*
* $Id$
*
- * Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@ethereal.com>
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
# include "config.h"
#endif
+#include <stdlib.h> /* for exit() */
#include <glib.h>
#include <string.h>
#include <netdb.h>
#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
#include "ringbuffer.h"
#include "clopts_common.h"
#include "cmdarg_err.h"
#include "capture-wpcap.h"
#endif
+#include "sync_pipe.h"
+
#include "capture.h"
#include "capture_loop.h"
#include "capture_sync.h"
#include "file_util.h"
+/*#define DEBUG_DUMPCAP*/
-gboolean capture_child = FALSE; /* FALSE: standalone call, TRUE: this is an Ethereal capture child */
+gboolean capture_child = FALSE; /* FALSE: standalone call, TRUE: this is an Wireshark capture child */
static void
console_log_handler(const char *log_domain, GLogLevelFlags log_level,
void exit_main(int err);
#endif
-const char *get_basename(const char *path);
-
static void
print_usage(gboolean print_ver) {
fprintf(output,
"Dumpcap " VERSION "%s\n"
"Capture network packets and dump them into a libpcap file.\n"
- "See http://www.ethereal.com for more information.\n",
+ "See http://www.wireshark.org for more information.\n",
svnversion);
} else {
output = stderr;
"%s\n"
"%s\n"
"%s\n"
- "See http://www.ethereal.com for more information.\n",
+ "See http://www.wireshark.org for more information.\n",
svnversion, get_copyright_info() ,comp_info_str->str, runtime_info_str->str);
}
/*
* Report an error in command-line arguments.
- * Creates a console on Windows.
- * XXX - pop this up in a window of some sort on UNIX+X11 if the controlling
- * terminal isn't the standard error?
*/
void
cmdarg_err(const char *fmt, ...)
{
va_list ap;
- va_start(ap, fmt);
- fprintf(stderr, "dumpcap: ");
- vfprintf(stderr, fmt, ap);
- fprintf(stderr, "\n");
- va_end(ap);
+ if(capture_child) {
+ /* XXX - convert to g_log */
+ } else {
+ va_start(ap, fmt);
+ fprintf(stderr, "dumpcap: ");
+ vfprintf(stderr, fmt, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+ }
}
/*
* Report additional information for an error in command-line arguments.
- * Creates a console on Windows.
- * XXX - pop this up in a window of some sort on UNIX+X11 if the controlling
- * terminal isn't the standard error?
*/
void
cmdarg_err_cont(const char *fmt, ...)
{
va_list ap;
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
- fprintf(stderr, "\n");
- va_end(ap);
+ if(capture_child) {
+ /* XXX - convert to g_log */
+ } else {
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ fprintf(stderr, "\n");
+ va_end(ap);
+ }
}
#ifdef _WIN32
BOOL WINAPI ConsoleCtrlHandlerRoutine(DWORD dwCtrlType)
{
- /*printf("Event: %u", dwCtrlType);*/
- capture_loop_stop();
-
- return TRUE;
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Console: Control signal");
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
+ "Console: Control signal, CtrlType: %u", dwCtrlType);
+
+ /* Keep capture running if we're a service and a user logs off */
+ if (capture_child || (dwCtrlType != CTRL_LOGOFF_EVENT)) {
+ capture_loop_stop();
+ return TRUE;
+ } else {
+ return FALSE;
+ }
}
#endif
#ifdef _WIN32
/* Shutdown windows sockets */
WSACleanup();
-#endif
/* can be helpful for debugging */
#ifdef DEBUG_DUMPCAP
_getch();
#endif
+#endif /* _WIN32 */
+
exit(status);
}
int opt;
extern char *optarg;
gboolean arg_error = FALSE;
- GString *comp_info_str;
- GString *runtime_info_str;
#ifdef _WIN32
WSADATA wsaData;
SetConsoleCtrlHandler(&ConsoleCtrlHandlerRoutine, TRUE);
#endif /* _WIN32 */
- /* Assemble the compile-time version information string */
- comp_info_str = g_string_new("Compiled ");
- g_string_append(comp_info_str, "with ");
- get_compiled_version_info(comp_info_str);
-
- /* Assemble the run-time version information string */
- runtime_info_str = g_string_new("Running ");
- get_runtime_version_info(runtime_info_str);
-
- /* Arrange that if we have no console window, and a GLib message logging
- routine is called to log a message, we pop up a console window.
-
- We do that by inserting our own handler for all messages logged
- to the default domain; that handler pops up a console if necessary,
- and then calls the default handler. */
-
- /* We might want to have component specific log levels later ... */
- /* the default_log_handler will use stdout, which makes trouble with the */
- /* capture child, as it uses stdout for it's sync_pipe */
+ /* the default_log_handler will use stdout, which makes trouble in */
+ /* capture child mode, as it uses stdout for it's sync_pipe */
/* so do the filtering in the console_log_handler and not here */
log_flags =
G_LOG_LEVEL_ERROR|
by the command line parameters. */
capture_opts_init(capture_opts, NULL);
- capture_opts->snaplen = MIN_PACKET_SIZE;
+ /* Default to capturing the entire packet. */
+ capture_opts->snaplen = WTAP_MAX_PACKET_SIZE;
+
+ /* We always save to a file - if no file was specified, we save to a
+ temporary file. */
+ capture_opts->saving_to_file = TRUE;
capture_opts->has_ring_num_files = TRUE;
/* Now get our args */
exit_main(0);
break;
case 'v': /* Show version and exit */
+ {
+ GString *comp_info_str;
+ GString *runtime_info_str;
+ /* Assemble the compile-time version information string */
+ comp_info_str = g_string_new("Compiled with ");
+ get_compiled_version_info(comp_info_str, NULL);
+
+ /* Assemble the run-time version information string */
+ runtime_info_str = g_string_new("Running ");
+ get_runtime_version_info(runtime_info_str, NULL);
show_version(comp_info_str, runtime_info_str);
+ g_string_free(comp_info_str, TRUE);
+ g_string_free(runtime_info_str, TRUE);
exit_main(0);
break;
+ }
/*** capture option specific ***/
case 'a': /* autostop criteria */
case 'b': /* Ringbuffer option */
exit_main(status);
}
break;
- /*** hidden option: Ethereal child mode (using binary output messages) ***/
+ /*** hidden option: Wireshark child mode (using binary output messages) ***/
case 'Z':
capture_child = TRUE;
+#ifdef _WIN32
+ /* set output pipe to binary mode, to avoid ugly text conversions */
+ _setmode(1, O_BINARY);
+#endif
break;
/*** all non capture option specific ***/
if (argc != 0) {
/*
* Extra command line arguments were specified; complain.
+ * XXX - interpret as capture filter, as tcpdump and tshark do?
*/
cmdarg_err("Invalid argument: %s", argv[0]);
arg_error = TRUE;
}
/* Let the user know what interface was chosen. */
-/* descr = get_interface_descriptive_name(capture_opts.iface);
- fprintf(stderr, "Capturing on %s\n", descr);
- g_free(descr);*/
-
- if(!capture_child) {
- fprintf(stderr, "Capturing on %s\n", capture_opts->iface);
- }
+ /* get_interface_descriptive_name() is not available! */
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Interface: %s\n", capture_opts->iface);
if (list_link_layer_types) {
status = capture_opts_list_link_layer_types(capture_opts);
}
-/* This routine should not be necessary, at least as I read the GLib
- source code, as it looks as if GLib is, on Win32, *supposed* to
- create a console window into which to display its output.
-
- That doesn't happen, however. I suspect there's something completely
- broken about that code in GLib-for-Win32, and that it may be related
- to the breakage that forces us to just call "printf()" on the message
- rather than passing the message on to "g_log_default_handler()"
- (which is the routine that does the aforementioned non-functional
- console window creation). */
static void
console_log_handler(const char *log_domain, GLogLevelFlags log_level,
const char *message, gpointer user_data _U_)
time(&curr);
today = localtime(&curr);
- switch(log_level & G_LOG_LEVEL_MASK) {
- case G_LOG_LEVEL_ERROR:
- level = "Err ";
- break;
- case G_LOG_LEVEL_CRITICAL:
- level = "Crit";
- break;
- case G_LOG_LEVEL_WARNING:
- level = "Warn";
- break;
- case G_LOG_LEVEL_MESSAGE:
- level = "Msg ";
- break;
- case G_LOG_LEVEL_INFO:
- level = "Info";
- break;
- case G_LOG_LEVEL_DEBUG:
- level = "Dbg ";
- break;
- default:
- fprintf(stderr, "unknown log_level %u\n", log_level);
- level = NULL;
- g_assert_not_reached();
- }
+ switch(log_level & G_LOG_LEVEL_MASK) {
+ case G_LOG_LEVEL_ERROR:
+ level = "Err ";
+ break;
+ case G_LOG_LEVEL_CRITICAL:
+ level = "Crit";
+ break;
+ case G_LOG_LEVEL_WARNING:
+ level = "Warn";
+ break;
+ case G_LOG_LEVEL_MESSAGE:
+ level = "Msg ";
+ break;
+ case G_LOG_LEVEL_INFO:
+ level = "Info";
+ break;
+ case G_LOG_LEVEL_DEBUG:
+ level = "Dbg ";
+ break;
+ default:
+ fprintf(stderr, "unknown log_level %u\n", log_level);
+ level = NULL;
+ g_assert_not_reached();
+ }
- /* don't use printf (stdout), as the capture child uses stdout for it's sync_pipe */
+ /* don't use printf (stdout), in child mode we're using stdout for the sync_pipe */
+ if(log_level & G_LOG_LEVEL_MESSAGE) {
+ /* normal user messages without additional infos */
+ fprintf(stderr, "%s\n", message);
+ fflush(stderr);
+ } else {
+ /* info/debug messages with additional infos */
fprintf(stderr, "%02u:%02u:%02u %8s %s %s\n",
today->tm_hour, today->tm_min, today->tm_sec,
log_domain != NULL ? log_domain : "",
level, message);
+ fflush(stderr);
+ }
}
-/****************************************************************************************************************/
-/* sync_pipe stubs */
-
-/*
- * Maximum length of sync pipe message data. Must be < 2^24, as the
- * message length is 3 bytes.
- * XXX - this must be large enough to handle a Really Big Filter
- * Expression, as the error message for an incorrect filter expression
- * is a bit larger than the filter expression.
- */
-#define SP_MAX_MSG_LEN 4096
-
-
- /* write a message to the recipient pipe in the standard format
- (3 digit message length (excluding length and indicator field),
- 1 byte message indicator and the rest is the message) */
-static void
-pipe_write_block(int pipe, char indicator, int len, const char *msg)
-{
- guchar header[3+1]; /* indicator + 3-byte len */
- int ret;
-
- /*g_warning("write %d enter", pipe);*/
-
- /* if we're not a capture child, we don't have to tell our none existing parent anything */
- if(!capture_child)
- return;
-
- g_assert(indicator < '0' || indicator > '9');
- g_assert(len <= SP_MAX_MSG_LEN);
-
- /* write header (indicator + 3-byte len) */
- header[0] = indicator;
- header[1] = (len >> 16) & 0xFF;
- header[2] = (len >> 8) & 0xFF;
- header[3] = (len >> 0) & 0xFF;
-
- ret = write(pipe, header, sizeof header);
- if(ret == -1) {
- return;
- }
-
- /* write value (if we have one) */
- if(len) {
- /*g_warning("write %d indicator: %c value len: %u msg: %s", pipe, indicator, len, msg);*/
- ret = write(pipe, msg, len);
- if(ret == -1) {
- return;
- }
- } else {
- /*g_warning("write %d indicator: %c no value", pipe, indicator);*/
- }
- /*g_warning("write %d leave", pipe);*/
-}
+/****************************************************************************************************************/
+/* indication report routines */
void
-sync_pipe_packet_count_to_parent(int packet_count)
+report_packet_count(int packet_count)
{
char tmp[SP_DECISIZE+1+1];
static int count = 0;
- if(!capture_child) {
+ if(capture_child) {
+ g_snprintf(tmp, sizeof(tmp), "%d", packet_count);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Packets: %s", tmp);
+ pipe_write_block(1, SP_PACKET_COUNT, tmp);
+ } else {
count += packet_count;
- fprintf(stderr, "\r%u", count);
+ fprintf(stderr, "\rPackets: %u ", count);
/* stderr could be line buffered */
fflush(stderr);
}
+}
- g_snprintf(tmp, sizeof(tmp), "%d", packet_count);
+void
+report_new_capture_file(const char *filename)
+{
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "sync_pipe_packet_count_to_parent: %s", tmp);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "File: %s", filename);
- pipe_write_block(1, SP_PACKET_COUNT, strlen(tmp)+1, tmp);
+ if(capture_child) {
+ pipe_write_block(1, SP_FILE, filename);
+ }
}
void
-sync_pipe_filename_to_parent(const char *filename)
+report_cfilter_error(const char *cfilter _U_, const char *errmsg)
{
- if(!capture_child) {
- fprintf(stderr, "\nFile: %s\n", filename);
- /* stderr could be line buffered */
- fflush(stderr);
- }
-
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, "File: %s", filename);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Capture filter error: %s", errmsg);
- pipe_write_block(1, SP_FILE, strlen(filename)+1, filename);
+ if (capture_child) {
+ pipe_write_block(1, SP_BAD_FILTER, errmsg);
+ }
}
void
-sync_pipe_errmsg_to_parent(const char *errmsg)
+report_capture_error(const char *error_msg, const char *secondary_error_msg)
{
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "sync_pipe_errmsg_to_parent: %s", errmsg);
- pipe_write_block(1, SP_ERROR_MSG, strlen(errmsg)+1, errmsg);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
+ "Primary Error: %s", error_msg);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
+ "Secondary Error: %s", secondary_error_msg);
+
+ if(capture_child) {
+ sync_pipe_errmsg_to_parent(error_msg, secondary_error_msg);
+ }
}
void
-sync_pipe_drops_to_parent(int drops)
+report_packet_drops(int drops)
{
char tmp[SP_DECISIZE+1+1];
g_snprintf(tmp, sizeof(tmp), "%d", drops);
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "Packets dropped: %s", tmp);
- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "sync_pipe_drops_to_parent: %s", tmp);
-
- pipe_write_block(1, SP_DROPS, strlen(tmp)+1, tmp);
+ if(capture_child) {
+ pipe_write_block(1, SP_DROPS, tmp);
+ }
}
-
/****************************************************************************************************************/
-/* simple_dialog stubs */
+/* signal_pipe handling */
-char *simple_dialog_primary_start(void)
+#ifdef _WIN32
+gboolean
+signal_pipe_check_running(void)
{
- return "";
-}
+ /* any news from our parent (stdin)? -> just stop the capture */
+ HANDLE handle;
+ DWORD avail = 0;
+ gboolean result;
-char *simple_dialog_primary_end(void)
-{
- return "";
-}
-char *
-simple_dialog_format_message(const char *msg)
-{
- char *str;
+ /* if we are running standalone, no check required */
+ if(!capture_child) {
+ return TRUE;
+ }
- if (msg) {
-#if GTK_MAJOR_VERSION < 2
- str = g_strdup(msg);
-#else
- str = xml_escape(msg);
-#endif
+ handle = (HANDLE) GetStdHandle(STD_INPUT_HANDLE);
+ result = PeekNamedPipe(handle, NULL, 0, NULL, &avail, NULL);
+
+ if(!result || avail > 0) {
+ /* peek failed or some bytes really available */
+ /* (if not piping from stdin this would fail) */
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO,
+ "Signal pipe: Stop capture");
+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG,
+ "Signal pipe: handle: %x result: %u avail: %u", handle, result, avail);
+ return FALSE;
} else {
- str = NULL;
+ /* pipe ok and no bytes available */
+ return TRUE;
}
- return str;
}
+#endif
+
/****************************************************************************************************************/
/* Stub functions */
const char *netsnmp_get_version(void) { return ""; }
-gboolean dfilter_compile(const gchar *text, dfilter_t **dfp) { (void)text; (void)dfp; return FALSE; }
-
-void dfilter_free(dfilter_t *df) { (void)df; }
-
-
-/*
- * Find out whether a hostname resolves to an ip or ipv6 address
- * Return "ip6" if it is IPv6, "ip" otherwise (including the case
- * that we don't know)
- */
-const char* host_ip_af(const char *host
-#ifndef HAVE_GETHOSTBYNAME2
-_U_
-#endif
-)
-{
-#ifdef HAVE_GETHOSTBYNAME2
- struct hostent *h;
- return (h = gethostbyname2(host, AF_INET6)) && h->h_addrtype == AF_INET6 ? "ip6" : "ip";
-#else
- return "ip";
-#endif
-}
-
-