when an interface goes down or goes away, and, in that case, just report
that, rather than reporting a more technical error and indicating that
the error should be reported to the Wireshark developers.
Line-break the "please report this to the Wireshark developers" error
differently (so that it doesn't look weird if the dialog box line-wraps
it).
Fix indentation.
svn path=/trunk/; revision=22771
setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it
disabled by default. Whine if the user runs Wireshark or TShark as root.
Add a preference to disable the whining. Add a "setuid-root" script that
can be used to switch dumpcap and TShark's setuid-ness on and off for
development and testing. Update the release notes and README.packaging.
svn path=/trunk/; revision=22733
it's a pointer to an arbitrary object, assumed to be correctly aligned,
not a pointer to a not-necessarily-properly-aligned array of bytes.
Cast it, so we won't get alignment warnings.
svn path=/trunk/; revision=21939
(The related tests in suite-capture.sh should now work correctly).
(Also: Print error message if attempting to use ring-buffers
with a named pipe).
svn path=/trunk/; revision=20255
if the pipename argument to cap_pipe_open_live() is null, that's
a bug, and we want a crash so it's caught;
if ld->pcap_h is null in capture_loop_dispatch(), that's a bug,
and we want a crash so it's caught;
if capture_opts is null in capture_loop_start(), that's a bug,
and we want a crash so it's caught;
there's no need to null out capture_opts->save_file twice.
Also, errmsg and secondary_errmsg are null-terminated strings, so the
array size should be the maximum length + 1.
svn path=/trunk/; revision=19857
> [tshark from a fifo]
> Ulf - I notice you made the relevant change here (r16787) - is there any reason why tshark shouldn't use capture_loop_dispatch to do its processing, rather than attempting to use cap_pipe_dispatch or pcap_dispatch directly?
well, there didn't seem to be, so I've made a patch which does exactly this, and which fixes the problem.
svn path=/trunk/; revision=19456
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
that obviates the need to check for a null capture filter string, and
fixes bug 1055.
Keep track of whether it was set from the command line, though, so we
can catch attempts to set the filter more than once, and attempts to set
it when we're not capturing.
Clean up white space.
svn path=/trunk/; revision=19047
pointer, so we can determine whether a capture filter has been set or
not.
Use that to check in TShark whether the user specified a filter with
"-f" or not, rather than using the no-longer-set
"capture_filter_specified" variable.
Also, check for multiple "-f" options.
If no capture filter is specified, use a null string, to work around
broken versions of Linux libpcap.
svn path=/trunk/; revision=18989
is *NOT* a crash; if Wireshark had crashed, it couldn't have put up that
dialog. (Yes, at least one bug report calls it a crash; see Ethereal
bug 1006 at http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=1006.)
svn path=/trunk/; revision=18628
with a pcap_breakloop() call - we don't need to call select() before
calling pcap_dispatch().
Even if we do need to call select(), we don't need to supply it with a
timeout - it's OK if we block indefinitely, as the signal will interrupt
select().
That also means we can pass -1 as the count to pcap_dispatch(), as
pcap_breakloop() will terminate the loop in pcap_dispatch().
Use sigaction() to catch SIGUSR1, so we can make sure that the signal
handler doesn't get reset when the signal is delivered, and that system
calls don't restart when we return from the signal handler.
svn path=/trunk/; revision=18201
has no UI, nor does it need to ensure it processes only one packet at a
time; get rid of the select stuff, and pass a count of -1 to
pcap_dispatch() so it processes a single bufferfull of packets rather
than just one packet at a time.
svn path=/trunk/; revision=18194
as an argument, rather than keeping the count to themselves, so the
count kept by the capturing program can be updated correctly - including
getting reset when files are switched. Fixes bug 895.
svn path=/trunk/; revision=18032
by dumpcap and Ethereal (so that, on UN*X, the child process can report
a detailed "can't exec dumpcap" error).
Rename most of the "sync_pipe_XXX_to_parent()" routines, as they're also
in Tethereal, which doesn't have a sync pipe.
svn path=/trunk/; revision=17789
even if doing a live capture; just print the packets without saving
them.
In dumpcap:
default to the capturing the entire packet;
don't do the "Press any key" stuff when debugging on UN*X;
do console logging (to the standard error) even when we're
running as the capture child (the sync pipe should only be the
standard output, not the standard error).
svn path=/trunk/; revision=17786
I've also changed the way the secondary error message is transported from former "header message 0 secondary 0" to "header header message 0 header secondary 0" as that might be a bit more clearer, and I'll need it for further development anyway.
I was using this while debugging and not recognizing the real problem - for about four hours :-(. I'll need this feature when doing the interface (and link layer type) browsing later (transferring this data from dumpcap to Ethereal) to get a full blown privilege seperation.
svn path=/trunk/; revision=17608
- fix buggy g_snprintf call (Win32 fails if %s is called with a NULL pointer)
- don't call file close if file wasn't open before (Win32 crashes if eth_unlink is called with a NULL pointer)
svn path=/trunk/; revision=17558
doing anything with the output file, so that
1) if the attempt to open the capture device fails, we don't
bother creating any output files;
2) we could relinquish privileges permanently as soon as we
finish opening the capture device, so we don't have to give
them up temporarily when opening the output file, reclaim
them to open the input device, and then give them up
permanently;
(we already do that in Tethereal).
While we're at it, set the capture filter immediately after opening the
capture device, so we quit before opening capture devices if that fails.
svn path=/trunk/; revision=17468
primary and secondary error messages and let the parent worry about how
to display them. This means dumpcap doesn't need stub routines for
generating the formatting tags for the primary and secondary messages.
Have a separate message for capture filter errors, so that the parent
can check whether the capture filter looks like a display filter and
report the appropriate message. This means that dumpcap doesn't need a
stub routine for compiling display filters (a stub routine also means
that Ethereal won't do the check for capture filters that look like
display filters!).
svn path=/trunk/; revision=17465
bypass Wiretap; that means we don't have to run the packet through
wtap_process_pcap_packet() and then undo that conversion in Wiretap if
we're just going to write it out, shortening the code path.
svn path=/trunk/; revision=17461
no longer needs util.c, so it no longer includes routines that use
host_ip_af(), so it no longer needs to define its own host_ip_af().
That also means dumpcap.c no longer needs to include <sys/socket.h>.
svn path=/trunk/; revision=17278
using dumpcap as the capture child for Ethereal.
dumpcap is a plain console application now, even for Win32 (so no WinMain, create_console and special piping stuff reguired). The undocumented command line option -Z will switch dumpcap into "child mode", using binary instead of plain text output messages to communicate with a parent Ethereal.
Ethereal's main.c no longer needs to distinguish between child mode or not, so some simplifying here.
capture_sync.c has to call dumpcap in a "hidden window" mode using CreateProcess instead of spawnvp, otherwise an uggly console window would appear. The handles created by _pipe doesn't seem to be inheritable for this function, using CreatePipe instead.
The file capture_loop.c is only needed by dumpcap, removed from Ethereal link objects.
Some debugging aid added and other minor cleanup done.
svn path=/trunk/; revision=17256
tethereal internally converted the stdout capture filename "-" into "" which doesn't make any real sense and only complicated things.
To make things even more confusing, wiretap expected "" for dump output and "-" for offline reading ...
svn path=/trunk/; revision=16962
warnings.
Include "wiretap/libpcap.h" in "capture_loop.h", to get its declarations
of data structures for headers in libpcap files. This lets us remove
the includes of "wiretap/libpcap.h from files including
"capture_loop.h".
Make "log_func_ignore()" in "tethereal.c" static, and declare some of
its arguments unused. Also get rid of an unused variable.
Include <pcap.h> before including "wiretap/wtap-capture.h", to declare
"struct pcap_pkthdr".
svn path=/trunk/; revision=16791
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.
concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.
remove redundant code from dumpcap.c
this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
svn path=/trunk/; revision=16787
Guy Harris