https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448
--- Comment #5 from Guy Harris <[email protected]> --- (In reply to Jörg Mayer from comment #0) > Created attachment 15293 [details] > Add rpcap support to libpcap autotools > > Build Information: > Git head on macOS > -- > I've been trying to get rpcap support working on Unix (macOS, Linux). After > fixing some Wireshark bugs and fixing a libpcap bug I'm stuck: > The next problem seems to be that neither Wireshark nor dumpcap call > pcap_activate on non-Windows and I can't find the difference in the code > between Windows and non-Windows. > > jmayer@newegg:~/worktmp/wireshark/git/caputils(master)$ dumpcap -i > rpcap://10.122.4.11/wifi0 > Capturing on 'rpcap://10.122.4.11/wifi0' > dumpcap: Invalid capture filter "(null)" for interface > 'rpcap://10.122.4.11/wifi0'. > > That string isn't a valid capture filter (not-yet-activated pcap_t passed to > pcap_compile). > See the User's Guide for a description of the capture filter syntax. > > jmayer@newegg:~/worktmp/wireshark/git/caputils(master)$ dumpcap -i > rpcap://10.122.4.11/wifi0 -L > Data link types of interface rpcap://10.122.4.11/wifi0 (use option -y to > set): > DLT -3 (not supported) > > =====> -3 is actually not a DLT type but: PCAP_ERROR_NOT_ACTIVATED > =====> btw, why is dumpcap not decoding this but Wireshark is? dumpcap *is* decoding it: > jmayer@newegg:~/worktmp/wireshark/git/caputils(master)$ dumpcap -i > rpcap://10.122.4.11/wifi0 > Capturing on 'rpcap://10.122.4.11/wifi0' > dumpcap: Invalid capture filter "(null)" for interface > 'rpcap://10.122.4.11/wifi0'. > > That string isn't a valid capture filter (not-yet-activated pcap_t passed to > pcap_compile). It's just not decoding it for > jmayer@newegg:~/worktmp/wireshark/git/caputils(master)$ dumpcap -i > rpcap://10.122.4.11/wifi0 -L > Data link types of interface rpcap://10.122.4.11/wifi0 (use option -y to > set): > DLT -3 (not supported) There are two different code paths - the code path to try to capture, and the code path to get the data link types. The first one is doing the right thing, the second one isn't. I suspect that if you do tshark -i rpcap://10.122.4.11/wifi0 -L or even wireshark -i rpcap://10.122.4.11/wifi0 -L you'll get the "DLT -3" error. The problem is that the pcap_open() in the libpcap source wasn't setting p->activated on the pcap_t if the open succeeds, meaning all libpcap calls that bother to check for an activated pcap_t, such as pcap_datalink(), will fail. I've just checked in a fix for that. -- You are receiving this mail because: You are watching all bug changes.
___________________________________________________________________________ Sent via: Wireshark-bugs mailing list <[email protected]> Archives: https://u4882879.ct.sendgrid.net/wf/click?upn=J3-2B0IIt-2BU0iFcD0rvkjpACVwNLoRy-2Fy5WOmzWseKrVjPXpRPwHfy4cXEfYMbh6NtS9hrqTj4wTemfNI-2Fc9SRaA-3D-3D_a6oQc7tnfcb0GKvoO27fPkrQ0ATQyF1SDBXJOg7-2FbuRC7bjWL7e7vRYrua22GxDIlnvxYyoOScwUA34TQUAbU3Y5zSIerO0sPIasMD-2BGNHorWEeNjfWFWM2pmYereliP8ybmh5EV-2F6DwI62F4DNq4BXEzqlA1ICFQvHrNuPt9q1GFOfSNxlW1frcDmV6xNPAudnFQ2rv-2FZzG6bChyMAzl2ifVojaQ1G-2F4ZL4SVwhXAk-3D Unsubscribe: https://u4882879.ct.sendgrid.net/wf/click?upn=J3-2B0IIt-2BU0iFcD0rvkjpACVwNLoRy-2Fy5WOmzWseKrVhM74KA-2FZCyKs4a489Mgm4SeF0MvG-2BFmVYN5poJ9p8cWQ-3D-3D_a6oQc7tnfcb0GKvoO27fPkrQ0ATQyF1SDBXJOg7-2FbuRC7bjWL7e7vRYrua22GxDIlnvxYyoOScwUA34TQUAbUyGl0FNABjSCLHuCWiUQ3LK5BgjGF2vBu2j9v0a3wmkO3vCWjVq3ecer2t6CyEUsRC9SrYUJHpf2hCVI27N8eRvQbeG7cYHv8kTWBRP5ugJlf4v2keQ9jSbX9RnCnhhs7XDq10ynF-2FHMM37xv1u-2ByWs-3D mailto:[email protected]?subject=unsubscribe
