we're a capture child, always report the final caputure count regardless of the
'quiet' setting. This ensures that each interface prints its statistics on a
new line, rather than the first one being printed on the same line as the
packet count in the case when we're not 'quiet'.
svn path=/trunk/; revision=37410
Thank you very much for using "gulong" rather than "gsize" as the
"buffer length" argument to g_snprintf(), the fact that the
corresponding argument to snprintf() is a size_t nonwithstanding.
Developers building for LLP64 platforms such as Win32 greatly appreciate
this decision.
svn path=/trunk/; revision=37195
This patch is basedon work done by Irene Ruengeler.
This feature is considered experimental at the moment.
However, you need to use the -t command line option
to use the feature. When not providing it, the old
method will be used.
svn path=/trunk/; revision=37191
configure that you want to capture on multiple remote interfaces
on mulitple hosts.
Improve some #ifdef mess in dumpcap.
svn path=/trunk/; revision=37178
Use consistent naming of variables on capture_options.
Make pcap sampling independent of remote capturing, since
it seems to work local pcap devices using winpcap (at
least that is what the documentation says).
svn path=/trunk/; revision=37176
pcap devices / pipes to capture from and open and close them.
However, capturing currently happens only on the last specified
interface.
So this does not add user visible functionality except that
some bugs are fixed. For example a crash when capturing on
a pipe and saving in pcapng format.
svn path=/trunk/; revision=37171
This requires to be linked against a different library. This is only
required for dumpcap, but the configure files currently doesn't check
this in a target specific way. So use these libs for all binaries.
svn path=/trunk/; revision=37095
to the message showed when dumpcap is finishing.
This patch is the first one of a series which will add support for
capturing on multiple interfaces to dumpcap.
This patch is based on work of Irene Ruengeler.
svn path=/trunk/; revision=37094
In convert_string_case() use g_utf8_strup() instead of converting each
character by hand. Hopefully this won't cause any unexpected changes in
behavior.
svn path=/trunk/; revision=36006
routines that don't return. (This requires that some files include
config.h to get WS_MSVC_NORETURN declared properly.)
svn path=/trunk/; revision=35989
the "network adapter on which the capture was being done is no longer running".
Fixes bug 2623 reported by Anthony Coulter.
svn path=/trunk/; revision=34915
Template chosen is: wireshark_<iface>_YYYYmmddHHMMSS_XXXXXX ... where
<iface> is the interface name (or UUID part of the interface if applicable)
YYYYmmddHHMMSS are as described in "man strftime".
XXXXXX is a template filled in with random characters. See "man mkstemp".
svn path=/trunk/; revision=34902
As it's a constant, we can do the split into seconds and microseconds at
compile time, so do that (so that it works even if we happen to make
PIPE_READ_TIMEOUT >= 1 second).
svn path=/trunk/; revision=34283
we know it's < 1s, and don't have to worry about properly setting tv_sec
and tv_usec for select().
Get rid of unneeded pointer variable.
svn path=/trunk/; revision=34282
Move the SetDllDirectory calls to ws_init_dll_search_path. If
SetDllDirectory fails, pass the Wireshark program path to
SetCurrentDirectory.
svn path=/trunk/; revision=33958
it's present in Wireshark and dumpcap. This takes care of the airpcap.dll
PoC but we need to load wpcap.dll from a full path. We might want to
call SetDllDirectory from our other executables as well.
svn path=/trunk/; revision=33916
open_captur_device() is an array of PCAP_ERRBUF_SIZE chars. That means
we don't need to pass the size.
Unfortunately, pcap_compile() didn't always take a "const char *" as the
filter string argument, even though it didn't modify the argument; don't
pass it a "const char *".
Don't print the secondary error message if it's empty.
svn path=/trunk/; revision=33513
If we get an "XXX is not one of the DLTs supported by this device" error
when we try to set the link-layer header type, don't tell the user to
report it to the Wireshark developers, as that's probably just the
result of them giving a link-layer header type that the device doesn't
support.
svn path=/trunk/; revision=33512
capture-stopping/file-switching operation into a routine. Move a few
variables into the loop_data structure so that routine can get at them.
svn path=/trunk/; revision=32949
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
Let pcap_statustostr()'s result suffice for most PCAP_ERROR_ errors.
Don't mention the capture device name multiple times in the error
message. Treat positive returns from pcap_can_set_rfmon() other than 0
or 1 as weird returns, not error returns.
svn path=/trunk/; revision=32882
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
necessary.
If it's run with -D and -M, and we found no interfaces, don't treat that
as an error; let the code that reads our output just indicate it as "no
interfaces available", so *its* caller can decide whether to report an
error or not (in some cases in Wireshark, it's obvious that there are no
interfaces, e.g. there aren't any listed on the welcome screen, so
popping up a dialog is pointless).
svn path=/trunk/; revision=32849
interface statistics, have its error messages come out as sync-pipe
errors, have it send a sync-pipe "success" message on success, and have
the callers get that message and display it.
svn path=/trunk/; revision=32843
build without libpcap, to make sure that works, and then do a build with
libpcap, to put into a binary release. It's the former that's failing;
I'll back out the previous change and then work on that.
svn path=/trunk/; revision=32801
if_capabilities_t - it doesn't fail on Snow Leopard, even if I undefine
HAVE_PCAP_CREATE, and doesn't fail on the Leopard PPC buildbot, either.
svn path=/trunk/; revision=32799
monitor mode at the same time that we fetch its list of link-layer
types. Support fetching that list in monitor mode, as the list may be
different in regular and monitor mode. If the interface supports
monitor mode, when printing the list of link-layer types, indicate
whether they're fetched in monitor mode or not, as tcpdump 4.1.x does.
svn path=/trunk/; revision=32789
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
the code to print the machine-readable format into dumpcap, and have the
code in capture_opts.c just print the human-readable format.
svn path=/trunk/; revision=32714
standard error and, in Wireshark on Windows, create a console if
necessary. Have the cmdarg_err routines use them.
Use *fprintf_stderr() to print the output of -L, rather than using
cmdarg_err_cont(), so that we don't get extra newlines in the output (it
should look similar to the output of tcpdump).
svn path=/trunk/; revision=32711
interface by running dumpcap, so that if you need privileges to open an
interface, and dumpcap has those privileges, neither TShark nor
Wireshark need them.
svn path=/trunk/; revision=32710
pcap_set_buffer_size() did as well, so there aren't any libpcap releases
with pcap_create() but not pcap_set_buffer_size().
Only do one check for pcap_create.
svn path=/trunk/; revision=32695
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=475
BUT not activating the check for
pcap_create()
pcap_set_buffer_size()
This should make it possible to build with support for setting the buffersize if not capturing 802.11 traffic.
The code for handling the 'B' option should be OK in any case.
svn path=/trunk/; revision=32688
timeout bug.
Make the code for the workaround assume any 10.6.x release other than
10.6.2 requires it; that way we don't have to update the code until
either
1) Apple fixes the bug in a later 10.6.x update
or
2) Apple comes out with a major release that still has, or
reintroduces, the bug.
svn path=/trunk/; revision=32349
link-layer header types for interfaces; if special privileges are
necessary to open capture devices, Wireshark and TShark shouldn't have
those privileges, but dumpcap should.
svn path=/trunk/; revision=32104
used for this purpose and using it also prevents the 2 signals the child gets:
- the user's Ctrl-C (which is sent as a SIGINT to both *shark and its
child dumpcap)
- the signal *shark generates to shut down the child
from colliding (and running 2 signal handlers in the child).
It might be possible for tshark to not send the signal at all when it gets
SIGINT, but it doesn't do any harm now.
Also, do not call g_log() within the signal handler: doing so can cause
aborts (if g_log is being called by the process when the signal comes, the
2nd entrance into g_log is detected as a recursion).
This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2767
svn path=/trunk/; revision=29881
pipes. Enable this by default on Windows. Remove code that tried to
use WaitForSingleObject on a pipe (which Windows doesn't support). Use
native file handles and system calls on Windows (which fixes a problem
with partial reads I ran into during testing).
This should fix bug 1759.
svn path=/trunk/; revision=29574
[PATCH] Fix dumpcap believing error on ^C i.e. pcap_breakloop()
When ^C was pressed during a packet capture, dumpcap believed a pcap
error had occurred. We check the return value more closely to avoid
this problem.
svn path=/trunk/; revision=29510
I've created a new bug rather than reopening 1181 as the scope is constrained
somewhat more.
Basically, when capturing from a named pipe the wireshark display lags by one
packet. This is especially frustrating when the packets arrive at low rates.
tshark is fine. But the packet count in dumpcap also lags by one.
Looking at the code, the problem appears to be in cap_pipe_select(). It
attempts to use WaitForSingleObject() on the named pipe but AFAICT this never
blocks.
I've attached a diff for some code that fixes the issue for me. The semantics
of overlapped IO in Win32 is quite different from the select/read model - hence
the other changes!
I've tested this fix on WinXP, 2k server and 2003 server. I've also checked
that my changes compile on a Freespire box that I have lying around.
From me:
Adapt the changes for dumpcap, which is where the affected code now lives.
svn path=/trunk/; revision=28452
dumpcap should terminate if exactly the maximum number of packets have been captured
(or greater) as specified by the user: "-c <capture packet count>". The current behavior
waits until an additional packet is captured until this threshold check occurs.
svn path=/trunk/; revision=27208
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
setting, and is used only in dumpcap.c, and needs to get at information
set by dumpcap's signal handlers so it can respond to ^C; move it to
dumpcap.c, rename it print_statistics_loop(), and make it set ld.go to
TRUE before looping and loop only as long as ld.go is TRUE.
That fixes bug 2592 (at least on Mac OS X, and probably on other UN*Xes;
it should fix it on Windows as well).
svn path=/trunk/; revision=25492
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
On glib-1.2 systems g_ascii_strcasecmp() is in libwireshark (which we don't
want to include in dumpcap) and anyway our code should be the only thing
calling dumpcap with "-Z"--so hopefully there's no need for doing a
case-insensitive comparison.
(This is another argument for adding a "utils" library.)
svn path=/trunk/; revision=24462
1. Clean up dumpcap 'as a child' err msg handling so that:
- all err msgs are properly formatted when being sent
back to the parent.
- any log Critical, Warning, etc messages
are sent back to parent and are properly formatted.
2. Change handling of -w <...> slightly in capture_opts.c
so that wireshark provides a good error message if
there is a 'write permissions' issue on the file.
(Previously the error popup said only
"Child exited with status 2").
This fixes bug #2288.
Add some conditionalized DEBUG_CHILD_DUMPCAP code for
dumpcap debug logging to a file.
svn path=/trunk/; revision=24446
opening the capture device. That somewhat fixes bug 2273, although the
second and subsequent files don't have the right group ownership,
probably because of the problem described in the comment before
relinquish_special_privs_perm().
We should also relinquish special privileges *before* trying to open the
capture pipe, so that we can't open a pipe to which the real user
doesn't have access.
svn path=/trunk/; revision=24347
does capturing any more. (We will be inserting a call to give up
privileges after the pcap_open_live(), which should fix 2273; we're
currently only giving up privileges on platforms with libcap.)
svn path=/trunk/; revision=24345
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
pipe instead of stdin. Add an argument (currently the parent PID) back
to the "-Z" flag and use it to construct the pipe name. This lets us
pass the parent's stdin handle to dumpcap, which lets us capture from
stdin on Windows. Add a comment about checking for the parent process.
In capture_loop.c, remove the wait_forever argument from cap_pipe_select()
since it was always FALSE. Set the timeout under Windows to 250 ms
instead of 250000 ms.
svn path=/trunk/; revision=23279
dumpcap, when using it as a capture child; leave the standard output
alone, in case tshark was told to write the capture to the standard
error.
Get rid of the argument to the "-Z" option to dumpcap; it might not work
on Windows.
svn path=/trunk/; revision=23124
this in the GUI rather than calling pcap_stats() directly. This gets rid
of the last pcap_open_live() call in the GUI code. Update
README.packaging.
svn path=/trunk/; revision=22443
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1289
Rename 'svnversion' to 'wireshark_svnversion' to resolve a symbol conflict with
GTK 2.10.6 (hmm, shouldn't GTK not be exporting that symbol or at least naming
it so as to prevent such collisions? Well, so should we, so...)
From Andreas Fink: change #ifdef for size_t in airdcap_interop.h to fix
compile on MacOS X.
svn path=/trunk/; revision=20726
version string, so the information comes out right for applications that
don't use Portaudio.
Get rid of an extra "with" in the version string for dumpcap.
Get rid of an extra blank after the libpcap version string, and get rid
of an extra newline before it.
Attempt to add more compiler version information and to prettify the
MSVC++ version information (both untested).
svn path=/trunk/; revision=19613
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
by dumpcap and Ethereal (so that, on UN*X, the child process can report
a detailed "can't exec dumpcap" error).
Rename most of the "sync_pipe_XXX_to_parent()" routines, as they're also
in Tethereal, which doesn't have a sync pipe.
svn path=/trunk/; revision=17789
even if doing a live capture; just print the packets without saving
them.
In dumpcap:
default to the capturing the entire packet;
don't do the "Press any key" stuff when debugging on UN*X;
do console logging (to the standard error) even when we're
running as the capture child (the sync pipe should only be the
standard output, not the standard error).
svn path=/trunk/; revision=17786
I've also changed the way the secondary error message is transported from former "header message 0 secondary 0" to "header header message 0 header secondary 0" as that might be a bit more clearer, and I'll need it for further development anyway.
I was using this while debugging and not recognizing the real problem - for about four hours :-(. I'll need this feature when doing the interface (and link layer type) browsing later (transferring this data from dumpcap to Ethereal) to get a full blown privilege seperation.
svn path=/trunk/; revision=17608
primary and secondary error messages and let the parent worry about how
to display them. This means dumpcap doesn't need stub routines for
generating the formatting tags for the primary and secondary messages.
Have a separate message for capture filter errors, so that the parent
can check whether the capture filter looks like a display filter and
report the appropriate message. This means that dumpcap doesn't need a
stub routine for compiling display filters (a stub routine also means
that Ethereal won't do the check for capture filters that look like
display filters!).
svn path=/trunk/; revision=17465
no longer needs util.c, so it no longer includes routines that use
host_ip_af(), so it no longer needs to define its own host_ip_af().
That also means dumpcap.c no longer needs to include <sys/socket.h>.
svn path=/trunk/; revision=17278
using dumpcap as the capture child for Ethereal.
dumpcap is a plain console application now, even for Win32 (so no WinMain, create_console and special piping stuff reguired). The undocumented command line option -Z will switch dumpcap into "child mode", using binary instead of plain text output messages to communicate with a parent Ethereal.
Ethereal's main.c no longer needs to distinguish between child mode or not, so some simplifying here.
capture_sync.c has to call dumpcap in a "hidden window" mode using CreateProcess instead of spawnvp, otherwise an uggly console window would appear. The handles created by _pipe doesn't seem to be inheritable for this function, using CreatePipe instead.
The file capture_loop.c is only needed by dumpcap, removed from Ethereal link objects.
Some debugging aid added and other minor cleanup done.
svn path=/trunk/; revision=17256
Even though dumpcap isn't finished I would like this patch applied in
order to:
1. remove some compiler warnings
2. avoid a seg fault when running dumpcap without parameters as normal
user.
svn path=/trunk/; revision=16922
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.
concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.
remove redundant code from dumpcap.c
this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
svn path=/trunk/; revision=16787
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
This way, the capture child don't need to now any of the packet_counter things (no epan/packet.h and all alike).
Currently the capture_info code will always open another wiretap file instance to build it's own counter values. This isn't optimized for now (next step: use data from cf_continue_tail() somehow).
svn path=/trunk/; revision=16669
this fortunately removes *a lot* of dependencies and make the resulting binary a lot smaller (and hopefully faster to load :-)
some more cleanup (like replacing // by /**/)
svn path=/trunk/; revision=16620
personal backup only, not meant for public testing!
I've copied main.c into dumpcap.c and carved out all things not needed
currently won't work as a command line tool, capture_loop.c wants an input pipe
console output is also very ugly and the whole code needs a lot of further cleanup
shouldn't break the unix build as I've only changed the nmake files so far, but who knows ...
svn path=/trunk/; revision=16615
Chris Maynard