> Yes, ethereal freezes when I load the file and it works all right when I run
> ethereal -n.
Actually, it shouldn't freeze indefinitely in that case - it's just
waiting for a slow, or dead, DNS server to respond, as it's trying to
look up an IP address. Eventually, the server should time out, and it
should give up and continue. That has nothing whatsoever to do with the
capture file format.
> Now for something strange:
> When I have "Update list of packets in real time" unchecked, it freezes with
> capture progress window empty (no widgets are drawn).
> When I have "Update list of packets in real time" checked, it freezes with
> capture progress window drawn properly (the packets count is at zero and
> doesn't progress, the "stop" button doesn't respond).
The code path is a bit different for those, which may explain that.
> I'd like to point out that I'm just a Linux newbie and I'm not able to
> find the problem's cause here on my own, but I'm sure that it's something
> that changed in Ethereal itself, between versions 0.7.7 and 0.7.8,
> because 0.7.7 works fine.
Have you built 0.7.7 with the *exact same version of the "libpcap"
library* as the one with which 0.7.9 was built? If not, it could be a
"libpcap" difference - which, again, strikes me as far more likely. If
the 0.7.7 Ethereal were built with a version of "libpcap" that contained
the patch to make timeouts work, but the 0.7.8 and 0.7.9 ones were built
with a vanilla "libpcap" not containing that patch, that would produce
the behavior you see.
What happens if you apply the attached patch to the "libpcap" source?
*** pcap-int.h.dist Thu Oct 14 20:24:53 1999
--- pcap-int.h Fri Dec 24 12:19:09 1999
***************
*** 76,81 ****
--- 76,82 ----
int linktype;
int tzoff; /* timezone offset */
int offset; /* offset for proper alignment */
+ struct timeval timeout; /* packet timeout when reading live traffic */
struct pcap_sf sf;
struct pcap_md md;
*** pcap-linux.c.dist Thu Oct 14 20:24:53 1999
--- pcap-linux.c Fri Dec 24 12:18:42 1999
***************
*** 29,34 ****
--- 29,35 ----
#include <sys/time.h>
#include <sys/types.h>
#include <sys/uio.h>
+ #include <fcntl.h>
#include <net/if.h>
#ifdef HAVE_NET_IF_ARP_H
***************
*** 261,266 ****
--- 262,268 ----
struct sockaddr_ll from;
int fromlen;
int snaplen = p->snapshot;
+ struct timeval timeout;
#ifdef PACKET_TRECV
if (p->buffer == NULL)
***************
*** 271,276 ****
--- 273,301 ----
bufsize = p->bufsize;
for (;;) {
+ if (timerisset(&p->timeout)) {
+ /*
+ * Delay no more than the specified amount of
+ * time waiting for a packet to arrive, by
+ * using "select()" with that as a timeout
+ * to wait for the packet. Return 0 if no
+ * packet arrives.
+ */
+ fd_set set1;
+
+ FD_ZERO(&set1);
+ FD_SET(p->fd, &set1);
+
+ /*
+ * Linux modifies the timeout value, so we need to re-initialize
+ * it each time.
+ */
+ timeout.tv_sec = p->timeout.tv_sec;
+ timeout.tv_usec = p->timeout.tv_usec;
+ if (select(p->fd+1, &set1, NULL, NULL, &timeout) == 0)
+ return (0);
+ }
+
fromlen = sizeof(from);
cc = recvfrom(p->fd, bp, snaplen, MSG_TRUNC, (struct sockaddr*)&from, &fromlen);
if (cc >= 0)
***************
*** 543,548 ****
--- 568,576 ----
#ifdef PACKET_TRECV
}
#endif
+
+ p->timeout.tv_sec = to_ms / 1000;
+ p->timeout.tv_usec = (to_ms * 1000) % 1000000;
return (p);
bad:
