Valgrind report leaks of several allocations like these:
590 bytes in 50 blocks are possibly lost in loss record 29,818 of 31,670
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0xCB9C8A7: __vasprintf_chk (vasprintf_chk.c:82)
by 0xA3D8DCA: g_vasprintf (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
by 0xA3B846C: g_strdup_vprintf (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
by 0xA3B850B: g_strdup_printf (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
by 0x6F4B51: scan_local_interfaces (iface_lists.c:254)
by 0x6EF3D8: iface_mon_handler2 (iface_monitor.c:113)
by 0xBE56F1D: ??? (in /lib/libnl-3.so.200.3.0)
by 0xBA16F19: ??? (in /usr/lib/libnl-route-3.so.200.3.0)
by 0xBE54E5E: nl_cache_parse (in /lib/libnl-3.so.200.3.0)
by 0xBE585CA: nl_msg_parse (in /lib/libnl-3.so.200.3.0)
by 0x6EF372: iface_mon_handler (iface_monitor.c:123)
When the list of network interfaces is updated allocations done
for global_capture_opts.all_ifaces elements leak memory. Fixed by
introducing a helper function to be used for removing an interface_t
element from all_ifaces array. While at it also fixed misc leaks when
updating individual allocated records of all_ifaces elements.
Change-Id: I035e6936a44edeef2ebe4780931c14cde99e93a4
Reviewed-on: https://code.wireshark.org/review/12209
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It's _WIN32, with a leading underscore, not WIN32. See, for example:
https://sourceforge.net/p/predef/wiki/OperatingSystems/
and
https://msdn.microsoft.com/en-us/library/b0084kay.aspx
*Some* environments may also define WIN32, but we shouldn't depend on
that.
Replace all-caps "WIN32" referring to Windows in comments and other text
with "Windows" or "Win32". (The two are pretty much equivalent, these
days; nobody much cares about Win16, not that we ever ran on it, and
64-bit Windows is just a 64-bitified Win32.)
Change-Id: Id327bcd4b1e9baa4f27055eff08c2d9e594d6f70
Reviewed-on: https://code.wireshark.org/review/10367
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Future: Allow multiple protocols to be disabled in one option statement
(perhaps using a comma or colon delmited set of names in <proto_name>)
instead of having to specify --disable-protocol <proto_name> multiple times.
Change-Id: I9b8f960acf75298ebb098d9b667fca49dca52306
Reviewed-on: https://code.wireshark.org/review/9631
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It can be set if either 1) this is Windows (where we're assumed to be
using WinPcap, which includes calls to set the buffer size) or 2) we
have pcap_create() (in which case we also have pcap_set_buffer_size(),
at least in a normal libpcap release).
Use that rather than testing "defined(_WIN32) ||
defined(HAVE_PCAP_CREATE)"; that makes it a bit more obvious what's
being tested.
Change-Id: Id9f8455019d19206b04dd6820a748cb97ae5ad12
Reviewed-on: https://code.wireshark.org/review/7816
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That matches what it is in other structures, and eliminates a compiler
warning.
While we're at it, remove an empty if statement revealed by that change.
Change-Id: I5e8c8f92fdb3567e75800c729443737032a1bcc7
Reviewed-on: https://code.wireshark.org/review/7752
Reviewed-by: Guy Harris <guy@alum.mit.edu>
... to ensure that there are no potential issues with respect to
editors limiting the number of lines scanned at the end of the file
when checking for editor modelines.
Change-Id: Ic85cbb108bb5159d6ec4116fea11f5eebb4e44a4
Reviewed-on: https://code.wireshark.org/review/4688
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This fixes redundant extcap_pid handle close that could occur in
capture_opts_del_iface() which resulted in unhandled exception on
Windows.
Change-Id: I06b680fcb65cd6fd854a25fb1b01248dce3251a1
Reviewed-on: https://code.wireshark.org/review/4447
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This prevents dumpcap from failing with timeout exceeded error message
with some extcaps (especially those that display UAC screen) by making
sure that extcap connects to pipe before dumpcap is even started.
Change-Id: I549da9217c7f4ae89509330ca4fa613a119a9523
Reviewed-on: https://code.wireshark.org/review/4428
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Extcap is a plugin interface, which allows for the usage
of external capture interfaces via pipes using a predefined
configuration language which results in a graphical gui.
This implementation seeks for a generic implementation,
which results in a seamless integration with the current
system, and does add all external interfaces as simple
interfaces.
Windows Note: Due to limitations with GTK and Windows,
a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe
is needed, which is part of any GTK windows installation.
The default installation directory from the build is an extcap
subdirectory underneath the run directory. The folder used by
extcap may be viewed in the folders tab of the about dialog.
The default installation directory for extcap plugins with
a pre-build or installer version of wireshark is the extcap
subdirectory underneath the main wireshark directory.
For more information see:
http://youtu.be/Nn84T506SwU
bug #9009
Also take a look in doc/extcap_example.py for a Python-example
and in extcap.pod for the arguments grammer.
Todo:
- Integrate with Qt - currently no GUI is generated, but
the interfaces are still usable
Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f
Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net>
Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net>
Signed-off-by: Roland Knall <rknall@gmail.com>
Reviewed-on: https://code.wireshark.org/review/359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't assume that a change to the interface list is from a non-empty
interface list to a different non-empty interface list.
Change-Id: I94054ca0cf2661704aff1869385aa2155c19677d
Reviewed-on: https://code.wireshark.org/review/3193
Reviewed-by: Guy Harris <guy@alum.mit.edu>
capture_opts.c:1017:61: error: declaration of 'index' shadows a global declaration [-Werror=shadow]
Change-Id: Ie409b4fa7abeb85e460bea398735cdc98d9034b1
Reviewed-on: https://code.wireshark.org/review/3041
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
when we delete an interface from all_ifaces, delete it from ifaces as well
remove its selected status if it was selected
at the moment, an interface that was used for capturing before will
never be removed from the list of interfaces even if it becomes
unavailable as it remains in ifaces and will be re-added to all_ifaces
in scan_local_interfaces()
new helper function capture_opts_del_iface() to delete an entry from ifaces and
free all its components
Change-Id: Ie3271a7ed086367e511d3a971f3b68cfc014115d
Reviewed-on: https://code.wireshark.org/review/2965
Reviewed-by: Evan Huus <eapache@gmail.com>
Move the GTK files necessary for managing the recnet remote host from capture_dlg.c to recent.c in order to use them in QT, too.
Change-Id: I3f3fd31ce928162de08c6db7309ef2a9b1e97760
Reviewed-on: https://code.wireshark.org/review/2955
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I148beb52574b0f7d990722901b72653c71026cb8
Reviewed-on: https://code.wireshark.org/review/2939
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Some of those routines are used only in dumpcap; others are used in
TShark and Wireshark as well.
Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7
Reviewed-on: https://code.wireshark.org/review/2841
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This pulls some stuff out of the top-level directory, and means we don't
have to build them once for every program using them.
Change-Id: I37b31fed20f2d5c3563ecd2bae9fd86af70afff5
Reviewed-on: https://code.wireshark.org/review/2591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(The name for -p matches what's in the tcpdump trunk.)
Change-Id: If4f1824518aee1f0213f140d884db9c676dd15c4
Reviewed-on: https://code.wireshark.org/review/2497
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, simplify the #ifdefs and #defines in capture_opts.h -
don't do the same tests twice.
Change-Id: I2079167f31789470ef77120054d769d5914745e3
Reviewed-on: https://code.wireshark.org/review/2496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The names match tcpdump trunk's names for the corresponding options.
Also have capture_opts.h provide a #define for the part of the short
option string that corresponds to the capture short options that all our
programs that take capture short options take (those are largely the
ones we have in common with tcpdump).
Change-Id: Ia209425959c801725850b56a7d63441ee99b5001
Reviewed-on: https://code.wireshark.org/review/2492
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also, make the convention for long-only options be that their
case-statement values start at 128, so they avoid colliding with any
ASCII code points, including control characters.
Make the tables of long options "static const" while we're at it, and
get rid of unnecessary casts.
Change-Id: I55702a85e9bc078b1cd0f2803ebb68a710405bab
Reviewed-on: https://code.wireshark.org/review/2491
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- allow to change the interface options in the table
- save the options to preferences when the dialog is left
- add a field for setting a capture filter for all selected interfaces
- add a "Compile BPF" button and a window to show the compiled filter output
- try to address Alexis' and Evan's comments
Change-Id: Ic1272e29183ec80e2d2f4b3e494c79dabe2c3b6f
Reviewed-on: https://code.wireshark.org/review/1946
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
temp is a clone of the local if_info, but the type
attribute is not copied correctly
Additionally, the if_type member is exposed via the
capture options
Change-Id: Id53f0dfd1e127921e1b89bbf78cb431ee257a96c
Reviewed-on: https://code.wireshark.org/review/404
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Yes this solution leaks memory, but I think the handful of bytes leaked is worth fixing this nuisance. Won't backport until leak is fixed though.
svn path=/trunk/; revision=52793
it into a separate capture_session structure. capture_opts should
contain only user-specified option information (and stuff directly
derived from it, such as the "capturing from a pipe" flag).
svn path=/trunk/; revision=49493
should be used (on success, have it return 0). Exit with that exit
status; if the problem is that we couldn't get the interface list or if
there are no interfaces in that list, return 2, as that's not a
command-line syntax error.
svn path=/trunk/; revision=46108
Friendly Names for interfaces on Windows
Notes on the changes the patch covers:
* if_info_t struct: addition of friendly_name
* Dumpcap Interface list format changes:
+ Win32: "dumpcap -D" shows friendly_name in place of descript if known
+ All: machine interface "dumpcap -D -Z none" includes friendly_name in the
list in addition to the existing parameters
* interface_options struct: addition of console_display_name
+ When an interface name is displayed in a console, it will typically be the
console_display_name (instead of name).
+ console_display_name is used as the basis of the autogenerated temp
filenames
+ console_display_name is typically set to the friendly_name if known,
otherwise it is set to the interface name
* Enhancements to capture_opts_add_iface_opt() (the function which process -i
options).
+ Can now specify the interface using its name and friendly_name
+ Interface name matching is case insenstive
+ Name matching first attempts exact matching, then falls back to prefix
matching
(e.g. dumpcap -i local)
+ Validates interface names, instead of blindly sending them off to
winpcap/libpcap
+ Interface specification by number is still supported.
* capture_opts_trim_iface() has been refactored:
+ Instead of repeating a decent chunk of the cost in
capture_opts_add_iface_opt(), it calls capture_opts_trim_iface() to specify the
interface.
* introduction of capture_win_ifnames.[ch] (windows only code)
+ Implements static function GetInterfaceFriendlyNameFromDeviceGuid() - a
windows version independant function to convert an interface guid into its
friendly name. Uses published api functions on windows vista and higher, but
falls back to unpublished API functions on older windows releases.
+ void get_windows_interface_friendlyname(/* IN */ char
*interface_devicename, /* OUT */char **interface_friendlyname); - extracts the
GUID from the interface_devicename, then uses
GetInterfaceFriendlyNameFromDeviceGuid() to do the resolution
* Auto temp filename generation:
+ Now uses wireshark_pcapng_* or wireshark_pcap_* depending on file format
+ Basis temp filename format on console_display_name
+ Win32: if console_display_name is a windows interface guid, extracts
numbers from GUID here (instead of in interface option processing)
GUI CHANGES:
* Dialog that displays when you click the "Manage Interfaces" button (within
Capture Options dialog) has been renamed from "Add new interfaces" to
"Interface Management"
* ui/gtk/capture_dlg.c: new_interfaces_w variable renamed to
interface_management_w
* Win32: Local Interfaces tab on Interface Management dialog, shows includes
friendly name as far left column
* Interface Management dialog defaults to larger size on win32 - so it fits
without resizing local interfaces tab
* Interface Management dialog now saves preferences when you click the apply
button (local hidden interfaces was not persisting across restarts)
* Tweaks: "Interface Details" dialog (Interface list->Capture Interfaces ->
Details):
+ "Friendly Name" renamed to "NDIS Friendly Name"
+ Added "OS Friendly Name" to the top of the list
* Win32: The "Capture Interfaces" dialog now shows the friendly name instead of
device guid
* Welcome screen:
+ The height of the interface list scrollbox dynamically adjusts & updates to
the number visible interfaces.
Up to 10 interfaces can be listed without a scroll bar, the minimum height
is for 2 interfaces.
+ Win32: now shows just the Friendly Name if known - in place of
"Interfacename_Guid:(Description)"
svn path=/trunk/; revision=46083
capture_opts.h. (It arguably belongs somewhere other than in a file in
ui/gtk, but, if so, move it there, e.g. to something in ui.)
svn path=/trunk/; revision=41712
test scripts are passed.
Use a global list containing all interfaces and only change
properties of the entries when changes are made in the GUI.
Do not misuse the list of interfaces specified on the command
line anymore.
This patch does not provide any new functionality, it just
provides the base for future extensions like removing
remote interface, mulitple airpcap devices and multiple
pipes.
This patch was provided by Irene Ruengeler.
svn path=/trunk/; revision=40715
Use a global list containing all interfaces and only change
properties of the entries when changes are made in the GUI.
Do not misuse the list of interfaces specified on the command
line anymore.
This patch does not provide any new functionality, it just
provides the base for future extensions like removing
remote interface, mulitple airpcap devices and multiple
pipes.
This patch was provided by Irene Ruengeler.
svn path=/trunk/; revision=40693
properties of the entries when changes are made in the GUI.
Do not misuse the list of interfaces specified on the command
line anymore.
This patch does not provide any new functionality, it just
provides the base for future extensions like removing
remote interface, mulitple airpcap devices and multiple
pipes.
This patch was provided by Irene Ruengeler.
svn path=/trunk/; revision=39495
configure that you want to capture on multiple remote interfaces
on mulitple hosts.
Improve some #ifdef mess in dumpcap.
svn path=/trunk/; revision=37178
Use consistent naming of variables on capture_options.
Make pcap sampling independent of remote capturing, since
it seems to work local pcap devices using winpcap (at
least that is what the documentation says).
svn path=/trunk/; revision=37176
parameters. An array of interface specific data is handled
in addition to the current way.
This change should not have any effect right now, it will
be used by dumpcap when supporting multiple interfaces
(and tshark/wireshark... in the future).
svn path=/trunk/; revision=37082
as in other places of the code. Such that this is consistently
used. While there, clean up some whitespaces.
This fix was provided by Irene Ruengeler which testing
remote capturing (with multiple interfaces).
svn path=/trunk/; revision=36112
so we give a non-zero exit status for invalid interfaces or capture
filters.
From me: don't exit immediately if dumpcap failed, print out information
from taps and the like.
svn path=/trunk/; revision=33393
build without libpcap, to make sure that works, and then do a build with
libpcap, to put into a binary release. It's the former that's failing;
I'll back out the previous change and then work on that.
svn path=/trunk/; revision=32801
if_capabilities_t - it doesn't fail on Snow Leopard, even if I undefine
HAVE_PCAP_CREATE, and doesn't fail on the Leopard PPC buildbot, either.
svn path=/trunk/; revision=32799
monitor mode at the same time that we fetch its list of link-layer
types. Support fetching that list in monitor mode, as the list may be
different in regular and monitor mode. If the interface supports
monitor mode, when printing the list of link-layer types, indicate
whether they're fetched in monitor mode or not, as tcpdump 4.1.x does.
svn path=/trunk/; revision=32789
the code to print the machine-readable format into dumpcap, and have the
code in capture_opts.c just print the human-readable format.
svn path=/trunk/; revision=32714
interface by running dumpcap, so that if you need privileges to open an
interface, and dumpcap has those privileges, neither TShark nor
Wireshark need them.
svn path=/trunk/; revision=32710
pcap_set_buffer_size() did as well, so there aren't any libpcap releases
with pcap_create() but not pcap_set_buffer_size().
Only do one check for pcap_create.
svn path=/trunk/; revision=32695
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=475
BUT not activating the check for
pcap_create()
pcap_set_buffer_size()
This should make it possible to build with support for setting the buffersize if not capturing 802.11 traffic.
The code for handling the 'B' option should be OK in any case.
svn path=/trunk/; revision=32688
don't need global_capture_opts don't need to have it declared and thus
don't need capture_options defined.
Include gtk/capture_globals in the files in question.
Change some more capture_opts references to refer to
global_capture_opts.
Change some global_capture_opts references in routines with a
capture_opts argument to refer to capture_opts.
The structure type is capture_options, not capture_opts; fix some
references.
Include <sys/types.h>, if it's present, in capture_opts.h, so we get
gid_t defined.
Clean up indentation.
svn path=/trunk/; revision=25574
setting, and is used only in dumpcap.c, and needs to get at information
set by dumpcap's signal handlers so it can respond to ^C; move it to
dumpcap.c, rename it print_statistics_loop(), and make it set ld.go to
TRUE before looping and loop only as long as ld.go is TRUE.
That fixes bug 2592 (at least on Mac OS X, and probably on other UN*Xes;
it should fix it on Windows as well).
svn path=/trunk/; revision=25492
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
setuid instead of Wireshark. Remove the "DANGEROUS" notices, but leave it
disabled by default. Whine if the user runs Wireshark or TShark as root.
Add a preference to disable the whining. Add a "setuid-root" script that
can be used to switch dumpcap and TShark's setuid-ness on and off for
development and testing. Update the release notes and README.packaging.
svn path=/trunk/; revision=22733
Try to call get_interface_descriptive_name() as little as possible (storing
the result in capture_opts) to avoid a performance hit during live capture
(especially if you have lots of interfaces) and to avoid leaking memory.
One issue with this is that capture_opts.c cannot (without adding significant
dependencies) set the iface_descr so readers of that field (only gtk/main.c
and tshark.c) use a macro to (set if not already set and) get the value of
that field.
svn path=/trunk/; revision=22587
this in the GUI rather than calling pcap_stats() directly. This gets rid
of the last pcap_open_live() call in the GUI code. Update
README.packaging.
svn path=/trunk/; revision=22443
that "-D" and "-L" should produce machine-readable output. Use this to
move an indirect get_pcap_linktype() call from the GUI to dumpcap.
svn path=/trunk/; revision=22367
Add a capture_interface_list(), which works similar to
get_interface_list() except that it forks dumpcap instead of calling
the pcap routines directly. Use it in the GUI.
Add a "-I" flag to dumpcap, which prints out verbose interface
information.
Tested under Windows and Linux.
svn path=/trunk/; revision=22071
that obviates the need to check for a null capture filter string, and
fixes bug 1055.
Keep track of whether it was set from the command line, though, so we
can catch attempts to set the filter more than once, and attempts to set
it when we're not capturing.
Clean up white space.
svn path=/trunk/; revision=19047
even if doing a live capture; just print the packets without saving
them.
In dumpcap:
default to the capturing the entire packet;
don't do the "Press any key" stuff when debugging on UN*X;
do console logging (to the standard error) even when we're
running as the capture child (the sync pipe should only be the
standard output, not the standard error).
svn path=/trunk/; revision=17786
using dumpcap as the capture child for Ethereal.
dumpcap is a plain console application now, even for Win32 (so no WinMain, create_console and special piping stuff reguired). The undocumented command line option -Z will switch dumpcap into "child mode", using binary instead of plain text output messages to communicate with a parent Ethereal.
Ethereal's main.c no longer needs to distinguish between child mode or not, so some simplifying here.
capture_sync.c has to call dumpcap in a "hidden window" mode using CreateProcess instead of spawnvp, otherwise an uggly console window would appear. The handles created by _pipe doesn't seem to be inheritable for this function, using CreatePipe instead.
The file capture_loop.c is only needed by dumpcap, removed from Ethereal link objects.
Some debugging aid added and other minor cleanup done.
svn path=/trunk/; revision=17256
remove a lot of redundant code from tethereal and use (move) stuff from capture_loop.c instead.
concentrate common capture related code in capture_opts.c, e.g. trying to find the right interface to capture from (command line option, preference, first usable) instead of duplicating this code over several files.
remove redundant code from dumpcap.c
this also implements command line option -D (and indexed interfaces at -i) for Ethereal and Dumpcap (as we have it in Tethereal already for a while)
svn path=/trunk/; revision=16787