Re: supporting extend 'open live capture' parametes

[Guy Harris <guy () alum mit edu>]

Abeni Paolo wrote:

> Any comments are as usual very welcome.

So far, I have it compiling and working on:

        Mac OS X 10.4

        Mac OS X 10.5

        FreeBSD 7.0 RC1

        OpenBSD 4.2

        Ubuntu 7.10

where "working" includes an additional pcap_set_rfmon() call to turn on 
monitor mode - along with a change to tcpdump to add a "-I" flag to turn 
on monitor mode (that's the only flag available in all of 
tcpdump/WinDump, Wireshark, TShark, and dumpcap; "-m", "-M", "-r", and 
"-R" are unavailable).  Monitor mode works with the native adapter on 
Tiger (on my MacBook Pro) and Leopard (on a Mac mini at work), and with 
a Belkin F5D7050 V4000 USB adapter under VMware Fusion in FreeBSD 7.0 
RC1, OpenBSD 4.2, and Ubuntu 7.10.  (FreeBSD 7.0 because I need the 
ZyDAS driver for the Belkin adapter.)

I added support for setting the buffer size for BPF and WinPcap (I 
changed the name from pcap_set_ring_size() to pcap_set_buffer_size() - 
the buffer doesn't necessarily function as a ring on all platforms, as, 
at least on some platforms, if it fills, newly-arrived packets get 
discarded, rather than older packets being discarded).  I didn't add 
pcap_setbuff() for non-Windows platforms, as it, unlike 
pcap_set_buffer_size(), can't be supported on all platforms.  I need to 
add support on other platforms - including Linux when you don't have a 
ring buffer (set the socket buffer size, instead).

I have not modified the code for any other platforms (DLPI platforms, 
Irix, etc.), and have not tested whether it compiles on Windows; I also 
haven't made pcap_activate() on Windows check for monitor mode and fail. 
 (I also haven't tried to make it work on Windows Vista, which should, 
in theory, be possible - I don't have Windows Vista in order to try to 
make that work.)

I need to add:

	a routine to check whether you *can* set monitor mode, for the benefit 
of, for example, Wireshark (so it could display a "use monitor mode" 
checkbox iff you can run with it on or off);

	a routine to set the channel for 802.11 adapters, at least in monitor 
mode (unfortunately, both "-c" and "-C" are unavailable in the programs 
that would use this; is it time for us to start using getopt_long(), and 
supply a BSD version of it for platforms that lack it?);

        a routine to ask what channels are available.

Should pcap_create() take an adapter name as an argument?  That would 
let us, for example, do the device name checks for DAG cards, etc. in 
pcap_create(), and set at least some of the function pointers, so that 
we could have one of the function pointers in the pcap_t be for the "can 
you set monitor mode?" function and another be for the "what channels 
are available?" function, rather than having those functions have to do 
the same device name checks.

I've added my version of the libpcap patch, along with a patch for 
tcpdump, to the bug.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.