X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=tethereal.c;h=4d3835fca929a9c3af0b414b76dd520f090f7dc8;hp=66dbe5c8bbafa3cebd89da7ba6c7629ea4148264;hb=3ed86f10709f0b69617915978e89e6faa80654a3;hpb=7d2a77c6cd3d4c7f658b70ab7e0367080d25cd10

diff --git a/tethereal.c b/tethereal.c
index 66dbe5c8bb..4d3835fca9 100644
--- a/tethereal.c
+++ b/tethereal.c
@@ -1,6 +1,6 @@
 /* tethereal.c
  *
- * $Id: tethereal.c,v 1.99 2001/11/21 23:16:21 gram Exp $
+ * $Id: tethereal.c,v 1.188 2003/06/22 16:06:03 deniel Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -13,16 +13,15 @@
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2
  * of the License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
- *
  */
 
 #ifdef HAVE_CONFIG_H
@@ -32,6 +31,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <ctype.h>
 #include <locale.h>
 #include <limits.h>
 
@@ -41,14 +41,6 @@
 
 #include <errno.h>
 
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
@@ -57,26 +49,17 @@
 
 #ifdef HAVE_LIBPCAP
 #include <pcap.h>
+#include <setjmp.h>
 #endif
 
-#ifdef HAVE_LIBZ
-#include <zlib.h>	/* to get the libz version number */
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
 #endif
 
 #ifdef NEED_SNPRINTF_H
 # include "snprintf.h"
 #endif
 
-#if defined(HAVE_UCD_SNMP_SNMP_H)
-#ifdef HAVE_UCD_SNMP_VERSION_H
-#include <ucd-snmp/version.h>
-#endif /* HAVE_UCD_SNMP_VERSION_H */
-#elif defined(HAVE_SNMP_SNMP_H)
-#ifdef HAVE_SNMP_VERSION_H
-#include <snmp/version.h>
-#endif /* HAVE_SNMP_VERSION_H */
-#endif /* SNMP */
-
 #ifdef NEED_STRERROR_H
 #include "strerror.h"
 #endif
@@ -86,50 +69,91 @@
 #endif
 
 #include <glib.h>
-#include <epan.h>
+#include <epan/epan.h>
+#include <epan/filesystem.h>
 
 #include "globals.h"
-#include "timestamp.h"
-#include "packet.h"
+#include <epan/timestamp.h>
+#include <epan/packet.h>
 #include "file.h"
 #include "prefs.h"
 #include "column.h"
 #include "print.h"
-#include "resolv.h"
+#include <epan/resolv.h>
 #include "util.h"
 #ifdef HAVE_LIBPCAP
 #include "pcap-util.h"
 #endif
-#include "conversation.h"
-#include "reassemble.h"
-#include "plugins.h"
+#include <epan/conversation.h>
+#include <epan/plugins.h>
 #include "register.h"
+#include "conditions.h"
+#include "capture_stop_conditions.h"
+#include "ringbuffer.h"
+#include <epan/epan_dissect.h>
+#include "tap.h"
 
-#ifdef WIN32
+#ifdef HAVE_LIBPCAP
+#include <wiretap/wtap-capture.h>
+#include <wiretap/libpcap.h>
+#endif
+
+#ifdef _WIN32
 #include "capture-wpcap.h"
 #endif
 
+/*
+ * This is the template for the decode as option; it is shared between the
+ * various functions that output the usage for this parameter.
+ */
+static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>";
 static guint32 firstsec, firstusec;
 static guint32 prevsec, prevusec;
-static GString *comp_info_str;
+static GString *comp_info_str, *runtime_info_str;
+static gboolean quiet;
+static gboolean decode;
 static gboolean verbose;
 static gboolean print_hex;
 static gboolean line_buffered;
 
 #ifdef HAVE_LIBPCAP
 typedef struct _loop_data {
+  gboolean       go;           /* TRUE as long as we're supposed to keep capturing */
   gint           linktype;
+  gboolean       from_pipe;    /* TRUE if we are capturing data from a pipe */
   pcap_t        *pch;
   wtap_dumper   *pdh;
+  jmp_buf        stopenv;
+  gboolean       output_to_pipe;
+  int            packet_count;
+#ifndef _WIN32
+  gboolean       modified;     /* TRUE if data in the pipe uses modified pcap headers */
+  gboolean       byte_swapped; /* TRUE if data in the pipe is byte swapped */
+  unsigned int   bytes_to_read, bytes_read; /* Used by pipe_dispatch */
+  enum {
+         STATE_EXPECT_REC_HDR, STATE_READ_REC_HDR,
+         STATE_EXPECT_DATA,     STATE_READ_DATA
+       } pipe_state;
+
+  enum { PIPOK, PIPEOF, PIPERR, PIPNEXIST } pipe_err;
+#endif
 } loop_data;
 
 static loop_data ld;
 
-static int capture(int, int);
-static void capture_pcap_cb(u_char *, const struct pcap_pkthdr *,
-  const u_char *);
+static int capture(int);
+static void capture_pcap_cb(guchar *, const struct pcap_pkthdr *,
+  const guchar *);
+static void report_counts(void);
+#ifdef _WIN32
+static BOOL WINAPI capture_cleanup(DWORD);
+#else /* _WIN32 */
 static void capture_cleanup(int);
-#endif
+#ifdef SIGINFO
+static void report_counts_siginfo(int);
+#endif /* SIGINFO */
+#endif /* _WIN32 */
+#endif /* HAVE_LIBPCAP */
 
 typedef struct {
   capture_file *cf;
@@ -137,35 +161,88 @@ typedef struct {
 } cb_args_t;
 
 static int load_cap_file(capture_file *, int);
-static void wtap_dispatch_cb_write(u_char *, const struct wtap_pkthdr *, long,
-    union wtap_pseudo_header *, const u_char *);
+static void wtap_dispatch_cb_write(guchar *, const struct wtap_pkthdr *, long,
+    union wtap_pseudo_header *, const guchar *);
 static void show_capture_file_io_error(const char *, int, gboolean);
-static void wtap_dispatch_cb_print(u_char *, const struct wtap_pkthdr *, long,
-    union wtap_pseudo_header *, const u_char *);
+static void wtap_dispatch_cb_print(guchar *, const struct wtap_pkthdr *, long,
+    union wtap_pseudo_header *, const guchar *);
+#ifdef HAVE_LIBPCAP
+#ifndef _WIN32
+static void adjust_header(loop_data *, struct pcap_hdr *, struct pcaprec_hdr *);
+static int pipe_open_live(char *, struct pcap_hdr *, loop_data *, char *, int);
+static int pipe_dispatch(int, loop_data *, struct pcap_hdr *, \
+                struct pcaprec_modified_hdr *, guchar *, char *, int);
+#endif /* _WIN32 */
+#endif
 
 capture_file cfile;
-FILE        *data_out_file = NULL;
 ts_type timestamp_type = RELATIVE;
 #ifdef HAVE_LIBPCAP
-static int promisc_mode = TRUE;
-#endif
+typedef struct {
+	int snaplen;			/* Maximum captured packet length */
+	int promisc_mode;		/* Capture in promiscuous mode */
+	int autostop_count;		/* Maximum packet count */
+	gboolean has_autostop_duration;	/* TRUE if maximum capture duration
+					   is specified */
+	gint32 autostop_duration;	/* Maximum capture duration */
+	gboolean has_autostop_filesize;	/* TRUE if maximum capture file size
+					   is specified */
+	gint32 autostop_filesize;	/* Maximum capture file size */
+	gboolean ringbuffer_on;		/* TRUE if ring buffer in use */
+	guint32 ringbuffer_num_files;	/* Number of ring buffer files */
+	gboolean has_ring_duration;	/* TRUE if ring duration specified */
+	gint32 ringbuffer_duration;     /* Switch file after n seconds */
+} capture_options;
+
+static capture_options capture_opts = {
+	WTAP_MAX_PACKET_SIZE,		/* snapshot length - default is
+					   infinite, in effect */
+	TRUE,				/* promiscuous mode is the default */
+	0,				/* max packet count - default is 0,
+					   meaning infinite */
+	FALSE,				/* maximum capture duration not
+					   specified by default */
+	0,				/* maximum capture duration */
+	FALSE,				/* maximum capture file size not
+					   specified by default */
+	0,				/* maximum capture file size */
+	FALSE,				/* ring buffer off by default */
+	RINGBUFFER_MIN_NUM_FILES,	/* default number of ring buffer
+					   files */
+	FALSE,				/* Switch ring file after some */
+	0				/* specified time is off by default */
+};
+
+#ifdef SIGINFO
+static gboolean infodelay;	/* if TRUE, don't print capture info in SIGINFO handler */
+static gboolean infoprint;	/* if TRUE, print capture info after clearing infodelay */
+#endif /* SIGINFO */
+#endif /* HAVE_LIBPCAP */
 
-static void 
-print_usage(void)
+static void
+print_usage(gboolean print_ver)
 {
   int i;
 
-  fprintf(stderr, "This is GNU t%s %s, compiled %s\n", PACKAGE, VERSION,
-	comp_info_str->str);
+  if (print_ver) {
+    fprintf(stderr, "This is GNU t%s %s\n%s\n%s\n", PACKAGE, VERSION,
+	comp_info_str->str, runtime_info_str->str);
+  }
 #ifdef HAVE_LIBPCAP
-  fprintf(stderr, "t%s [ -DvVhlp ] [ -c <count> ] [ -f <capture filter> ]\n", PACKAGE);
-  fprintf(stderr, "\t[ -F <capture file type> ] [ -i <interface> ] [ -n ] [ -N <resolving> ]\n");
-  fprintf(stderr, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
-  fprintf(stderr, "\t[ -s <snaplen> ] [ -t <time stamp format> ] [ -w <savefile> ] [ -x ]\n");
+  fprintf(stderr, "\nt%s [ -vh ] [ -DlnpqSVx ] [ -a <capture autostop condition> ] ...\n",
+	  PACKAGE);
+  fprintf(stderr, "\t[ -b <number of ring buffer files>[:<duration>] ] [ -c <count> ]\n");
+  fprintf(stderr, "\t[ -d %s ] ...\n", decode_as_arg_template);
+  fprintf(stderr, "\t[ -f <capture filter> ] [ -F <output file type> ] [ -i <interface> ]\n");
+  fprintf(stderr, "\t[ -N <resolving> ] [ -o <preference setting> ] ... [ -r <infile> ]\n");
+  fprintf(stderr, "\t[ -R <read filter> ] [ -s <snaplen> ] [ -t <time stamp format> ]\n");
+  fprintf(stderr, "\t[ -w <savefile> ] [ -Z <statistics string> ]\n");
 #else
-  fprintf(stderr, "t%s [ -vVhl ] [ -F <capture file type> ] [ -n ] [ -N <resolving> ]\n", PACKAGE);
+  fprintf(stderr, "\nt%s [ -vh ] [ -lnVx ]\n", PACKAGE);
+  fprintf(stderr, "\t[ -d %s ] ...\n", decode_as_arg_template);
+  fprintf(stderr, "\t[ -F <output file type> ] [ -N <resolving> ]\n");
   fprintf(stderr, "\t[ -o <preference setting> ] ... [ -r <infile> ] [ -R <read filter> ]\n");
-  fprintf(stderr, "\t[ -t <time stamp format> ] [ -w <savefile> ] [ -x ]\n");
+  fprintf(stderr, "\t[ -t <time stamp format> ] [ -w <savefile> ] [ -Z <statistics string> ]\n");
 #endif
   fprintf(stderr, "Valid file type arguments to the \"-F\" flag:\n");
   for (i = 0; i < WTAP_NUM_FILE_TYPES; i++) {
@@ -176,8 +253,9 @@ print_usage(void)
   fprintf(stderr, "\tdefault is libpcap\n");
 }
 
-int
-get_positive_int(const char *string, const char *name)
+#ifdef HAVE_LIBPCAP
+static int
+get_natural_int(const char *string, const char *name)
 {
   long number;
   char *p;
@@ -189,41 +267,424 @@ get_positive_int(const char *string, const char *name)
     exit(1);
   }
   if (number < 0) {
-    fprintf(stderr, "tethereal: The specified %s \"%s\" is a negative number\n",
-	    name, string);
+    fprintf(stderr, "tethereal: The specified %s is a negative number\n",
+	    name);
     exit(1);
   }
   if (number > INT_MAX) {
-    fprintf(stderr, "tethereal: The specified %s \"%s\" is too large (greater than %d)\n",
-	    name, string, INT_MAX);
+    fprintf(stderr, "tethereal: The specified %s is too large (greater than %d)\n",
+	    name, INT_MAX);
+    exit(1);
+  }
+  return number;
+}
+
+static int
+get_positive_int(const char *string, const char *name)
+{
+  long number;
+
+  number = get_natural_int(string, name);
+
+  if (number == 0) {
+    fprintf(stderr, "tethereal: The specified %s is zero\n",
+	    name);
     exit(1);
   }
+
   return number;
 }
 
+/*
+ * Given a string of the form "<autostop criterion>:<value>", as might appear
+ * as an argument to a "-a" option, parse it and set the criterion in
+ * question.  Return an indication of whether it succeeded or failed
+ * in some fashion.
+ */
+static gboolean
+set_autostop_criterion(const char *autostoparg)
+{
+  guchar *p, *colonp;
+
+  colonp = strchr(autostoparg, ':');
+  if (colonp == NULL)
+    return FALSE;
+
+  p = colonp;
+  *p++ = '\0';
+
+  /*
+   * Skip over any white space (there probably won't be any, but
+   * as we allow it in the preferences file, we might as well
+   * allow it here).
+   */
+  while (isspace(*p))
+    p++;
+  if (*p == '\0') {
+    /*
+     * Put the colon back, so if our caller uses, in an
+     * error message, the string they passed us, the message
+     * looks correct.
+     */
+    *colonp = ':';
+    return FALSE;
+  }
+  if (strcmp(autostoparg,"duration") == 0) {
+    capture_opts.has_autostop_duration = TRUE;
+    capture_opts.autostop_duration = get_positive_int(p,"autostop duration");
+  } else if (strcmp(autostoparg,"filesize") == 0) {
+    capture_opts.has_autostop_filesize = TRUE;
+    capture_opts.autostop_filesize = get_positive_int(p,"autostop filesize");
+  } else {
+    return FALSE;
+  }
+  *colonp = ':';	/* put the colon back */
+  return TRUE;
+}
+
+/*
+ * Given a string of the form "<ring buffer file>:<duration>", as might appear
+ * as an argument to a "-b" option, parse it and set the arguments in
+ * question.  Return an indication of whether it succeeded or failed
+ * in some fashion.
+ */
+static gboolean
+get_ring_arguments(const char *arg)
+{
+  guchar *p = NULL, *colonp;
+
+  colonp = strchr(arg, ':');
+
+  if (colonp != NULL) {
+    p = colonp;
+    *p++ = '\0';
+  }
+
+  capture_opts.ringbuffer_num_files = 
+    get_natural_int(arg, "number of ring buffer files");
+
+  if (colonp == NULL)
+    return TRUE;
+
+  /*
+   * Skip over any white space (there probably won't be any, but
+   * as we allow it in the preferences file, we might as well
+   * allow it here).
+   */
+  while (isspace(*p))
+    p++;
+  if (*p == '\0') {
+    /*
+     * Put the colon back, so if our caller uses, in an
+     * error message, the string they passed us, the message
+     * looks correct.
+     */
+    *colonp = ':';
+    return FALSE;
+  }
+
+  capture_opts.has_ring_duration = TRUE;
+  capture_opts.ringbuffer_duration = get_positive_int(p,
+						      "ring buffer duration");
+
+  *colonp = ':';	/* put the colon back */
+  return TRUE;
+}
+#endif
+
+/* structure to keep track of what tap listeners have been registered.
+ */
+typedef struct _ethereal_tap_list {
+	struct _ethereal_tap_list *next;
+	char *cmd;
+	void (*func)(char *arg);
+} ethereal_tap_list;
+static ethereal_tap_list *tap_list=NULL;
+
+void
+register_ethereal_tap(char *cmd, void (*func)(char *arg))
+{
+	ethereal_tap_list *newtl;
+
+	newtl=malloc(sizeof(ethereal_tap_list));
+	newtl->next=tap_list;
+	tap_list=newtl;
+	newtl->cmd=cmd;
+	newtl->func=func;
+
+}
+
+/*
+ * For a dissector table, display, on the standard error, its short name
+ * (which is what's used in the "-d" option) and its descriptive name.
+ */
+static void
+display_dissector_table_names(char *table_name, char *ui_name,
+                              gpointer user_data _U_)
+{
+  fprintf(stderr, "\t%s (%s)\n", table_name, ui_name);
+}
+
+/*
+ * For a dissector handle, display, on the standard error, the filter name
+ * (which is what's used in the "-d" option) and the full name for the
+ * protocol for the handle.
+ */
+static void
+display_dissector_names(gchar *table _U_, gpointer handle, gpointer data _U_)
+{
+  int                proto_id;
+
+  proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle);
+
+  fprintf(stderr, "\t%s (%s)\n", proto_get_protocol_filter_name(proto_id),
+          proto_get_protocol_name(proto_id));
+}
+
+/*
+ * The protocol_name_search structure is used by find_name_shortname_func()
+ * to pass parameters and store results
+ */
+struct protocol_name_search{
+  gchar              *searched_name;  /* Protocol name we are looking for */
+  dissector_handle_t  matched_handle; /* Handle for a dissector whose protocol has the specified filter name */
+  guint               nb_match;       /* How many dissectors matched searched_name */
+};
+typedef struct protocol_name_search *protocol_name_search_t;
+
+/*
+ * This function parses all dissectors associated with a table to find the
+ * one whose protocol has the specified filter name.  It is called
+ * as a reference function in a call to dissector_table_foreach_handle.
+ * The name we are looking for, as well as the results, are stored in the
+ * protocol_name_search struct pointed to by user_data.
+ * If called using dissector_table_foreach_handle, we actually parse the
+ * whole list of dissectors only once here.
+ */
+static void
+find_name_func(gchar *table _U_, gpointer handle, gpointer user_data) {
+
+  int                         proto_id;
+  const gchar                *protocol_filter_name;
+  protocol_name_search_t      search_info;
+
+  g_assert(handle);
+
+  search_info = (protocol_name_search_t)user_data;
+
+  proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle);
+  protocol_filter_name = proto_get_protocol_filter_name(proto_id);
+  if (strcmp(protocol_filter_name, search_info->searched_name) == 0) {
+    /* Found a match */
+    if (search_info->nb_match == 0) {
+      /* Record this handle only if this is the first match */
+      search_info->matched_handle = (dissector_handle_t)handle; /* Record the handle for this matching dissector */
+    }
+    search_info->nb_match++;
+  }
+}
+
+/*
+ * The function below parses the command-line parameters for the decode as
+ * feature (a string pointer by cl_param).
+ * It checks the format of the command-line, searches for a matching table
+ * and dissector.  If a table/dissector match is not found, we display a
+ * summary of the available tables/dissectors (on stderr) and return FALSE.
+ * If everything is fine, we get the "Decode as" preference activated,
+ * then we return TRUE.
+ */
+static gboolean
+add_decode_as(const gchar *cl_param) {
+
+  gchar                        *table_name;
+  guint32                       selector;
+  gchar                        *decoded_param;
+  gchar                        *remaining_param;
+  gchar                        *selector_str;
+  gchar                        *dissector_str;
+  dissector_handle_t            dissector_matching;
+  dissector_table_t             table_matching;
+  struct protocol_name_search   user_protocol_name;
+
+/* The following code will allocate and copy the command-line options in a string pointed by decoded_param */
+
+  g_assert(cl_param);
+  decoded_param = g_malloc( sizeof(gchar) * strlen(cl_param) + 1 ); /* Allocate enough space to have a working copy of the command-line parameter */
+  g_assert(decoded_param);
+  strcpy(decoded_param, cl_param);
+
+
+  /* The lines below will parse this string (modifying it) to extract all
+    necessary information.  Note that decoded_param is still needed since
+    strings are not copied - we just save pointers. */
+
+  table_name = decoded_param; /* Layer type string starts from beginning */
+
+  remaining_param = strchr(table_name, '=');
+  if (remaining_param == NULL) {
+    fprintf(stderr, "tethereal: Parameter \"%s\" doesn't follow the template \"%s\"\n", cl_param, decode_as_arg_template);
+    g_free(decoded_param);
+    return FALSE;
+  }
+
+  *remaining_param = '\0'; /* Terminate the layer type string (table_name) where '=' was detected */
+  
+  if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */
+    fprintf(stderr, "tethereal: Warning: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"\n", table_name, remaining_param + 1);
+  }
+  else {
+    remaining_param++; /* Move to the second '=' */
+    *remaining_param = '\0'; /* Remove the second '=' */
+  }
+  remaining_param++; /* Position after the layer type string */
+
+  selector_str = remaining_param; /* Next part starts with the selector number */
+
+  /* Remove leading and trailing spaces from the table name */
+  while ( table_name[0] == ' ' )
+    table_name++; 
+  while ( table_name[strlen(table_name) - 1] == ' ' )
+    table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
+
+
+  remaining_param = strchr(selector_str, ',');
+  if (remaining_param == NULL) {
+    fprintf(stderr, "tethereal: Parameter \"%s\" doesn't follow the template \"%s\"\n", cl_param, decode_as_arg_template);
+    g_free(decoded_param);
+    return FALSE;
+  }
+
+  *remaining_param = '\0'; /* Terminate the selector number string (selector_str) where ',' was detected */
+  
+  remaining_param++; /* Position after the selector number string */
+
+
+  dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */
+
+/* The following part looks for the layer type part of the parameter */
+  table_matching = NULL;
+
+/* Look for the requested table */
+  if ( !(*(table_name)) ) { /* Is the table name empty, if so, don't even search for anything, display a message */
+    fprintf(stderr, "tethereal: No layer type specified\n"); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */
+  }
+  else {
+    table_matching = find_dissector_table(table_name);
+    if (!table_matching) {
+      fprintf(stderr, "tethereal: Unknown layer type -- %s\n", table_name); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */
+    }
+  }
+
+  if (!table_matching) {
+    fprintf(stderr, "tethereal: Valid layer types are:\n");
+    dissector_all_tables_foreach_table(display_dissector_table_names, NULL);
+
+    g_free(decoded_param); 
+    return FALSE;
+  }
+
+  switch (get_dissector_table_type(table_name)) {
+
+  case FT_UINT8:
+  case FT_UINT16:
+  case FT_UINT24:
+  case FT_UINT32:
+    /* The selector for this table is an unsigned number.  Parse it as such.
+       There's no need to remove leading and trailing spaces from the
+       selector number string, because sscanf will do that for us. */
+    if ( sscanf(selector_str, "%u", &selector) != 1 ) {
+      fprintf(stderr, "tethereal: Invalid selector number \"%s\"\n", selector_str);
+      g_free(decoded_param);
+      return FALSE;
+    }
+    break;
+
+  default:
+    /* There are currently no dissector tables with any types other
+       than the ones listed above, but we might, for example, have
+       string-based dissector tables at some point. */
+    g_assert_not_reached();
+  }
+
+  /* Remove leading and trailing spaces from the dissector name */
+  while ( dissector_str[0] == ' ' )
+    dissector_str++; 
+  while ( dissector_str[strlen(dissector_str) - 1] == ' ' )
+    dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
+
+
+#ifdef DEBUG
+  fprintf(stderr, "tethereal: Debug info: table=\"%s\", selector=\"%d\", dissector=\"%s\"\n", table_name, selector, dissector_str); // For debug only!
+#endif
+
+/* The is the end of the code that parses the command-line options. All information have now been stored in the structure preference. All strings are still pointing to decoded_parm that needs to be kept in memory as long as preference is needed, and decoded_param needs to be deallocated at each exit point of this function */
+
+
+  dissector_matching = NULL;
+
+/* We now have a pointer to the handle for the requested table inside the variable table_matching */
+  if ( ! (*dissector_str) ) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */
+    fprintf(stderr, "tethereal: No protocol name specified\n"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */
+  }
+  else {
+    user_protocol_name.nb_match = 0;
+    user_protocol_name.searched_name = dissector_str;
+    user_protocol_name.matched_handle = NULL;
+    dissector_table_foreach_handle(table_name, find_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */
+
+    if (user_protocol_name.nb_match != 0) {
+      dissector_matching = user_protocol_name.matched_handle;
+      if (user_protocol_name.nb_match > 1) {
+        fprintf(stderr, "tethereal: Warning: Protocol \"%s\" matched %u dissectors, first one will be used\n", dissector_str, user_protocol_name.nb_match);
+      }
+    }
+    else {
+      /* OK, check whether the problem is that there isn't any such
+         protocol, or that there is but it's not specified as a protocol
+         that's valid for that dissector table.
+         Note, we don't exit here, but dissector_matching will remain NULL,
+         so we exit below */
+      if (proto_get_id_by_filter_name(dissector_str) == -1) {
+        /* No such protocol */
+        fprintf(stderr, "tethereal: Unknown protocol -- \"%s\"\n", dissector_str);
+      } else {
+        fprintf(stderr, "tethereal: Protocol \"%s\" isn't valid for layer type \"%s\"\n",
+		dissector_str, table_name);
+      }
+    }
+  }
+
+  if (!dissector_matching) {
+    fprintf(stderr, "tethereal: Valid protocols for layer type \"%s\" are:\n", table_name);
+    dissector_table_foreach_handle(table_name, display_dissector_names, NULL);
+    g_free(decoded_param); 
+    return FALSE;
+  }
+
+  /* We now have a pointer to the handle for the requested dissector
+     (requested protocol) inside the variable dissector_matching */
+  dissector_change(table_name, selector, dissector_matching);
+  g_free(decoded_param); /* "Decode As" rule has been succesfully added */
+  return TRUE;
+}
+
 int
 main(int argc, char *argv[])
 {
   int                  opt, i;
   extern char         *optarg;
   gboolean             arg_error = FALSE;
-#ifdef HAVE_LIBPCAP
-#ifdef HAVE_PCAP_VERSION
-  extern char          pcap_version[];
-#endif /* HAVE_PCAP_VERSION */
-#endif /* HAVE_LIBPCAP */
 
-#ifdef WIN32
+#ifdef _WIN32
   WSADATA		wsaData;
-#endif
+#endif	/* _WIN32 */
 
   char                *gpf_path;
-  const char          *pf_path;
+  char                *pf_path;
   int                  gpf_open_errno, pf_open_errno;
   int                  err;
 #ifdef HAVE_LIBPCAP
   gboolean             capture_filter_specified = FALSE;
-  int                  packet_count = 0;
   GList               *if_list, *if_entry;
   gchar                err_str[PCAP_ERRBUF_SIZE];
 #else
@@ -231,27 +692,49 @@ main(int argc, char *argv[])
 #endif
   int                  out_file_type = WTAP_FILE_PCAP;
   gchar               *cf_name = NULL, *rfilter = NULL;
+#ifdef HAVE_LIBPCAP
+  gchar               *if_text;
+#endif
   dfilter_t           *rfcode = NULL;
   e_prefs             *prefs;
   char                 badopt;
+  ethereal_tap_list *tli;
 
   /* Register all dissectors; we must do this before checking for the
-     "-G" flag, as the "-G" flag dumps a list of fields registered
-     by the dissectors, and we must do it before we read the preferences,
-     in case any dissectors register preferences. */
+     "-G" flag, as the "-G" flag dumps information registered by the
+     dissectors, and we must do it before we read the preferences, in
+     case any dissectors register preferences. */
   epan_init(PLUGIN_DIR,register_all_protocols,register_all_protocol_handoffs);
 
+  /* Register all tap listeners; we do this before we parse the arguments,
+     as the "-z" argument can specify a registered tap. */
+  register_all_tap_listeners();
+
   /* Now register the preferences for any non-dissector modules.
      We must do that before we read the preferences as well. */
   prefs_register_modules();
 
-  /* If invoked with the "-G" flag, we dump out a glossary of
-     display filter symbols.
+  /* If invoked with the "-G" flag, we dump out information based on
+     the argument to the "-G" flag; if no argument is specified,
+     for backwards compatibility we dump out a glossary of display
+     filter symbols.
 
      We do this here to mirror what happens in the GTK+ version, although
      it's not necessary here. */
   if (argc >= 2 && strcmp(argv[1], "-G") == 0) {
-    proto_registrar_dump();
+    if (argc == 2)
+      proto_registrar_dump_fields();
+    else {
+      if (strcmp(argv[2], "fields") == 0)
+        proto_registrar_dump_fields();
+      else if (strcmp(argv[2], "protocols") == 0)
+        proto_registrar_dump_protocols();
+      else {
+        fprintf(stderr, "tethereal: Invalid \"%s\" option for -G flag\n",
+                argv[2]);
+        exit(1);
+      }
+    }
     exit(0);
   }
 
@@ -266,97 +749,67 @@ main(int argc, char *argv[])
   if (pf_path != NULL) {
     fprintf(stderr, "Can't open your preferences file \"%s\": %s.\n", pf_path,
         strerror(pf_open_errno));
+    g_free(pf_path);
+    pf_path = NULL;
   }
 
-#ifdef WIN32
+  /* Set the name resolution code's flags from the preferences. */
+  g_resolv_flags = prefs->name_resolve;
+
+#ifdef _WIN32
   /* Load Wpcap, if possible */
   load_wpcap();
 #endif
-    
-  /* Initialize the capture file struct */
-  cfile.plist		= NULL;
-  cfile.plist_end	= NULL;
-  cfile.wth		= NULL;
-  cfile.filename	= NULL;
-  cfile.user_saved	= FALSE;
-  cfile.is_tempfile	= FALSE;
-  cfile.rfcode		= NULL;
-  cfile.dfilter		= NULL;
-  cfile.dfcode		= NULL;
+
+  init_cap_file(&cfile);
+
+  /* Assemble the compile-time version information string */
+  comp_info_str = g_string_new("Compiled ");
+  get_compiled_version_info(comp_info_str);
+
+  /* Assemble the run-time version information string */
+  runtime_info_str = g_string_new("Running ");
+  get_runtime_version_info(runtime_info_str);
+
+  /* Now get our args */
+  while ((opt = getopt(argc, argv, "a:b:c:d:Df:F:hi:lnN:o:pqr:R:s:St:vw:Vxz:")) != -1) {
+    switch (opt) {
+      case 'a':        /* autostop criteria */
 #ifdef HAVE_LIBPCAP
-  cfile.cfilter		= g_strdup("");
-#endif
-  cfile.iface		= NULL;
-  cfile.save_file	= NULL;
-  cfile.save_file_fd	= -1;
-  cfile.snap		= WTAP_MAX_PACKET_SIZE;
-  cfile.count		= 0;
-  col_init(&cfile.cinfo, prefs->num_cols);
-
-  /* Assemble the compile-time options */
-  comp_info_str = g_string_new("");
-
-  g_string_append(comp_info_str, "with ");
-  g_string_sprintfa(comp_info_str,
-#ifdef GLIB_MAJOR_VERSION
-    "GLib %d.%d.%d", GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION,
-    GLIB_MICRO_VERSION);
+        if (set_autostop_criterion(optarg) == FALSE) {
+          fprintf(stderr, "tethereal: Invalid or unknown -a flag \"%s\"\n", optarg);
+          exit(1);
+        }
 #else
-    "GLib (version unknown)");
+        capture_option_specified = TRUE;
+        arg_error = TRUE;
 #endif
-
+        break;
+      case 'b':        /* Ringbuffer option */
 #ifdef HAVE_LIBPCAP
-  g_string_append(comp_info_str, ", with libpcap ");
-#ifdef HAVE_PCAP_VERSION
-  g_string_append(comp_info_str, pcap_version);
-#else /* HAVE_PCAP_VERSION */
-  g_string_append(comp_info_str, "(version unknown)");
-#endif /* HAVE_PCAP_VERSION */
-#else /* HAVE_LIBPCAP */
-  g_string_append(comp_info_str, ", without libpcap");
-#endif /* HAVE_LIBPCAP */
-
-#ifdef HAVE_LIBZ
-  g_string_append(comp_info_str, ", with libz ");
-#ifdef ZLIB_VERSION
-  g_string_append(comp_info_str, ZLIB_VERSION);
-#else /* ZLIB_VERSION */
-  g_string_append(comp_info_str, "(version unknown)");
-#endif /* ZLIB_VERSION */
-#else /* HAVE_LIBZ */
-  g_string_append(comp_info_str, ", without libz");
-#endif /* HAVE_LIBZ */
-
-/* Oh, this is pretty */
-#if defined(HAVE_UCD_SNMP_SNMP_H)
-  g_string_append(comp_info_str, ", with UCD SNMP ");
-#ifdef HAVE_UCD_SNMP_VERSION_H
-  g_string_append(comp_info_str, VersionInfo);
-#else /* HAVE_UCD_SNMP_VERSION_H */
-  g_string_append(comp_info_str, "(version unknown)");
-#endif /* HAVE_UCD_SNMP_VERSION_H */
-#elif defined(HAVE_SNMP_SNMP_H)
-  g_string_append(comp_info_str, ", with CMU SNMP ");
-#ifdef HAVE_SNMP_VERSION_H
-  g_string_append(comp_info_str, snmp_Version());
-#else /* HAVE_SNMP_VERSION_H */
-  g_string_append(comp_info_str, "(version unknown)");
-#endif /* HAVE_SNMP_VERSION_H */
-#else /* no SNMP */
-  g_string_append(comp_info_str, ", without SNMP");
+        capture_opts.ringbuffer_on = TRUE;
+	if (get_ring_arguments(optarg) == FALSE) {
+          fprintf(stderr, "tethereal: Invalid or unknown -b arg \"%s\"\n", optarg);
+          exit(1);
+	}
+#else
+        capture_option_specified = TRUE;
+        arg_error = TRUE;
 #endif
-    
-  /* Now get our args */
-  while ((opt = getopt(argc, argv, "c:Df:F:hi:lnN:o:pr:R:s:t:vw:Vx")) != EOF) {
-    switch (opt) {
+        break;
       case 'c':        /* Capture xxx packets */
 #ifdef HAVE_LIBPCAP
-        packet_count = get_positive_int(optarg, "packet count");
+        capture_opts.autostop_count =
+            get_positive_int(optarg, "packet count");
 #else
         capture_option_specified = TRUE;
         arg_error = TRUE;
 #endif
         break;
+      case 'd':        /* Decode as rule */
+        if (!add_decode_as(optarg))
+          exit(1);
+	break;
       case 'D':        /* Print a list of capture devices */
 #ifdef HAVE_LIBPCAP
         if_list = get_interface_list(&err, err_str);
@@ -387,6 +840,8 @@ main(int argc, char *argv[])
       case 'f':
 #ifdef HAVE_LIBPCAP
         capture_filter_specified = TRUE;
+	if (cfile.cfilter)
+		g_free(cfile.cfilter);
 	cfile.cfilter = g_strdup(optarg);
 #else
         capture_option_specified = TRUE;
@@ -402,7 +857,7 @@ main(int argc, char *argv[])
         }
         break;
       case 'h':        /* Print help and exit */
-	print_usage();
+	print_usage(TRUE);
 	exit(0);
         break;
       case 'i':        /* Use interface xxx */
@@ -428,12 +883,12 @@ main(int argc, char *argv[])
 	line_buffered = TRUE;
 	break;
       case 'n':        /* No name resolution */
-        prefs->name_resolve = PREFS_RESOLV_NONE;
+        g_resolv_flags = RESOLV_NONE;
         break;
       case 'N':        /* Select what types of addresses/port #s to resolve */
-        if (prefs->name_resolve == PREFS_RESOLV_ALL)
-          prefs->name_resolve = PREFS_RESOLV_NONE;
-        badopt = string_to_name_resolve(optarg, &prefs->name_resolve);
+        if (g_resolv_flags == RESOLV_ALL)
+          g_resolv_flags = RESOLV_NONE;
+        badopt = string_to_name_resolve(optarg, &g_resolv_flags);
         if (badopt != '\0') {
           fprintf(stderr, "tethereal: -N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'\n",
 			badopt);
@@ -458,12 +913,15 @@ main(int argc, char *argv[])
         break;
       case 'p':        /* Don't capture in promiscuous mode */
 #ifdef HAVE_LIBPCAP
-	promisc_mode = 0;
+	capture_opts.promisc_mode = FALSE;
 #else
         capture_option_specified = TRUE;
         arg_error = TRUE;
 #endif
 	break;
+      case 'q':        /* Quiet */
+        quiet = TRUE;
+        break;
       case 'r':        /* Read capture file xxx */
         cf_name = g_strdup(optarg);
         break;
@@ -472,12 +930,15 @@ main(int argc, char *argv[])
         break;
       case 's':        /* Set the snapshot (capture) length */
 #ifdef HAVE_LIBPCAP
-        cfile.snap = get_positive_int(optarg, "snapshot length");
+        capture_opts.snaplen = get_positive_int(optarg, "snapshot length");
 #else
         capture_option_specified = TRUE;
         arg_error = TRUE;
 #endif
         break;
+      case 'S':        /* show packets in real time */
+        decode = TRUE;
+        break;
       case 't':        /* Time stamp type */
         if (strcmp(optarg, "r") == 0)
           timestamp_type = RELATIVE;
@@ -496,7 +957,8 @@ main(int argc, char *argv[])
         }
         break;
       case 'v':        /* Show version and exit */
-        printf("t%s %s, %s\n", PACKAGE, VERSION, comp_info_str->str);
+        printf("t%s %s\n%s\n%s\n", PACKAGE, VERSION, comp_info_str->str,
+               runtime_info_str->str);
         exit(0);
         break;
       case 'w':        /* Write to capture file xxx */
@@ -508,9 +970,29 @@ main(int argc, char *argv[])
       case 'x':        /* Print packet data in hex (and ASCII) */
         print_hex = TRUE;
         break;
+      case 'z':
+        for(tli=tap_list;tli;tli=tli->next){
+          if(!strncmp(tli->cmd,optarg,strlen(tli->cmd))){
+            (*tli->func)(optarg);
+            break;
+          }
+        }
+        if(!tli){
+          fprintf(stderr,"tethereal: invalid -z argument.\n");
+          fprintf(stderr,"  -z argument must be one of :\n");
+          for(tli=tap_list;tli;tli=tli->next){
+            fprintf(stderr,"     %s\n",tli->cmd);
+          }
+          exit(1);
+        }
+        break;
+      default:
+      case '?':        /* Bad flag - print usage message */
+        arg_error = TRUE;
+        break;
     }
   }
-  
+
   /* If no capture filter or read filter has been specified, and there are
      still command-line arguments, treat them as the tokens of a capture
      filter (if no "-r" flag was specified) or a read filter (if a "-r"
@@ -537,24 +1019,104 @@ main(int argc, char *argv[])
     }
   }
 
-#ifdef WIN32
+  /* See if we're writing a capture file and the file is a pipe */
+#ifdef HAVE_LIBPCAP
+  ld.output_to_pipe = FALSE;
+#endif
+  if (cfile.save_file != NULL) {
+    if (strcmp(cfile.save_file, "-") == 0) {
+      /* stdout */
+      g_free(cfile.save_file);
+      cfile.save_file = g_strdup("");
+#ifdef HAVE_LIBPCAP
+      ld.output_to_pipe = TRUE;
+#endif
+    }
+#ifdef HAVE_LIBPCAP
+    else {
+      err = test_for_fifo(cfile.save_file);
+      switch (err) {
+
+      case ENOENT:	/* it doesn't exist, so we'll be creating it,
+      			   and it won't be a FIFO */
+      case 0:		/* found it, but it's not a FIFO */
+        break;
+
+      case ESPIPE:	/* it is a FIFO */
+        ld.output_to_pipe = TRUE;
+        break;
+
+      default:		/* couldn't stat it */
+        fprintf(stderr,
+                "tethereal: Error testing whether capture file is a pipe: %s\n",
+                strerror(errno));
+        exit(2);
+      }
+    }
+#endif
+  }
+
+#ifdef HAVE_LIBPCAP
+  /* If they didn't specify a "-w" flag, but specified a maximum capture
+     file size, tell them that this doesn't work, and exit. */
+  if (capture_opts.has_autostop_filesize && cfile.save_file == NULL) {
+    fprintf(stderr, "tethereal: Maximum capture file size specified, but "
+      "capture isn't being saved to a file.\n");
+    exit(2);
+  }
+
+  if (capture_opts.ringbuffer_on) {
+    /* Ring buffer works only under certain conditions:
+       a) ring buffer does not work if you're not saving the capture to
+          a file;
+       b) ring buffer only works if you're saving in libpcap format;
+       c) it makes no sense to enable the ring buffer if the maximum
+          file size is set to "infinite";
+       d) file must not be a pipe. */
+    if (cfile.save_file == NULL) {
+      fprintf(stderr, "tethereal: Ring buffer requested, but "
+        "capture isn't being saved to a file.\n");
+      exit(2);
+    }
+    if (out_file_type != WTAP_FILE_PCAP) {
+      fprintf(stderr, "tethereal: Ring buffer requested, but "
+        "capture isn't being saved in libpcap format.\n");
+      exit(2);
+    }
+    if (!capture_opts.has_autostop_filesize) {
+      fprintf(stderr, "tethereal: Ring buffer requested, but "
+        "no maximum capture file size was specified.\n");
+      exit(2);
+    }
+    if (ld.output_to_pipe) {
+      fprintf(stderr, "tethereal: Ring buffer requested, but "
+        "capture file is a pipe.\n");
+      exit(2);
+    }
+  }
+#endif
+
+#ifdef _WIN32
   /* Start windows sockets */
   WSAStartup( MAKEWORD( 1, 1 ), &wsaData );
-#endif
+#endif	/* _WIN32 */
 
   /* Notify all registered modules that have had any of their preferences
      changed either from one of the preferences file or from the command
-     line that its preferences have changed. */
+     line that their preferences have changed. */
   prefs_apply_all();
 
 #ifndef HAVE_LIBPCAP
   if (capture_option_specified)
     fprintf(stderr, "This version of Tethereal was not built with support for capturing packets.\n");
 #endif
-  if (arg_error)
-    print_usage();
+  if (arg_error) {
+    print_usage(FALSE);
+    exit(1);
+  }
 
-  /* Build the column format array */  
+  /* Build the column format array */
+  col_setup(&cfile.cinfo, prefs->num_cols);
   for (i = 0; i < cfile.cinfo.num_cols; i++) {
     cfile.cinfo.col_fmt[i] = get_column_format(i);
     cfile.cinfo.col_title[i] = g_strdup(get_column_title(i));
@@ -566,13 +1128,24 @@ main(int argc, char *argv[])
       cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_INFO_LEN);
     else
       cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
+    cfile.cinfo.col_fence[i] = 0;
+    cfile.cinfo.col_expr[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
+    cfile.cinfo.col_expr_val[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN);
   }
 
-  if (cfile.snap < 1)
-    cfile.snap = WTAP_MAX_PACKET_SIZE;
-  else if (cfile.snap < MIN_PACKET_SIZE)
-    cfile.snap = MIN_PACKET_SIZE;
-  
+#ifdef HAVE_LIBPCAP
+  if (capture_opts.snaplen < 1)
+    capture_opts.snaplen = WTAP_MAX_PACKET_SIZE;
+  else if (capture_opts.snaplen < MIN_PACKET_SIZE)
+    capture_opts.snaplen = MIN_PACKET_SIZE;
+
+  /* Check the value range of the ringbuffer_num_files parameter */
+  if (capture_opts.ringbuffer_num_files < RINGBUFFER_MIN_NUM_FILES)
+    capture_opts.ringbuffer_num_files = RINGBUFFER_MIN_NUM_FILES;
+  else if (capture_opts.ringbuffer_num_files > RINGBUFFER_MAX_NUM_FILES)
+    capture_opts.ringbuffer_num_files = RINGBUFFER_MAX_NUM_FILES;
+#endif
+
   if (rfilter != NULL) {
     if (!dfilter_compile(rfilter, &rfcode)) {
       fprintf(stderr, "tethereal: %s\n", dfilter_error_msg);
@@ -607,26 +1180,46 @@ main(int argc, char *argv[])
 
     /* Yes; did the user specify an interface to use? */
     if (cfile.iface == NULL) {
-        /* No - pick the first one from the list of interfaces. */
-        if_list = get_interface_list(&err, err_str);
-        if (if_list == NULL) {
-            switch (err) {
-
-            case CANT_GET_INTERFACE_LIST:
-                fprintf(stderr, "tethereal: Can't get list of interfaces: %s\n",
-			err_str);
-                break;
-
-            case NO_INTERFACES_FOUND:
-                fprintf(stderr, "tethereal: There are no interfaces on which a capture can be done\n");
-                break;
+        /* No - is a default specified in the preferences file? */
+        if (prefs->capture_device != NULL) {
+            /* Yes - use it. */
+	    if_text = strrchr(prefs->capture_device, ' ');
+	    if (if_text == NULL) {
+            	cfile.iface = g_strdup(prefs->capture_device);
+	    } else {
+            	cfile.iface = g_strdup(if_text + 1); /* Skip over space */
+	    }
+        } else {
+            /* No - pick the first one from the list of interfaces. */
+            if_list = get_interface_list(&err, err_str);
+            if (if_list == NULL) {
+                switch (err) {
+
+                case CANT_GET_INTERFACE_LIST:
+                    fprintf(stderr, "tethereal: Can't get list of interfaces: %s\n",
+			    err_str);
+                    break;
+
+                case NO_INTERFACES_FOUND:
+                    fprintf(stderr, "tethereal: There are no interfaces on which a capture can be done\n");
+                    break;
+                }
+                exit(2);
             }
-            exit(2);
+	    if_text = strrchr(if_list->data, ' ');	/* first interface */
+	    if (if_text == NULL) {
+            	cfile.iface = g_strdup(if_list->data);
+	    } else {
+            	cfile.iface = g_strdup(if_text + 1); /* Skip over space */
+	    }
+            free_interface_list(if_list);
         }
-        cfile.iface = g_strdup(if_list->data);	/* first interface */
-        free_interface_list(if_list);
     }
-    capture(packet_count, out_file_type);
+    capture(out_file_type);
+
+    if (capture_opts.ringbuffer_on) {
+      ringbuf_free();
+    }
 #else
     /* No - complain. */
     fprintf(stderr, "This version of Tethereal was not built with support for capturing packets.\n");
@@ -634,6 +1227,7 @@ main(int argc, char *argv[])
 #endif
   }
 
+  draw_tap_listeners(TRUE);
   epan_cleanup();
 
   return 0;
@@ -643,32 +1237,37 @@ main(int argc, char *argv[])
 /* Do the low-level work of a capture.
    Returns TRUE if it succeeds, FALSE otherwise. */
 static int
-capture(int packet_count, int out_file_type)
+capture(int out_file_type)
 {
+  int         pcap_encap;
+  int         file_snaplen;
   gchar       open_err_str[PCAP_ERRBUF_SIZE];
   gchar       lookup_net_err_str[PCAP_ERRBUF_SIZE];
   bpf_u_int32 netnum, netmask;
   struct bpf_program fcode;
   void        (*oldhandler)(int);
-  int         err, inpkts;
+  int         err = 0;
+  int         volatile volatile_err = 0;
+  int         volatile inpkts = 0;
+  int         pcap_cnt;
   char        errmsg[1024+1];
+  condition  *volatile cnd_stop_capturesize = NULL;
+  condition  *volatile cnd_stop_timeout = NULL;
+  condition  *volatile cnd_ring_timeout = NULL;
 #ifndef _WIN32
   static const char ppamsg[] = "can't find PPA for ";
   char       *libpcap_warn;
+  volatile int pipe_fd = -1;
+  struct pcap_hdr hdr;
+  struct pcaprec_modified_hdr rechdr;
+  guchar pcap_data[WTAP_MAX_PACKET_SIZE];
 #endif
   struct pcap_stat stats;
+  gboolean    write_err;
+  gboolean    dump_ok;
 
-  /* Initialize the table of conversations. */
-  epan_conversation_init();
-
-  /* Initialize protocol-specific variables */
-  init_all_protocols();
-
-  /* Initialize the common data structures for fragment reassembly.
-     Must be done *after* "init_all_protocols()", as "init_all_protocols()"
-     may free up space for fragments, which it finds by using the
-     data structures that "reassemble_init()" frees. */
-  reassemble_init();
+  /* Initialize all data structures used for dissection. */
+  init_dissection();
 
   ld.linktype       = WTAP_ENCAP_UNKNOWN;
   ld.pdh            = NULL;
@@ -678,53 +1277,73 @@ capture(int packet_count, int out_file_type)
      if they succeed; to tell if that's happened, we have to clear
      the error buffer, and check if it's still a null string.  */
   open_err_str[0] = '\0';
-  ld.pch = pcap_open_live(cfile.iface, cfile.snap, promisc_mode, 1000,
-			  open_err_str);
+  ld.pch = pcap_open_live(cfile.iface, capture_opts.snaplen,
+			  capture_opts.promisc_mode, 1000, open_err_str);
 
   if (ld.pch == NULL) {
-    /* Well, we couldn't start the capture. */
+    /* We couldn't open "cfile.iface" as a network device. */
 #ifdef _WIN32
+    /* On Windows, we don't support capturing on pipes, so we give up. */
+
     /* On Win32 OSes, the capture devices are probably available to all
        users; don't warn about permissions problems.
 
-       Do, however, warn that Token Ring and PPP devices aren't supported. */
+       Do, however, warn that WAN devices aren't supported. */
     snprintf(errmsg, sizeof errmsg,
 	"The capture session could not be initiated (%s).\n"
 	"Please check that you have the proper interface specified.\n"
 	"\n"
-	"Note that the driver Tethereal uses for packet capture on Windows\n"
-	"doesn't support capturing on Token Ring interfaces, and doesn't\n"
-	"support capturing on PPP/WAN interfaces in Windows NT/2000.\n",
+	"Note that the driver Tethereal uses for packet capture on Windows doesn't\n"
+	"support capturing on PPP/WAN interfaces in Windows NT/2000/XP/.NET Server.\n",
 	open_err_str);
+    goto error;
 #else
-      /* If we got a "can't find PPA for XXX" message, warn the user (who
-         is running Ethereal on HP-UX) that they don't have a version
-	 of libpcap that properly handles HP-UX (libpcap 0.6.x and later
-	 versions, which properly handle HP-UX, say "can't find /dev/dlpi
-	 PPA for XXX" rather than "can't find PPA for XXX"). */
-      if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
-	libpcap_warn =
-	  "\n\n"
-	  "You are running Tethereal with a version of the libpcap library\n"
-	  "that doesn't handle HP-UX network devices well; this means that\n"
-	  "Tethereal may not be able to capture packets.\n"
-	  "\n"
-	  "To fix this, you should install libpcap 0.6.2, or a later version\n"
-	  "of libpcap, rather than libpcap 0.4 or 0.5.x.  It is available in\n"
-	  "packaged binary form from the Software Porting And Archive Centre\n"
-	  "for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
-	  "at the URL lists a number of mirror sites.";
-      else
-	libpcap_warn = "";
-    snprintf(errmsg, sizeof errmsg,
-      "The capture session could not be initiated (%s).\n"
-      "Please check to make sure you have sufficient permissions, and that\n"
-      "you have the proper interface specified.%s", open_err_str, libpcap_warn);
+    /* try to open cfile.iface as a pipe */
+    pipe_fd = pipe_open_live(cfile.iface, &hdr, &ld, errmsg, sizeof errmsg);
+
+    if (pipe_fd == -1) {
+
+      if (ld.pipe_err == PIPNEXIST) {
+	/* Pipe doesn't exist, so output message for interface */
+
+	/* If we got a "can't find PPA for XXX" message, warn the user (who
+           is running Tethereal on HP-UX) that they don't have a version
+	   of libpcap that properly handles HP-UX (libpcap 0.6.x and later
+	   versions, which properly handle HP-UX, say "can't find /dev/dlpi
+	   PPA for XXX" rather than "can't find PPA for XXX"). */
+	if (strncmp(open_err_str, ppamsg, sizeof ppamsg - 1) == 0)
+	  libpcap_warn =
+	    "\n\n"
+	    "You are running Tethereal with a version of the libpcap library\n"
+	    "that doesn't handle HP-UX network devices well; this means that\n"
+	    "Tethereal may not be able to capture packets.\n"
+	    "\n"
+	    "To fix this, you should install libpcap 0.6.2, or a later version\n"
+	    "of libpcap, rather than libpcap 0.4 or 0.5.x.  It is available in\n"
+	    "packaged binary form from the Software Porting And Archive Centre\n"
+	    "for HP-UX; the Centre is at http://hpux.connect.org.uk/ - the page\n"
+	    "at the URL lists a number of mirror sites.";
+	else
+	  libpcap_warn = "";
+	snprintf(errmsg, sizeof errmsg,
+	  "The capture session could not be initiated (%s).\n"
+	  "Please check to make sure you have sufficient permissions, and that\n"
+	  "you have the proper interface or pipe specified.%s", open_err_str,
+	  libpcap_warn);
+      }
+      /*
+       * Else pipe (or file) does exist and pipe_open_live() has
+       * filled in errmsg
+       */
+      goto error;
+    } else
+      /* pipe_open_live() succeeded; don't want
+         error message from pcap_open_live() */
+      open_err_str[0] = '\0';
 #endif
-    goto error;
   }
 
-  if (cfile.cfilter) {
+  if (cfile.cfilter && !ld.from_pipe) {
     /* A capture filter was specified; set it up. */
     if (pcap_lookupnet(cfile.iface, &netnum, &netmask, lookup_net_err_str) < 0) {
       /*
@@ -732,8 +1351,8 @@ capture(int packet_count, int out_file_type)
        * only for filters that check for broadcast IP addresses, so
        * we just warn the user, and punt and use 0.
        */
-      fprintf(stderr, 
-        "Warning:  Couldn't obtain netmask info (%s)\n.", lookup_net_err_str);
+      fprintf(stderr,
+        "Warning:  Couldn't obtain netmask info (%s).\n", lookup_net_err_str);
       netmask = 0;
     }
     if (pcap_compile(ld.pch, &fcode, cfile.cfilter, 1, netmask) < 0) {
@@ -748,8 +1367,18 @@ capture(int packet_count, int out_file_type)
     }
   }
 
-  ld.linktype = wtap_pcap_encap_to_wtap_encap(get_pcap_linktype(ld.pch,
-	cfile.iface));
+  /* Set up to write to the capture file. */
+#ifndef _WIN32
+  if (ld.from_pipe) {
+    pcap_encap = hdr.network;
+    file_snaplen = hdr.snaplen;
+  } else
+#endif
+  {
+    pcap_encap = get_pcap_linktype(ld.pch, cfile.iface);
+    file_snaplen = pcap_snapshot(ld.pch);
+  }
+  ld.linktype = wtap_pcap_encap_to_wtap_encap(pcap_encap);
   if (cfile.save_file != NULL) {
     /* Set up to write to the capture file. */
     if (ld.linktype == WTAP_ENCAP_UNKNOWN) {
@@ -757,12 +1386,25 @@ capture(int packet_count, int out_file_type)
                " that Tethereal doesn't support.");
       goto error;
     }
-    ld.pdh = wtap_dump_open(cfile.save_file, out_file_type,
-		ld.linktype, pcap_snapshot(ld.pch), &err);
+    if (capture_opts.ringbuffer_on) {
+      cfile.save_file_fd = ringbuf_init(cfile.save_file,
+        capture_opts.ringbuffer_num_files);
+      if (cfile.save_file_fd != -1) {
+        ld.pdh = ringbuf_init_wtap_dump_fdopen(out_file_type, ld.linktype,
+          pcap_snapshot(ld.pch), &err);
+      } else {
+      	err = errno;	/* "ringbuf_init()" failed */
+        ld.pdh = NULL;
+      }
+    } else {
+      ld.pdh = wtap_dump_open(cfile.save_file, out_file_type,
+		 ld.linktype, pcap_snapshot(ld.pch), &err);
+    }
 
     if (ld.pdh == NULL) {
-      snprintf(errmsg, sizeof errmsg, file_open_error_message(errno, TRUE),
-		cfile.save_file);
+      snprintf(errmsg, sizeof errmsg,
+	       file_open_error_message(err, TRUE, out_file_type),
+	       *cfile.save_file == '\0' ? "stdout" : cfile.save_file);
       goto error;
     }
   }
@@ -772,112 +1414,394 @@ capture(int packet_count, int out_file_type)
   if (open_err_str[0] != '\0')
     fprintf(stderr, "tethereal: WARNING: %s.\n", open_err_str);
 
+#ifdef _WIN32
+  /* Catch a CTRL+C event and, if we get it, clean up and exit. */
+  SetConsoleCtrlHandler(capture_cleanup, TRUE);
+#else /* _WIN32 */
   /* Catch SIGINT and SIGTERM and, if we get either of them, clean up
      and exit.
-     XXX - deal with signal semantics on various platforms.  Or just
+     XXX - deal with signal semantics on various UNIX platforms.  Or just
      use "sigaction()" and be done with it? */
   signal(SIGTERM, capture_cleanup);
   signal(SIGINT, capture_cleanup);
-#if !defined(WIN32)
   if ((oldhandler = signal(SIGHUP, capture_cleanup)) != SIG_DFL)
     signal(SIGHUP, oldhandler);
-#endif
+
+#ifdef SIGINFO
+  /* Catch SIGINFO and, if we get it and we're capturing to a file in
+     quiet mode, report the number of packets we've captured. */
+  signal(SIGINFO, report_counts_siginfo);
+#endif /* SIGINFO */
+#endif /* _WIN32 */
 
   /* Let the user know what interface was chosen. */
   fprintf(stderr, "Capturing on %s\n", cfile.iface);
-  fflush(stderr);
-
-  inpkts = pcap_loop(ld.pch, packet_count, capture_pcap_cb, (u_char *) &ld);
 
-  if (cfile.save_file != NULL) {
+  /* initialize capture stop conditions */
+  init_capture_stop_conditions();
+  /* create stop conditions */
+  if (capture_opts.has_autostop_filesize)
+    cnd_stop_capturesize = cnd_new((const char*)CND_CLASS_CAPTURESIZE,
+                                   (long)capture_opts.autostop_filesize * 1000);
+  if (capture_opts.has_autostop_duration)
+    cnd_stop_timeout = cnd_new((const char*)CND_CLASS_TIMEOUT,
+                               (gint32)capture_opts.autostop_duration);
+
+  if (capture_opts.ringbuffer_on && capture_opts.has_ring_duration)
+    cnd_ring_timeout = cnd_new(CND_CLASS_TIMEOUT, 
+			       capture_opts.ringbuffer_duration);
+
+  if (!setjmp(ld.stopenv)) {
+    ld.go = TRUE;
+    ld.packet_count = 0;
+  } else
+    ld.go = FALSE;
+  while (ld.go) {
+    /* We need to be careful with automatic variables defined in the
+       outer scope which are changed inside the loop.  Most compilers
+       don't try to roll them back to their original values after the
+       longjmp which causes the loop to finish, but all that the
+       standards say is that their values are indeterminate.  If we
+       don't want them to be rolled back, we should define them with the
+       volatile attribute (paraphrasing W. Richard Stevens, Advanced
+       Programming in the UNIX Environment, p. 178).
+
+       The "err" variable causes a particular problem.  If we give it
+       the volatile attribute, then when we pass a reference to it (as
+       in "&err") to a function, GCC warns: "passing arg <n> of
+       <function> discards qualifiers from pointer target type".
+       Therefore within the loop and just beyond we don't use "err".
+       Within the loop we define "loop_err", and assign its value to
+       "volatile_err", which is in the outer scope and is checked when
+       the loop finishes.
+
+       We also define "packet_count_prev" here to keep things tidy,
+       since it's used only inside the loop.  If it were defined in the
+       outer scope, GCC would give a warning (unnecessary in this case)
+       that it might be clobbered, and we'd need to give it the volatile
+       attribute to suppress the warning. */
+
+    int loop_err = 0;
+    int packet_count_prev = 0;
+
+    if (cnd_stop_capturesize == NULL && cnd_stop_timeout == NULL) {
+      /* We're not stopping at a particular capture file size, and we're
+         not stopping after some particular amount of time has expired,
+         so either we have no stop condition or the only stop condition
+         is a maximum packet count.
+
+         If there's no maximum packet count, pass it -1, meaning "until
+         you run out of packets in the bufferful you read".  Otherwise,
+         pass it the number of packets we have left to capture.
+
+         We don't call "pcap_loop()" as, if we're saving to a file that's
+         a FIFO, we want to flush the FIFO after we're done processing
+         this libpcap bufferful of packets, so that the program
+         reading the FIFO sees the packets immediately and doesn't get
+         any partial packet, forcing it to block in the middle of reading
+         that packet. */
+      if (capture_opts.autostop_count == 0)
+        pcap_cnt = -1;
+      else {
+        if (ld.packet_count >= capture_opts.autostop_count) {
+          /* XXX do we need this test here? */
+          /* It appears there's nothing more to capture. */
+          break;
+        }
+        pcap_cnt = capture_opts.autostop_count - ld.packet_count;
+      }
+    } else {
+      /* We need to check the capture file size or the timeout after
+         each packet. */
+      pcap_cnt = 1;
+    }
+#ifndef _WIN32
+    if (ld.from_pipe) {
+      inpkts = pipe_dispatch(pipe_fd, &ld, &hdr, &rechdr, pcap_data,
+        errmsg, sizeof errmsg);
+    } else
+#endif
+      inpkts = pcap_dispatch(ld.pch, pcap_cnt, capture_pcap_cb, (guchar *) &ld);
+    if (inpkts < 0) {
+      /* Error from "pcap_dispatch()", or error or "no more packets" from
+         "pipe_dispatch(). */
+      ld.go = FALSE;
+    } else if (cnd_stop_timeout != NULL && cnd_eval(cnd_stop_timeout)) {
+      /* The specified capture time has elapsed; stop the capture. */
+      ld.go = FALSE;
+    } else if (cnd_ring_timeout != NULL && cnd_eval(cnd_ring_timeout)) {
+      /* time elasped for this ring file, swith to the next */
+      if (ringbuf_switch_file(&cfile, &ld.pdh, &loop_err)) {
+	/* File switch succeeded: reset the condition */
+	cnd_reset(cnd_ring_timeout);
+      } else {
+	/* File switch failed: stop here */
+	ld.go = FALSE;
+      }
+    } else if (inpkts > 0) {
+      if (capture_opts.autostop_count != 0 &&
+                 ld.packet_count >= capture_opts.autostop_count) {
+        /* The specified number of packets have been captured and have
+           passed both any capture filter in effect and any read filter
+           in effect. */
+        ld.go = FALSE;
+      } else if (cnd_stop_capturesize != NULL &&
+                    cnd_eval(cnd_stop_capturesize,
+                              (guint32)wtap_get_bytes_dumped(ld.pdh))) {
+        /* We're saving the capture to a file, and the capture file reached
+           its maximum size. */
+        if (capture_opts.ringbuffer_on) {
+          /* Switch to the next ringbuffer file */
+          if (ringbuf_switch_file(&cfile, &ld.pdh, &loop_err)) {
+            /* File switch succeeded: reset the condition */
+            cnd_reset(cnd_stop_capturesize);
+	    if (cnd_ring_timeout) {
+	      cnd_reset(cnd_ring_timeout);
+	    }
+          } else {
+            /* File switch failed: stop here */
+            volatile_err = loop_err;
+            ld.go = FALSE;
+          }
+        } else {
+          /* No ringbuffer - just stop. */
+          ld.go = FALSE;
+        }
+      }
+      if (ld.output_to_pipe) {
+        if (ld.packet_count > packet_count_prev) {
+          if (fflush(wtap_dump_file(ld.pdh))) {
+            volatile_err = errno;
+            ld.go = FALSE;
+          }
+          packet_count_prev = ld.packet_count;
+        }
+      }
+    } /* inpkts > 0 */
+  } /* while (ld.go) */
+
+  /* delete stop conditions */
+  if (cnd_stop_capturesize != NULL)
+    cnd_delete(cnd_stop_capturesize);
+  if (cnd_stop_timeout != NULL)
+    cnd_delete(cnd_stop_timeout);
+  if (cnd_ring_timeout != NULL)
+    cnd_delete(cnd_ring_timeout);
+
+  if ((cfile.save_file != NULL) && !quiet) {
     /* We're saving to a file, which means we're printing packet counts
-       to the standard output.  Send a newline so that we move to the
-       line after the packet count. */
+       to stderr if we are not running silent and deep.
+       Send a newline so that we move to the line after the packet count. */
     fprintf(stderr, "\n");
   }
 
   /* If we got an error while capturing, report it. */
   if (inpkts < 0) {
-    fprintf(stderr, "tethereal: Error while capturing packets: %s\n",
-	pcap_geterr(ld.pch));
+#ifndef _WIN32
+    if (ld.from_pipe) {
+      if (ld.pipe_err == PIPERR) {
+        fprintf(stderr, "tethereal: Error while capturing packets: %s\n",
+	  errmsg);
+      }
+    } else
+#endif
+    {
+      fprintf(stderr, "tethereal: Error while capturing packets: %s\n",
+	  pcap_geterr(ld.pch));
+    }
   }
 
-  /* Get the capture statistics, and, if any packets were dropped, report
-     that. */
-  if (pcap_stats(ld.pch, &stats) >= 0) {
-    if (stats.ps_drop != 0) {
-      fprintf(stderr, "%u packets dropped\n", stats.ps_drop);
-    }
-  } else {
-    fprintf(stderr, "tethereal: Can't get packet-drop statistics: %s\n",
-	pcap_geterr(ld.pch));
+  if (volatile_err == 0)
+    write_err = FALSE;
+  else {
+    show_capture_file_io_error(cfile.save_file, volatile_err, FALSE);
+    write_err = TRUE;
   }
-  pcap_close(ld.pch);
 
   if (cfile.save_file != NULL) {
-    /* We're saving to a file; close the file. */
-    if (!wtap_dump_close(ld.pdh, &err))
+    /* We're saving to a file or files; close all files. */
+    if (capture_opts.ringbuffer_on) {
+      dump_ok = ringbuf_wtap_dump_close(&cfile, &err);
+    } else {
+      dump_ok = wtap_dump_close(ld.pdh, &err);
+    }
+    /* If we've displayed a message about a write error, there's no point
+       in displaying another message about an error on close. */
+    if (!dump_ok && !write_err)
       show_capture_file_io_error(cfile.save_file, err, TRUE);
   }
 
+#ifndef _WIN32
+  if (ld.from_pipe && pipe_fd >= 0)
+    close(pipe_fd);
+  else
+#endif
+  {
+    /* Get the capture statistics, and, if any packets were dropped, report
+       that. */
+    if (pcap_stats(ld.pch, &stats) >= 0) {
+      if (stats.ps_drop != 0) {
+        fprintf(stderr, "%u packets dropped\n", stats.ps_drop);
+      }
+    } else {
+      fprintf(stderr, "tethereal: Can't get packet-drop statistics: %s\n",
+	  pcap_geterr(ld.pch));
+    }
+    pcap_close(ld.pch);
+  }
+
+  /* Report the number of captured packets if not reported during capture
+     and we are saving to a file. */
+  report_counts();
+
   return TRUE;
 
 error:
+  if (capture_opts.ringbuffer_on) {
+    ringbuf_error_cleanup();
+  }
   g_free(cfile.save_file);
   cfile.save_file = NULL;
   fprintf(stderr, "tethereal: %s\n", errmsg);
+#ifndef _WIN32
+  if (ld.from_pipe) {
+    if (pipe_fd >= 0)
+      close(pipe_fd);
+  } else
+#endif
+  {
   if (ld.pch != NULL)
     pcap_close(ld.pch);
+  }
 
   return FALSE;
 }
 
 static void
-capture_pcap_cb(u_char *user, const struct pcap_pkthdr *phdr,
-  const u_char *pd)
+capture_pcap_cb(guchar *user, const struct pcap_pkthdr *phdr,
+  const guchar *pd)
 {
   struct wtap_pkthdr whdr;
+  union wtap_pseudo_header pseudo_header;
   loop_data *ld = (loop_data *) user;
   cb_args_t args;
+  int err;
 
-  whdr.ts.tv_sec = phdr->ts.tv_sec;
-  whdr.ts.tv_usec = phdr->ts.tv_usec;
-  whdr.caplen = phdr->caplen;
-  whdr.len = phdr->len;
-  whdr.pkt_encap = ld->linktype;
+  /* Convert from libpcap to Wiretap format.
+     If that fails, ignore the packet (wtap_process_pcap_packet has
+     written an error message). */
+  pd = wtap_process_pcap_packet(ld->linktype, phdr, pd, &pseudo_header,
+				&whdr, &err);
+  if (pd == NULL) {
+    return;
+  }
 
   args.cf = &cfile;
   args.pdh = ld->pdh;
   if (ld->pdh) {
-    wtap_dispatch_cb_write((u_char *)&args, &whdr, 0, NULL, pd);
-    fprintf(stderr, "\r%u ", cfile.count);
-    fflush(stdout);
+    wtap_dispatch_cb_write((guchar *)&args, &whdr, 0, &pseudo_header, pd);
+    /* Report packet capture count if not quiet */
+    if (!quiet) {
+      if (!decode) {
+         if (ld->packet_count != 0) {
+           fprintf(stderr, "\r%u ", ld->packet_count);
+           /* stderr could be line buffered */
+           fflush(stderr);
+         }
+      } else {
+           wtap_dispatch_cb_print((guchar *)&args, &whdr, 0,
+                                  &pseudo_header, pd);
+      }
+    }
   } else {
-    wtap_dispatch_cb_print((u_char *)&args, &whdr, 0, NULL, pd);
+    wtap_dispatch_cb_print((guchar *)&args, &whdr, 0, &pseudo_header, pd);
   }
 }
 
+#ifdef _WIN32
+static BOOL WINAPI
+capture_cleanup(DWORD ctrltype _U_)
+{
+  /* CTRL_C_EVENT is sort of like SIGINT, CTRL_BREAK_EVENT is unique to
+     Windows, CTRL_CLOSE_EVENT is sort of like SIGHUP, CTRL_LOGOFF_EVENT
+     is also sort of like SIGHUP, and CTRL_SHUTDOWN_EVENT is sort of
+     like SIGTERM at least when the machine's shutting down.
+
+     For now, we handle them all as indications that we should clean up
+     and quit, just as we handle SIGINT, SIGHUP, and SIGTERM in that
+     way on UNIX.
+
+     However, as handlers run in a new thread, we can't just longjmp
+     out; we have to set "ld.go" to FALSE, and must return TRUE so that
+     no other handler - such as one that would terminate the process -
+     gets called.
+
+     XXX - for some reason, typing ^C to Tethereal, if you run this in
+     a Cygwin console window in at least some versions of Cygwin,
+     causes Tethereal to terminate immediately; this routine gets
+     called, but the main loop doesn't get a chance to run and
+     exit cleanly, at least if this is compiled with Microsoft Visual
+     C++ (i.e., it's a property of the Cygwin console window or Bash;
+     it happens if Tethereal is not built with Cygwin - for all I know,
+     building it with Cygwin may make the problem go away). */
+  ld.go = FALSE;
+  return TRUE;
+}
+#else
 static void
-capture_cleanup(int signum)
+capture_cleanup(int signum _U_)
 {
-  int err;
+  /* Longjmp back to the starting point; "pcap_dispatch()", on many
+     UNIX platforms, just keeps looping if it gets EINTR, so if we set
+     "ld.go" to FALSE and return, we won't break out of it and quit
+     capturing. */
+  longjmp(ld.stopenv, 1);
+}
+#endif /* _WIN32 */
 
-  fprintf(stderr, "\n");
-  pcap_close(ld.pch);
-  if (ld.pdh != NULL) {
-    if (!wtap_dump_close(ld.pdh, &err)) {
-      show_capture_file_io_error(cfile.save_file, err, TRUE);
-      exit(2);
-    }
+static void
+report_counts(void)
+{
+#ifdef SIGINFO
+  /* XXX - if we use sigaction, this doesn't have to be done.
+     (Yes, this isn't necessary on BSD, but just in case a system
+     where "signal()" has AT&T semantics adopts SIGINFO....) */
+  signal(SIGINFO, report_counts_siginfo);
+#endif /* SIGINFO */
+
+  if (cfile.save_file != NULL && quiet) {
+    /* Report the count only if we're capturing to a file (rather
+       than printing captured packet information out) and aren't
+       updating a count as packets arrive. */
+    fprintf(stderr, "%u packets captured\n", ld.packet_count);
   }
-  exit(0);
+#ifdef SIGINFO
+  infoprint = FALSE;	/* we just reported it */
+#endif /* SIGINFO */
+}
+
+#ifdef SIGINFO
+static void
+report_counts_siginfo(int signum _U_)
+{
+  int sav_errno = errno;
+  /* If we've been told to delay printing, just set a flag asking
+     that we print counts (if we're supposed to), otherwise print
+     the count of packets captured (if we're supposed to). */
+  if (infodelay)
+    infoprint = TRUE;
+  else
+    report_counts();
+  errno = sav_errno;
 }
+#endif /* SIGINFO */
 #endif /* HAVE_LIBPCAP */
 
 static int
 load_cap_file(capture_file *cf, int out_file_type)
 {
   gint         linktype;
+  int          snapshot_length;
   wtap_dumper *pdh;
   int          err;
   int          success;
@@ -886,8 +1810,13 @@ load_cap_file(capture_file *cf, int out_file_type)
   linktype = wtap_file_encap(cf->wth);
   if (cf->save_file != NULL) {
     /* Set up to write to the capture file. */
+    snapshot_length = wtap_snapshot_length(cf->wth);
+    if (snapshot_length == 0) {
+      /* Snapshot length of input file not known. */
+      snapshot_length = WTAP_MAX_PACKET_SIZE;
+    }
     pdh = wtap_dump_open(cf->save_file, out_file_type,
-		linktype, wtap_snapshot_length(cf->wth), &err);
+		linktype, snapshot_length, &err);
 
     if (pdh == NULL) {
       /* We couldn't set up to write to the capture file. */
@@ -901,38 +1830,35 @@ load_cap_file(capture_file *cf, int out_file_type)
       case WTAP_ERR_UNSUPPORTED_ENCAP:
       case WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED:
         fprintf(stderr,
-"tethereal: The capture file being read cannot be written in that format.\n");
+          "tethereal: The capture file being read cannot be written in "
+          "that format.\n");
         break;
 
       case WTAP_ERR_CANT_OPEN:
         fprintf(stderr,
-"tethereal: The file \"%s\" couldn't be created for some unknown reason.\n",
-                 cf->save_file);
+          "tethereal: The file \"%s\" couldn't be created for some "
+          "unknown reason.\n",
+            *cf->save_file == '\0' ? "stdout" : cf->save_file);
         break;
 
       case WTAP_ERR_SHORT_WRITE:
         fprintf(stderr,
-"tethereal: A full header couldn't be written to the file \"%s\".\n",
-		cf->save_file);
+          "tethereal: A full header couldn't be written to the file \"%s\".\n",
+		*cf->save_file == '\0' ? "stdout" : cf->save_file);
         break;
 
       default:
-        if (err < 0) {
-          fprintf(stderr,
-		"tethereal: The file \"%s\" could not be opened: Error %d.\n",
-   		cf->save_file, err);
-        } else {
-          fprintf(stderr,
-		"tethereal: The file \"%s\" could not be opened: %s\n.",
- 		cf->save_file, strerror(err));
-        }
+        fprintf(stderr,
+          "tethereal: The file \"%s\" could not be created: %s\n.",
+ 		*cf->save_file == '\0' ? "stdout" : cf->save_file,
+		wtap_strerror(err));
         break;
       }
       goto out;
     }
     args.cf = cf;
     args.pdh = pdh;
-    success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_write, (u_char *) &args,
+    success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_write, (guchar *) &args,
  			&err);
 
     /* Now close the capture file. */
@@ -941,7 +1867,7 @@ load_cap_file(capture_file *cf, int out_file_type)
   } else {
     args.cf = cf;
     args.pdh = NULL;
-    success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_print, (u_char *) &args,
+    success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_print, (guchar *) &args,
  			&err);
   }
   if (!success) {
@@ -990,20 +1916,15 @@ out:
 
 static void
 fill_in_fdata(frame_data *fdata, capture_file *cf,
-	const struct wtap_pkthdr *phdr,
-	const union wtap_pseudo_header *pseudo_header, long offset)
+	const struct wtap_pkthdr *phdr, long offset)
 {
-  int i;
-
   fdata->next = NULL;
   fdata->prev = NULL;
   fdata->pfd = NULL;
-  fdata->data_src = NULL;
   fdata->num = cf->count;
   fdata->pkt_len = phdr->len;
   fdata->cap_len = phdr->caplen;
   fdata->file_off = offset;
-  fdata->cinfo = NULL;
   fdata->lnk_t = phdr->pkt_encap;
   fdata->abs_secs  = phdr->ts.tv_sec;
   fdata->abs_usecs = phdr->ts.tv_usec;
@@ -1041,19 +1962,13 @@ fill_in_fdata(frame_data *fdata, capture_file *cf,
     cf->esec = fdata->rel_secs;
     cf->eusec = fdata->rel_usecs;
   }
-  
+
   /* Get the time elapsed between the previous displayed packet and
      this packet. */
   compute_timestamp_diff(&fdata->del_secs, &fdata->del_usecs,
 		fdata->abs_secs, fdata->abs_usecs, prevsec, prevusec);
   prevsec = fdata->abs_secs;
   prevusec = fdata->abs_usecs;
-
-  fdata->cinfo = &cf->cinfo;
-  for (i = 0; i < fdata->cinfo->num_cols; i++) {
-    fdata->cinfo->col_buf[i][0] = '\0';
-    fdata->cinfo->col_data[i] = fdata->cinfo->col_buf[i];
-  }
 }
 
 /* Free up all data attached to a "frame_data" structure. */
@@ -1062,40 +1977,52 @@ clear_fdata(frame_data *fdata)
 {
   if (fdata->pfd)
     g_slist_free(fdata->pfd);
-  if (fdata->data_src)
-    g_slist_free(fdata->data_src);
 }
 
 static void
-wtap_dispatch_cb_write(u_char *user, const struct wtap_pkthdr *phdr,
-  long offset, union wtap_pseudo_header *pseudo_header, const u_char *buf)
+wtap_dispatch_cb_write(guchar *user, const struct wtap_pkthdr *phdr,
+  long offset, union wtap_pseudo_header *pseudo_header, const guchar *buf)
 {
   cb_args_t    *args = (cb_args_t *) user;
   capture_file *cf = args->cf;
   wtap_dumper  *pdh = args->pdh;
   frame_data    fdata;
-  proto_tree   *protocol_tree;
   int           err;
   gboolean      passed;
   epan_dissect_t *edt;
 
+#ifdef HAVE_LIBPCAP
+#ifdef SIGINFO
+  /*
+   * Prevent a SIGINFO handler from writing to stdout while we're
+   * doing so; instead, have it just set a flag telling us to print
+   * that information when we're done.
+   */
+  infodelay = TRUE;
+#endif /* SIGINFO */
+#endif /* HAVE_LIBPCAP */
+
   cf->count++;
   if (cf->rfcode) {
-    fill_in_fdata(&fdata, cf, phdr, pseudo_header, offset);
-    protocol_tree = proto_tree_create_root();
-    edt = epan_dissect_new(pseudo_header, buf, &fdata, protocol_tree);
+    fill_in_fdata(&fdata, cf, phdr, offset);
+    edt = epan_dissect_new(TRUE, FALSE);
+    epan_dissect_prime_dfilter(edt, cf->rfcode);
+    epan_dissect_run(edt, pseudo_header, buf, &fdata, NULL);
     passed = dfilter_apply_edt(cf->rfcode, edt);
   } else {
-    protocol_tree = NULL;
     passed = TRUE;
     edt = NULL;
   }
   if (passed) {
+    /* The packet passed the read filter. */
+#ifdef HAVE_LIBPCAP
+    ld.packet_count++;
+#endif
     if (!wtap_dump(pdh, phdr, pseudo_header, buf, &err)) {
 #ifdef HAVE_LIBPCAP
-      if (ld.pch != NULL) {
-      	/* We're capturing packets, so we're printing a count of packets
-	   captured; move to the line after the count. */
+      if (ld.pch != NULL && !quiet) {
+      	/* We're capturing packets, so (if -q not specified) we're printing
+           a count of packets captured; move to the line after the count. */
         fprintf(stderr, "\n");
       }
 #endif
@@ -1108,17 +2035,33 @@ wtap_dispatch_cb_write(u_char *user, const struct wtap_pkthdr *phdr,
       exit(2);
     }
   }
-  if (protocol_tree != NULL)
-    proto_tree_free(protocol_tree);
   if (edt != NULL)
     epan_dissect_free(edt);
   if (cf->rfcode)
     clear_fdata(&fdata);
+
+#ifdef HAVE_LIBPCAP
+#ifdef SIGINFO
+  /*
+   * Allow SIGINFO handlers to write.
+   */
+  infodelay = FALSE;
+
+  /*
+   * If a SIGINFO handler asked us to write out capture counts, do so.
+   */
+  if (infoprint)
+    report_counts();
+#endif /* SIGINFO */
+#endif /* HAVE_LIBPCAP */
 }
 
 static void
 show_capture_file_io_error(const char *fname, int err, gboolean is_close)
 {
+  if (*fname == '\0')
+    fname = "stdout";
+
   switch (err) {
 
   case ENOSPC:
@@ -1164,36 +2107,55 @@ show_capture_file_io_error(const char *fname, int err, gboolean is_close)
 }
 
 static void
-wtap_dispatch_cb_print(u_char *user, const struct wtap_pkthdr *phdr,
-  long offset, union wtap_pseudo_header *pseudo_header, const u_char *buf)
+wtap_dispatch_cb_print(guchar *user, const struct wtap_pkthdr *phdr,
+  long offset, union wtap_pseudo_header *pseudo_header, const guchar *buf)
 {
   cb_args_t    *args = (cb_args_t *) user;
   capture_file *cf = args->cf;
   frame_data    fdata;
-  proto_tree   *protocol_tree;
   gboolean      passed;
   print_args_t  print_args;
   epan_dissect_t *edt;
+  gboolean      create_proto_tree;
   int           i;
 
   cf->count++;
 
-  /* The protocol tree will be "visible", i.e., printed, only if we're
-     not printing a summary. */
-  proto_tree_is_visible = verbose;
+  fill_in_fdata(&fdata, cf, phdr, offset);
 
-  fill_in_fdata(&fdata, cf, phdr, pseudo_header, offset);
+  /* Grab any resolved addresses */
+  if (g_resolv_flags) {
+    host_name_lookup_process(NULL);
+  }
 
   passed = TRUE;
-  if (cf->rfcode || verbose)
-    protocol_tree = proto_tree_create_root();
+  if (cf->rfcode || verbose || num_tap_filters!=0)
+    create_proto_tree = TRUE;
   else
-    protocol_tree = NULL;
-  edt = epan_dissect_new(pseudo_header, buf, &fdata, protocol_tree);
-  if (cf->rfcode)
+    create_proto_tree = FALSE;
+  /* The protocol tree will be "visible", i.e., printed, only if we're
+     not printing a summary.
+
+     We only need the columns if we're *not* verbose; in verbose mode,
+     we print the protocol tree, not the protocol summary. */
+
+  edt = epan_dissect_new(create_proto_tree, verbose);
+  if (cf->rfcode) {
+    epan_dissect_prime_dfilter(edt, cf->rfcode);
+  }
+
+  tap_queue_init(edt);
+  epan_dissect_run(edt, pseudo_header, buf, &fdata, verbose ? NULL : &cf->cinfo);
+  tap_push_tapped_queue(edt);
+
+  if (cf->rfcode) {
     passed = dfilter_apply_edt(cf->rfcode, edt);
+  }
   if (passed) {
     /* The packet passed the read filter. */
+#ifdef HAVE_LIBPCAP
+    ld.packet_count++;
+#endif
     if (verbose) {
       /* Print the information in the protocol tree. */
       print_args.to_file = TRUE;
@@ -1202,8 +2164,7 @@ wtap_dispatch_cb_print(u_char *user, const struct wtap_pkthdr *phdr,
       print_args.print_hex = print_hex;
       print_args.expand_all = TRUE;
       print_args.suppress_unmarked = FALSE;
-      proto_tree_print(FALSE, &print_args, (GNode *)protocol_tree,
-			&fdata, stdout);
+      proto_tree_print(&print_args, edt, stdout);
       if (!print_hex) {
         /* "print_hex_data()" will put out a leading blank line, as well
 	   as a trailing one; print one here, to separate the packets,
@@ -1212,7 +2173,7 @@ wtap_dispatch_cb_print(u_char *user, const struct wtap_pkthdr *phdr,
       }
     } else {
       /* Just fill in the columns. */
-      fill_in_columns(&fdata, &edt->pi);
+      epan_dissect_fill_in_columns(edt);
 
       /* Now print them. */
       for (i = 0; i < cf->cinfo.num_cols; i++) {
@@ -1394,10 +2355,9 @@ wtap_dispatch_cb_print(u_char *user, const struct wtap_pkthdr *phdr,
       putchar('\n');
     }
     if (print_hex) {
-      print_hex_data(stdout, print_args.format, &fdata);
+      print_hex_data(stdout, print_args.format, edt);
       putchar('\n');
     }
-    fdata.cinfo = NULL;
   }
 
   /* The ANSI C standard does not appear to *require* that a line-buffered
@@ -1422,18 +2382,14 @@ wtap_dispatch_cb_print(u_char *user, const struct wtap_pkthdr *phdr,
      having to wait until a standard I/O buffer fills up. */
   if (line_buffered)
     fflush(stdout);
-  if (protocol_tree != NULL)
-    proto_tree_free(protocol_tree);
 
   epan_dissect_free(edt);
 
   clear_fdata(&fdata);
-
-  proto_tree_is_visible = FALSE;
 }
 
 char *
-file_open_error_message(int err, gboolean for_writing)
+file_open_error_message(int err, gboolean for_writing, int file_type)
 {
   char *errmsg;
   static char errmsg_errno[1024+1];
@@ -1450,6 +2406,14 @@ file_open_error_message(int err, gboolean for_writing)
     errmsg = "The file \"%s\" is not a capture file in a format Tethereal understands.";
     break;
 
+  case WTAP_ERR_CANT_WRITE_TO_PIPE:
+    /* Seen only when opening a capture file for writing. */
+    snprintf(errmsg_errno, sizeof(errmsg_errno),
+	     "The file \"%%s\" is a pipe, and %s capture files cannot be "
+	     "written to a pipe.", wtap_file_type_string(file_type));
+    errmsg = errmsg_errno;
+    break;
+
   case WTAP_ERR_UNSUPPORTED_FILE_TYPE:
     /* Seen only when opening a capture file for writing. */
     errmsg = "Tethereal does not support writing capture files in that format.";
@@ -1476,7 +2440,7 @@ file_open_error_message(int err, gboolean for_writing)
 
   case WTAP_ERR_SHORT_READ:
     errmsg = "The file \"%s\" appears to have been cut short"
-             " in the middle of a packet.";
+             " in the middle of a packet or other data.";
     break;
 
   case WTAP_ERR_SHORT_WRITE:
@@ -1503,7 +2467,8 @@ file_open_error_message(int err, gboolean for_writing)
 
   default:
     snprintf(errmsg_errno, sizeof(errmsg_errno),
-	     "The file \"%%s\" could not be opened: %s.",
+	     "The file \"%%s\" could not be %s: %s.",
+	     for_writing ? "created" : "opened",
 	     wtap_strerror(err));
     errmsg = errmsg_errno;
     break;
@@ -1516,39 +2481,20 @@ open_cap_file(char *fname, gboolean is_tempfile, capture_file *cf)
 {
   wtap       *wth;
   int         err;
-  int         fd;
-  struct stat cf_stat;
   char        err_msg[2048+1];
 
   wth = wtap_open_offline(fname, &err, FALSE);
   if (wth == NULL)
     goto fail;
 
-  /* Find the size of the file. */
-  fd = wtap_fd(wth);
-  if (fstat(fd, &cf_stat) < 0) {
-    err = errno;
-    wtap_close(wth);
-    goto fail;
-  }
-
   /* The open succeeded.  Fill in the information for this file. */
 
-  /* Initialize the table of conversations. */
-  epan_conversation_init();
-
-  /* Initialize protocol-specific variables */
-  init_all_protocols();
-
-  /* Initialize the common data structures for fragment reassembly.
-     Must be done *after* "init_all_protocols()", as "init_all_protocols()"
-     may free up space for fragments, which it finds by using the
-     data structures that "reassemble_init()" frees. */
-  reassemble_init();
+  /* Initialize all data structures used for dissection. */
+  init_dissection();
 
   cf->wth = wth;
-  cf->filed = fd;
-  cf->f_len = cf_stat.st_size;
+  cf->filed = -1;	/* not used, but set it anyway */
+  cf->f_len = 0;	/* not used, but set it anyway */
 
   /* Set the file name because we need it to set the follow stream filter.
      XXX - is that still true?  We need it for other reasons, though,
@@ -1568,15 +2514,310 @@ open_cap_file(char *fname, gboolean is_tempfile, capture_file *cf)
   cf->esec      = 0;
   cf->eusec     = 0;
   cf->snap      = wtap_snapshot_length(cf->wth);
+  if (cf->snap == 0) {
+    /* Snapshot length not known. */
+    cf->has_snap = FALSE;
+    cf->snap = WTAP_MAX_PACKET_SIZE;
+  } else
+    cf->has_snap = TRUE;
   cf->progbar_quantum = 0;
   cf->progbar_nextstep = 0;
   firstsec = 0, firstusec = 0;
   prevsec = 0, prevusec = 0;
- 
+
   return (0);
 
 fail:
-  snprintf(err_msg, sizeof err_msg, file_open_error_message(err, FALSE), fname);
+  snprintf(err_msg, sizeof err_msg, file_open_error_message(err, FALSE, 0),
+	   fname);
   fprintf(stderr, "tethereal: %s\n", err_msg);
   return (err);
 }
+
+#ifdef HAVE_LIBPCAP
+#ifndef _WIN32
+/* Take care of byte order in the libpcap headers read from pipes.
+ * (function taken from wiretap/libpcap.c) */
+static void
+adjust_header(loop_data *ld, struct pcap_hdr *hdr, struct pcaprec_hdr *rechdr)
+{
+  if (ld->byte_swapped) {
+    /* Byte-swap the record header fields. */
+    rechdr->ts_sec = BSWAP32(rechdr->ts_sec);
+    rechdr->ts_usec = BSWAP32(rechdr->ts_usec);
+    rechdr->incl_len = BSWAP32(rechdr->incl_len);
+    rechdr->orig_len = BSWAP32(rechdr->orig_len);
+  }
+
+  /* In file format version 2.3, the "incl_len" and "orig_len" fields were
+     swapped, in order to match the BPF header layout.
+
+     Unfortunately, some files were, according to a comment in the "libpcap"
+     source, written with version 2.3 in their headers but without the
+     interchanged fields, so if "incl_len" is greater than "orig_len" - which
+     would make no sense - we assume that we need to swap them.  */
+  if (hdr->version_major == 2 &&
+      (hdr->version_minor < 3 ||
+       (hdr->version_minor == 3 && rechdr->incl_len > rechdr->orig_len))) {
+    guint32 temp;
+
+    temp = rechdr->orig_len;
+    rechdr->orig_len = rechdr->incl_len;
+    rechdr->incl_len = temp;
+  }
+}
+
+/* Mimic pcap_open_live() for pipe captures
+ * We check if "pipename" is "-" (stdin) or a FIFO, open it, and read the
+ * header.
+ * N.B. : we can't read the libpcap formats used in RedHat 6.1 or SuSE 6.3
+ * because we can't seek on pipes (see wiretap/libpcap.c for details) */
+static int
+pipe_open_live(char *pipename, struct pcap_hdr *hdr, loop_data *ld,
+                 char *errmsg, int errmsgl)
+{
+  struct stat pipe_stat;
+  int         fd;
+  guint32     magic;
+  int         b;
+  unsigned int bytes_read;
+
+  /*
+   * XXX Tethereal blocks until we return
+   */
+  if (strcmp(pipename, "-") == 0)
+    fd = 0; /* read from stdin */
+  else {
+    if (stat(pipename, &pipe_stat) < 0) {
+      if (errno == ENOENT || errno == ENOTDIR)
+        ld->pipe_err = PIPNEXIST;
+      else {
+        snprintf(errmsg, errmsgl,
+          "The capture session could not be initiated "
+          "due to error on pipe: %s", strerror(errno));
+        ld->pipe_err = PIPERR;
+      }
+      return -1;
+    }
+    if (! S_ISFIFO(pipe_stat.st_mode)) {
+      if (S_ISCHR(pipe_stat.st_mode)) {
+        /*
+         * Assume the user specified an interface on a system where
+         * interfaces are in /dev.  Pretend we haven't seen it.
+         */
+         ld->pipe_err = PIPNEXIST;
+      } else {
+        snprintf(errmsg, errmsgl,
+            "The capture session could not be initiated because\n"
+            "\"%s\" is neither an interface nor a pipe", pipename);
+        ld->pipe_err = PIPERR;
+      }
+      return -1;
+    }
+    fd = open(pipename, O_RDONLY);
+    if (fd == -1) {
+      snprintf(errmsg, errmsgl,
+          "The capture session could not be initiated "
+          "due to error on pipe open: %s", strerror(errno));
+      ld->pipe_err = PIPERR;
+      return -1;
+    }
+  }
+
+  ld->from_pipe = TRUE;
+
+  /* read the pcap header */
+  bytes_read = 0;
+  while (bytes_read < sizeof magic) {
+    b = read(fd, ((char *)&magic)+bytes_read, sizeof magic-bytes_read);
+    if (b <= 0) {
+      if (b == 0)
+        snprintf(errmsg, errmsgl, "End of file on pipe during open");
+      else
+        snprintf(errmsg, errmsgl, "Error on pipe during open: %s",
+          strerror(errno));
+      goto error;
+    }
+    bytes_read += b;
+  }
+
+  switch (magic) {
+  case PCAP_MAGIC:
+    /* Host that wrote it has our byte order, and was running
+       a program using either standard or ss990417 libpcap. */
+    ld->byte_swapped = FALSE;
+    ld->modified = FALSE;
+    break;
+  case PCAP_MODIFIED_MAGIC:
+    /* Host that wrote it has our byte order, but was running
+       a program using either ss990915 or ss991029 libpcap. */
+    ld->byte_swapped = FALSE;
+    ld->modified = TRUE;
+    break;
+  case PCAP_SWAPPED_MAGIC:
+    /* Host that wrote it has a byte order opposite to ours,
+       and was running a program using either standard or
+       ss990417 libpcap. */
+    ld->byte_swapped = TRUE;
+    ld->modified = FALSE;
+    break;
+  case PCAP_SWAPPED_MODIFIED_MAGIC:
+    /* Host that wrote it out has a byte order opposite to
+       ours, and was running a program using either ss990915
+       or ss991029 libpcap. */
+    ld->byte_swapped = TRUE;
+    ld->modified = TRUE;
+    break;
+  default:
+    /* Not a "libpcap" type we know about. */
+    snprintf(errmsg, errmsgl, "Unrecognized libpcap format");
+    goto error;
+  }
+
+  /* Read the rest of the header */
+  bytes_read = 0;
+  while (bytes_read < sizeof(struct pcap_hdr)) {
+    b = read(fd, ((char *)hdr)+bytes_read,
+          sizeof(struct pcap_hdr) - bytes_read);
+    if (b <= 0) {
+      if (b == 0)
+        snprintf(errmsg, errmsgl, "End of file on pipe during open");
+      else
+        snprintf(errmsg, errmsgl, "Error on pipe during open: %s",
+          strerror(errno));
+      goto error;
+    }
+    bytes_read += b;
+  }
+
+  if (ld->byte_swapped) {
+    /* Byte-swap the header fields about which we care. */
+    hdr->version_major = BSWAP16(hdr->version_major);
+    hdr->version_minor = BSWAP16(hdr->version_minor);
+    hdr->snaplen = BSWAP32(hdr->snaplen);
+    hdr->network = BSWAP32(hdr->network);
+  }
+
+  if (hdr->version_major < 2) {
+    snprintf(errmsg, errmsgl, "Unable to read old libpcap format");
+    goto error;
+  }
+
+  ld->pipe_state = STATE_EXPECT_REC_HDR;
+  ld->pipe_err = PIPOK;
+  return fd;
+
+error:
+  ld->pipe_err = PIPERR;
+  close(fd);
+  return -1;
+
+}
+/* We read one record from the pipe, take care of byte order in the record
+ * header, write the record in the capture file, and update capture statistics. */
+
+static int
+pipe_dispatch(int fd, loop_data *ld, struct pcap_hdr *hdr,
+                struct pcaprec_modified_hdr *rechdr, guchar *data,
+                char *errmsg, int errmsgl)
+{
+  struct pcap_pkthdr phdr;
+  int b;
+  enum { PD_REC_HDR_READ, PD_DATA_READ, PD_PIPE_EOF, PD_PIPE_ERR,
+          PD_ERR } result;
+
+  switch (ld->pipe_state) {
+
+  case STATE_EXPECT_REC_HDR:
+    ld->bytes_to_read = ld->modified ?
+      sizeof(struct pcaprec_modified_hdr) : sizeof(struct pcaprec_hdr);
+    ld->bytes_read = 0;
+    ld->pipe_state = STATE_READ_REC_HDR;
+    /* Fall through */
+
+  case STATE_READ_REC_HDR:
+    b = read(fd, ((char *)rechdr)+ld->bytes_read,
+      ld->bytes_to_read - ld->bytes_read);
+    if (b <= 0) {
+      if (b == 0)
+        result = PD_PIPE_EOF;
+      else
+        result = PD_PIPE_ERR;
+      break;
+    }
+    if ((ld->bytes_read += b) < ld->bytes_to_read)
+        return 0;
+    result = PD_REC_HDR_READ;
+    break;
+
+  case STATE_EXPECT_DATA:
+    ld->bytes_read = 0;
+    ld->pipe_state = STATE_READ_DATA;
+    /* Fall through */
+
+  case STATE_READ_DATA:
+    b = read(fd, data+ld->bytes_read, rechdr->hdr.incl_len - ld->bytes_read);
+    if (b <= 0) {
+      if (b == 0)
+        result = PD_PIPE_EOF;
+      else
+        result = PD_PIPE_ERR;
+      break;
+    }
+    if ((ld->bytes_read += b) < rechdr->hdr.incl_len)
+      return 0;
+    result = PD_DATA_READ;
+    break;
+
+  default:
+    snprintf(errmsg, errmsgl, "pipe_dispatch: invalid state");
+    result = PD_ERR;
+
+  } /* switch (ld->pipe_state) */
+
+  /*
+   * We've now read as much data as we were expecting, so process it.
+   */
+  switch (result) {
+
+  case PD_REC_HDR_READ:
+    /* We've read the header. Take care of byte order. */
+    adjust_header(ld, hdr, &rechdr->hdr);
+    if (rechdr->hdr.incl_len > WTAP_MAX_PACKET_SIZE) {
+      snprintf(errmsg, errmsgl, "Frame %u too long (%d bytes)",
+        ld->packet_count+1, rechdr->hdr.incl_len);
+      break;
+    }
+    ld->pipe_state = STATE_EXPECT_DATA;
+    return 0;
+
+  case PD_DATA_READ:
+    /* Fill in a "struct pcap_pkthdr", and process the packet. */
+    phdr.ts.tv_sec = rechdr->hdr.ts_sec;
+    phdr.ts.tv_usec = rechdr->hdr.ts_usec;
+    phdr.caplen = rechdr->hdr.incl_len;
+    phdr.len = rechdr->hdr.orig_len;
+
+    capture_pcap_cb((guchar *)ld, &phdr, data);
+
+    ld->pipe_state = STATE_EXPECT_REC_HDR;
+    return 1;
+
+  case PD_PIPE_EOF:
+    ld->pipe_err = PIPEOF;
+    return -1;
+
+  case PD_PIPE_ERR:
+    snprintf(errmsg, errmsgl, "Error reading from pipe: %s",
+      strerror(errno));
+    /* Fall through */
+  case PD_ERR:
+    break;
+  }
+
+  ld->pipe_err = PIPERR;
+  /* Return here rather than inside the switch to prevent GCC warning */
+  return -1;
+}
+#endif /* _WIN32 */
+#endif /* HAVE_LIBPCAP */