From 9600ef2279506e088b19a38db6eb1ca03ad4d84e Mon Sep 17 00:00:00 2001 From: John Thacker Date: Sun, 31 Dec 2023 20:08:05 -0500 Subject: [PATCH] dumpcap: Pass the Capchild log level from parent to dumpcap Pass the Capchild log domain (dumpcap's log domain) level from the parent to dumpcap when setting up the pipe. Move a few of the debugging level messagesi that previously required a #define to be set from INFO to DEBUG. This means that "--log-debug Capchild" or "--log-level debug" can be used to get DEBUG level log messages sent via the sync pipe to the parent and then the console, without having to set a #define in dumpcap. Related to #19519 --- capture/capture_sync.c | 14 +++++++++++++- dumpcap.c | 41 +++++++++++++++-------------------------- 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/capture/capture_sync.c b/capture/capture_sync.c index c38dad214d..ee2e1e87ec 100644 --- a/capture/capture_sync.c +++ b/capture/capture_sync.c @@ -256,6 +256,18 @@ init_pipe_args(int *argc) { /* Make that the first argument in the argument list (argv[0]). */ argv = sync_pipe_add_arg(argv, argc, exename); + /* Tell dumpcap to log at the lowest level its domain (Capchild) is + * set to log in the main program. (It might be in the special noisy + * or debug filter, so we can't just check the overall level.) + */ + for (enum ws_log_level level = LOG_LEVEL_NOISY; level != _LOG_LEVEL_LAST; level++) { + if (ws_log_msg_is_active(LOG_DOMAIN_CAPCHILD, level)) { + argv = sync_pipe_add_arg(argv, argc, "--log-level"); + argv = sync_pipe_add_arg(argv, argc, ws_log_level_to_string(level)); + break; + } + } + /* sync_pipe_add_arg strdupes exename, so we should free our copy */ g_free(exename); @@ -1632,7 +1644,7 @@ sync_interface_stats_open(int *data_read_fd, ws_process_id *fork_child, char **d } break; } - } while (indicator == SP_IFACE_LIST && ret != -1); + } while (indicator != SP_SUCCESS && ret != -1); return ret; } diff --git a/dumpcap.c b/dumpcap.c index 7df0e8c274..e02409e99c 100644 --- a/dumpcap.c +++ b/dumpcap.c @@ -95,12 +95,14 @@ #include "wiretap/pcapng.h" /* - * Define these for extra logging messages at INFO and below. Note - * that when dumpcap is spawned as a child process, logs are sent - * to the parent via the sync pipe. + * Define these for extra logging. Note that when dumpcap is spawned as + * a child process, logs are sent to the parent via the sync pipe. + * The parent will pass along the Capchild domain log level settings, + * so "--log-debug Capchild" or "--log-level debug" can be used to get + * debugging from dumpcap sent to the parent. */ -/**#define DEBUG_DUMPCAP**/ /* Logs INFO and below messages normally */ -/**#define DEBUG_CHILD_DUMPCAP**/ /* Writes INFO and below logs to file */ +//#define DEBUG_DUMPCAP /* Waits for keypress on quitting on Windows */ +//#define DEBUG_CHILD_DUMPCAP /* Writes logs to file */ #ifdef _WIN32 #include "wsutil/win32-utils.h" @@ -113,10 +115,8 @@ FILE *debug_log; /* for logging debug messages to */ /* a file if DEBUG_CHILD_DUMPCAP */ /* is defined */ -#ifdef DEBUG_DUMPCAP #include /* va_copy */ #endif -#endif static GAsyncQueue *pcap_queue; static gint64 pcap_queue_bytes; @@ -4797,15 +4797,11 @@ capture_loop_write_pcapng_cb(capture_src *pcap_src, const pcapng_block_header_t pcap_src->dropped++; } else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB || bh->block_type == BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2 || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE) { /* Count packets for block types that should be dissected, i.e. ones that show up in the packet list. */ -#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) - ws_info("Wrote a pcapng block type %u of length %d captured on interface %u.", + ws_debug("Wrote a pcapng block type %u of length %d captured on interface %u.", bh->block_type, bh->block_total_length, pcap_src->interface_id); -#endif capture_loop_wrote_one_packet(pcap_src); } else if (bh->block_type == BLOCK_TYPE_SHB && report_capture_filename) { -#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) - ws_info("Sending SP_FILE on first SHB"); -#endif + ws_debug("Sending SP_FILE on first SHB"); /* SHB is now ready for capture parent to read on SP_FILE message */ sync_pipe_write_string_msg(sync_pipe_fd, SP_FILE, report_capture_filename); report_capture_filename = NULL; @@ -4859,10 +4855,8 @@ capture_loop_write_packet_cb(u_char *pcap_src_p, const struct pcap_pkthdr *phdr, global_ld.err = err; pcap_src->dropped++; } else { -#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) - ws_info("Wrote a pcap packet of length %d captured on interface %u.", + ws_debug("Wrote a pcap packet of length %d captured on interface %u.", phdr->caplen, pcap_src->interface_id); -#endif capture_loop_wrote_one_packet(pcap_src); } } @@ -5172,17 +5166,14 @@ main(int argc, char *argv[]) /* Early logging command-line initialization. */ ws_log_parse_args(&argc, argv, vcmdarg_err, 1); -#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) - /* sync_pipe_start does not pass along log level information from - * the parent (XXX: it probably should.) Assume that if we're - * specially compiled with dumpcap debugging then we want it on. +#if DEBUG_CHILD_DUMPCAP + /* Assume that if we're specially compiled with dumpcap debugging + * then we want maximum debugging. */ if (capture_child) { - ws_log_set_level(LOG_LEVEL_DEBUG); + ws_log_set_level(LOG_LEVEL_NOISY); } -#endif -#ifdef DEBUG_CHILD_DUMPCAP if ((debug_log = ws_fopen("dumpcap_debug_log.tmp","w")) == NULL) { fprintf (stderr, "Unable to open debug log file .\n"); exit (1); @@ -6048,9 +6039,7 @@ report_new_capture_file(const char *filename) ws_debug("File: %s", filename); if (global_ld.pcapng_passthrough) { /* Save filename for sending SP_FILE to capture parent after SHB is passed-through */ -#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) - ws_info("Delaying SP_FILE until first SHB"); -#endif + ws_debug("Delaying SP_FILE until first SHB"); report_capture_filename = filename; } else { sync_pipe_write_string_msg(sync_pipe_fd, SP_FILE, filename);