diff options
| -rw-r--r-- | capture-pcap-util.h | 13 | ||||
| -rw-r--r-- | capture_opts.c | 8 | ||||
| -rw-r--r-- | doc/dumpcap.pod | 3 | ||||
| -rw-r--r-- | doc/rawshark.pod | 5 | ||||
| -rw-r--r-- | doc/tshark.pod | 3 | ||||
| -rw-r--r-- | doc/wireshark.pod | 5 |
6 files changed, 23 insertions, 14 deletions
diff --git a/capture-pcap-util.h b/capture-pcap-util.h index 9d91387b26..b00401a790 100644 --- a/capture-pcap-util.h +++ b/capture-pcap-util.h @@ -36,14 +36,13 @@ extern "C" { #include <pcap.h> /* - * XXX - this is also the traditional default snapshot size in - * tcpdump - but, if IPv6 is enabled, it defaults to 96, to get an - * IPv6 header + TCP + 22 extra bytes. - * - * Some libpcap versions for particular capture devices might happen - * to impose a minimum, but it's not always 68. + * A snapshot length of 0 is useless - and libpcap/WinPcap don't guarantee + * that a snapshot length of 0 will work, and, on some platforms, it won't + * (with BPF, for example, the kernel is told the snapshot length via the + * return value of the BPF program, and a return value of 0 means "drop + * the packet"), so the minimum packet size is 1 byte. */ -#define MIN_PACKET_SIZE 68 /* minimum amount of packet data we can read */ +#define MIN_PACKET_SIZE 1 /* minimum amount of packet data we can read */ /* * The list of interfaces returned by "get_interface_list()" is diff --git a/capture_opts.c b/capture_opts.c index debccc9128..ae94e8dd3e 100644 --- a/capture_opts.c +++ b/capture_opts.c @@ -514,7 +514,13 @@ capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg, #endif case 's': /* Set the snapshot (capture) length */ capture_opts->has_snaplen = TRUE; - capture_opts->snaplen = get_positive_int(optarg, "snapshot length"); + capture_opts->snaplen = get_natural_int(optarg, "snapshot length"); + /* + * Make a snapshot length of 0 equivalent to the maximum packet + * length, mirroring what tcpdump does. + */ + if (capture_opts->snaplen == 0) + capture_opts->snaplen = WTAP_MAX_PACKET_SIZE; break; case 'S': /* "Real-Time" mode: used for following file ala tail -f */ capture_opts->real_time_mode = TRUE; diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod index fcf0ffe0c4..6b9723950a 100644 --- a/doc/dumpcap.pod +++ b/doc/dumpcap.pod @@ -178,7 +178,8 @@ machine. Set the default snapshot length to use when capturing live data. No more than I<snaplen> bytes of each network packet will be read into -memory, or saved to disk. +memory, or saved to disk. A value of 0 specifies a snapshot length of +65535, so that the full packet is captured; this is the default. =item -v diff --git a/doc/rawshark.pod b/doc/rawshark.pod index cfe942b2ec..98e291e758 100644 --- a/doc/rawshark.pod +++ b/doc/rawshark.pod @@ -167,9 +167,10 @@ matching the filter are discarded rather than being printed or written. =item -s E<lt>capture snaplenE<gt> -Set the default snapshot length to use when capturing live data. +Set the default snapshot length to use when capturing live data. No more than I<snaplen> bytes of each network packet will be read into -memory, or saved to disk. +memory, or saved to disk. A value of 0 specifies a snapshot length of +65535, so that the full packet is captured; this is the default. =item -S diff --git a/doc/tshark.pod b/doc/tshark.pod index c62189a395..8732b2aafc 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -402,7 +402,8 @@ matching the filter are discarded rather than being printed or written. Set the default snapshot length to use when capturing live data. No more than I<snaplen> bytes of each network packet will be read into -memory, or saved to disk. +memory, or saved to disk. A value of 0 specifies a snapshot length of +65535, so that the full packet is captured; this is the default. =item -S diff --git a/doc/wireshark.pod b/doc/wireshark.pod index d214c427c7..8381ddcb6a 100644 --- a/doc/wireshark.pod +++ b/doc/wireshark.pod @@ -432,9 +432,10 @@ Automatically update the packet display as packets are coming in. =item -s E<lt>capture snaplenE<gt> -Set the default snapshot length to use when capturing live data. +Set the default snapshot length to use when capturing live data. No more than I<snaplen> bytes of each network packet will be read into -memory, or saved to disk. +memory, or saved to disk. A value of 0 specifies a snapshot length of +65535, so that the full packet is captured; this is the default. =item -t ad|a|r|d|dd|e |