Make pcap-ng the default. Add a compile-time option to prefer pcap-ng or

pcap.  Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).

Update the documentation and release notes.

svn path=/trunk/; revision=37696

capture_opts.c

@@ -112,7 +112,11 @@ capture_opts_init(capture_options *capture_opts, void *cf)
   capture_opts->saving_to_file                  = FALSE;
   capture_opts->save_file                       = NULL;
   capture_opts->group_read_access               = FALSE;
-  capture_opts->use_pcapng                      = FALSE;            /* the default is pcap */
+#ifdef PCAP_NG_DEFAULT
+  capture_opts->use_pcapng                      = TRUE;             /* Save as pcap-ng by default */
+#else
+  capture_opts->use_pcapng                      = FALSE;            /* Save as pcap by default */
+#endif
   capture_opts->real_time_mode                  = TRUE;
   capture_opts->show_info                       = TRUE;
   capture_opts->quit_after_cap                  = FALSE;
@@ -725,6 +729,9 @@ capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg_
             capture_opts->default_options.promisc_mode = FALSE;
         }
         break;
+    case 'P':        /* Use pcap format */
+        capture_opts->use_pcapng = FALSE;
+        break;
     case 'Q':        /* Quit after capture (just capture to file) */
         capture_opts->quit_after_cap  = TRUE;
         *start_capture   = TRUE;  /*** -Q implies -k !! ***/

capture_sync.c

@@ -382,6 +382,8 @@ sync_pipe_start(capture_options *capture_opts) {
 
     if (capture_opts->use_pcapng)
         argv = sync_pipe_add_arg(argv, &argc, "-n");
+    else
+        argv = sync_pipe_add_arg(argv, &argc, "-P");
 
     if (capture_opts->multi_files_on) {
         if (capture_opts->has_autostop_filesize) {

config.h.win32

@@ -20,7 +20,7 @@
 #define __STDC__ 0
 #endif
 
-/* 
+/*
  * Flex (v 2.5.35) uses this symbol to "exclude" unistd.h
  */
 #define YY_NO_UNISTD_H
@@ -69,13 +69,14 @@
 
 @HAVE_AIRPCAP@
 
+@PCAP_NG_DEFAULT@
 @MAIN_MENU_USE_UIMANAGER@
 @WANT_PACKET_EDITOR@
 
 /* availability of pcap_freecode() is handled at runtime */
 #define HAVE_PCAP_FREECODE 1
 
-/* define macro for importing variables from an dll 
+/* define macro for importing variables from an dll
  * it depends on HAVE_LIBWIRESHARKDLL and _NEED_VAR_IMPORT_
  */
 #if defined (_NEED_VAR_IMPORT_) && defined (HAVE_LIBWIRESHARKDLL)

config.nmake

@@ -206,6 +206,9 @@ PYTHON="$(PYTHON_DIR)\python.exe"
 PATH=$(PYTHON_DIR);$(PATH)
 !ENDIF
 
+#### Save files as pcap-ng by default. Comment out to use pcap instead. ####
+PCAP_NG_DEFAULT=^#define PCAP_NG_DEFAULT 1
+
 ##### To Use packet editor uncomment this line ####
 ### Warning Experimental - work in progress
 #WANT_PACKET_EDITOR=^#define WANT_PACKET_EDITOR 1

configure.in

@@ -1231,6 +1231,14 @@ fi
 AC_SUBST(rawshark_bin)
 AC_SUBST(rawshark_man)
 
+dnl Use pcap-ng by default
+AC_ARG_ENABLE(pcap-ng-default,
+  AC_HELP_STRING( [--enable-pcap-ng-default],
+                  [use the pcap-ng file format by default instead of pcap.  @<:@default=yes@:>@]),
+    enable_pcap_ng_default=$enableval,enable_pcap_ng_default=yes)
+if test x$enable_pcap_ng_default = xyes; then
+	AC_DEFINE(PCAP_NG_DEFAULT, 1, [Support for pcap-ng])
+fi
 
 dnl pcap remote check
 AC_MSG_CHECKING(whether to use libpcap remote capturing feature)
@@ -2172,6 +2180,7 @@ echo "                      Build randpkt : $enable_randpkt"
 echo "                       Build dftest : $enable_dftest"
 echo "                     Build rawshark : $enable_rawshark"
 echo ""
+echo "   Save files as pcap-ng by default : $enable_pcap_ng_default"
 echo "  Install dumpcap with capabilities : $setcap_message"
 echo "             Install dumpcap setuid : $setuid_message"
 echo "                  Use dumpcap group : $dumpcap_group_message"

doc/dumpcap.pod

@@ -20,6 +20,7 @@ S<[ B<-L> ]>
 S<[ B<-n> ]>
 S<[ B<-M> ]>
 S<[ B<-p> ]>
+S<[ B<-P> ]>
 S<[ B<-q> ]>
 S<[ B<-s> E<lt>capture snaplenE<gt> ]>
 S<[ B<-S> ]>
@@ -212,8 +213,7 @@ B<TShark>; its format is subject to change from release to release.
 
 =item -n
 
-Write the output file in the pcap-ng format instead of the default pcap
-format.
+Save files as pcap-ng. This is the default.
 
 =item -p
 
@@ -224,6 +224,12 @@ traffic sent to or from the machine on which B<Dumpcap> is running,
 broadcast traffic, and multicast traffic to addresses received by that
 machine.
 
+=item -P
+
+Save files as pcap instead of the default pcap-ng. In situations that require
+pcap-ng, such as capturing from multiple interfaces, this option will be
+overridden.
+
 =item -q
 
 When capturing packets, don't display the continuous count of packets

docbook/release-notes.xml

@@ -63,7 +63,23 @@ Wireshark Info
 
         <listitem>
           <para>
-            <!-- -->
+            Wireshark supports capturing from multiple interfaces at once.
+          </para>
+        </listitem>
+
+        <listitem>
+          <para>
+            Wireshark, TShark, and their associated utilities now save files
+	    using the pcap-ng file format by default. (Your copy of Wireshark
+	    might still use the pcap file format if pcap-ng is disabled in
+	    your preferences.)
+          </para>
+        </listitem>
+
+        <listitem>
+          <para>
+            Decryption key management for IEEE 802.11, IPsec, and ISAKMP
+	    is now easier.
           </para>
         </listitem>
 

dumpcap.c

@@ -3720,7 +3720,7 @@ main(int argc, char *argv[])
 #define OPTSTRING_d ""
 #endif
 
-#define OPTSTRING "a:" OPTSTRING_A "b:" OPTSTRING_B "c:" OPTSTRING_d "Df:ghi:" OPTSTRING_I "L" OPTSTRING_m "Mnpq" OPTSTRING_r "Ss:t" OPTSTRING_u "vw:y:Z:"
+#define OPTSTRING "a:" OPTSTRING_A "b:" OPTSTRING_B "c:" OPTSTRING_d "Df:ghi:" OPTSTRING_I "L" OPTSTRING_m "MnpPq" OPTSTRING_r "Ss:t" OPTSTRING_u "vw:y:Z:"
 
 #ifdef DEBUG_CHILD_DUMPCAP
     if ((debug_log = ws_fopen("dumpcap_debug_log.tmp","w")) == NULL) {
@@ -3990,6 +3990,7 @@ main(int argc, char *argv[])
         case 'i':        /* Use interface x */
         case 'n':        /* Use pcapng format */
         case 'p':        /* Don't capture in promiscuous mode */
+        case 'P':        /* Use pcap format */
         case 's':        /* Set the snapshot (capture) length */
         case 'w':        /* Write to capture file x */
         case 'g':        /* enable group read accesson file(s) */

epan/prefs.c

@@ -1294,7 +1294,11 @@ init_prefs(void) {
   prefs.capture_devices_hide          = NULL;
   prefs.capture_devices_monitor_mode  = NULL;
   prefs.capture_prom_mode             = TRUE;
+#ifdef PCAP_NG_DEFAULT
+  prefs.capture_pcap_ng               = TRUE;
+#else
   prefs.capture_pcap_ng               = FALSE;
+#endif
   prefs.capture_real_time             = TRUE;
   prefs.capture_auto_scroll           = TRUE;
   prefs.capture_show_info             = FALSE;

wiretap/file_access.c

@@ -412,6 +412,7 @@ static const struct file_type_info dump_open_table_base[] = {
 	  NULL, NULL },
 
 	/* WTAP_FILE_PCAP */
+        /* Gianluca Varenni suggests that we add "deprecated" to the description. */
 	{ "Wireshark/tcpdump/... - libpcap", "libpcap", "*.pcap;*.cap", ".pcap", FALSE, FALSE,
 	  libpcap_dump_can_write_encap, libpcap_dump_open },
 
@@ -648,7 +649,7 @@ static const struct file_type_info dump_open_table_base[] = {
 	  NULL, NULL },
 
 	/* WTAP_ENCAP_MIME */
-	{ "MIME File Format", "mime", NULL, NULL, FALSE, FALSE, 
+	{ "MIME File Format", "mime", NULL, NULL, FALSE, FALSE,
 	   NULL, NULL }
 };