search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / sharkd.c
blob8cfa76c0448cbc0718678433a04f8e0d275f7f2c
1 /* sharkd.c
2 *
3 * Daemon variant of Wireshark
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include <config.h>
13 #define WS_LOG_DOMAIN LOG_DOMAIN_MAIN
14
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <limits.h>
19 #include <signal.h>
20
21 #include <glib.h>
22
23 #include <epan/exceptions.h>
24 #include <epan/epan.h>
25
26 #include <wsutil/clopts_common.h>
27 #include <wsutil/cmdarg_err.h>
28 #include <wsutil/filesystem.h>
29 #include <wsutil/file_util.h>
30 #include <wsutil/privileges.h>
31 #include <wsutil/wslog.h>
32 #include <wsutil/version_info.h>
33 #include <wiretap/wtap_opttypes.h>
34
35 #include <epan/decode_as.h>
36 #include <epan/timestamp.h>
37 #include <epan/packet.h>
38 #include <epan/disabled_protos.h>
39 #include <epan/prefs.h>
40 #include <epan/column.h>
41 #include <epan/print.h>
42 #include <epan/addr_resolv.h>
43 #include "ui/util.h"
44 #include "ui/ws_ui_util.h"
45 #include "ui/decode_as_utils.h"
46 #include "wsutil/filter_files.h"
47 #include "ui/tap_export_pdu.h"
48 #include "ui/failure_message.h"
49 #include <wiretap/wtap.h>
50 #include <epan/epan_dissect.h>
51 #include <epan/tap.h>
52 #include <epan/uat-int.h>
53 #include <epan/secrets.h>
54
55 #include <wsutil/codecs.h>
56
57 #include <wsutil/str_util.h>
58 #include <wsutil/utf8_entities.h>
59
60 #ifdef HAVE_PLUGINS
61 #include <wsutil/plugins.h>
62 #endif
63
64 #include "sharkd.h"
65
66 #define SHARKD_INIT_FAILED 1
67 #define SHARKD_EPAN_INIT_FAIL 2
68
69 capture_file cfile;
70
71 static uint32_t cum_bytes;
72 static frame_data ref_frame;
73
74 static void
75 print_current_user(void)
76 {
77 char *cur_user, *cur_group;
78
79 if (started_with_special_privs()) {
80 cur_user = get_cur_username();
81 cur_group = get_cur_groupname();
82 fprintf(stderr, "Running as user \"%s\" and group \"%s\".",
83 cur_user, cur_group);
84 g_free(cur_user);
85 g_free(cur_group);
86 if (running_with_special_privs()) {
87 fprintf(stderr, " This could be dangerous.");
88 }
89 fprintf(stderr, "\n");
90 }
91 }
92
93 int
94 main(int argc, char *argv[])
95 {
96 char *configuration_init_error;
97
98 char *err_msg = NULL;
99 e_prefs *prefs_p;
100 int ret = EXIT_SUCCESS;
101
102 /* Set the program name. */
103 g_set_prgname("sharkd");
104
105 cmdarg_err_init(stderr_cmdarg_err, stderr_cmdarg_err_cont);
106
107 /* Initialize log handler early so we can have proper logging during startup. */
108 ws_log_init(vcmdarg_err);
109
110 /* Early logging command-line initialization. */
111 ws_log_parse_args(&argc, argv, vcmdarg_err, SHARKD_INIT_FAILED);
112
113 ws_noisy("Finished log init and parsing command line log arguments");
114
115 /*
116 * Get credential information for later use, and drop privileges
117 * before doing anything else.
118 * Let the user know if anything happened.
119 */
120 init_process_policies();
121 relinquish_special_privs_perm();
122 print_current_user();
123
124 /*
125 * Attempt to get the pathname of the executable file.
126 */
127 configuration_init_error = configuration_init(argv[0]);
128 if (configuration_init_error != NULL) {
129 fprintf(stderr, "sharkd: Can't get pathname of sharkd program: %s.\n",
130 configuration_init_error);
131 }
132
133 /* Initialize the version information. */
134 ws_init_version_info("Sharkd",
135 epan_gather_compile_info,
136 epan_gather_runtime_info);
137
138 if (sharkd_init(argc, argv) < 0)
139 {
140 fputs("Cannot initialize sharkd.\n", stderr);
141 ret = SHARKD_INIT_FAILED;
142 goto clean_exit;
143 }
144
145 init_report_failure_message("sharkd");
146
147 timestamp_set_type(TS_RELATIVE);
148 timestamp_set_precision(TS_PREC_AUTO);
149 timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
150
151 /*
152 * Libwiretap must be initialized before libwireshark is, so that
153 * dissection-time handlers for file-type-dependent blocks can
154 * register using the file type/subtype value for the file type.
155 */
156 wtap_init(true);
157
158 /* Register all dissectors; we must do this before checking for the
159 "-G" flag, as the "-G" flag dumps information registered by the
160 dissectors, and we must do it before we read the preferences, in
161 case any dissectors register preferences. */
162 if (!epan_init(NULL, NULL, true)) {
163 ret = SHARKD_EPAN_INIT_FAIL;
164 goto clean_exit;
165 }
166
167 codecs_init();
168
169 /* Load libwireshark settings from the current profile. */
170 prefs_p = epan_load_settings();
171
172 if (!color_filters_init(&err_msg, NULL)) {
173 fprintf(stderr, "%s\n", err_msg);
174 g_free(err_msg);
175 }
176
177 cap_file_init(&cfile);
178
179 /* Notify all registered modules that have had any of their preferences
180 changed either from one of the preferences file or from the command
181 line that their preferences have changed. */
182 prefs_apply_all();
183
184 /* Build the column format array */
185 build_column_format_array(&cfile.cinfo, prefs_p->num_cols, true);
186
187 #ifdef HAVE_MAXMINDDB
188 /* mmdbresolve is started from mmdb_resolve_start(), which is called from epan_load_settings via: read_prefs -> (...) uat_load_all -> maxmind_db_post_update_cb.
189 * Need to stop it, otherwise all sharkd will have same mmdbresolve process, including pipe descriptors to read and write. */
190 uat_get_table_by_name("MaxMind Database Paths")->reset_cb();
191 #endif
192
193 ret = sharkd_loop(argc, argv);
194 clean_exit:
195 col_cleanup(&cfile.cinfo);
196 codecs_cleanup();
197 wtap_cleanup();
198 free_progdirs();
199 return ret;
200 }
201
202 static epan_t *
203 sharkd_epan_new(capture_file *cf)
204 {
205 static const struct packet_provider_funcs funcs = {
206 cap_file_provider_get_frame_ts,
207 cap_file_provider_get_interface_name,
208 cap_file_provider_get_interface_description,
209 cap_file_provider_get_modified_block
210 };
211
212 return epan_new(&cf->provider, &funcs);
213 }
214
215 static bool
216 process_packet(capture_file *cf, epan_dissect_t *edt,
217 int64_t offset, wtap_rec *rec, Buffer *buf)
218 {
219 frame_data fdlocal;
220 bool passed;
221
222 /* If we're not running a display filter and we're not printing any
223 packet information, we don't need to do a dissection. This means
224 that all packets can be marked as 'passed'. */
225 passed = true;
226
227 /* The frame number of this packet, if we add it to the set of frames,
228 would be one more than the count of frames in the file so far. */
229 frame_data_init(&fdlocal, cf->count + 1, rec, offset, cum_bytes);
230
231 /* If we're going to print packet information, or we're going to
232 run a read filter, or display filter, or we're going to process taps, set up to
233 do a dissection and do so. */
234 if (edt) {
235 if (gbl_resolv_flags.mac_name || gbl_resolv_flags.network_name ||
236 gbl_resolv_flags.transport_name)
237 /* Grab any resolved addresses */
238 host_name_lookup_process();
239
240 /* If we're running a read filter, prime the epan_dissect_t with that
241 filter. */
242 if (cf->rfcode)
243 epan_dissect_prime_with_dfilter(edt, cf->rfcode);
244
245 if (cf->dfcode)
246 epan_dissect_prime_with_dfilter(edt, cf->dfcode);
247
248 /* This is the first and only pass, so prime the epan_dissect_t
249 with the hfids postdissectors want on the first pass. */
250 prime_epan_dissect_with_postdissector_wanted_hfids(edt);
251
252 frame_data_set_before_dissect(&fdlocal, &cf->elapsed_time,
253 &cf->provider.ref, cf->provider.prev_dis);
254 if (cf->provider.ref == &fdlocal) {
255 ref_frame = fdlocal;
256 cf->provider.ref = &ref_frame;
257 }
258
259 epan_dissect_run(edt, cf->cd_t, rec,
260 ws_buffer_start_ptr(buf),
261 &fdlocal, NULL);
262
263 /* Run the read filter if we have one. */
264 if (cf->rfcode)
265 passed = dfilter_apply_edt(cf->rfcode, edt);
266 }
267
268 if (passed) {
269 frame_data_set_after_dissect(&fdlocal, &cum_bytes);
270 cf->provider.prev_cap = cf->provider.prev_dis = frame_data_sequence_add(cf->provider.frames, &fdlocal);
271
272 /* If we're not doing dissection then there won't be any dependent frames.
273 * More importantly, edt.pi.fd.dependent_frames won't be initialized because
274 * epan hasn't been initialized.
275 * if we *are* doing dissection, then mark the dependent frames, but only
276 * if a display filter was given and it matches this packet.
277 */
278 if (edt && cf->dfcode) {
279 if (dfilter_apply_edt(cf->dfcode, edt) && edt->pi.fd->dependent_frames) {
280 g_hash_table_foreach(edt->pi.fd->dependent_frames, find_and_mark_frame_depended_upon, cf->provider.frames);
281 }
282 }
283
284 cf->count++;
285 } else {
286 /* if we don't add it to the frame_data_sequence, clean it up right now
287 * to avoid leaks */
288 frame_data_destroy(&fdlocal);
289 }
290
291 if (edt)
292 epan_dissect_reset(edt);
293
294 return passed;
295 }
296
297
298 static int
299 load_cap_file(capture_file *cf, int max_packet_count, int64_t max_byte_count)
300 {
301 int err;
302 char *err_info = NULL;
303 int64_t data_offset;
304 wtap_rec rec;
305 Buffer buf;
306 epan_dissect_t *edt = NULL;
307
308 {
309 /* Allocate a frame_data_sequence for all the frames. */
310 cf->provider.frames = new_frame_data_sequence();
311
312 {
313 bool create_proto_tree;
314
315 /*
316 * Determine whether we need to create a protocol tree.
317 * We do if:
318 *
319 * we're going to apply a read filter;
320 *
321 * we're going to apply a display filter;
322 *
323 * a postdissector wants field values or protocols
324 * on the first pass.
325 */
326 create_proto_tree =
327 (cf->rfcode != NULL || cf->dfcode != NULL || postdissectors_want_hfids());
328
329 /* We're not going to display the protocol tree on this pass,
330 so it's not going to be "visible". */
331 edt = epan_dissect_new(cf->epan, create_proto_tree, false);
332 }
333
334 wtap_rec_init(&rec);
335 ws_buffer_init(&buf, 1514);
336
337 while (wtap_read(cf->provider.wth, &rec, &buf, &err, &err_info, &data_offset)) {
338 if (process_packet(cf, edt, data_offset, &rec, &buf)) {
339 wtap_rec_reset(&rec);
340 /* Stop reading if we have the maximum number of packets;
341 * When the -c option has not been used, max_packet_count
342 * starts at 0, which practically means, never stop reading.
343 * (unless we roll over max_packet_count ?)
344 */
345 if ( (--max_packet_count == 0) || (max_byte_count != 0 && data_offset >= max_byte_count)) {
346 err = 0; /* This is not an error */
347 break;
348 }
349 }
350 }
351
352 if (edt) {
353 epan_dissect_free(edt);
354 edt = NULL;
355 }
356
357 wtap_rec_cleanup(&rec);
358 ws_buffer_free(&buf);
359
360 /* Close the sequential I/O side, to free up memory it requires. */
361 wtap_sequential_close(cf->provider.wth);
362
363 /* Allow the protocol dissectors to free up memory that they
364 * don't need after the sequential run-through of the packets. */
365 postseq_cleanup_all_protocols();
366
367 cf->provider.prev_dis = NULL;
368 cf->provider.prev_cap = NULL;
369 }
370
371 if (err != 0) {
372 cfile_read_failure_message(cf->filename, err, err_info);
373 }
374
375 return err;
376 }
377
378 cf_status_t
379 cf_open(capture_file *cf, const char *fname, unsigned int type, bool is_tempfile, int *err)
380 {
381 wtap *wth;
382 char *err_info;
383
384 wth = wtap_open_offline(fname, type, err, &err_info, true);
385 if (wth == NULL)
386 goto fail;
387
388 /* The open succeeded. Fill in the information for this file. */
389
390 cf->provider.wth = wth;
391 cf->f_datalen = 0; /* not used, but set it anyway */
392
393 /* Set the file name because we need it to set the follow stream filter.
394 XXX - is that still true? We need it for other reasons, though,
395 in any case. */
396 cf->filename = g_strdup(fname);
397
398 /* Indicate whether it's a permanent or temporary file. */
399 cf->is_tempfile = is_tempfile;
400
401 /* No user changes yet. */
402 cf->unsaved_changes = false;
403
404 cf->cd_t = wtap_file_type_subtype(cf->provider.wth);
405 cf->open_type = type;
406 cf->count = 0;
407 cf->drops_known = false;
408 cf->drops = 0;
409 cf->snap = wtap_snapshot_length(cf->provider.wth);
410 nstime_set_zero(&cf->elapsed_time);
411 cf->provider.ref = NULL;
412 cf->provider.prev_dis = NULL;
413 cf->provider.prev_cap = NULL;
414
415 /* Create new epan session for dissection. */
416 epan_free(cf->epan);
417 cf->epan = sharkd_epan_new(cf);
418
419 cf->state = FILE_READ_IN_PROGRESS;
420
421 wtap_set_cb_new_ipv4(cf->provider.wth, add_ipv4_name);
422 wtap_set_cb_new_ipv6(cf->provider.wth, (wtap_new_ipv6_callback_t) add_ipv6_name);
423 wtap_set_cb_new_secrets(cf->provider.wth, secrets_wtap_callback);
424
425 return CF_OK;
426
427 fail:
428 cfile_open_failure_message(fname, *err, err_info);
429 return CF_ERROR;
430 }
431
432 cf_status_t
433 sharkd_cf_open(const char *fname, unsigned int type, bool is_tempfile, int *err)
434 {
435 return cf_open(&cfile, fname, type, is_tempfile, err);
436 }
437
438 int
439 sharkd_load_cap_file(void)
440 {
441 return load_cap_file(&cfile, 0, 0);
442 }
443
444 frame_data *
445 sharkd_get_frame(uint32_t framenum)
446 {
447 return frame_data_sequence_find(cfile.provider.frames, framenum);
448 }
449
450 enum dissect_request_status
451 sharkd_dissect_request(uint32_t framenum, uint32_t frame_ref_num,
452 uint32_t prev_dis_num, wtap_rec *rec, Buffer *buf,
453 column_info *cinfo, uint32_t dissect_flags,
454 sharkd_dissect_func_t cb, void *data,
455 int *err, char **err_info)
456 {
457 frame_data *fdata;
458 epan_dissect_t edt;
459 bool create_proto_tree;
460
461 fdata = sharkd_get_frame(framenum);
462 if (fdata == NULL)
463 return DISSECT_REQUEST_NO_SUCH_FRAME;
464
465 if (!wtap_seek_read(cfile.provider.wth, fdata->file_off, rec, buf, err, err_info)) {
466 if (cinfo != NULL)
467 col_fill_in_error(cinfo, fdata, false, false /* fill_fd_columns */);
468 return DISSECT_REQUEST_READ_ERROR; /* error reading the record */
469 }
470
471 create_proto_tree = ((dissect_flags & SHARKD_DISSECT_FLAG_PROTO_TREE) ||
472 ((dissect_flags & SHARKD_DISSECT_FLAG_COLOR) && color_filters_used()) ||
473 (cinfo && have_custom_cols(cinfo)));
474 epan_dissect_init(&edt, cfile.epan, create_proto_tree, (dissect_flags & SHARKD_DISSECT_FLAG_PROTO_TREE));
475
476 if (dissect_flags & SHARKD_DISSECT_FLAG_COLOR) {
477 color_filters_prime_edt(&edt);
478 fdata->need_colorize = 1;
479 }
480
481 if (cinfo)
482 col_custom_prime_edt(&edt, cinfo);
483
484 /*
485 * XXX - need to catch an OutOfMemoryError exception and
486 * attempt to recover from it.
487 */
488 fdata->ref_time = (framenum == frame_ref_num);
489 fdata->frame_ref_num = frame_ref_num;
490 fdata->prev_dis_num = prev_dis_num;
491 epan_dissect_run(&edt, cfile.cd_t, rec,
492 ws_buffer_start_ptr(buf),
493 fdata, cinfo);
494
495 if (cinfo) {
496 /* "Stringify" non frame_data vals */
497 epan_dissect_fill_in_columns(&edt, false, true/* fill_fd_columns */);
498 }
499
500 cb(&edt, (dissect_flags & SHARKD_DISSECT_FLAG_PROTO_TREE) ? edt.tree : NULL,
501 cinfo, (dissect_flags & SHARKD_DISSECT_FLAG_BYTES) ? edt.pi.data_src : NULL,
502 data);
503
504 wtap_rec_reset(rec);
505 epan_dissect_cleanup(&edt);
506 return DISSECT_REQUEST_SUCCESS;
507 }
508
509 int
510 sharkd_retap(void)
511 {
512 uint32_t framenum;
513 frame_data *fdata;
514 Buffer buf;
515 wtap_rec rec;
516 int err;
517 char *err_info = NULL;
518
519 unsigned tap_flags;
520 bool create_proto_tree;
521 epan_dissect_t edt;
522 column_info *cinfo;
523
524 /* Get the union of the flags for all tap listeners. */
525 tap_flags = union_of_tap_listener_flags();
526
527 /* If any tap listeners require the columns, construct them. */
528 cinfo = (tap_listeners_require_columns()) ? &cfile.cinfo : NULL;
529
530 /*
531 * Determine whether we need to create a protocol tree.
532 * We do if:
533 *
534 * one of the tap listeners is going to apply a filter;
535 *
536 * one of the tap listeners requires a protocol tree.
537 */
538 create_proto_tree =
539 (have_filtering_tap_listeners() || (tap_flags & TL_REQUIRES_PROTO_TREE));
540
541 wtap_rec_init(&rec);
542 ws_buffer_init(&buf, 1514);
543 epan_dissect_init(&edt, cfile.epan, create_proto_tree, false);
544
545 reset_tap_listeners();
546
547 for (framenum = 1; framenum <= cfile.count; framenum++) {
548 fdata = sharkd_get_frame(framenum);
549
550 if (!wtap_seek_read(cfile.provider.wth, fdata->file_off, &rec, &buf, &err, &err_info))
551 break;
552
553 fdata->ref_time = false;
554 fdata->frame_ref_num = (framenum != 1) ? 1 : 0;
555 fdata->prev_dis_num = framenum - 1;
556 epan_dissect_run_with_taps(&edt, cfile.cd_t, &rec,
557 ws_buffer_start_ptr(&buf),
558 fdata, cinfo);
559 wtap_rec_reset(&rec);
560 epan_dissect_reset(&edt);
561 }
562
563 wtap_rec_cleanup(&rec);
564 ws_buffer_free(&buf);
565 epan_dissect_cleanup(&edt);
566
567 draw_tap_listeners(true);
568
569 return 0;
570 }
571
572 int
573 sharkd_filter(const char *dftext, uint8_t **result)
574 {
575 dfilter_t *dfcode = NULL;
576
577 uint32_t framenum, prev_dis_num = 0;
578 uint32_t frames_count;
579 Buffer buf;
580 wtap_rec rec;
581 int err;
582 char *err_info = NULL;
583
584 uint8_t *result_bits;
585 uint8_t passed_bits;
586
587 epan_dissect_t edt;
588
589 if (!dfilter_compile(dftext, &dfcode, NULL)) {
590 return -1;
591 }
592
593 /* if dfilter_compile() success, but (dfcode == NULL) all frames are matching */
594 if (dfcode == NULL) {
595 *result = NULL;
596 return 0;
597 }
598
599 frames_count = cfile.count;
600
601 wtap_rec_init(&rec);
602 ws_buffer_init(&buf, 1514);
603 epan_dissect_init(&edt, cfile.epan, true, false);
604
605 passed_bits = 0;
606 result_bits = (uint8_t *) g_malloc(2 + (frames_count / 8));
607
608 for (framenum = 1; framenum <= frames_count; framenum++) {
609 frame_data *fdata = sharkd_get_frame(framenum);
610
611 if ((framenum & 7) == 0) {
612 result_bits[(framenum / 8) - 1] = passed_bits;
613 passed_bits = 0;
614 }
615
616 if (!wtap_seek_read(cfile.provider.wth, fdata->file_off, &rec, &buf, &err, &err_info))
617 break;
618
619 /* frame_data_set_before_dissect */
620 epan_dissect_prime_with_dfilter(&edt, dfcode);
621
622 fdata->ref_time = false;
623 fdata->frame_ref_num = (framenum != 1) ? 1 : 0;
624 fdata->prev_dis_num = prev_dis_num;
625 epan_dissect_run(&edt, cfile.cd_t, &rec,
626 ws_buffer_start_ptr(&cfile.buf),
627 fdata, NULL);
628
629 if (dfilter_apply_edt(dfcode, &edt)) {
630 passed_bits |= (1 << (framenum % 8));
631 prev_dis_num = framenum;
632 }
633
634 /* if passed or ref -> frame_data_set_after_dissect */
635
636 wtap_rec_reset(&rec);
637 epan_dissect_reset(&edt);
638 }
639
640 if ((framenum & 7) == 0)
641 framenum--;
642 result_bits[framenum / 8] = passed_bits;
643
644 wtap_rec_cleanup(&rec);
645 ws_buffer_free(&buf);
646 epan_dissect_cleanup(&edt);
647
648 dfilter_free(dfcode);
649
650 *result = result_bits;
651
652 return framenum;
653 }
654
655 /*
656 * Get the modified block if available, nothing otherwise.
657 * Must be cloned if changes desired.
658 */
659 wtap_block_t
660 sharkd_get_modified_block(const frame_data *fd)
661 {
662 return cap_file_provider_get_modified_block(&cfile.provider, fd);
663 }
664
665 /*
666 * Gets the modified block if available, otherwise the packet's default block,
667 * or a new packet block.
668 * User must wtap_block_unref() it when done.
669 */
670 wtap_block_t
671 sharkd_get_packet_block(const frame_data *fd)
672 {
673 if (fd->has_modified_block)
674 return wtap_block_ref(cap_file_provider_get_modified_block(&cfile.provider, fd));
675 else
676 {
677 wtap_rec rec; /* Record metadata */
678 Buffer buf; /* Record data */
679 wtap_block_t block;
680 int err;
681 char *err_info;
682
683 wtap_rec_init(&rec);
684 ws_buffer_init(&buf, 1514);
685
686 if (!wtap_seek_read(cfile.provider.wth, fd->file_off, &rec, &buf, &err, &err_info))
687 { /* XXX, what we can do here? */ }
688
689 /* rec.block is owned by the record, steal it before it is gone. */
690 block = wtap_block_ref(rec.block);
691
692 wtap_rec_cleanup(&rec);
693 ws_buffer_free(&buf);
694 return block;
695 }
696 }
697
698 int
699 sharkd_set_modified_block(frame_data *fd, wtap_block_t new_block)
700 {
701 cap_file_provider_set_modified_block(&cfile.provider, fd, new_block);
702 return 0;
703 }
Metzes wireshark repo