Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
Wireshark/tshark may be built without Lua support. This patch adds an
error message if the user specifies the `-X lua_script` command-line
argument to a program built without Lua support, so the user is not left
wondering why their script isn't working.
Bug 17478 was caused by `wtap_rec.block` being allocated for each
packet, but not freed when it was done being used -- typically at the
end of a loop.
Rather than requiring each caller of `wtap_read()` to know to free a
member of `rec`, I added a new function `wtap_rec_reset()` for a
slightly cleaner API. Added calls to it everywhere that seemed to make
sense.
Fixes#17478
Move those checks out of #ifdef HAVE_LIBPCAP/#endif, as that option is
supported even if we don't build with pcap - it's also used when reading
one file and writing another.
Don't check for pcapng when deciding whether, when reading from an
existing capture file, we can write it with added file comments; check
whether the specified file type supports file comments and, if it
doesn't, report all file formats that do as part of the error.
Don't store the comments in a capture_options structure, because that's
available only if we're being built with capture support, and
--capture-comment can be used in TShark when reading a capture file and
writing another capture file, with no live capture taking place.
This means we don't handle that option in capture_opts_add_opt(); handle
it in the programs that support it.
Support writing multiple comments in dumpcap when capturing.
These changes also fix builds without pcap, and makes --capture-comment
work in Wireshark when a capture is started from the command line with
-k.
Update the help messages to indicate that --capture-comment adds a
capture comment, it doesn't change any comment (much less "the" comment,
as there isn't necessarily a single comment).
Update the man pages:
- not to presume that only pcapng files support file comments (even if
that's true now, it might not be true in the future);
- to note that multiple instances of --capture-comment are supported,
and that multiple comments will be written, whether capturing or reading
one file and writing another;
- clarify that Wireshark doesn't *discard* SHB comments other than the
first one, even though it only displays the first one;
Allows adding one or more capture comments to a new pcapng file when
tshark is reading from a file. Currently, tshark only allows setting one
capture comment, and that only when doing a live capture.
The use case for this feature is given in bug #15005.
I decided to allow multiple capture comments to match the same ability
in `editcap`.
To allow this change, I changed the function signature of
`process_cap_file()` so it takes a `capture_options` struct instead of
individual parameters that affect the capture.
Mostly functioning proof of concept for #14329. This work is intended to
allow Wireshark to support multiple packet comments per packet.
Uses and expands upon the `wtap_block` API in `wiretap/wtap_opttypes.h`.
It attaches a `wtap_block` structure to `wtap_rec` in place of its
current `opt_comment` and `packet_verdict` members to hold OPT_COMMENT
and OPT_PKT_VERDICT option values.
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
A domain filter can be given in the environment variable
'WS_LOG_DOMAINS' or in a command-line options "--log-domains".
The filter is specified as a comma separated case insensitive list,
for example:
./tshark --log-domains=main,capture
Domain data type switches from an enum to a string. There is no
constaint on adding new domains, neither in code or at runtime.
The string format is arbitrary, only positive matches will produce
output.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Add a generic function to write content to file. Use this on write
TLS session keys from UI and tshark, and for export objects.
Remove the now unused export_object_ui.[ch].
The tshark help and documentation has been incorrect for at least
eight years, claiming that by default all name resolutions are
performed. Fixes#11762
Replace most instances of ws_debug_printf() except in
epan/dissectors and dissector plugins.
Some replacements use printf(), some use ws_debug(), and
some were removed because they were dead or judged to be
temporary.
If the variable `dfilter' always points to malloc-ed memory, it should
be easier to avoid any leaks.
Leak:
```
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7fadf5a67bc8 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fadd7ecbe98 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57e98)
#2 0x5556272dbfd5 in main /home/ivan/svnrepos/wireshark/tshark.c:1594
#3 0x7fadd71ed0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
```
Initialize the exit status before the loop, and just break out of the
loop if something fails, so that the code following the loop can destroy
the console in Wireshark on Windows and then go to the clean exit code.
In dumpcap, if we're being run by TShark or Wireshark, if there are no
link-layer types, just provide an empty list to our caller; let them
construct an empty list of link-layer types when they read our output.
In the code that reads that list, don't report an error if the list is
empty, rely on the caller to do so.
Have capture_opts_print_if_capabilities() do more work, moving some
functions from its callers to it.
Replace the Wireshark code for that with code that matches what TShark
does.
Update a comment in TShark while we're at it.
Fixes#14215.
(Still leaves it popping up the full window, but that's a bigger
change.)
It's not a generic capture option also supported by TShark and dumpcap,
it's Wireshark-specific (dumpcap *always* starts a capture, and TShark
starts one iff it's passed one or more interfaces on which to capture;
only Wireshark needs it to start the capture immediately - that's a
relic of the days when Wireshark *itself* did what dumpcap now does for
Wireshark).
Handle it in commandline_other_options(), rather than in
capture_opts_add_opt().
That lets us get rid of an argument to capture_opts_add_opt(), and dummy
variables in TShark and dumpcap used to work with that extra argument.
"Commonly-used" meaning "used by more than one source file".
Clean up the exit codes, combining some duplicates with different names,
and using some instead of raw numbers in some places.
The distinction between the different kinds of capture utility
may not warrant a special subfolfer for each, and sometimes the
distinction is not be clear or some functions could stradle
multiple "categories" (like capture_ifinfo.[ch]).
Simplify by having only a generic 'capture' subfolder. The
separate CMake libraries are kept as a way to reuse object code
efficiently.
Have routines to report capture-file errors, using libwireshark error
codes and strings, that call through a pointer, so they can pop up
dialogs in GUI apps, print a message to the standard error on
command-line apps, and possibly do something different on server
programs.
Have init_report_message() take a pointer to structure containing those
function pointers, rather than the function pointers themselves, as
arguments.
Make other API changes to make that work.
The export PDU API now allows writing to a different file type. tshark
already has a -F flag for the output file type. If that option is given,
respect it for export PDU. Also, rec.rec_header.packet_header.pkt_encap
expects WTAP encapsulation types, not PCAP encapsulation types, so don't
call wtap_wtap_encap_to_pcap_encap(), or else it won't actually write to
pcap files, only pcapng (using the wrong sort of encap numbers eventually
leads to WTAP_ENCAP_PER_PACKET, which we don't write to non-pcapng.)
Allow "-U ?" as well as an empty argument; an empty argument is a bit
counterintuitive.
Simplify the introductory line of output - asking for a list of taps
isn't an error in which the user failed to supply a tap name, it's a
case where the user suplied a request for a list of tap names.
Just use fprintf() to print the list, and indent the elements of the
list, as we do with other lists of valid arguments.
List the valid arguments if the user specified an invalid argument as
well.
On Windows, a write to a pipe where the read side has been closed
apparently may return the Windows error ERROR_BROKEN_PIPE, which the
Visual Studio C library maps to EPIPE, or may return the Windows error
ERROR_NO_DATA, which the Visual Studio C library maps to EINVAL.
So, on Windows, for errors other than the ones for which we're reporting
a special error message, check for EINVAL with a *Windows* error of
ERROR_NO_DATA and, if that's what we have, don't print an error message;
otherwise, print an error message that reports a message based on the
Windows error (rather than a relatively uninformative "Invalid argument"
error).
This should fix issue #16192.
Clean up indentation while we're at it.
Have dumpcap in child mode return an error message with a primary and
secondary string, instead of using stderr. When writing to the console
log we ignore the second message to prevent flooding the log with
tutorial-like info on permissions.
Register the pcap and pcapng file types/subtypes rather than hardwiring
them into the table.
Call the registration routines for them directly, rather than through a
generated table; they're always supposed to be there, as some code in
Wireshark either writes only one of those formats or defaults to writing
one of those formats. Don't run their source code through the
registration-routine-finder script.
Have the file type/subtype codes for them be directly exported to the
libwiretap core, and provide routines to return each of them, to be used
by the aforementioned code.
When reporting errors with cfile_write_failure_message(), use
wtap_dump_file_type_subtype() to get the file type/subtype value for the
wtap_dumper to which we're writing, rather than hardcoding it.
Have the "export PDU" code capable of supporting arbitrary file
types/subtypes, although we currently only use pcapng.
Get rid of declarations of now-static can_write_encap and
dump_open routines in various headers.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
Eliminate WTAP_FILE_TYPE_SUBTYPE_ERF and
WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL - instead, fetch the values by
name, using wtap_name_to_file_type_subtype().
This requires that wtap_init() be called before epan_init(); that's
currently the case, but put in comments to indicate why it must continue
to be the case.
Provide a wiretap routine to get an array of all savable file
type/subtypes, sorted with pcap and pcapng at the top, followed by the
other types, sorted either by the name or the description.
Use that routine to list options for the -F flag for various commands
Rename wtap_get_savable_file_types_subtypes() to
wtap_get_savable_file_types_subtypes_for_file(), to indicate that it
provides an array of all file type/subtypes in which a given file can be
saved. Have it sort all types, other than the default type/subtype and,
if there is one, the "other" type (both of which are put at the top), by
the name or the description.
Don't allow wtap_register_file_type_subtypes() to override any existing
registrations; have them always register a new type. In that routine,
if there are any emply slots in the table, due to an entry being
unregistered, use it rather than allocating a new slot.
Don't allow unregistration of built-in types.
Rename the "dump open table" to the "file type/subtype table", as it has
entries for all types/subtypes, even if we can't write them.
Initialize that table in a routine that pre-allocates the GArray before
filling it with built-in types/subtypes, so it doesn't keep getting
reallocated.
Get rid of wtap_num_file_types_subtypes - it's just a copy of the size
of the GArray.
Don't have wtap_file_type_subtype_description() crash if handed an
file type/subtype that isn't a valid array index - just return NULL, as
we do with wtap_file_type_subtype_name().
In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_
names for the backwards-compatibility names - map those names to the
current names, and then look them up. This reduces the number of
uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values.
Clean up the type of wtap_module_count - it has no need to be a gulong.
Have built-in wiretap file handlers register names to be used for their
file type/subtypes, rather than building the table in init.lua.
Add a new Lua C function get_wtap_filetypes() to construct the
wtap_filetypes table, based on the registered names, and use it in
init.lua.
Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended
only for internal use in init.lua, so they can be made available from
Lua without being documented.
Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use
it, as it can just request arrays of types, and the space of
type/subtype codes can be sparse due to registration in any case, so
code has to be careful using it.
wtap_get_num_file_types_subtypes() is no longer used, so remove it. It
returns the number of elements in the file type/subtype array, which is
not necessarily the name of known file type/subtypes, as there may have
been some deregistered types, and those types do *not* get removed from
the array, they just get cleared so that they're available for future
allocation (we don't want the indices of any registered types to changes
if another type is deregistered, as those indicates are the type/subtype
values, so we can't shrink the array).
Clean up white space and remove some comments that shouldn't have been
added.
The "short name" is really just the name, used to look it up. The
"name" is really a description intended solely for human consumption.
Rename the fields, and the functions that access them, to match.
The "description" maintained by Lua for file type handlers is used
*only* for one debugging message; we should probably just eliminate it.
Call it an "internal description" for now.
In our first pass through our options, look for ones that might require
extcap. Call extcap_register_preferences() only when that's the case.
Warn about missing extcap preferences only when we've loaded them.
Pull the code to register plugin taps, and the loop to register built-in
taps, into a single register_all_tap_listeners() routine.
This leaves it up to libwireshark, not to the programs using it, to know
how to register them.
extcap_register_preferences is only called with the -G option
(to dump information) and extcap preferences are not loading,
loading it unconditionally avoids this, as it is done in the
GUI startup.
When there is no do_dissection cf is missing some variables
for cf_close() call. Therefore we have to set them explicitly.
Fixes: wireshark/wireshark#17021
This reverts commit 5df2925434.
The problem only showed up in tfshark.c, and was caused by tfshark.c
using stuff from ui/urls.h but not *including* ui/urls.h.
If you use it, GCC 9.3.0 seems to think there's a missing parenthesis
somewhere, just as the version of clang++ in my version of Xcode does,
even though other versions of GCC don't. I'm clearly missing something
obscure about C here; I give up.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes#15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
Add extcap_ensure_all_interfaces_loaded, which calls
extcap_load_interface_list if our interface list is empty. Call it in
each of our public functions that require a valid interface list.
Clean up the extcap API documentation and note which routines initialize
the interface list.
In tshark, don't unconditionally call extcap_register_preferences and
instead rely on lazy loading.
Change-Id: I8493ae5f4d703b0fd767246557d17723bcf207c6
Ping-Bug: 15295
Reviewed-on: https://code.wireshark.org/review/37750
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In each of our executables we were calling "setlocale(LC_ALL, "")" at
startup. This told Windows that output was encoded using the current
system code page. Unless the code page was 65001 (UTF-8), this was a lie.
We write UTF-8 to stdout and stderr, so call "setlocale(LC_ALL, ".UTF-8)"
at startup on Windows. This lets the CRT translate our output correctly
in more cases.
Clarify and expand the OUTPUT section in the tshark man page.
Bug: 16649
Change-Id: If93231fe5b332c292946c7f8e5e813e2f543e799
Reviewed-on: https://code.wireshark.org/review/37560
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
wtap_cleanup() clears options which are still in use by the time
cf_close calls wtap_close. Be sure to close the capture file first.
Bug: 16487
Change-Id: Id9ef1c0321865e9574b69439870a842efb2b209b
Fixes: v3.3.0rc0-853-g3662a69036 ("Maintain cf->state, because file cleanup depends on it.")
Reviewed-on: https://code.wireshark.org/review/36755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <gharris@sonic.net>
pcapng has been the compile-time default since 2011. If there are any
users who would like to use the libpcap format, then they should use
runtime options instead (e.g. `tshark -P` or `editcap -F pcap`).
Change-Id: I54b70368cdc3ca78bc8617bc488cc687740a1eb9
Reviewed-on: https://code.wireshark.org/review/36721
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Instead of having programs that use the capchild library define
functions with known names, with the library routines calling back
routines with those names, have function pointers for those callbacks in
the capture_session structure, and have capture_session_init() set them.
Make the callback routines in TShark and in the ui library static.
Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae
Reviewed-on: https://code.wireshark.org/review/36583
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If we're capturing to multiple files, whenever we are told about a new
file, we must close the old file, so we don't leak file descriptors and
wtap structures.
Have cf_close() handle the work of closing, the way it does in file.c,
and, when we *open* a file, set the state in capture_file to
FILE_READ_IN_PROGRESS.
Bug: 16457
Change-Id: I04a01c30571b7e3575dee5e7252a59bb1ee8abbc
Reviewed-on: https://code.wireshark.org/review/36580
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
2004 called, they want their libpcap/WinPcap back.
RHEL 6 initially shipped with libpcap 1.0; even old Enterprise(TM)
versions of OSes ship with something shinier than 0.7.x these days.
This lets us get rid of a bunch of #ifdefs and workaround code for
missing APIs.
Change-Id: I862cb027418b0a0c0f45a26979acea82f93f833b
Reviewed-on: https://code.wireshark.org/review/36383
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Since dumpcap was split off tshark, tshark never had the need to use
file capabilities. Remove the unused header.
Change-Id: I76e9d09599a4276d4be5ba105d7c6e28e9dd96da
Reviewed-on: https://code.wireshark.org/review/35984
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For long options, without corresponding short options, to be processed
they need to be assigned a value, preferably outside of the range of
all possible short options. The code in various places tries to stay
clear of these low values, but further coordination is missing, easily
leading to issues when option processing code gets extended and/or
reorganized.
This change introduces a single location from where each catagory of
command line long option can derive a base value, which should minimize
potential option value collisions.
Change-Id: Ic8861a347d0050f74002de3aa1fcfb01202866e5
Reviewed-on: https://code.wireshark.org/review/35459
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.
Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
EPIPE almost certainly means "the next program after us in the pipeline
exited before we were finished writing", so this isn't a real error, it
just means we're done. (We don't get SIGPIPE because libwireshark
ignores SIGPIPE to avoid getting killed if writing to the MaxMind
process gets SIGPIPE because that process died.)
Presumably either that program exited deliberately (for example, "head
-N" read N lines and printed them), in which case there's no error to
report, or it terminated due to an error or a signal, in which case
*that's* the error and that error has been reported.
(We don't do that for EINVAL, as that's presumably a real error. It
shows up on Windows in bug 16192, but what we probably want to do there
is to, on Windows, use _doserrno, check for the equivalent Windows
errors, and, for the default case, convert _doserrno to the appropriate
string, using Windows APIs, and report *that* string; the MS C library
converts a whole bunch of Windows errors to EINVAL, thus losing
information and making it harder to determine what the real error is.
Therefore, I'm just marking this with Ping-Bug, as it's only fixing the
problem on UN*Xes.)
Change-Id: I94c392f478561e29501facd657487716a5882295
Ping-Bug: 16192
Reviewed-on: https://code.wireshark.org/review/35053
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means the packet-count-during-capture stuff is scattered amongst
fewer locations.
Move capture_info.h into ui; it's now a header that declares routines
whose implementations are GUI-platform-dependent.
Change-Id: I475815724a4766f6bc2511e67ebae14865e1a9d1
Reviewed-on: https://code.wireshark.org/review/26249
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 15825
Change-Id: Iec8dff38dd89e3947f3fe7053e38101c3ad7b1b2
Reviewed-on: https://code.wireshark.org/review/33523
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes
long; using 1514 bytes will avoid a reallocation for a full-sized
Ethernet packet.
Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d
Reviewed-on: https://code.wireshark.org/review/32761
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Catch signals/ctrl events when we're reading a capture, and stop reading
if we get one of those. When we close a print stream, restore the color
as appropriate.
Change-Id: I3dd936964560fb3902befe0fd2e961f80437ca72
Ping-Bug: 15659
Reviewed-on: https://code.wireshark.org/review/32716
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put the pass 1 of a two-pass read, pass 2 of a two-pass read, and only
pass of a one-pass read into separate routines, returning success/read
error/write error status codes.
This makes the processing a bit cleaner, and makes it easier to have the
file-reading code catch signals/control events.
Change-Id: I58cd9e4b86f219f3afa2dc61b57f41978fc2f853
Reviewed-on: https://code.wireshark.org/review/32711
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's nothing to draw.
Maybe we should also avoid it if we didn't get any packets.
Change-Id: If76f7909f78e66b7302d0ab2caa284ca36c43bfb
Reviewed-on: https://code.wireshark.org/review/32649
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it match the "Plugins" tab of the "About" dialog.
While we're at it, use the same code to enumerate extcap plugins in that
dialog.
Change-Id: I50f402a7ab5d83d46baab070d145558ed8f688f4
Reviewed-on: https://code.wireshark.org/review/32589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
capture_input_drops() doesn't, and shouldn't, modify or free or... the
interface name, so make the pointer to it a const pointer.
Change-Id: Iafc5c5dd9939225b3aeb8a8e36c5bdeecc394e12
Reviewed-on: https://code.wireshark.org/review/32465
Reviewed-by: Guy Harris <guy@alum.mit.edu>
capture_input_cfilter_error_message() doesn't, and shouldn't, modify or
free or... the error message, so make the pointer to it a const pointer.
Change-Id: Ic14ac306add328df369af4b6e149c856f4283912
Reviewed-on: https://code.wireshark.org/review/32464
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set the output_file_name variable for -w regardless of whether we were
built with libpcap or not. If we were built with libpcap, also pass the
flag and its argument to capture_opts_add_opt().
In the reading-a-file code (rather than the doing-a-live-capture code),
use output_file_name as the name of the output file, regardless of
whether we were built with libpcap or not.
This takes a few twists out of the maze of #ifdefs, all different.
Change-Id: I828f1b04dacbf0ea4f3aff36f26cb9a3ffcbc480
Reviewed-on: https://code.wireshark.org/review/32011
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Be sure to map "ssl" to "tls" instead of silently ignoring it.
Change-Id: If1edc10ead4a9f25ee4802e1395390dc3c51796f
Reviewed-on: https://code.wireshark.org/review/31894
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Align the usage help text for '-' as filename for stdin and stdout
with the text used for wireshark.
Change-Id: I67011b8234616940b7878fd5768c9e2a9e79f9f0
Reviewed-on: https://code.wireshark.org/review/31838
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Capturing with "tshark -i lo" results in capture_opts->descr being set
to "Loopback" via:
#3 0x55c5f575720c in fill_in_interface_opts_from_ifinfo capture_opts.c:547:33
#4 0x55c5f5750dc5 in capture_opts_add_iface_opt capture_opts.c:695:9
#5 0x55c5f574b6bd in capture_opts_add_opt capture_opts.c:843:18
#6 0x55c5f5785efc in main tshark.c:1087:21
but tshark overwrites it, presumably to offer textual descriptions like
"Standard input" for "-i -". Fix this memory leak, reported by ASAN for
three tests from case_tshark_capture that capture from Loopback.
Change-Id: I4f393c4440bde7a621271cca3066bef3d57e250a
Reviewed-on: https://code.wireshark.org/review/31756
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Found by clang-tidy.
Change-Id: I7fe1c3219758d8daf411d094e2df17916f2eb57b
Reviewed-on: https://code.wireshark.org/review/31330
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add interface name (colon delimited) to SP_DROPS ('D') message so when dropped
packets are outputted, they include the interface name for clarity.
Bug: 13498
Change-Id: I68cdde4f20a574580f089dc5096d815cde5d3357
Reviewed-on: https://code.wireshark.org/review/31218
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Error:
CMakeFiles/tshark.dir/tshark.c.o -c ../tshark.c
../tshark.c: In function 'real_main':
../tshark.c:706:24: error: variable 'max_packet_count' might be clobbered by 'longjmp' or 'vfork' [-Werror=clobbered]
int max_packet_count = 0;
^~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
ninja: build stopped: subcommand failed.
Change-Id: I92c0e2a57f5d0d2e39188cc18f0b25e1d5136a43
Reviewed-on: https://code.wireshark.org/review/31149
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Option '-c' is not only a capture option, it also affects offline reads
as documented in the tshark manual. Fixes failing tests since
v2.9.1rc0-18-g5bf37f63a8 ("text2pcap: allow to set interface name").
Change-Id: Iffe4fd60f62766282e1a8b02a942673ba4e605f0
Reviewed-on: https://code.wireshark.org/review/31130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It really shouldn't free the comment passed to it, as the caller
allocated it, and knows how to free it if necessary; it might not even
have been allocated.
Make the comment argument a "const char *" to 1) allow passing string
constants etc. and 2) to catch any attempts to free it in
exp_pdu_open().
Make the callers free it after exp_pdu_open() returns.
(Alternatively, we could have exp_pdu_open() take the file name argument
and generate the comment itself, so that all code paths generate the
same comment.)
Change-Id: I6e6924b05565761b641a6c3b4d9a2e97f4264e1b
Ping-Bug: 15365
Reviewed-on: https://code.wireshark.org/review/31105
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1) The default build configuration is to select PCAPNG as
output format, but it can be selected as PCAP. Some of the
command line tools have the option to select the output
format and default towards the build configuration.
This has to be reflected in their help output also.
2) Various documentation files are still stating that PCAP is
the default format of various tools. With the default build
configuration being PCAPNG these have to be adjusted as well.
(with lack of dynamic content the documentation can only refer
to the default build configuration format).
Change-Id: I51d19642a7ed8c99817971c1f25d20972095021e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde