Install Fink on Mac G5 (Mac OS X 10.3.8 fink 0.7.1 gcc 20030304 v 3.3)
======================
Compile ethereal : Compilation is OK, and binary is OK.
Install Fink on Mac G4 (Mac OS X 10.3.8 fink 0.7.1 gcc 20030304 v 3.3)
======================
Compile ethereal : Compilation is OK, and binary is KO. So I ask Fink to keep
the working folders, in order to be able to debug and compile ethereal. So, I
added some ftprintf(stderr, into ethereal and I could compile and launched my
ethereal. So I saw my debug statements.
The bug is :
==============
The error is : wiretap/libpcap.c : g_strdup_print(pcap: file has %u-byte
packet, bigger than maximum of %u, hdr->hdr.incl_len,WTAP_PACKET_SIZE) ;
In fact the bad value is not a constant, but seems to a time stamp. The capture
is a single UDP packet ! If I stopped ethereal capture without any packet, the
error message is the packet seems to cut in the middle.
Looking on internet a few pointers, but it seems to be a bug into the libz.
But I needed to compile again the full ethereal without libz (./configure
without-libz). I could not compile in this context (undefined symbol in
pcap-util.c => I have to do make clean to avoid this error).
So, I go back to Mac G5
=========================
and I try to compile ethereal (via ./configure ; make). I get an error
(undefined symbol in pcap-util.c). So What does fink to do in order to compile
properly ethereal ? I ask fink commander to work into a terminal, so I see the
configure option :
./configure prefix=/sw mandir=/sw/sahre/man without-net-snmp without-adns
disable-usr-local without-ssl
New compilation, with this configure command. Conclusion : no compilation error,
but some link errors :
ld : undefined symbols :
_pcre_compile
_pcre_exec
_pcre_study
In order to add the link with the pcre library, I add it directly (-lpcre) in
the Makefile (1267 tethereal$(EXEEXT). This is legal because a nm command on
the /sw/lib/libpcre.dylib says that the entry points are into the dynamic
library.
A question is How fink succeed to compile and link ? Fink says that ethereal
depends on pcre and load it, but the configure file says pcre is not used !
I try to do compile Ethereal without libz
make clean
./configure prefix=/sw mandir=/sw/sahre/man without-net-snmp without-adns
disable-usr-local without-sslwihtout-libz
make (add the -lpcre to avoid lib problem)
OK no compile and link error. (I do not try this version, because the G5 is an
operationnal computer, so I can't replace a running ethereal by a strange
one).
Notice on Mac G5
------------------
- libz is
- Mac G5, make build a tethereal (but on G4 only ethereal is build).
Now, go back to the G4 Macintosh
================================
make clean
./configure prefix=/sw mandir=/sw/sahre/man without-net-snmp without-adns
disable-usr-local without-sslwihtout-libz
make
Unable to link : the _uncompress is not found ? Where can find it ?
So I decide to go back with libz.
==================================================
In order to debug this week-end my questions are :
==================================================
- Is the bug known ? Is it really a zlib bug ? Where can I find right sources
of libz ?
- Is it possible to have no compressed captured file ?
- Compression is for captured file ? For understanding some protocols ? Both ?
Is there one compression algorithm or several ?
- Is it possible to have a well formated captured file to check, if the read
mechanism of my ethereal is OK ?
==> Of course now, I know where ethereal reads the captured file, but have you
pointer to know where the capture files are created and written ?
I have to understand where is the bug :
Bug when writing the file ?
Bug when reading the file ?
Bug in both ?
Thanks
PHL
