| blob | d60511b47cd7ec3f11518ce98df0791263b1402b |
1 /* capture_sync.c
2 * Synchronisation between Wireshark capture parent and child instances
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
12 #define WS_LOG_DOMAIN LOG_DOMAIN_CAPTURE
14 #include <wireshark.h>
16 #ifdef HAVE_LIBPCAP
18 #include <glib.h>
19 #include <stdio.h>
20 #include <stdlib.h>
22 #include <signal.h>
24 #include <ws_exit_codes.h>
26 #include <wsutil/application_flavor.h>
27 #include <wsutil/strtoi.h>
28 #include <wsutil/ws_assert.h>
30 #ifdef _WIN32
31 #include <wsutil/unicode-utils.h>
32 #include <wsutil/win32-utils.h>
33 #include <wsutil/ws_pipe.h>
34 #else
35 #include <glib-unix.h>
36 #endif
38 #ifdef HAVE_SYS_WAIT_H
39 # include <sys/wait.h>
40 #endif
44 #ifndef _WIN32
45 /*
46 * Define various POSIX macros (and, in the case of WCOREDUMP, non-POSIX
47 * macros) on UNIX systems that don't have them.
48 */
49 #ifndef WIFEXITED
50 # define WIFEXITED(status) (((status) & 0177) == 0)
51 #endif
52 #ifndef WIFSTOPPED
53 # define WIFSTOPPED(status) (((status) & 0177) == 0177)
54 #endif
55 #ifndef WIFSIGNALED
56 # define WIFSIGNALED(status) (!WIFSTOPPED(status) && !WIFEXITED(status))
57 #endif
58 #ifndef WEXITSTATUS
59 # define WEXITSTATUS(status) ((status) >> 8)
60 #endif
61 #ifndef WTERMSIG
62 # define WTERMSIG(status) ((status) & 0177)
63 #endif
64 #ifndef WCOREDUMP
65 # define WCOREDUMP(status) ((status) & 0200)
66 #endif
67 #ifndef WSTOPSIG
68 # define WSTOPSIG(status) ((status) >> 8)
69 #endif
72 #include <epan/packet.h>
73 #include <epan/prefs.h>
78 #include <capture/capture_sync.h>
82 #ifdef _WIN32
84 #endif
88 #include <wsutil/filesystem.h>
89 #include <wsutil/file_util.h>
90 #include <wsutil/report_message.h>
93 #ifdef _WIN32
95 #endif
97 #include <wsutil/ws_pipe.h>
99 #ifdef _WIN32
101 static HANDLE dummy_signal_pipe; /* Dummy named pipe which lets the child check for a dropped connection */
103 #else
105 #endif
107 /* We use this pipe buffer size for both the sync message pipe and the
108 * data pipe. Ensure that it's large enough for the indicator and header
109 * plus maximum message size.
110 */
111 #define PIPE_BUF_SIZE (SP_MAX_MSG_LEN+4)
115 static void pipe_convert_header(const unsigned char *header, int header_len, char *indicator, int *block_len);
121 void
126 {
130 #ifdef _WIN32
132 #endif
134 #ifndef _WIN32
137 #endif
149 }
152 {
159 /* At least one extcap process did not fully finish yet, wait for it */
161 }
165 /* User has requested capture stop and all extcaps are gone now */
168 }
169 /* Wait for child process to end, session is not closed yet */
171 }
173 /* Construct message and close session */
179 }
185 }
188 }
189 }
196 }
198 /* Append an arg (realloc) to an argc/argv array */
199 /* (add a string pointer to a NULL-terminated array of string pointers) */
200 /* XXX: For glib >= 2.68 we could use a GStrvBuilder.
201 */
204 {
205 /* Grow the array; "*argc" currently contains the number of string
206 pointers, *not* counting the NULL pointer at the end, so we have
207 to add 2 in order to get the new size of the array, including the
208 new pointer and the terminating NULL pointer. */
211 /* Stuff the pointer into the penultimate element of the array, which
212 is the one at the index specified by "*argc". */
214 /* Now bump the count. */
217 /* We overwrite the NULL pointer; put it back right after the
218 element we added. */
222 }
224 /* Take a buffer from an SP_LOG_MSG from dumpcap and send it to our
225 * current logger. Keep this in sync with the format used in
226 * dumpcap_log_writer. (We might want to do more proper serialization
227 * of more than just the log level.)
228 */
229 static void
237 }
239 }
241 /* Initialize an argument list and add dumpcap to it. */
247 /* Find the absolute path of the dumpcap executable. */
251 }
253 /* Allocate the string pointer array with enough space for the
254 terminating NULL pointer. */
259 /* Make that the first argument in the argument list (argv[0]). */
262 /* Tell dumpcap to log at the lowest level its domain (Capchild) is
263 * set to log in the main program. (It might be in the special noisy
264 * or debug filter, so we can't just check the overall level.)
265 */
271 }
272 }
277 /* sync_pipe_add_arg strdupes exename, so we should free our copy */
281 }
283 static gboolean
285 {
290 }
292 }
294 /*
295 * Open two pipes to dumpcap with the supplied arguments, one for its
296 * standard output and one for its standard error.
297 *
298 * On success, *msg is unchanged and 0 is returned; data_read_fd,
299 * message_read_fd, and fork_child point to the standard output pipe's
300 * file descriptor, the standard error pipe's file descriptor, and
301 * the child's PID/handle, respectively.
302 *
303 * On failure, *msg points to an error message for the failure, and -1 is
304 * returned, in which case *msg must be freed with g_free().
305 */
306 #define ARGV_NUMBER_LEN 24
307 static int
308 #ifdef _WIN32
313 #else
318 #endif
319 {
323 #ifdef _WIN32
327 HANDLE signal_pipe; /* named pipe used to send messages from parent to child (currently only stop) */
334 SECURITY_ATTRIBUTES sa;
335 STARTUPINFO si;
336 PROCESS_INFORMATION pi;
340 #else
343 #endif
347 }
352 /* We can't return anything */
354 #ifdef _WIN32
356 #endif
358 }
360 #ifdef _WIN32
361 /* init SECURITY_ATTRIBUTES */
366 /* Create a pipe for the child process to send us messages */
367 /* (increase this value if you have trouble while fast capture file switches) */
369 /* Couldn't create the message pipe between parent and child. */
374 }
376 /*
377 * Associate a C run-time file handle with the Windows HANDLE for the
378 * read side of the message pipe.
379 *
380 * (See http://www.flounder.com/handles.htm for information on various
381 * types of file handle in C/C++ on Windows.)
382 */
385 *msg = ws_strdup_printf("Couldn't get C file handle for message read pipe: %s", g_strerror(errno));
390 }
393 /* Create a pipe for the child process to send us data */
394 /* (increase this value if you have trouble while fast capture file switches) */
396 /* Couldn't create the message pipe between parent and child. */
403 }
405 /*
406 * Associate a C run-time file handle with the Windows HANDLE for the
407 * read side of the data pipe.
408 *
409 * (See http://www.flounder.com/handles.htm for information on various
410 * types of file handle in C/C++ on Windows.)
411 */
414 *msg = ws_strdup_printf("Couldn't get C file handle for data read pipe: %s", g_strerror(errno));
421 }
422 }
425 /* Create the signal pipe */
433 /* Couldn't create the signal pipe between parent and child. */
440 }
442 /*
443 * Associate a C run-time file handle with the Windows HANDLE for the
444 * read side of the message pipe.
445 *
446 * (See http://www.flounder.com/handles.htm for information on various
447 * types of file handle in C/C++ on Windows.)
448 */
451 /* Couldn't create the pipe between parent and child. */
458 }
459 }
461 /* init STARTUPINFO & PROCESS_INFORMATION */
465 #ifdef DEBUG_CHILD
468 #else
478 }
481 /* On Windows, "[a]n inherited handle refers to the same object in the child
482 * process as it does in the parent process. It also has the same value."
483 * https://learn.microsoft.com/en-us/windows/win32/procthread/inheritance
484 * When converted to a file descriptor (via _open_osfhandle), the fd
485 * value is not necessarily the same in the two processes, but the handle
486 * value can be shared.
487 * A HANDLE is a void* though "64-bit versions of Windows use 32-bit handles
488 * for interoperability... only the lower 32 bits are significant, so it is
489 * safe to truncate the handle... or sign-extend the handle"
490 * https://learn.microsoft.com/en-us/windows/win32/winprog64/interprocess-communication
491 * So it should be fine to call PtrToLong instead of casting to intptr_t.
492 * https://learn.microsoft.com/en-us/windows/win32/WinProg64/rules-for-using-pointers
493 */
498 #endif
504 i_handles++;
505 }
506 }
507 }
512 }
515 }
522 }
523 }
524 }
526 /* convert args array into a single string */
527 /* XXX - could change sync_pipe_add_arg() instead */
528 /* there is a drawback here: the length is internally limited to 1024 bytes */
534 }
536 /* call dumpcap */
546 }
553 }
555 /* We may need to store this and close it later */
563 }
565 /* Create a pipe for the child process to send us messages */
567 /* Couldn't create the message pipe between parent and child. */
571 }
574 /* Create a pipe for the child process to send us data */
576 /* Couldn't create the data pipe between parent and child. */
582 }
583 }
586 /*
587 * Child process - run dumpcap with the right arguments to make
588 * it just capture with the specified capture parameters
589 */
594 }
596 /* dumpcap should be running in capture child mode (hidden feature) */
597 #ifndef DEBUG_CHILD
602 #endif
606 /* Exit with "_exit()", so that we don't close the connection
607 to the X server (and cause stuff buffered up by our parent but
608 not yet sent to be sent, as that stuff should only be sent by
609 our parent). We've sent an error message to the parent, so
610 we exit with an exit status of 1 (any exit status other than
611 0 or 1 will cause an additional message to report that exit
612 status, over and above the error message we sent to the parent). */
614 }
623 }
626 #endif
628 /* Parent process - read messages from the child process over the
629 sync pipe. */
631 /* Close the write sides of the pipes, so that only the child has them
632 open, and thus they completely close, and thus return to us
633 an EOF indication, if the child closes them (either deliberately
634 or by exiting abnormally). */
635 #ifdef _WIN32
638 }
640 #else
643 }
645 #endif
648 /* We couldn't even create the child process. */
652 }
653 #ifdef _WIN32
656 }
657 #endif
660 }
662 #ifdef _WIN32
664 #else
666 #endif
671 /* we might wait for a moment till child is ready, so update screen now */
674 }
676 /* a new capture run: start a new dumpcap task and hand over parameters through command line */
677 bool
681 {
682 #ifdef _WIN32
685 #endif
704 }
708 /* We don't know where to find dumpcap. */
711 }
719 else
726 }
727 }
732 }
740 }
747 }
754 }
761 }
768 }
775 }
782 }
789 }
796 }
797 }
804 }
811 }
818 }
822 }
829 }
836 {
837 #ifdef _WIN32
838 char *pipe = ws_strdup_printf("%s%" PRIuMAX, EXTCAP_PIPE_PREFIX, (uintmax_t)interface_opts->extcap_pipe_h);
841 i_handles++;
842 #else
844 #endif
845 /* Add a name for the interface, to put into an IDB. */
848 }
849 else
853 {
854 /* Add a description for the interface to put into an IDB and
855 * use for the temporary filename. */
858 }
863 }
869 }
874 {
877 }
878 }
882 }
884 #ifdef CAN_SET_CAPTURE_BUFFER_SIZE
892 }
893 #endif
895 #ifdef HAVE_PCAP_CREATE
898 }
899 #endif
901 #ifdef HAVE_PCAP_REMOTE
915 }
916 #endif
918 #ifdef HAVE_PCAP_SETSAMPLING
928 }
929 #endif
933 }
934 }
936 #ifndef DEBUG_CHILD
937 #ifdef _WIN32
938 /* pass process id to dumpcap for named signal pipe */
942 #endif
943 #endif
948 }
951 }
955 }
959 #ifdef _WIN32
960 ret = sync_pipe_open_command(argv, NULL, &sync_pipe_read_io, &cap_session->signal_pipe_write_fd,
962 #else
965 #endif
971 }
973 /* Parent process - read messages from the child process over the
974 sync pipe. */
979 /* We were able to set up to read the capture file;
980 arrange that our callback be called whenever it's possible
981 to read from the sync pipe, so that it's called when
982 the child process wants to tell us something. */
984 /* we have a running capture, now wait for the real capture filename */
988 }
989 cap_session->pipe_input_id = g_io_add_watch(sync_pipe_read_io, G_IO_IN | G_IO_HUP, pipe_io_cb, cap_session);
990 /* Pipe will be closed when watch is removed */
994 }
996 /*
997 * Close the pipes we're using to read from dumpcap, and wait for it
998 * to exit. On success, *msgp is unchanged, and the exit status of
999 * dumpcap is returned. On failure (which includes "dumpcap exited
1000 * due to being killed by a signal or an exception"), *msgp points
1001 * to an error message for the failure, and -1 is returned. In the
1002 * latter case, *msgp must be freed with g_free().
1003 */
1004 static int
1007 {
1012 #ifdef _WIN32
1013 /* XXX - Should we signal the child somehow? */
1015 #endif
1018 }
1020 /*
1021 * Run dumpcap with the supplied arguments.
1022 *
1023 * On success, *data points to a buffer containing the dumpcap output,
1024 * *primary_msg and *secondary_message are NULL, and 0 is returned; *data
1025 * must be freed with g_free().
1026 *
1027 * On failure, *data is NULL, *primary_msg points to an error message,
1028 * *secondary_msg either points to an additional error message or is
1029 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
1030 * must be freed with g_free().
1031 */
1032 static int
1035 {
1039 ws_process_id fork_child;
1042 ssize_t nread;
1051 ssize_t count;
1054 /* g_malloc is supposed to terminate the program if this fails, but,
1055 * at least on a RELEASE build, some versions of gcc don't think that
1056 * happens.
1057 */
1063 }
1073 }
1075 /*
1076 * We were able to set up to read dumpcap's output. Do so.
1077 *
1078 * First, wait for an SP_ERROR_MSG message or SP_SUCCESS message.
1079 */
1084 /* We got a read error from the sync pipe, or we got no data at
1085 all from the sync pipe, so we're not going to be getting any
1086 data or error message from the child process. Pick up its
1087 exit status, and complain.
1089 We don't have to worry about killing the child, if the sync pipe
1090 returned an error. Usually this error is caused as the child killed
1091 itself while going down. Even in the rare cases that this isn't the
1092 case, the child will get an error when writing to the broken pipe
1093 the next time, cleaning itself up then. */
1097 /* We got an EOF from the sync pipe. That means that it exited
1098 before giving us any data to read. If ret is -1, we report
1099 that as a bad exit (e.g., exiting due to a signal); otherwise,
1100 we report it as a premature exit. */
1103 else
1106 /* We got an error from the sync pipe. If ret is -1, report
1107 both the sync pipe I/O error and the wait error. */
1113 }
1114 }
1120 }
1122 /* we got a valid message block from the child, process it */
1126 /*
1127 * Exec of dumpcap failed. Get the errno for the failure.
1128 */
1131 }
1133 /*
1134 * Pick up the child status.
1135 */
1139 /*
1140 * Child process failed unexpectedly, or wait failed; msg is the
1141 * error message.
1142 */
1146 /*
1147 * Child process failed, but returned the expected exit status.
1148 * Return the messages it gave us, and indicate failure.
1149 */
1154 }
1159 /*
1160 * Error from dumpcap; there will be a primary message and a
1161 * secondary message.
1162 */
1164 /* convert primary message */
1167 /* convert secondary message */
1171 /* the capture child will close the sync_pipe, nothing to do */
1173 /*
1174 * Pick up the child status.
1175 */
1179 /*
1180 * Child process failed unexpectedly, or wait failed; msg is the
1181 * error message.
1182 */
1186 /*
1187 * Child process failed, but returned the expected exit status.
1188 * Return the messages it gave us, and indicate failure.
1189 */
1193 }
1198 /*
1199 * Log from dumpcap; pass to our log
1200 */
1205 /* read the output from the command */
1210 }
1212 /*
1213 * Pick up the child status.
1214 */
1218 /*
1219 * Child process failed unexpectedly, or wait failed; msg is the
1220 * error message.
1221 */
1227 /*
1228 * Child process succeeded.
1229 */
1233 }
1237 /*
1238 * Pick up the child status.
1239 */
1243 /*
1244 * Child process failed unexpectedly, or wait failed; msg is the
1245 * error message.
1246 */
1250 /*
1251 * Child process returned an unknown status.
1252 */
1254 indicator);
1257 }
1260 }
1265 }
1267 /* centralised logging and timing for sync_pipe_run_command_actual(),
1268 * redirects to sync_pipe_run_command_actual()
1269 */
1270 static int
1273 {
1279 /* check if logging is actually enabled, otherwise don't expend the CPU generating logging */
1286 }
1287 }
1288 /* do the actual sync pipe run command */
1296 }
1298 }
1301 int
1306 {
1318 }
1329 else
1337 }
1345 }
1347 /*
1348 * Get the list of interfaces using dumpcap.
1349 *
1350 * On success, *data points to a buffer containing the dumpcap output,
1351 * *primary_msg and *secondary_msg are NULL, and 0 is returned. *data
1352 * must be freed with g_free().
1353 *
1354 * On failure, *data is NULL, *primary_msg points to an error message,
1355 * *secondary_msg either points to an additional error message or is
1356 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
1357 * must be freed with g_free().
1358 */
1359 int
1362 {
1376 }
1378 /* Ask for the interface list */
1383 }
1385 /*
1386 * Get the capabilities of an interface using dumpcap.
1387 *
1388 * On success, *data points to a buffer containing the dumpcap output,
1389 * *primary_msg and *secondary_msg are NULL, and 0 is returned. *data
1390 * must be freed with g_free().
1391 *
1392 * On failure, *data is NULL, *primary_msg points to an error message,
1393 * *secondary_msg either points to an additional error message or is
1394 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
1395 * must be freed with g_free().
1396 */
1397 int
1401 {
1415 }
1417 /* Ask for the interface capabilities */
1427 }
1431 }
1433 int
1437 {
1452 }
1456 /* Ask for the interface capabilities */
1468 }
1469 }
1475 }
1477 /*
1478 * Start getting interface statistics using dumpcap. On success, read_fd
1479 * contains the file descriptor for the pipe's stdout, *msg is unchanged,
1480 * and zero is returned. On failure, *msg will point to an error message
1481 * that must be g_free()d, and -1 will be returned.
1482 * If data is not NULL, then it will also be set to point to a JSON
1483 * serialization of the list of local interfaces and their capabilities.
1484 */
1485 int
1486 sync_interface_stats_open(int *data_read_fd, ws_process_id *fork_child, char **data, char **msg, void (*update_cb)(void))
1487 {
1494 ssize_t nread;
1500 /*char *secondary_msg_text;*/
1511 }
1513 /* Ask for the interface statistics */
1516 /* If requested, ask for the interface list and capabilities. */
1520 }
1522 #ifndef DEBUG_CHILD
1523 #ifdef _WIN32
1529 }
1531 #endif
1532 #endif
1538 }
1540 /*
1541 * We were able to set up to read dumpcap's output. Do so.
1542 *
1543 * First, wait for an SP_ERROR_MSG message or SP_SUCCESS message.
1544 */
1549 /* We got a read error from the sync pipe, or we got no data at
1550 all from the sync pipe, so we're not going to be getting any
1551 data or error message from the child process. Pick up its
1552 exit status, and complain.
1554 We don't have to worry about killing the child, if the sync pipe
1555 returned an error. Usually this error is caused as the child killed
1556 itself while going down. Even in the rare cases that this isn't the
1557 case, the child will get an error when writing to the broken pipe
1558 the next time, cleaning itself up then. */
1563 /* We got an EOF from the sync pipe. That means that it exited
1564 before giving us any data to read. If ret is -1, we report
1565 that as a bad exit (e.g., exiting due to a signal); otherwise,
1566 we report it as a premature exit. */
1569 else
1572 /* We got an error from the sync pipe. If ret is -1, report
1573 both the sync pipe I/O error and the wait error. */
1579 }
1580 }
1583 }
1585 /* we got a valid message block from the child, process it */
1589 /*
1590 * Exec of dumpcap failed. Get the errno for the failure.
1591 */
1594 }
1598 /*
1599 * Pick up the child status.
1600 */
1604 /*
1605 * Ignore the error from sync_pipe_close_command, presumably the one
1606 * returned by the child is more pertinent to what went wrong.
1607 */
1613 /*
1614 * Error from dumpcap; there will be a primary message and a
1615 * secondary message.
1616 */
1618 /* convert primary message */
1621 /* convert secondary message */
1624 /*secondary_msg_text = primary_msg_text + primary_msg_len + 4;*/
1625 /* the capture child will close the sync_pipe, nothing to do */
1627 /*
1628 * Pick up the child status.
1629 */
1633 /*
1634 * Child process failed unexpectedly, or wait failed; msg is the
1635 * error message.
1636 */
1638 /*
1639 * No interfaces were found. If that's not the
1640 * result of an error when fetching the local
1641 * interfaces, let the user know.
1642 */
1645 /*
1646 * Child process failed, but returned the expected exit status.
1647 * Return the messages it gave us, and indicate failure.
1648 */
1651 }
1656 /*
1657 * Log from dumpcap; pass to our log
1658 */
1663 /*
1664 * Dumpcap giving us the interface list
1665 */
1667 /* convert primary message */
1670 }
1674 /* Close the message pipe. */
1679 /*
1680 * Pick up the child status.
1681 */
1685 /*
1686 * Child process failed unexpectedly, or wait failed; msg is the
1687 * error message.
1688 */
1690 /*
1691 * Child process returned an unknown status.
1692 */
1694 indicator);
1696 }
1698 }
1703 }
1705 /* Close down the stats process */
1706 int
1708 {
1709 #ifdef _WIN32
1712 #else
1713 /*
1714 * Don't bother waiting for the child. sync_pipe_close_command
1715 * does this for us on Windows.
1716 */
1718 #endif
1720 }
1722 /* read a number of bytes from a pipe */
1723 /* (blocks until enough bytes read or an error occurs) */
1724 static ssize_t
1726 {
1738 }
1740 /* EOF */
1744 }
1748 }
1752 }
1754 /*
1755 * Read a line from a pipe; similar to fgets, but doesn't block.
1756 *
1757 * XXX - just stops reading if there's nothing to be read right now;
1758 * that could conceivably mean that you don't get a complete line.
1759 */
1760 int
1762 ssize_t newly;
1766 offset++;
1771 /* EOF - not necessarily an error */
1774 /* error */
1779 }
1780 }
1786 }
1789 /* convert header values (indicator and 3-byte length) */
1790 static void
1791 pipe_convert_header(const unsigned char *header, int header_len _U_, char *indicator, int *block_len) {
1795 /* convert header values */
1798 }
1800 /* read a message from the sending pipe in the standard format
1801 (1-byte message indicator, 3-byte message length (excluding length
1802 and indicator field), and the rest is the message) */
1803 static ssize_t
1806 {
1808 ssize_t newly;
1811 /* read header (indicator and 3-byte length) */
1815 /*
1816 * Immediate EOF; if the capture child exits normally, this
1817 * is an "I'm done" indication, so don't report it as an
1818 * error.
1819 */
1822 }
1825 /*
1826 * Short read, but not an immediate EOF.
1827 */
1830 }
1832 }
1834 /* convert header values */
1837 /* only indicator with no value? */
1841 }
1843 /* does the data fit into the given buffer? */
1851 /* we have a problem here, try to read some more bytes from the pipe to debug where the problem really is */
1856 }
1857 *err_msg = ws_strdup_printf("Message %c from dumpcap with length %d > buffer size %d! Partial message: %s",
1860 }
1863 /* read the actual block data */
1867 *err_msg = ws_strdup_printf("Unknown message from dumpcap reading data, try to show it as a string: %s",
1868 msg);
1869 }
1871 }
1873 /* XXX If message is "2part", the msg probably won't be sent to debug log correctly */
1877 }
1880 /* There's stuff to read from the sync pipe, meaning the child has sent
1881 us a message, or the sync pipe has closed, meaning the child has
1882 closed it (perhaps because it exited). */
1883 static gboolean
1885 {
1888 ssize_t nread;
1901 /* We got a read error, or a bad message, or an EOF, from the sync pipe.
1903 If we got a read error or a bad message, nread is -1 and
1904 primary_msg is set to point to an error message. We don't
1905 have to worry about killing the child; usually this error
1906 is caused as the child killed itself while going down.
1907 Even in the rare cases that this isn't the case, the child
1908 will get an error when writing to the broken pipe the next time,
1909 cleaning itself up then.
1911 If we got an EOF, nread is 0 and primary_msg isn't set. This
1912 is an indication that the capture is finished. */
1915 /* We got an EOF from the sync pipe. That means that the capture
1916 child exited, and not in the middle of a message; we treat
1917 that as an indication that it's done, and only report an
1918 error if ret is -1, in which case wait_msg is the error
1919 message. */
1923 /* We got an error from the sync pipe. If ret is -1, report
1924 both the sync pipe I/O error and the wait error. */
1930 }
1931 }
1933 /* No more child process. */
1937 #ifdef _WIN32
1939 #endif
1945 }
1948 }
1950 /* we got a valid message block from the child, process it */
1956 /* We weren't able to open the new capture file; user has been
1957 alerted. The sync pipe will close after we return false. */
1959 /* The child has sent us a filename which we couldn't open.
1961 This could mean that the child is creating and deleting files
1962 (ring buffer mode) faster than we can handle it.
1964 That should only be the case for very fast file switches;
1965 We can't do much more than telling the child to stop.
1966 (This is the "emergency brake" if the user e.g. wants to
1967 switch files every second).
1969 This can also happen if the user specified "-", meaning
1970 "standard output", as the capture file. */
1975 }
1980 }
1986 /*
1987 * Exec of dumpcap failed. Get the errno for the failure.
1988 */
1991 }
1995 /* the capture child will close the sync_pipe, nothing to do for now */
1996 /* (an error message doesn't mean we have to stop capturing) */
1999 /* convert primary message */
2002 /* convert secondary message */
2005 /* message output */
2007 /* the capture child will close the sync_pipe, nothing to do for now */
2008 /* (an error message doesn't mean we have to stop capturing) */
2011 /*
2012 * Log from dumpcap; pass to our log
2013 */
2023 }
2026 /* the capture child will close the sync_pipe, nothing to do for now */
2028 }
2036 }
2040 }
2044 else
2047 }
2051 }
2055 /*
2056 * dumpcap is exiting; wait for it to exit. On success, *msgp is
2057 * unchanged, and the exit status of dumpcap is returned. On
2058 * failure (which includes "dumpcap exited due to being killed by
2059 * a signal or an exception"), *msgp points to an error message
2060 * for the failure, and -1 is returned. In the latter case, *msgp
2061 * must be freed with g_free().
2062 */
2063 static int
2065 {
2067 #ifndef _WIN32
2069 #endif
2080 #ifdef _WIN32
2085 /*
2086 * The child exited; return its exit status. Do not treat this as
2087 * an error.
2088 */
2091 /* Probably an exception code */
2095 }
2096 }
2097 #else
2100 /* waitpid() succeeded */
2102 /*
2103 * The child exited; return its exit status. Do not treat this as
2104 * an error.
2105 */
2108 /* It stopped, rather than exiting. "Should not happen." */
2113 /* It died with a signal. */
2119 /* What? It had to either have exited, or stopped, or died with
2120 a signal; what happened here? */
2122 fork_child_status);
2124 }
2126 /* waitpid() failed */
2128 /*
2129 * Signal interrupted waitpid().
2130 *
2131 * If it's SIGALRM, we just want to keep waiting, in case
2132 * there's some timer using it (e.g., in a GUI toolkit).
2133 *
2134 * If you ^C TShark (or Wireshark), that should deliver
2135 * SIGINT to dumpcap as well. dumpcap catches SIGINT,
2136 * and should clean up and exit, so we should eventually
2137 * see that and clean up and terminate.
2138 *
2139 * If we're sent a SIGTERM, we should (and do) catch it,
2140 * and TShark, at least, calls sync_pipe_stop(). which
2141 * kills dumpcap, so we should eventually see that and
2142 * clean up and terminate.
2143 */
2147 /*
2148 * The process identified by fork_child either doesn't
2149 * exist any more or isn't our child process (anymore?).
2150 *
2151 * echld might have already reaped the child.
2152 */
2155 /* Unknown error. */
2158 }
2159 }
2161 }
2162 #endif
2167 }
2170 #ifndef _WIN32
2171 /* convert signal to corresponding name */
2174 {
2220 /* http://metalab.unc.edu/pub/Linux/docs/HOWTO/GCC-HOWTO
2221 Linux is POSIX compliant. These are not POSIX-defined signals ---
2222 ISO/IEC 9945-1:1990 (IEEE Std 1003.1-1990), paragraph B.3.3.1.1 sez:
2224 ``The signals SIGBUS, SIGEMT, SIGIOT, SIGTRAP, and SIGSYS
2225 were omitted from POSIX.1 because their behavior is
2226 implementation dependent and could not be adequately catego-
2227 rized. Conforming implementations may deliver these sig-
2228 nals, but must document the circumstances under which they
2229 are delivered and note any restrictions concerning their
2230 delivery.''
2232 So we only check for SIGSYS on those systems that happen to
2233 implement them (a system can be POSIX-compliant and implement
2234 them, it's just that POSIX doesn't *require* a POSIX-compliant
2235 system to implement them).
2236 */
2238 #ifdef SIGSYS
2242 #endif
2257 /* Returning a static buffer is ok in the context we use it here */
2261 }
2263 }
2264 #endif
2267 #ifdef _WIN32
2276 }
2278 /* Create the signal pipe */
2287 }
2289 }
2291 /* tell the child through the signal pipe that we want to quit the capture */
2292 static void
2294 {
2300 /* it doesn't matter *what* we send here, the first byte will stop the capture */
2301 /* simply sending a "QUIT" string */
2302 /*sync_pipe_write_string_msg(cap_session->signal_pipe_write_fd, SP_QUIT, quit_msg);*/
2305 ws_warning("%d header: error %s", cap_session->signal_pipe_write_fd, win32strerror(GetLastError()));
2306 }
2307 }
2308 #endif
2311 /* user wants to stop the capture run */
2312 void
2314 {
2316 #ifndef _WIN32
2317 /* send the SIGINT signal to close the capture child gracefully. */
2321 }
2322 #else
2324 DWORD status;
2326 /* First, use the special signal pipe to try to close the capture child
2327 * gracefully.
2328 */
2331 /* Next, wait for the process to exit on its own */
2334 /* Force the issue. */
2338 }
2339 #endif
2340 }
2341 }
2344 /* Wireshark has to exit, force the capture child to close */
2345 void
2347 {
2349 #ifndef _WIN32
2353 }
2354 #else
2355 /* Remark: This is not the preferred method of closing a process!
2356 * the clean way would be getting the process id of the child process,
2357 * then getting window handle hWnd of that process (using EnumChildWindows),
2358 * and then do a SendMessage(hWnd, WM_CLOSE, 0, 0)
2359 *
2360 * Unfortunately, I don't know how to get the process id from the
2361 * handle. OpenProcess will get an handle (not a window handle)
2362 * from the process ID; it will not get a window handle from the
2363 * process ID. (How could it? A process can have more than one
2364 * window. For that matter, a process might have *no* windows,
2365 * as a process running dumpcap, the normal child process program,
2366 * probably does.)
2367 *
2368 * Hint: GenerateConsoleCtrlEvent() will only work if both processes are
2369 * running in the same console; that's not necessarily the case for
2370 * us, as we might not be running in a console.
2371 * And this also will require to have the process id.
2372 */
2375 #endif
2376 }
2377 }
2381 }