forked from osmocom/wireshark
Add --discard-all-secrets to remove decryption secrets.
Bug: 15435 Change-Id: I78503c9c31ab3eda39908b91dca3ef3fb9af34bf Reviewed-on: https://code.wireshark.org/review/32100 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
parent
3b8bf168e6
commit
28f49a0a9a
|
@ -29,6 +29,7 @@ S<[ B<-t> E<lt>time adjustmentE<gt> ]>
|
|||
S<[ B<-T> E<lt>encapsulation typeE<gt> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<--inject-secrets> E<lt>secrets typeE<gt>,E<lt>fileE<gt> ]>
|
||||
S<[ B<--discard-all-secrets> ]>
|
||||
I<infile>
|
||||
I<outfile>
|
||||
S<[ I<packet#>[-I<packet#>] ... ]>
|
||||
|
@ -349,6 +350,12 @@ I<tls> TLS Key Log as described at L<https://developer.mozilla.org/NSS_Key_Log_F
|
|||
This option may be specified multiple times. The available options for
|
||||
E<lt>secrets typeE<gt> can be listed with B<--inject-secrets help>.
|
||||
|
||||
=item --discard-all-secrets
|
||||
|
||||
Discard all decryption secrets from the input file when writing the
|
||||
output file. Does not discard secrets added by B<--inject-secrets> in
|
||||
the same command line.
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
|
28
editcap.c
28
editcap.c
|
@ -170,6 +170,7 @@ static gboolean rem_vlan = FALSE;
|
|||
static gboolean dup_detect = FALSE;
|
||||
static gboolean dup_detect_by_time = FALSE;
|
||||
static gboolean skip_radiotap = FALSE;
|
||||
static gboolean remove_all_secrets = FALSE;
|
||||
|
||||
static int do_strict_time_adjustment = FALSE;
|
||||
static struct time_adjustment strict_time_adj = {NSTIME_INIT_ZERO, 0}; /* strict time adjustment */
|
||||
|
@ -837,6 +838,10 @@ print_usage(FILE *output)
|
|||
fprintf(output, " list the encapsulation types.\n");
|
||||
fprintf(output, " --inject-secrets <type>,<file> Insert decryption secrets from <file>. List\n");
|
||||
fprintf(output, " supported secret types with \"--inject-secrets help\".\n");
|
||||
fprintf(output, " --discard-all-secrets Discard all decryption secrets from the input file\n");
|
||||
fprintf(output, " when writing the output file. Does not discard\n");
|
||||
fprintf(output, " secrets added by \"--inject-secrets\" in the same\n");
|
||||
fprintf(output, " command line.\n");
|
||||
fprintf(output, "\n");
|
||||
fprintf(output, "Miscellaneous:\n");
|
||||
fprintf(output, " -h display this help and exit.\n");
|
||||
|
@ -1013,11 +1018,13 @@ main(int argc, char *argv[])
|
|||
#define LONGOPT_SKIP_RADIOTAP_HEADER 0x8101
|
||||
#define LONGOPT_SEED 0x8102
|
||||
#define LONGOPT_INJECT_SECRETS 0x8103
|
||||
#define LONGOPT_DISCARD_ALL_SECRETS 0x8104
|
||||
static const struct option long_options[] = {
|
||||
{"novlan", no_argument, NULL, LONGOPT_NO_VLAN},
|
||||
{"skip-radiotap-header", no_argument, NULL, LONGOPT_SKIP_RADIOTAP_HEADER},
|
||||
{"seed", required_argument, NULL, LONGOPT_SEED},
|
||||
{"inject-secrets", required_argument, NULL, LONGOPT_INJECT_SECRETS},
|
||||
{"discard-all-secrets", no_argument, NULL, LONGOPT_DISCARD_ALL_SECRETS},
|
||||
{"help", no_argument, NULL, 'h'},
|
||||
{"version", no_argument, NULL, 'V'},
|
||||
{0, 0, 0, 0 }
|
||||
|
@ -1149,6 +1156,12 @@ main(int argc, char *argv[])
|
|||
break;
|
||||
}
|
||||
|
||||
case LONGOPT_DISCARD_ALL_SECRETS:
|
||||
{
|
||||
remove_all_secrets = TRUE;
|
||||
break;
|
||||
}
|
||||
|
||||
case 'a':
|
||||
{
|
||||
guint frame_number;
|
||||
|
@ -1469,6 +1482,13 @@ main(int argc, char *argv[])
|
|||
|
||||
wtap_dump_params_init(¶ms, wth);
|
||||
|
||||
/*
|
||||
* Discard any secrets we read in while opening the file.
|
||||
*/
|
||||
if (remove_all_secrets) {
|
||||
wtap_dump_params_discard_decryption_secrets(¶ms);
|
||||
}
|
||||
|
||||
if (dsb_filenames) {
|
||||
for (guint k = 0; k < dsb_filenames->len; k++) {
|
||||
guint32 secrets_type_id = g_array_index(dsb_types, guint32, k);
|
||||
|
@ -1982,6 +2002,14 @@ main(int argc, char *argv[])
|
|||
}
|
||||
}
|
||||
|
||||
if (remove_all_secrets) {
|
||||
/*
|
||||
* Discard any secrets we've read since the last packet
|
||||
* we wrote.
|
||||
*/
|
||||
wtap_dump_discard_decryption_secrets(pdh);
|
||||
}
|
||||
|
||||
/* Attempt to dump out current frame to the output file */
|
||||
if (!wtap_dump(pdh, rec, buf, &write_err, &write_err_info)) {
|
||||
cfile_write_failure_message("editcap", argv[optind],
|
||||
|
|
|
@ -2718,6 +2718,28 @@ wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
void
|
||||
wtap_dump_discard_decryption_secrets(wtap_dumper *wdh)
|
||||
{
|
||||
/*
|
||||
* This doesn't free the data, as it might be pointed to
|
||||
* from other structures; it merely marks all of them as
|
||||
* having been written to the file, so that they don't
|
||||
* get written by wtap_dump().
|
||||
*
|
||||
* XXX - our APIs for dealing with some metadata, such as
|
||||
* resolved names, decryption secrets, and interface
|
||||
* statistics is not very well oriented towards one-pass
|
||||
* programs; this needs to be cleaned up. See bug 15502.
|
||||
*/
|
||||
if (wdh->dsbs_growing) {
|
||||
/*
|
||||
* Pretend we've written all of them.
|
||||
*/
|
||||
wdh->dsbs_growing_written = wdh->dsbs_growing->len;
|
||||
}
|
||||
}
|
||||
|
||||
gboolean wtap_dump_get_needs_reload(wtap_dumper *wdh) {
|
||||
return wdh->needs_reload;
|
||||
}
|
||||
|
|
|
@ -327,6 +327,13 @@ wtap_dump_params_init(wtap_dump_params *params, wtap *wth)
|
|||
params->dsbs_growing = wth ? wth->dsbs : NULL;
|
||||
}
|
||||
|
||||
void
|
||||
wtap_dump_params_discard_decryption_secrets(wtap_dump_params *params)
|
||||
{
|
||||
params->dsbs_initial = NULL;
|
||||
params->dsbs_growing = NULL;
|
||||
}
|
||||
|
||||
void
|
||||
wtap_dump_params_cleanup(wtap_dump_params *params)
|
||||
{
|
||||
|
|
|
@ -1997,6 +1997,16 @@ gboolean wtap_dump_supports_comment_types(int filetype, guint32 comment_types);
|
|||
WS_DLL_PUBLIC
|
||||
void wtap_dump_params_init(wtap_dump_params *params, wtap *wth);
|
||||
|
||||
/**
|
||||
* Remove any decryption secret information from the per-file information;
|
||||
* used if we're stripping decryption secrets as we write the file.
|
||||
*
|
||||
* @param params The parameters for wtap_dump_* from which to remove the
|
||||
* decryption secrets..
|
||||
*/
|
||||
WS_DLL_PUBLIC
|
||||
void wtap_dump_params_discard_decryption_secrets(wtap_dump_params *params);
|
||||
|
||||
/**
|
||||
* Free memory associated with the wtap_dump_params when it is no longer in
|
||||
* use by wtap_dumper.
|
||||
|
@ -2083,6 +2093,8 @@ WS_DLL_PUBLIC
|
|||
gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists);
|
||||
WS_DLL_PUBLIC
|
||||
gboolean wtap_dump_get_needs_reload(wtap_dumper *wdh);
|
||||
WS_DLL_PUBLIC
|
||||
void wtap_dump_discard_decryption_secrets(wtap_dumper *wdh);
|
||||
|
||||
/**
|
||||
* Closes open file handles and frees memory associated with wdh. Note that
|
||||
|
|
Loading…
Reference in New Issue