Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We only need to call WSAStartup and WSACleanup once, so do so. If we
encounter an error, report it using win32strerror.
Use win32strerror instead of FormatMessage in cap_open_socket.
Change-Id: I59868d6baecb1dfc98946dc68c2346b79436d2c7
Reviewed-on: https://code.wireshark.org/review/33044
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It prevents format checking; use "%s" as the format string.
Change-Id: Ic05ed64f4b2b6c243f072b0b306e0e06aa1eb3fd
Reviewed-on: https://code.wireshark.org/review/33041
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The deadlock would occur if pipe was closed before the requested number
of bytes was read.
Bug: 15695
Change-Id: I1236dd397d3c268dd52233ea78fb58165d0c9398
Reviewed-on: https://code.wireshark.org/review/32907
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Routines, so that if we internationalize strings not in the Qt code,
this can return the appropriately translated version.)
Change-Id: I1c169d79acde2f0545af7af2a737883d58f52509
Reviewed-on: https://code.wireshark.org/review/32549
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This fixes several "Use of uninitialised value" and "Conditional
jump or move depends on uninitialised value(s)" errors detected by
valgrind.
Change-Id: I682bd4a1d2e5ef23969baf34b3e438fcd7499bd5
Reviewed-on: https://code.wireshark.org/review/32397
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Set a bigger IO buffer to avoid syscall overhead.
See https://github.com/the-tcpdump-group/libpcap/issues/792
Change-Id: If370da5ab2b70a9d0c925dd7c4c5c135c675c3f6
Reviewed-on: https://code.wireshark.org/review/31326
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert WinPcap references and URLs in error messages and the FAQ
to their Npcap equivalents. Remove some obsolete FAQ entries.
Change-Id: I695d358a2c9cff0939f4ea84ba02d4c62ad7dd01
Reviewed-on: https://code.wireshark.org/review/31943
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
'save_file' is used both for holding the -w command-line argument as
well as the current filename that is being written. In ringbuffer mode,
the former is already freed while the latter changes after rotation. Be
sure to free all ringbuffer filenames on exit.
Fixes test failures due to ASAN reporting memory leaks for:
test_dumpcap_ringbuffer_filesize
test_dumpcap_pcapng_single_in_multi_out
test_dumpcap_pcapng_multi_in_multi_out
test_dumpcap_ringbuffer_packets
Change-Id: Ib817d8340275d7afa7e149dcfbbc59ed78293c34
Reviewed-on: https://code.wireshark.org/review/31739
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Capture tests fail under ASAN due to leaking capture_opts->save_file.
Since v2.9.0rc0-1493-g787d61c0a4, capture_opts_cleanup takes care of
freeing "save_file", so avoid clearing the pointer.
Change-Id: Ice90efe0959cc8016f47db20970bd2397909e28d
Reviewed-on: https://code.wireshark.org/review/31727
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add "Please report this to us" and "Please report this to whoever wrote
the program that's writing to the pipe" secondary error messages. Use
the latter for most of the errors, as the most likely cause is that the
program writing to the pipe is messing up somehow.
If we don't recoginze the first 4 bytes of the file, say "Data written
to the pipe is neither in a supported pcap format nor in pcapng
format." - it's not necessarily a pcap file.
Speak of "pcap" rather than "libpcap" format - it's not completely tied
to libpcap (although two of the libraries not called "libpcap" that read
it are basically libpcap+a Windows driver+a library for the Windows
driver, at this point), and the suffix generally used it ".pcap".
Change-Id: Ifb5518af5cade788294c93a7ac416893f57f6bc8
Reviewed-on: https://code.wireshark.org/review/31273
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add interface name (colon delimited) to SP_DROPS ('D') message so when dropped
packets are outputted, they include the interface name for clarity.
Bug: 13498
Change-Id: I68cdde4f20a574580f089dc5096d815cde5d3357
Reviewed-on: https://code.wireshark.org/review/31218
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The pcapng file format specification speaks of a secion block, not
a session block. Let the function name reflect the proper name of
the block it writes.
Change-Id: Id399fae3648c93f4750fedaa297b18f95f2bb96f
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31099
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When we capture from multiple interfaces, we won't necessarily write our
IDBs in the same order we read them. This means that we need to call
pcapng_adjust_block when we write packets, not when we read them.
Otherwise we might map a given capture source's local interface number
to the wrong global IDB entry.
Bug: 15311
Change-Id: Ia787d7f167dcd18d432020a715e2321f4060b851
Reviewed-on: https://code.wireshark.org/review/30798
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we have a single capture source and that capture source is pcapng and
we're writing a pcapng file, do the following:
- Pass its SHB and IDBs through unmodified. Don't save or write command
line interface IDBs.
- Save the most recent SHB and IDBs so that we can write them when we're
writing multiple output files.
If we have multiple capture sources, do the following:
- Write Dumpcap's SHB.
- Keep a global list of IDBs, consisting of both command line interfaces
and IDBs read from pcapng sources.
- When reading an EPB or ISB, remap its local interface number to its
corresponding global number.
Add Dumpcap pcapng section tests. Make the application IDs in the
"many_interfaces" captures unique.
Change-Id: I2005934c1f83d839727421960005f106d6c682dd
Reviewed-on: https://code.wireshark.org/review/30085
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Check for pipe status only when we no longer have packets. This keeps us
from flushing packets that we should have written.
Change-Id: I714f52597da792a0b228b5e1a1dd3a993dc93681
Reviewed-on: https://code.wireshark.org/review/30651
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure cap_pipe_read_data_bytes sets pcap_src->cap_pipe_err if it
encounters an error or EOF. This fixes a regression introduced in
ga51b3d1d16. Have it return -1 or the number of bytes read similar to
read(2). Explicitly treat its return value as a signed integer.
Change-Id: I3de92859eee45e8d4a24a8c8309a816ef1b7924a
Reviewed-on: https://code.wireshark.org/review/30639
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If a capture source is a pipe and it reaches the end of its input, don't
stop capturing globally since we might have other active interfaces. We
do need to stop capturing if all of our interfaces are pipes and none of
them are open, so add a check to do so.
Change-Id: Id7f950349e72113c9b4bfeee4f0a9c8a97aefe8c
Reviewed-on: https://code.wireshark.org/review/30615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dequeue and write packets in capture_loop_dequeue_packet. This ensures
that we properly handle pcapng packets both inside our capture loop and
after it's finished.
Change-Id: Iacc980c90481b1378761eac83d8044aaddabfdc2
Reviewed-on: https://code.wireshark.org/review/30609
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If it *is* called when global_capture_opts.use_pcapng is false, don't
just silently drop the packet on the floor, abort.
Change-Id: Idb8f8e4c4ba231cfe674a81da34bf46e00f8247c
Reviewed-on: https://code.wireshark.org/review/30562
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add capture_loop_wrote_one_packet, which increments the appropriate
counters and checks for autostop and ring buffer conditions. Call it
when we write a pcap or pcapng packet. This fixes `-b packets:NUM` for
pcapng output.
Change-Id: Ie2bdd725fbee59c1ae10b05be84ae9a3a6d80111
Reviewed-on: https://code.wireshark.org/review/30561
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of trying to byte swap all of pcapng's block types, refuse
to handle pcapng sources that have a different byte order.
Rename cap_pipe_adjust_header to cap_pipe_adjust_pcap_header.
Change-Id: I2615da57ba9d3fc365c631dc191f7767a284d460
Reviewed-on: https://code.wireshark.org/review/30235
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: James Ko <jim.list@hotmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Call it from wmain() in the command-line tools, passing it the input
argument count and vector, and call it from main() in Wireshark, after
getting a UTF-16 argument vector from passing the result of
GetCommandLineW() to CommandLineToArgvW().
Change-Id: I0e51703c0a6c92f7892d196e700ab437bd702514
Reviewed-on: https://code.wireshark.org/review/30063
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Doing so for command-line programs means that the argument list doesn't
ever get converted to the local code page; converting to the local code
page can mangle file names that *can't* be converted to the local code
page.
Furthermore, code that uses setargv.obj rather than wsetargv.obj has
issues in some versions of Windows 10; see bug 15151.
That means that converting the argument list to UTF-8 is a bit simpler -
we don't need to call GetCommandLineW() or CommandLineToArgvW(), we just
loop over the UTF-16LE argument strings in argv[].
While we're at it, note in Wireshark's main() why we discard argv on
Windows (Qt does the same "convert-to-the-local-code-page" stuff); that
means we *do* need to call GetCommandLineW() and CommandLineToArgvW() in
main() (i.e., we duplicate what Qt's WinMain() does, but converting to
UTF-8 rather than to the local code page).
Change-Id: I35b57c1b658fb3e9b0c685097afe324e9fe98649
Ping-Bug: 15151
Reviewed-on: https://code.wireshark.org/review/30051
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reading from a TCP socket in Windows must not change read state
variables to values required by cap_thread_read on pipes.
Bug: 15149
Change-Id: I1efa9288b5954dc4a18b2c68772c54a098a224e7
Reviewed-on: https://code.wireshark.org/review/29894
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an sdjournal extcap, which reads journal entries using the
sd-journal API and dumps them as journal Export Format records.
Change-Id: I17ccfa88ab5d053c16c869cd26e580d84022502e
Reviewed-on: https://code.wireshark.org/review/29479
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
capture_opts_add_iface_opt(), when called in a program acting as a
capture child, will fetch the description for the interface, and will
also generate a "display name" for the interface.
In the process, we clean up capture_opts_add_iface_opt() a bit,
combining duplicate code.
We rename console_display_name to just display_name, as it may also be
used in the title bar of Wireshark when capturing.
Change-Id: Ifd18955bb3cb41df4c0ed4362d4854068c825b96
Reviewed-on: https://code.wireshark.org/review/29117
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't put identical code in both arms of a conditional - move it out of
the conditional.
Doing that with one line of code means that the conditional is now
*itself* duplicated in both arms of a conditional, so move it out, too.
Change-Id: I07c1d00e7d0053684aa2ef74b460eb008b145015
Reviewed-on: https://code.wireshark.org/review/29093
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Indicate what you're supposed to do when running dpkg-reconfigure
wireshark-common, and indicate that you have to run it as root using
sudo.
Emphasize in README.Debian, and indicate in the permission failure
secondary message, that you have to add users to the "wireshark" group
after doing that, and that a user may have to log out and log in again
to make this change take effect.
Bug: 14847
Change-Id: Ia83ff8e92bd2f00b6c3779272322a40201416da0
Reviewed-on: https://code.wireshark.org/review/28206
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the user installed from the wireshark.org package, perhaps they chose
not to install the "Set capture permissions on startup" item. Suggest
that they choose otherwise.
Change-Id: Ic5053da9cb6e54e7a7b1aa5a9dd59a1a84ddee16
Reviewed-on: https://code.wireshark.org/review/28197
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On Windows, if WinPcap isn't installed, warn about that for errors other
than failed attempts to start capturing.
On HP-UX, if we appear to have an old version of libpcap, warn about
that for errors other than failed attempts to start capturing.
If we know the error is a permissions problem, don't make suggestions
appropriate to other problems.
If we know the error is *not* a permissions problem, don't make
suggestions appropriate to permissions problems.
For permissions problems, or possible permissions problems, on Linux,
suggest doing dpkg-reconfigure wireshark-common if you've installed from
a package on Debian or a Debian derivative such as Ubuntu.
Change-Id: If4aac0343095ac0b984eebc21853920c3b6d3c63
Ping-Bug: 14847
Reviewed-on: https://code.wireshark.org/review/28189
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sys/stat.h and sys/types.h date back to V7 UNIX, so they should be
present on all UN*Xes, and we're assuming they're available on Windows,
so, unless and until we ever support platforms that are neither UN*Xes
nor Windows, we don't need to check for them.
Remove the CMake checks for them, remove the HAVE_ values from
cmakeconfig.h.in, and remove all tests for the HAVE_ values.
Change-Id: I90bb2aab37958553673b03b52f4931d3b304b9d0
Reviewed-on: https://code.wireshark.org/review/27603
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't tell the user that, if they run out of space or go over their disk
quote, they should report that as a Wireshark bug; instead, tell them
that they're going to need to free up some space or do the capture to a
different file system.
Clean up some argument types, and get rid of tabs in indentation, while
we're at it.
Change-Id: I7839f38c14253a114e7e02e762243df5e09682ef
Ping-Bug: 14677
Reviewed-on: https://code.wireshark.org/review/27472
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default value of kernel.unprivileged_bpf_disabled is 0 which means
this is enabling the BPF JIT compiler for unprivileged users. Given that
this is a known attack vector for Spectre variant 1 (CVE-2017-5753) this
is not a setting that a utility should be tampering with.
Tshark's and dumpcap's help message is changed by Balint Reczey to suggest
enabling BPF manually after considering security-related implications.
Change-Id: I1cc34cbd6e84485eba9dee79a8700aa388354885
Signed-off-by: Balint Reczey <balint.reczey@canonical.com>
Bug: 14313
Reviewed-on: https://code.wireshark.org/review/25192
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
CentOS 6 ships with glib 2.28.8 which do not support
g_ptr_array_new_full (make-taps/make-dissectors) and need to link with
wsutil for glib-compat.
g_thread_new was only introduced with GLib 2.32 (not 2.31), so adjust
the check accordingly. Abort in case thread creation fails (as
documented). Properly initialize threads or it will abort on runtime
(this also requires linking epan with gthreads in CMake, autotools
already includes it with GLIB_LIBS).
Change-Id: Ie81d6df7b3b26aaa4eb25e23719a220755e2c13c
Reviewed-on: https://code.wireshark.org/review/24978
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a Qt message handler that calls g_log. Add milliseconds to the
g_log_message_handler timestamp.
Change-Id: I5b1c1d902b6b05cd8daa01741b19d6c2048dfb9a
Reviewed-on: https://code.wireshark.org/review/24865
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reads pcapng blocks from a pipe. Section header blocks are parsed for
endianess. All other blocks only have the general block header parsed
for type and length, and then endianess converted if necessary.
Outputs all blocks using the original endianess format so none of the
other block types or options require parsing.
Change-Id: I2f4f0175013d8fc2cda42a63e7deacad537951e3
Bug: 11370
Reviewed-on: https://code.wireshark.org/review/24536
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Join the protocol registration threads so that they call g_thread_unref
which in turn detaches/terminates the thread. This gets rid of many TSan
and DRD errors here. The remaining ones appear to be false positives.
Add g_thread_new to glib-compat (untested).
Change-Id: I4beb6746ed08656715cf7870ac63ff80cf1ef871
Reviewed-on: https://code.wireshark.org/review/24619
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We didn't actually bother *opening* the named pipe if it wasn't named
"-" (meaning "use standard output"). Hilarity^WRandom failure behavior
ensued.
Change-Id: If73cea232b13de664630d587167167ef53a95cba
Reviewed-on: https://code.wireshark.org/review/24454
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A while back Graham pointed out the SPDX project (spdx.org), which is
working on standardizing license specifications:
https://www.wireshark.org/lists/wireshark-dev/201509/msg00119.html
Appendix V of the specification describes a short identifier
(SPDX-License-Identifier) that you can use in place of boilerplate in
your source files:
https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b
Start the conversion process with our top-level C and C++ files.
Change-Id: Iba1d835776714deb6285e2181e8ca17f95221878
Reviewed-on: https://code.wireshark.org/review/24302
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia46903586219ee79210a980a04024af02acb0db0
Reviewed-on: https://code.wireshark.org/review/24189
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also fix buffer length define, as it is not guaranteed to be 46 on
Windows (it never was guaranteed anyway for the libc implementation,
but the likelyhood of being greater was small).
Change-Id: I2db705d86f825765ed32ec70b8d22058b5d629e8
Reviewed-on: https://code.wireshark.org/review/24074
Reviewed-by: João Valverde <j@v6e.pt>
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
When capturing from multiple interfaces the extcap pipe detection
must be done based on the correct interface, not the first one.
Change-Id: I7428388d84ee18d0bfa693ffc9ddae98126ceca4
Ping-Bug: 13653
Reviewed-on: https://code.wireshark.org/review/23390
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change access of ifaces elements from by val to by reference.
With this change unnecessary copying of the whole struct is avoided
but even more important is that elements no longer have to be
removed and inserted whenever data is updated.
This change aims to make it more clear that ifaces elements shall
never directly be removed from the array. Instead use function
capture_opts_del_iface
NOTE: Code for GTK UI not updated
Ping-Bug: 13864
Change-Id: I04b65d5ee36526b30d959b8e5a2a48a3c7c4f15b
Reviewed-on: https://code.wireshark.org/review/23204
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
While "os_info_str" is freed after the loop, "cpu_info_str" was leaked.
Change-Id: Ia4069403c0a5dd5cc6bd7ed61726c1bfa9736b19
Reviewed-on: https://code.wireshark.org/review/22465
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the current capture buffer is too small, it must be increased
before attempting to read the next data packet.
Fix developed by Mikael Kanstrup (and Guy), I added comments such that
the next reader does not have to guess whether "incl_len" is
accidentally used for reading from the buffer (it is not).
Change-Id: I980bd21ac79601a34d57ffc99a34bfb54c297ac0
Fixes: v2.5.0rc0-28-gd0865fd619 ("Allow bigger snapshot lengths for D-Bus captures.")
Bug: 13852
Reviewed-on: https://code.wireshark.org/review/22464
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We were allocating it every time we called cap_pipe_dispatch() (or,
prior to I0256daae8478f1100fdde96a16a404465ec200b3, in
capture_loop_dispatch()) and freeing it before the routine in question
returned.
However, we were treating that buffer as if it persisted from call to
call, which worked *only* if freeing and re-allocating the buffer meant
that we'd get back the same buffer with its previous contents intact.
That is *not* guaranteed to work.
Instead, allocate the buffer when we open the capture pipe, and free it
when we close the capture pipe.
Change-Id: Ic785b1f47b71b55aba426db3b1e868186c265263
Reviewed-on: https://code.wireshark.org/review/21948
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The buffer is only used when reading from a pipe; no need to allocate it
when capturing from a pcap_t.
Doing it in cap_pipe_dispatch() makes it clearer when the buffer exists
and when it doesn't.
Change-Id: I0256daae8478f1100fdde96a16a404465ec200b3
Reviewed-on: https://code.wireshark.org/review/21930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Default value for snaplen is defined in wiretap/wtap.h:
#define WTAP_MAX_PACKET_SIZE 262144
and used in capture_opts.c:
capture_opts->default_options.snaplen =
WTAP_MAX_PACKET_SIZE;
but help and man pages don't reflect this change.
Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Windows vscodeanalysis complains even though the event is probably
very unlikely.
Change-Id: Iafe158eea5586908209d6bfe1e45540117558673
Reviewed-on: https://code.wireshark.org/review/20727
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make a url in a comment more readable.
Change-Id: I9a34e442434cc50c6d631622d680c12049c7dbf8
Reviewed-on: https://code.wireshark.org/review/20472
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
The structure called a pcap_options structure doesn't (only) hold
options for a packet capture; it holds all information about a
particular device, pipe, or socket from which we're capturing. Rename
it capture_src - and rename all the pointer variables that point to
something of that type to pcap_src from pcap_opts.
Change-Id: I8476146f174c82f331227528381defcc2828d822
Reviewed-on: https://code.wireshark.org/review/20416
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This required a restyle of the way the different apps exit.
Change-Id: Iedf728488954cc415b620ff0284d2e60f38f87d2
Reviewed-on: https://code.wireshark.org/review/19780
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Dumpcap doesn't yet support capturing pcapng from stdin. On Windows,
make sure we invalidate our file handle so that instead of printing
"Error reading from pipe: The operation completed successfully. (error 0)"
we show the more useful
"Capturing from a pipe doesn't support pcapng format."
Change-Id: I472c1bf5c8520c9ee3fe4b6299a6e0250262ea51
Reviewed-on: https://code.wireshark.org/review/19876
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure that simple_dialog displays plain text. Trim whitespace
and remove excessive newlines in order to improve message formatting.
Add a comment about simple_dialog's behavior in Qt and GTK+ and how it
might be improved.
Bug: 13178
Change-Id: Ic6ff3cecd5ef1d76ec095d7a409f38e602b41ce2
Reviewed-on: https://code.wireshark.org/review/18985
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
And some comments in the case where we're converting the result of
time() - if your machine's idea of time predates January 1, 1970,
00:00:00 UTC, it'll crash on Windows, but that's not a case where a
*file* can cause the problem due either to a bad file time stamp or bad
time stamps in the file.
Change-Id: I837a438e4b875dd8c4f3ec2137df7a16ee4e9498
Reviewed-on: https://code.wireshark.org/review/18369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add CPU info as hardware description in session header block when
using pcapng.
Use capture_comment from the capture_options structure when using
ring buffer.
Change-Id: I5e688fc2d6ab61de1f64ad9a8a96e6e39e8cf708
Reviewed-on: https://code.wireshark.org/review/17862
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Invocation of tshark -D (dumpcap -D -Z none) under ASAN fails with:
tshark: Child dumpcap process died: Abort - core dumped
Change-Id: Ida363089066205d579e841b019b32c2e33516f12
Reviewed-on: https://code.wireshark.org/review/17633
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I70c7bc270946d104218afc4d9c8ac888471f6524
Reviewed-on: https://code.wireshark.org/review/16821
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch reads out the stderr messages from an extcap
utility and displays it to an user. It was tested on Qt
but not on GTK, but should work their as well.
On Mac OS/X and Windows the child_watch does not behave
as it was intended. Therefore in extcap_cleanup, the callbacks
are called manually, if and only if, they have not been
called already.
The reason why it displays two error messages is, that
by the time the first one is being displayed, glib has not
returned from the spawned process on Linux yet. So there
is no way to add the stderr correctly, and putting a handler
to stderr into interface_opts will lead to memory errors,
cause then the code tries to access memory outside of its
protection.
Bug: 11892
Change-Id: I2db60dd480fed3e01428b91a705057e4f088bd15
Reviewed-on: https://code.wireshark.org/review/12954
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way, people don't get confused by an "Unrecognized libpcap format"
error - it's *not* libpcap format!
Also, improve *that* message to say "...or not libpcap data", and put a
period at the end of the error messages.
Change-Id: I175f9399fe99ce424f1d83596b7330e1fa5c0625
Reviewed-on: https://code.wireshark.org/review/16349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also update faq to include new temporary file format.
Change-Id: Ie6c318bb359974b89ff3e268155315c22ba7c4e4
Reviewed-on: https://code.wireshark.org/review/15685
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 10203
Change-Id: Ifa24870d711449b87e9839dd46af614e4aa28fde
Reviewed-on: https://code.wireshark.org/review/15608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This didn't fix the test failures.
This reverts commit e5f4c5c8a8.
Change-Id: I0cff5eff88d2b49806797cef83338dbbace42a4c
Reviewed-on: https://code.wireshark.org/review/15135
Reviewed-by: Gerald Combs <gerald@wireshark.org>
As the MSDN documentation says, "CreateProcess returns without waiting
for the new process to finish its initialization." Add an SP_INIT sync
pipe indicator on Windows and use it in dumpcap to signal to its parent
that it has started up.
Change-Id: I88a4c158871dbe2dd6eba13434e92c5d4b1c2e4b
Reviewed-on: https://code.wireshark.org/review/15132
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Having to define two macros for marking a function as never returning
seems a bit redundant. Merge the MSVC and GCC-like attributes into a
single WS_NORETURN.
Tested with Clang 3.7.1, GCC 4.4.7 and even GCC 4.1.2 using this small
program (-Wall -Wextra, the first two generate warnings for
uninitialized variables, the last one compiles without warnings):
#include <stdlib.h>
__attribute__((noreturn)) void foo() { exit(1); }
__attribute__((noreturn)) void bar();
void bar() { exit(1); }
int main() {
int j, i;
if (i) { bar(); return j; }
foo();
return j;
}
Change-Id: I7d19c15e61b8f8fa4936864407199c4109f8cc82
Reviewed-on: https://code.wireshark.org/review/14822
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I0950f61e90af5bb21c0017204de0c0b509616e5c
Reviewed-on: https://code.wireshark.org/review/14747
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add dumpcap support for configuring 80MHz, 80+80MHz, 160MHz monitor
modes via nl80211.
Change-Id: I2ae8955670c2a9b5051e2223d45ce522459f2c5f
Reviewed-on: https://code.wireshark.org/review/13964
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move the code to open capture devices and get properties of capture
devices there, joining the code to get a list of capture devices.
This lets us do a better job of handling pcap_create() in WinPcap,
including handling both WinPcap with pcap_create() and WinPcap without
pcap_create() at run time, just in case somebody tries using WinPcap 3.x
with a Wireshark built with WinPcap 4.x.
It also could make it easier to use libpcap/WinPcap directly in
Wireshark and TShark, if we have versions of libpcap/WinPcap that run
small helper utilities to do privileged functions, allowing programs
using them never to need elevated privileges themselves. That might
make it easier to fix some issues with running TShark when not saving to
a file (we could avoid the file entirely) and with delays when stopping
a capture in Wireshark (Wireshark could stop writing to the file as soon
as you click the stop button, rather than letting dumpcap do so when the
signal gets to it).
It might also make it easier to handle future versions of
libpcap/WinPcap that support using pcap_create()/pcap_activate() for
remote captures, and other future extensions to libpcap/WinPcap.
Rename some XXX_linktype routines to XXX_datalink to indicate that they
work with DLT_ values rather than LINKTYPE_ values; future versions of
libpcap might use LINKTYPE_ values in newer APIs.
Check for pcap_create() on all platforms in CMake.
Change-Id: Ia12e1692c96ec945c07a135d246958771a29c817
Reviewed-on: https://code.wireshark.org/review/13062
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "-Wwrite-strings" flag produces nuisance warnings. These warnings are
not useful, they're impossible to fix in a sane way and therefore are being
handled with casts of static strings to (char *).
This just moves the warning to [-Wcast-qual] and a compiler pragma is
in turn required (and used) to squelch that warning.
Remove the Wwrite-strings warning. Let that responsibility fall on the
programmer (as is done by casting).
Change-Id: I5a44dfd9decd6d80797a521a3373593074962fb5
Reviewed-on: https://code.wireshark.org/review/12162
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's _WIN32, with a leading underscore, not WIN32. See, for example:
https://sourceforge.net/p/predef/wiki/OperatingSystems/
and
https://msdn.microsoft.com/en-us/library/b0084kay.aspx
*Some* environments may also define WIN32, but we shouldn't depend on
that.
Replace all-caps "WIN32" referring to Windows in comments and other text
with "Windows" or "Win32". (The two are pretty much equivalent, these
days; nobody much cares about Win16, not that we ever ran on it, and
64-bit Windows is just a 64-bitified Win32.)
Change-Id: Id327bcd4b1e9baa4f27055eff08c2d9e594d6f70
Reviewed-on: https://code.wireshark.org/review/10367
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make use of -A parameter when querying data link types supported by a given interface with dumpcap.
Ensure to pass the authentication parameters configured for a remote interface when calling capture_get_if_capabilities()
Bug: 11366
Change-Id: I4efea615084a82108e4a12a64e8c46817f30a5c6
Reviewed-on: https://code.wireshark.org/review/9690
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CND_CLASS_CAPTURESIZE condition type needs the tested parameter to be a guint64
Bug: 11305
Change-Id: I096d995e1e08ff3a81b2a95710185d272d849c86
Reviewed-on: https://code.wireshark.org/review/9104
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fixes the current Windows unit test crash.
Clean up a warning message.
Change-Id: I696e70c7656352d9576c1ad29703298cc7109621
Reviewed-on: https://code.wireshark.org/review/8674
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also move the code for setting the buffer size on Windows near the code for
setting it when we have pcap_create(): into open_capture_device().
Bug: 9067
Change-Id: Ica45f74b98094958d8bb0a38de23248aaa251d4b
Reviewed-on: https://code.wireshark.org/review/8551
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
if we HAVE_PCAP_CREATE.
Change-Id: Ic4eb6e69bde7d244b68a9fd97f66682eda6bdf91
Reviewed-on: https://code.wireshark.org/review/8667
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Previous code was assuming that all local pipes were of extcap type. Let's explicitly check for extcap prefix now.
Bug: 10803
Change-Id: If955e77a9ee2af11b553740269964c40273d5177
Reviewed-on: https://code.wireshark.org/review/8013
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The bonding driver does not properly handle unknown ioctls; it returns
ENODEV rather than ENOTSUP, EOPNOTSUPP, ENOTTY, or a "not supported"
error of that type. This causes problems detailed in bug 11058.
On Linux, check for bonding devices before checking for monitor-mode
support.
While we're at it, get rid of a commented-out include of
CheckCSourceCompiles (it's presumably already been implicitly included
by other functions that use it).
Bug: 11058
Change-Id: I13035de0650634c51a52f262829b2b6fb86b39e9
Reviewed-on: https://code.wireshark.org/review/7856
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It can be set if either 1) this is Windows (where we're assumed to be
using WinPcap, which includes calls to set the buffer size) or 2) we
have pcap_create() (in which case we also have pcap_set_buffer_size(),
at least in a normal libpcap release).
Use that rather than testing "defined(_WIN32) ||
defined(HAVE_PCAP_CREATE)"; that makes it a bit more obvious what's
being tested.
Change-Id: Id9f8455019d19206b04dd6820a748cb97ae5ad12
Reviewed-on: https://code.wireshark.org/review/7816
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only print the "Capturing on..." message if we're actually capturing,
not if we're printing link-layer types.
Change-Id: Icc554776a6a2826276893acb38f7d700effd5f78
Reviewed-on: https://code.wireshark.org/review/7726
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Multiple instances of a single flag from -D/-L/-d/-S should behave like
a single instance of that flag; -D plus -L, for example, is not
supported, but -D plus another -D should be. -k, however, takes an
argument, and we only support one.
Change-Id: I8baced346fbffd75f8d768497213f67bb9a0555f
Reviewed-on: https://code.wireshark.org/review/7723
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Squelch
warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual]
similar to g630f54f.
Change strtod to g_ascii_strtod to squelch a checkAPIs error.
Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e
Reviewed-on: https://code.wireshark.org/review/7269
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Have them start the string with "Compiled" or "Running on", and return
the string when done.
Change-Id: Ic4d290c963621fa0385dc5aab766fd4ad31d3810
Reviewed-on: https://code.wireshark.org/review/6155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We support three types of platforms:
1) UN*Xes that have both getopt() and getopt_long();
2) UN*Xes that have getopt() but not getopt_long();
3) Windows, which has neither.
Checking for getopt_long() lets us distinguish between 1) and 2) and
build getopt_long() for them.
Change-Id: Iaf0f142f9bebaa2eed2128d544ec9786711def45
Reviewed-on: https://code.wireshark.org/review/6045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Wireshark UI files into a single one in wsutil.
Change-Id: I0a64f0cc8106bd681bd185289c36272c4c43baad
Reviewed-on: https://code.wireshark.org/review/6026
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
The latest Xcode, as of today, has only 10.9 and 10.10 SDKs, which means
that, if we build Wireshark and request a deployment minimum release of
10.6, we'll be building against an SDK in which libpcap has routines
that aren't available in 10.6 and that doesn't use weak linking for
them, so the resulting binary won't actually work on 10.6.
Use the run-time loader to find those routines (currently, only
pcap_set_tstamp_precision()) and call them only if we find them.
On other UN*Xes, we still assume that we'll be running only on the
release against which we were built and newer releases.
Change-Id: Iab20d86fe3be4b299cfb6e25c1f95dc6e1581661
Reviewed-on: https://code.wireshark.org/review/5120
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we support setting the time stamp precision, we need it to determine
whether we're writing a pcap-ng file so we know whether to request
nanosecond precision or not.
Change-Id: I7df19c1afbe1ba90c40c49aef79f6f88ce5df29b
Reviewed-on: https://code.wireshark.org/review/4359
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we have pcap_set_tstamp_precision(), use it to request nanosecond
time stamp resolution *if* we're writing a pcap-ng file; any code that
reads those files and can't handle nanosecond time stamp resolution is
broken and needs to be fixed.
If we're writing a pcap file, don't ask for nanosecond resolution time
stamps, as that requires a different magic number for pcap files, and
not all code that reads pcap files can handle that. (Unlike pcap-ng,
where the ability to have non-microsecond time stamp resolution was
present from Day One, it's a relatively recent addition to pcap.) We
could add a command-line option/GUI option for that, like the option
recent versions of tcpdump have, if it matters.
Change-Id: I8fa464eb929feecb9a70be70712502c9f0cc5270
Reviewed-on: https://code.wireshark.org/review/4355
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename simple_dialog_qt.{cpp,h} to simple_dialog.{cpp,h}. Make it a
subclass of QMessageBox. Queue messages at startup similar to GTK+.
Move the GTK+-specific simple_dialog declarations to
gtk/simple_dialog.h.
Don't yell at the user so much. Replace exclamation points with periods.
Change-Id: I1cc771106222d5e06f1f52d67ac29d6dc367cce4
Reviewed-on: https://code.wireshark.org/review/4288
Reviewed-by: Gerald Combs <gerald@wireshark.org>
don't pick up the in-tree copy.
Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71
Reviewed-on: https://code.wireshark.org/review/3798
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Extcap is a plugin interface, which allows for the usage
of external capture interfaces via pipes using a predefined
configuration language which results in a graphical gui.
This implementation seeks for a generic implementation,
which results in a seamless integration with the current
system, and does add all external interfaces as simple
interfaces.
Windows Note: Due to limitations with GTK and Windows,
a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe
is needed, which is part of any GTK windows installation.
The default installation directory from the build is an extcap
subdirectory underneath the run directory. The folder used by
extcap may be viewed in the folders tab of the about dialog.
The default installation directory for extcap plugins with
a pre-build or installer version of wireshark is the extcap
subdirectory underneath the main wireshark directory.
For more information see:
http://youtu.be/Nn84T506SwU
bug #9009
Also take a look in doc/extcap_example.py for a Python-example
and in extcap.pod for the arguments grammer.
Todo:
- Integrate with Qt - currently no GUI is generated, but
the interfaces are still usable
Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f
Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net>
Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net>
Signed-off-by: Roland Knall <rknall@gmail.com>
Reviewed-on: https://code.wireshark.org/review/359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Also, trying to commit this "properly" gave this message:
Error: Found prohibited APIs in dumpcap.c: strncpy,htons,strerror,open
How does this happen? Why does gerrit accept this stuff in case a
user does not have the (current) hooks installed?
Change-Id: I692d053dcd9221aee31ed2780170c0671b856264
Reviewed-on: https://code.wireshark.org/review/3454
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
It just means "pcap didn't give me any interfaces, and didn't report an
error". Hopefully, in the future, there will be pcap APIs that
distinguish between the (admittedly unlikely, these days) case of "there
really *are* no interfaces on which *anybody* can capture" and "you
don't have sufficient permission to capture", and we can report the
latter as an error. (Given that pcap supports more than just "regular
interfaces", though, there are cases where you don't have permission to
capture on those but you have permission to capture raw USB traffic, for
example, so perhaps what's really needed is per-interface indications of
permissions.)
Change-Id: I7b8abb0829e8502f5259c95e8af31655f79d36a1
Reviewed-on: https://code.wireshark.org/review/3169
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some of those routines are used only in dumpcap; others are used in
TShark and Wireshark as well.
Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7
Reviewed-on: https://code.wireshark.org/review/2841
Reviewed-by: Guy Harris <guy@alum.mit.edu>