1998-09-16 02:39:15 +00:00
|
|
|
/* capture.h
|
|
|
|
|
* Definitions for packet capture windows
|
|
|
|
|
*
|
2004-03-04 19:31:21 +00:00
|
|
|
* $Id: capture.h,v 1.43 2004/03/04 19:31:20 ulfl Exp $
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
2003-09-15 23:15:32 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef __CAPTURE_H__
|
|
|
|
|
#define __CAPTURE_H__
|
|
|
|
|
|
1999-07-09 04:18:36 +00:00
|
|
|
#ifdef HAVE_LIBPCAP
|
|
|
|
|
|
1999-10-02 20:00:46 +00:00
|
|
|
/* Name we give to the child process when doing a "-S" capture. */
|
If we're given the "-k" flag, don't start the capture until after we've:
popped up the top-level window (so that it looks like a capture
started from "Capture/Start");
initialized the colors (so that we don't dump core when reading
in the capture file);
popped up any message box for failure to read the preferences
file.
This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.
If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that
1) it shows up in a "ps" with a special name;
2) we don't have to invent Yet Another Flag to say "you're the
child".
(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)
If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.
svn path=/trunk/; revision=739
1999-09-30 06:11:51 +00:00
|
|
|
#define CHILD_NAME "ethereal-capture"
|
|
|
|
|
|
2002-02-24 09:25:36 +00:00
|
|
|
typedef struct {
|
|
|
|
|
gboolean has_snaplen; /* TRUE if maximum capture packet
|
|
|
|
|
length is specified */
|
|
|
|
|
int snaplen; /* Maximum captured packet length */
|
|
|
|
|
int promisc_mode; /* Capture in promiscuous mode */
|
2004-03-02 22:07:23 +00:00
|
|
|
int linktype; /* Data link type to use, or -1 for
|
|
|
|
|
"use default" */
|
2002-02-24 09:25:36 +00:00
|
|
|
int sync_mode; /* Fork a child to do the capture,
|
|
|
|
|
and sync between them */
|
2004-03-02 22:07:23 +00:00
|
|
|
|
|
|
|
|
gboolean multi_files_on; /* TRUE if ring buffer in use */
|
|
|
|
|
|
2004-03-04 19:31:21 +00:00
|
|
|
gboolean has_file_duration; /* TRUE if ring duration specified */
|
|
|
|
|
gint32 file_duration; /* Switch file after n seconds */
|
2004-03-02 22:07:23 +00:00
|
|
|
gboolean has_ring_num_files;/* TRUE if ring num_files specified */
|
2004-03-04 19:31:21 +00:00
|
|
|
guint32 ring_num_files; /* Number of multiple buffer files */
|
|
|
|
|
gboolean has_autostop_files;/* TRUE if maximum number of capture files
|
|
|
|
|
are specified */
|
|
|
|
|
gint32 autostop_files; /* Maximum number of capture files */
|
2004-03-02 22:07:23 +00:00
|
|
|
|
2004-03-04 19:31:21 +00:00
|
|
|
gboolean has_autostop_packets; /* TRUE if maximum packet count is
|
2002-02-24 09:25:36 +00:00
|
|
|
specified */
|
2004-03-04 19:31:21 +00:00
|
|
|
int autostop_packets; /* Maximum packet count */
|
2002-02-24 09:25:36 +00:00
|
|
|
gboolean has_autostop_filesize; /* TRUE if maximum capture file size
|
|
|
|
|
is specified */
|
|
|
|
|
gint32 autostop_filesize; /* Maximum capture file size */
|
2004-03-04 19:31:21 +00:00
|
|
|
gboolean has_autostop_duration; /* TRUE if maximum capture duration
|
|
|
|
|
is specified */
|
|
|
|
|
gint32 autostop_duration; /* Maximum capture duration */
|
2002-02-24 09:25:36 +00:00
|
|
|
} capture_options;
|
|
|
|
|
|
|
|
|
|
extern capture_options capture_opts;
|
"autostop_filesize" and "autostop_duration" don't need to be in the
"capture_file" structure - they're a property of an in-progress capture,
not a property of an open capture file. Make them just variables.
The maximum number of packets to be captured should be a variable
separate from the "count" field in the "capture_file" structure - the
latter is a count of the packets in the capture file in question.
Have Boolean variables indicating whether a maximum packet count,
maximum capture file size, and maximum capture duration were specified.
If an option isn't set, and we're doing an "update list of packets in
real time" capture, don't pass the option to the child process with a
command-line argument.
Don't create "stop when the capture file reaches this size" or "stop
when the capture's run for this long" conditions if a maximum capture
file size or a maximum capture duration, respectively, haven't been
specified. Don't test or free a condition if it wasn't created.
Don't allow a 0 argument to the "-c" flag - the absence of a "-c" flag
is the way you specify "no limit on the number of packets".
Initialize the check boxes and spin buttons for the "maximum packets to
capture", "maximum capture size", and "maximum capture duration" options
to the values they had in the last capture. If an option wasn't
specified, don't read its value from the dialog box and set the
variable.
svn path=/trunk/; revision=4795
2002-02-24 03:33:05 +00:00
|
|
|
|
2004-02-21 13:40:06 +00:00
|
|
|
extern gboolean quit_after_cap; /* Makes a "capture only mode". Implies -k */
|
1999-10-02 20:00:46 +00:00
|
|
|
extern gboolean capture_child; /* if this is the child for "-S" */
|
1999-10-02 19:24:27 +00:00
|
|
|
|
1999-10-02 06:26:53 +00:00
|
|
|
/* Open a specified file, or create a temporary file, and start a capture
|
2003-09-15 23:15:32 +00:00
|
|
|
to the file in question. Returns TRUE if the capture starts
|
|
|
|
|
successfully, FALSE otherwise. */
|
|
|
|
|
gboolean do_capture(const char *save_file);
|
Add a new global flag "capture_child", which is TRUE if we're a child
process for a sync mode or fork mode capture.
Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).
Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".
Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).
For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.
All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.
svn path=/trunk/; revision=740
1999-09-30 06:50:01 +00:00
|
|
|
|
|
|
|
|
/* Do the low-level work of a capture. */
|
2001-02-11 09:28:17 +00:00
|
|
|
int capture(gboolean *stats_known, struct pcap_stat *stats);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2000-10-11 06:01:16 +00:00
|
|
|
/* Stop a capture from a menu item. */
|
|
|
|
|
void capture_stop(void);
|
|
|
|
|
|
Add a routine to kill a capture child if it exists, so that if we exit
(by deleting the main window or selecting File->Quit or typing ^Q) while
an "Update list of packets in real time" capture is in progress, we can
abort the capture.
Arrange that "fork_child" is -1 when there is no capture child, so said
routine knows when it can kill the child.
When we exit, kill off any capture child, using that routine, and, if
we're exiting due to a request to delete the main window and, if a read
is in progress (from an "Update list of packets in real time" capture),
don't delete the main window - just set the "Read aborted" flag, so that
the code doing the read will see that flag (it will be called because
the pipe to the capture child is closed due to the child exiting) will
see that and clean up and exit itself.
svn path=/trunk/; revision=4498
2002-01-08 09:32:15 +00:00
|
|
|
/* Terminate the capture child cleanly when exiting. */
|
|
|
|
|
void kill_capture_child(void);
|
|
|
|
|
|
2003-11-15 08:48:14 +00:00
|
|
|
|
|
|
|
|
/* XXX: improve this macro (put something like this into epan/packet.h?) */
|
|
|
|
|
#define CAPTURE_PACKET_COUNTS sizeof(packet_counts) / sizeof (gint)
|
|
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
|
/* handles */
|
|
|
|
|
gpointer callback_data; /* capture callback handle */
|
|
|
|
|
gpointer ui; /* user interfaces own handle */
|
|
|
|
|
|
|
|
|
|
/* capture info */
|
|
|
|
|
packet_counts *counts; /* protocol specific counters */
|
|
|
|
|
time_t running_time; /* running time since last update */
|
|
|
|
|
gint new_packets; /* packets since last update */
|
|
|
|
|
} capture_info;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* create the capture info dialog */
|
|
|
|
|
extern void capture_info_create(
|
|
|
|
|
capture_info *cinfo);
|
|
|
|
|
|
|
|
|
|
/* Update the capture info counters in the dialog */
|
|
|
|
|
extern void capture_info_update(
|
|
|
|
|
capture_info *cinfo);
|
|
|
|
|
|
|
|
|
|
/* destroy the capture info dialog again */
|
|
|
|
|
extern void capture_info_destroy(
|
|
|
|
|
capture_info *cinfo);
|
|
|
|
|
|
|
|
|
|
|
1999-07-09 04:18:36 +00:00
|
|
|
#endif /* HAVE_LIBPCAP */
|
2000-01-05 22:31:46 +00:00
|
|
|
|
|
|
|
|
#define EMPTY_FILTER ""
|
1998-09-16 02:39:15 +00:00
|
|
|
#endif /* capture.h */
|