1 /* capture_opts.h 2 * Capture options (all parameters needed to do the actual capture) 3 * 4 * Wireshark - Network traffic analyzer 5 * By Gerald Combs <gerald@wireshark.org> 6 * Copyright 1998 Gerald Combs 7 * 8 * SPDX-License-Identifier: GPL-2.0-or-later 9 */ 10 11 12 /** @file 13 * 14 * Capture options (all parameters needed to do the actual capture) 15 * 16 */ 17 18 #ifndef __CAPTURE_OPTS_H__ 19 #define __CAPTURE_OPTS_H__ 20 21 #include <sys/types.h> /* for gid_t */ 22 23 #include <capture/capture_ifinfo.h> 24 #include "ringbuffer.h" 25 #include <wsutil/wslog.h> 26 27 #ifdef _WIN32 28 #include <windows.h> 29 #endif 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif /* __cplusplus */ 34 35 /* 36 * Long options. 37 * We do not currently have long options corresponding to all short 38 * options; we should probably pick appropriate option names for them. 39 * 40 * NOTE: 41 * for tshark, we're using a leading - in the optstring to prevent getopt() 42 * from permuting the argv[] entries, in this case, unknown argv[] entries 43 * will be returned as parameters to a dummy-option 1. 44 * In short: we must not use 1 here, which is another reason to use 45 * values outside the range of ASCII graphic characters. 46 */ 47 #define LONGOPT_LIST_TSTAMP_TYPES LONGOPT_BASE_CAPTURE+1 48 #define LONGOPT_SET_TSTAMP_TYPE LONGOPT_BASE_CAPTURE+2 49 #define LONGOPT_COMPRESS_TYPE LONGOPT_BASE_CAPTURE+3 50 51 /* 52 * Options for capturing common to all capturing programs. 53 */ 54 #ifdef HAVE_PCAP_REMOTE 55 #define OPTSTRING_A "A:" 56 #else 57 #define OPTSTRING_A 58 #endif 59 60 #ifdef CAN_SET_CAPTURE_BUFFER_SIZE 61 #define LONGOPT_BUFFER_SIZE \ 62 {"buffer-size", ws_required_argument, NULL, 'B'}, 63 #define OPTSTRING_B "B:" 64 #else 65 #define LONGOPT_BUFFER_SIZE 66 #define OPTSTRING_B 67 #endif 68 69 #ifdef HAVE_PCAP_CREATE 70 #define LONGOPT_MONITOR_MODE {"monitor-mode", ws_no_argument, NULL, 'I'}, 71 #define OPTSTRING_I "I" 72 #else 73 #define LONGOPT_MONITOR_MODE 74 #define OPTSTRING_I 75 #endif 76 77 #define LONGOPT_CAPTURE_COMMON \ 78 {"autostop", ws_required_argument, NULL, 'a'}, \ 79 {"ring-buffer", ws_required_argument, NULL, 'b'}, \ 80 LONGOPT_BUFFER_SIZE \ 81 {"list-interfaces", ws_no_argument, NULL, 'D'}, \ 82 {"interface", ws_required_argument, NULL, 'i'}, \ 83 LONGOPT_MONITOR_MODE \ 84 {"list-data-link-types", ws_no_argument, NULL, 'L'}, \ 85 {"no-promiscuous-mode", ws_no_argument, NULL, 'p'}, \ 86 {"snapshot-length", ws_required_argument, NULL, 's'}, \ 87 {"linktype", ws_required_argument, NULL, 'y'}, \ 88 {"list-time-stamp-types", ws_no_argument, NULL, LONGOPT_LIST_TSTAMP_TYPES}, \ 89 {"time-stamp-type", ws_required_argument, NULL, LONGOPT_SET_TSTAMP_TYPE}, \ 90 {"compress-type", ws_required_argument, NULL, LONGOPT_COMPRESS_TYPE}, 91 92 93 #define OPTSTRING_CAPTURE_COMMON \ 94 "a:" OPTSTRING_A "b:" OPTSTRING_B "c:Df:i:" OPTSTRING_I "Lps:y:" 95 96 #ifdef HAVE_PCAP_REMOTE 97 /* Type of capture source */ 98 typedef enum { 99 CAPTURE_IFLOCAL, /**< Local network interface */ 100 CAPTURE_IFREMOTE /**< Remote network interface */ 101 } capture_source; 102 103 /* Type of RPCAPD Authentication */ 104 typedef enum { 105 CAPTURE_AUTH_NULL, /**< No authentication */ 106 CAPTURE_AUTH_PWD /**< User/password authentication */ 107 } capture_auth; 108 #endif 109 #ifdef HAVE_PCAP_SETSAMPLING 110 /** 111 * Method of packet sampling (dropping some captured packets), 112 * may require additional integer parameter, marked here as N 113 */ 114 typedef enum { 115 CAPTURE_SAMP_NONE, /**< No sampling - capture all packets */ 116 CAPTURE_SAMP_BY_COUNT, /**< Counter-based sampling - 117 capture 1 packet from every N */ 118 CAPTURE_SAMP_BY_TIMER /**< Timer-based sampling - 119 capture no more than 1 packet 120 in N milliseconds */ 121 } capture_sampling; 122 #endif 123 124 #ifdef HAVE_PCAP_REMOTE 125 struct remote_host_info { 126 gchar *remote_host; /**< Host name or network address for remote capturing */ 127 gchar *remote_port; /**< TCP port of remote RPCAP server */ 128 capture_auth auth_type; /**< Authentication type */ 129 gchar *auth_username; /**< Remote authentication parameters */ 130 gchar *auth_password; /**< Remote authentication parameters */ 131 gboolean datatx_udp; 132 gboolean nocap_rpcap; 133 gboolean nocap_local; 134 }; 135 136 struct remote_host { 137 gchar *r_host; /**< Host name or network address for remote capturing */ 138 gchar *remote_port; /**< TCP port of remote RPCAP server */ 139 capture_auth auth_type; /**< Authentication type */ 140 gchar *auth_username; /**< Remote authentication parameters */ 141 gchar *auth_password; /**< Remote authentication parameters */ 142 }; 143 144 typedef struct remote_options_tag { 145 capture_source src_type; 146 struct remote_host_info remote_host_opts; 147 #ifdef HAVE_PCAP_SETSAMPLING 148 capture_sampling sampling_method; 149 int sampling_param; 150 #endif 151 } remote_options; 152 #endif /* HAVE_PCAP_REMOTE */ 153 154 typedef struct interface_tag { 155 gchar *name; 156 gchar *display_name; 157 gchar *friendly_name; 158 gchar *vendor_description; 159 guint type; 160 gchar *addresses; 161 gint no_addresses; 162 gchar *cfilter; 163 GList *links; 164 gint active_dlt; 165 gboolean pmode; 166 gboolean has_snaplen; 167 int snaplen; 168 gboolean local; 169 #ifdef CAN_SET_CAPTURE_BUFFER_SIZE 170 gint buffer; 171 #endif 172 #ifdef HAVE_PCAP_CREATE 173 gboolean monitor_mode_enabled; 174 gboolean monitor_mode_supported; 175 #endif 176 #ifdef HAVE_PCAP_REMOTE 177 remote_options remote_opts; 178 #endif 179 guint32 last_packets; 180 guint32 packet_diff; 181 if_info_t if_info; 182 gboolean selected; 183 gboolean hidden; 184 /* External capture cached data */ 185 GHashTable *external_cap_args_settings; 186 gchar *timestamp_type; 187 } interface_t; 188 189 typedef struct link_row_tag { 190 gchar *name; 191 gint dlt; 192 } link_row; 193 194 typedef struct interface_options_tag { 195 gchar *name; /* the name of the interface supplied to libpcap/WinPcap/Npcap to specify the interface */ 196 gchar *descr; /* a more user-friendly description of the interface; may be NULL if none */ 197 gchar *hardware; /* description of the hardware */ 198 gchar *display_name; /* the name displayed in the console and title bar */ 199 gchar *ifname; /* if not null, name to use instead of the interface naem in IDBs */ 200 gchar *cfilter; 201 gboolean has_snaplen; 202 int snaplen; 203 int linktype; 204 gboolean promisc_mode; 205 interface_type if_type; 206 gchar *extcap; 207 gchar *extcap_fifo; 208 GHashTable *extcap_args; 209 GPid extcap_pid; /* pid of running process or WS_INVALID_PID */ 210 gpointer extcap_pipedata; 211 guint extcap_child_watch; 212 #ifdef _WIN32 213 HANDLE extcap_pipe_h; 214 HANDLE extcap_control_in_h; 215 HANDLE extcap_control_out_h; 216 #endif 217 gchar *extcap_control_in; 218 gchar *extcap_control_out; 219 #ifdef CAN_SET_CAPTURE_BUFFER_SIZE 220 int buffer_size; 221 #endif 222 gboolean monitor_mode; 223 #ifdef HAVE_PCAP_REMOTE 224 capture_source src_type; 225 gchar *remote_host; 226 gchar *remote_port; 227 capture_auth auth_type; 228 gchar *auth_username; 229 gchar *auth_password; 230 gboolean datatx_udp; 231 gboolean nocap_rpcap; 232 gboolean nocap_local; 233 #endif 234 #ifdef HAVE_PCAP_SETSAMPLING 235 capture_sampling sampling_method; 236 int sampling_param; 237 #endif 238 gchar *timestamp_type; /* requested timestamp as string */ 239 int timestamp_type_id; /* Timestamp type to pass to pcap_set_tstamp_type. 240 only valid if timestamp_type != NULL */ 241 } interface_options; 242 243 /** Capture options coming from user interface */ 244 typedef struct capture_options_tag { 245 /* general */ 246 GArray *ifaces; /**< the interfaces to use for the 247 next capture, entries are of 248 type interface_options */ 249 GArray *all_ifaces; /**< all interfaces, entries are 250 of type interface_t */ 251 int ifaces_err; /**< if all_ifaces is null, the error 252 when it was fetched, if any */ 253 gchar *ifaces_err_info; /**< error string for that error */ 254 guint num_selected; 255 256 /* 257 * Options to be applied to all interfaces. 258 * 259 * Some of these can be set from the GUI, others can't; setting 260 * the link-layer header type, for example, doesn't necessarily 261 * make sense, as different interfaces may support different sets 262 * of link-layer header types. 263 * 264 * Some that can't be set from the GUI can be set from the command 265 * line, by specifying them before any interface is specified. 266 * This includes the link-layer header type, so if somebody asks 267 * for a link-layer header type that an interface on which they're 268 * capturing doesn't support, we should report an error and fail 269 * to capture. 270 * 271 * These can be overridden per-interface. 272 */ 273 interface_options default_options; 274 275 gboolean saving_to_file; /**< TRUE if capture is writing to a file */ 276 gchar *save_file; /**< the capture file name */ 277 gboolean group_read_access; /**< TRUE is group read permission needs to be set */ 278 gboolean use_pcapng; /**< TRUE if file format is pcapng */ 279 280 /* GUI related */ 281 gboolean real_time_mode; /**< Update list of packets in real time */ 282 gboolean show_info; /**< show the info dialog. */ 283 gboolean restart; /**< restart after closing is done */ 284 gchar *orig_save_file; /**< the original capture file name (saved for a restart) */ 285 286 /* multiple files (and ringbuffer) */ 287 gboolean multi_files_on; /**< TRUE if ring buffer in use */ 288 289 gboolean has_file_duration; /**< TRUE if ring duration specified */ 290 gdouble file_duration; /**< Switch file after n seconds */ 291 gboolean has_file_interval; /**< TRUE if ring interval specified */ 292 gint32 file_interval; /**< Create time intervals of n seconds */ 293 gboolean has_file_packets; /**< TRUE if ring packet count is 294 specified */ 295 int file_packets; /**< Switch file after n packets */ 296 gboolean has_ring_num_files; /**< TRUE if ring num_files specified */ 297 guint32 ring_num_files; /**< Number of multiple buffer files */ 298 gboolean has_nametimenum; /**< TRUE if file name has date part before num part */ 299 300 /* autostop conditions */ 301 gboolean has_autostop_files; /**< TRUE if maximum number of capture files 302 are specified */ 303 int autostop_files; /**< Maximum number of capture files */ 304 305 gboolean has_autostop_packets; /**< TRUE if maximum packet count is 306 specified */ 307 int autostop_packets; /**< Maximum packet count */ 308 gboolean has_autostop_filesize; /**< TRUE if maximum capture file size 309 is specified */ 310 guint32 autostop_filesize; /**< Maximum capture file size in kB */ 311 gboolean has_autostop_duration; /**< TRUE if maximum capture duration 312 is specified */ 313 gdouble autostop_duration; /**< Maximum capture duration */ 314 315 gboolean print_file_names; /**< TRUE if printing names of completed 316 files as we close them */ 317 gchar *print_name_to; /**< output file name */ 318 319 /* internally used (don't touch from outside) */ 320 gboolean output_to_pipe; /**< save_file is a pipe (named or stdout) */ 321 gboolean capture_child; /**< hidden option: Wireshark child mode */ 322 gchar *compress_type; /**< compress type */ 323 } capture_options; 324 325 /* initialize the capture_options with some reasonable values */ 326 extern void 327 capture_opts_init(capture_options *capture_opts); 328 329 /* clean internal structures */ 330 extern void 331 capture_opts_cleanup(capture_options *capture_opts); 332 333 /* set a command line option value */ 334 extern int 335 capture_opts_add_opt(capture_options *capture_opts, int opt, const char *ws_optarg); 336 337 /* log content of capture_opts */ 338 extern void 339 capture_opts_log(const char *domain, enum ws_log_level level, capture_options *capture_opts); 340 341 enum caps_query { 342 CAPS_QUERY_LINK_TYPES = 0x1, 343 CAPS_QUERY_TIMESTAMP_TYPES = 0x2 344 }; 345 346 /* print interface capabilities, including link layer types */ 347 extern int 348 capture_opts_print_if_capabilities(if_capabilities_t *caps, 349 interface_options *interface_opts, 350 int queries); 351 352 /* print list of interfaces */ 353 extern void 354 capture_opts_print_interfaces(GList *if_list); 355 356 /* trim the snaplen entry */ 357 extern void 358 capture_opts_trim_snaplen(capture_options *capture_opts, int snaplen_min); 359 360 /* trim the ring_num_files entry */ 361 extern void 362 capture_opts_trim_ring_num_files(capture_options *capture_opts); 363 364 /* pick default interface if none was specified */ 365 extern int 366 capture_opts_default_iface_if_necessary(capture_options *capture_opts, 367 const char *capture_device); 368 369 extern void 370 capture_opts_del_iface(capture_options *capture_opts, guint if_index); 371 372 extern void 373 collect_ifaces(capture_options *capture_opts); 374 375 extern void 376 capture_opts_free_interface_t(interface_t *device); 377 378 /* Default capture buffer size in Mbytes. */ 379 #define DEFAULT_CAPTURE_BUFFER_SIZE 2 380 381 #ifdef __cplusplus 382 } 383 #endif /* __cplusplus */ 384 385 #endif /* __CAPTURE_OPTS_H__ */ 386 387 /* 388 * Editor modelines - https://www.wireshark.org/tools/modelines.html 389 * 390 * Local variables: 391 * c-basic-offset: 4 392 * tab-width: 8 393 * indent-tabs-mode: nil 394 * End: 395 * 396 * vi: set shiftwidth=4 tabstop=8 expandtab: 397 * :indentSize=4:tabSize=8:noTabs=true: 398 */ 399