2 files changed, 48 insertions, 15 deletions
diff --git a/libopie2/opienet/opcap.cpp b/libopie2/opienet/opcap.cpp
index bef9182..1de7124 100644
--- a/libopie2/opienet/opcap.cpp
+++ b/libopie2/opienet/opcap.cpp
@@ -819,208 +819,228 @@ OWaveLanControlPacket::~OWaveLanControlPacket()
 /*======================================================================================
 * OPacketCapturer
 *======================================================================================*/
 OPacketCapturer::OPacketCapturer( QObject* parent, const char* name )
                 :QObject( parent, name ), _name( QString::null ), _open( false ),
                 _pch( 0 ), _pcd( 0 ), _sn( 0 )
 {
 }
 OPacketCapturer::~OPacketCapturer()
 {
    if ( _open )
    {
        qDebug( "OPacketCapturer::~OPacketCapturer(): pcap still open, autoclosing." );
        close();
    }
 }
 void OPacketCapturer::setBlocking( bool b )
 {
    if ( pcap_setnonblock( _pch, 1-b, _errbuf ) != -1 )
    {
        qDebug( "OPacketCapturer::setBlocking(): blocking mode changed successfully." );
    }
    else
    {
        qDebug( "OPacketCapturer::setBlocking(): can't change blocking mode: %s", _errbuf );
    }
 }
 bool OPacketCapturer::blocking() const
 {
    int b = pcap_getnonblock( _pch, _errbuf );
    if ( b == -1 )
    {
        qDebug( "OPacketCapturer::blocking(): can't get blocking mode: %s", _errbuf );
        return -1;
    }
    return !b;
 }
+void OPacketCapturer::closeDumpFile()
+{
+    if ( _pcd )
+    {
+        pcap_dump_close( _pcd );
+        _pcd = 0;
+    }
+    pcap_close( _pch );
+}
 void OPacketCapturer::close()
 {
    if ( _open )
    {
        if ( _sn )
        {
            _sn->disconnect( SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
            delete _sn;
        }
-        if ( _pcd )
+        closeDumpFile();
-        {
+    _open = false;
-            pcap_dump_close( _pcd );
-            _pcd = 0;
-        }
-        pcap_close( _pch );
-        _open = false;
    }
    qDebug( "OPacketCapturer::close() --- dumping capturing statistics..." );
    qDebug( "--------------------------------------------------" );
    for( QMap<QString,int>::Iterator it = _stats.begin(); it != _stats.end(); ++it )
        qDebug( "%s : %d", (const char*) it.key(), it.data() );
    qDebug( "--------------------------------------------------" );
 }
 int OPacketCapturer::dataLink() const
 {
    return pcap_datalink( _pch );
 }
+void OPacketCapturer::dump( OPacket* p )
+{
+    if ( !_pcd )
+    {
+        qWarning( "OPacketCapturer::dump() - cannot dump without open capture file!" );
+        return;
+    }
+    pcap_dump( (u_char*) _pcd, &p->_hdr, p->_data );
+}
 int OPacketCapturer::fileno() const
 {
    if ( _open )
    {
        return pcap_fileno( _pch );
    }
    else
    {
        return -1;
    }
 }
 OPacket* OPacketCapturer::next()
 {
    packetheaderstruct header;
    qDebug( "==> OPacketCapturer::next()" );
    const unsigned char* pdata = pcap_next( _pch, &header );
    qDebug( "<== OPacketCapturer::next()" );
-    if ( _pcd )
-        pcap_dump( (u_char*) _pcd, &header, pdata );
    if ( pdata && header.len )
    {
        OPacket* p = new OPacket( dataLink(), header, pdata, 0 );
        // packets shouldn't be inserted in the QObject child-parent hierarchy,
        // because due to memory constraints they will be deleted as soon
        // as possible - that is right after they have been processed
        // by emit() [ see below ]
        //TODO: make gathering statistics optional, because it takes time
        p->updateStats( _stats, const_cast<QObjectList*>( p->children() ) );
        return p;
    }
    else
    {
        qWarning( "OPacketCapturer::next() - no packet received!" );
        return 0;
    }
 }
-bool OPacketCapturer::open( const QString& name, const QString& filename )
+bool OPacketCapturer::open( const QString& name )
 {
    if ( _open )
    {
        if ( name == _name )    // ignore opening an already openend device
        {
            return true;
        }
        else                    // close the last opened device
        {
            close();
        }
    }
    _name = name;
    // open libpcap
    pcap_t* handle = pcap_open_live( const_cast<char*>( (const char*) name ), 1024, 0, 0, &_errbuf[0] );
    if ( !handle )
    {
        qWarning( "OPacketCapturer::open(): can't open libpcap with '%s': %s", (const char*) name, _errbuf );
        return false;
    }
    qDebug( "OPacketCapturer::open(): libpcap [%s] opened successfully.", (const char*) name );
    _pch = handle;
    _open = true;
    _stats.clear();
    // in case we have an application object, create a socket notifier
    if ( qApp ) //TODO: I don't like this here...
    {
        _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read );
        connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
    }
-    // if requested, open a dump
+    return true;
+}
+bool OPacketCapturer::openDumpFile( const QString& filename )
+{
    pcap_dumper_t* dump = pcap_dump_open( _pch, const_cast<char*>( (const char*) filename ) );
    if ( !dump )
    {
        qWarning( "OPacketCapturer::open(): can't open dump with '%s': %s", (const char*) filename, _errbuf );
        return false;
    }
    qDebug( "OPacketCapturer::open(): dump [%s] opened successfully.", (const char*) filename );
    _pcd = dump;
    return true;
 }
 bool OPacketCapturer::open( const QFile& file )
 {
    QString name = file.name();
    if ( _open )
    {
        close();
        if ( name == _name )    // ignore opening an already openend device
        {
            return true;
        }
        else                    // close the last opened device
        {
            close();
        }
    }
    _name = name;
    pcap_t* handle = pcap_open_offline( const_cast<char*>( (const char*) name ), &_errbuf[0] );
    if ( handle )
    {
        qDebug( "OPacketCapturer::open(): libpcap opened successfully." );
        _pch = handle;
        _open = true;
        // in case we have an application object, create a socket notifier
        if ( qApp )
        {
            _sn = new QSocketNotifier( fileno(), QSocketNotifier::Read );
            connect( _sn, SIGNAL( activated(int) ), this, SLOT( readyToReceive() ) );
        }
        return true;
diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h
index ad5b07c..9119972 100644
--- a/libopie2/opienet/opcap.h
+++ b/libopie2/opienet/opcap.h
@@ -70,96 +70,98 @@ class QSocketNotifier;
 *======================================================================================*/
 /** @brief A class representing a data frame on the wire.
 *
 * The whole family of the packet classes are used when capturing frames from a network.
 * Most standard network protocols in use share a common architecture, which mostly is
 * a packet header and then the packet payload. In layered architectures, each lower layer
 * encapsulates data from its upper layer - that is it
 * treats the data from its upper layer as payload and prepends an own header to the packet,
 * which - again - is treated as the payload for the layer below. The figure below is an
 * example for how such a data frame is composed out of packets, e.g. when sending a mail.
 *
 * <pre>
 *                                                       | User Data |     == Mail Data
 *                                         | SMTP Header | User Data |     == SMTP
 *                           | TCP Header  | SMTP Header | User Data |     == TCP
 *               | IP Header | TCP Header  | SMTP Header | User Data |     == IP
 *  | MAC Header | IP Header | TCP Header  | SMTP Header | User Data |     == MAC
 *
 * </pre>
 *
 * The example is trimmed for simplicity, because the MAC (Medium Access Control) layer
 * also contains a few more levels of encapsulation.
 * Since the type of the payload is more or less independent from the encapsulating protocol,
 * the header must be inspected before attempting to decode the payload. Hence, the
 * encapsulation level varies and can't be deduced without actually looking into the packets.
 *
 * For actually working with captured frames, it's useful to identify the packets via names and
 * insert them into a parent/child - relationship based on the encapsulation. This is why
 * all packet classes derive from QObject. The amount of overhead caused by the QObject is
 * not a problem in this case, because we're talking about a theoratical maximum of about
 * 10 packets per captured frame. We need to stuff them into a searchable list anyway and the
 * QObject also cares about destroying the sub-, (child-) packets.
 *
 * This enables us to perform a simple look for packets of a certain type:
 * @code
 * OPacketCapturer* pcap = new OPacketCapturer();
 * pcap->open( "eth0" );
 * OPacket* p = pcap->next();
 * OIPPacket* ip = (OIPPacket*) p->child( "IP" ); // returns 0, if no such child exists
 * odebug << "got ip packet from " << ip->fromIPAddress().toString() << " to " << ip->toIPAddress().toString() << oendl;
 *
 */
 class OPacket : public QObject
 {
  Q_OBJECT
+  friend class OPacketCapturer;
  public:
    OPacket( int datalink, packetheaderstruct, const unsigned char*, QObject* parent );
    virtual ~OPacket();
    timevalstruct timeval() const;
    int caplen() const;
    int len() const;
    QString dump( int = 32 ) const;
    void updateStats( QMap<QString,int>&, QObjectList* );
  private:
    const packetheaderstruct _hdr;  // pcap packet header
    const unsigned char* _data;     // pcap packet data
    const unsigned char* _end;      // end of pcap packet data
 };
 /*======================================================================================
 * OEthernetPacket - DLT_EN10MB frame
 *======================================================================================*/
 class OEthernetPacket : public QObject
 {
  Q_OBJECT
  public:
    OEthernetPacket( const unsigned char*, const struct ether_header*, QObject* parent = 0 );
    virtual ~OEthernetPacket();
    OMacAddress sourceAddress() const;
    OMacAddress destinationAddress() const;
    int type() const;
  private:
    const struct ether_header* _ether;
 };
 /*======================================================================================
 * OPrismHeaderPacket - DLT_PRISM_HEADER frame
 *======================================================================================*/
 class OPrismHeaderPacket : public QObject
 {
  Q_OBJECT
  public:
    OPrismHeaderPacket( const unsigned char*, const struct prism_hdr*, QObject* parent = 0 );
@@ -479,128 +481,139 @@ class OUDPPacket : public QObject
  private:
    const struct udphdr* _udphdr;
 };
 /*======================================================================================
 * OTCPPacket
 *======================================================================================*/
 class OTCPPacket : public QObject
 {
  Q_OBJECT
  public:
    OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 );
    virtual ~OTCPPacket();
    int fromPort() const;
    int toPort() const;
  private:
    const struct tcphdr* _tcphdr;
 };
 /*======================================================================================
 * OPacketCapturer
 *======================================================================================*/
 /**
 * @brief A class based wrapper for network packet capturing.
 *
 * This class is the base of a high-level interface to the well known packet capturing
 * library libpcap. ...
 */
 class OPacketCapturer : public QObject
 {
  Q_OBJECT
  public:
    /**
     * Constructor.
     */
    OPacketCapturer( QObject* parent = 0, const char* name = 0 );
    /**
     * Destructor.
     */
    ~OPacketCapturer();
    /**
-     * Setting the packet capturer to use blocking IO calls can be useful when
+     * Set the packet capturer to use blocking or non-blocking IO. This can be useful when
     * not using the socket notifier, e.g. without an application object.
     */
    void setBlocking( bool );
    /**
     * @returns true if the packet capturer uses blocking IO calls.
     */
    bool blocking() const;
    /**
-     * Closes the packet capturer. This is automatically done in the destructor.
+     * Close the packet capturer. This is automatically done in the destructor.
     */
    void close();
    /**
+     * Close the output capture file.
+     */
+    void closeDumpFile();
+    /**
     * @returns the data link type.
     * @see <pcap.h> for possible values.
     */
    int dataLink() const;
    /**
+     * Dump a packet to the output capture file.
+     */
+    void dump( OPacket* );
+    /**
     * @returns the file descriptor of the packet capturer. This is only useful, if
     * not using the socket notifier, e.g. without an application object.
     */
    int fileno() const;
    /**
     * @returns the next @ref OPacket from the packet capturer.
     * @note If blocking mode is true then this call might block.
     */
    OPacket* next();
    /**
     * Open the packet capturer to capture packets in live-mode from @a interface.
-     * If a @a filename is given, all captured packets are output to a tcpdump-compatible capture file.
     */
-    bool open( const QString& interface, const QString& filename = QString::null );
+    bool open( const QString& interface );
    /**
     * Open the packet capturer to capture packets in offline-mode from @a file.
     */
    bool open( const QFile& file );
    /**
+     * Open a prerecorded tcpdump compatible capture file for use with @ref dump()
+     */
+    bool openDumpFile( const QString& filename );
+    /**
     * @returns true if the packet capturer is open
     */
    bool isOpen() const;
    /**
     * @returns the snapshot length of this packet capturer
     */
    int snapShot() const;
    /**
     * @returns true if the input capture file has a different byte-order
     * than the byte-order of the running system.
     */
    bool swapped() const;
    /**
     * @returns the libpcap version string used to write the input capture file.
     */
    QString version() const;
    /**
     * @returns the packet statistic database.
     * @see QMap
     */
    const QMap<QString,int>& statistics() const;
  signals:
    /**
     * This signal is emitted, when a packet has been received.
     */
    void receivedPacket( OPacket* );
  protected slots:
    void readyToReceive();
  protected:
    QString _name;                                  // devicename
    bool _open;                                     // check this before doing pcap calls
    pcap_t* _pch;                                   // pcap library handle
    pcap_dumper_t* _pcd;                            // pcap dumper handle
    QSocketNotifier* _sn;                           // socket notifier for main loop
    mutable char _errbuf[PCAP_ERRBUF_SIZE];         // holds error strings from libpcap
    QMap<QString, int> _stats;                      // statistics;
 };
 #endif // OPCAP_H