aboutsummaryrefslogtreecommitdiffstats
path: root/caputils/capture-pcap-util.c
AgeCommit message (Collapse)AuthorFilesLines
2017-09-06plugins: config.h must not be included by public headersJoão Valverde1-0/+2
For a sane plugin build environment. Include config.h as the first header in the .c file instead. Fix by moving required compiler attribute macros to a new "ws_attributes.h" API header. Change-Id: I34f58a927f68c1a0e59686c14d214825149749e1 Reviewed-on: https://code.wireshark.org/review/23400 Petri-Dish: João Valverde <j@v6e.pt> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: João Valverde <j@v6e.pt>
2017-08-25Fix leaked timestamp recordsMikael Kanstrup1-5/+6
Valgrind reports leaked timestamp records. A comment stated that the timestamp info members only contain static data. That claim was only true for some cases, not all so make all cases allocate memory and have them properly freed when removed. Fixes: aca55a2 ("Add hardware timestamping support") Change-Id: I31e4689070019ad1f531008394e7d6e48318c70c Reviewed-on: https://code.wireshark.org/review/23206 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-08-22Add hardware timestamping supportAhmad Fatoum1-7/+61
pcap provides a pcap_set_tstamp_type function, which can be used to request hardware timestamps from a supporting kernel. This patch adds support for aforementioned function as well as two new command line options to dumpcap, wireshark and tshark: --list-time-stamp-types List time stamp types supported for the interface --time-stamp-type <type> Change the interface's timestamp method Name choice mimics those used by tcpdump(1), which already supports this feature. However, unlike tcpdump, we provide both options unconditionally. If Wireshark was configured without pcap_set_tstamp_type being available, --list-time-stamp-types reports an empty list. Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652 Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com> Reviewed-on: https://code.wireshark.org/review/23113 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-06-05Allow bigger snapshot lengths for D-Bus captures.Guy Harris1-8/+8
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for them, because that's the largest possible D-Bus message size. See https://bugs.freedesktop.org/show_bug.cgi?id=100220 for an example of the problems caused by limiting the snapshot length to 256KB for D-Bus. Have a snapshot length of 0 in a capture_file structure mean "there is no snapshot length for the file"; we don't need the has_snap field in that case, a value of 0 mean "no, we don't have a snapshot length". In dumpcap, start out with a pipe buffer size of 2KB, and grow it as necessary. When checking for a too-big packet from a pipe, check against the appropriate maximum - 128MB for DLT_DBUS, 256KB for everything else. Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20 Reviewed-on: https://code.wireshark.org/review/21952 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-03capture-pcap-util.c: fix a typoPascal Quantin1-1/+1
Change-Id: I674d02be665afc331e266725c0a0cbc0a33d9403 Reviewed-on: https://code.wireshark.org/review/21926 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2017-06-03Fix typo.Guy Harris1-1/+1
Change-Id: If4ac286fed29635ec085f9671c77abf6ed22766d Reviewed-on: https://code.wireshark.org/review/21919 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-03If has_snaplen isn't set, don't set the snapshot length with ↵Guy Harris1-9/+34
pcap_create()/pcap_activate(). Just let libpcap pick the snapshot length; that way, for link-layer types that need a really large snapshot length, such as D-Bus (which requires 128MB for the largest messages), it can pick that, but can otherwise pick something that doesn't require as much memory, e.g. 256KB. For pcap_open_live() and pcap_open(), which don't have a way of saying "give me what's appropriate", pick 256KB. Change-Id: Idef5694f7dfa85eaf3a61d6ca7a17d263c417431 Reviewed-on: https://code.wireshark.org/review/21917 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-05A bunch of "{Mac} OS X" -> "macOS" changes.Guy Harris1-2/+2
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X 10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS X" from 10.8 to 10.11. Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3 Reviewed-on: https://code.wireshark.org/review/20933 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-03-07Don't close the pcap_t in get_data_link_types().Guy Harris1-4/+14
1) Its caller closes it, and closing a closed pcap_t can cause Bad Things to happen. 2) We're trying to get an error string from it after we're closing it, which won't work well, either. While we're at it, don't use pcap_statustostr() if we don't have it (we have it iff we have pcap_create()). Change-Id: Ieded1e3ae78aea4e0970cf582e780c2846fe9dd5 Reviewed-on: https://code.wireshark.org/review/20443 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-02-22Clean up the get_if_capabilities_ routines a bit.Guy Harris1-20/+9
Allocate the interface capabilities structure only if we succeed in getting a pcap_t handle for it. For remote devices, explicitly set caps->can_set_rfmon and caps->data_link_types, to be a little bit more like what we do for local devices. Change-Id: I985c05f85f165fce4dfe0392569ec51ed1eeb91e Reviewed-on: https://code.wireshark.org/review/20242 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-02-22Make sure we zero out the newly allocated list, otherwise g_list append mayJoerg Mayer1-1/+1
dereference ->next containing an arbitrary value. Bug: 13418 Change-Id: I240bc03e652ede557083379cc81b81ae83d720e5 Reviewed-on: https://code.wireshark.org/review/20235 Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2016-12-19Don't use PCAP_ERROR if it's not known to be defined.Guy Harris1-1/+1
The introduction of pcap_list_datalinks() predates the introduction of PCAP_ERROR, so the presence of pcap_list_datalinks() doesn't guarantee that PCAP_ERROR is defined. Change the use of PCAP_ERROR when checking the result of pcap_list_datalinks() to just check for -1. Change-Id: Id8229b7aebd02eaf3701983f9343503397af4fb3 Reviewed-on: https://code.wireshark.org/review/19351 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-28Use g_slist_prepend, it should be faster if there's a lot of IP addressesAndersBroman1-2/+6
Change-Id: I3861c0af24523315db6889b22ec93159174ba86f Reviewed-on: https://code.wireshark.org/review/17966 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-01-07pcap_list_datalinks() failing is an error.Guy Harris1-10/+15
Return an error string if that happens. If it doesn't fail, it will return a value >= 1; it will never return 0, so don't check for that. Change-Id: I6d7ee2683c1ceae73e9d9d61c0a6e6d30b2c4400 Reviewed-on: https://code.wireshark.org/review/13100 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-07Clean up #ifdeffed code.Guy Harris1-40/+40
We only need is_linux_bonding_device() if we have pcap_create(). We need get_data_link_types() regardless of whether we have pcap_create() or not. Change-Id: I035f8ddcd57c0424662a2029f928bffa969a3f6c Reviewed-on: https://code.wireshark.org/review/13099 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-07Move more capture device handling to the caputils library.Guy Harris1-1/+714
Move the code to open capture devices and get properties of capture devices there, joining the code to get a list of capture devices. This lets us do a better job of handling pcap_create() in WinPcap, including handling both WinPcap with pcap_create() and WinPcap without pcap_create() at run time, just in case somebody tries using WinPcap 3.x with a Wireshark built with WinPcap 4.x. It also could make it easier to use libpcap/WinPcap directly in Wireshark and TShark, if we have versions of libpcap/WinPcap that run small helper utilities to do privileged functions, allowing programs using them never to need elevated privileges themselves. That might make it easier to fix some issues with running TShark when not saving to a file (we could avoid the file entirely) and with delays when stopping a capture in Wireshark (Wireshark could stop writing to the file as soon as you click the stop button, rather than letting dumpcap do so when the signal gets to it). It might also make it easier to handle future versions of libpcap/WinPcap that support using pcap_create()/pcap_activate() for remote captures, and other future extensions to libpcap/WinPcap. Rename some XXX_linktype routines to XXX_datalink to indicate that they work with DLT_ values rather than LINKTYPE_ values; future versions of libpcap might use LINKTYPE_ values in newer APIs. Check for pcap_create() on all platforms in CMake. Change-Id: Ia12e1692c96ec945c07a135d246958771a29c817 Reviewed-on: https://code.wireshark.org/review/13062 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-06Remove unnecessary includes.Guy Harris1-3/+0
Change-Id: If4bbdfc4f185c3fb33211250d1e4aeff09d72d9c Reviewed-on: https://code.wireshark.org/review/13065 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-05For non-libwiretap code, use <wiretap/XXX.h> to include libwiretap headers.Guy Harris1-3/+3
That makes it clearer that they're libwiretap headers. Change-Id: Ia78a3496913b901073ee59e62bfb72c1677450fa Reviewed-on: https://code.wireshark.org/review/13064 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-23Remove configure --enable-ipv6 optionJoão Valverde1-4/+0
It's an ancient obsolete option with a confusing name. Change-Id: Ib10330cf859cdea18fed2077c6539e56350ef380 Reviewed-on: https://code.wireshark.org/review/11967 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-10-04Fix various memleaksPeter Wu1-0/+1
Found by starting Wireshark within an empty profile, opening Preferences, search for Protocol "IEEE 802.11" (because it has radio buttons), then close everything again. Many fixes are trivial, but the various recent_read_* functions in recent.c were changed to return a boolean such that the result can always be checked even if errno==0. QButtonGroup leak was hinted by Clang Static Analyzer, all other memleaks were found using ASAN/LSan. Change-Id: Ia73f5d4c09d92f22e72377be59e23342f8ad7211 Reviewed-on: https://code.wireshark.org/review/10776 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2015-02-13caputils/*.c: As needed: Add editor modelines & Fix indentationBill Meier1-36/+49
Change-Id: I081446fbbc242c01f8ac9dede575c3ea77421c42 Reviewed-on: https://code.wireshark.org/review/7103 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-08-27Increase the error buffer size for rpcap.Gerald Combs1-2/+6
If the rpcap port is unreachable pcap_findalldevs_ex can write more than PCAP_ERRBUF_SIZE bytes to errbuf. E.g. if we try to capture from Google's all-eights public DNS server we get: ---- Can't get list of interfaces: Is the server properly installed on 8.8.8.8? connect() failed: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (code 1 ---- Set the buffer to PCAP_ERRBUF_SIZE*4 bytes. Hopefully that's large enough. Change-Id: I19f34cda16050c1ba8b9d7d6ed2d8e77b945a2af Ping-Bug: 3554 Ping-Bug: 6922 Ping-Bug: 7021 Reviewed-on: https://code.wireshark.org/review/3880 Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-08-21Extcap Capture InterfaceRoland Knall1-0/+6
Extcap is a plugin interface, which allows for the usage of external capture interfaces via pipes using a predefined configuration language which results in a graphical gui. This implementation seeks for a generic implementation, which results in a seamless integration with the current system, and does add all external interfaces as simple interfaces. Windows Note: Due to limitations with GTK and Windows, a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe is needed, which is part of any GTK windows installation. The default installation directory from the build is an extcap subdirectory underneath the run directory. The folder used by extcap may be viewed in the folders tab of the about dialog. The default installation directory for extcap plugins with a pre-build or installer version of wireshark is the extcap subdirectory underneath the main wireshark directory. For more information see: http://youtu.be/Nn84T506SwU bug #9009 Also take a look in doc/extcap_example.py for a Python-example and in extcap.pod for the arguments grammer. Todo: - Integrate with Qt - currently no GUI is generated, but the interfaces are still usable Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net> Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net> Signed-off-by: Roland Knall <rknall@gmail.com> Reviewed-on: https://code.wireshark.org/review/359 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-07-22Get rid of NO_INTERFACES_FOUND - it's not an error.Guy Harris1-2/+2
It just means "pcap didn't give me any interfaces, and didn't report an error". Hopefully, in the future, there will be pcap APIs that distinguish between the (admittedly unlikely, these days) case of "there really *are* no interfaces on which *anybody* can capture" and "you don't have sufficient permission to capture", and we can report the latter as an error. (Given that pcap supports more than just "regular interfaces", though, there are cases where you don't have permission to capture on those but you have permission to capture raw USB traffic, for example, so perhaps what's really needed is per-interface indications of permissions.) Change-Id: I7b8abb0829e8502f5259c95e8af31655f79d36a1 Reviewed-on: https://code.wireshark.org/review/3169 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-04Move utility routines for capturing into a libcaputils static library.Guy Harris1-0/+639
Some of those routines are used only in dumpcap; others are used in TShark and Wireshark as well. Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7 Reviewed-on: https://code.wireshark.org/review/2841 Reviewed-by: Guy Harris <guy@alum.mit.edu>