sshdump can now be copied in multiple instances. Each instance will
show up a different interface and will have its own profile.
This will help users connecting to different hosts. Instead of changing
profiles, sshdump can be cloned, and each instance will be used for a
single host.
Change-Id: If4fb42cf78021c6f16213ae91cbf41ec7f61ca77
Reviewed-on: https://code.wireshark.org/review/37883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We aren't using them now; stick to libpcap APIs (including Windows-only
libpcap APIs).
Change-Id: I812eaa31ba1e6e611418853105d3e00c9130a420
Reviewed-on: https://code.wireshark.org/review/37852
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Our authors lists and man pages are encoded as UTF-8 and have been for
quite a while. Remove perlnoutf.pl and ensure that standard I/O uses
UTF-8 as described at
https://www.perl.com/pub/2012/05/perlunicook-make-all-io-default-to-utf-8.html/
Change-Id: I7016ec5e3a12934463b43bcfdde2c424069c20ac
Reviewed-on: https://code.wireshark.org/review/37817
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In each of our executables we were calling "setlocale(LC_ALL, "")" at
startup. This told Windows that output was encoded using the current
system code page. Unless the code page was 65001 (UTF-8), this was a lie.
We write UTF-8 to stdout and stderr, so call "setlocale(LC_ALL, ".UTF-8)"
at startup on Windows. This lets the CRT translate our output correctly
in more cases.
Clarify and expand the OUTPUT section in the tshark man page.
Bug: 16649
Change-Id: If93231fe5b332c292946c7f8e5e813e2f543e799
Reviewed-on: https://code.wireshark.org/review/37560
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.
Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>
They were added in the code, but weren't documented.
Change-Id: Iaa12e2d33aa4a4b889c00a7f10b12b4c9b6e8197
Reviewed-on: https://code.wireshark.org/review/36953
Reviewed-by: Guy Harris <gharris@sonic.net>
Support for the -m (monospace font) flag was removed from Wireshark in
2.3/2.4 in g37252634c4. Remove it from the man page and help output.
Change-Id: Idaafeb6cd30d7deea6086a065168c91affd6f0ad
Reviewed-on: https://code.wireshark.org/review/36926
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Check is enabled by #ifdef ENABLE_CHECK_FILTER
Remaining issues found by this check are fixed here,
along with a documentation note that the entries
are checked in order and the first match is used.
The only issue not yet fixed is in packet-isup.c,
where the spec was not available to me.
Change-Id: Ife747cda9b91a265bc2b81ce0a53f55f3389919e
Reviewed-on: https://code.wireshark.org/review/36708
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Commit 3398c2898d duplicated the '-i'
option in the synopsis. Remove this again.
Change-Id: I85fb78515910b11e9dff9b3aa876746b2ff11fa4
Reviewed-on: https://code.wireshark.org/review/36678
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As I said in
https://ask.wireshark.org/question/10361/how-to-properly-use-heuristic-dissector-for-tcp/?answer=10363#post-id-10363
"Should" has multiple meanings; there's "Used to indicate obligation,
duty, or correctness, typically when criticizing someone's actions.", as
in "I think we should trust our people more", and there's "Used to
indicate what is probable.", as in "the bus should arrive in a few
minutes". You're reading it in the latter sense; it was intended in the
former sense.
That sentence should probably be changed to "Wireshark must be then set
up..." to avoid the ambiguity.
Make it so (over half a year later, sigh), and change another case where
"should" is meant in the first sense while we're at it.
Change-Id: I90198d1616619c75802deeeb703ceee0c8bac1bf
Reviewed-on: https://code.wireshark.org/review/36155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In the README.plugins file there is still mention of autotools related items.
This change removes those lingering references.
Change-Id: I1fc7c6d478a6fc8bbe9481178d9f673aaebcad9f
Reviewed-on: https://code.wireshark.org/review/35843
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the Expert Information section of the User's Guide. Use the term
"Expert Information" to describe the dialog and "expert information
item" to describe each generated item. Update related text elsewhere.
Update the expert icon and other parts of the status bar docs.
Change-Id: I0c2cba0cbb3c74a1f6e3a37d4a2a592faccb350f
Reviewed-on: https://code.wireshark.org/review/35462
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the minimum version in various documents. Remove some
no-longer-needed code from scripts that call windeployqt.
Change-Id: I16da4bced9780c9f1b1969aae7c52e2fce1968aa
Reviewed-on: https://code.wireshark.org/review/35391
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.
Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Generate a dissector based on doc/packet-PROTOABBREV.c.
Change-Id: I9233c1212acb30f7166ba91e39d98bc3fb123731
Reviewed-on: https://code.wireshark.org/review/35062
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Documentation of the Wireshark command line options between help text,
manual page and user's guide diverged over time. One aspect of this is
the implementation of more long options. This change tries to update
all documentation to be complete and in sync again.
Bug: 16168
Change-Id: Id833fbeb14fdb7b3dbc1564504a25d96f4367c91
Reviewed-on: https://code.wireshark.org/review/35047
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This reverts commit f1285fcf06.
NSIS package is broken with this commit.
Change-Id: Ief22a308edad188fa2d5fab79355f19493359fa6
Reviewed-on: https://code.wireshark.org/review/34758
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
HTML docs are installed to both $docdir and $pkgdatadir. Fix that
to install to $docdir only.
Change-Id: I115158585b6df9170d9a01249adbc8548df91f14
Reviewed-on: https://code.wireshark.org/review/34640
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The QUIC transport protocol provides a stream, similar to HTTP/2. Make
it possible to look at the stream contents. This can be helpful while
HTTP/3 support is not yet complete.
Known issues that will be addressed in the future:
- If a single packet contains multiple streams, then Follow QUIC Stream
will wrongly include data from streams other than the selected one.
This is tracked by bug 16093 and affects HTTP/2 as well.
- The Substream index menu does not properly filter for available
stream numbers. If a non-existing stream is selected, then changing
to another (potentially valid) index results in the "Capture file
invalid." error. As workaround, clear the display filter first.
- Follow Stream always selects Stream ID 0 instead of the first or
currently selected stream field in a packet. Users should manually
update the stream index as needed.
Change-Id: I5866be380d58c96f0a71a29abdbd1be20ae3534a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/34694
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
proto_tree_add_bitmask_len also expects an expert information field
to display in the event that the decodeable length is less than the
specified length.
Bug: 16061
Change-Id: If8061b0754cd6862799ab76bf9c10e16ed5d8f38
Reviewed-on: https://code.wireshark.org/review/34567
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Make it consistent with -z conv,ip and -z endpoints,ip
Bug: 15660
Change-Id: I9a3d2e95fed47231c0bab20e6cf069987eed142f
Reviewed-on: https://code.wireshark.org/review/34426
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add '-J' option to synopsis and reshuffle '-j' to correct place.
Change-Id: I351b3ce464fca3b52a75614e1e8f8c91f9a30df2
Reviewed-on: https://code.wireshark.org/review/34352
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
WIRESHARK_CONFIG_DIR was introduced with Wireshark 3.0 and is more
cross-platform than WIRESHARK_APPDATA. The latter was presumably created
for use by PortableApps. Let's consider that an internal, undocumented
detail that might be change, and document WIRESHARK_CONFIG_DIR instead.
Change-Id: I0042d607b282cc6dee4b017b1e80b44087bd62e9
Reviewed-on: https://code.wireshark.org/review/34113
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove some dead links or point them to archive.org while at it. All
updated links have been verified.
Change-Id: Icf02167a13d5fe9dfce39ea57525b3f185554c9d
Reviewed-on: https://code.wireshark.org/review/34028
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This new tap collects credentials (username and paassword)
from the dissectors.
So far, few dissectors have been instrumented:
- http (basic auth)
- http (header auth)
- ftp
Others can be instrumented as well using the same technique.
Tshark has a new option (-z credentials) and Wireshark a new
"tools" menu: the documentation has been updated accordingly.
Change-Id: I2d0d96598c85bb3ea4fb5ec090dd8dc28b481fc9
Reviewed-on: https://code.wireshark.org/review/33453
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
We removed the "title" member from decode_as_t.
Update the sample code snippet accordingly.
Change-Id: I5d4ba979c955de50287f5b4deea7c64bf96f7d9b
Reviewed-on: https://code.wireshark.org/review/33574
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 15591
Change-Id: Icb8246ba196df026736ce1e54eb2ace2c7cd49b0
Reviewed-on: https://code.wireshark.org/review/33530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a BASE_SHOW_ASCII_PRINTABLE flag for the "display" field, to use
with FT_BYTES and FT_UINT_BYTES fields; it specifies that, if the field
consists solely of printable ASCII characters, its value be displayed as
a string, in quotes. Have a routine hfinfo_format_bytes() to do that
formatting, depending on the display field value.
Add routines to fetch the display value of string and
FT_BYTES/FT_UINT_BYTES fields; for strings, it's the result of
hfinfo_format_text(), and for byte arrays, it's the result of
hfinfo_format_bytes().
Use BASE_SHOW_ASCII_PRINTABLE for extended attribute data in SMB and
SMB2. Use the routines in question for extended attribute names
(string) and data (bytes). That keeps us from displaying non-text
extended attribute data as if it were text.
Document BASE_SHOW_ASCII_PRINTABLE.
Change-Id: I24dcf459c14f00985e4daaf9b58f5933964eabd8
Reviewed-on: https://code.wireshark.org/review/33517
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Decode received payload as utf-8 string, replacing any invalid
characters with U+FFFD.
Change-Id: If80fbbec5c369f1098dbc1e46e092928aa0b0eb9
Reviewed-on: https://code.wireshark.org/review/33252
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Clarify *display* filter, add link to User's Guide, and update to https.
Change-Id: I9a2152213cf5b4cb3daf15e62c73074524d92f94
Reviewed-on: https://code.wireshark.org/review/32912
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multicheck values can be checkable or uncheckable depending on the
"enabled" option. Moreover, multicheck values can be stacked into a
tree by providing a "parent" option.
Modify the example extcap to illustrate these possibilities.
Bug: 13355
Change-Id: I0c50ff873c07eca5cc4ae8036b87cbb440d318b3
Reviewed-on: https://code.wireshark.org/review/32842
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In Python 3 strings cannot be joined with bytes.
This change has no effect for Python 2.
Ping-Bug: 15694
Change-Id: I2eb62698ce323f8156ed98b7fe88e4e43e59c784
Reviewed-on: https://code.wireshark.org/review/32843
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reorganize the lists of accessors, with a top-level heading for the byte
order and subheadings for each size.
Also document ENC_HOST_ENDIAN.
Change-Id: I10131e399f6c90624a387c89340f77ea769ab33f
Reviewed-on: https://code.wireshark.org/review/32701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Inspired by looking into
https://ask.wireshark.org/question/8009/wireshark-ring-buffer-settings-from-command-line/
... in which the user was confused because a duration set on the command
line was not reflected in the GUI. That's because
I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae added the `interval` ring-buffer
option and made the GUI use this rather than `duration`. This was not at all
clear in the GUI, though.
Since `duration` and `interval` have quite different use cases, expose both in
the GUI.
Try to clean up and unify the tooltips at the same time. I'm not entirely
convinced the tooltips need to be on the checkbox, the spinbox, and the
combobox but leave it that way for now.
Add some to the man page description of the interval option to hopefully make
it clearer what the option does.
Change-Id: I3b45fe71c33af64d980dffb5e5ba93e2a15a6b96
Reviewed-on: https://code.wireshark.org/review/32526
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They're a capture filter if you're capturing live traffic; they're a
display (read) filter if you're reading a capture file.
Change-Id: Ia2f5bcdb0098bf3c2b4a3d99da5bfe768e09b5a0
Reviewed-on: https://code.wireshark.org/review/32207
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use the perpod syntax for manpages to remove this warning:
Cannot find "tail" in podpath: cannot find suitable replacement
path, cannot resolve link
Change-Id: I90cb4fe7d3b019e4bc5f5a8fbc7df347f966badb
Reviewed-on: https://code.wireshark.org/review/31770
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Option --extcap-interface=ssh seems to give an error, update it.
Note that --remote-capture-command overrides other options. Perhaps some
form of template should be supported, but that is currently not
implemented.
Change-Id: Iee132941a460afca91e73cf3e3ec3501dc15f14d
Reviewed-on: https://code.wireshark.org/review/31753
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Instead of just reporting a mismatching error code, include the program
output. This should help tracking down unexpected errors. While at it,
check the expected error message too.
Change-Id: Ib8fe51cc06b795bb54bfe1e6eaa828c6ba1128ef
Reviewed-on: https://code.wireshark.org/review/31714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
For close to 10 years, we have defaulted not to stop processing on an
open error; default not to stop processing on a read error, either. -C
causes us to stop for both.
Bug: 15433
Change-Id: I5cd239c160d0ff85eb0425ca4b172532a4659fd3
Reviewed-on: https://code.wireshark.org/review/31710
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This function can convert non-string fields into strings. This allows the
user to apply string functions (like contains and matches) to non-string fields.
Examples:
string(frame.number) matches "[13579]$" => for odd frames
string(eth.dst) matches "aa\.bb\.cc\.dd\.ee\..." => to match a group of stations
string(snmp.name) matches "^1.2.3.4" => for all OIDs under a specific node
Change-Id: I18173f50ba5314ecdcd1e4b66c7e8ba5b44257ee
Reviewed-on: https://code.wireshark.org/review/31427
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Move doc/README.packaging to the Developer's Guide and update the
content.
Change-Id: I25fda6cade8f3cfd11af865745bedd0fb5a7c86f
Reviewed-on: https://code.wireshark.org/review/31474
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If49baf3e2b4e01f4ca4ea85415a3a291f8c04c92
Reviewed-on: https://code.wireshark.org/review/31354
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When generating a capture file from a text file it can be helpfull
to be able to set the capture interface name in the generated IDB.
This can be especially true if later on the generated captures are
merged and the individual IDB's have to be compared. Without a name
every IDB of the same datalink type will be equal and subject to
merge. Also it keeps the individual streams identifiable for the
end user.
Change-Id: I70224379d88f516a0a356bf0b46aebafb69665f0
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31015
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1) The default build configuration is to select PCAPNG as
output format, but it can be selected as PCAP. Some of the
command line tools have the option to select the output
format and default towards the build configuration.
This has to be reflected in their help output also.
2) Various documentation files are still stating that PCAP is
the default format of various tools. With the default build
configuration being PCAPNG these have to be adjusted as well.
(with lack of dynamic content the documentation can only refer
to the default build configuration format).
Change-Id: I51d19642a7ed8c99817971c1f25d20972095021e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With the introduction of the ip command (from iproute2) on modern
Linux systems it becomes common to see this tool available,
gradually replacing tools like netstat and ifconfig.
Change-Id: I1fb309e741c07c93271b61a35c4833d36bcc5cb8
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30924
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.
Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add a new option to insert decryption secrets into a pcapng file.
Change-Id: I0e024585cac9a8a328e88d32f9eb03d37d350e2a
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure the -i <pipe> documentation is consistent and correct.
Change-Id: I9019effb658f914ac754e4ae893eafbe7c4b4da1
Reviewed-on: https://code.wireshark.org/review/30675
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Previously 'tshark -z expert' was failing with abort when a packet
contains a comment
- Add a new comment parameter and update the tshark's manual page
- Add a new comment_level severity and change the default lavel to it.
- Add various 'tshark -z expert' tests
Change-Id: I188317da5e00019b8f2b725f0fe84942f774520f
Reviewed-on: https://code.wireshark.org/review/30610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds val64_string_ext to parallel value_string_ext in the
same way that val64_string parallels value_string.
Change-Id: Iadbfc49f5a4540000ed92fd0469e8d273911e97e
Reviewed-on: https://code.wireshark.org/review/30385
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Register the follow_free as a finish callback.
Call the tap's finish callback in free_tap_listener which is called from
both remove_tap_listener and tap_cleanup.
Describe the finish callback in README.tapping
Change-Id: Ie79ce8f39b0ca6d84810d2e3307dcff38b18d3ac
Reviewed-on: https://code.wireshark.org/review/29309
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add 'v' option for VLAN ID resolving and get rid of
deprecated 'C' option.
Bug: 14826
Change-Id: I63104f4a465d251048693ad02882ea7eb2c4d926
Reviewed-on: https://code.wireshark.org/review/30029
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an sdjournal extcap, which reads journal entries using the
sd-journal API and dumps them as journal Export Format records.
Change-Id: I17ccfa88ab5d053c16c869cd26e580d84022502e
Reviewed-on: https://code.wireshark.org/review/29479
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
- It cannot support IPv6.
- Non-standard use (specifically recommended against in the RFCs)
of the IPv4 fragment ID field.
- Has a narrow and non-obvious use case, IMO.
- It is not supported in the Qt GUI.
- Significant maintenance burden for an obscure feature.
Change-Id: Icaf429269dc42f78c38b8d20001508132499faf8
Reviewed-on: https://code.wireshark.org/review/29239
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Implement a --seed option to be used in conjunction with -E. The option
allows the user to set the seed for the pseudo-random number generator,
which can be useful for recreating a particular sequence of errors.
Change-Id: Id427ab5fd7711652ad56c72271b2e0acb7380858
Reviewed-on: https://code.wireshark.org/review/29306
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A CMake config-file package provides support for downstreams using
CMake and Wireshark libraries to easily configure the libwireshark
dependency with:
find_package(Wireshark CONFIG [REQUIRED])
target_link_libraries(foo epan)
The FindWireshark.cmake file is no longer needed.
See cmake-package(7) for more details on CMake's package system.
Change-Id: Ie8af1d44417a99dd08d37959f7b2ffca88572ec2
Reviewed-on: https://code.wireshark.org/review/29208
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Change the plugin compatibility check to make it more convenient to
define and check the major.minor Wireshark version.
Change-Id: I2a6d2a746682c29504311cce5c457e0a852c3daf
Reviewed-on: https://code.wireshark.org/review/29224
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Fix combination of pkg-config and CMake variables for feature
detection.
Remove non-system installation option. Just copy it manually for now.
Change-Id: Ia80c703c6ec3df0a49f8d56f1bd6da69471c523f
Reviewed-on: https://code.wireshark.org/review/29223
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Switch the AUTHORS heading markup from underscores to equals. This makes
it easier to transform to Pod headings.
Update the AUTHORS-SHORT-FORMAT output so that the author lists are
verbatim paragraphs. Add a style for the author lists instead of
wrapping everything in a <pre>.
The AUTHORS files are UTF-8 and wireshark.pod sets "=encoding utf8".
There's no need to translate characters.
Change-Id: I43cf18ff86774421b08edb84d968a9410be177fe
Reviewed-on: https://code.wireshark.org/review/29181
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We've set "=encoding utf8" in wireshark.pod for a long time. Do so in
the rest of our .pod files.
Change-Id: I3ef0fb3a88ed63275b4ff4362b6afbf13d79a0bc
Reviewed-on: https://code.wireshark.org/review/29182
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is useful when processing packets that were captured by multiple radios on the same channel.
Change-Id: I9dacc35294a4ed4e817014e563e7c9a54ee05e40
Reviewed-on: https://code.wireshark.org/review/28843
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move the information from README.extcap into docbook.
Change-Id: Ic6504787750d04fe6c66479896cba8d6148d804d
Reviewed-on: https://code.wireshark.org/review/28690
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.
Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For testing live capture mode in the Qt UI, it is useful to have a
continous capture source with some dummy packets.
Change-Id: Id76ecbf24828dd3212b208c96679524e4c25b00f
Reviewed-on: https://code.wireshark.org/review/28537
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Set symbol visibility properly.
Add -Wall -Wextra GCC flags that were there previosuly.
Remove duplicate -I compiler flags. Remove useless "hello_EXPORTS" definition while at it.
Change-Id: Iac173f02e41b3b4f2999e5d71b95b910a9c2da11
Reviewed-on: https://code.wireshark.org/review/27744
Reviewed-by: João Valverde <j@v6e.pt>
This file was erroneously removed in 4a156da068.
This file is not part of Wireshark's (the application) build system.
We may want to convert the example to use CMake instead (purely for consistency) but until then configure.ac and Makefile.am are required files.
Change-Id: I7902ff71a44bba798e8dc7083103d4785095b374
Reviewed-on: https://code.wireshark.org/review/27684
Reviewed-by: João Valverde <j@v6e.pt>
Group arguments together to better present them, as well as to
have the possibility to better facilitate settings categories.
The order of tabs is defined by the numbering of arguments and
their appearance. If no tab can be found or no group has been
defined for the argument, a default tab will be added.
Change-Id: I032881193e09d4ad5d65c9f73fede87695acdace
Reviewed-on: https://code.wireshark.org/review/27054
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
They've been replaced by the Python scripts.
Change-Id: I8add9c9ea0a6bdd68b2fa3841977863c0ea9a761
Reviewed-on: https://code.wireshark.org/review/27243
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing section on display filter functions to WSUG and make it
consistent with the wireshark-filter(4) manual. "count" was added in
Wireshark 1.12 (bug 9480). "len" was added in Wireshark 1.6.x.
"size" (added in 1.8.x) is not documented since it works like "len",
except that it is not limited to strings and byte arrays. I think that
"len" should be extended to other types while removing "size".
Change-Id: I2c8e2b4a11f007de7852a797bed971af86840b47
Reviewed-on: https://code.wireshark.org/review/27146
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now that we only support CMake, that file would be reduced to
Wireshark is built using CMake.
which doesn't justify keeping it around.
Change-Id: I07d0ce0689ab274fd6c7dff3d8e5a8b31e110cbb
Reviewed-on: https://code.wireshark.org/review/27139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The doc has a mixed way of providing example, both without executable
name and with it. Add it to all the provided examples. Add highlight of
tshark in examples, too.
Change-Id: I99d83201cc897629f186aabd20c0add9c7c53b93
Reviewed-on: https://code.wireshark.org/review/27034
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
For numeric values such as port numbers, "4430..4434" looks more
natural than "4430 .. 4434", so support that.
To make this possible, the display filter syntax needs to be restricted.
Assume that neither field names nor values can contain "..". The display
filter `data contains ..` will now be considered a syntax error and must
be written as `data contains ".."` instead. More generally, all values
that contain ".." must be quoted.
Other than the ".." restriction, the scanner deliberately accepts more
characters that can potentially form invalid input. This is to prevent
accidentally splitting input in multiple tokens. For example, "9.2." in
"frame.time_delta in {9.2.}" is currently parsed as one token and then
rejected because it cannot be parsed as time. If the scanner was made
stricter, it could treat it as two tokens (floats), "9." and "2." which
has different meaning for the set membership operator.
An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but
could have been parsed as "1. .. .2" instead. A float with trailing dots
followed by ".." seems sufficiently weird, so rejection is fine.
Ping-Bug: 14180
Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9
Reviewed-on: https://code.wireshark.org/review/26960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to
"tcp.srcport in {1662 .. 1664}". The range operator is supported for any
field value which supports the "<=" and "=>" operators and thus works
for integers, IP addresses, etc.
The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not
used because it does not have the intended effect with fields that have
multiple occurrences (e.g. tcp.port). Each condition could be satisfied
by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is
added to test the range condition against each individual field value.
Bug: 14180
Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7
Reviewed-on: https://code.wireshark.org/review/26945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tests are independent and can be run in parallel using pytest-xdist
(https://github.com/pytest-dev/pytest-xdist), document it.
While at it, allow running the tests from other directories.
Change-Id: I3e55c549669f7d59d35cd64eca53680cea6dec2d
Reviewed-on: https://code.wireshark.org/review/26943
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
First mention tvbuff_new_subset_remaining(), as that's good enough for
most uses.
Then mention tvb_new_subset_length(), which is what most of the
remaining cases should use; we weren't even documenting it.
Then mention tvb_new_subset_length_caplen(); we want that to be used
only when *absolutely* necessary.
Change-Id: I57a6c202d4a68b001ddca8bd4c7e1d271eb52ef9
Reviewed-on: https://code.wireshark.org/review/26864
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The original implementation lead to multiple extcap interfaces
being loaded, as well as an error output from the default example.
This fixes both
Change-Id: Icb6fbda7bcb11ed0d14cb683ddcdabdc20a7070d
Reviewed-on: https://code.wireshark.org/review/26773
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Explain the new behavior for reload and version
Change-Id: I80d0f3338ac2e6a588964ce052ed49640155bc71
Reviewed-on: https://code.wireshark.org/review/26754
Reviewed-by: Roland Knall <rknall@gmail.com>
Allow certaing elements to be reloaded upon request. The way
this works is, certain elements can be configured to be reloadable.
By doing so, the extcap is asked once more just for the values
list of this item, together with all already set options, and
reloads the available options depending on the response.
Only supported for selector. Radio and Multiselect will need
additional patches, also moving those parts outside of extcap_argument.cpp
might make sense before hand.
Change-Id: I2e9e3d109b334bf878835a7cc9354f468bc22dee
Reviewed-on: https://code.wireshark.org/review/26223
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add an optional argument to extcap-version, which tells the utilities
the wireshark version and therefore allows them to handle different
versions differently.
If no version is provided, the utility has to assume it is dealing
with a Wireshark 2.x version (default behavior).
Change-Id: I51658300f28f503ca8050d204b73749f1a54df16
Reviewed-on: https://code.wireshark.org/review/26752
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Otherwise the utility no longer works for Python 2.
Change-Id: Ibe2f09d26887603a971185253aeaf2521875770d
Reviewed-on: https://code.wireshark.org/review/26751
Reviewed-by: Roland Knall <rknall@gmail.com>
Run 2to3. Convert our payload to bytes. Switch from tab to 4-space
indentation as described in PEP8, which fixes a "TabError" message.
Change-Id: Ic20b6bc1fc1a945758c8be1bb54435f3326fb605
Reviewed-on: https://code.wireshark.org/review/26744
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Update invalid description for tvb_get_nstringz() and
tvb_get_nstringz0().
Change-Id: I03483bc1a2aa5a701b44cd895b91289716ef215d
Reviewed-on: https://code.wireshark.org/review/26598
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
IIRC this was used to generate a list of display filters for the User's
Guide. We stopped doing that a long time ago.
Change-Id: Ib18f3982169ebda133f05e5fcad4083f75051286
Reviewed-on: https://code.wireshark.org/review/25907
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Try to do a better job of explaining the behavior with various
combination of options. There are a lot of different output options,
and combinations of those options, for TShark; try to cover more of them
- it's complicated.
Consistently refer to command-line "options" rather than "flags".
Change-Id: Idbe6d22a07920789b3d5ed46a700e654a5ac0ae3
Reviewed-on: https://code.wireshark.org/review/25902
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The plugin.c generation in an autotools build comes in from an included
Makefile.am file. The various types of plugins need different parameters
for the generation script. Put the plugin.c production rule is a seperate
include file so each plugin type build can include its own variant.
Also amend the README.plugins file with regards to the new directory
structure and the fact that there are multiple types of plugins, not just
dissector plugins.
Change-Id: I3a815d0d767baa555356cf428861b18697401355
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25398
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use SetConsoleTextAttribute to reset our colors on Windows. Update the
release notes and man page.
Change-Id: I2bc309787f9c2331324503092bd1c9ae6360eb55
Reviewed-on: https://code.wireshark.org/review/25170
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The sample dissector was inconsistent with the definition of
expert_field_info in epan/expert.h.
Change-Id: I533537e52bbcfa7f0cd7ff42e4233f17f40f8bab
Reviewed-on: https://code.wireshark.org/review/24902
Reviewed-by: Michael Mann <mmann78@netscape.net>
plugin_ldadd was removed in 262a84c384.
Change-Id: I516aa1be3466433bf8db83ab3d1773bf88082e8c
Reviewed-on: https://code.wireshark.org/review/24850
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Micro version bump for mate to homogenize it between CMake and autotools.
The cmake macro doesn't handle the "a" suffix and it doesn't seem worth
implementing.
Change-Id: Ib022c6aa170623b83a9700e4fa098c60a9cddfab
Reviewed-on: https://code.wireshark.org/review/24847
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
plugin.rc is Windows specific, also add condition to reflect that.
Change-Id: Ibbb7dab77dd1f277e2302c8f931218ca433f8c72
Reviewed-on: https://code.wireshark.org/review/24833
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Currently more autotools than CMake.
Change-Id: I167f0bdd49d70d72f6155a4d978975c034ce3b4a
Reviewed-on: https://code.wireshark.org/review/24773
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I728091998c531c992aa1b741b03e653460a0e77f
Reviewed-on: https://code.wireshark.org/review/24499
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This sets the scope of the static build option to Wireshark support
libraries only.
Before the patch:
Static plugins don't work with CMake and autotools.
autotools static build is broken, and most likely will always be, as
building Wireshark all-static is difficult and time-consuming.
After the patch:
For CMake Wireshark will be built with static or shared libraries and
dynamic plugins. Everything just works. CMake apparently doesn't want
you building static and shared libraries at the same time.
For autotools Wireshark will be built with shared libraries by default.
--disable-shared and --enable-static options work as usual. Dlopened
plugins are not built if --disable-shared is given to configure (to
disable shared libraries). This is a limitations imposed by libtool.
Tested on Linux. This removes broken support for building plugins
statically.
Change-Id: Ib8e8176976f136eea93a2ce8f9857b6cf9bec64c
Reviewed-on: https://code.wireshark.org/review/24241
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Replace the GPLv2+ blurbs in the doc and docbook directories with SPDX
headers as appropriate. This includes example code such as
packet-PROTOABBREV.c.
Remove dfilter2pod.pl and dfilter2xml.pl. We haven't used them since
2010.
Change-Id: I4adec02a9a4bc3e71e32bdf89f2754edaf696938
Reviewed-on: https://code.wireshark.org/review/24343
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
After other changes, add info about -G help
and update output from -G dissector-tables.
Change-Id: I339d5c31a606720ef92e641e59ec5a45114321a8
Reviewed-on: https://code.wireshark.org/review/24188
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Convenience function to add the same parameters to find_conversation as
find_or_create_conversation.
Change-Id: I3a92541cb9c1e827a9de8248825636debbd989cd
Reviewed-on: https://code.wireshark.org/review/24118
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move The Slowest Migration In The History Of Ever a little further
along.
Change-Id: Ib8b49708e7036dd412a7ffc8660ded9f681374c0
Reviewed-on: https://code.wireshark.org/review/24006
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modeled after BASE_PT_XXX, this will format a FT_UINT24 to look a OUI, in the form of:
XX:XX:XX (Manufacturer Name) for display.
For display filtering, it will treat the value as hexadecimal.
It requires that FT_UINT24 be the field type.
Change-Id: I8716ae4dfcd4e854764a2425e2ff13c50f571d52
Reviewed-on: https://code.wireshark.org/review/23869
Reviewed-by: Richard Sharpe
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't need to be this strict for bundled plugins about following
the GNU Coding Standards.
Change-Id: I18ed1b81d428eea15ea387102823f588287daf81
Reviewed-on: https://code.wireshark.org/review/23918
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Currently, the Elasticsearch output exports the packet details and,
if -x is specified, the raw hex data.
This change adds the option of exporting the packet summary as well.
The default stays the same (packet details only), but now the existing
-P switch turns on printing of the packet summary. It also turns off
printing packet details, which can be turned back on with -V to print
both, and combined with -x to print all three: summary, details and
raw hex.
The packet summary is especially useful when exploring and visualizing
the data in Kibana, e.g. by displaying the summary "Info" field/column
in a table, as in the Wireshark GUI.
Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4
Reviewed-on: https://code.wireshark.org/review/22716
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ptvcursor_add_ret_uint
ptvcursor_add_ret_int
ptvcursor_add_ret_string
ptvcursor_add_ret_boolean
Change-Id: I41fa91b1ab805778d34a61215830b12a1331e864
Reviewed-on: https://code.wireshark.org/review/23895
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tcpdump just got a --print option, which causes packet information to be
printed even if the raw packets are being saved to a file with -w. We
have -P for the same purpose; make --print another name for it.
While we're at it:
document --help and --version;
just speak of -P/--print as causing printing even of the packet
details, even though -V forces printing with -w, for consistency
with how --print is documented for tcpdump;
fix the description of -h/--help.
Change-Id: Idf650a202a09a2d1682edbd9d76123f1b1412b55
Reviewed-on: https://code.wireshark.org/review/23888
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only plugins built for the same feature release (X.Y) are assured binary
compatibility. Make sure we don't try to run unsuitable code and, if so,
warn the user. This might happen for example if the user manually copies
a binary plugin to the wrong folder, intentionally or by accident.
I'm using "release version" to loosely mean not a patch release
(i.e: a feature release).
Change-Id: I896e9cbbd2d3843623fff6af8ef51002ec06f1f8
Reviewed-on: https://code.wireshark.org/review/23807
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Print the SHA256, RIPEMD160, and SHA1 hashes for each file instead of
SHA1, RIPEMD160, and MD5. SHA256 seems to be the preferred file hashing
algorithm these days and MD5 is actively discouraged. Note that we might
remove SHA1 (which is also discouraged) as well.
Change-Id: I74d972ae5f3484c83175cd3f3c7a55f99c171e20
Reviewed-on: https://code.wireshark.org/review/23761
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add flow graph functionality to tshark through -z option.
Output is same as ASCII format saved from GUI.
Change-Id: Iee0bfea7215858e6488b4728581be28287e9ea1a
Reviewed-on: https://code.wireshark.org/review/23652
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for extcap control pipes on Windows.
Improved read loop in InterfaceToolbarReader.
Delay opening control pipes until extcap has opened the fifo pipe.
Make extcap_example.py work on Windows.
Bug: 13833
Change-Id: I4b47d25452637759b8a3be53be48eee5365bc0e4
Reviewed-on: https://code.wireshark.org/review/23211
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert the contents of the top-level README to Markdown and give it a
.md extension. Most of our documentation is plain text or AsciiDoc, but
the top-level README file in a Git repository is special in that many
online browsers will show the README contents along with the directory
listing and those browsers tend to favor Markdown. This is true of
GitHub (which we're currently mirroring to), Gerrit via its Gitiles
plugin (which we're not yet using but likely will), and other places.
Add "foreign" to AM_INIT_AUTOMAKE. There is probably a joke to be
made here about the FSF and border walls.
Change-Id: I87c306d74864e1f0a432225b160a1b4483ee946c
Reviewed-on: https://code.wireshark.org/review/23049
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjust the following CMake and Autotools behaviors in order to
synchronize their respective install behaviors:
- Disable tfshark by default in CMakeOptions.txt
- Add profiles/Bluetooth/preferences to Makefile.am
- Add missing captype and ciscodump entries to doc/Makefile.am
- Install help/faq.txt on all platforms in CMakeLists.txt
- Add BUILD_corbaidl2wrs, BUILD_dcerpcidl2wrs, and BUILD_xxx2deb
options to CMake and use them to adjust the corresponding parts
of the build.
- Pull the DCERPC idl2wrs build steps into the top-level
CMakeLists.txt.
This change doesn't sync everything. Some installed content still
diverges, including the following:
- CMake installs a bunch of modules into lib/wireshark:
FindGLIB2.cmake
FindWireshark.cmake
FindWSWinLibs.cmake
LocatePythonModule.cmake
UseAsn2Wrs.cmake
UseMakeDissectorReg.cmake
WiresharkConfig.cmake
WiresharkConfigVersion.cmake
Do we need any or all of these? If so, should the Autotools behavior
be synced accordingly?
- Autotools installs libtool .la files. It also installs
wireshark-gtk.desktop unconditionally.
Change-Id: I7846efe08f7139c31b6ceca6f08a1fa5168b3e22
Reviewed-on: https://code.wireshark.org/review/23041
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove grep output of explict count of heuristic protocols because
it changes too often to bother updating.
Change-Id: I69b0dfbae32f9eb9ffef6c3200238819ddf522e6
Reviewed-on: https://code.wireshark.org/review/22793
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Missing newline after '}'" suggests either that the "}" is the line
character in the file or that it's followed by a character other than a
newline. What it actually appears to mean is "you didn't put a blank
line between one author entry and the next author entry".
Change-Id: Ic0e4dd02f04680ab84fbfcf1183c911d049ee2d2
Reviewed-on: https://code.wireshark.org/review/22746
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixes the following warning in Perl 5.26:
Unescaped left brace in regex is deprecated here (and will be fatal in Perl 5.30), passed through in regex; marked by <-- HERE in m/(.*){ <-- HERE / at doc/make-authors-short.pl line 36.
While at it, fix formatting of the AUTHORS-SHORT file, a newline must be
present after "}" or the file will be mis-parsed.
Change-Id: I76bc1a30714dafd703342d2d430dc1c90cf2bf82
Reviewed-on: https://code.wireshark.org/review/22637
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
On UN*X, you can get C99-or-later compilers, and we request that in the
autoconf script, so it's really a requirement.
At least as I read
https://msdn.microsoft.com/en-us/library/34h23df8%28v=vs.100%29.aspx
Visual Studio 2010 (and earlier, going back to VS .NET 2003) supports
the "Use of block-scope variables initialized with nonconstant
expressions", with an example of an aggregate (array) initialization
involving function calls, so it sounds as if it's available on Windows
with any version of VS that we support.
(If I've missed something, it'll presumably show up when something is
built with MSVC, and we can update this at that point.)
So the only thing to avoid is initializing global or static variables
with a value that has to be evaluated at run time (the ability to do
that is probably present in most environments, as I think C++
constructors for variables with static storage duration might have to be
evaluated before main() is called, but I guess few C compilers bother to
use it).
Expand the example in the hopes of avoiding confusion between "static
storage duration" (which something declared "static" has, but which
anything declared with file scope, whether declared "static" or not,
also has) and "static storage duration and internal linkage", which is
what the "static" keyword specifies.
Change-Id: I338eb0892e656c2ab59519e4bf76e1dfbec2fa7d
Reviewed-on: https://code.wireshark.org/review/22434
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It only applies to variables with static storage duration, i.e. global
and static variables. Expand the example of how to do it, to make it a
bit clearer.
Change-Id: Ie0c473a35a77351dd10d6c9df2c34a39f077fca4
Reviewed-on: https://code.wireshark.org/review/22430
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the "matches" operator case-insensitive by default. Case
sensitivity can be switched back on using "(?-i)".
It might be nice to make "contains" case-insensitive as well, but we'd
need a caseless version of epan_memmem.
Change-Id: I5e39a52c148477c30c808152bcace08348df815a
Reviewed-on: https://code.wireshark.org/review/22330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With this commit, tshark will mimic the packet coloring present in the
Wireshark GUI whenever "--color" is passed. This initial commit only
adds such support for the standard text output format. A future commit
could potentially broaden this support to other output modes (such as
"-V" mode).
Bug: 5158
Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d
Reviewed-on: https://code.wireshark.org/review/21325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Automatically resets intarnal epan session after reaching to
specified number of packets, for example
-M 1000
will reset the session every 1000 packets.
this is more like a proposal since the usage is very specific
it is useful for 24/7 live capture with dissection and sending
data directly to another application.
example:
tshark -Y "gtp" -M 100000 -T fields -e gtp.message -e gtp.teid
Change-Id: I8ee8b0380017c684120a93cb3fb43f41615a9c04
Reviewed-on: https://code.wireshark.org/review/21312
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Select one of the capturing interfaces when start capture
- Only send user changed control values when start capture
- Don't show hidden interfaces
- Allow a toolbar with no interfaces
- Renamed button role "reset" to "restore"
- Improved control number validation
- Updated documentation
Change-Id: Icc8d04043c95c1f3ef8d7cdc3b251be4471cba0a
Reviewed-on: https://code.wireshark.org/review/21445
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
It does what it says on the label. You get back TRUE or FALSE in a
gboolean.
While we're at it, remove a copied-and-pasted comment that doesn't
apply, and update another comment.
Change-Id: I117391d2ffe44124a614a7f64dad1b389c1ebc6a
Reviewed-on: https://code.wireshark.org/review/21394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like proto_tree_add_item_ret_uint, but with 64-bit support
Change-Id: Ie0cbfda9e63bf21e85df2d674e391a6c0abe92f7
Reviewed-on: https://code.wireshark.org/review/21355
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
An extcap utility can provide configuration for controls to use in a
GUI interface toolbar. This controls are bidirectional and can be
used to control the extcap utility while capturing.
This is useful in scenarios where configuration can be done based on
findings in the capture process, setting temporary values or give other
inputs without restarting current capture.
Todo:
- Add support for Windows
Change-Id: Ie15fa67f92eb27d8b73df6bb36f66b9a7d81932d
Reviewed-on: https://code.wireshark.org/review/19982
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
It makes it a bit clearer what its purpose is - to allow a value_string
to be used for numeric rather than enumerated fields, giving certain
values of the field a special meaning.
Change the explanation in the documentation to match as well.
Change-Id: Id07b22eee996b79ea5f3473928d29adcabe09bf3
Reviewed-on: https://code.wireshark.org/review/21209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is a breaking change.
prefs_register_filename_preference hasn't been differentiating
between files to be saved and ones to be opened.
On GTK, a neutral dialog is used, so no problems there.
On Qt, a save dialog has been always used, even in dissectors that
were reading configuration files without modification.
prefs_register_filename_preference now takes an argument to indicate
whether UI could be a save dialog with a warning on overwriting
a file, or whether it's a general purpose open file dialog.
Qt now does this. Previously no warning was shown on overwriting a file,
so it may be used for opening files too without irritating the user.
This has been changed, as non-destructive reads should now use
the open dialog.
Dissectors were changed accordingly.
Change-Id: I9087fefa5ee7ca58de0775d4fe2c0fdcfa3a3018
Reviewed-on: https://code.wireshark.org/review/21086
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
List all of --enable-protocol, --disable-protocol, --enable-heuristic,
and --disable-heuristic in the SYNOPSIS section of the man pages.
Undent after the list of taps for the -z option, so the following
options are at the same indentation as other options.
List --enable-protocol in the DESCRIPTION, above --disable-protocol.
Include --enable-protocol in the help message.
Change-Id: I680a54430789f3543b2d539fbded22b0b57f7f76
Reviewed-on: https://code.wireshark.org/review/21159
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BASE_VALS_NO_UNKNOWN is a special value_string value for only a single
(maybe 2) numerical value(s). If a field has the numerical value
that doesn't match anything in the value_string, just the number
is supplied for the field (no "Unknown")
Dissectors that had this use case have been converted in the patch.
Change-Id: Ie63a36cceec2fe4436938ec7e3d7f9e690d2b8d9
Reviewed-on: https://code.wireshark.org/review/20736
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While at it fix expert info a typo and an calculation.
Change-Id: I071a36edb7eed5f58708b98aebcb24bc6c34f2a8
Reviewed-on: https://code.wireshark.org/review/20766
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Default value for snaplen is defined in wiretap/wtap.h:
#define WTAP_MAX_PACKET_SIZE 262144
and used in capture_opts.c:
capture_opts->default_options.snaplen =
WTAP_MAX_PACKET_SIZE;
but help and man pages don't reflect this change.
Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add some new encodings for absolute time stamps, and use them as
appropriate; this fixes some cases where the time stamps in question
were being dissected incorrectly.
For the encodings with seconds and 1/2^32s of a second, don't
arbitrarily give only microsecond resolution; 2^32 is greater than 1
million, and, in fact, at least some NTP RFCs explicitly talk about time
resolution greater than 1 microsecond.
Update references in the RELOAD dissector to reflect the documents in
question having been updated and published as RFCs.
Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca
Reviewed-on: https://code.wireshark.org/review/20759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch adds a capinfos -K option to suppess printing of capture
comments. This patch also changes when capture comments are printed
relative to the other enabled infos. Because capture comments are
freeform we will now defer their printing until all but the interface
detail infos are printed.
Change-Id: Ibb3df040c09e4c67d714c561869c00e08b83d6ed
Reviewed-on: https://code.wireshark.org/review/20643
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
found by lintian
Change-Id: I5ce951fca2213d3d18807cde061dea201a36999f
Reviewed-on: https://code.wireshark.org/review/20628
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It has been unsupported for some years and when talking about removing it
in the past I received some positive and no negative feedback.
There is one instance of echld left:
capchild/capture_sync.c: * echld might have already reaped the child.
Can that case be removed or should be comment be updated to something more
accurate? (left for a separate patch)
Change-Id: Idac397158dd86fd0728eb95379449ee4a463fc28
Reviewed-on: https://code.wireshark.org/review/20619
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch augments tshark's -T report with a "tabs" option.
When the -T tabs option is enabled an ASCII horizontal tab character
is inserted between each column of the human-readable one-line
packet summary record.
Change-Id: Id10a6e21e231eb2e52b6342ed05399db1a5fcfdf
Reviewed-on: https://code.wireshark.org/review/20537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 11228
Change-Id: Id8bcc51ff694ef9f2019bc7509e440021d049d22
Reviewed-on: https://code.wireshark.org/review/19735
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Since v2.1.0rc0-184-gb0b53fa593, $XDG_CONFIG_HOME/wireshark (instead of
$HOME/.wireshark) is used, clarify this in the WSUG and manuals.
Change-Id: I74a6f9b86bd8d54ee326ca83d7536e091d6da08a
Reviewed-on: https://code.wireshark.org/review/20364
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
get enabled if the user had selected a file (and mustexist=true wasn't specified).
This commit also contains minor fixes to doc/README.extcap, it's now more aligned to the
actual implementation.
Added example usage of fileselect, radio and multiselect to doc/extcap_example.py.
Change-Id: Ibfe40a35a26f49322fbe64c0594506a2163f7e20
Reviewed-on: https://code.wireshark.org/review/20274
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Modified tshark -T json -x output
Added tshark -T jsonraw output
json2pcap.py (can be used for basic packet editing by modifying json)
The modification in tshark -T json -x and new tshark -T jsonraw output
add into hex-data output in JSON also information on which position
each field is dissected in the original frame, what is the field length,
bitmask (for not byte aligned fields) and type. This information can be
used for latter processing. One use-case is json2pcap script which
assembles the protocol layers back together from upper to lowers layers,
which allows the basic packet modification/editing/rewriting.
Change-Id: Ibf948eb8fc7e3b0b51c12df6c3855f705a9c7925
Reviewed-on: https://code.wireshark.org/review/19990
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the documentation for the new toolbar interface
to the README file
Change-Id: I9dd37dc4f31760ccd1c9a3e6ae379cd6f9ca1db9
Reviewed-on: https://code.wireshark.org/review/20261
Reviewed-by: Roland Knall <rknall@gmail.com>
The MSDN documentation for _read says
"If fd is invalid, the file is not open for reading, or the file is
locked, the invalid parameter handler is invoked, as described in
Parameter Validation."
This means that on Windows, if our parent has closed stdin when we call
_read we'll crash. Add a check to bail out early if that's happened.
Fix a sign cast while we're here.
Change-Id: I8afb75f6e56c6a6c2b62103ba7e2fb635dc85702
Reviewed-on: https://code.wireshark.org/review/20153
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Removed all guards for HAVE_LIBGCRYPT, change autotools and CMake to
error out if it is not available. Update release notes, developer
documentation and README with the new status. Clarify relation with
GnuTLS in macosx-setup.sh. Install Libgcrypt via brew script.
Motivation for this change is that many dissectors depend on Libgcrypt
and having it optional increases the maintenance burden (there have been
several compile issues in the past due to the optional status).
Furthermore, wsutil has crypto code that can be replaced by Libgcrypt.
Change-Id: Idf0021b8c4cd5db70b8766f7dcc2a8b3acbf042f
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20030
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
With option -I one can ignore the first number of bytes from the frame
while doing duplicate frame removal. This doesn't handle shorter frames
correctly. Add safeguards for this, and update the help text.
Bug: 13378
Change-Id: Ia6b65d0797f4069f0b89fa134114d88d80988211
Reviewed-on: https://code.wireshark.org/review/20004
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add an option to rawshark that lets the user set a maximum memory limit.
Change-Id: Ie102ee5f6ba5aec90a35bd63297184c7dc37662c
Reviewed-on: https://code.wireshark.org/review/19911
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Added a parameter to set placeholder text in textBox.
Change-Id: Iccf92fe60abc78be8f0fa112c0c9eb78890674b5
Reviewed-on: https://code.wireshark.org/review/12463
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
The tilde (~) operator was missing as an alternative for matches.
Bug: 13320
Change-Id: Idb96c802145dcdd0d9ffc196b32370cadd8735b3
Reviewed-on: https://code.wireshark.org/review/19723
Reviewed-by: Michael Mann <mmann78@netscape.net>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is for dissectors that need distinguishing names either for registering
multiple dissection functions in a single dissector table or for "internal"
dissectors whose just need a name associated with the dissection function.
Features like enable/disable are handled by the "parent" protocol.
This avoids clutter in the "official" protocol list.
Change-Id: I69e7d27d332ae85286f254e95e8d79920da7a9e2
Reviewed-on: https://code.wireshark.org/review/19464
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are times when byte arrays don't want to show their value
in the packet tree or there is a field that is the "header" of
a subtree where showing the field value distracts from the tree
display. For these cases, BASE_NO_DISPLAY_VALUE can be used
to not display the value.
Change-Id: I8c9f1f57cd2e663dbee07e2289e7f5e1f22d1e32
Reviewed-on: https://code.wireshark.org/review/19479
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a new tshark feature to generate a folders report. The folders report
is essentially the information presented by Wireshark's About / Folders page
in a TAB delimited format.
Change-Id: Ic4b3d332b4bdaa7e6b7aad1e9cc5dd18413aada6
Reviewed-on: https://code.wireshark.org/review/19002
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A new "--export-object <protocol>,<destdir>" option is added to tshark.
This required refactoring Export Object behavior in all GUIs to give the
export object handling to the dissector, rather than the ui layer.
Included in the refactoring was fixing some serious memory leaks in Qt
Export Object dialog, crash due to memory scope issues in GTK Export
Object dialog, and addition sorting column feature in Qt dialog (set
up by creating a widget to manage the items that were previously
leaking memory)
Bug: 9319
Ping-Bug: 13174
Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b
Reviewed-on: https://code.wireshark.org/review/18927
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The feature activates/deactivates fullscreen mode of Qt UI.
A new menu item has been added as well as a shortcut (F11 or Ctrl+Cmd+F)
according to browsers common shortcut.
Change-Id: I01906b494d0a13ce70d27c00ebbe03e6ec87cbd7
Reviewed-on: https://code.wireshark.org/review/18332
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Bug: 13032
Change-Id: I6bf2cc2c43a6262d899a304df6576d9831115966
Reviewed-on: https://code.wireshark.org/review/18350
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"add_custom_command" outputs are only available as dependency in the
same directory, so create a new target such it can be used from the main
directory.
This fixes the OS X build with no parallelism (-j1).
Change-Id: I66aa5ae307be38ee715456a05fd55f55e4fa76e9
Reviewed-on: https://code.wireshark.org/review/18299
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Since v2.3.0rc0-1002-g1cd2255, Qt 4.8 became mandatory, reflect this in
the version requirements. This will not affect a lot of distributions
(RHEL and SLES only had Qt 4.6).
For a more complete list of supported platforms, see
https://wiki.wireshark.org/Development/Support_library_version_tracking
While at it, correct some other minimum versions in documentation.
Change-Id: I11f2dfba72c75429f6838404a81ed3b3dc302d5f
Reviewed-on: https://code.wireshark.org/review/18314
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Minor changes in androiddump implies minor changes in help file.
Change-Id: Ifbf4dbdca427e8b19272c2b4f28e06fd6a548834
Reviewed-on: https://code.wireshark.org/review/18316
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the metatables for classes were the same for the class and
its instances. This results in issues like calling __gc on the class
table on exit.
Make it possible to declare separate class methods (functions) and
instance methods. Observe that all attributes apply to the instances
only, so make these just available on the instance.
The attribute/methods lookup method (via __index/__newindex) have been
rewritten to use upvalues, removing the technical need for the
properties __getters/__setters/__methods. The "lua globals" test still
checks for these, but it could be removed in the future.
To fix bug 12968, the __gc method is removed from the class method.
Future patches should remove the WSLUA_REGISTER_CLASS,
WSLUA_REGISTER_META and WSLUA_REGISTER_ATTRIBUTES macros completely and
create split class functions/methods (such that __call for an instance
cannot accidentally be invoked on the class).
Removed duplicate "fragmented" property from Pinfo (which triggered an
error) and replaced exit() by g_error() for debugger friendliness.
Remove lua_shiftstring since checkstring always returns non-NULL.
Bug: 12968
Change-Id: I57f8a93d08bb84c79b0e94cf2c82d8402fc16646
Reviewed-on: https://code.wireshark.org/review/18026
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
I guess that when SIGINT is intercepted, then the writes are restarted
and the doExit condition is never checked. Remove this racy check in
favor of catching the KeyboardInterrupt exception.
Test: tshark -i example1; kill tshark; check process list for python.
Bug: 11657
Change-Id: Ia8b1ee560b9dcd31dd91df27fbfb8e91237581c9
Reviewed-on: https://code.wireshark.org/review/18218
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixes trivial syntax error in try/except, ensure that the message are
bytes instead of a string and remove unnecessary use of an append_bytes
function.
Did not try to fix the other Python issues, at least it runs now.
Change-Id: Ib24f6116bc9d3cf177bc940da9f89aff90695a93
Reviewed-on: https://code.wireshark.org/review/18212
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The -m (monospace font) flag was deprecated in 2.2. Go ahead and remove
it in 2.3 / 2.4.
Change-Id: I6b4911174675cedec979621c2776353314e73eb1
Reviewed-on: https://code.wireshark.org/review/18193
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Current Wireshark.app bundle on OS X doesn't include man pages.
This is the second try after commit 7da23ca1a5bba4af5e1104f4d3d3d44e918552b0
has been reverted. Now cmake gets the information that the man files
are generated.
Bug: 12746
Change-Id: I34dfec65bd57587ee048d7e1e2557fc9ab2b32eb
Reviewed-on: https://code.wireshark.org/review/18170
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Current Wireshark.app bundle on OS X doesn't include man pages.
Change-Id: I4123105ae805c3f127dbfd74768b88d4da546c56
Ping-Bug: 12746
Reviewed-on: https://code.wireshark.org/review/17902
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This new option adds the chance to use a custom capture command.
It must produce a PCAP stream that will be read by Wireshark,
written to STDOUT.
Change-Id: I34a72465eb369194f24ecf0594df143b8ad6555f
Reviewed-on: https://code.wireshark.org/review/18037
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This removes the option to specify a custom capture binary due to
incompatibilities between different binaries options. A following
change will add the chance to use a custom capture command that
will cover all the cases that the default doesn't.
Bug: 12952
Change-Id: Idbde3e27f34c28f4ce622c3a860994e25ce5f92f
Reviewed-on: https://code.wireshark.org/review/18040
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Text is partially copied from the tshark manual page.
Change-Id: I120e327f15394fc48fce6e4a122e7eab83e91c82
Reviewed-on: https://code.wireshark.org/review/17904
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Udpdump is a generic UDP receiver that exports datagram in PCAP format.
Change-Id: I52620a92b12530b6f9b5449c43e692663acdfc14
Reviewed-on: https://code.wireshark.org/review/17195
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Allow the tool to provide a link to a helppage, displayed
by clicking on help in the configuration dialog.
The URL will be opened using an URL based service, therefore local
as well as remote URLs are possible.
Change-Id: I58b30244e97919d5cf6892faf96536ddc30fb5a7
Reviewed-on: https://code.wireshark.org/review/17549
Reviewed-by: Roland Knall <rknall@gmail.com>
Flexible array members are supported by gcc, clang and even MSVC2013.
Note, so far it was only used in the Windows-specific airpcap.h.
Trailing commas in enum declaration are already in use since for
these dissectors (commit ID is the first occurrence):
epan/dissectors/packet-gluster.h v2.1.0rc0-1070-g3b706ba
epan/dissectors/packet-ipv6.c v2.1.2rc0-81-ge07b4aa
epan/dissectors/packet-netlink.h v2.3.0rc0-389-gc0ab12b
epan/dissectors/packet-netlink-netfilter.c v2.3.0rc0-239-g1767e08
epan/dissectors/packet-netlink-route.c v2.3.0rc0-233-g2a80b40
epan/dissectors/packet-quic.c v2.3.0rc0-457-gfa320f8
Inline functions using the "inline" keyword are supported via all glib
versions we support (if it is missing, glib will define a suitable
inline macro).
Other c99 functions listed in the README.developer document were found
to be compatible with GCC 4.4.7, Clang 3.4.2 and MSVC 2013.
Change-Id: If5bab03bfd8577b15a24bedf08c03bdfbf34317a
Reviewed-on: https://code.wireshark.org/review/17421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Minor update to docs
Change-Id: If9464f00d69bb9a8bb5638f3bb0d0f73a56aad50
Reviewed-on: https://code.wireshark.org/review/16856
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
This patch reads out the stderr messages from an extcap
utility and displays it to an user. It was tested on Qt
but not on GTK, but should work their as well.
On Mac OS/X and Windows the child_watch does not behave
as it was intended. Therefore in extcap_cleanup, the callbacks
are called manually, if and only if, they have not been
called already.
The reason why it displays two error messages is, that
by the time the first one is being displayed, glib has not
returned from the spawned process on Linux yet. So there
is no way to add the stderr correctly, and putting a handler
to stderr into interface_opts will lead to memory errors,
cause then the code tries to access memory outside of its
protection.
Bug: 11892
Change-Id: I2db60dd480fed3e01428b91a705057e4f088bd15
Reviewed-on: https://code.wireshark.org/review/12954
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extend README with proto_tree_add_bitmask_with_flags() function.
Change-Id: Ia984080eda77ab93b063771d625bc45b5b0fc6d2
Reviewed-on: https://code.wireshark.org/review/16785
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Compress the source tarball using xz instead of bzip2. Other open source
projects (including many of our dependencies) have been using xz for a
while so hopefully this won't be too much of a shock.
Remove the patch-bzip2 Autotools target while we're here.
Change-Id: I456d27b6cd56a43aba829bd45938f98568eb7b1d
Reviewed-on: https://code.wireshark.org/review/16735
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Fill in the "gaps" so that all dissectors that verify checksums have both a
status and expert info field.
Also address comments from original proto_tree_add_checksum patch that didn't make it.
Ping-Bug: 8859
Change-Id: I2e6640108fd6bb218cb959fe9e4ba98a13e43a2f
Reviewed-on: https://code.wireshark.org/review/16590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is an attempt to standardize display/handling of checksum fields for all dissectors.
The main target is for dissectors that do validation, but dissectors that just report the
checksum were also included just to make them easier to find in the future.
Bug: 10620
Bug: 12058
Ping-Bug: 8859
Change-Id: Ia8abd86e42eaf8ed50de6b173409e914b17993bf
Reviewed-on: https://code.wireshark.org/review/16380
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This mostly reverts SVN rev 43412 (3fa645481f)
with the addition of documenting that FT_*INT*'s with BASE_NONE and a
FIELDCONVERT tells the Wireshark core that the field's numeric value is
meaningless and should not be shown to the user.
Use BASE_NONE again with the expert info group and severity fields. This
(finally) resolves the complaint from:
https://www.wireshark.org/lists/wireshark-dev/201206/msg00188.html
(yes, this mail's been sitting in my "todo" pile since then! <sigh>)
Change-Id: I1c6dd2864e7a2e959c97c409f277853af74a8d93
Reviewed-on: https://code.wireshark.org/review/16518
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iac747655d09c94926e51c7ea1f23375650cd6641
Ping-Bug: 12305
Reviewed-on: https://code.wireshark.org/review/16446
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
HTTP has multiple related packets, so seeing which are the actual request/response (related to the current selected packet) is helpful.
Change-Id: I833f4f620cfe8bfe9b1d7518c4e28fbd41b64e29
Reviewed-on: https://code.wireshark.org/review/16385
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now that nmake build system has been removed they are not needed anymore.
Change-Id: I88075f955bb4349185859c1af4be22e53de5850f
Reviewed-on: https://code.wireshark.org/review/16050
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
For OS X, mention the use of CMake or autotools for building.
For Linux, mention autotools as well as CMake, and speak of Debian
derivatives other than Ubuntu.
Add a section for UN*Xes other than OS X and Linux.
Change-Id: I73bb7afe2d427333b10016aeb497ab32eee16d43
Reviewed-on: https://code.wireshark.org/review/16217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for -j, -J, and -l. Mark the -m flag deprecated.
Bug: 12546
Change-Id: Ic44b3997840018e5d571aa1813a1646bce11d4a6
Reviewed-on: https://code.wireshark.org/review/16083
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixed json and ek escape function
Fixed -j protocol filter to do exact match
Fixed -T json to correctly close json
Added -j protocol filter also to pdml output
Bug: 11754
Change-Id: I02f274e4a5a02346922b37bbe946c10340c242ea
Reviewed-on: https://code.wireshark.org/review/16034
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This fixes the example of the -z follow option.
Also fix up some formatting in the same section.
Bug: 12383
Change-Id: Ic9b2ef5e63ab31d70f2750f9cfdcbab76cf204b6
Reviewed-on: https://code.wireshark.org/review/15667
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Yes, the rename of structure members is a bit hacky.
Yes, catering to Windows since "GLib's v*printf routines are
surprisingly slow on Windows".
But it does pass checkAPIs.pl
Change-Id: I5b1552472c83aa2e159f17b5b7eb70b37d03eff9
Reviewed-on: https://code.wireshark.org/review/15404
Reviewed-by: Michael Mann <mmann78@netscape.net>
an empty name "".
Change-Id: I2b8332ff6900c8a88514a25a416f342d7b696d34
Reviewed-on: https://code.wireshark.org/review/15332
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we detect that we're writing to a TTY and that it doesn't support
UTF-8, convert our output to the current code page on UNIX/Linux or
to UTF-16LE on Windows. This helps to ensure that we don't fill users'
screens with mojibake, along with scrubbing invalid output.
Add a note about our output behavior to the TShark man page. Add a note
about the glyphs we should and shouldn't be using to utf8_entities.h.
Bug: 12393
Change-Id: I52b6dd240173b80ffb6d35b5950a46a565c97ce8
Reviewed-on: https://code.wireshark.org/review/15277
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use libSSH 0.7.2 compiled with MinGW(32|64) and linked with zlib and gcrypt support
Change-Id: I7c17d1ba3dd1890e2f83c119f5ea851834807e43
Reviewed-on: https://code.wireshark.org/review/12117
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the file '.git/wireshark-disable-versioning' exists then version.h
will be commented out.
Change-Id: If481b673463408a69c2ecf7c2e66d08c5855537f
Reviewed-on: https://code.wireshark.org/review/14932
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
The document describes why and how to version check, but
1) is not up to date with respect to minimum GLib version
2) does not yet mention Qt version requirement and check.
This change addresses both issues.
Change-Id: Ibb56c02cf48f6a4c6270b20686ca4d6e8aaf99d1
Reviewed-on: https://code.wireshark.org/review/14669
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Ciscodump is a new extcap that allows packet capture
on Cisco routers (IOS 12.4 and later) through SSH.
Change-Id: Ic9c5be01d3bd0112116f7fc9fa10e26c1552b007
Reviewed-on: https://code.wireshark.org/review/13886
Reviewed-by: Roland Knall <rknall@gmail.com>
Using cmake -DENABLE_EXTCAP=no or ./configure --without-extcap.
Some documentation fixes too.
Change-Id: Iebf9c843d67e10a32de1a62904de8f88b872ec99
Reviewed-on: https://code.wireshark.org/review/14522
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
recv() can return negative value or 0 in "error cases".
There is need to check it. This also solved empty interfaces
list if there is unauthenticated device.
Bug: 12080
Change-Id: If6cd0e0933b64e9ac9bbb66b3b8138f7177451d1
Reviewed-on: https://code.wireshark.org/review/14316
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Broken by gb7f6cf9.
Change-Id: I21a91cf56c16b7ffdf72da7bf68a556feb6a6c17
Reviewed-on: https://code.wireshark.org/review/14408
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Smaller epan/CMakeLists.txt is easier to work with and this structure
is well suited to CMake. It should make it easier to manage and configure
each epan module differently if necessary.
Change-Id: Ia649db3b7dcd405aa43dbdba3288699d5e375229
Reviewed-on: https://code.wireshark.org/review/14068
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>