Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The verbose config option has been replaced by an extcap base debug
option. Presenting verbose as an available option makes Wireshark
trying to retrieve the value of this option. As the option is not
really supported and invalid options after a recent change now
generate errors the androiddump tool does not start properly.
For reference the problem happens due the unfortunate combo of
these two patches:
v2.3.0rc0-1108-gb83ea46 ("extcap: put missed parameters into the help")
v2.9.0rc0-2431-g945d441 ("extcap: fix return value in extcap_base_parse_options().")
Fix by removing verbose as an available config option.
Change-Id: I894f599708a7160f50ca9ee1f9586022342705cb
Reviewed-on: https://code.wireshark.org/review/30716
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Already when selecting the extcap interface to use the encap type is
known. For some reason when adding packets the type is explicitly
checked for certain values and if not known type is set to
WTAP_ENCAP_WIRESHARK_UPPER_PDU.
This conversion break tcpdump function for all but ETHERNET interface
type. For example NLMON and 802.11 radiotap interfaces does not work.
This problem has probably been there since quite a while back but was not
seen (in the sense that current capture looked OK). Though when:
"3aec5e1 Catch attempts to write multiple encapsulation types if unsupported."
got applied the encap type mismatch is now detected and packet capture stops.
As encap type is known already when selecting the interface to use, fix
this by simply reusing the initial value when dumping the packets.
Change-Id: Ica9824e715c47b285c985ea48cbae0e10e18d542
Reviewed-on: https://code.wireshark.org/review/30715
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This:
1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);
2) leaves space in the interfaces in question for additional compression
types.
(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup. Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).
Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.
Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Switch from using WinMain in extcap to wmain.
Change-Id: I54fafad598f5ff74fe84a3ce3e993ac5a31188f7
Reviewed-on: https://code.wireshark.org/review/30094
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
androiddump determines encap type by parsing pcap global header from
tcpdump binary output. Only when libpcap is used with androiddump
this (pcap linktype) value can be used right away. Libwiretap
uses its own encap values but is feed with pcap linktype values
making the whole packet encapsulation invalid.
Fix by converting pcap linktype values into wiretap encap values
(For pcap linktype definitions see http://www.tcpdump.org/linktypes.html)
(For wtap encap defininitions see wiretap/wtap.h)
Fixes: bfef57ebb7 ("androiddump: Fix and simplify tcpdump capture")
Change-Id: I5ea86204b8e5774fd84d4007db8c2910680dbd53
Reviewed-on: https://code.wireshark.org/review/27747
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Florian Bezold <florian.bezold@esrlabs.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
You either need to tell mktime() that 1) DST/Summer Time is in effect,
2) DST/Summer Time isn't in effect, or 3) we don't know whether
DST/Summer Time is in effect, you figure it out.
We set tm_isdst to -1, to choose option 3), which is what we want.
Fixes Coverity CID 1435496.
Change-Id: I0f22ef1201ee8abefb3fa75aa3432b021fb13cfd
Reviewed-on: https://code.wireshark.org/review/27408
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code to read and skip btsnoop header was written in a way where
it reads up to PACKET_LENGTH bytes of data, skips the header, then
move rest of data back start of buffer. So far so good. The code
then resets number of bytes used in buffer making it skip rest of
all data read.
Many times this works fine but only by luck. When there's no data
transfers first recv call will always only return the header
(sender side writes header separately right after accept).
When data transfers are ongoing first recv call will return both
header and data. Then initial data is lost but more importantly
risk parsing data with invalid offset.
Fix by reading btsnoop header separately from rest of data.
Change-Id: Ie52c33f943d8b311e0cd5638ec1a7d4840e271b8
Reviewed-on: https://code.wireshark.org/review/26659
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
ps command is used to find com.android.bluetooth process. From
Android Oreo the ps command needs -A parameter for listing all
processes.
Change-Id: I1a547a0d61175c1e194823462661ec69e711ca50
Reviewed-on: https://code.wireshark.org/review/26652
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Code assumes btsnoop net port is the first tcp socket found in
/proc/<pid>/net/tcp. If it is not the port number lookup will
fail.
Fixed by searching all open tcp sockets for a match.
Change-Id: I988fe18680600b59c595f3d619d95c72c1a6966d
Reviewed-on: https://code.wireshark.org/review/26651
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Commit 043ed1f6 enabled non-blocking connect on Windows. This seems to
break androiddump on Windows completely, since a successful connection
always returns SOCKET_ERROR on connect, with WSAGetLastError() set to
WSAEWOULDBLOCK.
Apparently, the only way to check for a real connection is to try a
write select on the socket:
https://stackoverflow.com/questions/35370239/timeout-in-connect-function-from-winsock
This fixes androiddump on Windows:
- If ADB server is running, extcap interfaces are listed
- If ADB is not running, there is no noticeable delay in Wireshark
Change-Id: I6bd772215c7b232c8fe8e840cb7ad1d54c7d8860
Reviewed-on: https://code.wireshark.org/review/25715
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use "exec:" ADB command to get raw (non-PTY) tcpdump output
This is also supported on Android devices before Android 7, and is a
much easier approach than testing the new "shell,raw:" command and
falling back if unsupported. This basically undoes commit 5ebc3277.
2. Pass "-U" to tcpdump to prevent on-target buffering
Before using the "shell,raw" approach in commit 5ebc3277, I tried the
"exec:" command already, but experienced extreme buffering of the
tcpdump output, which is unacceptable for live trace viewing.
Turns out, the buffering is determined "automatically" by libpcap:
- When running in a PTY, output is flushed fast for viewing
- When _not_ in a PTY, output is not flushed and thus heavily buffered.
The "exec" command obviously doesn't use a PTY.
Fortunately, tcpdump has a "-U" option to flush the output after each
catpured packet, which is exactly what we need.
3. Ignore tcpdump stderr output
Enabling "-U" caused androiddump to fail, because it happened that the
tcpdump stderr logs were mixed with the stdout data. (We were probably
lucky this didn't happen without -U as well).
To fix this, we just ignore stderr completely by adding "2>/dev/null" to
the tcpdump command.
4. Get linktype from pcap global header
The stderr logs were previously parsed to get the textual linktype.
This is now replaced by a simpler & less fragile approach: tcpdump
prints the global pcap header, which contains precicesly the linktype
info we need.
5. Parse pcap global header magic correctly for timestamps & endianness
The previous code only supported the "classic" pcap header magic and
might also been incorrect on big-endian host machines.
Now, endian handling is simplified and we can detect the "nanosecond
timestamp" magic values as well.
This fixes the problem that extcap_dumper_dump expects *nano*second
timestamps, but the previous code supplied *micro*seconds if on-target
tcpdump outputs microseconds.
6. The parsing simplifications above allowed the main loop for tcpdump
capture to be simplified considerably.
Change-Id: Id66791e700a8943b86128f044f080bee60a9fa79
Reviewed-on: https://code.wireshark.org/review/25713
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Running "tcpdump -D" on target seems to be a expensive operation in some
cases, not finishing within the 500ms timeout on several devices (~1000 ms
in one of our cases).
Change-Id: I57e4d31f12c4e393ff84e79b64cb024b74a11f0e
Reviewed-on: https://code.wireshark.org/review/24719
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
g995812c5f1 moved wiretap plugins registration from applications to
wiretap library init function.
As we do not want to load plugins for all users of libwiretap, let's
make it configurable.
Bug: 14314
Change-Id: Id8fdcc484e2d0d31d3ab0bd357d3a6678570f700
Reviewed-on: https://code.wireshark.org/review/25194
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If there's a network interface on the device without the 'flags'
field and at the same time exist other network interfaces
with the 'flags' field present a null-dereference happens accessing
the non-matched regex flags field.
Fix crash by adding explicit null check to ensure (optional) regex
group really matched.
Fixes: 7dcf57719f ("androiddump: Support older on-target tcpdump versions")
Change-Id: Ia08dd8547c9cdda96b3c62b99d98ff1d85bd6cd2
Reviewed-on: https://code.wireshark.org/review/25198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The output of 'tcpdump -D' only outputs interface flags from Android 7
onwards. Since it would be sad to lose the great androiddump support for
all older devices because of this, the logic is extended so that it
lists all interfaces if no '[' and ']' is found in the output.
Also, the used regex seemed to require an interface description, which
might not exist (even with new tcpdump versions). Now, interfaces
without description are not filtered.
Change-Id: I92b550a37b9bc0d0142aed68ee98f26de79be759
Reviewed-on: https://code.wireshark.org/review/24720
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Devices running Android >= 7 have a different adb shell handling than
before:
- Before Android 7, adb always runs shell commands in a PTY
(pseudoterminal), which automatically converts all \n to \r\n
- Since Android 7, adb no longer uses a PTY if a command is directly
started (like 'tcpdump' in our case).
The original androiddump code reversed the PTY \r\n handling as for
older devices. Commit 66507b9 for bug 13510 removed that which supported
newer devices while breaking all older devices.
This fix tries to support both by first trying to use the new
"shell,raw:" adb command syntax. If that succeeds, adb/device must
support non-PTY shells and we don't reverse any \r\n.
If that fails, it's most likely an older device, and we fall back to the
original "shell:" command and enable \r\n reversal.
(To prevent misleading error popups in Wireshark, the warning log in
adb_send when the first attempt fails is changed to a debug log).
Ping-Bug: 13510
Change-Id: I7e0a4f594ebe5dde682cceb667330459337a0c9c
Reviewed-on: https://code.wireshark.org/review/24721
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Error checking omitted like in original code.
Change-Id: If8b4181d30ddf5717951aaf7ec61db25c0bc5322
Reviewed-on: https://code.wireshark.org/review/24309
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
According to README.extcap documentation all extcap tools must
support the --extcap-dlts option. For performance reasons support
for this option was removed by commit:
9328eb6 androiddump: Register interfaces when list interfaces
A side effect of not implementing the option is that dumpcap is
then also called to try to retrieve interface capabilities
for all androiddump interfaces. As extcap interfaces are not
local network interfaces errors like these are logged
whenever the interface list is refreshed:
Capture Dbg sync_if_capabilities_open
Capture Info sync_pipe_run_command() starts
Capture Dbg argv[0]: /usr/local/bin/wireshark/dumpcap
Capture Dbg argv[1]: -i
Capture Dbg argv[2]: android-tcpdump-wlan0...
Capture Dbg argv[3]: -L
Capture Dbg argv[4]: -Z
Capture Dbg argv[5]: none
Capture Dbg sync_pipe_open_command
Capture Dbg read 25 ok indicator: E len: 333 msg: E
Capture Dbg sync_pipe_wait_for_child: wait till child closed
Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
Capture Info sync_pipe_run_command() ends, taking 0.012s, result=-1
Capture Msg Capture Interface Capabilities failed. Error -1, The
capabilities of the capture device "android-tcpdump-wlan0..."
could not be obtained (android-tcpdump-wlan0...:
SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: No such device).
Please check to make sure you have sufficient permissions, and
that you have the proper interface or pipe specified. ()
To avoid error prints and to fulfil the documented equirements for extcap
tools register a fake interface with what would be the properties of such
an interface.
Change-Id: If174adbb64c66132be4225f854bbf9f66d2f5ed1
Reviewed-on: https://code.wireshark.org/review/23093
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13847
Change-Id: I3a706db25204fe4c1fd1b7be3b17b8c55365dccf
Reviewed-on: https://code.wireshark.org/review/23169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some Android devices support 802.11 monitor mode and nlmon
interfaces. Add linktype defines to be able to capture frames
from such interfaces.
Change-Id: I8b8b444ac2821542fc946694b71c8d9fb7ba1238
Reviewed-on: https://code.wireshark.org/review/23080
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Recent changes had the bt snoop capturing function stop working for
Android API versions >= 21. One of the command strings used for
detecting btsnoop server socket interface got messed up when
refactoring code. Fix by using the correct command strings again.
Fixes: faf100ec ("androiddump: Introduce adb_connect_transport helper function")
Change-Id: Id645d24cfb0cb23f36484cfd6416768c89bce51b
Reviewed-on: https://code.wireshark.org/review/23106
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Let androiddump's internal definition of encap types directly
use linktype values from libpcap/wiretap. This way back and forth
conversion between internal and public values can be avoided.
Change-Id: I67522283cc3eb15cbdb1bfdd829bb1ff0031bb82
Reviewed-on: https://code.wireshark.org/review/23079
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This function is helpful to debug the interaction between the
calling UI and the extcap itself.
All extcaps have been changed accordingly.
Change-Id: I358caf4c50797501672bf77fdd91f7276897078c
Reviewed-on: https://code.wireshark.org/review/22806
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Some more repeated code patterns identified. Reduce code duplication
by adding some helper functions.
Change-Id: I0fecd511fd56049e9eae111cdad08252dffff6cb
Reviewed-on: https://code.wireshark.org/review/22480
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix a few cases where socket is not closed on failure path.
Change-Id: Id116a8e5f14979f962fdf725c62999758b79109e
Reviewed-on: https://code.wireshark.org/review/22481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If linktype cannot be determined from tcpdump output the
lookup function is handed a NULL which is then strcmp:ed.
Handle NULL parameter by explicit check.
Fixes Coverity CID 1413923
Change-Id: I290c116991d15cef0a1e954a9f8b76722a5f450c
Reviewed-on: https://code.wireshark.org/review/22483
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The regex matching for linktype might be performed multiple
times. Make sure string is freed before fetched again.
Change-Id: Ice7812ff4a3a8e6a1497ab2ef5aa94976502c16f
Reviewed-on: https://code.wireshark.org/review/22482
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
androiddump used to start tcpdump without specifying the interface
to capture packets on. This works when only one interface is up
but when multiple interfaces are up the output might be empty.
This change let tcpdump list all available network interfaces
and adds a unique extcap interface for each interface that is 'up'
on the device.
Change-Id: Icf0d7fa8f38320092579d4163dcdbcf2b687d8cc
Reviewed-on: https://code.wireshark.org/review/22402
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Instead of treating all output from Android tcpdump as Ethernet
data link type parse what tcpdump acually tells it to be.
This is needed as there are cases when the output is not Ethernet.
For example when starting packet capture on a device with multiple
interfaces up.
NOTE: As translation between tcpdump reported DLT and androiddump's
internal type was needed for now support is only added for types
used by network interfaces of tested devices (i.e. ETHERNET and
LINUX_SSL).
Change-Id: Ie3f9167176c336cb31f6e681f1daac6135a78883
Reviewed-on: https://code.wireshark.org/review/22401
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the variable used for it an int; that's large enough, and, on
Windows, not so large that it provokes warnings.
Change-Id: I00600d816f69d79f7a42eb09b1290ff7708b0bfc
Reviewed-on: https://code.wireshark.org/review/22420
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All strings sent to adb are prefixed with the length as a 4 byte
hex string. The length info prefix was manually hard coded into
strings. To avoid mistakes when updating code and to simplify
reading the source code instead let the various adb_send functions
calculate string lengths and generate the 4 byte hex string
prefixes.
Change-Id: I4178e9df5930a1c7904053e5a7750c943efddc84
Reviewed-on: https://code.wireshark.org/review/22399
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Same code pattern is used over and over when connecting to an adb
server. Introduce a helper function that perform the function of
connecting to specified adb server and transport.
Change-Id: Id2f72f1eb976fa0d742a6db1ef6d592264990ba1
Reviewed-on: https://code.wireshark.org/review/22398
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Comments in code claim:
"The data we are getting from the tcpdump stdoutput stream as the
stdout is the text stream it is convertinng the 0A=0D0A; So we
need to remove these extra character."
This is not true on non-Windows systems at least so avoid the filter
when not built for Windows.
NOTE: A problem with the filter is that it operates on all bytes
received on the socket, including packet data(!). Capturing
data with CR/LFs (for example an HTTP request) will fail. Ideally
the filter should be replaced with some other mechanism but as I
don't have a Windows system to verify that the comment claims are
valid, this change will at least make androiddump work on
non-Windows systems.
Bug: 13510
Change-Id: Ic00f44fa7516c0db7fc015ed8685deb365a347db
Reviewed-on: https://code.wireshark.org/review/22397
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Have a header file that defines HAVE_REMOTE if HAVE_PCAP_REMOTE is
defined, and then includes pcap.h. Replace all other includes of
pcap.h, and the definition of HAVE_REMOTE, with includes of that file.
Check for anything other than wspcap.h including pcap.h in checkAPIs.pl.
Change-Id: I3cbee8208944ad6f006f568b3fe3134e10b2a883
Reviewed-on: https://code.wireshark.org/review/21605
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Peter Wu