osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

dumpcap: Pass the Capchild log level from parent to dumpcap 

Pass the Capchild log domain (dumpcap's log domain) level from
the parent to dumpcap when setting up the pipe. Move a few of
the debugging level messagesi that previously required a #define
to be set from INFO to DEBUG.

This means that
"--log-debug Capchild" or "--log-level debug" can be used to get
DEBUG level log messages sent via the sync pipe to the parent and
then the console, without having to set a #define in dumpcap.

Related to #19519
This commit is contained in:
John Thacker 2023-12-31 20:08:05 -05:00
parent 3fbefe9c36
commit 9600ef2279
2 changed files with 28 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
capture/capture_sync.c
View File

@ -256,6 +256,18 @@ init_pipe_args(int *argc) {
/* Make that the first argument in the argument list (argv[0]). */
argv = sync_pipe_add_arg(argv, argc, exename);
/* Tell dumpcap to log at the lowest level its domain (Capchild) is
* set to log in the main program. (It might be in the special noisy
* or debug filter, so we can't just check the overall level.)
*/
for (enum ws_log_level level = LOG_LEVEL_NOISY; level != _LOG_LEVEL_LAST; level++) {
if (ws_log_msg_is_active(LOG_DOMAIN_CAPCHILD, level)) {
argv = sync_pipe_add_arg(argv, argc, "--log-level");
argv = sync_pipe_add_arg(argv, argc, ws_log_level_to_string(level));
break;
}
}
/* sync_pipe_add_arg strdupes exename, so we should free our copy */
g_free(exename);
@ -1632,7 +1644,7 @@ sync_interface_stats_open(int *data_read_fd, ws_process_id *fork_child, char **d
}
break;
}
} while (indicator == SP_IFACE_LIST && ret != -1);
} while (indicator != SP_SUCCESS && ret != -1);
return ret;
}

41
dumpcap.c
View File

@ -95,12 +95,14 @@
#include "wiretap/pcapng.h"
/*
* Define these for extra logging messages at INFO and below. Note
* that when dumpcap is spawned as a child process, logs are sent
* to the parent via the sync pipe.
* Define these for extra logging. Note that when dumpcap is spawned as
* a child process, logs are sent to the parent via the sync pipe.
* The parent will pass along the Capchild domain log level settings,
* so "--log-debug Capchild" or "--log-level debug" can be used to get
* debugging from dumpcap sent to the parent.
*/
/**#define DEBUG_DUMPCAP**/ /* Logs INFO and below messages normally */
/**#define DEBUG_CHILD_DUMPCAP**/ /* Writes INFO and below logs to file */
//#define DEBUG_DUMPCAP /* Waits for keypress on quitting on Windows */
//#define DEBUG_CHILD_DUMPCAP /* Writes logs to file */
#ifdef _WIN32
#include "wsutil/win32-utils.h"
@ -113,10 +115,8 @@
FILE *debug_log; /* for logging debug messages to */
/* a file if DEBUG_CHILD_DUMPCAP */
/* is defined */
#ifdef DEBUG_DUMPCAP
#include <stdarg.h> /* va_copy */
#endif
#endif
static GAsyncQueue *pcap_queue;
static gint64 pcap_queue_bytes;
@ -4797,15 +4797,11 @@ capture_loop_write_pcapng_cb(capture_src *pcap_src, const pcapng_block_header_t
pcap_src->dropped++;
} else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB || bh->block_type == BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2 || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE) {
/* Count packets for block types that should be dissected, i.e. ones that show up in the packet list. */
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
ws_info("Wrote a pcapng block type %u of length %d captured on interface %u.",
ws_debug("Wrote a pcapng block type %u of length %d captured on interface %u.",
bh->block_type, bh->block_total_length, pcap_src->interface_id);
#endif
capture_loop_wrote_one_packet(pcap_src);
} else if (bh->block_type == BLOCK_TYPE_SHB && report_capture_filename) {
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
ws_info("Sending SP_FILE on first SHB");
#endif
ws_debug("Sending SP_FILE on first SHB");
/* SHB is now ready for capture parent to read on SP_FILE message */
sync_pipe_write_string_msg(sync_pipe_fd, SP_FILE, report_capture_filename);
report_capture_filename = NULL;
@ -4859,10 +4855,8 @@ capture_loop_write_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr,
global_ld.err = err;
pcap_src->dropped++;
} else {
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
ws_info("Wrote a pcap packet of length %d captured on interface %u.",
ws_debug("Wrote a pcap packet of length %d captured on interface %u.",
phdr->caplen, pcap_src->interface_id);
#endif
capture_loop_wrote_one_packet(pcap_src);
}
}
@ -5172,17 +5166,14 @@ main(int argc, char *argv[])
/* Early logging command-line initialization. */
ws_log_parse_args(&argc, argv, vcmdarg_err, 1);
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
/* sync_pipe_start does not pass along log level information from
* the parent (XXX: it probably should.) Assume that if we're
* specially compiled with dumpcap debugging then we want it on.
#if DEBUG_CHILD_DUMPCAP
/* Assume that if we're specially compiled with dumpcap debugging
* then we want maximum debugging.
*/
if (capture_child) {
ws_log_set_level(LOG_LEVEL_DEBUG);
ws_log_set_level(LOG_LEVEL_NOISY);
}
#endif
#ifdef DEBUG_CHILD_DUMPCAP
if ((debug_log = ws_fopen("dumpcap_debug_log.tmp","w")) == NULL) {
fprintf (stderr, "Unable to open debug log file .\n");
exit (1);
@ -6048,9 +6039,7 @@ report_new_capture_file(const char *filename)
ws_debug("File: %s", filename);
if (global_ld.pcapng_passthrough) {
/* Save filename for sending SP_FILE to capture parent after SHB is passed-through */
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
ws_info("Delaying SP_FILE until first SHB");
#endif
ws_debug("Delaying SP_FILE until first SHB");
report_capture_filename = filename;
} else {
sync_pipe_write_string_msg(sync_pipe_fd, SP_FILE, filename);