Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix some memleaks and overflows.
I haven't committed the changes that are not bug fixes.
svn path=/trunk/; revision=19777
|
|
> [tshark from a fifo]
> Ulf - I notice you made the relevant change here (r16787) - is there any reason why tshark shouldn't use capture_loop_dispatch to do its processing, rather than attempting to use cap_pipe_dispatch or pcap_dispatch directly?
well, there didn't seem to be, so I've made a patch which does exactly this, and which fixes the problem.
svn path=/trunk/; revision=19456
|
|
svn path=/trunk/; revision=19396
|
|
svn path=/trunk/; revision=19320
|
|
svn path=/trunk/; revision=19300
|
|
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
|
|
that obviates the need to check for a null capture filter string, and
fixes bug 1055.
Keep track of whether it was set from the command line, though, so we
can catch attempts to set the filter more than once, and attempts to set
it when we're not capturing.
Clean up white space.
svn path=/trunk/; revision=19047
|
|
pointer, so we can determine whether a capture filter has been set or
not.
Use that to check in TShark whether the user specified a filter with
"-f" or not, rather than using the no-longer-set
"capture_filter_specified" variable.
Also, check for multiple "-f" options.
If no capture filter is specified, use a null string, to work around
broken versions of Linux libpcap.
svn path=/trunk/; revision=18989
|
|
is *NOT* a crash; if Wireshark had crashed, it couldn't have put up that
dialog. (Yes, at least one bug report calls it a crash; see Ethereal
bug 1006 at http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=1006.)
svn path=/trunk/; revision=18628
|
|
svn path=/trunk/; revision=18268
|
|
svn path=/trunk/; revision=18235
|
|
svn path=/trunk/; revision=18207
|
|
svn path=/trunk/; revision=18203
|
|
with a pcap_breakloop() call - we don't need to call select() before
calling pcap_dispatch().
Even if we do need to call select(), we don't need to supply it with a
timeout - it's OK if we block indefinitely, as the signal will interrupt
select().
That also means we can pass -1 as the count to pcap_dispatch(), as
pcap_breakloop() will terminate the loop in pcap_dispatch().
Use sigaction() to catch SIGUSR1, so we can make sure that the signal
handler doesn't get reset when the signal is delivered, and that system
calls don't restart when we return from the signal handler.
svn path=/trunk/; revision=18201
|
|
it back for now; I'll fix it later not to do the timeout if we have
pcap_breakloop().
svn path=/trunk/; revision=18195
|
|
has no UI, nor does it need to ensure it processes only one packet at a
time; get rid of the select stuff, and pass a count of -1 to
pcap_dispatch() so it processes a single bufferfull of packets rather
than just one packet at a time.
svn path=/trunk/; revision=18194
|
|
as an argument, rather than keeping the count to themselves, so the
count kept by the capturing program can be updated correctly - including
getting reset when files are switched. Fixes bug 895.
svn path=/trunk/; revision=18032
|
|
by dumpcap and Ethereal (so that, on UN*X, the child process can report
a detailed "can't exec dumpcap" error).
Rename most of the "sync_pipe_XXX_to_parent()" routines, as they're also
in Tethereal, which doesn't have a sync pipe.
svn path=/trunk/; revision=17789
|
|
even if doing a live capture; just print the packets without saving
them.
In dumpcap:
default to the capturing the entire packet;
don't do the "Press any key" stuff when debugging on UN*X;
do console logging (to the standard error) even when we're
running as the capture child (the sync pipe should only be the
standard output, not the standard error).
svn path=/trunk/; revision=17786
|
|
svn path=/trunk/; revision=17715
|
|
svn path=/trunk/; revision=17690
|
|
transport failed between Ethereal and dumpcap.
I've also changed the way the secondary error message is transported from former "header message 0 secondary 0" to "header header message 0 header secondary 0" as that might be a bit more clearer, and I'll need it for further development anyway.
I was using this while debugging and not recognizing the real problem - for about four hours :-(. I'll need this feature when doing the interface (and link layer type) browsing later (transferring this data from dumpcap to Ethereal) to get a full blown privilege seperation.
svn path=/trunk/; revision=17608
|
|
- fix buggy g_snprintf call (Win32 fails if %s is called with a NULL pointer)
- don't call file close if file wasn't open before (Win32 crashes if eth_unlink is called with a NULL pointer)
svn path=/trunk/; revision=17558
|
|
svn path=/trunk/; revision=17469
|
|
doing anything with the output file, so that
1) if the attempt to open the capture device fails, we don't
bother creating any output files;
2) we could relinquish privileges permanently as soon as we
finish opening the capture device, so we don't have to give
them up temporarily when opening the output file, reclaim
them to open the input device, and then give them up
permanently;
(we already do that in Tethereal).
While we're at it, set the capture filter immediately after opening the
capture device, so we quit before opening capture devices if that fails.
svn path=/trunk/; revision=17468
|
|
svn path=/trunk/; revision=17466
|
|
primary and secondary error messages and let the parent worry about how
to display them. This means dumpcap doesn't need stub routines for
generating the formatting tags for the primary and secondary messages.
Have a separate message for capture filter errors, so that the parent
can check whether the capture filter looks like a display filter and
report the appropriate message. This means that dumpcap doesn't need a
stub routine for compiling display filters (a stub routine also means
that Ethereal won't do the check for capture filters that look like
display filters!).
svn path=/trunk/; revision=17465
|
|
bypass Wiretap; that means we don't have to run the packet through
wtap_process_pcap_packet() and then undo that conversion in Wiretap if
we're just going to write it out, shortening the code path.
svn path=/trunk/; revision=17461
|
|
dumpcap in addition to the things already done now
various dumpcap related code cleanup: mainly #include's and capture engine related stuff
svn path=/trunk/; revision=17327
|
|
no longer needs util.c, so it no longer includes routines that use
host_ip_af(), so it no longer needs to define its own host_ip_af().
That also means dumpcap.c no longer needs to include <sys/socket.h>.
svn path=/trunk/; revision=17278
|
|
svn path=/trunk/; revision=17263
|
|
using dumpcap as the capture child for Ethereal.
dumpcap is a plain console application now, even for Win32 (so no WinMain, create_console and special piping stuff reguired). The undocumented command line option -Z will switch dumpcap into "child mode", using binary instead of plain text output messages to communicate with a parent Ethereal.
Ethereal's main.c no longer needs to distinguish between child mode or not, so some simplifying here.
capture_sync.c has to call dumpcap in a "hidden window" mode using CreateProcess instead of spawnvp, otherwise an uggly console window would appear. The handles created by _pipe doesn't seem to be inheritable for this function, using CreatePipe instead.
The file capture_loop.c is only needed by dumpcap, removed from Ethereal link objects.
Some debugging aid added and other minor cleanup done.
svn path=/trunk/; revision=17256
|
|
can be used by dumpcap (capture_loop.c) as well
svn path=/trunk/; revision=16972
|
|
tethereal internally converted the stdout capture filename "-" into "" which doesn't make any real sense and only complicated things.
To make things even more confusing, wiretap expected "" for dump output and "-" for offline reading ...
svn path=/trunk/; revision=16962
|
|
what indicates that we're supposed to write to the standard output
(Tethereal turns "-" into "").
svn path=/trunk/; revision=16941
|
|
It might (very slightly) slow down capturing in the 0.10.14 release :-(
svn path=/trunk/; revision=16923
|
|
unreliable
Instead, simply keep the signal_pipe setting directly from the command line which is working well
svn path=/trunk/; revision=16833
|
|
warnings.
Include "wiretap/libpcap.h" in "capture_loop.h", to get its declarations
of data structures for headers in libpcap files. This lets us remove
the includes of "wiretap/libpcap.h from files including
"capture_loop.h".
Make "log_func_ignore()" in "tethereal.c" static, and declare some of
its arguments unused. Also get rid of an unused variable.
Include <pcap.h> before including "wiretap/wtap-capture.h", to declare
"struct pcap_pkthdr".
svn path=/trunk/; revision=16791
|
|
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.
concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.
remove redundant code from dumpcap.c
this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
svn path=/trunk/; revision=16787
|
|
this way, the capture prefix will "logically" group the files together and file browsers will also group them
we may want to move the files into a subdir capture later
svn path=/trunk/; revision=16691
|
|
svn path=/trunk/; revision=16679
|
|
application (no signal_pipe)
svn path=/trunk/; revision=16677
|
|
capture_loop.c to capture_info.c and call it from capture.c (instead of capture_loop.c).
This way, the capture child don't need to now any of the packet_counter things (no epan/packet.h and all alike).
Currently the capture_info code will always open another wiretap file instance to build it's own counter values. This isn't optimized for now (next step: use data from cf_continue_tail() somehow).
svn path=/trunk/; revision=16669
|
|
capture_info(.c/.h),
so we can use it from the main program
svn path=/trunk/; revision=16668
|
|
the parts into the corresponding files
svn path=/trunk/; revision=16664
|
|
simply call sync_pipe_errmsg_to_parent directly instead
svn path=/trunk/; revision=16662
|
|
to call the capture_... packet count functions
svn path=/trunk/; revision=16647
|
|
this fortunately removes *a lot* of dependencies and make the resulting binary a lot smaller (and hopefully faster to load :-)
some more cleanup (like replacing // by /**/)
svn path=/trunk/; revision=16620
|
|
personal backup only, not meant for public testing!
I've copied main.c into dumpcap.c and carved out all things not needed
currently won't work as a command line tool, capture_loop.c wants an input pipe
console output is also very ugly and the whole code needs a lot of further cleanup
shouldn't break the unix build as I've only changed the nmake files so far, but who knows ...
svn path=/trunk/; revision=16615
|
|
made the CaptureSetup wiki page more prominent
added some "headings" so some of the help subtopics are easier for "human grep" IMHO
svn path=/trunk/; revision=16592
|