diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2020-06-25 23:30:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-25 23:30:20 +0200 |
| commit | 9742dcc45c241f1091683a52dfa407579fd50304 (patch) | |
| tree | dd2f0cd45a8ef3f7da936c4e0c683ce3159edb83 | |
| parent | 0b53bc2aab97aefbcfd1f7c6f3c1cf96d8ab823f (diff) | |
| parent | 3c66ca236b0a1a4f62049af186247d4083ba99b7 (diff) | |
Merge pull request #930 from IvanNardi/extcap
Extcap
| -rw-r--r-- | example/ndpiReader.c | 18 | ||||
| -rw-r--r-- | wireshark/ndpi.lua | 8 |
2 files changed, 22 insertions, 4 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a24756c7d..57f8048df 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -172,6 +172,7 @@ struct ndpi_packet_trailer { }; static pcap_dumper_t *extcap_dumper = NULL; +static pcap_t *extcap_fifo_h = NULL; static char extcap_buf[16384]; static char *extcap_capture_fifo = NULL; static u_int16_t extcap_packet_filter = (u_int16_t)-1; @@ -559,7 +560,16 @@ void extcap_capture() { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - if((extcap_dumper = pcap_dump_open(pcap_open_dead(DLT_EN10MB, 16384 /* MTU */), + if((extcap_fifo_h = pcap_open_dead(DLT_EN10MB, 16384 /* MTU */)) == NULL) { + fprintf(stderr, "Error pcap_open_dead"); + +#ifdef DEBUG_TRACE + if(trace) fprintf(trace, "Error pcap_open_dead\n"); +#endif + return; + } + + if((extcap_dumper = pcap_dump_open(extcap_fifo_h, extcap_capture_fifo)) == NULL) { fprintf(stderr, "Unable to open the pcap dumper on %s", extcap_capture_fifo); @@ -840,6 +850,11 @@ static void parseOptions(int argc, char **argv) { printCSVHeader(); #ifndef USE_DPDK + if(do_capture) { + quiet_mode = 1; + extcap_capture(); + } + if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */ num_threads = 0; /* setting number of threads = number of interfaces */ __pcap_file = strtok(_pcap_file[0], ","); @@ -3507,6 +3522,7 @@ int orginal_main(int argc, char **argv) { if(results_path) free(results_path); if(results_file) fclose(results_file); if(extcap_dumper) pcap_dump_close(extcap_dumper); + if(extcap_fifo_h) pcap_close(extcap_fifo_h); if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod); if(csv_fp) fclose(csv_fp); diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua index 6038d8965..75ca95a70 100644 --- a/wireshark/ndpi.lua +++ b/wireshark/ndpi.lua @@ -895,10 +895,12 @@ function ndpi_proto.dissector(tvb, pinfo, tree) -- The trick below avoids to process the packet twice if(pinfo.visited == true) then - local eth_trailer = f_eth_trailer() + local eth_trailer = {f_eth_trailer()} - if(eth_trailer ~= nil) then - local eth_trailer = getval(eth_trailer) + -- Depending on Wireshark configuration, there may be multiple ethernet trailer fields. + -- Ours should be the last one, anyway + if(eth_trailer[#eth_trailer] ~= nil) then + local eth_trailer = getval(eth_trailer[#eth_trailer]) local magic = string.sub(eth_trailer, 1, 11) if(magic == "19:68:09:24") then |