This enables the capturing from mulitple interfaces using
tshark and wireshark (at the command line).
(tshark -i lo0 -i en0) or (wireshark -k -i lo0 -i en0)
works. You can capture from multiple remote and local
interfaces.
Based on work from Irene Ruengeler.
svn path=/trunk/; revision=37248
we'd have to include some other headers to get it defined.
Get rid of the include of Winbase.h - it doesn't define
STATUS_UNWIND_CONSOLIDATE, and it's not necessary.
svn path=/trunk/; revision=33413
so we give a non-zero exit status for invalid interfaces or capture
filters.
From me: don't exit immediately if dumpcap failed, print out information
from taps and the like.
svn path=/trunk/; revision=33393
is just an indication that the capture child exited; don't treat it as
an error, unless the child process exits with an abnormal status.
As tshark sends a "stop capture" indication to the child when it's
^C'ed, the child will exit and we'll get an EOF from the capture pipe;
don't make SIGINT etc. interrupt system calls, so they don't cause reads
from the capture pipe to get EINTR errors.
svn path=/trunk/; revision=32986
when generating error messages.
The error code from CreatePipe() is gotten by calling GetLastError();
it's not in errno.
Clean up indentation a bit.
svn path=/trunk/; revision=32855
interface statistics, have its error messages come out as sync-pipe
errors, have it send a sync-pipe "success" message on success, and have
the callers get that message and display it.
svn path=/trunk/; revision=32843
monitor mode at the same time that we fetch its list of link-layer
types. Support fetching that list in monitor mode, as the list may be
different in regular and monitor mode. If the interface supports
monitor mode, when printing the list of link-layer types, indicate
whether they're fetched in monitor mode or not, as tcpdump 4.1.x does.
svn path=/trunk/; revision=32789
pcap_set_buffer_size() did as well, so there aren't any libpcap releases
with pcap_create() but not pcap_set_buffer_size().
Only do one check for pcap_create.
svn path=/trunk/; revision=32695
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=475
BUT not activating the check for
pcap_create()
pcap_set_buffer_size()
This should make it possible to build with support for setting the buffersize if not capturing 802.11 traffic.
The code for handling the 'B' option should be OK in any case.
svn path=/trunk/; revision=32688
link-layer header types for interfaces; if special privileges are
necessary to open capture devices, Wireshark and TShark shouldn't have
those privileges, but dumpcap should.
svn path=/trunk/; revision=32104
used for this purpose and using it also prevents the 2 signals the child gets:
- the user's Ctrl-C (which is sent as a SIGINT to both *shark and its
child dumpcap)
- the signal *shark generates to shut down the child
from colliding (and running 2 signal handlers in the child).
It might be possible for tshark to not send the signal at all when it gets
SIGINT, but it doesn't do any harm now.
Also, do not call g_log() within the signal handler: doing so can cause
aborts (if g_log is being called by the process when the signal comes, the
2nd entrance into g_log is detected as a recursion).
This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2767
svn path=/trunk/; revision=29881
substitute our own (I wrote them all, so I can steal them from the
BSD-licensed libpcap if I want :-)). This means that
linktype_name_to_val() and linktype_val_to_name() are always available,
and we don't need to #ifdef use of them.
Use pcap_datalink_val_to_description() to get the description for a
particular DLT_ value, rather than mapping the DLT_ value to a
WTAP_ENCAP_ value and getting the description for the latter.
svn path=/trunk/; revision=27074
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
the right thing in Wireshark and TShark, as both of them call
epan_init() to set the appropriate "report an error" function.
That obviates the need to have TShark have its own private version of
simple_dialog().
Have cmdarg_err() just call failure_message() instead of duplicating the
code in failure_message().
svn path=/trunk/; revision=25201
1. Clean up dumpcap 'as a child' err msg handling so that:
- all err msgs are properly formatted when being sent
back to the parent.
- any log Critical, Warning, etc messages
are sent back to parent and are properly formatted.
2. Change handling of -w <...> slightly in capture_opts.c
so that wireshark provides a good error message if
there is a 'write permissions' issue on the file.
(Previously the error popup said only
"Child exited with status 2").
This fixes bug #2288.
Add some conditionalized DEBUG_CHILD_DUMPCAP code for
dumpcap debug logging to a file.
svn path=/trunk/; revision=24446
given file descriptor get duped to another descriptor.
Handle exec errors in sync_pipe_open_command() the same way they're
handled in sync_pipe_start(); that fixes bug 2177.
svn path=/trunk/; revision=24040
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
In capture_sync.c: Don't clobber the DLT value.
In packet-cops.c (modified by me): Instead of adding an item as a static,
mis-cast FT_UINT16 to the tree, add it as an FT_NONE.
In packet-802.11.c: Add the right address to the tree.
svn path=/trunk/; revision=23624
pipe instead of stdin. Add an argument (currently the parent PID) back
to the "-Z" flag and use it to construct the pipe name. This lets us
pass the parent's stdin handle to dumpcap, which lets us capture from
stdin on Windows. Add a comment about checking for the parent process.
In capture_loop.c, remove the wait_forever argument from cap_pipe_select()
since it was always FALSE. Set the timeout under Windows to 250 ms
instead of 250000 ms.
svn path=/trunk/; revision=23279
dumpcap, when using it as a capture child; leave the standard output
alone, in case tshark was told to write the capture to the standard
error.
Get rid of the argument to the "-Z" option to dumpcap; it might not work
on Windows.
svn path=/trunk/; revision=23124
this in the GUI rather than calling pcap_stats() directly. This gets rid
of the last pcap_open_live() call in the GUI code. Update
README.packaging.
svn path=/trunk/; revision=22443
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
directory and most of the plugins to match the same command
put in the Makefile.nmake files for Windows compliations. Fix
a few warnings when compiling under gcc 3.4.4 on FreeBSD. Create
new automake file variable called USING_GCC in configure.in and
wiretap/configure.in to acomplish the above -Werror addition.
svn path=/trunk/; revision=21127
programs, by reporting it with a dialog box that at least attempts to
indicate what the problem is, and by giving up early on running dumpcap.
svn path=/trunk/; revision=18051
by dumpcap and Ethereal (so that, on UN*X, the child process can report
a detailed "can't exec dumpcap" error).
Rename most of the "sync_pipe_XXX_to_parent()" routines, as they're also
in Tethereal, which doesn't have a sync pipe.
svn path=/trunk/; revision=17789
I've also changed the way the secondary error message is transported from former "header message 0 secondary 0" to "header header message 0 header secondary 0" as that might be a bit more clearer, and I'll need it for further development anyway.
I was using this while debugging and not recognizing the real problem - for about four hours :-(. I'll need this feature when doing the interface (and link layer type) browsing later (transferring this data from dumpcap to Ethereal) to get a full blown privilege seperation.
svn path=/trunk/; revision=17608
primary and secondary error messages and let the parent worry about how
to display them. This means dumpcap doesn't need stub routines for
generating the formatting tags for the primary and secondary messages.
Have a separate message for capture filter errors, so that the parent
can check whether the capture filter looks like a display filter and
report the appropriate message. This means that dumpcap doesn't need a
stub routine for compiling display filters (a stub routine also means
that Ethereal won't do the check for capture filters that look like
display filters!).
svn path=/trunk/; revision=17465
command line passed to Create_Process().
On UN*X, use "execv()", not "execvp()", as we now construct the absolute
pathname of "dumpcap".
svn path=/trunk/; revision=17330
name of the program as used to run it (command name/path name). Pass
that - otherwise, we pass "-i" as argv[0], and dumpcap ignores it and
treats the capture device as the first argument and doesn't handle it
correctly (i.e., it doesn't capture on that device).
svn path=/trunk/; revision=17277
and writing the sync pipe, using g_log() calls at the G_LOG_LEVEL_DEBUG
or G_LOG_LEVEL_WARNING levels, so we can get at them if necessary. Add
some messages for errors for which we had no logging.
svn path=/trunk/; revision=17275
file, strip off the last component to get the pathname of the directory
containing the executable file, and save it for future use. On Windows,
you can get that from the OS, but, on UN*X, you have to look at argv[0]
and derive the absolute path from that (argv[0] is not guaranteed to be
an absolute path, or even a path at all). (In addition, if you're
running from the build directory, you might have to strip off a ".libs/"
added to argv[0] as an artifact of the libtoolizing script.)
Use that in the About dialog, and use it to construct the path of
dumpcap.
Don't put quotes into the path of dumpcap; you don't have to quote
strings with spaces in them when handing them to execvp and, in fact,
you *mustn't* quote them, as the quotes will be treated as part of the
pathname.
svn path=/trunk/; revision=17267
using dumpcap as the capture child for Ethereal.
dumpcap is a plain console application now, even for Win32 (so no WinMain, create_console and special piping stuff reguired). The undocumented command line option -Z will switch dumpcap into "child mode", using binary instead of plain text output messages to communicate with a parent Ethereal.
Ethereal's main.c no longer needs to distinguish between child mode or not, so some simplifying here.
capture_sync.c has to call dumpcap in a "hidden window" mode using CreateProcess instead of spawnvp, otherwise an uggly console window would appear. The handles created by _pipe doesn't seem to be inheritable for this function, using CreatePipe instead.
The file capture_loop.c is only needed by dumpcap, removed from Ethereal link objects.
Some debugging aid added and other minor cleanup done.
svn path=/trunk/; revision=17256
second try to bring dumpcap to life. Currently it's working, but the child (dumpcap) will show an annoying Win32 console window while running.
svn path=/trunk/; revision=17239
This way, the capture child don't need to now any of the packet_counter things (no epan/packet.h and all alike).
Currently the capture_info code will always open another wiretap file instance to build it's own counter values. This isn't optimized for now (next step: use data from cf_continue_tail() somehow).
svn path=/trunk/; revision=16669
capture_input_drops
capture_input_error_message
and move the functionality from capture_sync.c to capture.c (just where it belongs)
svn path=/trunk/; revision=16663
binary data, so the maximum message length can be up to 2^24-1.
Add a #define for that message size, and have it be 4096, for now, as
that was the size of the buffer used to read sync pipe messages.
Clean up white space.
When displaying an error message from the capture child, don't use it as
a format string - it could conceivably contain "%"s. Instead, format it
with "%s".
svn path=/trunk/; revision=16541
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
remove Byte(s) from the dropdown list of filesizes, this doesn't make sense
replace 1000 with 1024, as all (modern?) file managers are based on 1024 bytes for a kilobyte (the old KB vs. KiB controversy)
svn path=/trunk/; revision=16149
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264