Submitter: Anders Broman (a.broma...@gmail.com)
Changed: branch: master
Repository: wireshark


bfef57e by Florian Bezold (florian.bez...@esrlabs.com):

    androiddump: Fix and simplify tcpdump capture
    1. Use "exec:" ADB command to get raw (non-PTY) tcpdump output
    This is also supported on Android devices before Android 7, and is a
    much easier approach than testing the new "shell,raw:" command and
    falling back if unsupported. This basically undoes commit 5ebc3277.
    2. Pass "-U" to tcpdump to prevent on-target buffering
    Before using the "shell,raw" approach in commit 5ebc3277, I tried the
    "exec:" command already, but experienced extreme buffering of the
    tcpdump output, which is unacceptable for live trace viewing.
    Turns out, the buffering is determined "automatically" by libpcap:
    - When running in a PTY, output is flushed fast for viewing
    - When _not_ in a PTY, output is not flushed and thus heavily buffered.
    The "exec" command obviously doesn't use a PTY.
    Fortunately, tcpdump has a "-U" option to flush the output after each
    catpured packet, which is exactly what we need.
    3. Ignore tcpdump stderr output
    Enabling "-U" caused androiddump to fail, because it happened that the
    tcpdump stderr logs were mixed with the stdout data. (We were probably
    lucky this didn't happen without -U as well).
    To fix this, we just ignore stderr completely by adding "2>/dev/null" to
    the tcpdump command.
    4. Get linktype from pcap global header
    The stderr logs were previously parsed to get the textual linktype.
    This is now replaced by a simpler & less fragile approach: tcpdump
    prints the global pcap header, which contains precicesly the linktype
    info we need.
    5. Parse pcap global header magic correctly for timestamps & endianness
    The previous code only supported the "classic" pcap header magic and
    might also been incorrect on big-endian host machines.
    Now, endian handling is simplified and we can detect the "nanosecond
    timestamp" magic values as well.
    This fixes the problem that extcap_dumper_dump expects *nano*second
    timestamps, but the previous code supplied *micro*seconds if on-target
    tcpdump outputs microseconds.
    6. The parsing simplifications above allowed the main loop for tcpdump
    capture to be simplified considerably.
    Change-Id: Id66791e700a8943b86128f044f080bee60a9fa79
    Reviewed-on: https://code.wireshark.org/review/25713
    Petri-Dish: Michael Mann <mman...@netscape.net>
    Petri-Dish: Anders Broman <a.broma...@gmail.com>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broma...@gmail.com>

Actions performed:

    from  78b7da7   CMake: Don't shadow PROCESSOR_ARCHITECTURE.
    adds  bfef57e   androiddump: Fix and simplify tcpdump capture

Summary of changes:
 extcap/androiddump.c | 281 ++++++++++++++++-----------------------------------
 1 file changed, 89 insertions(+), 192 deletions(-)
Sent via:    Wireshark-commits mailing list <wireshark-commits@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-commits
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-commits

Reply via email to