Age | Commit message (Collapse) | Author | Files | Lines |
|
does capturing any more. (We will be inserting a call to give up
privileges after the pcap_open_live(), which should fix 2273; we're
currently only giving up privileges on platforms with libcap.)
svn path=/trunk/; revision=24345
|
|
Removed a debug printout in t38.
svn path=/trunk/; revision=24188
|
|
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
|
|
svn path=/trunk/; revision=23638
|
|
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
|
|
things) open() to eth_open() to fix http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1987
svn path=/trunk/; revision=23601
|
|
Clean up some of the Windows named pipe code.
svn path=/trunk/; revision=23592
|
|
out, and return that; pcap_dispatch() returns the number of packets it
processed, but we might have discarded some or all of them if we hit the
packet limit in the middle of processing them.
svn path=/trunk/; revision=23542
|
|
file.
If we set the "stop capture" flag, don't process the packet.
svn path=/trunk/; revision=23541
|
|
pipe instead of stdin. Add an argument (currently the parent PID) back
to the "-Z" flag and use it to construct the pipe name. This lets us
pass the parent's stdin handle to dumpcap, which lets us capture from
stdin on Windows. Add a comment about checking for the parent process.
In capture_loop.c, remove the wait_forever argument from cap_pipe_select()
since it was always FALSE. Set the timeout under Windows to 250 ms
instead of 250000 ms.
svn path=/trunk/; revision=23279
|
|
when an interface goes down or goes away, and, in that case, just report
that, rather than reporting a more technical error and indicating that
the error should be reported to the Wireshark developers.
Line-break the "please report this to the Wireshark developers" error
differently (so that it doesn't look weird if the dialog box line-wraps
it).
Fix indentation.
svn path=/trunk/; revision=22771
|
|
setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it
disabled by default. Whine if the user runs Wireshark or TShark as root.
Add a preference to disable the whining. Add a "setuid-root" script that
can be used to switch dumpcap and TShark's setuid-ness on and off for
development and testing. Update the release notes and README.packaging.
svn path=/trunk/; revision=22733
|
|
the packet batching stuff work properly.
Hence, do not block forever when doing a select() on a capture fd.
svn path=/trunk/; revision=22638
|
|
it's a pointer to an arbitrary object, assumed to be correctly aligned,
not a pointer to a not-necessarily-properly-aligned array of bytes.
Cast it, so we won't get alignment warnings.
svn path=/trunk/; revision=21939
|
|
svn path=/trunk/; revision=21470
|
|
at the pcap interface.
svn path=/trunk/; revision=21417
|
|
Also: minor cleanup for capture_loop.c
svn path=/trunk/; revision=20864
|
|
Generate correct message;
(test suite 'tshark invalid capture interface' test
should now work again).
svn path=/trunk/; revision=20851
|
|
is now inexplicably working, so enable it.
svn path=/trunk/; revision=20762
|
|
(The related tests in suite-capture.sh should now work correctly).
(Also: Print error message if attempting to use ring-buffers
with a named pipe).
svn path=/trunk/; revision=20255
|
|
if the pipename argument to cap_pipe_open_live() is null, that's
a bug, and we want a crash so it's caught;
if ld->pcap_h is null in capture_loop_dispatch(), that's a bug,
and we want a crash so it's caught;
if capture_opts is null in capture_loop_start(), that's a bug,
and we want a crash so it's caught;
there's no need to null out capture_opts->save_file twice.
Also, errmsg and secondary_errmsg are null-terminated strings, so the
array size should be the maximum length + 1.
svn path=/trunk/; revision=19857
|
|
Fix some memleaks and overflows.
I haven't committed the changes that are not bug fixes.
svn path=/trunk/; revision=19777
|
|
> [tshark from a fifo]
> Ulf - I notice you made the relevant change here (r16787) - is there any reason why tshark shouldn't use capture_loop_dispatch to do its processing, rather than attempting to use cap_pipe_dispatch or pcap_dispatch directly?
well, there didn't seem to be, so I've made a patch which does exactly this, and which fixes the problem.
svn path=/trunk/; revision=19456
|
|
svn path=/trunk/; revision=19396
|
|
svn path=/trunk/; revision=19320
|
|
svn path=/trunk/; revision=19300
|
|
in last year by Gianluca Varenni.
Add partial support for reading from named pipes (currently disabled).
Move utf_8to16() and utf_16to8() to a separate module (unicode-utils.[ch])
so that we don't have to cut and paste code in dumpcap.c.
Fix up whitespace.
svn path=/trunk/; revision=19291
|
|
that obviates the need to check for a null capture filter string, and
fixes bug 1055.
Keep track of whether it was set from the command line, though, so we
can catch attempts to set the filter more than once, and attempts to set
it when we're not capturing.
Clean up white space.
svn path=/trunk/; revision=19047
|
|
pointer, so we can determine whether a capture filter has been set or
not.
Use that to check in TShark whether the user specified a filter with
"-f" or not, rather than using the no-longer-set
"capture_filter_specified" variable.
Also, check for multiple "-f" options.
If no capture filter is specified, use a null string, to work around
broken versions of Linux libpcap.
svn path=/trunk/; revision=18989
|
|
is *NOT* a crash; if Wireshark had crashed, it couldn't have put up that
dialog. (Yes, at least one bug report calls it a crash; see Ethereal
bug 1006 at http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=1006.)
svn path=/trunk/; revision=18628
|
|
svn path=/trunk/; revision=18268
|
|
svn path=/trunk/; revision=18235
|
|
svn path=/trunk/; revision=18207
|
|
svn path=/trunk/; revision=18203
|
|
with a pcap_breakloop() call - we don't need to call select() before
calling pcap_dispatch().
Even if we do need to call select(), we don't need to supply it with a
timeout - it's OK if we block indefinitely, as the signal will interrupt
select().
That also means we can pass -1 as the count to pcap_dispatch(), as
pcap_breakloop() will terminate the loop in pcap_dispatch().
Use sigaction() to catch SIGUSR1, so we can make sure that the signal
handler doesn't get reset when the signal is delivered, and that system
calls don't restart when we return from the signal handler.
svn path=/trunk/; revision=18201
|
|
it back for now; I'll fix it later not to do the timeout if we have
pcap_breakloop().
svn path=/trunk/; revision=18195
|
|
has no UI, nor does it need to ensure it processes only one packet at a
time; get rid of the select stuff, and pass a count of -1 to
pcap_dispatch() so it processes a single bufferfull of packets rather
than just one packet at a time.
svn path=/trunk/; revision=18194
|
|
as an argument, rather than keeping the count to themselves, so the
count kept by the capturing program can be updated correctly - including
getting reset when files are switched. Fixes bug 895.
svn path=/trunk/; revision=18032
|
|
by dumpcap and Ethereal (so that, on UN*X, the child process can report
a detailed "can't exec dumpcap" error).
Rename most of the "sync_pipe_XXX_to_parent()" routines, as they're also
in Tethereal, which doesn't have a sync pipe.
svn path=/trunk/; revision=17789
|
|
even if doing a live capture; just print the packets without saving
them.
In dumpcap:
default to the capturing the entire packet;
don't do the "Press any key" stuff when debugging on UN*X;
do console logging (to the standard error) even when we're
running as the capture child (the sync pipe should only be the
standard output, not the standard error).
svn path=/trunk/; revision=17786
|
|
svn path=/trunk/; revision=17715
|
|
svn path=/trunk/; revision=17690
|
|
transport failed between Ethereal and dumpcap.
I've also changed the way the secondary error message is transported from former "header message 0 secondary 0" to "header header message 0 header secondary 0" as that might be a bit more clearer, and I'll need it for further development anyway.
I was using this while debugging and not recognizing the real problem - for about four hours :-(. I'll need this feature when doing the interface (and link layer type) browsing later (transferring this data from dumpcap to Ethereal) to get a full blown privilege seperation.
svn path=/trunk/; revision=17608
|
|
- fix buggy g_snprintf call (Win32 fails if %s is called with a NULL pointer)
- don't call file close if file wasn't open before (Win32 crashes if eth_unlink is called with a NULL pointer)
svn path=/trunk/; revision=17558
|
|
svn path=/trunk/; revision=17469
|
|
doing anything with the output file, so that
1) if the attempt to open the capture device fails, we don't
bother creating any output files;
2) we could relinquish privileges permanently as soon as we
finish opening the capture device, so we don't have to give
them up temporarily when opening the output file, reclaim
them to open the input device, and then give them up
permanently;
(we already do that in Tethereal).
While we're at it, set the capture filter immediately after opening the
capture device, so we quit before opening capture devices if that fails.
svn path=/trunk/; revision=17468
|
|
svn path=/trunk/; revision=17466
|
|
primary and secondary error messages and let the parent worry about how
to display them. This means dumpcap doesn't need stub routines for
generating the formatting tags for the primary and secondary messages.
Have a separate message for capture filter errors, so that the parent
can check whether the capture filter looks like a display filter and
report the appropriate message. This means that dumpcap doesn't need a
stub routine for compiling display filters (a stub routine also means
that Ethereal won't do the check for capture filters that look like
display filters!).
svn path=/trunk/; revision=17465
|
|
bypass Wiretap; that means we don't have to run the packet through
wtap_process_pcap_packet() and then undo that conversion in Wiretap if
we're just going to write it out, shortening the code path.
svn path=/trunk/; revision=17461
|
|
dumpcap in addition to the things already done now
various dumpcap related code cleanup: mainly #include's and capture engine related stuff
svn path=/trunk/; revision=17327
|