Wireshark-commits: [Wireshark-commits] master bfef57e: androiddump: Fix and simplify tcpdump captur
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Sat, 10 Feb 2018 07:45:34 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bfef57ebb708445c55876b8768aad1a0b98cd29d
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

bfef57e by Florian Bezold (florian.bezold@xxxxxxxxxxx):

    androiddump: Fix and simplify tcpdump capture
    
    1. Use "exec:" ADB command to get raw (non-PTY) tcpdump output
    This is also supported on Android devices before Android 7, and is a
    much easier approach than testing the new "shell,raw:" command and
    falling back if unsupported. This basically undoes commit 5ebc3277.
    
    2. Pass "-U" to tcpdump to prevent on-target buffering
    Before using the "shell,raw" approach in commit 5ebc3277, I tried the
    "exec:" command already, but experienced extreme buffering of the
    tcpdump output, which is unacceptable for live trace viewing.
    Turns out, the buffering is determined "automatically" by libpcap:
    - When running in a PTY, output is flushed fast for viewing
    - When _not_ in a PTY, output is not flushed and thus heavily buffered.
    The "exec" command obviously doesn't use a PTY.
    Fortunately, tcpdump has a "-U" option to flush the output after each
    catpured packet, which is exactly what we need.
    
    3. Ignore tcpdump stderr output
    Enabling "-U" caused androiddump to fail, because it happened that the
    tcpdump stderr logs were mixed with the stdout data. (We were probably
    lucky this didn't happen without -U as well).
    To fix this, we just ignore stderr completely by adding "2>/dev/null" to
    the tcpdump command.
    
    4. Get linktype from pcap global header
    The stderr logs were previously parsed to get the textual linktype.
    This is now replaced by a simpler & less fragile approach: tcpdump
    prints the global pcap header, which contains precicesly the linktype
    info we need.
    
    5. Parse pcap global header magic correctly for timestamps & endianness
    The previous code only supported the "classic" pcap header magic and
    might also been incorrect on big-endian host machines.
    Now, endian handling is simplified and we can detect the "nanosecond
    timestamp" magic values as well.
    This fixes the problem that extcap_dumper_dump expects *nano*second
    timestamps, but the previous code supplied *micro*seconds if on-target
    tcpdump outputs microseconds.
    
    6. The parsing simplifications above allowed the main loop for tcpdump
    capture to be simplified considerably.
    
    Change-Id: Id66791e700a8943b86128f044f080bee60a9fa79
    Reviewed-on: https://code.wireshark.org/review/25713
    Petri-Dish: Michael Mann <mmann78@xxxxxxxxxxxx>
    Petri-Dish: Anders Broman <a.broman58@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  78b7da7   CMake: Don't shadow PROCESSOR_ARCHITECTURE.
    adds  bfef57e   androiddump: Fix and simplify tcpdump capture


Summary of changes:
 extcap/androiddump.c | 281 ++++++++++++++++-----------------------------------
 1 file changed, 89 insertions(+), 192 deletions(-)