search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO: smb2: simplify preauth_hash calculation..."
[wireshark-sm.git] / ringbuffer.c
blob9fbdcdaeb379ba0e02420592049ca714754a854a
1 /* ringbuffer.c
2 * Routines for packet capture windows
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 /*
12 * <laurent.deniel@free.fr>
13 *
14 * Almost completely rewritten in order to:
15 *
16 * - be able to use a unlimited number of ringbuffer files
17 * - close the current file and open (truncating) the next file at switch
18 * - set the final file name once open (or reopen)
19 * - avoid the deletion of files that could not be truncated (can't arise now)
20 * and do not erase empty files
21 *
22 * The idea behind that is to remove the limitation of the maximum # of
23 * ringbuffer files being less than the maximum # of open fd per process
24 * and to be able to reduce the amount of virtual memory usage (having only
25 * one file open at most) or the amount of file system usage (by truncating
26 * the files at switch and not the capture stop, and by closing them which
27 * makes possible their move or deletion after a switch).
28 *
29 */
30
31 #include <config.h>
32
33 #ifdef HAVE_LIBPCAP
34
35 #include <stdio.h>
36 #include <string.h>
37 #include <time.h>
38 #include <errno.h>
39 #include <stdlib.h>
40 #include <glib.h>
41
42 #include <pcap.h>
43
44 #include <glib.h>
45
46 #ifdef HAVE_UNISTD_H
47 #include <unistd.h>
48 #endif
49
50 #ifdef _WIN32
51 #include <wsutil/win32-utils.h>
52 #endif
53
54 #include "ringbuffer.h"
55 #include <wsutil/array.h>
56 #include <wsutil/file_util.h>
57
58 #ifdef HAVE_ZLIB
59 #include <zlib.h>
60 #endif
61
62 /* Ringbuffer file structure */
63 typedef struct _rb_file {
64 gchar *name;
65 } rb_file;
66
67 #define MAX_FILENAME_QUEUE 100
68
69 /** Ringbuffer data structure */
70 typedef struct _ringbuf_data {
71 rb_file *files;
72 guint num_files; /**< Number of ringbuffer files (1 to ...) */
73 guint curr_file_num; /**< Number of the current file (ever increasing) */
74 gchar *fprefix; /**< Filename prefix */
75 gchar *fsuffix; /**< Filename suffix */
76 gboolean nametimenum; /**< ...num_time... or ...time_num... */
77 gboolean unlimited; /**< TRUE if unlimited number of files */
78
79 int fd; /**< Current ringbuffer file descriptor */
80 FILE *pdh;
81 char *io_buffer; /**< The IO buffer used to write to the file */
82 gboolean group_read_access; /**< TRUE if files need to be opened with group read access */
83 FILE *name_h; /**< write names of completed files to this handle */
84 gchar *compress_type; /**< compress type */
85
86 GMutex mutex; /**< mutex for oldnames */
87 gchar *oldnames[MAX_FILENAME_QUEUE]; /**< filename list of pending to be deleted */
88 } ringbuf_data;
89
90 static ringbuf_data rb_data;
91
92 /*
93 * delete pending uncompressed pcap files.
94 */
95 static void
96 CleanupOldCap(gchar* name)
97 {
98 ws_statb64 statb;
99 size_t i;
100
101 g_mutex_lock(&rb_data.mutex);
102
103 /* Delete pending delete file */
104 for (i = 0; i < array_length(rb_data.oldnames); i++) {
105 if (rb_data.oldnames[i] != NULL) {
106 ws_unlink(rb_data.oldnames[i]);
107 if (ws_stat64(rb_data.oldnames[i], &statb) != 0) {
108 g_free(rb_data.oldnames[i]);
109 rb_data.oldnames[i] = NULL;
110 }
111 }
112 }
113
114 if (name) {
115 /* push the current file to pending list if it failed to delete */
116 if (ws_stat64(name, &statb) == 0) {
117 for (i = 0; i < array_length(rb_data.oldnames); i++) {
118 if (rb_data.oldnames[i] == NULL) {
119 rb_data.oldnames[i] = g_strdup(name);
120 break;
121 }
122 }
123 }
124 }
125
126 g_mutex_unlock(&rb_data.mutex);
127 }
128
129 #ifdef HAVE_ZLIB
130 /*
131 * compress capture file
132 */
133 static int
134 ringbuf_exec_compress(gchar* name)
135 {
136 guint8 *buffer = NULL;
137 gchar* outgz = NULL;
138 int fd = -1;
139 ssize_t nread;
140 gboolean delete_org_file = TRUE;
141 gzFile fi = NULL;
142
143 fd = ws_open(name, O_RDONLY | O_BINARY, 0000);
144 if (fd < 0) {
145 return -1;
146 }
147
148 outgz = ws_strdup_printf("%s.gz", name);
149 fi = gzopen(outgz, "wb");
150 g_free(outgz);
151 if (fi == NULL) {
152 ws_close(fd);
153 return -1;
154 }
155
156 #define FS_READ_SIZE 65536
157 buffer = (guint8*)g_malloc(FS_READ_SIZE);
158 if (buffer == NULL) {
159 ws_close(fd);
160 gzclose(fi);
161 return -1;
162 }
163
164 while ((nread = ws_read(fd, buffer, FS_READ_SIZE)) > 0) {
165 int n = gzwrite(fi, buffer, (unsigned int)nread);
166 if (n <= 0) {
167 /* mark compression as failed */
168 delete_org_file = FALSE;
169 break;
170 }
171 }
172 if (nread < 0) {
173 /* mark compression as failed */
174 delete_org_file = FALSE;
175 }
176 ws_close(fd);
177 gzclose(fi);
178 g_free(buffer);
179
180 /* delete the original file only if compression succeeds */
181 if (delete_org_file) {
182 ws_unlink(name);
183 CleanupOldCap(name);
184 }
185 g_free(name);
186 return 0;
187 }
188
189 /*
190 * thread to compress capture file
191 */
192 static void*
193 exec_compress_thread(void* arg)
194 {
195 ringbuf_exec_compress((gchar*)arg);
196 return NULL;
197 }
198
199 /*
200 * start a thread to compress capture file
201 */
202 static int
203 ringbuf_start_compress_file(rb_file* rfile)
204 {
205 gchar* name = g_strdup(rfile->name);
206 g_thread_new("exec_compress", &exec_compress_thread, name);
207 return 0;
208 }
209 #endif
210
211 /*
212 * create the next filename and open a new binary file with that name
213 */
214 static int
215 ringbuf_open_file(rb_file *rfile, int *err)
216 {
217 char filenum[5+1];
218 char timestr[14+1];
219 time_t current_time;
220 struct tm *tm;
221
222 if (rfile->name != NULL) {
223 if (rb_data.unlimited == FALSE) {
224 /* remove old file (if any, so ignore error) */
225 ws_unlink(rfile->name);
226 }
227 #ifdef HAVE_ZLIB
228 else if (rb_data.compress_type != NULL && strcmp(rb_data.compress_type, "gzip") == 0) {
229 ringbuf_start_compress_file(rfile);
230 }
231 #endif
232 g_free(rfile->name);
233 }
234
235 #ifdef _WIN32
236 _tzset();
237 #endif
238 current_time = time(NULL);
239
240 snprintf(filenum, sizeof(filenum), "%05u", (rb_data.curr_file_num + 1) % RINGBUFFER_MAX_NUM_FILES);
241 tm = localtime(&current_time);
242 if (tm != NULL)
243 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", tm);
244 else
245 (void) g_strlcpy(timestr, "196912312359", sizeof(timestr)); /* second before the Epoch */
246 if (rb_data.nametimenum) {
247 rfile->name = g_strconcat(rb_data.fprefix, "_", timestr, "_", filenum, rb_data.fsuffix, NULL);
248 } else {
249 rfile->name = g_strconcat(rb_data.fprefix, "_", filenum, "_", timestr, rb_data.fsuffix, NULL);
250 }
251
252 if (rfile->name == NULL) {
253 if (err != NULL)
254 *err = ENOMEM;
255 return -1;
256 }
257
258 rb_data.fd = ws_open(rfile->name, O_RDWR|O_BINARY|O_TRUNC|O_CREAT,
259 rb_data.group_read_access ? 0640 : 0600);
260
261 if (rb_data.fd == -1 && err != NULL) {
262 *err = errno;
263 }
264
265 return rb_data.fd;
266 }
267
268 /*
269 * Initialize the ringbuffer data structures
270 */
271 int
272 ringbuf_init(const char *capfile_name, guint num_files, gboolean group_read_access,
273 gchar *compress_type, gboolean has_nametimenum)
274 {
275 unsigned int i;
276 char *pfx;
277 char *dir_name, *base_name;
278
279 rb_data.files = NULL;
280 rb_data.curr_file_num = 0;
281 rb_data.fprefix = NULL;
282 rb_data.fsuffix = NULL;
283 rb_data.nametimenum = has_nametimenum;
284 rb_data.unlimited = FALSE;
285 rb_data.fd = -1;
286 rb_data.pdh = NULL;
287 rb_data.io_buffer = NULL;
288 rb_data.group_read_access = group_read_access;
289 rb_data.name_h = NULL;
290 rb_data.compress_type = compress_type;
291 g_mutex_init(&rb_data.mutex);
292
293 /* just to be sure ... */
294 if (num_files <= RINGBUFFER_MAX_NUM_FILES) {
295 rb_data.num_files = num_files;
296 } else {
297 rb_data.num_files = RINGBUFFER_MAX_NUM_FILES;
298 }
299
300 /* Check file name */
301 if (capfile_name == NULL) {
302 /* ringbuffer does not work with temporary files! */
303 return -1;
304 }
305
306 /* set file name prefix/suffix */
307
308 base_name = g_path_get_basename(capfile_name);
309 dir_name = g_path_get_dirname(capfile_name);
310 pfx = strrchr(base_name, '.');
311 if (pfx != NULL) {
312 /* The basename has a "." in it.
313
314 Treat it as a separator between the rest of the file name and
315 the file name suffix, and arrange that the names given to the
316 ring buffer files have the specified suffix, i.e. put the
317 changing part of the name *before* the suffix.
318
319 XXX - If we ever handle writing compressed files directly
320 (#19159) make sure we deal with any compression suffix
321 appropriately. */
322 pfx[0] = '\0';
323 rb_data.fprefix = g_build_filename(dir_name, base_name, NULL);
324 pfx[0] = '.'; /* restore capfile_name */
325 rb_data.fsuffix = g_strdup(pfx);
326 } else {
327 /* The last component has no suffix. */
328 rb_data.fprefix = g_strdup(capfile_name);
329 rb_data.fsuffix = NULL;
330 }
331 g_free(dir_name);
332 g_free(base_name);
333
334 /* allocate rb_file structures (only one if unlimited since there is no
335 need to save all file names in that case) */
336
337 if (num_files == RINGBUFFER_UNLIMITED_FILES) {
338 rb_data.unlimited = TRUE;
339 rb_data.num_files = 1;
340 }
341
342 rb_data.files = g_new(rb_file, rb_data.num_files);
343 if (rb_data.files == NULL) {
344 return -1;
345 }
346
347 for (i=0; i < rb_data.num_files; i++) {
348 rb_data.files[i].name = NULL;
349 }
350
351 /* create the first file */
352 if (ringbuf_open_file(&rb_data.files[0], NULL) == -1) {
353 ringbuf_error_cleanup();
354 return -1;
355 }
356
357 return rb_data.fd;
358 }
359
360 /*
361 * Set name of file to which to print ringbuffer file names.
362 */
363 gboolean
364 ringbuf_set_print_name(gchar *name, int *err)
365 {
366 if (rb_data.name_h != NULL) {
367 if (EOF == fclose(rb_data.name_h)) {
368 if (err != NULL) {
369 *err = errno;
370 }
371 return FALSE;
372 }
373 }
374 if (!strcmp(name, "-") || !strcmp(name, "stdout")) {
375 rb_data.name_h = stdout;
376 } else if (!strcmp(name, "stderr")) {
377 rb_data.name_h = stderr;
378 } else {
379 if (NULL == (rb_data.name_h = ws_fopen(name, "wt"))) {
380 if (err != NULL) {
381 *err = errno;
382 }
383 return FALSE;
384 }
385 }
386 return TRUE;
387 }
388
389 /*
390 * Whether the ringbuf filenames are ready.
391 * (Whether ringbuf_init is called and ringbuf_free is not called.)
392 */
393 gboolean
394 ringbuf_is_initialized(void)
395 {
396 return rb_data.files != NULL;
397 }
398
399 const gchar *
400 ringbuf_current_filename(void)
401 {
402 return rb_data.files[rb_data.curr_file_num % rb_data.num_files].name;
403 }
404
405 /*
406 * Calls ws_fdopen() for the current ringbuffer file
407 */
408 FILE *
409 ringbuf_init_libpcap_fdopen(int *err)
410 {
411 rb_data.pdh = ws_fdopen(rb_data.fd, "wb");
412 if (rb_data.pdh == NULL) {
413 if (err != NULL) {
414 *err = errno;
415 }
416 } else {
417 size_t buffsize = IO_BUF_SIZE;
418 #ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
419 ws_statb64 statb;
420
421 if (ws_fstat64(rb_data.fd, &statb) == 0) {
422 if (statb.st_blksize > IO_BUF_SIZE) {
423 buffsize = statb.st_blksize;
424 }
425 }
426 #endif
427 /* Increase the size of the IO buffer */
428 rb_data.io_buffer = (char *)g_realloc(rb_data.io_buffer, buffsize);
429 setvbuf(rb_data.pdh, rb_data.io_buffer, _IOFBF, buffsize);
430 }
431
432 return rb_data.pdh;
433 }
434
435 /*
436 * Switches to the next ringbuffer file
437 */
438 gboolean
439 ringbuf_switch_file(FILE **pdh, gchar **save_file, int *save_file_fd, int *err)
440 {
441 int next_file_index;
442 rb_file *next_rfile = NULL;
443
444 /* close current file */
445
446 if (fclose(rb_data.pdh) == EOF) {
447 if (err != NULL) {
448 *err = errno;
449 }
450 ws_close(rb_data.fd); /* XXX - the above should have closed this already */
451 rb_data.pdh = NULL; /* it's still closed, we just got an error while closing */
452 rb_data.fd = -1;
453 g_free(rb_data.io_buffer);
454 rb_data.io_buffer = NULL;
455 return FALSE;
456 }
457
458 rb_data.pdh = NULL;
459 rb_data.fd = -1;
460
461 if (rb_data.name_h != NULL) {
462 fprintf(rb_data.name_h, "%s\n", ringbuf_current_filename());
463 fflush(rb_data.name_h);
464 }
465
466 /* get the next file number and open it */
467
468 rb_data.curr_file_num++ /* = next_file_num*/;
469 next_file_index = (rb_data.curr_file_num) % rb_data.num_files;
470 next_rfile = &rb_data.files[next_file_index];
471
472 if (ringbuf_open_file(next_rfile, err) == -1) {
473 return FALSE;
474 }
475
476 if (ringbuf_init_libpcap_fdopen(err) == NULL) {
477 return FALSE;
478 }
479
480 /* switch to the new file */
481 *save_file = next_rfile->name;
482 *save_file_fd = rb_data.fd;
483 (*pdh) = rb_data.pdh;
484
485 return TRUE;
486 }
487
488 /*
489 * Calls fclose() for the current ringbuffer file
490 */
491 gboolean
492 ringbuf_libpcap_dump_close(gchar **save_file, int *err)
493 {
494 gboolean ret_val = TRUE;
495
496 /* close current file, if it's open */
497 if (rb_data.pdh != NULL) {
498 if (fclose(rb_data.pdh) == EOF) {
499 if (err != NULL) {
500 *err = errno;
501 }
502 ws_close(rb_data.fd);
503 ret_val = FALSE;
504 }
505 rb_data.pdh = NULL;
506 rb_data.fd = -1;
507 g_free(rb_data.io_buffer);
508 rb_data.io_buffer = NULL;
509
510 }
511
512 if (rb_data.name_h != NULL) {
513 fprintf(rb_data.name_h, "%s\n", ringbuf_current_filename());
514 fflush(rb_data.name_h);
515
516 if (EOF == fclose(rb_data.name_h)) {
517 /* Can't really do much about this, can we? */
518 }
519 }
520
521 /* set the save file name to the current file */
522 *save_file = rb_data.files[rb_data.curr_file_num % rb_data.num_files].name;
523 return ret_val;
524 }
525
526 /*
527 * Frees all memory allocated by the ringbuffer
528 */
529 void
530 ringbuf_free(void)
531 {
532 unsigned int i;
533
534 if (rb_data.files != NULL) {
535 for (i=0; i < rb_data.num_files; i++) {
536 if (rb_data.files[i].name != NULL) {
537 g_free(rb_data.files[i].name);
538 rb_data.files[i].name = NULL;
539 }
540 }
541 g_free(rb_data.files);
542 rb_data.files = NULL;
543 }
544 if (rb_data.fprefix != NULL) {
545 g_free(rb_data.fprefix);
546 rb_data.fprefix = NULL;
547 }
548 if (rb_data.fsuffix != NULL) {
549 g_free(rb_data.fsuffix);
550 rb_data.fsuffix = NULL;
551 }
552
553 CleanupOldCap(NULL);
554 }
555
556 /*
557 * Frees all memory allocated by the ringbuffer
558 */
559 void
560 ringbuf_error_cleanup(void)
561 {
562 unsigned int i;
563
564 /* try to close via wtap */
565 if (rb_data.pdh != NULL) {
566 if (fclose(rb_data.pdh) == 0) {
567 rb_data.fd = -1;
568 }
569 rb_data.pdh = NULL;
570 }
571
572 /* close directly if still open */
573 if (rb_data.fd != -1) {
574 ws_close(rb_data.fd);
575 rb_data.fd = -1;
576 }
577
578 if (rb_data.files != NULL) {
579 for (i=0; i < rb_data.num_files; i++) {
580 if (rb_data.files[i].name != NULL) {
581 ws_unlink(rb_data.files[i].name);
582 }
583 }
584 }
585 g_free(rb_data.io_buffer);
586 rb_data.io_buffer = NULL;
587
588 if (rb_data.name_h != NULL) {
589 if (EOF == fclose(rb_data.name_h)) {
590 /* Can't really do much about this, can we? */
591 }
592 }
593
594 /* free the memory */
595 ringbuf_free();
596 }
597
598 #endif /* HAVE_LIBPCAP */
Metzes wireshark repo