osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
wireshark/tshark.c

4655 lines
177 KiB
Raw Permalink Normal View History Unescape

Tethereal/tethereal -> TShark/tshark. svn path=/trunk/; revision=18268
17 years ago
/* tshark.c
Add a routine to report write errors to the list of failure-reporting routines handled by epan/report_err.c. Move copy_binary_file() in file.c to epan/filesystem.c, and rename it to copy_file_binary_mode() (to clarify that it *can* copy text files; arguably, *all* files are "binary" unless you're on, say, an IBM 1401 :-)). Have it use the report_err.c routines, so it works in console-mode programs. Clean up some comments while we're at it. svn path=/trunk/; revision=27456
15 years ago
*
* Text-mode variant of Wireshark, along the lines of tcpdump and snoop,
* by Gilbert Ramirez <gram@alumni.rice.edu> and Guy Harris <guy@alum.mit.edu>.
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
*
name change svn path=/trunk/; revision=18197
17 years ago
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
* Copyright 1998 Gerald Combs
*
replace SPDX identifier GPL-2.0+ with GPL-2.0-or-later. The first is deprecated, as per https://spdx.org/licenses/. Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed Reviewed-on: https://code.wireshark.org/review/25661 Petri-Dish: Anders Broman <a.broman58@gmail.com> Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
5 years ago
* SPDX-License-Identifier: GPL-2.0-or-later
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
*/
Modify includes of config.h so that out-of-tree builds, i.e. CMake don't pick up the in-tree copy. Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71 Reviewed-on: https://code.wireshark.org/review/3798 Petri-Dish: Graham Bloice <graham.bloice@trihedral.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Roland Knall <rknall@gmail.com> Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
9 years ago
#include <config.h>
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
Refactor our logging and extend the wslog API Experience has shown that: 1. The current logging methods are not very reliable or practical. A logging bitmask makes little sense as the user-facing interface (who would want debug but not crtical messages for example?); it's computer-friendly and user-unfriendly. More importantly the console log level preference is initialized too late in the startup process to be used for the logging subsystem and that fact raises a number of annoying and hard-to-fix usability issues. 2. Coding around G_MESSAGES_DEBUG to comply with our log level mask and not clobber the user's settings or not create unexpected log misses is unworkable and generally follows the principle of most surprise. The fact that G_MESSAGES_DEBUG="all" can leak to other programs using GLib is also annoying. 3. The non-structured GLib logging API is very opinionated and lacks configurability beyond replacing the log handler. 4. Windows GUI has some special code to attach to a console, but it would be nice to abstract away the rest under a single interface. 5. Using this logger seems to be noticeably faster. Deprecate the console log level preference and extend our API to implement a log handler in wsutil/wslog.h to provide easy-to-use, flexible and dependable logging during all execution phases. Log levels have a hierarchy, from most verbose to least verbose (debug to error). When a given level is set everything above that is also enabled. The log level can be set with an environment variable or a command line option (parsed as soon as possible but still later than the environment). The default log level is "message". Dissector logging is not included because it is not clear what log domain they should use. An explosion to thousands of domains is not desirable and putting everything in a single domain is probably too coarse and noisy. For now I think it makes sense to let them do their own thing using g_log_default_handler() and continue using the G_MESSAGES_DEBUG mechanism with specific domains for each individual dissector. In the future a mechanism may be added to selectively enable these domains at runtime while trying to avoid the problems introduced by G_MESSAGES_DEBUG.
2 years ago
#define WS_LOG_DOMAIN LOG_DOMAIN_MAIN
Add ws_debug() and use it Replace most instances of ws_debug_printf() except in epan/dissectors and dissector plugins. Some replacements use printf(), some use ws_debug(), and some were removed because they were dead or judged to be temporary.
2 years ago
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
Set the locale for Tethereal to the native environment; Ethereal already does so, as a side-effect of calling "gtk_set_locale()". svn path=/trunk/; revision=2111
23 years ago
#include <locale.h>
Check the validity of numbers specified in command-line options. svn path=/trunk/; revision=3326
22 years ago
#include <limits.h>
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
Use the musl in-tree getopt_long() everywhere Besides the obvious limitation of being unavailable on Windows, the standard is vague about getopt() and getopt_long() has many non-portable pitfalls and buggy implementations, that increase the maintainance cost a lot. Also the GNU libc code currently in the tree is not suited for embedding and is unmaintainable. Own maintainership for getopt_long() and use the musl implementation everywhere. This way we don't need to worry if optreset is available, or if the $OPERATING_SYSTEM version behaves in subtly different ways. The API is under the Wireshark namespace to avoid conflicts with system headers. Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy with opterr and known to crash. In my experience it's a headache to use the embedded getopt implementation if the system provides one.
2 years ago
#include <wsutil/ws_getopt.h>
use getopt_long() in tshark svn path=/trunk/; revision=51087
10 years ago
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
#include <errno.h>
Miscellaneous code cleaning - add <stdarg.h> or <varargs.h> in snprintf.h and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes - remove the check of multiple inclusions in source (.c) code (there is a bit loss of _cpp_ performance, but I prefer the gain of code reading and maintenance; and nowadays, disk caches and VM are correctly optimized ;-). - protect all (well almost) header files against multiple inclusions - add header (i.e. GPL license) in some include files - reorganize a bit the way header files are included: First: #include <system_include_files> #include <external_package_include_files (e.g. gtk, glib etc.)> Then #include "ethereal_include_files" with the correct HAVE_XXX or NEED_XXX protections. - add some HAVE_XXX checks before including some system header files - add the same HAVE_XXX in wiretap as in ethereal Please forgive me, if I break something (I've only compiled and regression tested on Linux). svn path=/trunk/; revision=2254
23 years ago
CMake: Don't check for windows.h or winsock2.h. If we're building on Windows we're going to have windows.h and winsock2.h. Don't bother checking for them. Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603 Reviewed-on: https://code.wireshark.org/review/24068 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
6 years ago
#ifdef _WIN32
Fix Windows build without pcap. Change-Id: Ib79da01124a7f1b44f168ce19691d3ceaa7d5a68 Reviewed-on: https://code.wireshark.org/review/21619 Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
# include <winsock2.h>
#endif
Don't include signal.h unless we need it. Change-Id: I3965e0951eee919720f780b5e52732fd18fd9786 Reviewed-on: https://code.wireshark.org/review/6194 Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
#ifndef _WIN32
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
#include <signal.h>
Don't include signal.h unless we need it. Change-Id: I3965e0951eee919720f780b5e52732fd18fd9786 Reviewed-on: https://code.wireshark.org/review/6194 Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
#endif
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
First step in moving core Ethereal routines to libepan. svn path=/trunk/; revision=2458
23 years ago
#include <glib.h>
Add missing includes in order to remove exceptions.h from proto.h (next commit). svn path=/trunk/; revision=53230
10 years ago
#include <epan/exceptions.h>
Include files from the "epan" directory and subdirectories thereof with "epan/..." pathnames, so as to avoid collisions with header files in any of the directories in which we look (e.g., "proto.h", as some other package has its own "proto.h" file which it installs in the top-level include directory). Don't add "-I" flags to search "epan", as that's no longer necessary (and we want includes of "epan" headers to fail if the "epan/" is left out, so that we don't re-introduce includes lacking "epan/"). svn path=/trunk/; revision=4586
22 years ago
#include <epan/epan.h>
Move some more stuff into wsutil. Move the routines to parse numerical command-line arguments there. Make cmdarg_err() and cmdarg_err_cont() routines in wsutil that just call routines specified by a call to cmdarg_err_init(), and have programs supply the appropriate routines to it. Change-Id: Ic24fc758c0e647f4ff49eb91673529bcb9587b01 Reviewed-on: https://code.wireshark.org/review/2704 Reviewed-by: Evan Huus <eapache@gmail.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
Move ui/exit_codes.h to include/
4 months ago
#include <ws_exit_codes.h>
Move ui/clopts_common.[ch] to wsutil
4 months ago
#include <wsutil/clopts_common.h>
Move ui/cmdarg_err.[ch] to wsutil
4 months ago
#include <wsutil/cmdarg_err.h>
Clean up URLs. Add ui/urls.h to define some URLs on various of our websites. Use the GitLab URL for the wiki. Add a macro to generate wiki URLs. Update wiki URLs in comments etc. Use the #defined URL for the docs page in WelcomePage::on_helpLabel_clicked; that removes the last user of topic_online_url(), so get rid of it and swallow it up into topic_action_url().
3 years ago
#include <ui/urls.h>
Move the epan/filesystem.c routines to wsutil; they're not specific to packet dissection, they're specific to the entire Wireshark suite of programs. svn path=/trunk/; revision=53377
10 years ago
#include <wsutil/filesystem.h>
Suppress a bunch of cast-qual warnings. Squelch warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual] similar to g630f54f. Change strtod to g_ascii_strtod to squelch a checkAPIs error. Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e Reviewed-on: https://code.wireshark.org/review/7269 Reviewed-by: Gerald Combs <gerald@wireshark.org>
8 years ago
#include <wsutil/file_util.h>
Move the Winsock initialization and cleanup to wsutil routines. Those routines exist on both Windows and UN*X, but they don't do anything on UN*X (they could if it were ever necessary). That eliminates some #ifdefs, and also means that the gory details of initializing Winsock, including the Winsock version being requested, are buried in one routine. The initialization routine returns NULL on success and a pointer to a g_malloc()ated error message on failure; report the error to the user, along with a "report this to the Wireshark developers" suggestion. That means including wsutil/socket.h, which obviates the need to include some headers for socket APIs, as it includes them for you. Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186 Reviewed-on: https://code.wireshark.org/review/33045 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years ago
#include <wsutil/socket.h>
Suppress a bunch of cast-qual warnings. Squelch warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual] similar to g630f54f. Change strtod to g_ascii_strtod to squelch a checkAPIs error. Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e Reviewed-on: https://code.wireshark.org/review/7269 Reviewed-by: Gerald Combs <gerald@wireshark.org>
8 years ago
#include <wsutil/privileges.h>
Clean up handling of enabled/disabled protocols/heuristic dissectors. Add a "report a warning message" routine to the "report_err" code in libwsutil, and rename files and routines appropriately, as they don't only handle errors any more. Have a routine read_enabled_and_disabled_protos() that reads all the files that enable or disable protocols or heuristic dissectors, enables and disables them based on the contents of those files, and reports errors itself (as warnings) using the new "report a warning message" routine. Fix that error reporting to report separately on the disabled protocols, enabled protocols, and heuristic dissectors files. Have a routine to set up the enabled and disabled protocols and heuristic dissectors from the command-line arguments, so it's done the same way in all programs. If we try to enable or disable an unknown heuristic dissector via a command-line argument, report an error. Update a bunch of comments. Update the name of disabled_protos_cleanup(), as it cleans up information for disabled *and* enabled protocols and for heuristic dissectors. Support the command-line flags to enable and disable protocols and heuristic dissectors in tfshark. Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df Reviewed-on: https://code.wireshark.org/review/20966 Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
#include <wsutil/report_message.h>
Move the Winsock initialization and cleanup to wsutil routines. Those routines exist on both Windows and UN*X, but they don't do anything on UN*X (they could if it were ever necessary). That eliminates some #ifdefs, and also means that the gory details of initializing Winsock, including the Winsock version being requested, are buried in one routine. The initialization routine returns NULL on success and a pointer to a g_malloc()ated error message on failure; report the error to the user, along with a "report this to the Wireshark developers" suggestion. That means including wsutil/socket.h, which obviates the need to include some headers for socket APIs, as it includes them for you. Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186 Reviewed-on: https://code.wireshark.org/review/33045 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years ago
#include <wsutil/please_report_bug.h>
Add ws_debug() and use it Replace most instances of ws_debug_printf() except in epan/dissectors and dissector plugins. Some replacements use printf(), some use ws_debug(), and some were removed because they were dead or judged to be temporary.
2 years ago
#include <wsutil/wslog.h>
Replace g_assert() with ws_assert()
2 years ago
#include <wsutil/ws_assert.h>
tshark: Add a --selected-frame option Add a selected frame option that does pretty much what the name indicates. This is not meaningful in the CLI but is useful to simulate the selected frame action in the GUI for unit testing purposes. The option is not documented for that reason. A selected frame is used in display filters with field references. $ tshark -r ../test/captures/dhcp.pcap 1 0.000000 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Discover - Transaction ID 0x3d1d 2 0.000295 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP Offer - Transaction ID 0x3d1d 3 0.070031 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Request - Transaction ID 0x3d1e 4 0.070345 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP ACK - Transaction ID 0x3d1e $ tshark --selected-frame=2 -2 -Y 'frame.number <= ${frame.number}' -r ../test/captures/dhcp.pcap 1 0.000000 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Discover - Transaction ID 0x3d1d 2 0.000295 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP Offer - Transaction ID 0x3d1d
1 year ago
#include <wsutil/strtoi.h>
Put the main() and wmain() routines for CLI programs into a separate file. That means that code is only in one place, rather than having copies of it in each of those programs. CLI programs that, on Windows, should get UTF-8 arguments rather than arguments in the local code page should: include the top-level cli_main.h header; define the main function as real_main(); be built with the top-level cli_main.c file. On UN*X, cli_main.c has a main() program, and just passes the arguments on to real_main(). On Windows, cli_main.c has a wmain() function that converts the UTF-16 arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so that it doesn't use any functions other than those provided by the system, and then calls real_main() with the argument count and UTF-8 arguments. Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e Reviewed-on: https://code.wireshark.org/review/31017 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
5 years ago
#include <cli_main.h>
Move ui/version_info.[ch] to wsutil
4 months ago
#include <wsutil/version_info.h>
Making wiretap option blocks more generic. This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted. Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks. Also what could be added/refactored is registering block behavior. Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a Reviewed-on: https://code.wireshark.org/review/13667 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
7 years ago
#include <wiretap/wtap_opttypes.h>
First step in moving core Ethereal routines to libepan. svn path=/trunk/; revision=2458
23 years ago
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
#include "globals.h"
Include files from the "epan" directory and subdirectories thereof with "epan/..." pathnames, so as to avoid collisions with header files in any of the directories in which we look (e.g., "proto.h", as some other package has its own "proto.h" file which it installs in the top-level include directory). Don't add "-I" flags to search "epan", as that's no longer necessary (and we want includes of "epan" headers to fail if the "epan/" is left out, so that we don't re-introduce includes lacking "epan/"). svn path=/trunk/; revision=4586
22 years ago
#include <epan/timestamp.h>
#include <epan/packet.h>
Don't assume we have Lua just because we have plugin support. svn path=/trunk/; revision=53714
10 years ago
#ifdef HAVE_LUA
Move most of the plugin code from epan to wsutil and remove all knowledge of particular types of plugins. Instead, let particular types of plugins register with the common plugin code, giving a name and a routine to recognize that type of plugin. In particular applications, only process the relevant plugin types. Add a Makefile.common to the codecs directory. svn path=/trunk/; revision=53710
10 years ago
#include <epan/wslua/init_wslua.h>
Don't assume we have Lua just because we have plugin support. svn path=/trunk/; revision=53714
10 years ago
#endif
packet dissection now takes pointer to tvb instead of guint8 data implement frame_tvbuff, right now almost a copy of 'real' tvb. svn path=/trunk/; revision=50497
10 years ago
#include "frame_tvbuff.h"
Move disabled_protos.{h,c} into epan. svn path=/trunk/; revision=50521
10 years ago
#include <epan/disabled_protos.h>
Move prefs.c and prefs.h into the epan subdirectory. svn path=/trunk/; revision=12115
19 years ago
#include <epan/prefs.h>
Move the column preferences stuff to epan (the rest of the preferences stuff is already there). Update Gerald's e-mail address in column.h. svn path=/trunk/; revision=12131
19 years ago
#include <epan/column.h>
Combine Decode As and port preferences for tcp.port dissector table. This patch introduces new APIs to allow dissectors to have a preference for a (TCP) port, but the underlying data is actually part of Decode As functionality. For now the APIs are intentionally separate from the regular APIs that register a dissector within a dissector table. It may be possible to eventually combine the two so that all dissectors that register with a dissector table have an opportunity to "automatically" have a preference to adjust the "table value" through the preferences dialog. The tcp.port dissector table was used as the guinea pig. This will eventually be expanded to other dissector tables as well (most notably UDP ports). Some dissectors that "shared" a TCP/UDP port preference were also converted. It also removed the need for some preference callback functions (mostly when the callback function was the proto_reg_handoff function) so there is cleanup around that. Dissectors that has a port preference whose default was 0 were switched to using the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference Also added comments for TCP ports used that aren't IANA registered. Change-Id: I99604f95d426ad345f4b494598d94178b886eb67 Reviewed-on: https://code.wireshark.org/review/17724 Reviewed-by: Michael Mann <mmann78@netscape.net>
7 years ago
#include <epan/decode_as.h>
Move the print modules into epan. svn path=/trunk/; revision=50526
10 years ago
#include <epan/print.h>
From Albert Chin: rename resolv.{ch} to addr_resolv.{ch}, so that an include of <resolv.h> in any system header file gets the system <resolv.h> (needed for builds on Tru64 with GTK+ 1.2[.x]). svn path=/trunk/; revision=11615
19 years ago
#include <epan/addr_resolv.h>
Move capture_ui_utils.[ch] to libui. Change-Id: Id0f3d4d60a1acc7aa64fd3737b8f16df5bca4e5a Reviewed-on: https://code.wireshark.org/review/2708 Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
#ifdef HAVE_LIBPCAP
#include "ui/capture_ui_utils.h"
#endif
Rewrite make-tap-reg.py in C Change-Id: Ief5b1fffecc9712c01ff10292c403b7c84a5908a Reviewed-on: https://code.wireshark.org/review/24756 Reviewed-by: João Valverde <j@v6e.pt>
6 years ago
#include "ui/taps.h"
Start moving files to ui/ and ui/cli/ svn path=/trunk/; revision=41047
11 years ago
#include "ui/util.h"
Rename ui_util.h -> ws_ui_util.h In preparation for possibly using AUTOUIC in CMake which treats "ui_*.h" files specially, rename ui_util.h. No other changes. Change-Id: Id026572c000b713ff0e9388dc7fff8d81d4df73e Reviewed-on: https://code.wireshark.org/review/23916 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
6 years ago
#include "ui/ws_ui_util.h"
tshark: load decode_as_entries file With Wireshark 2.0, some dissector preferences were removed in favor of 'Decode As' functionality. But the settings saved in the GUI are not loaded in tshark, preventing their use without an explicit call to '-d' option. Let's load decode_as_entries file by default and have it overridden by the '-d' option if required. Ping-Bug: 12124 Change-Id: I134a424cb6cf8fc89b7096a659ef1605314a70a2 Reviewed-on: https://code.wireshark.org/review/13956 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
7 years ago
#include "ui/decode_as_utils.h"
Move ui/filter_files.[ch] to wsutil
4 months ago
#include "wsutil/filter_files.h"
Apply refactored "conversation" (tap) data to TShark. I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature. But at least all types of conversations allowed are in sync with Wireshark GUI. Bug:6310 Change-Id: I722837df510a39dadc1f9a07a99275509516698c Reviewed-on: https://code.wireshark.org/review/3212 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
9 years ago
#include "ui/cli/tshark-tap.h"
Enable exporting objects with tshark A new "--export-object <protocol>,<destdir>" option is added to tshark. This required refactoring Export Object behavior in all GUIs to give the export object handling to the dissector, rather than the ui layer. Included in the refactoring was fixing some serious memory leaks in Qt Export Object dialog, crash due to memory scope issues in GTK Export Object dialog, and addition sorting column feature in Qt dialog (set up by creating a widget to manage the items that were previously leaking memory) Bug: 9319 Ping-Bug: 13174 Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b Reviewed-on: https://code.wireshark.org/review/18927 Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> Tested-by: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
7 years ago
#include "ui/cli/tap-exportobject.h"
Implement Export PDU for tshark This patch introduces the "-U tap_name[,filter]" tshark option and is similar to the "Export PDUs as file" option in Wireshark. Wireshark implements this feature by reopening a capture file, applying a tap and finally opening the temporary file. Since tshark knows in advance that a PDU export is needed, it can optimize by not creating the temporary file and perform the export at the first opportunity. This patch splits the opening/tapping functionality from error reporting since tshark does not need a temp file and has no dialogs. The capture file comment is now specified explicitly as there is no "current file" anymore if the tap is running without active file. TODO: - Review whether it is acceptable to overwrite save_file in tshark. - Add documentation (tshark manpage). Bug: 3444 Change-Id: Ie159495d42c32c2ba7400f2991b7b8185b3fda09 Reviewed-on: https://code.wireshark.org/review/5890 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
7 years ago
#include "ui/tap_export_pdu.h"
Have routines for parsing options that affect dissection. Have them handle -d, -t, --disable-protocol, --disable-heuristic, and --enable-heuristic for TShark and both flavors of Wireshark. Change-Id: I612c276b1f9df8a2092202d23ab3d48be7857e85 Reviewed-on: https://code.wireshark.org/review/18583 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
7 years ago
#include "ui/dissect_opts.h"
tshark: Add option to export TLS session keys Add a new option --export-tls-session-keys <keyfile> to tshark to export TLS session keys.
2 years ago
#include "ui/ssl_key_export.h"
Add common routines for command-line libwiretap error reporting. These are similar to the routines added to ui/alert_box.c for dialog-box libwiretap error reporting. This centralizes the knowledge about what to say for various libwiretap errors, removing some duplicate code, and giving more details in some programs. Change-Id: I737405c4edaa0e6c27840f78a8c587a8b3ee120b Reviewed-on: https://code.wireshark.org/review/21234 Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
#include "ui/failure_message.h"
tshark: Add -G folders report Add a new tshark feature to generate a folders report. The folders report is essentially the information presented by Wireshark's About / Folders page in a TAB delimited format. Change-Id: Ic4b3d332b4bdaa7e6b7aad1e9cc5dd18413aada6 Reviewed-on: https://code.wireshark.org/review/19002 Petri-Dish: Jim Young <jim.young.ws@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Michael Mann <mmann78@netscape.net>
7 years ago
#if defined(HAVE_LIBSMI)
#include "epan/oids.h"
#endif
Transition from GeoIP Legacy to MaxMindDB. MaxMind is discontinuing its legacy databases in April in favor of GeoIP2, which use a newer database format (MaxMind DB). The reference C library (libmaxminddb) is available under the Apache 2.0 license which isn't quite compatible with ours. Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin and prints resolved information on stdout. Place it under a liberal license (MIT) so that we can keep libmaxminddb at arm's length. Add epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it via stdio. Migrate the preferences and documentation to MaxMindDB. Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the geographic coordinate fields to FT_DOUBLEs. Bug: 10658 Change-Id: I24aeed637bea1b41d173270bda413af230f4425f Reviewed-on: https://code.wireshark.org/review/26214 Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Gerald Combs <gerald@wireshark.org>
5 years ago
#include "epan/maxmind_db.h"
Include files from the "epan" directory and subdirectories thereof with "epan/..." pathnames, so as to avoid collisions with header files in any of the directories in which we look (e.g., "proto.h", as some other package has its own "proto.h" file which it installs in the top-level include directory). Don't add "-I" flags to search "epan", as that's no longer necessary (and we want includes of "epan" headers to fail if the "epan/" is left out, so that we don't re-introduce includes lacking "epan/"). svn path=/trunk/; revision=4586
22 years ago
#include <epan/epan_dissect.h>
Move the tap infrastructure to the epan directory. svn path=/trunk/; revision=12128
19 years ago
#include <epan/tap.h>
Rename stat_cmd_args.[ch] to stat_tap_ui.[ch]. The intent is to handle more than just command-line arguments; reflect that. Change-Id: Ia10efda85a9d11c6579d1bec6f789cee30d9e825 Reviewed-on: https://code.wireshark.org/review/5304 Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
#include <epan/stat_tap_ui.h>
Refactor "common" Conversation table functionality. Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality. The idea is to not have to modify the GUI when a dissector adds a new "conversation type" Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda Reviewed-on: https://code.wireshark.org/review/3113 Reviewed-by: Gerald Combs <gerald@wireshark.org>
9 years ago
#include <epan/conversation_table.h>
Further refactor SRT stats. Create "common" SRT tap data collection intended for all GUIs. Refactor/merge functionality of existing dissectors that have SRT support (AFP, DCERPC, Diameter, FC, GTP, LDAP, NCP, RPC, SCIS, SMB, and SMB2) for both TShark and GTK. SMB and DCERPC "tap packet filtering" were different between TShark and GTK, so I went with GTK filter logic. CAMEL "tap packet filtering" was different between TShark and GTK, so GTK filtering logic was pushed to the dissector and the TShark tap was left alone. Change-Id: I7d6eaad0673fe628ef337f9165d7ed94f4a5e1cc Reviewed-on: https://code.wireshark.org/review/8894 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Gerald Combs <gerald@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
8 years ago
#include <epan/srt_table.h>
Refactor RTD stats. Very similar to the refactoring of SRT stats, it provides more commonality of the stats for all GUI interfaces. Currently implemented for TShark and GTK. Affected dissectors: MEGACO, MGCP, Radius Change-Id: Icb73a7e603dc3502b39bf696227fcaae37d4ed21 Reviewed-on: https://code.wireshark.org/review/8998 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
8 years ago
#include <epan/rtd_table.h>
eXtenstion options access to the -X command line options svn path=/trunk/; revision=17207
18 years ago
#include <epan/ex-opt.h>
[tshark] Document -U option and create a list of tap names when entering an empty name "". Change-Id: I2b8332ff6900c8a88514a25a416f342d7b696d34 Reviewed-on: https://code.wireshark.org/review/15332 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
7 years ago
#include <epan/exported_pdu.h>
Add new Secrets API and allow TLS to use pcapng decryption secrets Add a new secrets API to the core, one that can outlive the lifetime of a single capture file. Expose decryption secrets from wiretap through a callback and let the secrets API route it to a dissector. Bug: 15252 Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7 Reviewed-on: https://code.wireshark.org/review/30705 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
5 years ago
#include <epan/secrets.h>
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
Now that we're using getopt_long(), and have some options available only as long options, and thus identified with numbers rather than option letters as the return value of getopt_long(), we now have to include capture_opts.h even if we're *not* building with libpcap, to provide #defines for those numbers. svn path=/trunk/; revision=51115
10 years ago
#include "capture_opts.h"
Merge the caputils/ and capchild/ directories The distinction between the different kinds of capture utility may not warrant a special subfolfer for each, and sometimes the distinction is not be clear or some functions could stradle multiple "categories" (like capture_ifinfo.[ch]). Simplify by having only a generic 'capture' subfolder. The separate CMake libraries are kept as a way to reuse object code efficiently.
2 years ago
#include "capture/capture-pcap-util.h"
Include "capture-pcap-util.h" even if we don't have libpcap. The routines to get libpcap version information just say "no pcap here" if we don't have it, so they're called regardless of whether we were compiled with it. Change-Id: I4e58cce83f7c0e36aa6ef9b40ec7075732402f3b Reviewed-on: https://code.wireshark.org/review/2800 Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
Add a Wiretap routine to process packets captured via libpcap, possibly extracting a pseudo-header, for the use of SunATM captures. Add support for SunATM capture. svn path=/trunk/; revision=5652
21 years ago
#ifdef HAVE_LIBPCAP
Merge the caputils/ and capchild/ directories The distinction between the different kinds of capture utility may not warrant a special subfolfer for each, and sometimes the distinction is not be clear or some functions could stradle multiple "categories" (like capture_ifinfo.[ch]). Simplify by having only a generic 'capture' subfolder. The separate CMake libraries are kept as a way to reuse object code efficiently.
2 years ago
#include "capture/capture_ifinfo.h"
Clean up the comments a bit. Use _WIN32 rather than WIN32 throughout (both of them appear to work - I don't know whether one is the "right" one to use and, if one is, which one it is - and they're both used in Ethereal, but let's at least be consistent within a given file). Update the capture device open failure message on Windows not to say Token Ring devices aren't supported - current versions of WinPcap do support it, and the Ethereal message was updated, but the Tethereal one wasn't. Fix up the Tethereal code to match the Ethereal code a bit more, so that we go to "error" on Windows if the capture device open fails, and so that the code actually compiles on Windows. Fix up the indentation while we're at it. svn path=/trunk/; revision=6829
21 years ago
#ifdef _WIN32
Merge the caputils/ and capchild/ directories The distinction between the different kinds of capture utility may not warrant a special subfolfer for each, and sometimes the distinction is not be clear or some functions could stradle multiple "categories" (like capture_ifinfo.[ch]). Simplify by having only a generic 'capture' subfolder. The separate CMake libraries are kept as a way to reuse object code efficiently.
2 years ago
#include "capture/capture-wpcap.h"
Don't include <pcap.h> twice. svn path=/trunk/; revision=14357
18 years ago
#endif /* _WIN32 */
Merge the caputils/ and capchild/ directories The distinction between the different kinds of capture utility may not warrant a special subfolfer for each, and sometimes the distinction is not be clear or some functions could stradle multiple "categories" (like capture_ifinfo.[ch]). Simplify by having only a generic 'capture' subfolder. The separate CMake libraries are kept as a way to reuse object code efficiently.
2 years ago
#include <capture/capture_session.h>
#include <capture/capture_sync.h>
Move the last of the routines from capture_info.c into ui/capture.c. That means the packet-count-during-capture stuff is scattered amongst fewer locations. Move capture_info.h into ui; it's now a header that declares routines whose implementations are GUI-platform-dependent. Change-Id: I475815724a4766f6bc2511e67ebae14865e1a9d1 Reviewed-on: https://code.wireshark.org/review/26249 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
4 years ago
#include <ui/capture_info.h>
Don't include <pcap.h> twice. svn path=/trunk/; revision=14357
18 years ago
#endif /* HAVE_LIBPCAP */
finish adding the tethereal's funnel. svn path=/trunk/; revision=17397
18 years ago
#include <epan/funnel.h>
Now that WinPcap is a DLL, I can load it at run-time rather than load-time. That means that I no longer need to distribute capture and non-capture versions of Ethereal for Win32; one version (compiled with WinPcap headers) can run on systems with or without WinPcap. For systems that don't have WinPcap, instead of disabling the Capture menu, Capture|Start brings up a dialogue informing the user that wpcap.dll was not loadable, and gives a URL to the WinPcap home page. svn path=/trunk/; revision=3249
23 years ago
Don't include "file.h" if you don't need it. It ends up dragging in libwireshark headers, which programs not linking with libwireshark shouldn't do. In particular, including <epan/address.h> causes some functions that refer to libwireshark functions to be defined if the compiler doesn't handle "static inline" the way GCC does, and you end up requiring libwireshark even though you shouldn't require it. Move plurality() to wsutil/str_util.h, so that non-libwireshark code can get it without include epan/packet.h. Fix includes as necessary. Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3 Reviewed-on: https://code.wireshark.org/review/11545 Reviewed-by: Guy Harris <guy@alum.mit.edu>
8 years ago
#include <wsutil/str_util.h>
TShark: Separate columns using UTF-8 arrows. Use UTF8_RIGHTWARDS_ARROW and UTF8_LEFTWARDS_ARROW instead of "->" and "<-" between addresses. This matches the port-printing behavior of the TCP, UDP, and SCTP dissectors. Change-Id: I0add8bfb1748319758a1ce7dbd362af818139db8 Reviewed-on: https://code.wireshark.org/review/15319 Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-by: Gerald Combs <gerald@wireshark.org>
7 years ago
#include <wsutil/utf8_entities.h>
epan: use json_dumper for json outputs. They include -Tjson, -Tjsonraw, -Tek. Change-Id: Ib3d700482ce5c29727c3f778cc3c46a1bf7756c4 Reviewed-on: https://code.wireshark.org/review/31000 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
5 years ago
#include <wsutil/json_dumper.h>
Refactor our logging and extend the wslog API Experience has shown that: 1. The current logging methods are not very reliable or practical. A logging bitmask makes little sense as the user-facing interface (who would want debug but not crtical messages for example?); it's computer-friendly and user-unfriendly. More importantly the console log level preference is initialized too late in the startup process to be used for the logging subsystem and that fact raises a number of annoying and hard-to-fix usability issues. 2. Coding around G_MESSAGES_DEBUG to comply with our log level mask and not clobber the user's settings or not create unexpected log misses is unworkable and generally follows the principle of most surprise. The fact that G_MESSAGES_DEBUG="all" can leak to other programs using GLib is also annoying. 3. The non-structured GLib logging API is very opinionated and lacks configurability beyond replacing the log handler. 4. Windows GUI has some special code to attach to a console, but it would be nice to abstract away the rest under a single interface. 5. Using this logger seems to be noticeably faster. Deprecate the console log level preference and extend our API to implement a log handler in wsutil/wslog.h to provide easy-to-use, flexible and dependable logging during all execution phases. Log levels have a hierarchy, from most verbose to least verbose (debug to error). When a given level is set everything above that is also enabled. The log level can be set with an environment variable or a command line option (parsed as soon as possible but still later than the environment). The default log level is "message". Dissector logging is not included because it is not clear what log domain they should use. An explosion to thousands of domains is not desirable and putting everything in a single domain is probably too coarse and noisy. For now I think it makes sense to let them do their own thing using g_log_default_handler() and continue using the G_MESSAGES_DEBUG mechanism with specific domains for each individual dissector. In the future a mechanism may be added to selectively enable these domains at runtime while trying to avoid the problems introduced by G_MESSAGES_DEBUG.
2 years ago
#include <wsutil/wslog.h>
tshark: fix handling of "you're writing to a closed pipe" errors on Windows. On Windows, a write to a pipe where the read side has been closed apparently may return the Windows error ERROR_BROKEN_PIPE, which the Visual Studio C library maps to EPIPE, or may return the Windows error ERROR_NO_DATA, which the Visual Studio C library maps to EINVAL. So, on Windows, for errors other than the ones for which we're reporting a special error message, check for EINVAL with a *Windows* error of ERROR_NO_DATA and, if that's what we have, don't print an error message; otherwise, print an error message that reports a message based on the Windows error (rather than a relatively uninformative "Invalid argument" error). This should fix issue #16192. Clean up indentation while we're at it.
2 years ago
#ifdef _WIN32
#include <wsutil/win32-utils.h>
#endif
Don't include "file.h" if you don't need it. It ends up dragging in libwireshark headers, which programs not linking with libwireshark shouldn't do. In particular, including <epan/address.h> causes some functions that refer to libwireshark functions to be defined if the compiler doesn't handle "static inline" the way GCC does, and you end up requiring libwireshark even though you shouldn't require it. Move plurality() to wsutil/str_util.h, so that non-libwireshark code can get it without include epan/packet.h. Fix includes as necessary. Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3 Reviewed-on: https://code.wireshark.org/review/11545 Reviewed-by: Guy Harris <guy@alum.mit.edu>
8 years ago
extcap: Restore functionality for options Allow stored options to be restored to their default values. This adds a global cleanup method for extcap and globally defined preference values, which fixes the parameter problem with windows Change-Id: I48e0cf846ef81f4732d652c6a2ad0020db5df08e Reviewed-on: https://code.wireshark.org/review/13741 Petri-Dish: Roland Knall <rknall@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Roland Knall <rknall@gmail.com>
8 years ago
#include "extcap.h"
Move most of the plugin code from epan to wsutil and remove all knowledge of particular types of plugins. Instead, let particular types of plugins register with the common plugin code, giving a name and a routine to recognize that type of plugin. In particular applications, only process the relevant plugin types. Add a Makefile.common to the codecs directory. svn path=/trunk/; revision=53710
10 years ago
#ifdef HAVE_PLUGINS
tshark: -G plugins - add codecs to output
1 year ago
#include <wsutil/codecs.h>
Move most of the plugin code from epan to wsutil and remove all knowledge of particular types of plugins. Instead, let particular types of plugins register with the common plugin code, giving a name and a routine to recognize that type of plugin. In particular applications, only process the relevant plugin types. Add a Makefile.common to the codecs directory. svn path=/trunk/; revision=53710
10 years ago
#include <wsutil/plugins.h>
#endif
Add a new header defining commonly-used exit codes. "Commonly-used" meaning "used by more than one source file". Clean up the exit codes, combining some duplicates with different names, and using some instead of raw numbers in some places.
2 years ago
/* Additional exit codes */
#define INVALID_EXPORT 2
#define INVALID_TAP 2
#define INVALID_CAPTURE 2
Add debug printing to tshark Add g_warning functions for tshark debug printing, disabled by default. Change-Id: If1720b790b75bd1228afa62efac49dc04bc8addb Reviewed-on: https://code.wireshark.org/review/10314 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
8 years ago
Reorganize long option values For long options, without corresponding short options, to be processed they need to be assigned a value, preferably outside of the range of all possible short options. The code in various places tries to stay clear of these low values, but further coordination is missing, easily leading to issues when option processing code gets extended and/or reorganized. This change introduces a single location from where each catagory of command line long option can derive a base value, which should minimize potential option value collisions. Change-Id: Ic8861a347d0050f74002de3aa1fcfb01202866e5 Reviewed-on: https://code.wireshark.org/review/35459 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
4 years ago
#define LONGOPT_EXPORT_OBJECTS LONGOPT_BASE_APPLICATION+1
#define LONGOPT_COLOR LONGOPT_BASE_APPLICATION+2
#define LONGOPT_NO_DUPLICATE_KEYS LONGOPT_BASE_APPLICATION+3
#define LONGOPT_ELASTIC_MAPPING_FILTER LONGOPT_BASE_APPLICATION+4
tshark: Add option to export TLS session keys Add a new option --export-tls-session-keys <keyfile> to tshark to export TLS session keys.
2 years ago
#define LONGOPT_EXPORT_TLS_SESSION_KEYS LONGOPT_BASE_APPLICATION+5
Clean up handling of --capture-comment. Don't store the comments in a capture_options structure, because that's available only if we're being built with capture support, and --capture-comment can be used in TShark when reading a capture file and writing another capture file, with no live capture taking place. This means we don't handle that option in capture_opts_add_opt(); handle it in the programs that support it. Support writing multiple comments in dumpcap when capturing. These changes also fix builds without pcap, and makes --capture-comment work in Wireshark when a capture is started from the command line with -k. Update the help messages to indicate that --capture-comment adds a capture comment, it doesn't change any comment (much less "the" comment, as there isn't necessarily a single comment). Update the man pages: - not to presume that only pcapng files support file comments (even if that's true now, it might not be true in the future); - to note that multiple instances of --capture-comment are supported, and that multiple comments will be written, whether capturing or reading one file and writing another; - clarify that Wireshark doesn't *discard* SHB comments other than the first one, even though it only displays the first one;
2 years ago
#define LONGOPT_CAPTURE_COMMENT LONGOPT_BASE_APPLICATION+6
tshark: Add new long option --hexdump <hexoption>
1 year ago
#define LONGOPT_HEXDUMP LONGOPT_BASE_APPLICATION+7
tshark: Add a --selected-frame option Add a selected frame option that does pretty much what the name indicates. This is not meaningful in the CLI but is useful to simulate the selected frame action in the GUI for unit testing purposes. The option is not documented for that reason. A selected frame is used in display filters with field references. $ tshark -r ../test/captures/dhcp.pcap 1 0.000000 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Discover - Transaction ID 0x3d1d 2 0.000295 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP Offer - Transaction ID 0x3d1d 3 0.070031 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Request - Transaction ID 0x3d1e 4 0.070345 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP ACK - Transaction ID 0x3d1e $ tshark --selected-frame=2 -2 -Y 'frame.number <= ${frame.number}' -r ../test/captures/dhcp.pcap 1 0.000000 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Discover - Transaction ID 0x3d1d 2 0.000295 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP Offer - Transaction ID 0x3d1d
1 year ago
#define LONGOPT_SELECTED_FRAME LONGOPT_BASE_APPLICATION+8
tshark: add "--color" option emulating wireshark colors With this commit, tshark will mimic the packet coloring present in the Wireshark GUI whenever "--color" is passed. This initial commit only adds such support for the standard text output format. A future commit could potentially broaden this support to other output modes (such as "-V" mode). Bug: 5158 Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d Reviewed-on: https://code.wireshark.org/review/21325 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
6 years ago
Use cfile fields for some frame_data pointers. Those fields weren't being used in TShark/TFShark/rawshark/sharkd, so we can use them, instead of defining our own static variables. This makes the non-Wireshark code paths a bit more like the Wireshark code paths. Change-Id: I55da4cf525e37598f314efca22f20d3e80cb547c Reviewed-on: https://code.wireshark.org/review/24691 Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
capture_file cfile;
Introduce frame_data_init() and get rid of fill_in_fdata() in tshark.c svn path=/trunk/; revision=30021
14 years ago
static guint32 cum_bytes;
Replace relative timestamp with reference frame number. Saves 16B per frame. svn path=/trunk/; revision=50772
10 years ago
static frame_data ref_frame;
Store pointers to previously displayed and captured packet, not nstime_t deltas. This commit reduces size (from 144B to 128B on AMD64) of frame_data structure. Part of bug 5821: Reduce per-packet memory requirements. svn path=/trunk/; revision=45071
11 years ago
static frame_data prev_dis_frame;
static frame_data prev_cap_frame;
Introduce frame_data_init() and get rid of fill_in_fdata() in tshark.c svn path=/trunk/; revision=30021
14 years ago
Add initial support for "two pass analysis" in tshark. This allows tshark to arrive at the same protocol tree as the Wireshark GUI. Before this change tshark only supported a single scan over the file. This effectively means that packets cannot use data that are gathered from frames that appear after the current frame. By scanning twice we give the dissector the opportunity to make forward references. svn path=/trunk/; revision=30076
14 years ago
static gboolean perform_two_pass_analysis;
Auto reset epan session Automatically resets intarnal epan session after reaching to specified number of packets, for example -M 1000 will reset the session every 1000 packets. this is more like a proposal since the usage is very specific it is useful for 24/7 live capture with dissection and sending data directly to another application. example: tshark -Y "gtp" -M 100000 -T fields -e gtp.message -e gtp.teid Change-Id: I8ee8b0380017c684120a93cb3fb43f41615a9c04 Reviewed-on: https://code.wireshark.org/review/21312 Reviewed-by: Evan Huus <eapache@gmail.com> Petri-Dish: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
6 years ago
static guint32 epan_auto_reset_count = 0;
static gboolean epan_auto_reset = FALSE;
Add initial support for "two pass analysis" in tshark. This allows tshark to arrive at the same protocol tree as the Wireshark GUI. Before this change tshark only supported a single scan over the file. This effectively means that packets cannot use data that are gathered from frames that appear after the current frame. By scanning twice we give the dissector the opportunity to make forward references. svn path=/trunk/; revision=30076
14 years ago
tshark: Add a --selected-frame option Add a selected frame option that does pretty much what the name indicates. This is not meaningful in the CLI but is useful to simulate the selected frame action in the GUI for unit testing purposes. The option is not documented for that reason. A selected frame is used in display filters with field references. $ tshark -r ../test/captures/dhcp.pcap 1 0.000000 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Discover - Transaction ID 0x3d1d 2 0.000295 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP Offer - Transaction ID 0x3d1d 3 0.070031 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Request - Transaction ID 0x3d1e 4 0.070345 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP ACK - Transaction ID 0x3d1e $ tshark --selected-frame=2 -2 -Y 'frame.number <= ${frame.number}' -r ../test/captures/dhcp.pcap 1 0.000000 0.0.0.0 → 255.255.255.255 DHCP 314 DHCP Discover - Transaction ID 0x3d1d 2 0.000295 192.168.0.1 → 192.168.0.10 DHCP 342 DHCP Offer - Transaction ID 0x3d1d
1 year ago
static guint32 selected_frame_number = 0;
Make the "human-readable text vs. PSML vs. PDML" choice separate from the "text vs. PostScript" choice. The "text vs. PostScript" choice should probably ultimately be done with a generic set of print methods, to handle various platform-native print mechanisms more cleanly (and perhaps the dialog box code for "export as {PDML,PSML}" should be separate from the "export as text"/"print" dialog). svn path=/trunk/; revision=11342
19 years ago
/*
* The way the packet decode is to be written.
*/
typedef enum {
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
WRITE_NONE, /* dummy initial state */
WRITE_TEXT, /* summary or detail text */
WRITE_XML, /* PDML or PSML */
WRITE_FIELDS, /* User defined list of fields */
WRITE_JSON, /* JSON */
WRITE_JSON_RAW, /* JSON only raw hex */
WRITE_EK /* JSON bulk insert to Elasticsearch */
/* Add CSV and the like here */
Make the "human-readable text vs. PSML vs. PDML" choice separate from the "text vs. PostScript" choice. The "text vs. PostScript" choice should probably ultimately be done with a generic set of print methods, to handle various platform-native print mechanisms more cleanly (and perhaps the dialog box code for "export as {PDML,PSML}" should be separate from the "export as text"/"print" dialog). svn path=/trunk/; revision=11342
19 years ago
} output_action_e;
Introduce frame_data_init() and get rid of fill_in_fdata() in tshark.c svn path=/trunk/; revision=30021
14 years ago
Make the "human-readable text vs. PSML vs. PDML" choice separate from the "text vs. PostScript" choice. The "text vs. PostScript" choice should probably ultimately be done with a generic set of print methods, to handle various platform-native print mechanisms more cleanly (and perhaps the dialog box code for "export as {PDML,PSML}" should be separate from the "export as text"/"print" dialog). svn path=/trunk/; revision=11342
19 years ago
static output_action_e output_action;
Fix a number of [-Wshadow] warnings; Also: Do some minor whitespace changes svn path=/trunk/; revision=46182
11 years ago
static gboolean do_dissection; /* TRUE if we have to dissect each packet */
static gboolean print_packet_info; /* TRUE if we're to print packet information */
Tshark: Optional packet summary for Elasticsearch Currently, the Elasticsearch output exports the packet details and, if -x is specified, the raw hex data. This change adds the option of exporting the packet summary as well. The default stays the same (packet details only), but now the existing -P switch turns on printing of the packet summary. It also turns off printing packet details, which can be turned back on with -V to print both, and combined with -x to print all three: summary, details and raw hex. The packet summary is especially useful when exploring and visualizing the data in Kibana, e.g. by displaying the summary "Info" field/column in a table, as in the Wireshark GUI. Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4 Reviewed-on: https://code.wireshark.org/review/22716 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
6 years ago
static gboolean print_summary; /* TRUE if we're to print packet summary information */
Fix a number of [-Wshadow] warnings; Also: Do some minor whitespace changes svn path=/trunk/; revision=46182
11 years ago
static gboolean print_details; /* TRUE if we're to print packet details information */
tshark: Fix typo in comment from ascci to ascii
2 years ago
static gboolean print_hex; /* TRUE if we're to print hex/ascii information */
In the MSVC++ 6.0 C library, "line-buffered" doesn't mean what one might expect - it means "same as fully-buffered". This means that the "-l" flag is a no-op on Windows. Instead of setting line-buffered mode with "setvbuf()", set a flag and, if that flag is set, flush the standard output after the information for ever packet is printed; this isn't "line-buffered", either, but, as the reason for doing line-buffering is to allow the output of Tethereal to be piped to a program and to have that program see the output for a packet as soon as the packet is seen and dissected, it should be just as good as line-buffered. svn path=/trunk/; revision=3047
23 years ago
static gboolean line_buffered;
tshark: set cf values when quiet and tempfile When there is no do_dissection cf is missing some variables for cf_close() call. Therefore we have to set them explicitly. Fixes: wireshark/wireshark#17021
3 years ago
static gboolean quiet = FALSE;
Add -Q option to TShark to force only "true" errors to stderr. No "status" messages should be included if -Q option is specified. Bug 2881 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2881) svn path=/trunk/; revision=46627
11 years ago
static gboolean really_quiet = FALSE;
tshark: Optionally delimit packet summary columns with tabs This patch augments tshark's -T report with a "tabs" option. When the -T tabs option is enabled an ASCII horizontal tab character is inserted between each column of the human-readable one-line packet summary record. Change-Id: Id10a6e21e231eb2e52b6342ed05399db1a5fcfdf Reviewed-on: https://code.wireshark.org/review/20537 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
6 years ago
static gchar* delimiter_char = " ";
tshark: add "--color" option emulating wireshark colors With this commit, tshark will mimic the packet coloring present in the Wireshark GUI whenever "--color" is passed. This initial commit only adds such support for the standard text output format. A future commit could potentially broaden this support to other output modes (such as "-V" mode). Bug: 5158 Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d Reviewed-on: https://code.wireshark.org/review/21325 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
6 years ago
static gboolean dissect_color = FALSE;
tshark: Add new long option --hexdump <hexoption>
1 year ago
static guint hexdump_source_option = HEXDUMP_SOURCE_MULTI; /* Default - Enable legacy multi-source mode */
static guint hexdump_ascii_option = HEXDUMP_ASCII_INCLUDE; /* Default - Enable legacy undelimited ASCII dump */
Introduce frame_data_init() and get rid of fill_in_fdata() in tshark.c svn path=/trunk/; revision=30021
14 years ago
Make some generic print routines that take, as an argument, a pointer to a structure containing a pointer to print operations for that object and a pointer to the private subclass-dependent data for that object, with subclasses for text and PostScript, and use those rather than the old scheme where a print format was passed as an argument - or where (as in the case of printing summary information in Tethereal) we just printed as text even if "-T ps" was selected. Check whether those routines succeed or get an I/O error writing output. Clean up indentation. svn path=/trunk/; revision=11514
19 years ago
static print_format_e print_format = PR_FMT_TEXT;
print_stream: free memory on exit. Change-Id: I6c4acaa9026cfdf1d4230c28c30bccfb6c025cef Reviewed-on: https://code.wireshark.org/review/19920 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Dario Lombardo <lomato@gmail.com>
6 years ago
static print_stream_t *print_stream = NULL;
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
Make some code common between pcap and no-pcap TShark. Set the output_file_name variable for -w regardless of whether we were built with libpcap or not. If we were built with libpcap, also pass the flag and its argument to capture_opts_add_opt(). In the reading-a-file code (rather than the doing-a-live-capture code), use output_file_name as the name of the output file, regardless of whether we were built with libpcap or not. This takes a few twists out of the maze of #ifdefs, all different. Change-Id: I828f1b04dacbf0ea4f3aff36f26cb9a3ffcbc480 Reviewed-on: https://code.wireshark.org/review/32011 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years ago
static char *output_file_name;
From Doug Pratley: The purpose of the patch is to provide a new output format (so it is independent of -V): single line record per-packet with the fields chosen by the user, with configuration options to control separator, quoting and whether a header line is printed. It also extends some existing options behaviour (-c and -a:filesize) so that they affect reading a file as well as writing one, so that only the first <n> packets or bytes are read). svn path=/trunk/; revision=21211
16 years ago
static output_fields_t* output_fields = NULL;
tshark: Support multiple -j and -J options, including mixed Store the field filter strings in a wmem_map pointing to the field flags for each string. This allows specifying multiple filter options (-j or -J) on the command line, including some of both. Fix #17470
4 months ago
static wmem_map_t *protocolfilter = NULL;
From Doug Pratley: The purpose of the patch is to provide a new output format (so it is independent of -V): single line record per-packet with the fields chosen by the user, with configuration options to control separator, quoting and whether a header line is printed. It also extends some existing options behaviour (-c and -a:filesize) so that they affect reading a file as well as writing one, so that only the first <n> packets or bytes are read). svn path=/trunk/; revision=21211
16 years ago
Add --no-duplicate-keys tshark option. Adds the --no-duplicate-keys option to tshark. If -T json is specified, this option can be specified in order to transform the duplicate keys produced by -T json into single keys with as value a json array of all separate values. Specifying --no-duplicate-keys changes the function which groups node children that is passed to write_json_proto_tree. Instead of a function that puts each node in a separate group (proto_node_group_children_by_unique) a function is passed that groups children that have the same json key together (proto_node_group_children_by_json_key). This will lead to some groups having multiple values. Groups with multiple values are written to the output as a json array. This includes normal json keys but also keys with the "_raw" and "_tree" suffix. If --no-duplicate-keys is specified with an option other than "-T json" or "-T jsonraw" or without -T an error is shown and tshark will exit. "Export Packet Dissections -> As JSON" in the GUI is hardcoded to use the duplicated keys format. Fixes one regression in the output where a filtered json key (-j) with both a value and children would not have the "_tree" suffix added to the json key containing the children. Includes a little code cleanup (removes one instance of code duplication and simplifies a while loop). Fixes a memory leak (I thought this fix was already included in the previous refactor patch but something must have gone wrong when updating the patch so I'm including it again in this patch). Bug: 12958 Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe Reviewed-on: https://code.wireshark.org/review/22166 Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
6 years ago
static gboolean no_duplicate_keys = FALSE;
static proto_node_children_grouper_func node_children_grouper = proto_node_group_children_by_unique;
epan: use json_dumper for json outputs. They include -Tjson, -Tjsonraw, -Tek. Change-Id: Ib3d700482ce5c29727c3f778cc3c46a1bf7756c4 Reviewed-on: https://code.wireshark.org/review/31000 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
5 years ago
static json_dumper jdumper;
The separator between packets is an output option, not a capture option, so it should be present even when building without libpcap. svn path=/trunk/; revision=39171
12 years ago
/* The line separator used between packets, changeable via the -S option */
Fix a bunch of warnings. Cast away some implicit 64-bit-to-32-bit conversion errors due to use of sizeof. Cast away some implicit 64-bit-to-32-bit conversion errors due to use of strtol() and strtoul(). Change some data types to avoid those implicit conversion warnings. When assigning a constant to a float, make sure the constant isn't a double, by appending "f" to the constant. Constify a bunch of variables, parameters, and return values to eliminate warnings due to strings being given const qualifiers. Cast away those warnings in some cases where an API we don't control forces us to do so. Enable a bunch of additional warnings by default. Note why at least some of the other warnings aren't enabled. randpkt.c and text2pcap.c are used to build programs, so they don't need to be in EXTRA_DIST. If the user specifies --enable-warnings-as-errors, add -Werror *even if the user specified --enable-extra-gcc-flags; assume they know what they're doing and are willing to have the compile fail due to the extra GCC warnings being treated as errors. svn path=/trunk/; revision=46748
11 years ago
static const char *separator = "";
The separator between packets is an output option, not a capture option, so it should be present even when building without libpcap. svn path=/trunk/; revision=39171
12 years ago
Clean up handling of --capture-comment. Don't store the comments in a capture_options structure, because that's available only if we're being built with capture support, and --capture-comment can be used in TShark when reading a capture file and writing another capture file, with no live capture taking place. This means we don't handle that option in capture_opts_add_opt(); handle it in the programs that support it. Support writing multiple comments in dumpcap when capturing. These changes also fix builds without pcap, and makes --capture-comment work in Wireshark when a capture is started from the command line with -k. Update the help messages to indicate that --capture-comment adds a capture comment, it doesn't change any comment (much less "the" comment, as there isn't necessarily a single comment). Update the man pages: - not to presume that only pcapng files support file comments (even if that's true now, it might not be true in the future); - to note that multiple instances of --capture-comment are supported, and that multiple comments will be written, whether capturing or reading one file and writing another; - clarify that Wireshark doesn't *discard* SHB comments other than the first one, even though it only displays the first one;
2 years ago
/* Per-file comments to be added to the output file. */
static GPtrArray *capture_comments = NULL;
tshark/tfshark: Replace global prefs with a boolean This partially reverts dc0e6ccc9f9aaad7139c1edd3b723c4b939b15da in favor of a cleaner solution. Change-Id: Ie57329020b5a7d15eb7d99aad3103843a14f07a6 Reviewed-on: https://code.wireshark.org/review/24278 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Dario Lombardo <lomato@gmail.com>
6 years ago
static gboolean prefs_loaded = FALSE;
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
#ifdef HAVE_LIBPCAP
Fix up the suppression of packet printing and packet count printing so that: packets are printed iff we're not saving packets to a file and "-q" wasn't specified; packet counts are printed iff we're capturing (i.e., not reading from a file) and "-q" wasn't specified. svn path=/trunk/; revision=13348
19 years ago
/*
* TRUE if we're to print packet counts to keep track of captured packets.
*/
Don't print the packet counter when capturing if we're also printing packet information to a terminal (which we assume is the same terminal as the one to which the packet counts are being printed), as they get in the way of each other. Don't print it if we're sending the standard error to a terminal, or if -q is specified, either. Put all the setting of print_packet_counts together; it looks as if the default value of print_packet_counts may have been changed to TRUE and the code to handle -q wasn't changed to set it to FALSE if -q was specified rather than setting it to TRUE if it wasn't specified. svn path=/trunk/; revision=51227
10 years ago
static gboolean print_packet_counts;
Fix up the suppression of packet printing and packet count printing so that: packets are printed iff we're not saving packets to a file and "-q" wasn't specified; packet counts are printed iff we're capturing (i.e., not reading from a file) and "-q" wasn't specified. svn path=/trunk/; revision=13348
19 years ago
Rename capture_opts to global_capture_opts - that's what it's called in dumpcap, and calling it capture_opts collides with parameter names, as noted by John Smith. svn path=/trunk/; revision=25545
15 years ago
static capture_options global_capture_opts;
Pull the capture-session state information out of capture_opts and put it into a separate capture_session structure. capture_opts should contain only user-specified option information (and stuff directly derived from it, such as the "capturing from a pipe" flag). svn path=/trunk/; revision=49493
10 years ago
static capture_session global_capture_session;
Allow "capture info data" to not be a singleton. It was buried as a static variable in capture_info.c, and functions were refactored to allow a pointer to the info_data_t structure to be passed in. TShark and GTK will have their own single (global) copy of the structure, while it opens up Qt to have multiple instances. Change-Id: Ic2d7a2ad574de43f457cb18b194d6bc3fffb6120 Reviewed-on: https://code.wireshark.org/review/12691 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
8 years ago
static info_data_t global_info_data;
Add support for SIGINFO on systems that have it. svn path=/trunk/; revision=6590
21 years ago
#ifdef SIGINFO
Rename g_resolv_flags --> gbl_resolv_flags; Also: cleanup some whitespace & indentation. svn path=/trunk/; revision=34487
13 years ago
static gboolean infodelay; /* if TRUE, don't print capture info in SIGINFO handler */
static gboolean infoprint; /* if TRUE, print capture info after clearing infodelay */
Add support for SIGINFO on systems that have it. svn path=/trunk/; revision=6590
21 years ago
#endif /* SIGINFO */
(some) redesign of capture data structures. don't use global cfile at all but only an untpyed handle to call the cf_... functions in file.c move the save_file member from capture_file to capture_opts, as it's only used while capturing and while preparing it svn path=/trunk/; revision=13276
19 years ago
Fix bug #4735: tshark returns 0 on non-valid filter and interface. See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4735 svn path=/trunk/; revision=33004
13 years ago
static gboolean capture(void);
Have callback function pointers in a capture_session structure. Instead of having programs that use the capchild library define functions with known names, with the library routines calling back routines with those names, have function pointers for those callbacks in the capture_session structure, and have capture_session_init() set them. Make the callback routines in TShark and in the ui library static. Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae Reviewed-on: https://code.wireshark.org/review/36583 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
3 years ago
static gboolean capture_input_new_file(capture_session *cap_session,
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
gchar *new_file);
Have callback function pointers in a capture_session structure. Instead of having programs that use the capchild library define functions with known names, with the library routines calling back routines with those names, have function pointers for those callbacks in the capture_session structure, and have capture_session_init() set them. Make the callback routines in TShark and in the ui library static. Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae Reviewed-on: https://code.wireshark.org/review/36583 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
3 years ago
static void capture_input_new_packets(capture_session *cap_session,
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
int to_read);
Have callback function pointers in a capture_session structure. Instead of having programs that use the capchild library define functions with known names, with the library routines calling back routines with those names, have function pointers for those callbacks in the capture_session structure, and have capture_session_init() set them. Make the callback routines in TShark and in the ui library static. Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae Reviewed-on: https://code.wireshark.org/review/36583 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
3 years ago
static void capture_input_drops(capture_session *cap_session, guint32 dropped,
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
const char* interface_name);
Have callback function pointers in a capture_session structure. Instead of having programs that use the capchild library define functions with known names, with the library routines calling back routines with those names, have function pointers for those callbacks in the capture_session structure, and have capture_session_init() set them. Make the callback routines in TShark and in the ui library static. Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae Reviewed-on: https://code.wireshark.org/review/36583 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
3 years ago
static void capture_input_error(capture_session *cap_session,
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
char *error_msg, char *secondary_error_msg);
Have callback function pointers in a capture_session structure. Instead of having programs that use the capchild library define functions with known names, with the library routines calling back routines with those names, have function pointers for those callbacks in the capture_session structure, and have capture_session_init() set them. Make the callback routines in TShark and in the ui library static. Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae Reviewed-on: https://code.wireshark.org/review/36583 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
3 years ago
static void capture_input_cfilter_error(capture_session *cap_session,
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
guint i, const char *error_message);
Have callback function pointers in a capture_session structure. Instead of having programs that use the capchild library define functions with known names, with the library routines calling back routines with those names, have function pointers for those callbacks in the capture_session structure, and have capture_session_init() set them. Make the callback routines in TShark and in the ui library static. Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae Reviewed-on: https://code.wireshark.org/review/36583 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
3 years ago
static void capture_input_closed(capture_session *cap_session, gchar *msg);
(some) redesign of capture data structures. don't use global cfile at all but only an untpyed handle to call the cf_... functions in file.c move the save_file member from capture_file to capture_opts, as it's only used while capturing and while preparing it svn path=/trunk/; revision=13276
19 years ago
static void report_counts(void);
#ifdef _WIN32
static BOOL WINAPI capture_cleanup(DWORD);
#else /* _WIN32 */
static void capture_cleanup(int);
#ifdef SIGINFO
static void report_counts_siginfo(int);
#endif /* SIGINFO */
#endif /* _WIN32 */
#endif /* HAVE_LIBPCAP */
Auto reset epan session Automatically resets intarnal epan session after reaching to specified number of packets, for example -M 1000 will reset the session every 1000 packets. this is more like a proposal since the usage is very specific it is useful for 24/7 live capture with dissection and sending data directly to another application. example: tshark -Y "gtp" -M 100000 -T fields -e gtp.message -e gtp.teid Change-Id: I8ee8b0380017c684120a93cb3fb43f41615a9c04 Reviewed-on: https://code.wireshark.org/review/21312 Reviewed-by: Evan Huus <eapache@gmail.com> Petri-Dish: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
6 years ago
static void reset_epan_mem(capture_file *cf, epan_dissect_t *edt, gboolean tree, gboolean visual);
Reset the terminal color if we're ^C'ed when reading a capture. Catch signals/ctrl events when we're reading a capture, and stop reading if we get one of those. When we close a print stream, restore the color as appropriate. Change-Id: I3dd936964560fb3902befe0fd2e961f80437ca72 Ping-Bug: 15659 Reviewed-on: https://code.wireshark.org/review/32716 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years ago
typedef enum {
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
PROCESS_FILE_SUCCEEDED,
PROCESS_FILE_NO_FILE_PROCESSED,
PROCESS_FILE_ERROR,
PROCESS_FILE_INTERRUPTED
Reset the terminal color if we're ^C'ed when reading a capture. Catch signals/ctrl events when we're reading a capture, and stop reading if we get one of those. When we close a print stream, restore the color as appropriate. Change-Id: I3dd936964560fb3902befe0fd2e961f80437ca72 Ping-Bug: 15659 Reviewed-on: https://code.wireshark.org/review/32716 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years ago
} process_file_status_t;
Differentiate `-c` from `-a packets:`
1 year ago
static process_file_status_t process_cap_file(capture_file *, char *, int, gboolean, int, gint64, int);
Reset the terminal color if we're ^C'ed when reading a capture. Catch signals/ctrl events when we're reading a capture, and stop reading if we get one of those. When we close a print stream, restore the color as appropriate. Change-Id: I3dd936964560fb3902befe0fd2e961f80437ca72 Ping-Bug: 15659 Reviewed-on: https://code.wireshark.org/review/32716 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years ago
Prime the epan_dissect_t with postdissector wanted fields if necessary. This makes sure that postdissectors that indicate that they need certain fields in the first pass will get them. While we're at it: Fix the field-fetching code in TRANSUM not to assume it got any instances of the field being fetched. Rename process_packet_first_pass() in sharkd to process_packet(), as it's the only routine in sharkd that processes packets. Rename process_packet() in tshark and tfshark to process_packet_single_pass(), as it's what's used if we're only doing one-pass analysis. Clean up comments and whitespace. Change-Id: I3769af952c66f5ca4b68002ad6213858ab9cab9b Reviewed-on: https://code.wireshark.org/review/21063 Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
static gboolean process_packet_single_pass(capture_file *cf,
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
epan_dissect_t *edt, gint64 offset, wtap_rec *rec, Buffer *buf,
guint tap_flags);
tshark: fix handling of "you're writing to a closed pipe" errors on Windows. On Windows, a write to a pipe where the read side has been closed apparently may return the Windows error ERROR_BROKEN_PIPE, which the Visual Studio C library maps to EPIPE, or may return the Windows error ERROR_NO_DATA, which the Visual Studio C library maps to EINVAL. So, on Windows, for errors other than the ones for which we're reporting a special error message, check for EINVAL with a *Windows* error of ERROR_NO_DATA and, if that's what we have, don't print an error message; otherwise, print an error message that reports a message based on the Windows error (rather than a relatively uninformative "Invalid argument" error). This should fix issue #16192. Clean up indentation while we're at it.
2 years ago
static void show_print_file_io_error(void);
(some) redesign of capture data structures. don't use global cfile at all but only an untpyed handle to call the cf_... functions in file.c move the save_file member from capture_file to capture_opts, as it's only used while capturing and while preparing it svn path=/trunk/; revision=13276
19 years ago
static gboolean write_preamble(capture_file *cf);
static gboolean print_packet(capture_file *cf, epan_dissect_t *edt);
static gboolean write_finale(void);
Add more error-reporting routines that call through a function pointer. Have routines to report capture-file errors, using libwireshark error codes and strings, that call through a pointer, so they can pop up dialogs in GUI apps, print a message to the standard error on command-line apps, and possibly do something different on server programs. Have init_report_message() take a pointer to structure containing those function pointers, rather than the function pointers themselves, as arguments. Make other API changes to make that work.
2 years ago
static void tshark_cmdarg_err(const char *msg_format, va_list ap);
static void tshark_cmdarg_err_cont(const char *msg_format, va_list ap);
(some) redesign of capture data structures. don't use global cfile at all but only an untpyed handle to call the cf_... functions in file.c move the save_file member from capture_file to capture_opts, as it's only used while capturing and while preparing it svn path=/trunk/; revision=13276
19 years ago
Get rid of another global in the print code. Pass the "output only these protocols" hash table as an argument, instead. Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1 Reviewed-on: https://code.wireshark.org/review/5440 Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
static GHashTable *output_only_tables = NULL;
wiretap: more work on file type/subtypes. Provide a wiretap routine to get an array of all savable file type/subtypes, sorted with pcap and pcapng at the top, followed by the other types, sorted either by the name or the description. Use that routine to list options for the -F flag for various commands Rename wtap_get_savable_file_types_subtypes() to wtap_get_savable_file_types_subtypes_for_file(), to indicate that it provides an array of all file type/subtypes in which a given file can be saved. Have it sort all types, other than the default type/subtype and, if there is one, the "other" type (both of which are put at the top), by the name or the description. Don't allow wtap_register_file_type_subtypes() to override any existing registrations; have them always register a new type. In that routine, if there are any emply slots in the table, due to an entry being unregistered, use it rather than allocating a new slot. Don't allow unregistration of built-in types. Rename the "dump open table" to the "file type/subtype table", as it has entries for all types/subtypes, even if we can't write them. Initialize that table in a routine that pre-allocates the GArray before filling it with built-in types/subtypes, so it doesn't keep getting reallocated. Get rid of wtap_num_file_types_subtypes - it's just a copy of the size of the GArray. Don't have wtap_file_type_subtype_description() crash if handed an file type/subtype that isn't a valid array index - just return NULL, as we do with wtap_file_type_subtype_name(). In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_ names for the backwards-compatibility names - map those names to the current names, and then look them up. This reduces the number of uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values. Clean up the type of wtap_module_count - it has no need to be a gulong. Have built-in wiretap file handlers register names to be used for their file type/subtypes, rather than building the table in init.lua. Add a new Lua C function get_wtap_filetypes() to construct the wtap_filetypes table, based on the registered names, and use it in init.lua. Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended only for internal use in init.lua, so they can be made available from Lua without being documented. Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use it, as it can just request arrays of types, and the space of type/subtype codes can be sparse due to registration in any case, so code has to be careful using it. wtap_get_num_file_types_subtypes() is no longer used, so remove it. It returns the number of elements in the file type/subtype array, which is not necessarily the name of known file type/subtypes, as there may have been some deregistered types, and those types do *not* get removed from the array, they just get cleared so that they're available for future allocation (we don't want the indices of any registered types to changes if another type is deregistered, as those indicates are the type/subtype values, so we can't shrink the array). Clean up white space and remove some comments that shouldn't have been added.
2 years ago
static void
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
list_capture_types(void)
{
GArray *writable_type_subtypes;
fprintf(stderr, "tshark: The available capture file types for the \"-F\" flag are:\n");
writable_type_subtypes = wtap_get_writable_file_types_subtypes(FT_SORT_BY_NAME);
for (guint i = 0; i < writable_type_subtypes->len; i++) {
int ft = g_array_index(writable_type_subtypes, int, i);
fprintf(stderr, " %s - %s\n", wtap_file_type_subtype_name(ft),
wtap_file_type_subtype_description(ft));
}
g_array_free(writable_type_subtypes, TRUE);
wiretap: more work on file type/subtypes. Provide a wiretap routine to get an array of all savable file type/subtypes, sorted with pcap and pcapng at the top, followed by the other types, sorted either by the name or the description. Use that routine to list options for the -F flag for various commands Rename wtap_get_savable_file_types_subtypes() to wtap_get_savable_file_types_subtypes_for_file(), to indicate that it provides an array of all file type/subtypes in which a given file can be saved. Have it sort all types, other than the default type/subtype and, if there is one, the "other" type (both of which are put at the top), by the name or the description. Don't allow wtap_register_file_type_subtypes() to override any existing registrations; have them always register a new type. In that routine, if there are any emply slots in the table, due to an entry being unregistered, use it rather than allocating a new slot. Don't allow unregistration of built-in types. Rename the "dump open table" to the "file type/subtype table", as it has entries for all types/subtypes, even if we can't write them. Initialize that table in a routine that pre-allocates the GArray before filling it with built-in types/subtypes, so it doesn't keep getting reallocated. Get rid of wtap_num_file_types_subtypes - it's just a copy of the size of the GArray. Don't have wtap_file_type_subtype_description() crash if handed an file type/subtype that isn't a valid array index - just return NULL, as we do with wtap_file_type_subtype_name(). In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_ names for the backwards-compatibility names - map those names to the current names, and then look them up. This reduces the number of uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values. Clean up the type of wtap_module_count - it has no need to be a gulong. Have built-in wiretap file handlers register names to be used for their file type/subtypes, rather than building the table in init.lua. Add a new Lua C function get_wtap_filetypes() to construct the wtap_filetypes table, based on the registered names, and use it in init.lua. Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended only for internal use in init.lua, so they can be made available from Lua without being documented. Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use it, as it can just request arrays of types, and the space of type/subtype codes can be sparse due to registration in any case, so code has to be careful using it. wtap_get_num_file_types_subtypes() is no longer used, so remove it. It returns the number of elements in the file type/subtype array, which is not necessarily the name of known file type/subtypes, as there may have been some deregistered types, and those types do *not* get removed from the array, they just get cleared so that they're available for future allocation (we don't want the indices of any registered types to changes if another type is deregistered, as those indicates are the type/subtype values, so we can't shrink the array). Clean up white space and remove some comments that shouldn't have been added.
2 years ago
}
Sort capture file types listed by "-F" like editcap does. svn path=/trunk/; revision=36008
12 years ago
struct string_elem {
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
const char *sstr; /* The short string */
const char *lstr; /* The long string */
Sort capture file types listed by "-F" like editcap does. svn path=/trunk/; revision=36008
12 years ago
};
static gint
string_compare(gconstpointer a, gconstpointer b)
{
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
return strcmp(((const struct string_elem *)a)->sstr,
((const struct string_elem *)b)->sstr);
Rename local 'pipe_input' so it doesn't shadow global 'pipe_input'; Use consistent indentation and remove trailing whitespace. svn path=/trunk/; revision=36428
12 years ago
}
Sort capture file types listed by "-F" like editcap does. svn path=/trunk/; revision=36008
12 years ago
static void
g_slist_free_full: Use g_slist_free_full() in a couple of places. Change-Id: I38617ee289196f9807cf285af60d670bd5477687 Reviewed-on: https://code.wireshark.org/review/27327 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
5 years ago
string_elem_print(gpointer data)
Rename local 'pipe_input' so it doesn't shadow global 'pipe_input'; Use consistent indentation and remove trailing whitespace. svn path=/trunk/; revision=36428
12 years ago
{
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(stderr, " %s - %s\n",
((struct string_elem *)data)->sstr,
((struct string_elem *)data)->lstr);
Sort capture file types listed by "-F" like editcap does. svn path=/trunk/; revision=36008
12 years ago
}
Add command-line arg for input file format for tshark/wireshark Now that we have the ability to choose input file format type in the GUI, we might as well have it in the command-line too. Plus it would help me in test-stuies if we had a commandline. So I've added a '-X read_format:Foo' for this. Using just '-X read_format:', or with a bad name, will make it print out the full list (in tshark); just like the '-F' does for output file formats. Note: I am *not* putting in code for Win32 GUI, because I can't compile that and I wouldn't have even done the GTK one if I could compile Qt originally. (I don't think we need to add any more features to GTK or Win32, just Qt from now on, right?) Change-Id: I2fe6481d186f63bd2303b9e591edf397a2e14b64 Reviewed-on: https://code.wireshark.org/review/493 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
9 years ago
static void
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
list_read_capture_types(void)
{
guint i;
size_t num_file_types;
struct string_elem *captypes;
GSList *list = NULL;
const char *magic = "Magic-value-based";
const char *heuristic = "Heuristics-based";
/* How many readable file types are there? */
num_file_types = 0;
for (i = 0; open_routines[i].name != NULL; i++)
num_file_types++;
captypes = g_new(struct string_elem, num_file_types);
fprintf(stderr, "tshark: The available read file types for the \"-X read_format:\" option are:\n");
for (i = 0; i < num_file_types && open_routines[i].name != NULL; i++) {
captypes[i].sstr = open_routines[i].name;
captypes[i].lstr = (open_routines[i].type == OPEN_INFO_MAGIC) ? magic : heuristic;
list = g_slist_insert_sorted(list, &captypes[i], string_compare);
}
g_slist_free_full(list, string_elem_print);
g_free(captypes);
Add command-line arg for input file format for tshark/wireshark Now that we have the ability to choose input file format type in the GUI, we might as well have it in the command-line too. Plus it would help me in test-stuies if we had a commandline. So I've added a '-X read_format:Foo' for this. Using just '-X read_format:', or with a bad name, will make it print out the full list (in tshark); just like the '-F' does for output file formats. Note: I am *not* putting in code for Win32 GUI, because I can't compile that and I wouldn't have even done the GTK one if I could compile Qt originally. (I don't think we need to add any more features to GTK or Win32, just Qt from now on, right?) Change-Id: I2fe6481d186f63bd2303b9e591edf397a2e14b64 Reviewed-on: https://code.wireshark.org/review/493 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
9 years ago
}
tshark: clean u the way the -U option lists available taps. Allow "-U ?" as well as an empty argument; an empty argument is a bit counterintuitive. Simplify the introductory line of output - asking for a list of taps isn't an error in which the user failed to supply a tap name, it's a case where the user suplied a request for a list of tap names. Just use fprintf() to print the list, and indent the elements of the list, as we do with other lists of valid arguments. List the valid arguments if the user specified an invalid argument as well.
2 years ago
static void
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
list_export_pdu_taps(void)
{
Strip Headers: Add separate menu dialog, tshark help Add a separate menu for Strip Headers (similar to Export PDU, but exporting to an encapsulation other than WIRESHARK_UPPER_PDU everything for that encapsulation). Add to the usage output of tshark for the "-U" option which encapsulation a export tap will produce.
1 year ago
fprintf(stderr, "tshark: The available export tap names and the encapsulation types they produce for the \"-U tap_name\" option are:\n");
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
for (GSList *export_pdu_tap_name_list = get_export_pdu_tap_list();
export_pdu_tap_name_list != NULL;
export_pdu_tap_name_list = g_slist_next(export_pdu_tap_name_list)) {
Strip Headers: Add separate menu dialog, tshark help Add a separate menu for Strip Headers (similar to Export PDU, but exporting to an encapsulation other than WIRESHARK_UPPER_PDU everything for that encapsulation). Add to the usage output of tshark for the "-U" option which encapsulation a export tap will produce.
1 year ago
fprintf(stderr, " %s - %s\n", (const char*)(export_pdu_tap_name_list->data), wtap_encap_description(export_pdu_tap_get_encap((const char*)export_pdu_tap_name_list->data)));
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
}
tshark: clean u the way the -U option lists available taps. Allow "-U ?" as well as an empty argument; an empty argument is a bit counterintuitive. Simplify the introductory line of output - asking for a list of taps isn't an error in which the user failed to supply a tap name, it's a case where the user suplied a request for a list of tap names. Just use fprintf() to print the list, and indent the elements of the list, as we do with other lists of valid arguments. List the valid arguments if the user specified an invalid argument as well.
2 years ago
}
Removed trailing whitespaces from .h and .c files using the winapi_cleanup tool written by Patrik Stridvall for the wine project. svn path=/trunk/; revision=6117
21 years ago
static void
Regularize the help output of programs. Only print to the standard output, and only give the version information, if a "print help" command-line option is specified. Otherwise, leave out the version information, and print to the standard error. Leave out the copyright information; it's extra cruft, and http://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html doesn't say anything about it (and bash, at least, doesn't print it). Change-Id: Ic5029ccf96e096453f3bd38383cc2dd355542e8a Reviewed-on: https://code.wireshark.org/review/2789 Reviewed-by: Guy Harris <guy@alum.mit.edu>
9 years ago
print_usage(FILE *output)
Add a "-F" flag, to allow the format of a file being written to be specified. This will be of more use when I allow "-w" to be used when reading an existing capture file rather than doing a live capture (which will also allow you to specify a read filter, and thus to write a capture file containing those packets from an existing capture file that match a given display filter). Fix up some messages to say "tethereal" rather than "ethereal". svn path=/trunk/; revision=1499
24 years ago
{
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, "\n");
fprintf(output, "Usage: tshark [options] ...\n");
fprintf(output, "\n");
fix usage output fix -F command option handling (output list of available formats if missing of invalid) svn path=/trunk/; revision=17011
18 years ago
Make the Tethereal usage message reflect whether libpcap support was compiled in or not. svn path=/trunk/; revision=1536
24 years ago
#ifdef HAVE_LIBPCAP
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, "Capture interface:\n");
fprintf(output, " -i <interface>, --interface <interface>\n");
fprintf(output, " name or idx of interface (def: first non-loopback)\n");
fprintf(output, " -f <capture filter> packet filter in libpcap filter syntax\n");
fprintf(output, " -s <snaplen>, --snapshot-length <snaplen>\n");
Allow bigger snapshot lengths for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for them, because that's the largest possible D-Bus message size. See https://bugs.freedesktop.org/show_bug.cgi?id=100220 for an example of the problems caused by limiting the snapshot length to 256KB for D-Bus. Have a snapshot length of 0 in a capture_file structure mean "there is no snapshot length for the file"; we don't need the has_snap field in that case, a value of 0 mean "no, we don't have a snapshot length". In dumpcap, start out with a pipe buffer size of 2KB, and grow it as necessary. When checking for a too-big packet from a pipe, check against the appropriate maximum - 128MB for DLT_DBUS, 256KB for everything else. Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20 Reviewed-on: https://code.wireshark.org/review/21952 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
#ifdef HAVE_PCAP_CREATE
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, " packet snapshot length (def: appropriate maximum)\n");
Allow bigger snapshot lengths for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for them, because that's the largest possible D-Bus message size. See https://bugs.freedesktop.org/show_bug.cgi?id=100220 for an example of the problems caused by limiting the snapshot length to 256KB for D-Bus. Have a snapshot length of 0 in a capture_file structure mean "there is no snapshot length for the file"; we don't need the has_snap field in that case, a value of 0 mean "no, we don't have a snapshot length". In dumpcap, start out with a pipe buffer size of 2KB, and grow it as necessary. When checking for a too-big packet from a pipe, check against the appropriate maximum - 128MB for DLT_DBUS, 256KB for everything else. Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20 Reviewed-on: https://code.wireshark.org/review/21952 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
#else
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, " packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE_STANDARD);
Allow bigger snapshot lengths for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for them, because that's the largest possible D-Bus message size. See https://bugs.freedesktop.org/show_bug.cgi?id=100220 for an example of the problems caused by limiting the snapshot length to 256KB for D-Bus. Have a snapshot length of 0 in a capture_file structure mean "there is no snapshot length for the file"; we don't need the has_snap field in that case, a value of 0 mean "no, we don't have a snapshot length". In dumpcap, start out with a pipe buffer size of 2KB, and grow it as necessary. When checking for a too-big packet from a pipe, check against the appropriate maximum - 128MB for DLT_DBUS, 256KB for everything else. Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20 Reviewed-on: https://code.wireshark.org/review/21952 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
6 years ago
#endif
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, " -p, --no-promiscuous-mode\n");
fprintf(output, " don't capture in promiscuous mode\n");
Add monitor mode support to TShark. svn path=/trunk/; revision=32704
13 years ago
#ifdef HAVE_PCAP_CREATE
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, " -I, --monitor-mode capture in monitor mode, if available\n");
Add monitor mode support to TShark. svn path=/trunk/; revision=32704
13 years ago
#endif
Have a #define for whether the capture buffer size can be set. It can be set if either 1) this is Windows (where we're assumed to be using WinPcap, which includes calls to set the buffer size) or 2) we have pcap_create() (in which case we also have pcap_set_buffer_size(), at least in a normal libpcap release). Use that rather than testing "defined(_WIN32) || defined(HAVE_PCAP_CREATE)"; that makes it a bit more obvious what's being tested. Change-Id: Id9f8455019d19206b04dd6820a748cb97ae5ad12 Reviewed-on: https://code.wireshark.org/review/7816 Reviewed-by: Guy Harris <guy@alum.mit.edu>
8 years ago
#ifdef CAN_SET_CAPTURE_BUFFER_SIZE
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, " -B <buffer size>, --buffer-size <buffer size>\n");
fprintf(output, " size of kernel buffer (def: %dMB)\n", DEFAULT_CAPTURE_BUFFER_SIZE);
Add support for the "-B" flag to Tethereal on Windows. svn path=/trunk/; revision=16542
18 years ago
#endif
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, " -y <link type>, --linktype <link type>\n");
fprintf(output, " link layer type (def: first appropriate)\n");
fprintf(output, " --time-stamp-type <type> timestamp method for interface\n");
fprintf(output, " -D, --list-interfaces print list of interfaces and exit\n");
fprintf(output, " -L, --list-data-link-types\n");
fprintf(output, " print list of link-layer types of iface and exit\n");
fprintf(output, " --list-time-stamp-types print list of timestamp types for iface and exit\n");
fprintf(output, "\n");
fprintf(output, "Capture stop conditions:\n");
fprintf(output, " -c <packet count> stop after n packets (def: infinite)\n");
fprintf(output, " -a <autostop cond.> ..., --autostop <autostop cond.> ...\n");
fprintf(output, " duration:NUM - stop after NUM seconds\n");
fprintf(output, " filesize:NUM - stop this file after NUM KB\n");
fprintf(output, " files:NUM - stop after NUM files\n");
fprintf(output, " packets:NUM - stop after NUM packets\n");
/*fprintf(output, "\n");*/
fprintf(output, "Capture output:\n");
fprintf(output, " -b <ringbuffer opt.> ..., --ring-buffer <ringbuffer opt.>\n");
fprintf(output, " duration:NUM - switch to next file after NUM secs\n");
fprintf(output, " filesize:NUM - switch to next file after NUM KB\n");
fprintf(output, " files:NUM - ringbuffer: replace after NUM files\n");
fprintf(output, " packets:NUM - switch to next file after NUM packets\n");
fprintf(output, " interval:NUM - switch to next file when the time is\n");
fprintf(output, " an exact multiple of NUM secs\n");
minor changes svn path=/trunk/; revision=17012
18 years ago
#endif /* HAVE_LIBPCAP */
Add -A as command line option to wireshark and tshark. svn path=/trunk/; revision=44339
11 years ago
#ifdef HAVE_PCAP_REMOTE
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, "RPCAP options:\n");
fprintf(output, " -A <user>:<password> use RPCAP password authentication\n");
Add -A as command line option to wireshark and tshark. svn path=/trunk/; revision=44339
11 years ago
#endif
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
/*fprintf(output, "\n");*/
fprintf(output, "Input file:\n");
fprintf(output, " -r <infile>, --read-file <infile>\n");
fprintf(output, " set the filename to read from (or '-' for stdin)\n");
fprintf(output, "\n");
fprintf(output, "Processing:\n");
fprintf(output, " -2 perform a two-pass analysis\n");
fprintf(output, " -M <packet count> perform session auto reset\n");
fprintf(output, " -R <read filter>, --read-filter <read filter>\n");
fprintf(output, " packet Read filter in Wireshark display filter syntax\n");
fprintf(output, " (requires -2)\n");
fprintf(output, " -Y <display filter>, --display-filter <display filter>\n");
fprintf(output, " packet displaY filter in Wireshark display filter\n");
fprintf(output, " syntax\n");
fprintf(output, " -n disable all name resolutions (def: \"mNd\" enabled, or\n");
fprintf(output, " as set in preferences)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtdv\"\n");
fprintf(output, " -d %s ...\n", DECODE_AS_ARG_TEMPLATE);
fprintf(output, " \"Decode As\", see the man page for details\n");
fprintf(output, " Example: tcp.port==8888,http\n");
fprintf(output, " -H <hosts file> read a list of entries from a hosts file, which will\n");
fprintf(output, " then be written to a capture file. (Implies -W n)\n");
fprintf(output, " --enable-protocol <proto_name>\n");
fprintf(output, " enable dissection of proto_name\n");
fprintf(output, " --disable-protocol <proto_name>\n");
fprintf(output, " disable dissection of proto_name\n");
fprintf(output, " --enable-heuristic <short_name>\n");
fprintf(output, " enable dissection of heuristic protocol\n");
fprintf(output, " --disable-heuristic <short_name>\n");
fprintf(output, " disable dissection of heuristic protocol\n");
/*fprintf(output, "\n");*/
fprintf(output, "Output:\n");
fprintf(output, " -w <outfile|-> write packets to a pcapng-format file named \"outfile\"\n");
fprintf(output, " (or '-' for stdout)\n");
fprintf(output, " --capture-comment <comment>\n");
fprintf(output, " add a capture file comment, if supported\n");
fprintf(output, " -C <config profile> start with specified configuration profile\n");
fprintf(output, " -F <output file type> set the output file type, default is pcapng\n");
fprintf(output, " an empty \"-F\" option will list the file types\n");
fprintf(output, " -V add output of packet tree (Packet Details)\n");
fprintf(output, " -O <protocols> Only show packet details of these protocols, comma\n");
fprintf(output, " separated\n");
fprintf(output, " -P, --print print packet summary even when writing to a file\n");
fprintf(output, " -S <separator> the line separator to print between packets\n");
fprintf(output, " -x add output of hex and ASCII dump (Packet Bytes)\n");
fprintf(output, " --hexdump <hexoption> add hexdump, set options for data source and ASCII dump\n");
fprintf(output, " all dump all data sources (-x default)\n");
fprintf(output, " frames dump only frame data source\n");
fprintf(output, " ascii include ASCII dump text (-x default)\n");
fprintf(output, " delimit delimit ASCII dump text with '|' characters\n");
fprintf(output, " noascii exclude ASCII dump text\n");
fprintf(output, " help display help for --hexdump and exit\n");
fprintf(output, " -T pdml|ps|psml|json|jsonraw|ek|tabs|text|fields|?\n");
fprintf(output, " format of text output (def: text)\n");
fprintf(output, " -j <protocolfilter> protocols layers filter if -T ek|pdml|json selected\n");
fprintf(output, " (e.g. \"ip ip.flags text\", filter does not expand child\n");
fprintf(output, " nodes, unless child is specified also in the filter)\n");
fprintf(output, " -J <protocolfilter> top level protocol filter if -T ek|pdml|json selected\n");
fprintf(output, " (e.g. \"http tcp\", filter which expands all child nodes)\n");
fprintf(output, " -e <field> field to print if -Tfields selected (e.g. tcp.port,\n");
fprintf(output, " _ws.col.Info)\n");
fprintf(output, " this option can be repeated to print multiple fields\n");
fprintf(output, " -E<fieldsoption>=<value> set options for output when -Tfields selected:\n");
fprintf(output, " bom=y|n print a UTF-8 BOM\n");
fprintf(output, " header=y|n switch headers on and off\n");
fprintf(output, " separator=/t|/s|<char> select tab, space, printable character as separator\n");
fprintf(output, " occurrence=f|l|a print first, last or all occurrences of each field\n");
fprintf(output, " aggregator=,|/s|<char> select comma, space, printable character as\n");
fprintf(output, " aggregator\n");
fprintf(output, " quote=d|s|n select double, single, no quotes for values\n");
fprintf(output, " -t a|ad|adoy|d|dd|e|r|u|ud|udoy\n");
fprintf(output, " output format of time stamps (def: r: rel. to first)\n");
fprintf(output, " -u s|hms output format of seconds (def: s: seconds)\n");
fprintf(output, " -l flush standard output after each packet\n");
fprintf(output, " -q be more quiet on stdout (e.g. when using statistics)\n");
fprintf(output, " -Q only log true errors to stderr (quieter than -q)\n");
fprintf(output, " -g enable group read access on the output file(s)\n");
fprintf(output, " -W n Save extra information in the file, if supported.\n");
fprintf(output, " n = write network address resolution information\n");
fprintf(output, " -X <key>:<value> eXtension options, see the man page for details\n");
fprintf(output, " -U tap_name PDUs export mode, see the man page for details\n");
fprintf(output, " -z <statistics> various statistics, see the man page for details\n");
fprintf(output, " --export-objects <protocol>,<destdir>\n");
fprintf(output, " save exported objects for a protocol to a directory\n");
fprintf(output, " named \"destdir\"\n");
fprintf(output, " --export-tls-session-keys <keyfile>\n");
fprintf(output, " export TLS Session Keys to a file named \"keyfile\"\n");
fprintf(output, " --color color output text similarly to the Wireshark GUI,\n");
fprintf(output, " requires a terminal with 24-bit color support\n");
fprintf(output, " Also supplies color attributes to pdml and psml formats\n");
fprintf(output, " (Note that attributes are nonstandard)\n");
fprintf(output, " --no-duplicate-keys If -T json is specified, merge duplicate keys in an object\n");
fprintf(output, " into a single key with as value a json array containing all\n");
fprintf(output, " values\n");
fprintf(output, " --elastic-mapping-filter <protocols> If -G elastic-mapping is specified, put only the\n");
fprintf(output, " specified protocols within the mapping file\n");
fprintf(output, " --temp-dir <directory> write temporary files to this directory\n");
fprintf(output, " (default: %s)\n", g_get_tmp_dir());
fprintf(output, "\n");
ws_log_print_usage(output);
fprintf(output, "\n");
fprintf(output, "Miscellaneous:\n");
fprintf(output, " -h, --help display this help and exit\n");
fprintf(output, " -v, --version display version info and exit\n");
fprintf(output, " -o <name>:<value> ... override preference setting\n");
fprintf(output, " -K <keytab> keytab file to use for kerberos decryption\n");
fprintf(output, " -G [report] dump one of several available reports and exit\n");
fprintf(output, " default report=\"fields\"\n");
fprintf(output, " use \"-G help\" for more help\n");
Output a warning about kernel BPF JIT compiler beeing activated. svn path=/trunk/; revision=51488
10 years ago
#ifdef __linux__
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, "\n");
fprintf(output, "Dumpcap can benefit from an enabled BPF JIT compiler if available.\n");
fprintf(output, "You might want to enable it by executing:\n");
fprintf(output, " \"echo 1 > /proc/sys/net/core/bpf_jit_enable\"\n");
fprintf(output, "Note that this can make your system less secure!\n");
Output a warning about kernel BPF JIT compiler beeing activated. svn path=/trunk/; revision=51488
10 years ago
#endif
From Jim Young: The attached patch simply documents a long supported but hidden tshark -G option. Tshark's print_usage() has been augmented as well as the tshark man page. svn path=/trunk/; revision=33253
13 years ago
}
static void
glossary_option_help(void)
{
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
FILE *output;
output = stdout;
fprintf(output, "%s\n", get_appname_and_version());
fprintf(output, "\n");
fprintf(output, "Usage: tshark -G [report]\n");
fprintf(output, "\n");
fprintf(output, "Glossary table reports:\n");
fprintf(output, " -G column-formats dump column format codes and exit\n");
fprintf(output, " -G decodes dump \"layer type\"/\"decode as\" associations and exit\n");
fprintf(output, " -G dissector-tables dump dissector table names, types, and properties\n");
fprintf(output, " -G elastic-mapping dump ElasticSearch mapping file\n");
fprintf(output, " -G fieldcount dump count of header fields and exit\n");
fprintf(output, " -G fields dump fields glossary and exit\n");
fprintf(output, " -G ftypes dump field type basic and descriptive names\n");
fprintf(output, " -G heuristic-decodes dump heuristic dissector tables\n");
fprintf(output, " -G plugins dump installed plugins and exit\n");
fprintf(output, " -G protocols dump protocols in registration database and exit\n");
fprintf(output, " -G values dump value, range, true/false strings and exit\n");
fprintf(output, "\n");
fprintf(output, "Preference reports:\n");
fprintf(output, " -G currentprefs dump current preferences and exit\n");
fprintf(output, " -G defaultprefs dump default preferences and exit\n");
fprintf(output, " -G folders dump about:folders\n");
fprintf(output, "\n");
Add "tethereal", a tty-oriented derivative of Ethereal that works like Sun's snoop or like tcpdump. svn path=/trunk/; revision=1468
24 years ago
}
tshark: Add new long option --hexdump <hexoption>
1 year ago
static void
hexdump_option_help(FILE *output)
{
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
fprintf(output, "%s\n", get_appname_and_version());
fprintf(output, "\n");
fprintf(output, "tshark: Valid --hexdump <hexoption> values include:\n");
fprintf(output, "\n");
fprintf(output, "Data source options:\n");
fprintf(output, " all add hexdump, dump all data sources (-x default)\n");
fprintf(output, " frames add hexdump, dump only frame data source\n");
fprintf(output, "\n");
fprintf(output, "ASCII options:\n");
fprintf(output, " ascii add hexdump, include ASCII dump text (-x default)\n");
fprintf(output, " delimit add hexdump, delimit ASCII dump text with '|' characters\n");
fprintf(output, " noascii add hexdump, exclude ASCII dump text\n");
fprintf(output, "\n");
fprintf(output, "Miscellaneous:\n");
fprintf(output, " help display this help and exit\n");
fprintf(output, "\n");
fprintf(output, "Example:\n");
fprintf(output, "\n");
fprintf(output, " $ tshark ... --hexdump frames --hexdump delimit ...\n");
fprintf(output, "\n");
tshark: Add new long option --hexdump <hexoption>
1 year ago
}
tshark: Support multiple -j and -J options, including mixed Store the field filter strings in a wmem_map pointing to the field flags for each string. This allows specifying multiple filter options (-j or -J) on the command line, including some of both. Fix #17470
4 months ago
static void
protocolfilter_add_opt(const char* arg, pf_flags filter_flags)
{
void* value;
gchar **newfilter = NULL;
for (newfilter = wmem_strsplit(wmem_epan_scope(), arg, " ", -1); *newfilter; newfilter++) {
if (strcmp(*newfilter, "") == 0) {
/* Don't treat the empty string as an intended field abbreviation
* to output, consecutive spaces on the command line probably
* aren't intentional.
*/
continue;
}
if (!protocolfilter) {
protocolfilter = wmem_map_new(wmem_epan_scope(), wmem_str_hash, g_str_equal);
}
if (wmem_map_lookup_extended(protocolfilter, *newfilter, NULL, &value)) {
if (GPOINTER_TO_UINT(value) != (guint)filter_flags) {
cmdarg_err("%s was already specified with different filter flags. Overwriting previous protocol filter.", *newfilter);
}
}
wmem_map_insert(protocolfilter, *newfilter, GINT_TO_POINTER(filter_flags));
}
}
Change the "--enable-setuid-install" option to install dumpcap and TShark setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it disabled by default. Whine if the user runs Wireshark or TShark as root. Add a preference to disable the whining. Add a "setuid-root" script that can be used to switch dumpcap and TShark's setuid-ness on and off for development and testing. Update the release notes and README.packaging. svn path=/trunk/; revision=22733
16 years ago
static void
Remove editor modelines and .editorconfig exceptions from root files
1 year ago
print_current_user(void)
{
gchar *cur_user, *cur_group;
if (started_with_special_privs()) {
cur_user = get_cur_username();
cur_group = get_cur_groupname();
fprintf(stderr, "Running as user \"%s\" and group \"%s\".",
cur_user, cur_group);
g_free(cur_user);
g_free(cur_group);
if (running_with_special_privs()) {
fprintf(stderr, " This could be dangerous.");
}
fprintf(stderr, "\n");
It is a complete mistake to have *ANY* messages during packet capture sent to the standard output if "-w" is specified because, when you capture, you can capture with the output directed to the standard output, and dumping some text crap to the standard output will corrupt your capture file. svn path=/trunk/; revision=40966
11 years ago
}
Change the "--enable-setuid-install" option to install dumpcap and TShark setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it disabled by default. Whine if the user runs Wireshark or TShark as root. Add a preference to disable the whining. Add a "setuid-root" script that can be used to switch dumpcap and TShark's setuid-ness on and off for development and testing. Update the release notes and README.packaging. svn path=/trunk/; revision=22733
16 years ago