tcpdump icon indicating copy to clipboard operation
tcpdump copied to clipboard

Published 20 hours ago verified publisher icon the-tcpdump-group

[DRAFT] Test if tcpdump.exe works

Open fxlb opened this issue 1 year ago • 12 comments

[skip ci]

fxlb avatar Feb 07 '24 10:02 fxlb

The tcpdump.exe don't run:

Release\tcpdump.exe --version
Command exited with code -1073741515

(Same when using "Debug".)

fxlb avatar Feb 07 '24 16:02 fxlb

-1073741515 == 0xffffffffc0000135, both values yield search results discussing location of Windows libraries and setting of PATH.

infrastation avatar Feb 07 '24 17:02 infrastation

Thanks, and missing DLLs also.

fxlb avatar Feb 07 '24 20:02 fxlb

Investigation with Dependencies (https://github.com/lucasg/Dependencies) SDK=WpdPack --> wpcap.dll (NOT_FOUND). But no unattended installation possible with WinPcap_4_1_3.exe. SDK=npcap-sdk-1.12 --> wpcap.dll (NOT_FOUND). It seems that npcap-1.79.exe in silent mode needs a Npcap OEM version.

fxlb avatar Feb 07 '24 20:02 fxlb

-1073741515 == 0xffffffffc0000135, both values yield search results discussing location of Windows libraries and setting of PATH.

And as a 32-bit value, it's 0xc0000135, which is, according to the list of NT status values, STATUS_DLL_NOT_FOUND.

guyharris avatar Feb 07 '24 20:02 guyharris

SDK=WpdPack --> wpcap.dll (NOT_FOUND). But no unattended installation possible with WinPcap_4_1_3.exe. SDK=npcap-sdk-1.12 --> wpcap.dll (NOT_FOUND). It seems that npcap-1.79.exe in silent mode needs a Npcap OEM version.

Yes - in both cases, I think the intent is to have commercial applications using WinPcap or Npcap pay for the ability to silently install the driver and libraries as part of their installer, to help support the project. That's definitely the case for Npcap.

Note that, in order to do capture tests, the WinPcap/Npcap driver would also have to be installed. For reading capture files, that might not be necessary, so that may be OK for tcpdump tests.

guyharris avatar Feb 07 '24 20:02 guyharris

so that may be OK for tcpdump tests.

Any way to build without the capture function ? (Because currently tcpdump.exe needs wpcap.dll)

fxlb avatar Feb 07 '24 20:02 fxlb

Any way to build without the capture function ?

"Build" as in "build libpcap" or "build" as in "build tcpdump"?

Libpcap can be built without capture support - if using CMake, passing -DPCAP_TYPE=none to CMake should be sufficient.

Then you'd want to build tcpdump to link with the libpcap that you built.

(Because currently tcpdump.exe needs wpcap.dll)

Tcpdump's going to need some libpcap library, even if you're only building it to run the tests.

guyharris avatar Feb 07 '24 20:02 guyharris

Next test: extract wpcap.dll from installer, copy it in \Windows\system32 and see...

fxlb avatar Feb 07 '24 21:02 fxlb

If (please check that first) the licence does not forbid it, you could extract the required files once on a Windows PC, put them here and let the CI script download them from there into the correct place of the CI filesystem instead of the installers.

infrastation avatar Feb 07 '24 21:02 infrastation

extract wpcap.dll from installer, copy it in \Windows\system32 and see...

Copying is not enough. Installation required.

fxlb avatar Feb 08 '24 05:02 fxlb

Libpcap can be built without capture support - if using CMake, passing -DPCAP_TYPE=none to CMake should be sufficient.

-DPCAP_TYPE=null ?

Tcpdump's going to need some libpcap library, even if you're only building it to run the tests.

Yes, sure.

fxlb avatar Feb 09 '24 08:02 fxlb