diff options
-rw-r--r-- | capture_opts.c | 9 | ||||
-rw-r--r-- | capture_sync.c | 2 | ||||
-rw-r--r-- | config.h.win32 | 5 | ||||
-rw-r--r-- | config.nmake | 3 | ||||
-rw-r--r-- | configure.in | 9 | ||||
-rw-r--r-- | doc/dumpcap.pod | 10 | ||||
-rw-r--r-- | docbook/release-notes.xml | 18 | ||||
-rw-r--r-- | dumpcap.c | 3 | ||||
-rw-r--r-- | epan/prefs.c | 4 | ||||
-rw-r--r-- | wiretap/file_access.c | 3 |
10 files changed, 58 insertions, 8 deletions
diff --git a/capture_opts.c b/capture_opts.c index 3130027f20..3df0d8cdee 100644 --- a/capture_opts.c +++ b/capture_opts.c @@ -112,7 +112,11 @@ capture_opts_init(capture_options *capture_opts, void *cf) capture_opts->saving_to_file = FALSE; capture_opts->save_file = NULL; capture_opts->group_read_access = FALSE; - capture_opts->use_pcapng = FALSE; /* the default is pcap */ +#ifdef PCAP_NG_DEFAULT + capture_opts->use_pcapng = TRUE; /* Save as pcap-ng by default */ +#else + capture_opts->use_pcapng = FALSE; /* Save as pcap by default */ +#endif capture_opts->real_time_mode = TRUE; capture_opts->show_info = TRUE; capture_opts->quit_after_cap = FALSE; @@ -725,6 +729,9 @@ capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg_ capture_opts->default_options.promisc_mode = FALSE; } break; + case 'P': /* Use pcap format */ + capture_opts->use_pcapng = FALSE; + break; case 'Q': /* Quit after capture (just capture to file) */ capture_opts->quit_after_cap = TRUE; *start_capture = TRUE; /*** -Q implies -k !! ***/ diff --git a/capture_sync.c b/capture_sync.c index e2ddfb07d3..0e00856d5f 100644 --- a/capture_sync.c +++ b/capture_sync.c @@ -382,6 +382,8 @@ sync_pipe_start(capture_options *capture_opts) { if (capture_opts->use_pcapng) argv = sync_pipe_add_arg(argv, &argc, "-n"); + else + argv = sync_pipe_add_arg(argv, &argc, "-P"); if (capture_opts->multi_files_on) { if (capture_opts->has_autostop_filesize) { diff --git a/config.h.win32 b/config.h.win32 index 51a04ae051..955806f9a9 100644 --- a/config.h.win32 +++ b/config.h.win32 @@ -20,7 +20,7 @@ #define __STDC__ 0 #endif -/* +/* * Flex (v 2.5.35) uses this symbol to "exclude" unistd.h */ #define YY_NO_UNISTD_H @@ -69,13 +69,14 @@ @HAVE_AIRPCAP@ +@PCAP_NG_DEFAULT@ @MAIN_MENU_USE_UIMANAGER@ @WANT_PACKET_EDITOR@ /* availability of pcap_freecode() is handled at runtime */ #define HAVE_PCAP_FREECODE 1 -/* define macro for importing variables from an dll +/* define macro for importing variables from an dll * it depends on HAVE_LIBWIRESHARKDLL and _NEED_VAR_IMPORT_ */ #if defined (_NEED_VAR_IMPORT_) && defined (HAVE_LIBWIRESHARKDLL) diff --git a/config.nmake b/config.nmake index 86945ad551..30026c8006 100644 --- a/config.nmake +++ b/config.nmake @@ -206,6 +206,9 @@ PYTHON="$(PYTHON_DIR)\python.exe" PATH=$(PYTHON_DIR);$(PATH) !ENDIF +#### Save files as pcap-ng by default. Comment out to use pcap instead. #### +PCAP_NG_DEFAULT=^#define PCAP_NG_DEFAULT 1 + ##### To Use packet editor uncomment this line #### ### Warning Experimental - work in progress #WANT_PACKET_EDITOR=^#define WANT_PACKET_EDITOR 1 diff --git a/configure.in b/configure.in index a57da09cbf..ce8c389a65 100644 --- a/configure.in +++ b/configure.in @@ -1231,6 +1231,14 @@ fi AC_SUBST(rawshark_bin) AC_SUBST(rawshark_man) +dnl Use pcap-ng by default +AC_ARG_ENABLE(pcap-ng-default, + AC_HELP_STRING( [--enable-pcap-ng-default], + [use the pcap-ng file format by default instead of pcap. @<:@default=yes@:>@]), + enable_pcap_ng_default=$enableval,enable_pcap_ng_default=yes) +if test x$enable_pcap_ng_default = xyes; then + AC_DEFINE(PCAP_NG_DEFAULT, 1, [Support for pcap-ng]) +fi dnl pcap remote check AC_MSG_CHECKING(whether to use libpcap remote capturing feature) @@ -2172,6 +2180,7 @@ echo " Build randpkt : $enable_randpkt" echo " Build dftest : $enable_dftest" echo " Build rawshark : $enable_rawshark" echo "" +echo " Save files as pcap-ng by default : $enable_pcap_ng_default" echo " Install dumpcap with capabilities : $setcap_message" echo " Install dumpcap setuid : $setuid_message" echo " Use dumpcap group : $dumpcap_group_message" diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod index 9f73b1e923..861db49dde 100644 --- a/doc/dumpcap.pod +++ b/doc/dumpcap.pod @@ -20,6 +20,7 @@ S<[ B<-L> ]> S<[ B<-n> ]> S<[ B<-M> ]> S<[ B<-p> ]> +S<[ B<-P> ]> S<[ B<-q> ]> S<[ B<-s> E<lt>capture snaplenE<gt> ]> S<[ B<-S> ]> @@ -212,8 +213,7 @@ B<TShark>; its format is subject to change from release to release. =item -n -Write the output file in the pcap-ng format instead of the default pcap -format. +Save files as pcap-ng. This is the default. =item -p @@ -224,6 +224,12 @@ traffic sent to or from the machine on which B<Dumpcap> is running, broadcast traffic, and multicast traffic to addresses received by that machine. +=item -P + +Save files as pcap instead of the default pcap-ng. In situations that require +pcap-ng, such as capturing from multiple interfaces, this option will be +overridden. + =item -q When capturing packets, don't display the continuous count of packets diff --git a/docbook/release-notes.xml b/docbook/release-notes.xml index a14314eec5..a5915e0935 100644 --- a/docbook/release-notes.xml +++ b/docbook/release-notes.xml @@ -63,7 +63,23 @@ Wireshark Info <listitem> <para> - <!-- --> + Wireshark supports capturing from multiple interfaces at once. + </para> + </listitem> + + <listitem> + <para> + Wireshark, TShark, and their associated utilities now save files + using the pcap-ng file format by default. (Your copy of Wireshark + might still use the pcap file format if pcap-ng is disabled in + your preferences.) + </para> + </listitem> + + <listitem> + <para> + Decryption key management for IEEE 802.11, IPsec, and ISAKMP + is now easier. </para> </listitem> @@ -3720,7 +3720,7 @@ main(int argc, char *argv[]) #define OPTSTRING_d "" #endif -#define OPTSTRING "a:" OPTSTRING_A "b:" OPTSTRING_B "c:" OPTSTRING_d "Df:ghi:" OPTSTRING_I "L" OPTSTRING_m "Mnpq" OPTSTRING_r "Ss:t" OPTSTRING_u "vw:y:Z:" +#define OPTSTRING "a:" OPTSTRING_A "b:" OPTSTRING_B "c:" OPTSTRING_d "Df:ghi:" OPTSTRING_I "L" OPTSTRING_m "MnpPq" OPTSTRING_r "Ss:t" OPTSTRING_u "vw:y:Z:" #ifdef DEBUG_CHILD_DUMPCAP if ((debug_log = ws_fopen("dumpcap_debug_log.tmp","w")) == NULL) { @@ -3990,6 +3990,7 @@ main(int argc, char *argv[]) case 'i': /* Use interface x */ case 'n': /* Use pcapng format */ case 'p': /* Don't capture in promiscuous mode */ + case 'P': /* Use pcap format */ case 's': /* Set the snapshot (capture) length */ case 'w': /* Write to capture file x */ case 'g': /* enable group read accesson file(s) */ diff --git a/epan/prefs.c b/epan/prefs.c index ea9ac2df0d..9f7d8be543 100644 --- a/epan/prefs.c +++ b/epan/prefs.c @@ -1294,7 +1294,11 @@ init_prefs(void) { prefs.capture_devices_hide = NULL; prefs.capture_devices_monitor_mode = NULL; prefs.capture_prom_mode = TRUE; +#ifdef PCAP_NG_DEFAULT + prefs.capture_pcap_ng = TRUE; +#else prefs.capture_pcap_ng = FALSE; +#endif prefs.capture_real_time = TRUE; prefs.capture_auto_scroll = TRUE; prefs.capture_show_info = FALSE; diff --git a/wiretap/file_access.c b/wiretap/file_access.c index d385412853..0f56d4481a 100644 --- a/wiretap/file_access.c +++ b/wiretap/file_access.c @@ -412,6 +412,7 @@ static const struct file_type_info dump_open_table_base[] = { NULL, NULL }, /* WTAP_FILE_PCAP */ + /* Gianluca Varenni suggests that we add "deprecated" to the description. */ { "Wireshark/tcpdump/... - libpcap", "libpcap", "*.pcap;*.cap", ".pcap", FALSE, FALSE, libpcap_dump_can_write_encap, libpcap_dump_open }, @@ -648,7 +649,7 @@ static const struct file_type_info dump_open_table_base[] = { NULL, NULL }, /* WTAP_ENCAP_MIME */ - { "MIME File Format", "mime", NULL, NULL, FALSE, FALSE, + { "MIME File Format", "mime", NULL, NULL, FALSE, FALSE, NULL, NULL } }; |