Hello, the attached patch is an attempt to get remote pcap working on macOS (and other Unix'ish operating systems).
I then rebuild Wireshark and managed to configure a remote capture session. Unfortunately I don't have an AP or other testdevice available right now. I *may* find a chance and time on Friday to test this with an Extremenetworks AP. What this patch does: - Move remote-ext.h to pcap/remote-ext.h (plus necessary autotools changes): Inside pcap/ is a more consistent place to put it. - Fix a small typo in a comment in remote-ext.h - Add the necessary autotools changes for --enable-rpcap to compile and link. With that said: When I open the rpcap dialog in Wireshark, I get an error message but Wireshark continues without crashing: (process:93925): GLib-CRITICAL **: guint g_hash_table_size(GHashTable *): assertion `hash_table != NULL' failed But that is most likely a Wireshark issue. While I'm at it: Does anyone know of a working rpcap server on Unix? Please consider adding this patch (or maybe something inspired by it :-) If not, please let me know what is missing to get rpcap support on Unix. Thanks Jörg -- Joerg Mayer <jma...@loplof.de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology.
>From 839e665b9f7240ac26a3dcbaebeae8dc0ed8c774 Mon Sep 17 00:00:00 2001 From: Joerg Mayer <jma...@loplof.de> Date: Fri, 28 Oct 2016 10:12:20 +0200 Subject: [PATCH] Support building with rpcap (--enable-rpcap) Signed-off-by: Joerg Mayer <jma...@loplof.de> --- Makefile.in | 5 +++-- config.h.in | 3 +++ configure | 19 +++++++++++++++++++ configure.ac | 11 +++++++++++ pcap/pcap.h | 2 +- remote-ext.h => pcap/remote-ext.h | 2 +- 6 files changed, 38 insertions(+), 4 deletions(-) rename remote-ext.h => pcap/remote-ext.h (99%) diff --git a/Makefile.in b/Makefile.in index 7044f04..eba68dd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -79,7 +79,8 @@ YACC = @YACC@ @rm -f $@ $(CC) $(FULL_CFLAGS) -c $(srcdir)/$*.c -PSRC = pcap-@V_PCAP@.c @USB_SRC@ @BT_SRC@ @BT_MONITOR_SRC@ @NETFILTER_SRC@ @DBUS_SRC@ +PSRC = pcap-@V_PCAP@.c @USB_SRC@ @BT_SRC@ @BT_MONITOR_SRC@ @NETFILTER_SRC@ \ + @DBUS_SRC@ @RPCAP_SRC@ FSRC = @V_FINDALLDEVS@ SSRC = @SSRC@ CSRC = pcap.c inet.c gencode.c optimize.c nametoaddr.c \ @@ -106,6 +107,7 @@ PUBHDR = \ pcap/namedb.h \ pcap/nflog.h \ pcap/pcap.h \ + pcap/remote-ext.h \ pcap/sll.h \ pcap/vlan.h \ pcap/usb.h @@ -345,7 +347,6 @@ EXTRA_DIST = \ pcap-usb-linux.c \ pcap-usb-linux.h \ pcap-win32.c \ - remote-ext.h \ sockutils.c \ sockutils.h \ scanner.l \ diff --git a/config.h.in b/config.h.in index 7f6115d..b02873e 100644 --- a/config.h.in +++ b/config.h.in @@ -127,6 +127,9 @@ /* define if net/pfvar.h defines PF_NAT through PF_NORDR */ #undef HAVE_PF_NAT_THROUGH_PF_NORDR +/* enable remote capture protocol support */ +#undef HAVE_REMOTE + /* define if you have the Septel API */ #undef HAVE_SEPTEL_API diff --git a/configure b/configure index 7af37bc..4842b6d 100755 --- a/configure +++ b/configure @@ -623,6 +623,7 @@ ac_subst_vars='LTLIBOBJS INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM +RPCAP_SRC PCAP_SUPPORT_PACKET_RING DBUS_SRC PCAP_SUPPORT_DBUS @@ -752,6 +753,7 @@ enable_usb enable_bluetooth enable_dbus enable_packet_ring +enable_rpcap ' ac_precious_vars='build_alias host_alias @@ -1392,6 +1394,7 @@ Optional Features: --enable-dbus enable D-Bus capture support [default=yes, if support available] --enable-packet-ring enable Linux packet ring support [default=yes] + --enable-rpcap enable remote capture protocol support [default=no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -8956,6 +8959,22 @@ $as_echo "#define PCAP_SUPPORT_PACKET_RING 1" >>confdefs.h fi +# Check whether --enable-rpcap was given. +if test "${enable_rpcap+set}" = set; then : + enableval=$enable_rpcap; +else + enable_rpcap=no +fi + + +if test "x$enable_rpcap" != "xno" ; then + +$as_echo "#define HAVE_REMOTE 1" >>confdefs.h + + RPCAP_SRC="pcap-new.c pcap-rpcap.c sockutils.c" + +fi + # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: diff --git a/configure.ac b/configure.ac index a2b31d4..6f5fd5d 100644 --- a/configure.ac +++ b/configure.ac @@ -1817,6 +1817,17 @@ if test "x$enable_packet_ring" != "xno" ; then AC_SUBST(PCAP_SUPPORT_PACKET_RING) fi +dnl Support remote capture +AC_ARG_ENABLE([rpcap], +[AC_HELP_STRING([--enable-rpcap],[enable remote capture protocol support @<:@default=no@:>@])], +,enable_rpcap=no) + +if test "x$enable_rpcap" != "xno" ; then + AC_DEFINE(HAVE_REMOTE, 1, [enable remote capture protocol support]) + RPCAP_SRC="pcap-new.c pcap-rpcap.c sockutils.c" + AC_SUBST(RPCAP_SRC) +fi + AC_PROG_INSTALL AC_CONFIG_HEADER(config.h) diff --git a/pcap/pcap.h b/pcap/pcap.h index 36606ac..1bce5ce 100644 --- a/pcap/pcap.h +++ b/pcap/pcap.h @@ -528,7 +528,7 @@ PCAP_API void bpf_dump(const struct bpf_program *, int); #ifdef HAVE_REMOTE /* Includes most of the public stuff that is needed for the remote capture */ - #include <remote-ext.h> + #include <pcap/remote-ext.h> #endif /* HAVE_REMOTE */ #ifdef __cplusplus diff --git a/remote-ext.h b/pcap/remote-ext.h similarity index 99% rename from remote-ext.h rename to pcap/remote-ext.h index ed2f9bb..00d8e3f 100644 --- a/remote-ext.h +++ b/pcap/remote-ext.h @@ -51,7 +51,7 @@ extern "C" { /* * \file remote-ext.h * - * The goal of this file it to include most of the new definitions that should be + * The goal of this file is to include most of the new definitions that should be * placed into the pcap.h file. * * It includes all new definitions (structures and functions like pcap_open(). -- 2.10.1 (Apple Git-78)
_______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers