diff --git a/CMakeLists.txt b/CMakeLists.txt index c66d3e0f50..f0dc01c60a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -844,6 +844,10 @@ if(ENABLE_AIRPCAP) set(PACKAGELIST ${PACKAGELIST} AIRPCAP) endif() +if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(PACKAGELIST ${PACKAGELIST} Systemd) +endif() + # Build the Qt GUI? if(BUILD_wireshark) # Untested, may not work if CMAKE_PREFIX_PATH gets overwritten diff --git a/CMakeOptions.txt b/CMakeOptions.txt index 6d429b57a5..c267c00884 100644 --- a/CMakeOptions.txt +++ b/CMakeOptions.txt @@ -16,12 +16,19 @@ option(BUILD_dftest "Build dftest" ON) option(BUILD_corbaidl2wrs "Build corbaidl2wrs" OFF) option(BUILD_dcerpcidl2wrs "Build dcerpcidl2wrs" ON) option(BUILD_xxx2deb "Build xxx2deb" OFF) + option(BUILD_androiddump "Build androiddump" ON) option(BUILD_sshdump "Build sshdump" ON) option(BUILD_ciscodump "Build ciscodump" ON) option(BUILD_dpauxmon "Build dpauxmon" ON) option(BUILD_randpktdump "Build randpktdump" ON) +if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + option(BUILD_sdjournal "Build sdjournal" ON) +else() + option(BUILD_sdjournal "Build sdjournal" OFF) +endif() option(BUILD_udpdump "Build udpdump" ON) + option(BUILD_sharkd "Build sharkd" ON) if(WIN32) option(BUILD_fuzzshark "Build fuzzshark" OFF) diff --git a/cmake/modules/FindSystemd.cmake b/cmake/modules/FindSystemd.cmake new file mode 100644 index 0000000000..e6d107d337 --- /dev/null +++ b/cmake/modules/FindSystemd.cmake @@ -0,0 +1,41 @@ +# Copied from https://github.com/Cloudef/wlc/blob/master/CMake/FindSystemd.cmake +#.rst: +# FindSystemd +# ------- +# +# Find Systemd library +# +# Try to find Systemd library on UNIX systems. The following values are defined +# +# :: +# +# SYSTEMD_FOUND - True if Systemd is available +# SYSTEMD_INCLUDE_DIRS - Include directories for Systemd +# SYSTEMD_LIBRARIES - List of libraries for Systemd +# SYSTEMD_DEFINITIONS - List of definitions for Systemd +# +#============================================================================= +# Copyright (c) 2015 Jari Vetoniemi +# +# Distributed under the OSI-approved BSD License (the "License"); +# +# This software is distributed WITHOUT ANY WARRANTY; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the License for more information. +#============================================================================= + +include(FeatureSummary) +set_package_properties(Systemd PROPERTIES + URL "http://freedesktop.org/wiki/Software/systemd/" + DESCRIPTION "System and Service Manager") + +find_package(PkgConfig) +pkg_check_modules(PC_SYSTEMD QUIET libsystemd) +find_library(SYSTEMD_LIBRARIES NAMES systemd ${PC_SYSTEMD_LIBRARY_DIRS}) +find_path(SYSTEMD_INCLUDE_DIRS systemd/sd-login.h HINTS ${PC_SYSTEMD_INCLUDE_DIRS}) + +set(SYSTEMD_DEFINITIONS ${PC_SYSTEMD_CFLAGS_OTHER}) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(SYSTEMD DEFAULT_MSG SYSTEMD_INCLUDE_DIRS SYSTEMD_LIBRARIES) +mark_as_advanced(SYSTEMD_INCLUDE_DIRS SYSTEMD_LIBRARIES SYSTEMD_DEFINITIONS) diff --git a/debian/control b/debian/control index 7f0fee224c..71aa44305e 100644 --- a/debian/control +++ b/debian/control @@ -15,7 +15,7 @@ Build-Depends: lsb-release, # backports-compatible. libgnutls28-dev (>= 3.2.14-1~) | libgnutls-dev, libgcrypt-dev, libkrb5-dev, liblua5.2-dev, libsmi2-dev, - libmaxminddb-dev, dpkg-dev (>= 1.16.1~), + libmaxminddb-dev, dpkg-dev (>= 1.16.1~), libsystemd-dev, libnl-genl-3-dev [linux-any], libnl-route-3-dev [linux-any], asciidoctor, cmake (>= 3.5) | cmake3, libsbc-dev, libnghttp2-dev, libssh-gcrypt-dev, liblz4-dev, libsnappy-dev, libspandsp-dev, libxml2-dev diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index b8421bfab8..b21f746023 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -83,6 +83,10 @@ if(BUILD_dpauxmon AND HAVE_LIBNL3) pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dpauxmon 1) endif() +if(BUILD_sdjournal AND SYSTEMD_FOUND) + pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sdjournal 1) +endif() + if(MAXMINDDB_FOUND) pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mmdbresolve 1) endif() @@ -120,6 +124,10 @@ if(BUILD_dpauxmon AND HAVE_LIBNL3) list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.1) endif() +if(BUILD_sdjournal AND SYSTEMD_FOUND) + list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.1) +endif() + if(MAXMINDDB_FOUND) list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.1) endif() @@ -174,6 +182,10 @@ if(BUILD_dpauxmon AND HAVE_LIBNL3) list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.html) endif() +if(BUILD_sdjournal AND SYSTEMD_FOUND) + list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.html) +endif() + if(MAXMINDDB_FOUND) list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.html) endif() diff --git a/doc/sdjournal.pod b/doc/sdjournal.pod new file mode 100644 index 0000000000..37738bda10 --- /dev/null +++ b/doc/sdjournal.pod @@ -0,0 +1,145 @@ +=begin man + +=encoding utf8 + +=end man + +=head1 NAME + +sdjournal - Provide an interface to capture systemd journal entries. + +=head1 SYNOPSIS + +B +S<[ B<--help> ]> +S<[ B<--version> ]> +S<[ B<--extcap-interfaces> ]> +S<[ B<--extcap-dlts> ]> +S<[ B<--extcap-interface>=EinterfaceE ]> +S<[ B<--extcap-config> ]> +S<[ B<--capture> ]> +S<[ B<--fifo>=Epath to file or pipeE ]> +S<[ B<--start-from>=Eentry countE ]> + +=head1 DESCRIPTION + +B is an extcap tool that allows one to capture systemd +journal entries. It can be used to correlate system events with +network traffic. + +Supported interfaces: + +=over 4 + +=item 1. sdjournal + +=back + +=head1 OPTIONS + +=over 4 + +=item --help + +Print program arguments. + +=item --version + +Print program version. + +=item --extcap-interfaces + +List available interfaces. + +=item --extcap-interface=EinterfaceE + +Use specified interfaces. + +=item --extcap-dlts + +List DLTs of specified interface. + +=item --extcap-config + +List configuration options of specified interface. + +=item --capture + +Start capturing from specified interface and write raw packet data to the location specified by --fifo. + +=item --fifo=Epath to file or pipeE + +Save captured packet to file or send it through pipe. + +=item --start-from=Eentry countE + +Start from the last Eentry countE entries, similar to the +"-n" or "--lines" argument for the L command. Values prefixed +with a B<+> sign start from the beginning of the journal, otherwise +the count starts from the end. The default value is 10. To include +all entries use B<+0>. + +=back + +=head1 EXAMPLES + +To see program arguments: + + sdjournal --help + +To see program version: + + sdjournal --version + +To see interfaces: + + sdjournal --extcap-interfaces + +Only one interface (sdjournal) is supported. + + Output: + interface {value=sdjournal}{display=systemd journal capture} + +To see interface DLTs: + + sdjournal --extcap-interface=sdjournal --extcap-dlts + + Output: + dlt {number=147}{name=sdjournal}{display=USER0} + +To see interface configuration options: + + sdjournal --extcap-interface=sdjournal --extcap-config + + Output: + + arg {number=0}{call=--start-from}{display=Starting position}{type=string} + {tooltip=The journal starting position. Values with a leading "+" start from the beginning, similar to the "tail" command} + +To capture: + + sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture + +To capture all entries since the system was booted: + + sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture --start-from +0 + +NOTE: To stop capturing CTRL+C/kill/terminate application. + +=head1 SEE ALSO + +wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1) + +=head1 NOTES + +B is part of the B distribution. The latest version +of B can be found at L. + +HTML versions of the Wireshark project man pages are available at: +L. + +=head1 AUTHORS + + Original Author + -------- ------ + Gerald Combs diff --git a/dumpcap.c b/dumpcap.c index 6100c06eca..0dd2d5d022 100644 --- a/dumpcap.c +++ b/dumpcap.c @@ -4211,7 +4211,7 @@ capture_loop_write_pcapng_cb(capture_src *pcap_src, const struct pcapng_block_he global_ld.go = FALSE; global_ld.err = err; pcap_src->dropped++; - } else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB) { + } else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB || bh->block_type == BLOCK_TYPE_SYSTEMD_JOURNAL) { /* count packet only if we actually have an EPB or SPB */ #if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, diff --git a/extcap/CMakeLists.txt b/extcap/CMakeLists.txt index 5ed2f7fcd3..0c1daa6a14 100644 --- a/extcap/CMakeLists.txt +++ b/extcap/CMakeLists.txt @@ -214,6 +214,31 @@ if(BUILD_randpktdump) add_dependencies(extcaps randpktdump) endif() +if(BUILD_sdjournal AND SYSTEMD_FOUND) + set(sdjournal_LIBS + ui + wiretap + writecap + wsutil + ${GLIB2_LIBRARIES} + ${ZLIB_LIBRARIES} + ${CMAKE_DL_LIBS} + ${SYSTEMD_LIBRARIES} + ) + set(sdjournal_FILES + extcap-base.c + sdjournal.c + ) + + add_executable(sdjournal WIN32 ${sdjournal_FILES}) + set_extcap_executable_properties(sdjournal) + target_link_libraries(sdjournal ${sdjournal_LIBS}) + install(TARGETS sdjournal RUNTIME DESTINATION ${EXTCAP_INSTALL_LIBDIR}) + add_dependencies(extcaps sdjournal) +elseif (BUILD_sdjournal) + #message( WARNING "Cannot find libsystemd, cannot build sdjournal" ) +endif() + set(CLEAN_C_FILES ${dumpcap_FILES} ${androiddump_FILES} diff --git a/extcap/sdjournal.c b/extcap/sdjournal.c new file mode 100644 index 0000000000..1431761581 --- /dev/null +++ b/extcap/sdjournal.c @@ -0,0 +1,449 @@ +/* sdjournal.c + * sdjournal is an extcap tool used to dump systemd journal entries. + * + * Adapted from sshdump. + * Copyright 2018, Gerald Combs and Dario Lombardo + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +/* + * To do: + * - Add an option for sd_journal_open flags, e.g. SD_JOURNAL_LOCAL_ONLY. + * - Add journalctl options - --boot, --machine, --directory, etc. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include +#include +#include + +#define SDJOURNAL_VERSION_MAJOR "1" +#define SDJOURNAL_VERSION_MINOR "0" +#define SDJOURNAL_VERSION_RELEASE "0" + +#define SDJOURNAL_EXTCAP_INTERFACE "sdjournal" +#define BLOCK_TYPE_SYSTEMD_JOURNAL 0x00000009 + +enum { + EXTCAP_BASE_OPTIONS_ENUM, + OPT_HELP, + OPT_VERSION, + OPT_START_FROM +}; + +static struct option longopts[] = { + EXTCAP_BASE_OPTIONS, + { "help", no_argument, NULL, OPT_HELP}, + { "version", no_argument, NULL, OPT_VERSION}, + { "start-from", required_argument, NULL, OPT_START_FROM}, + { 0, 0, 0, 0} +}; + +#define FLD_BOOT_ID "_BOOT_ID=" +#define FLD_BOOT_ID_LEN (8 + 1 + 33 + 1) + +// The Journal Export Format specification doesn't place limits on entry +// lengths or lines per entry. We do. +#define ENTRY_BUF_LENGTH WTAP_MAX_PACKET_SIZE_STANDARD +#define MAX_EXPORT_ENTRY_LENGTH (ENTRY_BUF_LENGTH - 4 - 4 - 4) // Block type - total length - total length + +static int sdj_dump_entries(sd_journal *jnl, FILE* fp) +{ + int ret = EXIT_SUCCESS; + guint8 *entry_buff = g_new(guint8, ENTRY_BUF_LENGTH); + int jr = 0; + + /* + * Read journal entries and write them as packets. Output must + * match `journalctl --output=export`. + */ + while (jr == 0) { + char *cursor; + uint64_t pkt_rt_ts, mono_ts; + sd_id128_t boot_id; + char boot_id_str[FLD_BOOT_ID_LEN] = FLD_BOOT_ID; + guint32 block_type = BLOCK_TYPE_SYSTEMD_JOURNAL; + guint32 data_end = 8; // Block type + total length + const void *fld_data; + size_t fld_len; + guint64 bytes_written = 0; + int err; + + memcpy(entry_buff, &block_type, 4); + + jr = sd_journal_next(jnl); + g_debug("sd_journal_next: %d", jr); + if (jr < 0) { + g_warning("Error fetching journal entry: %s", g_strerror(jr)); + goto end; + } else if (jr == 0) { + sd_journal_wait(jnl, (uint64_t) -1); + continue; + } + + jr = sd_journal_get_cursor(jnl, &cursor); + if (jr < 0) { + g_warning("Error fetching cursor: %s", g_strerror(jr)); + goto end; + } + data_end += g_snprintf(entry_buff+data_end, MAX_EXPORT_ENTRY_LENGTH-data_end, "__CURSOR=%s\n", cursor); + free(cursor); + + jr = sd_journal_get_realtime_usec(jnl, &pkt_rt_ts); + if (jr < 0) { + g_warning("Error fetching realtime timestamp: %s", g_strerror(jr)); + goto end; + } + data_end += g_snprintf(entry_buff+data_end, MAX_EXPORT_ENTRY_LENGTH-data_end, "__REALTIME_TIMESTAMP=%" G_GUINT64_FORMAT "\n", pkt_rt_ts); + + jr = sd_journal_get_monotonic_usec(jnl, &mono_ts, &boot_id); + if (jr < 0) { + g_warning("Error fetching monotonic timestamp: %s", g_strerror(jr)); + goto end; + } + sd_id128_to_string(boot_id, boot_id_str + strlen(FLD_BOOT_ID)); + data_end += g_snprintf(entry_buff+data_end, MAX_EXPORT_ENTRY_LENGTH-data_end, "__MONOTONIC_TIMESTAMP=%" G_GUINT64_FORMAT "\n%s\n", mono_ts, boot_id_str); + g_debug("Entry header is %u bytes", data_end); + + SD_JOURNAL_FOREACH_DATA(jnl, fld_data, fld_len) { + guint8 *eq_ptr = (guint8 *) memchr(fld_data, '=', fld_len); + if (!eq_ptr) { + g_warning("Invalid field."); + goto end; + } + if (g_utf8_validate((const char *) fld_data, (gssize) fld_len, NULL)) { + // Allow for two trailing newlines, one here and one + // at the end of the buffer. + if (fld_len > MAX_EXPORT_ENTRY_LENGTH-data_end-2) { + g_debug("Breaking on UTF-8 field: %u + %zd", data_end, fld_len); + break; + } + memcpy(entry_buff+data_end, fld_data, fld_len); + data_end += (guint32) fld_len; + entry_buff[data_end] = '\n'; + data_end++; + } else { + // \n + 64-bit size + \n + trailing \n = 11 + if (fld_len > MAX_EXPORT_ENTRY_LENGTH-data_end-11) { + g_debug("Breaking on binary field: %u + %zd", data_end, fld_len); + break; + } + ptrdiff_t name_len = eq_ptr - (guint8 *) fld_data; + uint64_t le_data_len; + le_data_len = htole64(fld_len - name_len - 1); + memcpy(entry_buff+data_end, fld_data, name_len); + data_end+= name_len; + entry_buff[data_end] = '\n'; + data_end++; + memcpy(entry_buff+data_end, &le_data_len, 8); + data_end += 8; + memcpy(entry_buff+data_end, (guint8 *) fld_data + name_len + 1, fld_len - name_len); + data_end += fld_len - name_len; + } + } + + if (data_end % 4) { + size_t pad_len = 4 - (data_end % 4); + memset(entry_buff+data_end, '\0', pad_len); + data_end += pad_len; + } + + guint32 total_len = data_end + 4; + memcpy (entry_buff+4, &total_len, 4); + memcpy (entry_buff+data_end, &total_len, 4); + + g_debug("Attempting to write %u bytes", total_len); + if (!pcapng_write_block(fp, entry_buff, total_len, &bytes_written, &err)) { + g_warning("Can't write event: %s", strerror(err)); + ret = EXIT_FAILURE; + break; + } + + fflush(fp); + } + +end: + g_free(entry_buff); + return ret; +} + +static int sdj_start_export(const int start_from_entries, const gboolean start_from_end, const char* fifo) +{ + FILE* fp = stdout; + guint64 bytes_written = 0; + int err; + sd_journal *jnl = NULL; + sd_id128_t boot_id; + char boot_id_str[FLD_BOOT_ID_LEN] = FLD_BOOT_ID; + int ret = EXIT_FAILURE; + char* err_info = NULL; + char *appname; + gboolean success; + int jr = 0; + + if (g_strcmp0(fifo, "-")) { + /* Open or create the output file */ + fp = fopen(fifo, "wb"); + if (fp == NULL) { + g_warning("Error creating output file: %s (%s)", fifo, g_strerror(errno)); + return EXIT_FAILURE; + } + } + + + appname = g_strdup_printf(SDJOURNAL_EXTCAP_INTERFACE " (Wireshark) %s.%s.%s", + SDJOURNAL_VERSION_MAJOR, SDJOURNAL_VERSION_MINOR, SDJOURNAL_VERSION_RELEASE); + success = pcapng_write_session_header_block(fp, + NULL, /* Comment */ + NULL, /* HW */ + NULL, /* OS */ + appname, + -1, /* section_length */ + &bytes_written, + &err); + g_free(appname); + + if (!success) { + g_warning("Can't write pcapng file header"); + goto cleanup; + } + + jr = sd_journal_open(&jnl, 0); + if (jr < 0) { + g_warning("Error opening journal: %s", g_strerror(jr)); + goto cleanup; + } + + jr = sd_id128_get_boot(&boot_id); + if (jr < 0) { + g_warning("Error fetching system boot ID: %s", g_strerror(jr)); + goto cleanup; + } + + sd_id128_to_string(boot_id, boot_id_str + strlen(FLD_BOOT_ID)); + jr = sd_journal_add_match(jnl, boot_id_str, strlen(boot_id_str)); + if (jr < 0) { + g_warning("Error adding match: %s", g_strerror(jr)); + goto cleanup; + } + + // According to the documentation, fields *might be* truncated to 64K. + // Let's assume that 2048 is a good balance between fetching entire fields + // and being able to fit as many fields as possible into a packet. + sd_journal_set_data_threshold(jnl, 2048); + + if (start_from_end) { + g_debug("Attempting to seek %d entries from the end", start_from_entries); + jr = sd_journal_seek_tail(jnl); + if (jr < 0) { + g_warning("Error starting at end: %s", g_strerror(jr)); + goto cleanup; + } + jr = sd_journal_previous_skip(jnl, (uint64_t) start_from_entries + 1); + if (jr < 0) { + g_warning("Error skipping backward: %s", g_strerror(jr)); + goto cleanup; + } + } else { + g_debug("Attempting to seek %d entries from the beginning", start_from_entries); + jr = sd_journal_seek_head(jnl); + if (jr < 0) { + g_warning("Error starting at beginning: %s", g_strerror(jr)); + goto cleanup; + } + if (start_from_entries > 0) { + jr = sd_journal_next_skip(jnl, (uint64_t) start_from_entries); + if (jr < 0) { + g_warning("Error skipping forward: %s", g_strerror(jr)); + goto cleanup; + } + } + } + + /* read from channel and write into fp */ + if (sdj_dump_entries(jnl, fp) != 0) { + g_warning("Error dumping entries"); + goto cleanup; + } + + ret = EXIT_SUCCESS; + +cleanup: + if (jnl) { + sd_journal_close(jnl); + } + + if (err_info) { + g_warning("%s", err_info); + } + + g_free(err_info); + + /* clean up and exit */ + if (g_strcmp0(fifo, "-")) { + fclose(fp); + } + return ret; +} + +static int list_config(char *interface) +{ + unsigned inc = 0; + + if (!interface) { + g_warning("ERROR: No interface specified."); + return EXIT_FAILURE; + } + + if (g_strcmp0(interface, SDJOURNAL_EXTCAP_INTERFACE)) { + g_warning("ERROR: interface must be %s", SDJOURNAL_EXTCAP_INTERFACE); + return EXIT_FAILURE; + } + + printf("arg {number=%u}{call=--start-from}{display=Starting position}" + "{type=string}{tooltip=The journal starting position. Values " + "with a leading \"+\" start from the beginning, similar to the " + "\"tail\" command}{required=false}{group=Journal}\n", inc++); + + extcap_config_debug(&inc); + + return EXIT_SUCCESS; +} + +int main(int argc, char **argv) +{ + int result; + int option_idx = 0; + int start_from_entries = 10; + gboolean start_from_end = TRUE; + int ret = EXIT_FAILURE; + extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1); + char* help_url; + char* help_header = NULL; + + help_url = data_file_url("sdjournal.html"); + extcap_base_set_util_info(extcap_conf, argv[0], SDJOURNAL_VERSION_MAJOR, SDJOURNAL_VERSION_MINOR, + SDJOURNAL_VERSION_RELEASE, help_url); + g_free(help_url); + // We don't have an SDJOURNAL DLT, so use USER0 (147). + extcap_base_register_interface(extcap_conf, SDJOURNAL_EXTCAP_INTERFACE, "systemd Journal Export", 147, "USER0"); + + help_header = g_strdup_printf( + " %s --extcap-interfaces\n" + " %s --extcap-interface=%s --extcap-dlts\n" + " %s --extcap-interface=%s --extcap-config\n" + " %s --extcap-interface=%s --start-from=+0 --fifo=FILENAME --capture\n", + argv[0], + argv[0], SDJOURNAL_EXTCAP_INTERFACE, + argv[0], SDJOURNAL_EXTCAP_INTERFACE, + argv[0], SDJOURNAL_EXTCAP_INTERFACE); + extcap_help_add_header(extcap_conf, help_header); + g_free(help_header); + extcap_help_add_option(extcap_conf, "--help", "print this help"); + extcap_help_add_option(extcap_conf, "--version", "print the version"); + extcap_help_add_option(extcap_conf, "--start-from ", "starting position"); + + opterr = 0; + optind = 0; + + if (argc == 1) { + extcap_help_print(extcap_conf); + goto end; + } + + while ((result = getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) { + + switch (result) { + + case OPT_HELP: + extcap_help_print(extcap_conf); + ret = EXIT_SUCCESS; + goto end; + + case OPT_VERSION: + printf("%s\n", extcap_conf->version); + ret = EXIT_SUCCESS; + goto end; + + case OPT_START_FROM: + start_from_entries = (int) strtol(optarg, NULL, 10); + if (errno == EINVAL) { + g_warning("Invalid entry count: %s", optarg); + goto end; + } + if (strlen(optarg) > 0 && optarg[0] == '+') { + start_from_end = FALSE; + } + if (start_from_entries < 0) { + start_from_end = TRUE; + start_from_entries *= -1; + } + g_debug("start %d from %s", start_from_entries, start_from_end ? "end" : "beginning"); + break; + + case ':': + /* missing option argument */ + g_warning("Option '%s' requires an argument", argv[optind - 1]); + break; + + default: + if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, optarg)) { + g_warning("Invalid option: %s", argv[optind - 1]); + goto end; + } + } + } + + extcap_cmdline_debug(argv, argc); + + if (extcap_base_handle_interface(extcap_conf)) { + ret = EXIT_SUCCESS; + goto end; + } + + if (extcap_conf->show_config) { + ret = list_config(extcap_conf->interface); + goto end; + } + + if (extcap_conf->capture) { + ret = sdj_start_export(start_from_entries, start_from_end, extcap_conf->fifo); + } else { + g_debug("You should not come here... maybe some parameter missing?"); + ret = EXIT_FAILURE; + } + +end: + /* clean up stuff */ + extcap_base_cleanup(&extcap_conf); + return ret; +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ diff --git a/packaging/rpm/wireshark.spec.in b/packaging/rpm/wireshark.spec.in index c79f837f95..87b1d50d99 100644 --- a/packaging/rpm/wireshark.spec.in +++ b/packaging/rpm/wireshark.spec.in @@ -18,6 +18,7 @@ %bcond_without bcg729 %bcond_with libxml2 %bcond_with nghttp2 +%bcond_with sdjournal %bcond_with guides @@ -109,6 +110,15 @@ BuildRequires: libnghttp2-devel Requires: libnghttp2 %endif +%if %{with sdjournal} +BuildRequires: systemd-devel +%if 0%{?suse_version} +Requires: libsystemd0 +%else +Requires: systemd-libs +%endif +%endif + # Uncomment these if you want to be sure you get them... #BuildRequires: krb5-devel #BuildRequires: libsmi-devel @@ -269,6 +279,11 @@ cmake3 \ -DENABLE_NGHTTP2=ON \ %else -DENABLE_NGHTTP2=OFF \ +%endif +%if %{with sdjournal} + -DBUILD_sdjournal=ON \ +%else + -DBUILD_sdjournal=OFF \ %endif -DDISABLE_WERROR=ON \ %if %{with ninja} @@ -439,6 +454,9 @@ update-mime-database %{_datadir}/mime &> /dev/null || : %{_libdir}/pkgconfig/wireshark.pc %changelog +* Fri Sep 28 2018 Gerald Combs +- Add sdjournal + * Thu Sep 27 2018 Jeff Morriss - Have the qt package obsolute the old gnome and gtk packages. This allows clean upgrades to the Qt version. diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c index 11039c2aff..08747a8592 100644 --- a/wiretap/pcapng.c +++ b/wiretap/pcapng.c @@ -2290,7 +2290,7 @@ pcapng_read_systemd_journal_export_block(wtap *wth, FILE_T fh, pcapng_block_head pcapng_debug("%s: entry_length %u", G_STRFUNC, entry_length); - size_t rt_ts_len = sizeof(SDJ__REALTIME_TIMESTAMP); + size_t rt_ts_len = strlen(SDJ__REALTIME_TIMESTAMP); char *ts_pos = strstr(buf_ptr, SDJ__REALTIME_TIMESTAMP); if (!ts_pos) { @@ -2319,8 +2319,8 @@ pcapng_read_systemd_journal_export_block(wtap *wth, FILE_T fh, pcapng_block_head wblock->rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN; wblock->rec->tsprec = WTAP_TSPREC_USEC; - wblock->rec->ts.secs = (time_t) (rt_ts / 1000000000); - wblock->rec->ts.nsecs = (int) (rt_ts % 1000000000); + wblock->rec->ts.secs = (time_t) rt_ts / 1000000; + wblock->rec->ts.nsecs = (rt_ts % 1000000) * 1000; /* * We return these to the caller in pcapng_read().