[Winpcap-users] Problems with the modified wpcap.dll in Wireshark
Gianluca Varenni
gianluca.varenni at cacetech.com
Wed Oct 17 22:17:35 GMT 2007
Oops... my bad, I didn't check the wpcap.dll code before posting the message
:-(
GV
----- Original Message -----
From: "Guy Harris" <guy at alum.mit.edu>
To: <winpcap-users at winpcap.org>
Sent: Wednesday, October 17, 2007 1:21 PM
Subject: Re: [Winpcap-users] Problems with the modified wpcap.dll in
Wireshark
> Gianluca Varenni wrote:
>> Does Wireshark call pcap_setbuff or directly
>> PacketSetBuff(p->adapter,dim)?
>
> It calls pcap_setbuff().
>
>> In the former case, a quick'n'dirty solution for the problem is adding
>> some code in pcap_setbuff to have it fail if p->adapter is NULL (I think
>> that there are some other Win32 specific APIs that will have the same
>> problem, I'm thinking of e.g. pcap_getevent()).
>
> The problem is that it *does* fail:
>
>
> /* Set the dimension of the kernel-level capture buffer */
> int
> pcap_setbuff(pcap_t *p, int dim)
> {
> if (p->adapter==NULL)
> {
> snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "The kernel buffer size cannot be
> set while reading from a file");
> return -1;
> }
>
> if(PacketSetBuff(p->adapter,dim)==FALSE)
> {
> snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory to
> allocate the kernel buffer");
> return -1;
> }
> return 0;
> }
>
> so Wireshark reports an error. However, the error is misleading, as
> pcap_setbuff() can fail for reasons other than the buffer size being too
> large.
>
> It repors the error, but the capture continues.
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list