Problem Description
Install Fink on Mac G5 (Mac OS X 10.3.8 - fink 0.7.1 - gcc 20030304
v 3.3)
Compile ethereal : Compilation is OK, and binary is OK.
Install Fink on Mac G4 (Mac OS X 10.3.8 - fink 0.7.1 - gcc 20030304
v 3.3)
Compile ethereal : Compilation is OK, and binary is KO. So I ask Fink
to keep the working folders, in order to be able to debug and compile ethereal.
So, I added some "fprintf(stderr," into ethereal and I could compile and
launched my ethereal. So I saw my debug statements.
The bug is :
The error is : wiretap/libpcap.c : g_strdup_print("pcap: file has %u-byte
packet, bigger than maximum of %u", hdr->hdr.incl_len,WTAP_PACKET_SIZE)
; In fact the bad value is not a constant, but seems to a time stamp. The
capture is a single UDP packet ! If I stopped ethereal capture without
any packet, the error message is "the packet seems to cut in the middle".
Debugging :
Thanks to the list, i know that the problem was a reading problem.
I decide to analyze a simple file : One UDP packet.
a1b2c3d4 00020004
00000000 00000000
0000ffff 00000001
4238c842 0000d028
00000042 00000042
ffffffff ffff0004
e2a672c4 08004500
003400fb 00004011
f36dc0a8 0201c0a8
02ff0208 02080020
b18f0202 00000002
0000c0a8 0200ffff
ff000000 00000000
wiretap/libpcap.c/libpcap_open :
file_read of magic : OK
bytes_read = file_read(&hdr, 1, sizeof hdr, wth->fh);
00020004 00000000 00000000 0000ffff 00000001
So my capture version is 2.4, size of packet 65535 (see
call libpcap_try (where wth->file_type = WTAP_FILE_PCAP)
wiretap/libpcap.c/libpcap_try :
if (libpcap_read_header(wth, err, NULL, &first_rec_hdr)
== -1)
Where offset is 4
bytes_to_read = sizeof (struct pcaprec_hdr);
file_read of :
4238c842 0000d028 00000042 00000042
With the 2 timestamps and the length of the packet. Both
sanity checks are OK
go back into wiretap/libpcap.c/libpcap_try :
if (file_seek(wth->fh, first_rec_hdr.hdr.incl_len, SEEK_CUR,
err) == -1)
The idea is to jump over the first packet (the value of 0x42 is right).
Now into wiretap/libpcap.c/libpcap_try :
if (libpcap_read_header(wth, err, NULL, &second_rec_hdr)
== -1)
bytes_to_read = sizeof (struct pcaprec_hdr);
file_read of :
a1b2c3d4 00020004 00000000 00000000
Why does ethereal read at the beginning of the file, not a the
correct position ? No idea (and of course no source of the dynamic library
How to solve the problem :
I try different ideas. But I succeed only in :
Compile ethereal on Mac G4 without libz (read the readme.macos to solve
some compilation bugs).
Get from Internet the zlib2.2.
Try to compile it : failure : The _uncompress entry is not found by
the link editor.
So, in the Makefile folder :
cp $REF/uncompr.o .
cp $REF/inflate.o .
cp $REF/crc32.o .
cp $REF/adler32.o .
cp $REF/zutil.o .
cp $REF/inftrees.o .
cp $REF/inffast.o .
And then patch the makefile (that was deleted by ./configure)
# patch PHL pour Mac OS X
PHL_ZLIB = uncompr.o inflate.o crc32.o adler32.o zutil.o inftrees.o
And also modify :
ethereal$(EXEEXT): $(ethereal_OBJECTS) $(ethereal_DEPENDENCIES)
@rm -f ethereal$(EXEEXT)
$(LINK) $(ethereal_LDFLAGS)
$(ethereal_OBJECTS) $(PHL_ZLIB) $(ethereal_LDADD) $(LIBS)
tethereal$(EXEEXT): $(tethereal_OBJECTS) $(tethereal_DEPENDENCIES)
@rm -f tethereal$(EXEEXT)
$(LINK) $(tethereal_LDFLAGS)
$(tethereal_OBJECTS) $(PHL_ZLIB) $(tethereal_LDADD) $(LIBS)
Now you get a binary ethereal that is running on the Mac G4 !
* do not touch this library ! If you suppress it, you can't fork any
new terminal (X or AQUA), new shells.