1998-09-16 02:39:15 +00:00
|
|
|
/* capture.h
|
|
|
|
* Definitions for packet capture windows
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* Ethereal - Network traffic analyzer
|
2003-09-15 23:15:32 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
2005-03-07 10:19:33 +00:00
|
|
|
/* This file should only be included if libpcap is present */
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#ifndef __CAPTURE_H__
|
|
|
|
#define __CAPTURE_H__
|
|
|
|
|
2004-06-04 17:19:01 +00:00
|
|
|
/** @file
|
|
|
|
* Capture related things.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/** Name we give to the child process when doing a "-S" capture. */
|
If we're given the "-k" flag, don't start the capture until after we've:
popped up the top-level window (so that it looks like a capture
started from "Capture/Start");
initialized the colors (so that we don't dump core when reading
in the capture file);
popped up any message box for failure to read the preferences
file.
This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.
If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that
1) it shows up in a "ps" with a special name;
2) we don't have to invent Yet Another Flag to say "you're the
child".
(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)
If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.
svn path=/trunk/; revision=739
1999-09-30 06:11:51 +00:00
|
|
|
#define CHILD_NAME "ethereal-capture"
|
|
|
|
|
2005-04-27 19:43:02 +00:00
|
|
|
|
|
|
|
/* Current state of capture engine. XXX - differentiate states */
|
|
|
|
typedef enum {
|
|
|
|
CAPTURE_STOPPED, /**< stopped */
|
|
|
|
CAPTURE_PREPARING, /**< preparing, but still no response from capture child */
|
|
|
|
CAPTURE_RUNNING /**< capture child signalled ok, capture is running now */
|
|
|
|
} capture_state;
|
|
|
|
|
|
|
|
|
2004-06-04 17:19:01 +00:00
|
|
|
/** Capture options coming from user interface */
|
2004-12-29 09:09:35 +00:00
|
|
|
typedef struct capture_options_tag {
|
2004-10-30 14:30:52 +00:00
|
|
|
/* general */
|
2005-02-06 22:06:31 +00:00
|
|
|
void *cf; /**< handle to cfile (note: untyped handle) */
|
|
|
|
gchar *cfilter; /**< Capture filter string */
|
|
|
|
gchar *iface; /**< the network interface to capture from */
|
2005-02-06 21:20:35 +00:00
|
|
|
|
2004-03-13 22:49:30 +00:00
|
|
|
#ifdef _WIN32
|
2005-02-06 22:06:31 +00:00
|
|
|
int buffer_size; /**< the capture buffer size (MB) */
|
2004-03-13 22:49:30 +00:00
|
|
|
#endif
|
2005-02-06 22:06:31 +00:00
|
|
|
gboolean has_snaplen; /**< TRUE if maximum capture packet length
|
|
|
|
is specified */
|
|
|
|
int snaplen; /**< Maximum captured packet length */
|
|
|
|
gboolean promisc_mode; /**< Capture in promiscuous mode */
|
|
|
|
int linktype; /**< Data link type to use, or -1 for
|
|
|
|
"use default" */
|
2005-02-06 21:20:35 +00:00
|
|
|
gchar *save_file; /**< the capture file name */
|
2004-10-30 14:30:52 +00:00
|
|
|
|
|
|
|
/* GUI related */
|
2005-04-12 21:44:55 +00:00
|
|
|
gboolean real_time_mode; /**< Update list of packets in real time */
|
|
|
|
gboolean show_info; /**< show the info dialog */
|
2004-10-30 14:30:52 +00:00
|
|
|
gboolean quit_after_cap; /** Makes a "capture only mode". Implies -k */
|
2005-04-12 21:44:55 +00:00
|
|
|
gboolean restart; /**< restart after closing is done */
|
2004-03-02 22:07:23 +00:00
|
|
|
|
2004-10-30 14:30:52 +00:00
|
|
|
/* multiple files (and ringbuffer) */
|
2004-06-04 17:19:01 +00:00
|
|
|
gboolean multi_files_on; /**< TRUE if ring buffer in use */
|
2004-03-02 22:07:23 +00:00
|
|
|
|
2005-02-06 22:06:31 +00:00
|
|
|
gboolean has_file_duration; /**< TRUE if ring duration specified */
|
|
|
|
gint32 file_duration; /* Switch file after n seconds */
|
|
|
|
gboolean has_ring_num_files;/**< TRUE if ring num_files specified */
|
|
|
|
guint32 ring_num_files; /**< Number of multiple buffer files */
|
2004-10-30 14:30:52 +00:00
|
|
|
|
|
|
|
/* autostop conditions */
|
2004-06-04 17:19:01 +00:00
|
|
|
gboolean has_autostop_files;/**< TRUE if maximum number of capture files
|
2004-03-04 19:31:21 +00:00
|
|
|
are specified */
|
2004-06-04 17:19:01 +00:00
|
|
|
gint32 autostop_files; /**< Maximum number of capture files */
|
2004-03-02 22:07:23 +00:00
|
|
|
|
2004-06-04 17:19:01 +00:00
|
|
|
gboolean has_autostop_packets; /**< TRUE if maximum packet count is
|
2002-02-24 09:25:36 +00:00
|
|
|
specified */
|
2005-02-06 22:06:31 +00:00
|
|
|
int autostop_packets; /**< Maximum packet count */
|
|
|
|
gboolean has_autostop_filesize; /**< TRUE if maximum capture file size
|
|
|
|
is specified */
|
|
|
|
gint32 autostop_filesize; /**< Maximum capture file size */
|
|
|
|
gboolean has_autostop_duration; /**< TRUE if maximum capture duration
|
|
|
|
is specified */
|
|
|
|
gint32 autostop_duration; /**< Maximum capture duration */
|
2005-02-04 01:29:29 +00:00
|
|
|
|
|
|
|
/* internally used (don't touch from outside) */
|
|
|
|
int fork_child; /**< If not -1, in parent, process ID of child */
|
2005-04-10 16:43:22 +00:00
|
|
|
#ifdef _WIN32
|
|
|
|
int signal_pipe_fd; /**< the pipe to signal the child */
|
|
|
|
#endif
|
2005-04-27 19:43:02 +00:00
|
|
|
capture_state state; /**< current state of the capture engine */
|
2002-02-24 09:25:36 +00:00
|
|
|
} capture_options;
|
|
|
|
|
2004-10-30 17:50:51 +00:00
|
|
|
|
2005-02-06 00:13:00 +00:00
|
|
|
/* initialize the capture_options with some reasonable values */
|
|
|
|
extern void
|
|
|
|
capture_opts_init(capture_options *capture_opts, void *cfile);
|
|
|
|
|
2005-02-06 21:20:35 +00:00
|
|
|
extern void
|
2005-02-23 08:34:12 +00:00
|
|
|
capture_opts_add_opt(capture_options *capture_opts, const char *appname, int opt, const char *optarg, gboolean *start_capture);
|
2005-02-06 21:20:35 +00:00
|
|
|
|
2005-05-26 17:50:27 +00:00
|
|
|
/* log content of capture_opts */
|
|
|
|
extern void
|
|
|
|
capture_opts_log(const char *log_domain, GLogLevelFlags log_level, capture_options *capture_opts);
|
|
|
|
|
|
|
|
|
|
|
|
|
2005-02-05 11:37:56 +00:00
|
|
|
/**
|
2005-03-28 18:04:09 +00:00
|
|
|
* Start a capture session.
|
2004-10-30 17:50:51 +00:00
|
|
|
*
|
2005-02-05 11:37:56 +00:00
|
|
|
* @param capture_opts the numerous capture options
|
|
|
|
* @return TRUE if the capture starts successfully, FALSE otherwise.
|
|
|
|
*/
|
2005-03-28 18:04:09 +00:00
|
|
|
extern gboolean capture_start(capture_options *capture_opts);
|
|
|
|
|
|
|
|
/** Stop a capture session (usually from a menu item). */
|
|
|
|
extern void capture_stop(capture_options *capture_opts);
|
|
|
|
|
2005-04-16 20:08:00 +00:00
|
|
|
/** Restart the current captured packets and start again. */
|
|
|
|
extern void capture_restart(capture_options *capture_opts);
|
2005-04-12 21:44:55 +00:00
|
|
|
|
2005-03-28 18:04:09 +00:00
|
|
|
/** Terminate the capture child cleanly when exiting. */
|
|
|
|
extern void capture_kill_child(capture_options *capture_opts);
|
Add a new global flag "capture_child", which is TRUE if we're a child
process for a sync mode or fork mode capture.
Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).
Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".
Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).
For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.
All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.
svn path=/trunk/; revision=740
1999-09-30 06:50:01 +00:00
|
|
|
|
2005-02-28 22:46:49 +00:00
|
|
|
/**
|
2005-03-28 14:39:31 +00:00
|
|
|
* Capture child told us, we have a new (or the first) capture file.
|
2005-02-28 22:46:49 +00:00
|
|
|
*/
|
2005-03-28 14:39:31 +00:00
|
|
|
extern gboolean capture_input_new_file(capture_options *capture_opts, gchar *new_file);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Capture child told us, we have new packets to read.
|
|
|
|
*/
|
|
|
|
extern void capture_input_new_packets(capture_options *capture_opts, int to_read);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Capture child closed it's side ot the pipe, do the required cleanup.
|
|
|
|
*/
|
|
|
|
extern void capture_input_closed(capture_options *capture_opts);
|
2005-02-28 22:46:49 +00:00
|
|
|
|
2005-03-28 15:31:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
/** Do the low-level work of a capture (start the capture child).
|
|
|
|
* Returns TRUE if it succeeds, FALSE otherwise. */
|
2004-12-29 09:09:35 +00:00
|
|
|
extern int capture_loop_start(capture_options *capture_opts, gboolean *stats_known, struct pcap_stat *stats);
|
2004-10-30 17:50:51 +00:00
|
|
|
|
2005-03-28 18:04:09 +00:00
|
|
|
/** Stop a low-level capture (stops the capture child). */
|
2004-10-30 17:50:51 +00:00
|
|
|
extern void capture_loop_stop(void);
|
|
|
|
|
Add a routine to kill a capture child if it exists, so that if we exit
(by deleting the main window or selecting File->Quit or typing ^Q) while
an "Update list of packets in real time" capture is in progress, we can
abort the capture.
Arrange that "fork_child" is -1 when there is no capture child, so said
routine knows when it can kill the child.
When we exit, kill off any capture child, using that routine, and, if
we're exiting due to a request to delete the main window and, if a read
is in progress (from an "Update list of packets in real time" capture),
don't delete the main window - just set the "Read aborted" flag, so that
the code doing the read will see that flag (it will be called because
the pipe to the capture child is closed due to the child exiting) will
see that and clean up and exit itself.
svn path=/trunk/; revision=4498
2002-01-08 09:32:15 +00:00
|
|
|
|
2003-11-15 08:48:14 +00:00
|
|
|
|
2004-06-04 17:19:01 +00:00
|
|
|
/** Current Capture info. */
|
2003-11-15 08:48:14 +00:00
|
|
|
typedef struct {
|
|
|
|
/* handles */
|
2004-06-04 17:19:01 +00:00
|
|
|
gpointer callback_data; /**< capture callback handle */
|
|
|
|
gpointer ui; /**< user interfaces own handle */
|
2003-11-15 08:48:14 +00:00
|
|
|
|
|
|
|
/* capture info */
|
2004-06-04 17:19:01 +00:00
|
|
|
packet_counts *counts; /**< protocol specific counters */
|
|
|
|
time_t running_time; /**< running time since last update */
|
|
|
|
gint new_packets; /**< packets since last update */
|
2003-11-15 08:48:14 +00:00
|
|
|
} capture_info;
|
|
|
|
|
|
|
|
|
2004-06-04 17:19:01 +00:00
|
|
|
/** Create the capture info dialog */
|
2003-11-15 08:48:14 +00:00
|
|
|
extern void capture_info_create(
|
2004-04-13 18:01:40 +00:00
|
|
|
capture_info *cinfo,
|
|
|
|
gchar *iface);
|
2003-11-15 08:48:14 +00:00
|
|
|
|
2004-06-04 17:19:01 +00:00
|
|
|
/** Update the capture info counters in the dialog */
|
2003-11-15 08:48:14 +00:00
|
|
|
extern void capture_info_update(
|
|
|
|
capture_info *cinfo);
|
|
|
|
|
2004-06-04 17:19:01 +00:00
|
|
|
/** Destroy the capture info dialog again */
|
2003-11-15 08:48:14 +00:00
|
|
|
extern void capture_info_destroy(
|
|
|
|
capture_info *cinfo);
|
|
|
|
|
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
#endif /* capture.h */
|