Hi List!
Yesterday late evening I've checked in the changes I've mentioned days
(weeks?) ago so tshark now uses dumpcap for capturing instead of "it's
own" pcap related functions. This is to implement better privilege
seperation, namely run tshark with user privileges and dumpcap using setuid.
To do this, I had to reimplement a lot of stuff in tshark.c, so new bugs
are pretty likely - at least for the next days, so please be patient.
I've tested the Win32 specific parts which seems to work ok, however, as
there are a lot of command line options I guess I didn't tested all stuff.
Where I'm now lacking knowledge of is the best way to implement the pipe
related stuff for the unix side - I need some help here. The current
implementation uses a dummy function which runs into a g_assert(),
therefore the buildbot test step and thark capturing fails now :-(
The problem here is how to read from the pipe that transfers messages
from dumpcap to tshark (messages like: "10 new packets arrived"). The
actual message handling is no big deal, the problem is to read mechansim
(block/poll) on the pipes file descriptor.
The unix specific implementation in Wireshark (gtk/gui_utils.c) uses
gtk_input_add_full(), but as we don't want to include GTK/GDK with
tshark, we need a different way to handle this.
The Win32 implementation that I've done in tshark.c uses 200ms polling
and Win32 specific PeekNamedPipe/GetExitCodeProcess and GStaticMutex to
deal with this - this is basically the same implementation as in
Wiresharks gui_utils.c (except for the mutex, which is new to prevent
reentrance problems due to changed timer mechanism).
So what we need now is something like this on the unix side. tshark.c
line 1682 contains already a function pipe_timer_cb() that will be
called every 200ms and currently only contains a g_assert() - but this
is only a thought. Would a select() call on the pipe_input.source file
descriptor do the trick here?
Could someone with more knowledge about this stuff could have a look at
this?
If you need any further info feel free to ask ...
Regards, ULFL
P.S: In the long run I would like to combine the pipe stuff for
Wireshark and tshark and remove any GTK/GDK specific stuff from that to
get cleaner code - and move that stuff out of gtk/gui_utils.c at all.
P.P.S: As we stopped support for Win9x some time ago, even the Win32
piping might be easier and better implemented as the related comment in
the code suggests - at least in a way that we don't need polling any longer.
P.P.P.S: Yes, there are other things that needs to be done here related
to the tshark changes, but let's solve one thing and then go to the next :-)
