Submitter: Anders Broman (a.broma...@gmail.com)
Changed: branch: master
bfef57e by Florian Bezold (florian.bez...@esrlabs.com):
androiddump: Fix and simplify tcpdump capture
1. Use "exec:" ADB command to get raw (non-PTY) tcpdump output
This is also supported on Android devices before Android 7, and is a
much easier approach than testing the new "shell,raw:" command and
falling back if unsupported. This basically undoes commit 5ebc3277.
2. Pass "-U" to tcpdump to prevent on-target buffering
Before using the "shell,raw" approach in commit 5ebc3277, I tried the
"exec:" command already, but experienced extreme buffering of the
tcpdump output, which is unacceptable for live trace viewing.
Turns out, the buffering is determined "automatically" by libpcap:
- When running in a PTY, output is flushed fast for viewing
- When _not_ in a PTY, output is not flushed and thus heavily buffered.
The "exec" command obviously doesn't use a PTY.
Fortunately, tcpdump has a "-U" option to flush the output after each
catpured packet, which is exactly what we need.
3. Ignore tcpdump stderr output
Enabling "-U" caused androiddump to fail, because it happened that the
tcpdump stderr logs were mixed with the stdout data. (We were probably
lucky this didn't happen without -U as well).
To fix this, we just ignore stderr completely by adding "2>/dev/null" to
the tcpdump command.
4. Get linktype from pcap global header
The stderr logs were previously parsed to get the textual linktype.
This is now replaced by a simpler & less fragile approach: tcpdump
prints the global pcap header, which contains precicesly the linktype
info we need.
5. Parse pcap global header magic correctly for timestamps & endianness
The previous code only supported the "classic" pcap header magic and
might also been incorrect on big-endian host machines.
Now, endian handling is simplified and we can detect the "nanosecond
timestamp" magic values as well.
This fixes the problem that extcap_dumper_dump expects *nano*second
timestamps, but the previous code supplied *micro*seconds if on-target
tcpdump outputs microseconds.
6. The parsing simplifications above allowed the main loop for tcpdump
capture to be simplified considerably.
Petri-Dish: Michael Mann <mman...@netscape.net>
Petri-Dish: Anders Broman <a.broma...@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broma...@gmail.com>
from 78b7da7 CMake: Don't shadow PROCESSOR_ARCHITECTURE.
adds bfef57e androiddump: Fix and simplify tcpdump capture
Summary of changes:
extcap/androiddump.c | 281 ++++++++++++++++-----------------------------------
1 file changed, 89 insertions(+), 192 deletions(-)
Sent via: Wireshark-commits mailing list <email@example.com>