTED:
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"Couldn't initialize Windows Sockets: Windows Sockets version %u.%u not supported",
LOBYTE(wVersionRequested), HIBYTE(wVersionRequested));
break;
case WSAEINPROGRESS:
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"Couldn't initialize Windows Sockets: Blocking operation is in progress");
break;
case WSAEPROCLIM:
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"Couldn't initialize Windows Sockets: Limit on the number of tasks supported by this WinSock implementation has been reached");
break;
case WSAEFAULT:
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"Couldn't initialize Windows Sockets: Bad pointer passed to WSAStartup");
break;
default:
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"Couldn't initialize Windows Sockets: error %d", err);
break;
}
- pch = NULL;
- goto error;
+ return FALSE;
}
#endif
- ld.go = TRUE;
- ld.counts.total = 0;
- if (capture_opts.has_autostop_packets)
- ld.max = capture_opts.autostop_packets;
- else
- ld.max = 0; /* no limit */
- ld.err = 0; /* no error seen yet */
- ld.linktype = WTAP_ENCAP_UNKNOWN;
- ld.pcap_err = FALSE;
- ld.from_cap_pipe = FALSE;
- ld.sync_packets = 0;
- ld.counts.sctp = 0;
- ld.counts.tcp = 0;
- ld.counts.udp = 0;
- ld.counts.icmp = 0;
- ld.counts.ospf = 0;
- ld.counts.gre = 0;
- ld.counts.ipx = 0;
- ld.counts.netbios = 0;
- ld.counts.vines = 0;
- ld.counts.other = 0;
- ld.counts.arp = 0;
- ld.pdh = NULL;
-
- /* We haven't yet gotten the capture statistics. */
- *stats_known = FALSE;
-
/* Open the network interface to capture from it.
Some versions of libpcap may put warnings into the error buffer
if they succeed; to tell if that's happened, we have to clear
the error buffer, and check if it's still a null string. */
open_err_str[0] = '\0';
- pch = pcap_open_live(cfile.iface,
- capture_opts.has_snaplen ? capture_opts.snaplen :
+ ld->pcap_h = pcap_open_live(capture_opts->iface,
+ capture_opts->has_snaplen ? capture_opts->snaplen :
WTAP_MAX_PACKET_SIZE,
- capture_opts.promisc_mode, CAP_READ_TIMEOUT,
+ capture_opts->promisc_mode, CAP_READ_TIMEOUT,
open_err_str);
- if (pch != NULL) {
+ if (ld->pcap_h != NULL) {
+ /* we've opened "iface" as a network device */
#ifdef _WIN32
/* try to set the capture buffer size */
- if (pcap_setbuff(pch, capture_opts.buffer_size * 1024 * 1024) != 0) {
+ if (pcap_setbuff(ld->pcap_h, capture_opts->buffer_size * 1024 * 1024) != 0) {
simple_dialog(ESD_TYPE_INFO, ESD_BTN_OK,
"%sCouldn't set the capture buffer size!%s\n"
"\n"
"the default of 1MB will be used.\n"
"\n"
"Nonetheless, the capture is started.\n",
- simple_dialog_primary_start(), simple_dialog_primary_end(), capture_opts.buffer_size);
+ simple_dialog_primary_start(), simple_dialog_primary_end(), capture_opts->buffer_size);
}
#endif
/* setting the data link type only works on real interfaces */
- if (capture_opts.linktype != -1) {
- set_linktype_err_str = set_pcap_linktype(pch, cfile.iface,
- capture_opts.linktype);
+ if (capture_opts->linktype != -1) {
+ set_linktype_err_str = set_pcap_linktype(ld->pcap_h, capture_opts->iface,
+ capture_opts->linktype);
if (set_linktype_err_str != NULL) {
- g_snprintf(errmsg, sizeof errmsg, "Unable to set data link type (%s).",
+ g_snprintf(errmsg, errmsg_len, "Unable to set data link type (%s).",
set_linktype_err_str);
- goto error;
+ return FALSE;
}
}
} else {
- /* We couldn't open "cfile.iface" as a network device. */
+ /* We couldn't open "iface" as a network device. */
#ifdef _WIN32
- /* On Windows, we don't support capturing on pipes, so we give up.
- If this is a child process that does the capturing in sync
- mode or fork mode, it shouldn't do any UI stuff until we pop up the
- capture-progress window, and, since we couldn't start the
- capture, we haven't popped it up. */
- if (!capture_child) {
- main_window_update();
- }
+ /* On Windows, we don't support capturing on pipes, so we give up. */
/* On Win32 OSes, the capture devices are probably available to all
users; don't warn about permissions problems.
Do, however, warn that WAN devices aren't supported. */
- g_snprintf(errmsg, sizeof errmsg,
- "The capture session could not be initiated (%s).\n"
- "Please check that you have the proper interface specified.\n"
- "\n"
- "Note that the WinPcap 2.x version of the driver Ethereal uses for packet\n"
- "capture on Windows doesn't support capturing on PPP/WAN interfaces in\n"
- "Windows NT/2000/XP/2003 Server, and that the WinPcap 3.0 and later versions\n"
- "don't support capturing on PPP/WAN interfaces at all.",
- open_err_str);
- goto error;
+ g_snprintf(errmsg, errmsg_len,
+"%sThe capture session could not be initiated!%s\n"
+"\n"
+"(%s)\n"
+"\n"
+"Please check that you have the proper interface specified.\n"
+"\n"
+"Help can be found at: http://wiki.ethereal.com/CaptureSetup\n"
+"\n"
+"WinPcap does not support 64-bit Windows, so you will not be able to capture\n"
+"traffic with Tethereal on 64-bit Windows. You will have to use some other\n"
+"tool to capture traffic, such as netcap; see\n"
+"\n"
+" http://support.microsoft.com/?id=310875\n"
+"\n"
+"for information about netcap.\n"
+"\n"
+"Note that version 3.0 of WinPcap, and earlier versions of WinPcap, don't\n"
+"support capturing on PPP/WAN interfaces on Windows NT 4.0 / 2000 / XP /\n"
+"Server 2003.\n"
+"WinPcap 3.1 has support for it on Windows 2000 / XP / Server 2003, but has no\n"
+"support for it on Windows NT 4.0 or Windows Vista (Beta 1).",
+ simple_dialog_primary_start(), simple_dialog_primary_end(),
+ open_err_str);
+ return FALSE;
#else
- /* try to open cfile.iface as a pipe */
- pipe_fd = cap_pipe_open_live(cfile.iface, &hdr, &ld, errmsg, sizeof errmsg);
-
- if (pipe_fd == -1) {
+ /* try to open iface as a pipe */
+ ld->cap_pipe_fd = cap_pipe_open_live(capture_opts->iface, &ld->cap_pipe_hdr, ld, errmsg, errmsg_len);
- /* If this is a child process that does the capturing in sync
- * mode or fork mode, it shouldn't do any UI stuff until we pop up the
- * capture-progress window, and, since we couldn't start the
- * capture, we haven't popped it up.
- */
- if (!capture_child) {
- main_window_update();
- }
+ if (ld->cap_pipe_fd == -1) {
- if (ld.cap_pipe_err == PIPNEXIST) {
+ if (ld->cap_pipe_err == PIPNEXIST) {
/* Pipe doesn't exist, so output message for interface */
/* If we got a "can't find PPA for XXX" message, warn the user (who
"at the URL lists a number of mirror sites.";
else
libpcap_warn = "";
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"The capture session could not be initiated (%s).\n"
"Please check to make sure you have sufficient permissions, and that\n"
"you have the proper interface or pipe specified.%s", open_err_str,
* Else pipe (or file) does exist and cap_pipe_open_live() has
* filled in errmsg
*/
- goto error;
+ return FALSE;
} else
/* cap_pipe_open_live() succeeded; don't want
error message from pcap_open_live() */
#endif
}
+#ifdef MUST_DO_SELECT
+ if (!ld->from_cap_pipe) {
+#ifdef HAVE_PCAP_GET_SELECTABLE_FD
+ ld->pcap_fd = pcap_get_selectable_fd(ld->pcap_h);
+#else
+ ld->pcap_fd = pcap_fileno(ld->pcap_h);
+#endif
+ }
+#endif
+
+ /* Does "open_err_str" contain a non-empty string? If so, "pcap_open_live()"
+ returned a warning; print it, but keep capturing. */
+ if (open_err_str[0] != '\0')
+ g_warning("%s.", open_err_str);
+
+ return TRUE;
+}
+
+
+/* open the capture input file (pcap or capture pipe) */
+static void capture_loop_close_input(loop_data *ld) {
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input");
+
+#ifndef _WIN32
+ /* if open, close the capture pipe "input file" */
+ if (ld->cap_pipe_fd >= 0) {
+ g_assert(ld->from_cap_pipe);
+ eth_close(ld->cap_pipe_fd);
+ }
+#endif
+
+ /* if open, close the pcap "input file" */
+ if(ld->pcap_h != NULL) {
+ g_assert(!ld->from_cap_pipe);
+ pcap_close(ld->pcap_h);
+ }
+
+#ifdef _WIN32
+ /* Shut down windows sockets */
+ WSACleanup();
+#endif
+}
+
+
+/* init the capture filter */
+static int capture_loop_init_filter(loop_data *ld, const gchar * iface, gchar * cfilter, char *errmsg, int errmsg_len) {
+ bpf_u_int32 netnum, netmask;
+ gchar lookup_net_err_str[PCAP_ERRBUF_SIZE];
+ struct bpf_program fcode;
+
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_init_filter: %s", cfilter);
+
/* capture filters only work on real interfaces */
- if (cfile.cfilter && !ld.from_cap_pipe) {
+ if (cfilter && !ld->from_cap_pipe) {
/* A capture filter was specified; set it up. */
- if (pcap_lookupnet(cfile.iface, &netnum, &netmask, lookup_net_err_str) < 0) {
+ if (pcap_lookupnet(iface, &netnum, &netmask, lookup_net_err_str) < 0) {
/*
* Well, we can't get the netmask for this interface; it's used
* only for filters that check for broadcast IP addresses, so
*/
netmask = 0;
}
- if (pcap_compile(pch, &fcode, cfile.cfilter, 1, netmask) < 0) {
+ if (pcap_compile(ld->pcap_h, &fcode, cfilter, 1, netmask) < 0) {
dfilter_t *rfcode = NULL;
+ gchar *safe_cfilter = simple_dialog_format_message(cfilter);
+ gchar *safe_cfilter_error_msg = simple_dialog_format_message(
+ pcap_geterr(ld->pcap_h));
+
/* filter string invalid, did the user tried a display filter? */
- if (dfilter_compile(cfile.cfilter, &rfcode) && rfcode != NULL) {
- g_snprintf(errmsg, sizeof errmsg,
+ if (dfilter_compile(cfilter, &rfcode) && rfcode != NULL) {
+ g_snprintf(errmsg, errmsg_len,
"%sInvalid capture filter: \"%s\"!%s\n"
"\n"
- "That string looks like a valid display filter; however, it is not a valid\n"
+ "That string looks like a valid display filter; however, it isn't a valid\n"
"capture filter (%s).\n"
"\n"
"Note that display filters and capture filters don't have the same syntax,\n"
"so you can't use most display filter expressions as capture filters.\n"
"\n"
"See the help for a description of the capture filter syntax.",
- simple_dialog_primary_start(), cfile.cfilter, simple_dialog_primary_end(),
- pcap_geterr(pch));
+ simple_dialog_primary_start(), safe_cfilter,
+ simple_dialog_primary_end(), safe_cfilter_error_msg);
dfilter_free(rfcode);
} else {
- g_snprintf(errmsg, sizeof errmsg,
+ g_snprintf(errmsg, errmsg_len,
"%sInvalid capture filter: \"%s\"!%s\n"
"\n"
- "That string is not a valid capture filter (%s).\n"
+ "That string isn't a valid capture filter (%s).\n"
"See the help for a description of the capture filter syntax.",
- simple_dialog_primary_start(), cfile.cfilter, simple_dialog_primary_end(),
- pcap_geterr(pch));
+ simple_dialog_primary_start(), safe_cfilter,
+ simple_dialog_primary_end(), safe_cfilter_error_msg);
}
- goto error;
+ g_free(safe_cfilter_error_msg);
+ g_free(safe_cfilter);
+ return FALSE;
}
- if (pcap_setfilter(pch, &fcode) < 0) {
- g_snprintf(errmsg, sizeof errmsg, "Can't install filter (%s).",
- pcap_geterr(pch));
- goto error;
+ if (pcap_setfilter(ld->pcap_h, &fcode) < 0) {
+ g_snprintf(errmsg, errmsg_len, "Can't install filter (%s).",
+ pcap_geterr(ld->pcap_h));
+#ifdef HAVE_PCAP_FREECODE
+ pcap_freecode(&fcode);
+#endif
+ return FALSE;
}
+#ifdef HAVE_PCAP_FREECODE
+ pcap_freecode(&fcode);
+#endif
}
- /* Set up to write to the capture file. */
+ return TRUE;
+}
+
+
+/* open the wiretap part of the capture output file */
+static int capture_loop_init_wiretap_output(capture_options *capture_opts, int save_file_fd, loop_data *ld, char *errmsg, int errmsg_len) {
+ int pcap_encap;
+ int file_snaplen;
+ int err;
+
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_init_wiretap_output");
+
+ /* get packet encapsulation type and snaplen */
#ifndef _WIN32
- if (ld.from_cap_pipe) {
- pcap_encap = hdr.network;
- file_snaplen = hdr.snaplen;
+ if (ld->from_cap_pipe) {
+ pcap_encap = ld->cap_pipe_hdr.network;
+ file_snaplen = ld->cap_pipe_hdr.snaplen;
} else
#endif
{
- pcap_encap = get_pcap_linktype(pch, cfile.iface);
- file_snaplen = pcap_snapshot(pch);
+ pcap_encap = get_pcap_linktype(ld->pcap_h, capture_opts->iface);
+ file_snaplen = pcap_snapshot(ld->pcap_h);
}
- ld.linktype = wtap_pcap_encap_to_wtap_encap(pcap_encap);
- if (ld.linktype == WTAP_ENCAP_UNKNOWN) {
- g_snprintf(errmsg, sizeof errmsg,
+
+ /* Set up to write to the capture file. */
+ ld->wtap_linktype = wtap_pcap_encap_to_wtap_encap(pcap_encap);
+ if (ld->wtap_linktype == WTAP_ENCAP_UNKNOWN) {
+ g_snprintf(errmsg, errmsg_len,
"The network you're capturing from is of a type"
" that Ethereal doesn't support (data link type %d).", pcap_encap);
- goto error;
+ return FALSE;
}
- if (capture_opts.multi_files_on) {
- ld.pdh = ringbuf_init_wtap_dump_fdopen(WTAP_FILE_PCAP, ld.linktype,
+ if (capture_opts->multi_files_on) {
+ ld->wtap_pdh = ringbuf_init_wtap_dump_fdopen(WTAP_FILE_PCAP, ld->wtap_linktype,
file_snaplen, &err);
} else {
- ld.pdh = wtap_dump_fdopen(cfile.save_file_fd, WTAP_FILE_PCAP,
- ld.linktype, file_snaplen, &err);
+ ld->wtap_pdh = wtap_dump_fdopen(save_file_fd, WTAP_FILE_PCAP,
+ ld->wtap_linktype, file_snaplen, FALSE /* compressed */, &err);
}
- if (ld.pdh == NULL) {
+ if (ld->wtap_pdh == NULL) {
/* We couldn't set up to write to the capture file. */
switch (err) {
default:
if (err < 0) {
- g_snprintf(errmsg, sizeof(errmsg),
+ g_snprintf(errmsg, errmsg_len,
"The file to which the capture would be"
" saved (\"%s\") could not be opened: Error %d.",
- cfile.save_file, err);
+ capture_opts->save_file, err);
} else {
- g_snprintf(errmsg, sizeof(errmsg),
+ g_snprintf(errmsg, errmsg_len,
"The file to which the capture would be"
" saved (\"%s\") could not be opened: %s.",
- cfile.save_file, strerror(err));
+ capture_opts->save_file, strerror(err));
}
break;
}
- goto error;
- }
- /* Does "open_err_str" contain a non-empty string? If so, "pcap_open_live()"
- returned a warning; print it, but keep capturing. */
- if (open_err_str[0] != '\0')
- g_warning("%s.", open_err_str);
-
- /* XXX - capture SIGTERM and close the capture, in case we're on a
- Linux 2.0[.x] system and you have to explicitly close the capture
- stream in order to turn promiscuous mode off? We need to do that
- in other places as well - and I don't think that works all the
- time in any case, due to libpcap bugs. */
-
- if (capture_child) {
- /* Well, we should be able to start capturing.
-
- This is the child process for a sync mode capture, so sync out
- the capture file, so the header makes it to the file system,
- and send a "capture started successfully and capture file created"
- message to our parent so that they'll open the capture file and
- update its windows to indicate that we have a live capture in
- progress. */
- fflush(wtap_dump_file(ld.pdh));
- sync_pipe_capstart_to_parent();
+ return FALSE;
}
- /* start capture info dialog */
- if(show_info) {
- capture_ui.callback_data = &ld;
- capture_ui.counts = &ld.counts;
- capture_info_create(&capture_ui, cfile.iface);
- }
-
- start_time = time(NULL);
- upd_time = time(NULL);
-#ifdef MUST_DO_SELECT
- if (!ld.from_cap_pipe) pcap_fd = pcap_fileno(pch);
-#endif
+ return TRUE;
+}
- /* initialize capture stop conditions */
- init_capture_stop_conditions();
- /* create stop conditions */
- if (capture_opts.has_autostop_filesize)
- cnd_autostop_size =
- cnd_new(CND_CLASS_CAPTURESIZE,(long)capture_opts.autostop_filesize);
- if (capture_opts.has_autostop_duration)
- cnd_autostop_duration =
- cnd_new(CND_CLASS_TIMEOUT,(gint32)capture_opts.autostop_duration);
+static gboolean capture_loop_close_output(capture_options *capture_opts, loop_data *ld, int *err_close) {
- if (capture_opts.multi_files_on) {
- if (capture_opts.has_file_duration)
- cnd_file_duration =
- cnd_new(CND_CLASS_TIMEOUT, capture_opts.file_duration);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_output");
- if (capture_opts.has_autostop_files)
- cnd_autostop_files =
- cnd_new(CND_CLASS_CAPTURESIZE, capture_opts.autostop_files);
+ if (capture_opts->multi_files_on) {
+ return ringbuf_wtap_dump_close(&capture_opts->save_file, err_close);
+ } else {
+ return wtap_dump_close(ld->wtap_pdh, err_close);
}
+}
- /* WOW, everything is prepared! */
- /* please fasten your seat belts, we will enter now the actual capture loop */
- while (ld.go) {
- main_window_update();
+/* dispatch incoming packets (pcap or capture pipe) */
+static int
+capture_loop_dispatch(capture_options *capture_opts, loop_data *ld,
+ char *errmsg, int errmsg_len) {
+ int inpkts;
+#ifndef _WIN32
+ fd_set set1;
+ struct timeval timeout;
+ int sel_ret;
+ guchar pcap_data[WTAP_MAX_PACKET_SIZE];
+#endif
#ifndef _WIN32
- if (ld.from_cap_pipe) {
+ if (ld->from_cap_pipe) {
+ /* dispatch from capture pipe */
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from capture pipe");
+#endif
FD_ZERO(&set1);
- FD_SET(pipe_fd, &set1);
+ FD_SET(ld->cap_pipe_fd, &set1);
timeout.tv_sec = 0;
timeout.tv_usec = CAP_READ_TIMEOUT*1000;
- sel_ret = select(pipe_fd+1, &set1, NULL, NULL, &timeout);
+ sel_ret = select(ld->cap_pipe_fd+1, &set1, NULL, NULL, &timeout);
if (sel_ret <= 0) {
inpkts = 0;
if (sel_ret < 0 && errno != EINTR) {
- g_snprintf(errmsg, sizeof(errmsg),
+ g_snprintf(errmsg, errmsg_len,
"Unexpected error from select: %s", strerror(errno));
- popup_errmsg(errmsg);
- ld.go = FALSE;
+ capture_loop_popup_errmsg(capture_opts, errmsg);
+ ld->go = FALSE;
}
} else {
/*
* "select()" says we can read from the pipe without blocking
*/
- inpkts = cap_pipe_dispatch(pipe_fd, &ld, &hdr, &rechdr, pcap_data,
- errmsg, sizeof errmsg);
+ inpkts = cap_pipe_dispatch(ld->cap_pipe_fd, ld, &ld->cap_pipe_hdr, &ld->cap_pipe_rechdr, pcap_data,
+ errmsg, errmsg_len);
if (inpkts < 0) {
- ld.go = FALSE;
+ ld->go = FALSE;
}
}
}
else
#endif /* _WIN32 */
{
+ /* dispatch from pcap */
#ifdef MUST_DO_SELECT
/*
* Sigh. The semantics of the read timeout argument to
* at least on some versions of some flavors of BSD, the timer
* doesn't start until a read is done, so it won't expire if
* only a "select()" or "poll()" is posted.
+ *
+ * If we have "pcap_get_selectable_fd()", we use it to get the
+ * descriptor on which to select; if that's -1, it means there
+ * is no descriptor on which you can do a "select()" (perhaps
+ * because you're capturing on a special device, and that device's
+ * driver unfortunately doesn't support "select()", in which case
+ * we don't do the select - which means Ethereal might block,
+ * unable to accept user input, until a packet arrives. If
+ * that's unacceptable, plead with whoever supplies the software
+ * for that device to add "select()" support.
*/
- FD_ZERO(&set1);
- FD_SET(pcap_fd, &set1);
- timeout.tv_sec = 0;
- timeout.tv_usec = CAP_READ_TIMEOUT*1000;
- sel_ret = select(pcap_fd+1, &set1, NULL, NULL, &timeout);
- if (sel_ret > 0) {
- /*
- * "select()" says we can read from it without blocking; go for
- * it.
- */
- inpkts = pcap_dispatch(pch, 1, capture_pcap_cb, (guchar *) &ld);
- if (inpkts < 0) {
- ld.pcap_err = TRUE;
- ld.go = FALSE;
- }
- } else {
- inpkts = 0;
- if (sel_ret < 0 && errno != EINTR) {
- g_snprintf(errmsg, sizeof(errmsg),
- "Unexpected error from select: %s", strerror(errno));
- popup_errmsg(errmsg);
- ld.go = FALSE;
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from pcap_dispatch with select");
+#endif
+ if (ld->pcap_fd != -1) {
+ FD_ZERO(&set1);
+ FD_SET(ld->pcap_fd, &set1);
+ timeout.tv_sec = 0;
+ timeout.tv_usec = CAP_READ_TIMEOUT*1000;
+ sel_ret = select(ld->pcap_fd+1, &set1, NULL, NULL, &timeout);
+ if (sel_ret > 0) {
+ /*
+ * "select()" says we can read from it without blocking; go for
+ * it.
+ */
+ inpkts = pcap_dispatch(ld->pcap_h, 1, capture_loop_packet_cb, (u_char *)ld);
+ if (inpkts < 0) {
+ ld->pcap_err = TRUE;
+ ld->go = FALSE;
+ }
+ } else {
+ inpkts = 0;
+ if (sel_ret < 0 && errno != EINTR) {
+ g_snprintf(errmsg, errmsg_len,
+ "Unexpected error from select: %s", strerror(errno));
+ capture_loop_popup_errmsg(capture_opts, errmsg);
+ ld->go = FALSE;
+ }
}
}
+ else
+#endif /* MUST_DO_SELECT */
+ {
+ /* dispatch from pcap without select */
+#if 1
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from pcap_dispatch");
+#endif
+ inpkts = pcap_dispatch(ld->pcap_h, 1, capture_loop_packet_cb, (u_char *) ld);
+ if (inpkts < 0) {
+ ld->pcap_err = TRUE;
+ ld->go = FALSE;
+ }
#else
- inpkts = pcap_dispatch(pch, 1, capture_pcap_cb, (guchar *) &ld);
- if (inpkts < 0) {
- ld.pcap_err = TRUE;
- ld.go = FALSE;
+ {
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from pcap_next_ex");
+#endif
+ /* XXX - this is currently unused, as there is some confusion with pcap_next_ex() vs. pcap_dispatch() */
+
+ /* WinPcap's remote capturing feature doesn't work, see http://wiki.ethereal.com/CaptureSetup_2fWinPcapRemote */
+ /* for reference, an example remote interface: rpcap://[1.2.3.4]/\Device\NPF_{39993D68-7C9B-4439-A329-F2D888DA7C5C} */
+
+ /* emulate dispatch from pcap */
+ int in;
+ struct pcap_pkthdr *pkt_header;
+ u_char *pkt_data;
+
+ inpkts = 0;
+ while( (in = pcap_next_ex(ld->pcap_h, &pkt_header, &pkt_data)) == 1) {
+ capture_loop_packet_cb( (u_char *) ld, pkt_header, pkt_data);
+ inpkts++;
+ }
+
+ if(in < 0) {
+ ld->pcap_err = TRUE;
+ ld->go = FALSE;
+ inpkts = in;
+ }
+ }
+#endif
}
-#endif /* MUST_DO_SELECT */
}
+#ifdef LOG_CAPTURE_VERBOSE
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: %d new packet%s", inpkts, plurality(inpkts, "", "s"));
+#endif
+
+ return inpkts;
+}
+
+
+/* open the output file (temporary/specified name/ringbuffer) */
+/* Returns TRUE if the file opened successfully, FALSE otherwise. */
+static gboolean
+capture_loop_open_output(capture_options *capture_opts, int *save_file_fd,
+ char *errmsg, int errmsg_len) {
+
+ char tmpname[128+1];
+ gchar *capfile_name;
+ gboolean is_tempfile;
+
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_open_output: %s",
+ (capture_opts->save_file) ? capture_opts->save_file : "");
+
+ if (capture_opts->save_file != NULL) {
+ /* We return to the caller while the capture is in progress.
+ * Therefore we need to take a copy of save_file in
+ * case the caller destroys it after we return.
+ */
+ capfile_name = g_strdup(capture_opts->save_file);
+ if (capture_opts->multi_files_on) {
+ /* ringbuffer is enabled */
+ *save_file_fd = ringbuf_init(capfile_name,
+ (capture_opts->has_ring_num_files) ? capture_opts->ring_num_files : 0);
+
+ /* we need the ringbuf name */
+ if(*save_file_fd != -1) {
+ g_free(capfile_name);
+ capfile_name = g_strdup(ringbuf_current_filename());
+ }
+ } else {
+ /* Try to open/create the specified file for use as a capture buffer. */
+ *save_file_fd = open(capfile_name, O_RDWR|O_BINARY|O_TRUNC|O_CREAT,
+ 0600);
+ }
+ is_tempfile = FALSE;
+ } else {
+ /* Choose a random name for the temporary capture buffer */
+ *save_file_fd = create_tempfile(tmpname, sizeof tmpname, "ether");
+ capfile_name = g_strdup(tmpname);
+ is_tempfile = TRUE;
+ }
+
+ /* did we fail to open the output file? */
+ if (*save_file_fd == -1) {
+ if (is_tempfile) {
+ g_snprintf(errmsg, errmsg_len,
+ "The temporary file to which the capture would be saved (\"%s\") "
+ "could not be opened: %s.", capfile_name, strerror(errno));
+ } else {
+ if (capture_opts->multi_files_on) {
+ ringbuf_error_cleanup();
+ }
+
+ g_snprintf(errmsg, errmsg_len,
+ "The file to which the capture would be saved (\"%s\") "
+ "could not be opened: %s.", capfile_name,
+ strerror(errno));
+
+ /*open_failure_alert_box(capfile_name, errno, TRUE);*/
+ }
+ g_free(capfile_name);
+ return FALSE;
+ }
+
+ if(capture_opts->save_file != NULL) {
+ g_free(capture_opts->save_file);
+ }
+ capture_opts->save_file = capfile_name;
+ /* capture_opts.save_file is "g_free"ed later, which is equivalent to
+ "g_free(capfile_name)". */
+
+ return TRUE;
+}
+
+
+#ifndef _WIN32
+static void
+capture_loop_stop_signal_handler(int signo _U_)
+{
+ capture_loop_stop();
+}
+#endif
+
+#ifdef _WIN32
+#define TIME_GET() GetTickCount()
+#else
+#define TIME_GET() time(NULL)
+#endif
+
+/*
+ * This needs to be static, so that the SIGUSR1 handler can clear the "go"
+ * flag.
+ */
+static loop_data ld;
+
+/* Do the low-level work of a capture.
+ Returns TRUE if it succeeds, FALSE otherwise. */
+int
+capture_loop_start(capture_options *capture_opts, gboolean *stats_known, struct pcap_stat *stats)
+{
+ time_t upd_time, cur_time;
+ time_t start_time;
+ int err_close, inpkts;
+ condition *cnd_file_duration = NULL;
+ condition *cnd_autostop_files = NULL;
+ condition *cnd_autostop_size = NULL;
+ condition *cnd_autostop_duration = NULL;
+ guint32 autostop_files = 0;
+ gboolean write_ok;
+ gboolean close_ok;
+ capture_info capture_ui;
+ char errmsg[4096+1];
+ int save_file_fd;
+
+
+ /* init the loop data */
+ ld.go = TRUE;
+ if (capture_opts->has_autostop_packets)
+ ld.packets_max = capture_opts->autostop_packets;
+ else
+ ld.packets_max = 0; /* no limit */
+ ld.err = 0; /* no error seen yet */
+ ld.wtap_linktype = WTAP_ENCAP_UNKNOWN;
+ ld.pcap_err = FALSE;
+ ld.from_cap_pipe = FALSE;
+ ld.packets_sync_pipe = 0;
+ ld.counts.total = 0;
+ ld.counts.sctp = 0;
+ ld.counts.tcp = 0;
+ ld.counts.udp = 0;
+ ld.counts.icmp = 0;
+ ld.counts.ospf = 0;
+ ld.counts.gre = 0;
+ ld.counts.ipx = 0;
+ ld.counts.netbios = 0;
+ ld.counts.vines = 0;
+ ld.counts.other = 0;
+ ld.counts.arp = 0;
+ ld.wtap_pdh = NULL;
+#ifndef _WIN32
+ ld.cap_pipe_fd = -1;
+#endif
+#ifdef MUST_DO_SELECT
+ ld.pcap_fd = 0;
+#endif
+
+#ifndef _WIN32
+ /*
+ * Catch SIGUSR1, so that we exit cleanly if the parent process
+ * kills us with it due to the user selecting "Capture->Stop".
+ */
+ signal(SIGUSR1, capture_loop_stop_signal_handler);
+#endif
+
+ /* We haven't yet gotten the capture statistics. */
+ *stats_known = FALSE;
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Capture child starting ...");
+ capture_opts_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, capture_opts);
+
+ /* open the output file (temporary/specified name/ringbuffer) */
+ if (!capture_loop_open_output(capture_opts, &save_file_fd, errmsg, sizeof(errmsg))) {
+ goto error;
+ }
+
+ /* open the "input file" from network interface or capture pipe */
+ if (!capture_loop_open_input(capture_opts, &ld, errmsg, sizeof(errmsg))) {
+ goto error;
+ }
+
+ /* init the input filter from the network interface (capture pipe will do nothing) */
+ if (!capture_loop_init_filter(&ld, capture_opts->iface, capture_opts->cfilter, errmsg, sizeof(errmsg))) {
+ goto error;
+ }
+
+ /* open the wiretap part of the output file (the output file is already open) */
+ if (!capture_loop_init_wiretap_output(capture_opts, save_file_fd, &ld, errmsg, sizeof(errmsg))) {
+ goto error;
+ }
+
+ /* XXX - capture SIGTERM and close the capture, in case we're on a
+ Linux 2.0[.x] system and you have to explicitly close the capture
+ stream in order to turn promiscuous mode off? We need to do that
+ in other places as well - and I don't think that works all the
+ time in any case, due to libpcap bugs. */
+
+ /* Well, we should be able to start capturing.
+
+ Sync out the capture file, so the header makes it to the file system,
+ and send a "capture started successfully and capture file created"
+ message to our parent so that they'll open the capture file and
+ update its windows to indicate that we have a live capture in
+ progress. */
+ wtap_dump_flush(ld.wtap_pdh);
+ sync_pipe_filename_to_parent(capture_opts->save_file);
+
+ /* initialize capture stop (and alike) conditions */
+ init_capture_stop_conditions();
+ /* create stop conditions */
+ if (capture_opts->has_autostop_filesize)
+ cnd_autostop_size =
+ cnd_new(CND_CLASS_CAPTURESIZE,(long)capture_opts->autostop_filesize * 1024);
+ if (capture_opts->has_autostop_duration)
+ cnd_autostop_duration =
+ cnd_new(CND_CLASS_TIMEOUT,(gint32)capture_opts->autostop_duration);
+
+ if (capture_opts->multi_files_on) {
+ if (capture_opts->has_file_duration)
+ cnd_file_duration =
+ cnd_new(CND_CLASS_TIMEOUT, capture_opts->file_duration);
+
+ if (capture_opts->has_autostop_files)
+ cnd_autostop_files =
+ cnd_new(CND_CLASS_CAPTURESIZE, capture_opts->autostop_files);
+ }
+
+ /* start capture info dialog */
+ if(capture_opts->show_info) {
+ capture_ui.callback_data = &ld;
+ capture_ui.counts = &ld.counts;
+ capture_info_create(&capture_ui, capture_opts->iface);
+ }
+
+ /* init the time values */
+ start_time = TIME_GET();
+ upd_time = TIME_GET();
+
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Capture child running!");
+
+ /* WOW, everything is prepared! */
+ /* please fasten your seat belts, we will enter now the actual capture loop */
+ while (ld.go) {
+ main_window_update();
+
+ /* dispatch incoming packets */
+ inpkts = capture_loop_dispatch(capture_opts, &ld, errmsg, sizeof(errmsg));
+
+ main_window_update();
+
+#ifdef _WIN32
+ /* some news from our parent (signal pipe)? -> just stop the capture */
+ {
+ HANDLE handle;
+ DWORD avail = 0;
+ gboolean result;
+
+
+ handle = (HANDLE) _get_osfhandle (0);
+ result = PeekNamedPipe(handle, NULL, 0, NULL, &avail, NULL);
+
+ if(!result || avail > 0) {
+ ld.go = FALSE;
+ /*g_warning("loop closing");*/
+ }
+ }
+#endif
+
if (inpkts > 0) {
- ld.sync_packets += inpkts;
+ ld.packets_sync_pipe += inpkts;
/* check capture size condition */
if (cnd_autostop_size != NULL && cnd_eval(cnd_autostop_size,
- (guint32)wtap_get_bytes_dumped(ld.pdh))){
+ (guint32)wtap_get_bytes_dumped(ld.wtap_pdh))){
/* Capture size limit reached, do we have another file? */
- if (capture_opts.multi_files_on) {
+ if (capture_opts->multi_files_on) {
if (cnd_autostop_files != NULL && cnd_eval(cnd_autostop_files, ++autostop_files)) {
/* no files left: stop here */
ld.go = FALSE;
}
/* Switch to the next ringbuffer file */
- if (ringbuf_switch_file(&cfile, &ld.pdh, &ld.err)) {
+ if (ringbuf_switch_file(&ld.wtap_pdh, &capture_opts->save_file, &save_file_fd, &ld.err)) {
/* File switch succeeded: reset the conditions */
cnd_reset(cnd_autostop_size);
if (cnd_file_duration) {
cnd_reset(cnd_file_duration);
}
+ wtap_dump_flush(ld.wtap_pdh);
+ sync_pipe_filename_to_parent(capture_opts->save_file);
+ ld.packets_sync_pipe = 0;
} else {
/* File switch failed: stop here */
ld.go = FALSE;
continue;
}
} /* cnd_autostop_size */
- }
+ } /* inpkts */
/* Only update once a second so as not to overload slow displays */
- cur_time = time(NULL);
- if (cur_time > upd_time) {
- upd_time = cur_time;
+ cur_time = TIME_GET();
+#ifdef _WIN32
+ if ( (cur_time - upd_time) > 500) {
+#else
+ if (cur_time - upd_time > 0) {
+#endif
+ upd_time = cur_time;
/*if (pcap_stats(pch, stats) >= 0) {
*stats_known = TRUE;
}*/
- /* Let the parent process know. */
/* calculate and display running time */
- if(show_info) {
+ if(capture_opts->show_info) {
cur_time -= start_time;
+#ifdef _WIN32
+ capture_ui.running_time = cur_time / 1000;
+#else
capture_ui.running_time = cur_time;
- capture_ui.new_packets = ld.sync_packets;
+#endif
+ capture_ui.new_packets = ld.packets_sync_pipe;
capture_info_update(&capture_ui);
}
- if (ld.sync_packets) {
+ /* Let the parent process know. */
+ if (ld.packets_sync_pipe) {
/* do sync here */
- fflush(wtap_dump_file(ld.pdh));
+ wtap_dump_flush(ld.wtap_pdh);
- if (capture_child) {
- /* This is the child process for a sync mode capture, so send
- our parent a message saying we've written out "ld.sync_packets"
+ /* Send our parent a message saying we've written out "ld.sync_packets"
packets to the capture file. */
- sync_pipe_packet_count_to_parent(ld.sync_packets);
- }
+ sync_pipe_packet_count_to_parent(ld.packets_sync_pipe);
- ld.sync_packets = 0;
+ ld.packets_sync_pipe = 0;
}
/* check capture duration condition */
/* check capture file duration condition */
if (cnd_file_duration != NULL && cnd_eval(cnd_file_duration)) {
/* duration limit reached, do we have another file? */
- if (capture_opts.multi_files_on) {
+ if (capture_opts->multi_files_on) {
if (cnd_autostop_files != NULL && cnd_eval(cnd_autostop_files, ++autostop_files)) {
/* no files left: stop here */
ld.go = FALSE;
}
/* Switch to the next ringbuffer file */
- if (ringbuf_switch_file(&cfile, &ld.pdh, &ld.err)) {
+ if (ringbuf_switch_file(&ld.wtap_pdh, &capture_opts->save_file, &save_file_fd, &ld.err)) {
/* file switch succeeded: reset the conditions */
cnd_reset(cnd_file_duration);
if(cnd_autostop_size)
cnd_reset(cnd_autostop_size);
+ wtap_dump_flush(ld.wtap_pdh);
+ sync_pipe_filename_to_parent(capture_opts->save_file);
+ ld.packets_sync_pipe = 0;
} else {
/* File switch failed: stop here */
ld.go = FALSE;
} /* while (ld.go) */
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Capture child stopping ...");
+
+ /* close capture info dialog */
+ if(capture_opts->show_info) {
+ capture_info_destroy(&capture_ui);
+ }
+
/* delete stop conditions */
if (cnd_file_duration != NULL)
cnd_delete(cnd_file_duration);
if (cnd_autostop_duration != NULL)
cnd_delete(cnd_autostop_duration);
+ /* did we had a pcap (input) error? */
if (ld.pcap_err) {
g_snprintf(errmsg, sizeof(errmsg), "Error while capturing packets: %s",
- pcap_geterr(pch));
- popup_errmsg(errmsg);
-#ifdef _WIN32
+ pcap_geterr(ld.pcap_h));
+ capture_loop_popup_errmsg(capture_opts, errmsg);
}
-#else
- } else if (ld.from_cap_pipe && ld.cap_pipe_err == PIPERR)
- popup_errmsg(errmsg);
+#ifndef _WIN32
+ else if (ld.from_cap_pipe && ld.cap_pipe_err == PIPERR)
+ capture_loop_popup_errmsg(capture_opts, errmsg);
#endif
- if (ld.err == 0)
+ /* did we had an error while capturing? */
+ if (ld.err == 0) {
write_ok = TRUE;
- else {
- get_capture_file_io_error(errmsg, sizeof(errmsg), cfile.save_file, ld.err,
+ } else {
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file, ld.err,
FALSE);
- popup_errmsg(errmsg);
+ capture_loop_popup_errmsg(capture_opts, errmsg);
write_ok = FALSE;
}
- if (capture_opts.multi_files_on) {
- close_ok = ringbuf_wtap_dump_close(&cfile, &err);
- } else {
- close_ok = wtap_dump_close(ld.pdh, &err);
- }
+ /* close the wiretap (output) file */
+ close_ok = capture_loop_close_output(capture_opts, &ld, &err_close);
+
/* If we've displayed a message about a write error, there's no point
in displaying another message about an error on close. */
if (!close_ok && write_ok) {
- get_capture_file_io_error(errmsg, sizeof(errmsg), cfile.save_file, err,
+ capture_loop_get_errmsg(errmsg, sizeof(errmsg), capture_opts->save_file, err_close,
TRUE);
- popup_errmsg(errmsg);
+ capture_loop_popup_errmsg(capture_opts, errmsg);
}
- /* Set write_ok to mean the write and the close were successful. */
- write_ok = (write_ok && close_ok);
-#ifndef _WIN32
/*
* XXX We exhibit different behaviour between normal mode and sync mode
* when the pipe is stdin and not already at EOF. If we're a child, the
* will say "Unrecognized libpcap format". On the other hand, in normal
* mode, cap_pipe_open_live() will say "End of file on pipe during open".
*/
- if (ld.from_cap_pipe && pipe_fd >= 0)
- close(pipe_fd);
- else
-#endif
- {
+
+ /* get packet drop statistics from pcap */
+ if(ld.pcap_h != NULL) {
+ g_assert(!ld.from_cap_pipe);
/* Get the capture statistics, so we know how many packets were
dropped. */
- if (pcap_stats(pch, stats) >= 0) {
+ if (pcap_stats(ld.pcap_h, stats) >= 0) {
*stats_known = TRUE;
- if (capture_child) {
- /* Let the parent process know. */
- sync_pipe_drops_to_parent(stats->ps_drop);
- }
+ /* Let the parent process know. */
+ sync_pipe_drops_to_parent(stats->ps_drop);
} else {
g_snprintf(errmsg, sizeof(errmsg),
"Can't get packet-drop statistics: %s",
- pcap_geterr(pch));
- popup_errmsg(errmsg);
+ pcap_geterr(ld.pcap_h));
+ capture_loop_popup_errmsg(capture_opts, errmsg);
}
- pcap_close(pch);
}
-#ifdef _WIN32
- /* Shut down windows sockets */
- WSACleanup();
-#endif
+ /* close the input file (pcap or capture pipe) */
+ capture_loop_close_input(&ld);
- if(show_info) {
- capture_info_destroy(&capture_ui);
- }
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Capture child stopped!");
- return write_ok;
+ /* ok, if the write and the close were successful. */
+ return write_ok && close_ok;
error:
- if (capture_opts.multi_files_on) {
+ if (capture_opts->multi_files_on) {
/* cleanup ringbuffer */
ringbuf_error_cleanup();
} else {
/* We can't use the save file, and we have no wtap_dump stream
to close in order to close it, so close the FD directly. */
- close(cfile.save_file_fd);
+ eth_close(save_file_fd);
/* We couldn't even start the capture, so get rid of the capture
file. */
- unlink(cfile.save_file); /* silently ignore error */
- g_free(cfile.save_file);
+ eth_unlink(capture_opts->save_file); /* silently ignore error */
+ g_free(capture_opts->save_file);
}
- cfile.save_file = NULL;
- popup_errmsg(errmsg);
+ capture_opts->save_file = NULL;
+ capture_loop_popup_errmsg(capture_opts, errmsg);
-#ifndef _WIN32
- if (ld.from_cap_pipe) {
- if (pipe_fd >= 0)
- close(pipe_fd);
- } else
-#endif
- {
- if (pch != NULL)
- pcap_close(pch);
- }
+ /* close the input file (pcap or cap_pipe) */
+ capture_loop_close_input(&ld);
+
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "Capture child stopped with error");
return FALSE;
}
static void
-get_capture_file_io_error(char *errmsg, int errmsglen, const char *fname,
+capture_loop_get_errmsg(char *errmsg, int errmsglen, const char *fname,
int err, gboolean is_close)
{
switch (err) {
}
static void
-popup_errmsg(const char *errmsg)
+capture_loop_popup_errmsg(capture_options *capture_opts _U_, const char *errmsg)
{
- if (capture_child) {
- /* This is the child process for a sync mode capture.
- Send the error message to our parent, so they can display a
+ /* Send the error message to our parent, so they can display a
dialog box containing it. */
sync_pipe_errmsg_to_parent(errmsg);
- } else {
- /* Display the dialog box ourselves; there's no parent. */
- simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, "%s", errmsg);
- }
}
/* one packet was captured, process it */
static void
-capture_pcap_cb(guchar *user, const struct pcap_pkthdr *phdr,
- const guchar *pd)
+capture_loop_packet_cb(u_char *user, const struct pcap_pkthdr *phdr,
+ const u_char *pd)
{
struct wtap_pkthdr whdr;
union wtap_pseudo_header pseudo_header;
loop_data *ld = (loop_data *) user;
int err;
- /* user told us to stop after x packets, do we have enough? */
- if ((++ld->counts.total >= ld->max) && (ld->max > 0))
+ /* if the user told us to stop after x packets, do we have enough? */
+ ld->counts.total++;
+ if ((ld->packets_max > 0) && (ld->counts.total >= ld->packets_max))
{
ld->go = FALSE;
}
/* Convert from libpcap to Wiretap format.
If that fails, set "ld->go" to FALSE, to stop the capture, and set
"ld->err" to the error. */
- pd = wtap_process_pcap_packet(ld->linktype, phdr, pd, &pseudo_header,
+ pd = wtap_process_pcap_packet(ld->wtap_linktype, phdr, pd, &pseudo_header,
&whdr, &err);
if (pd == NULL) {
ld->go = FALSE;
return;
}
- if (ld->pdh) {
+ if (ld->wtap_pdh) {
/* We're supposed to write the packet to a file; do so.
If this fails, set "ld->go" to FALSE, to stop the capture, and set
"ld->err" to the error. */
- if (!wtap_dump(ld->pdh, &whdr, &pseudo_header, pd, &err)) {
+ if (!wtap_dump(ld->wtap_pdh, &whdr, &pseudo_header, pd, &err)) {
ld->go = FALSE;
ld->err = err;
}
}
- switch (ld->linktype) {
+ switch (ld->wtap_linktype) {
case WTAP_ENCAP_ETHERNET:
capture_eth(pd, 0, whdr.caplen, &ld->counts);
break;
case WTAP_ENCAP_APPLE_IP_OVER_IEEE1394:
capture_ap1394(pd, 0, whdr.caplen, &ld->counts);
break;
+ case WTAP_ENCAP_FRELAY:
+ case WTAP_ENCAP_FRELAY_WITH_PHDR:
+ capture_fr(pd, 0, whdr.caplen, &ld->counts);
+ break;
/* XXX - some ATM drivers on FreeBSD might prepend a 4-byte ATM
pseudo-header to DLT_ATM_RFC1483, with LLC header following;
we might have to implement that at some point. */