On Thu, Jan 7, 2016 at 1:08 PM, Guy Harris <[email protected]> wrote:
> > On Jan 4, 2016, at 12:12 PM, Guy Harris <[email protected]> wrote: > > > On Jan 4, 2016, at 4:08 AM, Anders Broman <[email protected]> > wrote: > > > >> As a test I tried to compile Wireshark with HAVE_PCAP_CREATE set using > nmake > >> > >> Linking dumpcap.exe > >> link @C:\Users\etxrab\AppData\Local\Temp\nmFF17.tmp > >> dumpcap.obj : error LNK2019: unresolved external symbol pcap_create > referenced in function open_capture_device > > > > ... > > > >> dumpcap.exe : fatal error LNK1120: 9 unresolved externals > >> > >> Not sure why linking fails :-( > > > > It fails because Wireshark doesn't link directly with WinPcap; it's > built to load WinPcap at run time, so that we don't need to ship separate > versions of Wireshark, one built with WinPcap (to use if you want to > capture traffic and are willing to install WinPcap) and one not built with > WinPcap (if you don't need to capture traffic and don't want WinPcap > installed). > > > > Therefore, Wireshark has its own versions of all the pcap_ routines, in > caputils/capture-wpcap.c, which call the underlying WinPcap routines > through pointers set by g_module_symbol() after doing a ws_load_module() of > WinPcap. > > > > So caputils/capture-wpcap.c would have to be changed to add wrapper > routines for pcap_create(), pcap_set_snaplen(), pcap_set_promisc(), > pcap_can_set_rfmon(), pcap_set_rfmon(), pcap_set_timeout(), > pcap_set_buffer_size(), pcap_activate(), and pcap_statustostr(), calling > them through pointers, and add entries for those functions to the symbols[] > table in load_wpcap(). > > > > Note that, unless dumpcap is changed to, at least on Windows, check at > *run-time* whether we have pcap_create() or not, and use pcap_open_live() > if we don't, the change to caputils/capture-wpcap.c would have to require > that all those routines are present, and mark WinPcap as not present if > they're not. > > With your changes and mine, it builds, and does the run-time check in > question. I did a build on my Windows 7 VM, with WinPcap 4.1.3, it appears > to be work and to capture. > > Yang, you might want to try the NPcap with monitor mode support with the > latest version of Wireshark (either check it out from source and build it, > or wait for the next Windows buildbot build to complete). > I still couldn't build Wireshark sucessfully, so I don't know if I can make any changes about it. By trying with the latest Wireshark, does it mean that Wireshark has already been patched to add the support of monitor mode? I don't quite understand the legacy issues mentioned above, so I think I will start from Npcap's driver support for monitor mode first.. Cheers, Yang > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
