#include <string.h>
#include <unistd.h>
-extern int want_pppoe, want_macs, want_hexdump;
+extern int want_pppoe, want_macs, want_hexdump, want_snaplen;
/* The cap process life-cycle:
*
cap_init(const char *device, const char *filter, int promisc)
{
char errbuf[PCAP_ERRBUF_SIZE], *tmp_device;
- int linktype, caplen;
+ int linktype, snaplen;
/* pcap doesn't like device being const */
tmp_device = xstrdup(device);
if (pcap == NULL)
errx(1, "pcap_open_live(): %s", errbuf);
- /* Work out the linktype and what caplen it needs. */
+ /* Work out the linktype and what snaplen we need. */
linktype = pcap_datalink(pcap);
verbosef("linktype is %d", linktype);
if ((linktype == DLT_EN10MB) && want_macs)
errx(1, "unknown linktype %d", linktype);
if (linkhdr->handler == NULL)
errx(1, "no handler for linktype %d", linktype);
- caplen = getcaplen(linkhdr);
+ snaplen = getsnaplen(linkhdr);
if (want_pppoe) {
- caplen += PPPOE_HDR_LEN;
+ snaplen += PPPOE_HDR_LEN;
if (linktype != DLT_EN10MB)
errx(1, "can't do PPPoE decoding on a non-Ethernet linktype");
}
- verbosef("caplen is %d", caplen);
+ verbosef("calculated snaplen minimum %d", snaplen);
+ if (want_snaplen > -1)
+ snaplen = want_snaplen;
+ verbosef("using snaplen %d", snaplen);
- /* Close and re-open pcap to use the new caplen. */
+ /* Close and re-open pcap to use the new snaplen. */
pcap_close(pcap);
errbuf[0] = '\0'; /* zero length string */
pcap = pcap_open_live(
tmp_device,
- caplen,
+ snaplen,
promisc,
CAP_TIMEOUT,
errbuf);
const char *capfile = NULL;
static void cb_capfile(const char *arg) { capfile = arg; }
+int want_snaplen = -1;
+static void cb_snaplen(const char *arg) { want_snaplen = parsenum(arg, 0); }
+
int want_pppoe = 0;
static void cb_pppoe(const char *arg _unused_) { want_pppoe = 1; }
static struct cmdline_arg cmdline_args[] = {
{"-i", "interface", cb_interface, 0},
{"-r", "file", cb_capfile, 0},
+ {"--snaplen", "bytes", cb_snaplen, 0},
{"--pppoe", NULL, cb_pppoe, 0},
{"--verbose", NULL, cb_verbose, 0},
{"--no-daemon", NULL, cb_no_daemon, 0},
}
/*
- * Returns the minimum caplen needed to decode everything up to the TCP/UDP
+ * Returns the minimum snaplen needed to decode everything up to the TCP/UDP
* packet headers. Argument lh is not allowed to be NULL.
*/
int
-getcaplen(const linkhdr_t *lh)
+getsnaplen(const linkhdr_t *lh)
{
assert(lh != NULL);
return (lh->hdrlen + IP_HDR_LEN + max(TCP_HDR_LEN, UDP_HDR_LEN));