Display filter content was being moved into a temporal
buffer with fixed length of 256. The filter field is
determined by the actual screen width, so we must ensure
the buffer has enough space to contain it.
ncurses always returns the same length output for the
filter value, filling the buffer with whitespaces until the
field lenght has been reached.
If DLT_NFLOG is available (libpcap >1.6.0) standard libpcap structs will be
used. Othewise, a fallback minimum implementation is provided in capture
headers.
Thanks as always to wireshak team for the sources to implement this :)
Added a new setting to only try to decrypt incomming TLS connections to
configured server in format IP:PORT
To enable this add following setting in sngreprc
set capture.tlsserver X.X.X.X:YYYY
When SYN-SYN+ACK-ACK sequence is captured, we handle the TCP
stream as TLS if keyfile is provided. This may not be the case,
so we must allow SIP parsing in TCP streams that doesn't come
with SSL record data.
While reading pcap files the packet loop ends and the capture handler
is closed, making it unusable for saving packets.
This commit avoids closing the handler until the application has
quit, using the running flag to determine if the capture thread is running
or not.
stdin was being reopened always even when input file was a pcap file.
Current tests enter keybinding from stdin so its data was being
ignored making them fail.
During offline file parsing in No interface mode, instead of checking if any
capture handler was still open, it was checking if any capture mode was online.
When only files were supplied, the capture instantly ended, closing the just
started offline capture threads.
Improved Capture Mode call list text to indicate
eep current running mode.
EEP listen mode is considered an Online mode and
will be displayed as [L:port].
EEP send mode is not considered an input but it
will also still printed as [H:port] in Capture
mode label.
Author: Adam Duskett <aduskett@codeblue.com>
Ncurses detection is currently broken in buildroot.
This patch does the following:
- Add SNGREP_CHECK_SCRIPT to configure.ac which checks for a
libname, a function in that library, sets a define if found, and
if not found, moves on to the next part. This is taken from the
htop configure.ac.
- Adds SNGREP_CHECK_LIB to configure.ac which checks for a
library, a function within that library, sets a define if that function
is found, and if not found, moves on to the next part.
This is taken from the htop configure.ac
- Modifies scrollbar.h and ui_panel.h to include <wctypes.h> instead of
<ncursesw/ncurses.h> if unicode is supported.
gcrypt is linked with libgpg-error, use libgcrypt-config to find
this dependency. (libgcrypt doesn't provide a .pc file)
libgcrypt-config --libs
[...] -lgcrypt -lgpg-error
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Like the -I command line argument supports multiples files, this commit implements
the logics for supporting multiple -d command line arguments.
We have also changed the way status (online, offline) is calculated, based on the
loaded sources.
The IP and TCP reassembly vectors have been now moved into each capture source
structure to avoid locking the general canpture config struct (where those vector
used to live until now).
PKG_CHECK_MODULES macro is installed in pkg-config package which is not present
in all installations. While it has its advantes, we must check if it's available
to support legacy configurations.