pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
Technically, %p must be given a void * as an argument (although the
representation of pointers on all platforms we deal with is the same for
all pointed-to types).
svn path=/trunk/; revision=37675
library when no capture filter is used. Then cfilter is NULL and
capture_loop_init_filter() does not call compile_capture_filter() and
pcap_setfilter(). Providing an empty string instead of NULL works around
the problem.
svn path=/trunk/; revision=37588
we're a capture child, always report the final caputure count regardless of the
'quiet' setting. This ensures that each interface prints its statistics on a
new line, rather than the first one being printed on the same line as the
packet count in the case when we're not 'quiet'.
svn path=/trunk/; revision=37410
Thank you very much for using "gulong" rather than "gsize" as the
"buffer length" argument to g_snprintf(), the fact that the
corresponding argument to snprintf() is a size_t nonwithstanding.
Developers building for LLP64 platforms such as Win32 greatly appreciate
this decision.
svn path=/trunk/; revision=37195
This patch is basedon work done by Irene Ruengeler.
This feature is considered experimental at the moment.
However, you need to use the -t command line option
to use the feature. When not providing it, the old
method will be used.
svn path=/trunk/; revision=37191
configure that you want to capture on multiple remote interfaces
on mulitple hosts.
Improve some #ifdef mess in dumpcap.
svn path=/trunk/; revision=37178
Use consistent naming of variables on capture_options.
Make pcap sampling independent of remote capturing, since
it seems to work local pcap devices using winpcap (at
least that is what the documentation says).
svn path=/trunk/; revision=37176
pcap devices / pipes to capture from and open and close them.
However, capturing currently happens only on the last specified
interface.
So this does not add user visible functionality except that
some bugs are fixed. For example a crash when capturing on
a pipe and saving in pcapng format.
svn path=/trunk/; revision=37171
This requires to be linked against a different library. This is only
required for dumpcap, but the configure files currently doesn't check
this in a target specific way. So use these libs for all binaries.
svn path=/trunk/; revision=37095
to the message showed when dumpcap is finishing.
This patch is the first one of a series which will add support for
capturing on multiple interfaces to dumpcap.
This patch is based on work of Irene Ruengeler.
svn path=/trunk/; revision=37094
In convert_string_case() use g_utf8_strup() instead of converting each
character by hand. Hopefully this won't cause any unexpected changes in
behavior.
svn path=/trunk/; revision=36006
routines that don't return. (This requires that some files include
config.h to get WS_MSVC_NORETURN declared properly.)
svn path=/trunk/; revision=35989
the "network adapter on which the capture was being done is no longer running".
Fixes bug 2623 reported by Anthony Coulter.
svn path=/trunk/; revision=34915
Template chosen is: wireshark_<iface>_YYYYmmddHHMMSS_XXXXXX ... where
<iface> is the interface name (or UUID part of the interface if applicable)
YYYYmmddHHMMSS are as described in "man strftime".
XXXXXX is a template filled in with random characters. See "man mkstemp".
svn path=/trunk/; revision=34902
As it's a constant, we can do the split into seconds and microseconds at
compile time, so do that (so that it works even if we happen to make
PIPE_READ_TIMEOUT >= 1 second).
svn path=/trunk/; revision=34283
we know it's < 1s, and don't have to worry about properly setting tv_sec
and tv_usec for select().
Get rid of unneeded pointer variable.
svn path=/trunk/; revision=34282
Move the SetDllDirectory calls to ws_init_dll_search_path. If
SetDllDirectory fails, pass the Wireshark program path to
SetCurrentDirectory.
svn path=/trunk/; revision=33958
it's present in Wireshark and dumpcap. This takes care of the airpcap.dll
PoC but we need to load wpcap.dll from a full path. We might want to
call SetDllDirectory from our other executables as well.
svn path=/trunk/; revision=33916
open_captur_device() is an array of PCAP_ERRBUF_SIZE chars. That means
we don't need to pass the size.
Unfortunately, pcap_compile() didn't always take a "const char *" as the
filter string argument, even though it didn't modify the argument; don't
pass it a "const char *".
Don't print the secondary error message if it's empty.
svn path=/trunk/; revision=33513
If we get an "XXX is not one of the DLTs supported by this device" error
when we try to set the link-layer header type, don't tell the user to
report it to the Wireshark developers, as that's probably just the
result of them giving a link-layer header type that the device doesn't
support.
svn path=/trunk/; revision=33512
capture-stopping/file-switching operation into a routine. Move a few
variables into the loop_data structure so that routine can get at them.
svn path=/trunk/; revision=32949
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
Let pcap_statustostr()'s result suffice for most PCAP_ERROR_ errors.
Don't mention the capture device name multiple times in the error
message. Treat positive returns from pcap_can_set_rfmon() other than 0
or 1 as weird returns, not error returns.
svn path=/trunk/; revision=32882
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
necessary.
If it's run with -D and -M, and we found no interfaces, don't treat that
as an error; let the code that reads our output just indicate it as "no
interfaces available", so *its* caller can decide whether to report an
error or not (in some cases in Wireshark, it's obvious that there are no
interfaces, e.g. there aren't any listed on the welcome screen, so
popping up a dialog is pointless).
svn path=/trunk/; revision=32849
interface statistics, have its error messages come out as sync-pipe
errors, have it send a sync-pipe "success" message on success, and have
the callers get that message and display it.
svn path=/trunk/; revision=32843
build without libpcap, to make sure that works, and then do a build with
libpcap, to put into a binary release. It's the former that's failing;
I'll back out the previous change and then work on that.
svn path=/trunk/; revision=32801
if_capabilities_t - it doesn't fail on Snow Leopard, even if I undefine
HAVE_PCAP_CREATE, and doesn't fail on the Leopard PPC buildbot, either.
svn path=/trunk/; revision=32799
monitor mode at the same time that we fetch its list of link-layer
types. Support fetching that list in monitor mode, as the list may be
different in regular and monitor mode. If the interface supports
monitor mode, when printing the list of link-layer types, indicate
whether they're fetched in monitor mode or not, as tcpdump 4.1.x does.
svn path=/trunk/; revision=32789
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
the code to print the machine-readable format into dumpcap, and have the
code in capture_opts.c just print the human-readable format.
svn path=/trunk/; revision=32714
standard error and, in Wireshark on Windows, create a console if
necessary. Have the cmdarg_err routines use them.
Use *fprintf_stderr() to print the output of -L, rather than using
cmdarg_err_cont(), so that we don't get extra newlines in the output (it
should look similar to the output of tcpdump).
svn path=/trunk/; revision=32711
interface by running dumpcap, so that if you need privileges to open an
interface, and dumpcap has those privileges, neither TShark nor
Wireshark need them.
svn path=/trunk/; revision=32710
pcap_set_buffer_size() did as well, so there aren't any libpcap releases
with pcap_create() but not pcap_set_buffer_size().
Only do one check for pcap_create.
svn path=/trunk/; revision=32695
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=475
BUT not activating the check for
pcap_create()
pcap_set_buffer_size()
This should make it possible to build with support for setting the buffersize if not capturing 802.11 traffic.
The code for handling the 'B' option should be OK in any case.
svn path=/trunk/; revision=32688
timeout bug.
Make the code for the workaround assume any 10.6.x release other than
10.6.2 requires it; that way we don't have to update the code until
either
1) Apple fixes the bug in a later 10.6.x update
or
2) Apple comes out with a major release that still has, or
reintroduces, the bug.
svn path=/trunk/; revision=32349
link-layer header types for interfaces; if special privileges are
necessary to open capture devices, Wireshark and TShark shouldn't have
those privileges, but dumpcap should.
svn path=/trunk/; revision=32104
used for this purpose and using it also prevents the 2 signals the child gets:
- the user's Ctrl-C (which is sent as a SIGINT to both *shark and its
child dumpcap)
- the signal *shark generates to shut down the child
from colliding (and running 2 signal handlers in the child).
It might be possible for tshark to not send the signal at all when it gets
SIGINT, but it doesn't do any harm now.
Also, do not call g_log() within the signal handler: doing so can cause
aborts (if g_log is being called by the process when the signal comes, the
2nd entrance into g_log is detected as a recursion).
This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2767
svn path=/trunk/; revision=29881
pipes. Enable this by default on Windows. Remove code that tried to
use WaitForSingleObject on a pipe (which Windows doesn't support). Use
native file handles and system calls on Windows (which fixes a problem
with partial reads I ran into during testing).
This should fix bug 1759.
svn path=/trunk/; revision=29574
[PATCH] Fix dumpcap believing error on ^C i.e. pcap_breakloop()
When ^C was pressed during a packet capture, dumpcap believed a pcap
error had occurred. We check the return value more closely to avoid
this problem.
svn path=/trunk/; revision=29510
I've created a new bug rather than reopening 1181 as the scope is constrained
somewhat more.
Basically, when capturing from a named pipe the wireshark display lags by one
packet. This is especially frustrating when the packets arrive at low rates.
tshark is fine. But the packet count in dumpcap also lags by one.
Looking at the code, the problem appears to be in cap_pipe_select(). It
attempts to use WaitForSingleObject() on the named pipe but AFAICT this never
blocks.
I've attached a diff for some code that fixes the issue for me. The semantics
of overlapped IO in Win32 is quite different from the select/read model - hence
the other changes!
I've tested this fix on WinXP, 2k server and 2003 server. I've also checked
that my changes compile on a Freespire box that I have lying around.
From me:
Adapt the changes for dumpcap, which is where the affected code now lives.
svn path=/trunk/; revision=28452
dumpcap should terminate if exactly the maximum number of packets have been captured
(or greater) as specified by the user: "-c <capture packet count>". The current behavior
waits until an additional packet is captured until this threshold check occurs.
svn path=/trunk/; revision=27208