/*
- * Timeout, in milliseconds, for reads from the stream of captured packets.
+ * Timeout, in milliseconds, for reads from the stream of captured packets
+ * from a capture device.
*
* A bug in Mac OS X 10.6 and 10.6.1 causes calls to pcap_open_live(), in
* 64-bit applications, with sub-second timeouts not to work. The bug is
- * fixed in 10.6.2.
+ * fixed in 10.6.2, re-broken in 10.6.3, and again fixed in 10.6.5.
*/
#if defined(__APPLE__) && defined(__LP64__)
static gboolean need_timeout_workaround;
#endif
/*
- * Timeout, in microseconds, for threaded reads from a pipe.
+ * Timeout, in microseconds, for reads from the stream of captured packets
+ * from a pipe. Pipes don't have the same problem that BPF devices do
+ * in OS X 10.6, 10.6.1, 10.6.3, and 10.6.4, so we always use a timeout
+ * of 250ms, i.e. the same value as CAP_READ_TIMEOUT when not on one
+ * of the offending versions of Snow Leopard.
+ *
+ * On Windows this value is converted to milliseconds and passed to
+ * WaitForSingleObject. If it's less than 1000 WaitForSingleObject
+ * will return immediately.
*/
-#define THREAD_READ_TIMEOUT 100
+#ifndef USE_THREADS
+#define PIPE_READ_TIMEOUT 250000
+#else
+#define PIPE_READ_TIMEOUT 100000
+#endif
static const char *cap_pipe_err_str;
static void
static int
cap_pipe_select(int pipe_fd) {
fd_set rfds;
- struct timeval timeout, *pto;
+ struct timeval timeout;
int sel_ret;
cap_pipe_err_str = "Unknown error";
FD_ZERO(&rfds);
FD_SET(pipe_fd, &rfds);
- timeout.tv_sec = 0;
- timeout.tv_usec = CAP_READ_TIMEOUT * 1000;
- pto = &timeout;
+ timeout.tv_sec = PIPE_READ_TIMEOUT / 1000000;
+ timeout.tv_usec = PIPE_READ_TIMEOUT % 1000000;
- sel_ret = select(pipe_fd+1, &rfds, NULL, NULL, pto);
+ sel_ret = select(pipe_fd+1, &rfds, NULL, NULL, &timeout);
if (sel_ret < 0)
cap_pipe_err_str = strerror(errno);
return sel_ret;
ld->cap_pipe_bytes_read += b;
#else /* USE_THREADS */
g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, THREAD_READ_TIMEOUT);
+ g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
q_status = g_async_queue_timed_pop(cap_pipe_done_q, &wait_time);
if (ld->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
ld->cap_pipe_bytes_read += b;
#else /* USE_THREADS */
g_get_current_time(&wait_time);
- g_time_val_add(&wait_time, THREAD_READ_TIMEOUT);
+ g_time_val_add(&wait_time, PIPE_READ_TIMEOUT);
q_status = g_async_queue_timed_pop(cap_pipe_done_q, &wait_time);
if (ld->cap_pipe_err == PIPEOF) {
result = PD_PIPE_EOF;
return ld->packet_count - packet_count_before;
}
+#ifdef _WIN32
+/* Isolate the Universally Unique Identifier from the interface. Basically, we
+ * want to grab only the characters between the '{' and '}' delimiters.
+ *
+ * Returns a GString that must be freed with g_string_free(). */
+static GString *isolate_uuid(const char *iface)
+{
+ gchar *ptr;
+ GString *gstr;
+
+ ptr = strchr(iface, '{');
+ if (ptr == NULL)
+ return g_string_new(iface);
+ gstr = g_string_new(ptr + 1);
+
+ ptr = strchr(gstr->str, '}');
+ if (ptr == NULL)
+ return gstr;
+
+ gstr = g_string_truncate(gstr, ptr - gstr->str);
+ return gstr;
+}
+#endif
/* open the output file (temporary/specified name/ringbuffer/named pipe/stdout) */
/* Returns TRUE if the file opened successfully, FALSE otherwise. */
char *tmpname;
gchar *capfile_name;
+ gchar *prefix;
gboolean is_tempfile;
#ifndef _WIN32
int ret;
is_tempfile = FALSE;
} else {
/* Choose a random name for the temporary capture buffer */
- *save_file_fd = create_tempfile(&tmpname, "wireshark");
+#ifdef _WIN32
+ GString *iface;
+
+ iface = isolate_uuid(capture_opts->iface);
+ prefix = g_strconcat("wireshark_", g_basename(iface->str), NULL);
+ g_string_free(iface, TRUE);
+#else
+ prefix = g_strconcat("wireshark_", g_basename(capture_opts->iface), NULL);
+#endif
+ *save_file_fd = create_tempfile(&tmpname, prefix);
+ g_free(prefix);
capfile_name = g_strdup(tmpname);
is_tempfile = TRUE;
}
cap_err_str = pcap_geterr(global_ld.pcap_h);
if (strcmp(cap_err_str, "recvfrom: Network is down") == 0 ||
strcmp(cap_err_str, "read: Device not configured") == 0 ||
- strcmp(cap_err_str, "read: I/O error") == 0) {
+ strcmp(cap_err_str, "read: I/O error") == 0 ||
+ strcmp(cap_err_str, "read error: PacketReceivePacket failed") == 0) {
report_capture_error("The network adapter on which the capture was being done "
"is no longer running; the capture has stopped.",
"");
#if defined(__APPLE__) && defined(__LP64__)
/*
- * Is this Mac OS X 10.6.x, other than 10.6.2? If so, we need a bug
- * workaround - timeouts less than 1 second don't work with libpcap
+ * Is this Mac OS X 10.6.0, 10.6.1, 10.6.3, or 10.6.4? If so, we need
+ * a bug workaround - timeouts less than 1 second don't work with libpcap
* in 64-bit code. (The bug was introduced in 10.6, fixed in 10.6.2,
- * and re-introduced in 10.6.3. We don't know whether it'll be fixed
- * again in a later 10.6.x release; we'll assume that it'll be fixed
- * in any future major releases.)
+ * re-introduced in 10.6.3, not fixed in 10.6.4, and fixed in 10.6.5.
+ * The problem is extremely unlikely to be reintroduced in a future
+ * release.)
*/
if (uname(&osinfo) == 0) {
/*
* {x+4}.y.0 (except that 10.6.1 appears to have a uname version
* number of 10.0.0, not 10.1.0 - go figure).
*/
- if (strncmp(osinfo.release, "10.", 3) == 0) {
- /*
- * OK, it's Snow Leopard - which version?
- */
- if (strcmp(osinfo.release, "10.2.0") != 0) {
- /* Not 10.6.2. */
- need_timeout_workaround = TRUE;
- }
- }
+ if (strcmp(osinfo.release, "10.0.0") == 0 || /* 10.6, 10.6.1 */
+ strcmp(osinfo.release, "10.3.0") == 0 || /* 10.6.3 */
+ strcmp(osinfo.release, "10.4.0") == 0) /* 10.6.4 */
+ need_timeout_workaround = TRUE;
}
#endif
GString *runtime_info_str;
/* Assemble the compile-time version information string */
comp_info_str = g_string_new("Compiled ");
- get_compiled_version_info(comp_info_str, NULL);
+ get_compiled_version_info(comp_info_str, NULL, NULL);
/* Assemble the run-time version information string */
runtime_info_str = g_string_new("Running ");