| blob | 252e5e99c2afc6557c91ad9a5570bb231ee2de47 |
1 /* capture_sync.c
2 * Synchronisation between Wireshark capture parent and child instances
3 *
4 * $Id$
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
27 #ifdef HAVE_LIBPCAP
29 #include <glib.h>
30 #include <stdio.h>
31 #include <ctype.h>
32 #include <string.h>
34 #ifdef HAVE_UNISTD_H
35 #include <unistd.h>
36 #endif
38 #ifdef HAVE_FCNTL_H
39 #include <fcntl.h>
40 #endif
42 #include <signal.h>
44 #ifdef _WIN32
45 #include <wsutil/unicode-utils.h>
46 #endif
48 #ifdef HAVE_SYS_WAIT_H
49 # include <sys/wait.h>
50 #endif
54 #ifndef _WIN32
55 /*
56 * Define various POSIX macros (and, in the case of WCOREDUMP, non-POSIX
57 * macros) on UNIX systems that don't have them.
58 */
59 #ifndef WIFEXITED
60 # define WIFEXITED(status) (((status) & 0177) == 0)
61 #endif
62 #ifndef WIFSTOPPED
63 # define WIFSTOPPED(status) (((status) & 0177) == 0177)
64 #endif
65 #ifndef WIFSIGNALED
66 # define WIFSIGNALED(status) (!WIFSTOPPED(status) && !WIFEXITED(status))
67 #endif
68 #ifndef WEXITSTATUS
69 # define WEXITSTATUS(status) ((status) >> 8)
70 #endif
71 #ifndef WTERMSIG
72 # define WTERMSIG(status) ((status) & 0177)
73 #endif
74 #ifndef WCOREDUMP
75 # define WCOREDUMP(status) ((status) & 0200)
76 #endif
77 #ifndef WSTOPSIG
78 # define WSTOPSIG(status) ((status) >> 8)
79 #endif
82 #include <epan/packet.h>
83 #include <epan/prefs.h>
87 #include <epan/filesystem.h>
94 #ifdef _WIN32
96 #endif
100 #include <wsutil/file_util.h>
101 #include <wsutil/report_err.h>
104 #ifdef _WIN32
106 #endif
110 #ifdef _WIN32
112 static HANDLE dummy_signal_pipe; /* Dummy named pipe which lets the child check for a dropped connection */
114 #else
116 #endif
121 static void pipe_convert_header(const guchar *header, int header_len, char *indicator, int *block_len);
128 void
130 {
133 #ifdef _WIN32
135 #endif
137 #ifndef _WIN32
140 #endif
142 }
144 /* Append an arg (realloc) to an argc/argv array */
145 /* (add a string pointer to a NULL-terminated array of string pointers) */
148 {
149 /* Grow the array; "*argc" currently contains the number of string
150 pointers, *not* counting the NULL pointer at the end, so we have
151 to add 2 in order to get the new size of the array, including the
152 new pointer and the terminating NULL pointer. */
155 /* Stuff the pointer into the penultimate element of the array, which
156 is the one at the index specified by "*argc". */
158 /* Now bump the count. */
161 /* We overwrite the NULL pointer; put it back right after the
162 element we added. */
166 }
170 #ifdef _WIN32
171 /* Quote the argument element if necessary, so that it will get
172 * reconstructed correctly in the C runtime startup code. Note that
173 * the unquoting algorithm in the C runtime is really weird, and
174 * rather different than what Unix shells do. See stdargv.c in the C
175 * runtime sources (in the Platform SDK, in src/crt).
176 *
177 * Stolen from GLib's protect_argv(), an internal routine that quotes
178 * string in an argument list so that they arguments will be handled
179 * correctly in the command-line string passed to CreateProcess()
180 * if that string is constructed by gluing those strings together.
181 */
184 {
195 len++;
200 pp++;
202 len++;
203 }
204 len++;
205 p++;
206 }
221 pp++;
224 }
226 p++;
227 }
234 }
236 /*
237 * Generate a string for a Win32 error.
238 */
239 #define ERRBUF_SIZE 1024
242 {
250 /*
251 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
252 * message. Get rid of it.
253 */
258 }
262 }
264 /*
265 * Generate a string for a Win32 exception code.
266 */
269 {
298 };
299 #define N_EXCEPTIONS (sizeof exceptions / sizeof exceptions[0])
305 }
308 }
309 #endif
311 /* Initialize an argument list and add dumpcap to it. */
321 }
323 /* Allocate the string pointer array with enough space for the
324 terminating NULL pointer. */
329 /* take Wireshark's absolute program path and replace "Wireshark" with "dumpcap" */
332 /* Make that the first argument in the argument list (argv[0]). */
335 /* sync_pipe_add_arg strdupes exename, so we should free our copy */
339 }
341 #define ARGV_NUMBER_LEN 24
342 /* a new capture run: start a new dumpcap task and hand over parameters through command line */
343 gboolean
344 sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, void (*update_cb)(void))
345 {
354 #ifdef HAVE_PCAP_REMOTE
356 #endif
357 #ifdef HAVE_PCAP_SETSAMPLING
359 #endif
361 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
363 #endif
365 #ifdef _WIN32
368 HANDLE signal_pipe; /* named pipe used to send messages from parent to child (currently only stop) */
371 SECURITY_ATTRIBUTES sa;
372 STARTUPINFO si;
373 PROCESS_INFORMATION pi;
376 #else
380 #endif
385 guint j;
386 interface_options interface_opts;
397 /* We don't know where to find dumpcap. */
400 }
407 else
413 }
420 }
426 }
432 }
438 }
444 }
445 }
451 }
457 }
461 }
472 }
477 }
482 }
486 }
488 #if defined(_WIN32) || defined(HAVE_PCAP_CREATE)
493 }
494 #endif
496 #ifdef HAVE_PCAP_CREATE
499 }
500 #endif
502 #ifdef HAVE_PCAP_REMOTE
515 }
516 #endif
518 #ifdef HAVE_PCAP_SETSAMPLING
527 }
528 #endif
529 }
531 /* dumpcap should be running in capture child mode (hidden feature) */
532 #ifndef DEBUG_CHILD
534 #ifdef _WIN32
537 #else
539 #endif
540 #endif
545 }
548 }
550 #ifdef _WIN32
551 /* init SECURITY_ATTRIBUTES */
556 /* Create a pipe for the child process */
557 /* (increase this value if you have trouble while fast capture file switches) */
559 /* Couldn't create the pipe between parent and child. */
564 }
567 }
569 /* Create the signal pipe */
576 /* Couldn't create the signal pipe between parent and child. */
581 }
584 }
586 /* init STARTUPINFO */
589 #ifdef DEBUG_CHILD
592 #else
598 /*si.hStdError = (HANDLE) _get_osfhandle(2);*/
599 #endif
601 /* convert args array into a single string */
602 /* XXX - could change sync_pipe_add_arg() instead */
603 /* there is a drawback here: the length is internally limited to 1024 bytes */
609 }
611 /* call dumpcap */
620 }
623 }
627 /* associate the operating system filehandle to a C run-time file handle */
628 /* (good file handle infos at: http://www.flounder.com/handles.htm) */
631 /* associate the operating system filehandle to a C run-time file handle */
636 /* Couldn't create the pipe between parent and child. */
640 }
643 }
646 /*
647 * Child process - run dumpcap with the right arguments to make
648 * it just capture with the specified capture parameters
649 */
657 /* Exit with "_exit()", so that we don't close the connection
658 to the X server (and cause stuff buffered up by our parent but
659 not yet sent to be sent, as that stuff should only be sent by
660 our parent). We've sent an error message to the parent, so
661 we exit with an exit status of 1 (any exit status other than
662 0 or 1 will cause an additional message to report that exit
663 status, over and above the error message we sent to the parent). */
665 }
671 #endif
675 }
677 /* Parent process - read messages from the child process over the
678 sync pipe. */
681 /* Close the write side of the pipe, so that only the child has it
682 open, and thus it completely closes, and thus returns to us
683 an EOF indication, if the child closes it (either deliberately
684 or by exiting abnormally). */
685 #ifdef _WIN32
687 #else
689 #endif
692 /* We couldn't even create the child process. */
695 #ifdef _WIN32
697 #endif
699 }
704 /* we might wait for a moment till child is ready, so update screen now */
707 /* We were able to set up to read the capture file;
708 arrange that our callback be called whenever it's possible
709 to read from the sync pipe, so that it's called when
710 the child process wants to tell us something. */
712 /* we have a running capture, now wait for the real capture filename */
717 }
719 /*
720 * Open two pipes to dumpcap with the supplied arguments, one for its
721 * standard output and one for its standard error.
722 *
723 * On success, *msg is unchanged and 0 is returned; data_read_fd,
724 * messsage_read_fd, and fork_child point to the standard output pipe's
725 * file descriptor, the standard error pipe's file descriptor, and
726 * the child's PID/handle, respectively.
727 *
728 * On failure, *msg points to an error message for the failure, and -1 is
729 * returned, in which case *msg must be freed with g_free().
730 */
731 /* XXX - This duplicates a lot of code in sync_pipe_start() */
732 /* XXX - assumes PIPE_BUF_SIZE > SP_MAX_MSG_LEN */
733 #define PIPE_BUF_SIZE 5120
734 static int
737 {
739 #ifdef _WIN32
744 SECURITY_ATTRIBUTES sa;
745 STARTUPINFO si;
746 PROCESS_INFORMATION pi;
747 #else
751 #endif
759 /* We can't return anything */
760 #ifdef _WIN32
762 #endif
764 }
766 #ifdef _WIN32
767 /* init SECURITY_ATTRIBUTES */
772 /* Create a pipe for the child process to send us messages */
773 /* (increase this value if you have trouble while fast capture file switches) */
775 /* Couldn't create the message pipe between parent and child. */
780 }
783 }
785 /* Create a pipe for the child process to send us data */
786 /* (increase this value if you have trouble while fast capture file switches) */
788 /* Couldn't create the message pipe between parent and child. */
795 }
798 }
800 /* init STARTUPINFO */
803 #ifdef DEBUG_CHILD
806 #else
812 #endif
814 /* convert args array into a single string */
815 /* XXX - could change sync_pipe_add_arg() instead */
816 /* there is a drawback here: the length is internally limited to 1024 bytes */
822 }
824 /* call dumpcap */
835 }
838 }
842 /* associate the operating system filehandles to C run-time file handles */
843 /* (good file handle infos at: http://www.flounder.com/handles.htm) */
847 /* Create a pipe for the child process to send us messages */
849 /* Couldn't create the message pipe between parent and child. */
853 }
856 }
858 /* Create a pipe for the child process to send us data */
860 /* Couldn't create the data pipe between parent and child. */
866 }
869 }
872 /*
873 * Child process - run dumpcap with the right arguments to make
874 * it just capture with the specified capture parameters
875 */
887 /* Exit with "_exit()", so that we don't close the connection
888 to the X server (and cause stuff buffered up by our parent but
889 not yet sent to be sent, as that stuff should only be sent by
890 our parent). We've sent an error message to the parent, so
891 we exit with an exit status of 1 (any exit status other than
892 0 or 1 will cause an additional message to report that exit
893 status, over and above the error message we sent to the parent). */
895 }
902 #endif
906 }
908 /* Parent process - read messages from the child process over the
909 sync pipe. */
912 /* Close the write sides of the pipes, so that only the child has them
913 open, and thus they completely close, and thus return to us
914 an EOF indication, if the child closes them (either deliberately
915 or by exiting abnormally). */
916 #ifdef _WIN32
919 #else
922 #endif
925 /* We couldn't even create the child process. */
930 }
932 /* we might wait for a moment till child is ready, so update screen now */
935 }
937 /*
938 * Close the pipes we're using to read from dumpcap, and wait for it
939 * to exit. On success, *msgp is unchanged, and the exit status of
940 * dumpcap is returned. On failure (which includes "dumpcap exited
941 * due to being killed by a signal or an exception"), *msgp points
942 * to an error message for the failure, and -1 is returned. In the
943 * latter case, *msgp must be freed with g_free().
944 */
945 static int
948 {
953 #ifdef _WIN32
954 /* XXX - Should we signal the child somehow? */
956 #endif
959 }
961 /*
962 * Run dumpcap with the supplied arguments.
963 *
964 * On success, *data points to a buffer containing the dumpcap output,
965 * *primary_msg and *secondary_message are NULL, and 0 is returned; *data
966 * must be freed with g_free().
967 *
968 * On failure, *data is NULL, *primary_msg points to an error message,
969 * *secondary_msg either points to an additional error message or is
970 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
971 * must be freed with g_free().
972 */
973 /* XXX - This duplicates a lot of code in sync_pipe_start() */
974 /* XXX - assumes PIPE_BUF_SIZE > SP_MAX_MSG_LEN */
975 #define PIPE_BUF_SIZE 5120
976 static int
979 {
984 ssize_t nread;
992 ssize_t count;
1001 }
1003 /*
1004 * We were able to set up to read dumpcap's output. Do so.
1005 *
1006 * First, wait for an SP_ERROR_MSG message or SP_SUCCESS message.
1007 */
1011 /* We got a read error from the sync pipe, or we got no data at
1012 all from the sync pipe, so we're not going to be getting any
1013 data or error message from the child process. Pick up its
1014 exit status, and complain.
1016 We don't have to worry about killing the child, if the sync pipe
1017 returned an error. Usually this error is caused as the child killed
1018 itself while going down. Even in the rare cases that this isn't the
1019 case, the child will get an error when writing to the broken pipe
1020 the next time, cleaning itself up then. */
1023 /* We got an EOF from the sync pipe. That means that it exited
1024 before giving us any data to read. If ret is -1, we report
1025 that as a bad exit (e.g., exiting due to a signal); otherwise,
1026 we report it as a premature exit. */
1029 else
1032 /* We got an error from the sync pipe. If ret is -1, report
1033 both the sync pipe I/O error and the wait error. */
1039 }
1040 }
1044 }
1046 /* we got a valid message block from the child, process it */
1050 /*
1051 * Error from dumpcap; there will be a primary message and a
1052 * secondary message.
1053 */
1055 /* convert primary message */
1058 /* convert secondary message */
1062 /* the capture child will close the sync_pipe, nothing to do */
1064 /*
1065 * Pick up the child status.
1066 */
1070 /*
1071 * Child process failed unexpectedly, or wait failed; msg is the
1072 * error message.
1073 */
1077 /*
1078 * Child process failed, but returned the expected exit status.
1079 * Return the messages it gave us, and indicate failure.
1080 */
1084 }
1089 /* read the output from the command */
1094 }
1096 /*
1097 * Pick up the child status.
1098 */
1102 /*
1103 * Child process failed unexpectedly, or wait failed; msg is the
1104 * error message.
1105 */
1111 /*
1112 * Child process succeeded.
1113 */
1118 }
1122 /*
1123 * Pick up the child status.
1124 */
1128 /*
1129 * Child process failed unexpectedly, or wait failed; msg is the
1130 * error message.
1131 */
1135 /*
1136 * Child process returned an unknown status.
1137 */
1139 indicator);
1142 }
1145 }
1147 }
1149 /* centralised logging and timing for sync_pipe_run_command_actual(),
1150 * redirects to sync_pipe_run_command_actual()
1151 */
1152 static int
1155 {
1157 GTimeVal start_time;
1158 GTimeVal end_time;
1162 /* check if logging is actually enabled, otherwise don't expend the CPU generating logging */
1163 logging_enabled=( (G_LOG_LEVEL_DEBUG | G_LOG_LEVEL_INFO) & G_LOG_LEVEL_MASK & prefs.console_log_level);
1169 }
1170 }
1171 /* do the actual sync pipe run command */
1179 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_INFO, "sync_pipe_run_command() ends, taking %.3fs, result=%d", elapsed, ret);
1181 }
1183 }
1186 int
1190 {
1202 }
1209 else
1217 }
1222 #ifndef DEBUG_CHILD
1223 /* Run dumpcap in capture child mode */
1226 #endif
1231 }
1233 /*
1234 * Get the list of interfaces using dumpcap.
1235 *
1236 * On success, *data points to a buffer containing the dumpcap output,
1237 * *primary_msg and *secondary_msg are NULL, and 0 is returned. *data
1238 * must be freed with g_free().
1239 *
1240 * On failure, *data is NULL, *primary_msg points to an error message,
1241 * *secondary_msg either points to an additional error message or is
1242 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
1243 * must be freed with g_free().
1244 */
1245 int
1248 {
1261 }
1263 /* Ask for the interface list */
1266 #ifndef DEBUG_CHILD
1267 /* Run dumpcap in capture child mode */
1270 #endif
1272 }
1274 /*
1275 * Get the capabilities of an interface using dumpcap.
1276 *
1277 * On success, *data points to a buffer containing the dumpcap output,
1278 * *primary_msg and *secondary_msg are NULL, and 0 is returned. *data
1279 * must be freed with g_free().
1280 *
1281 * On failure, *data is NULL, *primary_msg points to an error message,
1282 * *secondary_msg either points to an additional error message or is
1283 * NULL, and -1 is returned; *primary_msg, and *secondary_msg if not NULL,
1284 * must be freed with g_free().
1285 */
1286 int
1290 {
1303 }
1305 /* Ask for the interface capabilities */
1312 #ifndef DEBUG_CHILD
1313 /* Run dumpcap in capture child mode */
1316 #endif
1318 }
1320 /*
1321 * Start getting interface statistics using dumpcap. On success, read_fd
1322 * contains the file descriptor for the pipe's stdout, *msg is unchanged,
1323 * and zero is returned. On failure, *msg will point to an error message
1324 * that must be g_free()d, and -1 will be returned.
1325 */
1326 int
1327 sync_interface_stats_open(int *data_read_fd, int *fork_child, gchar **msg, void (*update_cb)(void))
1328 {
1334 ssize_t nread;
1339 /*char *secondary_msg_text;*/
1349 }
1351 /* Ask for the interface statistics */
1354 #ifndef DEBUG_CHILD
1356 #ifdef _WIN32
1359 #else
1361 #endif
1362 #endif
1368 /*
1369 * We were able to set up to read dumpcap's output. Do so.
1370 *
1371 * First, wait for an SP_ERROR_MSG message or SP_SUCCESS message.
1372 */
1376 /* We got a read error from the sync pipe, or we got no data at
1377 all from the sync pipe, so we're not going to be getting any
1378 data or error message from the child process. Pick up its
1379 exit status, and complain.
1381 We don't have to worry about killing the child, if the sync pipe
1382 returned an error. Usually this error is caused as the child killed
1383 itself while going down. Even in the rare cases that this isn't the
1384 case, the child will get an error when writing to the broken pipe
1385 the next time, cleaning itself up then. */
1388 /* We got an EOF from the sync pipe. That means that it exited
1389 before giving us any data to read. If ret is -1, we report
1390 that as a bad exit (e.g., exiting due to a signal); otherwise,
1391 we report it as a premature exit. */
1394 else
1397 /* We got an error from the sync pipe. If ret is -1, report
1398 both the sync pipe I/O error and the wait error. */
1404 }
1405 }
1408 }
1410 /* we got a valid message block from the child, process it */
1414 /*
1415 * Error from dumpcap; there will be a primary message and a
1416 * secondary message.
1417 */
1419 /* convert primary message */
1422 /* convert secondary message */
1425 /*secondary_msg_text = primary_msg_text + primary_msg_len + 4;*/
1426 /* the capture child will close the sync_pipe, nothing to do */
1428 /*
1429 * Pick up the child status.
1430 */
1434 /*
1435 * Child process failed unexpectedly, or wait failed; msg is the
1436 * error message.
1437 */
1439 /*
1440 * Child process failed, but returned the expected exit status.
1441 * Return the messages it gave us, and indicate failure.
1442 */
1445 }
1449 /* Close the message pipe. */
1454 /*
1455 * Pick up the child status.
1456 */
1460 /*
1461 * Child process failed unexpectedly, or wait failed; msg is the
1462 * error message.
1463 */
1465 /*
1466 * Child process returned an unknown status.
1467 */
1469 indicator);
1471 }
1473 }
1475 }
1477 /* Close down the stats process */
1478 int
1480 {
1481 #ifndef _WIN32
1482 /*
1483 * Don't bother waiting for the child. sync_pipe_close_command
1484 * does this for us on Windows.
1485 */
1487 #endif
1489 }
1491 /* read a number of bytes from a pipe */
1492 /* (blocks until enough bytes read or an error occurs) */
1493 static ssize_t
1495 {
1496 ssize_t newly;
1503 /* EOF */
1508 }
1510 /* error */
1518 }
1522 }
1526 }
1531 DWORD bytes_avail;
1543 fd_set rfds;
1555 #endif
1556 }
1558 /* Read a line from a pipe, similar to fgets */
1559 int
1561 ssize_t newly;
1565 offset++;
1570 /* EOF - not necessarily an error */
1573 /* error */
1579 }
1580 }
1586 }
1589 /* convert header values (indicator and 3-byte length) */
1590 static void
1595 /* convert header values */
1598 }
1600 /* read a message from the sending pipe in the standard format
1601 (1-byte message indicator, 3-byte message length (excluding length
1602 and indicator field), and the rest is the message) */
1603 static ssize_t
1606 {
1608 ssize_t newly;
1611 /* read header (indicator and 3-byte length) */
1615 /*
1616 * Immediate EOF; if the capture child exits normally, this
1617 * is an "I'm done" indication, so don't report it as an
1618 * error.
1619 */
1623 }
1627 /*
1628 * Short read, but not an immediate EOF.
1629 */
1632 }
1634 }
1636 /* convert header values */
1639 /* only indicator with no value? */
1644 }
1646 /* does the data fit into the given buffer? */
1653 /* we have a problem here, try to read some more bytes from the pipe to debug where the problem really is */
1659 }
1661 msg);
1663 }
1666 /* read the actual block data */
1671 msg);
1672 }
1674 }
1676 /* XXX If message is "2part", the msg probably won't be sent to debug log correctly */
1682 }
1685 /* There's stuff to read from the sync pipe, meaning the child has sent
1686 us a message, or the sync pipe has closed, meaning the child has
1687 closed it (perhaps because it exited). */
1688 static gboolean
1690 {
1694 ssize_t nread;
1706 /* We got a read error, or a bad message, or an EOF, from the sync pipe.
1708 If we got a read error or a bad message, nread is -1 and
1709 primary_msg is set to point to an error message. We don't
1710 have to worry about killing the child; usually this error
1711 is caused as the child killed itself while going down.
1712 Even in the rare cases that this isn't the case, the child
1713 will get an error when writing to the broken pipe the next time,
1714 cleaning itself up then.
1716 If we got an EOF, nread is 0 and primary_msg isn't set. This
1717 is an indication that the capture is finished. */
1720 /* We got an EOF from the sync pipe. That means that the capture
1721 child exited, and not in the middle of a message; we treat
1722 that as an indication that it's done, and only report an
1723 error if ret is -1, in which case wait_msg is the error
1724 message. */
1728 /* We got an error from the sync pipe. If ret is -1, report
1729 both the sync pipe I/O error and the wait error. */
1735 }
1736 }
1738 /* No more child process. */
1742 #ifdef _WIN32
1744 #endif
1748 }
1750 /* we got a valid message block from the child, process it */
1754 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_input_cb: file failed, closing capture");
1756 /* We weren't able to open the new capture file; user has been
1757 alerted. Close the sync pipe. */
1760 /* The child has sent us a filename which we couldn't open.
1762 This could mean that the child is creating and deleting files
1763 (ring buffer mode) faster than we can handle it.
1765 That should only be the case for very fast file switches;
1766 We can't do much more than telling the child to stop.
1767 (This is the "emergency brake" if the user e.g. wants to
1768 switch files every second).
1770 This can also happen if the user specified "-", meaning
1771 "standard output", as the capture file. */
1775 }
1783 /* convert primary message */
1786 /* convert secondary message */
1789 /* message output */
1791 /* the capture child will close the sync_pipe, nothing to do for now */
1792 /* (an error message doesn't mean we have to stop capturing) */
1802 /* the capture child will close the sync_pipe, nothing to do for now */
1804 }
1810 }
1813 }
1817 /*
1818 * dumpcap is exiting; wait for it to exit. On success, *msgp is
1819 * unchanged, and the exit status of dumpcap is returned. On
1820 * failure (which includes "dumpcap exited due to being killed by
1821 * a signal or an exception"), *msgp points to an error message
1822 * for the failure, and -1 is returned. In the latter case, *msgp
1823 * must be freed with g_free().
1824 */
1825 static int
1827 {
1830 GTimeVal start_time;
1831 GTimeVal end_time;
1834 /*
1835 * GLIB_CHECK_VERSION(2,28,0) adds g_get_real_time which could minimize or
1836 * replace this
1837 */
1840 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_wait_for_child: wait till child closed");
1844 #ifdef _WIN32
1849 /*
1850 * The child exited; return its exit status. Do not treat this as
1851 * an error.
1852 */
1855 /* Probably an exception code */
1859 }
1860 }
1861 #else
1864 /*
1865 * The child exited; return its exit status. Do not treat this as
1866 * an error.
1867 */
1870 /* It stopped, rather than exiting. "Should not happen." */
1875 /* It died with a signal. */
1881 /* What? It had to either have exited, or stopped, or died with
1882 a signal; what happened here? */
1884 fork_child_status);
1886 }
1891 /* errno == ECHILD ; echld might have already reaped the child */
1893 }
1894 #endif
1899 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_DEBUG, "sync_pipe_wait_for_child: capture child closed after %.3fs", elapsed);
1901 }
1904 #ifndef _WIN32
1905 /* convert signal to corresponding name */
1908 {
1954 /* http://metalab.unc.edu/pub/Linux/docs/HOWTO/GCC-HOWTO
1955 Linux is POSIX compliant. These are not POSIX-defined signals ---
1956 ISO/IEC 9945-1:1990 (IEEE Std 1003.1-1990), paragraph B.3.3.1.1 sez:
1958 ``The signals SIGBUS, SIGEMT, SIGIOT, SIGTRAP, and SIGSYS
1959 were omitted from POSIX.1 because their behavior is
1960 implementation dependent and could not be adequately catego-
1961 rized. Conforming implementations may deliver these sig-
1962 nals, but must document the circumstances under which they
1963 are delivered and note any restrictions concerning their
1964 delivery.''
1966 So we only check for SIGSYS on those systems that happen to
1967 implement them (a system can be POSIX-compliant and implement
1968 them, it's just that POSIX doesn't *require* a POSIX-compliant
1969 system to implement them).
1970 */
1972 #ifdef SIGSYS
1976 #endif
1991 /* Returning a static buffer is ok in the context we use it here */
1995 }
1997 }
1998 #endif
2001 #ifdef _WIN32
2010 }
2012 /* Create the signal pipe */
2017 }
2019 /* tell the child through the signal pipe that we want to quit the capture */
2020 static void
2022 {
2028 /* it doesn't matter *what* we send here, the first byte will stop the capture */
2029 /* simply sending a "QUIT" string */
2030 /*pipe_write_block(cap_session->signal_pipe_write_fd, SP_QUIT, quit_msg);*/
2034 "signal_pipe_capquit_to_child: %d header: error %s", cap_session->signal_pipe_write_fd, g_strerror(errno));
2035 }
2036 }
2037 #endif
2040 /* user wants to stop the capture run */
2041 void
2043 {
2044 #ifdef _WIN32
2046 DWORD childstatus;
2048 #endif
2051 #ifndef _WIN32
2052 /* send the SIGINT signal to close the capture child gracefully. */
2057 }
2058 #else
2060 #define STOP_CHECK_TIME 50
2061 /* First, use the special signal pipe to try to close the capture child
2062 * gracefully.
2063 */
2066 /* Next, wait for the process to exit on its own */
2072 }
2074 }
2076 /* Force the issue. */
2081 }
2082 #endif
2083 }
2084 }
2087 /* Wireshark has to exit, force the capture child to close */
2088 void
2090 {
2092 #ifndef _WIN32
2097 }
2098 #else
2099 /* Remark: This is not the preferred method of closing a process!
2100 * the clean way would be getting the process id of the child process,
2101 * then getting window handle hWnd of that process (using EnumChildWindows),
2102 * and then do a SendMessage(hWnd, WM_CLOSE, 0, 0)
2103 *
2104 * Unfortunately, I don't know how to get the process id from the
2105 * handle. OpenProcess will get an handle (not a window handle)
2106 * from the process ID; it will not get a window handle from the
2107 * process ID. (How could it? A process can have more than one
2108 * window. For that matter, a process might have *no* windows,
2109 * as a process running dumpcap, the normal child process program,
2110 * probably does.)
2111 *
2112 * Hint: GenerateConsoleCtrlEvent() will only work if both processes are
2113 * running in the same console; that's not necessarily the case for
2114 * us, as we might not be running in a console.
2115 * And this also will require to have the process id.
2116 */
2118 #endif
2119 }
2120 }
2124 }