Commit Graph

785 Commits

Author SHA1 Message Date
João Valverde 7540ac6938 Move the protocol registration routines back into libwireshark
Follow-up to b695b3e2f7.

Change-Id: I7e36519f2c3806c1205d05437671325080974257
Reviewed-on: https://code.wireshark.org/review/24524
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
2017-11-21 20:21:50 +00:00
Gerald Combs 775bbbcded Start using SPDX license identifiers.
A while back Graham pointed out the SPDX project (spdx.org), which is
working on standardizing license specifications:

https://www.wireshark.org/lists/wireshark-dev/201509/msg00119.html

Appendix V of the specification describes a short identifier
(SPDX-License-Identifier) that you can use in place of boilerplate in
your source files:

https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b

Start the conversion process with our top-level C and C++ files.

Change-Id: Iba1d835776714deb6285e2181e8ca17f95221878
Reviewed-on: https://code.wireshark.org/review/24302
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-11-09 20:03:51 +00:00
Orgad Shaneh 8730b2037a tshark/tfshark: Replace global prefs with a boolean
This partially reverts dc0e6ccc9f in favor
of a cleaner solution.

Change-Id: Ie57329020b5a7d15eb7d99aad3103843a14f07a6
Reviewed-on: https://code.wireshark.org/review/24278
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2017-11-08 15:00:04 +00:00
Orgad Shaneh dc0e6ccc9f tshark/tfshark: Do not apply console.log.level before it is set
The user has no way to apply this setting while loading dissectors in order
to enable g_debug messages during init for example.

Change the behavior to be as documented in the comment.

Change-Id: I9317f12b207d4621508212b02ca1ebd46b55aadc
Reviewed-on: https://code.wireshark.org/review/24184
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-11-07 13:51:38 +00:00
Michael Mann 7ddfee9aea tshark: Use -G help instead of -G ?
Not all platforms handle ? or -? *predictably* at the command line.
As long as "?" isn't replaced with a file name, it works, but if it
gets replaced by a file name...

Bug: 13984
Change-Id: I4496bb27fdef121967e7baf7b7f4a1bb0a44b00a
Reviewed-on: https://code.wireshark.org/review/24125
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-28 03:22:59 +00:00
Gerald Combs bfad9c56f9 CMake: Don't check for windows.h or winsock2.h.
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.

Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-10-26 07:08:41 +00:00
Peter Wu 1dea7f3dc1 Rename ui_util.h -> ws_ui_util.h
In preparation for possibly using AUTOUIC in CMake which treats "ui_*.h"
files specially, rename ui_util.h. No other changes.

Change-Id: Id026572c000b713ff0e9388dc7fff8d81d4df73e
Reviewed-on: https://code.wireshark.org/review/23916
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-15 01:14:26 +00:00
Christoph Wurm af09db8bd3 Tshark: Optional packet summary for Elasticsearch
Currently, the Elasticsearch output exports the packet details and,
if -x is specified, the raw hex data.

This change adds the option of exporting the packet summary as well.

The default stays the same (packet details only), but now the existing
-P switch turns on printing of the packet summary. It also turns off
printing packet details, which can be turned back on with -V to print
both, and combined with -x to print all three: summary, details and
raw hex.

The packet summary is especially useful when exploring and visualizing
the data in Kibana, e.g. by displaying the summary "Info" field/column
in a table, as in the Wireshark GUI.

Change-Id: I2030490cfdd905572397bc3d5457ba49d805a5c4
Reviewed-on: https://code.wireshark.org/review/22716
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-15 00:58:42 +00:00
Guy Harris 9551aca9a6 Add --print as an alias for -P, to match tcpdump.
tcpdump just got a --print option, which causes packet information to be
printed even if the raw packets are being saved to a file with -w.  We
have -P for the same purpose; make --print another name for it.

While we're at it:

	document --help and --version;

	just speak of -P/--print as causing printing even of the packet
	details, even though -V forces printing with -w, for consistency
	with how --print is documented for tcpdump;

	fix the description of -h/--help.

Change-Id: Idf650a202a09a2d1682edbd9d76123f1b1412b55
Reviewed-on: https://code.wireshark.org/review/23888
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-10-11 19:32:43 +00:00
Gerald Combs e8492934d6 WSUG: More tools updates.
Add links to the online man page for each tool. Make sure tshark
generates pre-commit-compatible output on Linux.

Change-Id: I00d2973475f27460065bc8a65471abef152ded33
Reviewed-on: https://code.wireshark.org/review/23754
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-09-26 21:40:12 +00:00
João Valverde a269ae1b6a Rename "ws_version_info.h", also .c
It's not installed so like most other files it doesn't need or benefit
from the prefix.

Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
2017-09-26 17:32:08 +00:00
João Valverde 25ba538bc5 plugins: Be more descriptive in "about wireshark"->"folders"
Display separate entries for binary plugins and lua scripts.

This is explained in the user guide, that the binary folder is
a subfolder of the lua folder, but it's probably a good idea to be more
explicit about it, at the risk of cluttering the interface a bit.

Move GeoIP information down because it seems the least important.

Add helper functions to provide plugin version subdir.

Change some #ifdefs while at it for legibility.

Change-Id: Ieb8665df029b3c14de19e2c973bd9b1cc4ec4621
Reviewed-on: https://code.wireshark.org/review/23609
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
2017-09-20 16:41:21 +00:00
João Valverde 8db4ddd40c Rename get_plugin_dir() for consistency
WS_DLL_PUBLIC const char *get_plugin_dir(void);
WS_DLL_PUBLIC const char *get_plugins_pers_dir(void);

Opt for the plural form consistently (for public functions at least).

Change-Id: I8a5861ad7f90f9c87168bd3275bd9dbc5c83b749
Reviewed-on: https://code.wireshark.org/review/23608
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-09-20 01:00:37 +00:00
João Valverde 69f0cb0cef wsutil: Initialize and store plugin personal dir
Obviate allocation on every call to get_plugins_pers_dir().

Change-Id: I089ae499f93739d490d4552f59b5db5996f7d26f
Reviewed-on: https://code.wireshark.org/review/23495
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
2017-09-11 16:48:49 +00:00
Jim Young 7a71ec887c tshark: Add delimiter to both sides of packetlist arrows
Depending on how packetlist columns are arranged certain columns may have a
Unicode arrow character inserted between it and the subsequent column to
indicate source vs destination column directionality when displayed in
tshark.  Currently any inserted Unicode arrow characters are
unconditionally prefaced with an ASCII SPACE character.

Tshark's `-T tabs` option causes the various packetlist columns to be
delimited with ASCII TAB characters.  The unconditional use of the SPACE
character before any inserted Unicode arrows makes it difficult to directly
compare a -T tabs report of column N values to column N+1 values without
dealing with the SPACE/Unicode Arrow suffix appended to all of the column
N values.

The inserted Unicode directionality arrows are effectively another
packetlist column of data that should be delimited like all other columns.
This patch ensures that any Unicode directionality arrows inserted between
packet list columns are delimited on both sides of the arrows with the
selected delimiter character.

Change-Id: I4eb7c6015a538afdc2c41be746eca4eec1ace36f
Reviewed-on: https://code.wireshark.org/review/23222
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-08-29 03:57:56 +00:00
Mikael Kanstrup 3b16cc8b21 iface_lists: Access ifaces member by reference
Change access of ifaces elements from by val to by reference.
With this change unnecessary copying of the whole struct is avoided
but even more important is that elements no longer have to be
removed and inserted whenever data is updated.

This change aims to make it more clear that ifaces elements shall
never directly be removed from the array. Instead use function
capture_opts_del_iface

NOTE: Code for GTK UI not updated

Ping-Bug: 13864
Change-Id: I04b65d5ee36526b30d959b8e5a2a48a3c7c4f15b
Reviewed-on: https://code.wireshark.org/review/23204
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-08-28 14:43:13 +00:00
Ahmad Fatoum aca55a29f7 Add hardware timestamping support
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.

This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:

    --list-time-stamp-types
                             List time stamp types supported for the interface
    --time-stamp-type <type>
                             Change the interface's timestamp method

Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.

Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-08-22 07:55:26 +00:00
Dario Lombardo 68f295d605 tshark: assert edt before calling print_packet (CID 1405107).
Change-Id: Iacde5514dc355cbb06fe45f5e342ddd45700999d
Reviewed-on: https://code.wireshark.org/review/22749
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-07-23 19:41:33 +00:00
Sake Blok 3803e00367 Add option to use wall-clock intervals
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.

Changed the duration option in the GUI interfaces to use the new
interval option.

Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
2017-07-03 16:41:37 +00:00
Daan De Meyer 07f576ffeb Add --no-duplicate-keys tshark option.
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.

Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.

If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.

"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.

Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.

Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).

Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).

Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-06-22 19:31:01 +00:00
Daan De Meyer 7c28d26d71 Refactor JSON output functions
Refactors the print.c json output functions to be more intuitive and
to allow easy switching to single json keys with a json array of values
instead of duplicate json keys. With this commit the json output does
not change at all.

These changes have been tested on multiple decrypted http2 traces with
the following testing method:
- Save the pcap file as json with a build of the current master branch.
- Save the pcap file as json with a build of the master branch + this
commit.
- Compare the files for changes with the "cmp" utility.

No differences were found between files for multiple different decrypted
http2 traces. Printing with the "-x" or "-j" options also does not
produce any changes either.

Bug: 12958
Change-Id: Ibd3d39119c3a08906389aa8bbf4e2a2b21dd824e
Reviewed-on: https://code.wireshark.org/review/22064
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-06-16 07:41:27 +00:00
Michael Mann 585d17ae7f Add support for color xml attributes in psml and pdml formats.
Bug: 6682
Change-Id: I19330d06aa3d5692503c61369c3c650d595971f5
Reviewed-on: https://code.wireshark.org/review/22077
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-06-12 03:23:38 +00:00
Guy Harris 9f4671f674 Don't colorize a line if we have no color filter.
There's no guarantee that there's a color filter that matches, so the
color filter pointer might be null.

Change-Id: Ia11845824a4ca9c0cc153a89aa2fba876084a796
Reviewed-on: https://code.wireshark.org/review/22079
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-11 19:04:48 +00:00
Dave Goodell 2be411a215 tshark: add "--color" option emulating wireshark colors
With this commit, tshark will mimic the packet coloring present in the
Wireshark GUI whenever "--color" is passed.  This initial commit only
adds such support for the standard text output format.  A future commit
could potentially broaden this support to other output modes (such as
"-V" mode).

Bug: 5158
Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d
Reviewed-on: https://code.wireshark.org/review/21325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-06-11 13:36:19 +00:00
Guy Harris d0865fd619 Allow bigger snapshot lengths for D-Bus captures.
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures.  Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size.  See

	https://bugs.freedesktop.org/show_bug.cgi?id=100220

for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.

Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".

In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary.  When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.

Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-05 05:28:26 +00:00
Peter Wu c9b0e9c813 Report syntax errors in UAT prefs parsing
Add the cause for a syntax error while parsing UATs. Example output:

    $ tshark -ouat:ssl_keys:,
    tshark: Invalid -o flag "uat:ssl_keys:,": ssl_keys:1: No IP address given.
    $ tshark -ouat:unknown:,
    tshark: Invalid -o flag "uat:unknown:,": Unknown preference

Change-Id: I549406c4e31a81d29f487ef47bdb3c22da084947
Reviewed-on: https://code.wireshark.org/review/21748
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-05-26 17:31:01 +00:00
Guy Harris a8228fa80b Fix Windows build without pcap.
Change-Id: Ib79da01124a7f1b44f168ce19691d3ceaa7d5a68
Reviewed-on: https://code.wireshark.org/review/21619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-05-12 18:44:10 +00:00
Alexis La Goutte 33f3866fb4 tshark: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I4425be3bbee0e781dff59a07d7de65f5eba81bdd
Reviewed-on: https://code.wireshark.org/review/21564
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-05-09 13:42:24 +00:00
Hessam Jalali dd884611ac Auto reset epan session
Automatically resets intarnal epan session after reaching to
specified number of packets, for example
-M 1000
will reset the session every 1000 packets.

this is more like a proposal since the usage is very specific
it is useful for 24/7 live capture with dissection and sending
data directly to another application.

example:

tshark -Y "gtp" -M 100000 -T fields -e gtp.message -e gtp.teid

Change-Id: I8ee8b0380017c684120a93cb3fb43f41615a9c04
Reviewed-on: https://code.wireshark.org/review/21312
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-05-05 00:51:58 +00:00
Guy Harris 2a3f1a4f67 Eliminate some double-frees.
The cfile_ error-reporting routines free err_info; the caller doesn't
have to and, in fact, mustn't do so themselves.

While we're at it, make sure wtap_seek_read() always zeroes out *err and
nulls out *err_info, so the latter either points to a freshly-allocated
string or is null.

Change-Id: Idfe05a3ba2fbf2647ba14e483187617ee53e3c69
Reviewed-on: https://code.wireshark.org/review/21407
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-29 11:29:34 +00:00
Guy Harris e52c95c6c8 Move UI-only stuff out of libwireshark.
Packet ranges are used only in the UI; move the packet range stuff into
libui.

Don't pass a print_args_t structure to libwireshark packet-printing
routines, just pass the few parameters they need.  Move the declaration
of print_args_t into file.h.

Change-Id: Icff5991eea7d7d56f33b4716105895263d275bcf
Reviewed-on: https://code.wireshark.org/review/21308
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-24 03:38:21 +00:00
Guy Harris 751e078d2b Print first-pass read errors at the end.
That way, they don't, for example, get lost as a result of being
scrolled off the screen by output from the second pass.

Also, do the post-processing of output regardless of whether we got read
errors or not, and fix a code error hidden by a call to tshark_debug().

Change-Id: I389c7c794f4dd5fda6e4c50ce480802c92701866
Reviewed-on: https://code.wireshark.org/review/21305
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-23 20:18:46 +00:00
Jakub Zawadzki e2f76f991c tshark: make success volatile.
/home/wireshark/builders/ubuntu-x86-64-petri-dish/ubuntu-x86-64-petri-dish/build/tshark.c: In function ‘main’:
/home/wireshark/builders/ubuntu-x86-64-petri-dish/ubuntu-x86-64-petri-dish/build/tshark.c:653:12:
error: variable ‘success’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]

Change-Id: I793962c71b0ebfafc7c09b1d865cfa774456bb3a
Reviewed-on: https://code.wireshark.org/review/21303
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-23 19:08:28 +00:00
Guy Harris dc9127ddff Rename read{_cap}_file() to process{_cap+_file().
They might read the file once or twice, but the key is that they (and
what they call) are doing the work of processing the file's contents.

Change-Id: I2df6257c55ff5ace944f1a1db5e2aec456ed2038
Reviewed-on: https://code.wireshark.org/review/21293
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-23 08:29:55 +00:00
Guy Harris e9f5e045f7 Just have read_cap_file()/read_file() return a success/failure indication.
No need to report the precise error code - it's already reported the
error.

Change-Id: Ib52daf094253deac2a10d16793ebf0f42581afd6
Reviewed-on: https://code.wireshark.org/review/21292
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-23 08:21:26 +00:00
Guy Harris a4eb68be97 Rename some routines to better reflect what they do.
In TShark, rename load_cap_file() to read_cap_file(); this is TShark,
not Wireshark, so you're not "loading" a file to be manipulated through
the GUI.

In TFShark, rename it to "read_file()"; not only are we not loading it,
it's not even necessarily a capture file.

Change-Id: I122b46ecd8cb7de9c1e1c249ba6c08fdeb93f7e2
Reviewed-on: https://code.wireshark.org/review/21291
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-23 05:22:38 +00:00
Guy Harris 9e9d284d91 Have separate routines for open-for-reading and open-for-writing errors.
Expand comments while we're at it.

Change-Id: I6dcc791eab1c9e323a9572f3d54720d223bdd64b
Reviewed-on: https://code.wireshark.org/review/21252
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-20 18:24:20 +00:00
Guy Harris d09ef61459 Make the command-line and alert-box failure messages more similar.
Change-Id: I94af221a0ce8b6b3ff8e0e1b94d5379351ac0962
Reviewed-on: https://code.wireshark.org/review/21251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-20 17:15:22 +00:00
Guy Harris 7312019eac Fix a compiler warning.
(Clang FTW!  Is this not an issue on x86-64 macOS, so that it doesn't
warn about it, or does it, unlike GCC, require a particular -W flag to
warn about non-volatile variables being stomped by setjmp/longjmp?)

Change-Id: I253c1ea324feac1372aa4077aaba03c787a47d9f
Reviewed-on: https://code.wireshark.org/review/21248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-20 16:56:11 +00:00
Guy Harris bce5ec919e Use the new cfile_XXX_failure_message() routines more broadly.
Change-Id: I7814b3fd0353f4836ae61cbdbd4e13f659cbcb59
Reviewed-on: https://code.wireshark.org/review/21239
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-20 07:19:41 +00:00
Guy Harris 347a19ae96 Add common routines for command-line libwiretap error reporting.
These are similar to the routines added to ui/alert_box.c for dialog-box
libwiretap error reporting.

This centralizes the knowledge about what to say for various libwiretap
errors, removing some duplicate code, and giving more details in some
programs.

Change-Id: I737405c4edaa0e6c27840f78a8c587a8b3ee120b
Reviewed-on: https://code.wireshark.org/review/21234
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-20 02:21:58 +00:00
Guy Harris 8fb828ff0c Have a common "print a capture file open error message" routine.
Use that for both "open for input" and "open for output" errors.

Change-Id: Id17b732a2ca91bd080957b9fa010f781a1c65471
Reviewed-on: https://code.wireshark.org/review/21175
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-18 02:14:45 +00:00
Guy Harris 067ef3e08a Clean up documentation and help messages for protocol enabling/disabling.
List all of --enable-protocol, --disable-protocol, --enable-heuristic,
and --disable-heuristic in the SYNOPSIS section of the man pages.

Undent after the list of taps for the -z option, so the following
options are at the same indentation as other options.

List --enable-protocol in the DESCRIPTION, above --disable-protocol.

Include --enable-protocol in the help message.

Change-Id: I680a54430789f3543b2d539fbded22b0b57f7f76
Reviewed-on: https://code.wireshark.org/review/21159
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-17 03:48:14 +00:00
Guy Harris 407a2b07e5 Rename some routines and structure members.
They deal with sets of hfids, which can belong to protocols as well as
fields (I guess you could argue that a protocol is a field, but...).

Change-Id: Ibd103cfa26427ead4ef54be89f1251908004cfae
Reviewed-on: https://code.wireshark.org/review/21154
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-17 01:49:01 +00:00
Guy Harris 847c25c5a7 Prime the epan_dissect_t with postdissector wanted fields if necessary.
This makes sure that postdissectors that indicate that they need certain
fields in the first pass will get them.

While we're at it:

Fix the field-fetching code in TRANSUM not to assume it got any
instances of the field being fetched.

Rename process_packet_first_pass() in sharkd to process_packet(), as
it's the only routine in sharkd that processes packets.

Rename process_packet() in tshark and tfshark to
process_packet_single_pass(), as it's what's used if we're only doing
one-pass analysis.

Clean up comments and whitespace.

Change-Id: I3769af952c66f5ca4b68002ad6213858ab9cab9b
Reviewed-on: https://code.wireshark.org/review/21063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-12 23:33:37 +00:00
Guy Harris 4d2d423106 Rename routines to clarify what they do.
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.

Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-12 04:56:49 +00:00
Guy Harris c079255539 Add an API to let a postdissector specify fields whose values it needs.
Currently, this is only used to determine whether a protocol tree needs
to be built on the first pass or not - if there are postdissectors that
need fields, it does - but eventually we should be able to use it to
prime the dissection to deliver those fields in cases where we don't
need the *entire* protocol tree (rather than using a hack such as
cooking up a fake tap with a fake filter to do that).

Update MATE and TRANSUM to use it.

Clean up code to check whether we need a protocol tree, and add comments
before that code indicating, in each case, what the criteria are.

The array of postdissectors includes a length, so we don't need to
separately keep track of the number of postdissectors.

Clean up indentation while we're at it.

Change-Id: I71d4025848206d144bc54cc82941089a50e80ab7
Reviewed-on: https://code.wireshark.org/review/21029
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-12 04:31:19 +00:00
Guy Harris 6b3714254d Pull all the "load settings" calls into a epan_load_settings() routine.
That way, nothing using libwireshark needs to know what settings need to
be loaded, they just call epan_load_settings().

Change-Id: I9390e259e286fc4f5acaeaac2767e4c3c4b656af
Reviewed-on: https://code.wireshark.org/review/20983
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-09 22:40:30 +00:00
Guy Harris 7d5ce06cbe Pull the error reporting into {read,save}_filter_list.
Change-Id: I4d9582661f2f1728d400eeb2a1b1dea98f32ce7f
Reviewed-on: https://code.wireshark.org/review/20982
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-09 17:57:52 +00:00
Guy Harris 77cad8561c Move the filter file reading code to libui.
It doesn't belong in libwireshark, as it doesn't affect dissection, but
it *does* belong in libui, as it's helper code for the UIs.

Change-Id: I8a5e0640a299a08e9ec1917dd253197438ebfdbc
Reviewed-on: https://code.wireshark.org/review/20974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-09 04:25:52 +00:00
Guy Harris 62b342443d Pull the error-reporting code for preference files into read_prefs().
No need to duplicate it in N different programs.

Update comments while we're at it.

Change-Id: I3096cbe5448a19363eff6303bdd54e522dae9336
Reviewed-on: https://code.wireshark.org/review/20973
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-09 03:03:25 +00:00
Guy Harris 23a7890b6a Pull the code to save enabled/disabled lists into libwireshark.
It's identical in the GTK+ and Qt UIs, and it should just be done in
libwireshark.

Rename some routines to just speak of enabled_and_disabled_lists, so we
don't have to say enabled_and_disabled_protos_and_heuristic_dissectors
or something such as that.

Clean up indentation.

Change-Id: Ief2e612d9e1b60d8d0123b6bd3409dce5faf6495
Reviewed-on: https://code.wireshark.org/review/20970
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-09 02:00:37 +00:00
Guy Harris 2c44a7f930 Clean up handling of enabled/disabled protocols/heuristic dissectors.
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.

Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine.  Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.

Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.

If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.

Update a bunch of comments.

Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.

Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.

Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-08 20:40:08 +00:00
Guy Harris 357cfd3b03 A bunch of "{Mac} OS X" -> "macOS" changes.
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example.  It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.

Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-04-05 19:16:22 +00:00
Martin Sehnoutka 8efd42c4aa Reflect new default value of snaplen in man pages.
Default value for snaplen is defined in wiretap/wtap.h:
 #define WTAP_MAX_PACKET_SIZE    262144

and used in capture_opts.c:
    capture_opts->default_options.snaplen         =
    WTAP_MAX_PACKET_SIZE;

but help and man pages don't reflect this change.

Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-28 16:23:59 +00:00
Michael Mann 3b588dffcf Check for return value of WSAStartup on all executables.
Windows vscodeanalysis complains even though the event is probably
very unlikely.

Change-Id: Iafe158eea5586908209d6bfe1e45540117558673
Reviewed-on: https://code.wireshark.org/review/20727
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-27 03:14:15 +00:00
Jim Young e66b05fa9d tshark: Optionally delimit packet summary columns with tabs
This patch augments tshark's -T report with a "tabs" option.
When the -T tabs option is enabled an ASCII horizontal tab character
is inserted between each column of the human-readable one-line
packet summary record.

Change-Id: Id10a6e21e231eb2e52b6342ed05399db1a5fcfdf
Reviewed-on: https://code.wireshark.org/review/20537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-19 13:47:41 +00:00
Joerg Mayer ae39d9ad13 tshark and tfshark require -2 when using -R. Document this.
Change-Id: I3ef802ed1163512e20da10eaa8da3239107b6fae
Reviewed-on: https://code.wireshark.org/review/20509
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2017-03-12 11:23:37 +00:00
Dario Lombardo a29fe9d76a print_stream: free memory on exit.
Change-Id: I6c4acaa9026cfdf1d4230c28c30bccfb6c025cef
Reviewed-on: https://code.wireshark.org/review/19920
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2017-02-27 13:25:26 +00:00
Martin Kacer cd7d159c2e json2pcap support added
Modified tshark -T json -x output
Added tshark -T jsonraw output
json2pcap.py (can be used for basic packet editing by modifying json)

The modification in tshark -T json -x and new tshark -T jsonraw output
add into  hex-data output in JSON also information on which position
each field is dissected in the original frame, what is the field length,
bitmask (for not byte aligned fields) and type. This information can be
used for latter processing. One use-case is json2pcap script which
assembles the protocol layers back together from upper to lowers layers,
which allows the basic packet modification/editing/rewriting.

Change-Id: Ibf948eb8fc7e3b0b51c12df6c3855f705a9c7925
Reviewed-on: https://code.wireshark.org/review/19990
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2017-02-25 19:11:01 +00:00
Gerald Combs d84577fe1a Yell at the user less.
Our user-facing messages should have a helpful (or at the very least
neutral) tone. In English, exclamation points are neither. Replace a
bunch of them with periods.

Change-Id: I29c3b2f84c25e06aae5b559860224559053a0378
Reviewed-on: https://code.wireshark.org/review/20189
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-02-20 16:53:17 +00:00
Dario Lombardo 6d79055ba6 wsutil: remove leaks from filesystem and plugins code.
Change-Id: Iac2805c0130bd2ba6cdb3c9dd997050274d58d99
Reviewed-on: https://code.wireshark.org/review/20020
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-02-18 13:45:14 +00:00
Dario Lombardo 415580b060 tshark: free capture file filename on exit.
Change-Id: I561bc7b46ad8582013d3897ae19801d2fc5a7f49
Reviewed-on: https://code.wireshark.org/review/19950
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2017-02-14 13:25:39 +00:00
Dario Lombardo 7c0c580c4b wiretap: add cleanup routine.
The cleanup routine has been added to exit section of the applications.
Those which required a exit restyle have been patched as well.

Change-Id: I3a8787f0718ac7fef00dc58176869c7510fda7b1
Reviewed-on: https://code.wireshark.org/review/19949
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2017-02-14 10:22:20 +00:00
Guy Harris 940c758ef6 Further explanation in comments.
Change-Id: If88220dc39b2a6baeeefc244639992271b7f0464
Reviewed-on: https://code.wireshark.org/review/20086
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-02-13 03:33:54 +00:00
Guy Harris b0090953ca Fix a comment to reflect (and better explain) reality.
Change-Id: I4d87438046c18419cea775c547c49cd3abb2089e
Reviewed-on: https://code.wireshark.org/review/20085
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-02-13 03:30:46 +00:00
Martin Kacer dc3b7722cd tshark removed empty line in -T ek output
Change-Id: Id4c1ab258308ecc8421a5c82b6e937a9d35bf58e
Reviewed-on: https://code.wireshark.org/review/20061
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2017-02-12 17:03:15 +00:00
Dario Lombardo 9ced31a2d7 filter_list: add cleanup function and call it on exit.
Change-Id: I51d8074cc5a63d4fd3af8852df120d6b4163217f
Reviewed-on: https://code.wireshark.org/review/19942
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-02-10 13:34:56 +00:00
Dario Lombardo 59fc668845 Clean columns on exit.
Change-Id: I950295c35fc67193d9825ebc741da151ad99e077
Reviewed-on: https://code.wireshark.org/review/19941
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-02-10 13:31:01 +00:00
Jim Young 520a1b2066 Make the capture file's interface description filterable
This patch introduces the frame.interface_description field.

While testing this new functionality it became obvious that we have
a non-optimal interaction between the existing cfile.c's
cap_file_get_interface_name(), the recently added frame.interface_name
field and this new frame.interface_description field.

The string returned from cap_file_get_interface_name() may in fact
come from one of three different sources: the idb's interface name
(if it exists) or the idb's interface description (if that exists)
or a default text of "unknown".  The string ultimately becomes the
rame.interface_name whether or not the idb had an interface name
option to begin with.  This behavior does not allow one to test for
the simple presence of frame.interface_name.  The new peer function
cap_file_get_interface_description() added by this patch returns
NULL instead of "unknown" if the idb does not have an interface
description.  Should cap_file_get_interface_name() be similarly
modified to return NULL if the idb does not have an interface name?

Bug: 9781
Change-Id: Ie479f373c5080c004dd22bd88919838feca71e95
Reviewed-on: https://code.wireshark.org/review/19861
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-02-09 11:31:59 +00:00
Martin Kacer c9d8c1c8c5 PDML: protocol filter incorrectly filters desired subfields
Bug: 12847
Change-Id: I8a560dc44dceb06123d8bcecd512d132ee4ebb0d
Reviewed-on: https://code.wireshark.org/review/19671
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2017-02-05 14:03:34 +00:00
Guy Harris 14fba80f0f Fix builds without libpcap.
capture_opts_cleanup() doesn't exist if we're building without libpcap,
so don't call it if we're building without libpcap.

Change-Id: I6c9defea15fac7df5533269c4945b965d9a67c25
Reviewed-on: https://code.wireshark.org/review/19924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-02-03 00:01:17 +00:00
Dario Lombardo 93a5c83f0a capture_opts: free memory on exit to avoid leak.
This required a restyle of the way the different apps exit.

Change-Id: Iedf728488954cc415b620ff0284d2e60f38f87d2
Reviewed-on: https://code.wireshark.org/review/19780
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2017-02-02 22:04:14 +00:00
Michael Mann c302812566 Add enabled protocol list for dissectors who are disabled by default
We save a list of dissectors that are disabled through the Enabled Protocols
dialog.  This is because we assume dissectors are enabled by default.

For dissectors that are disabled by default, we have no way to keep them
enabled through the Enabled Protocols dialog.  A dissector that defaults
to being disabled has to be reset to enabled each time Wireshark is launched.

Add a list similar to the disabled list for enabling dissectors that are
disabled by default.
This mostly applies to post-dissectors.

Change-Id: I31a8d97a9fdbc472fe2a8666384e0f8786bb8e9f
Reviewed-on: https://code.wireshark.org/review/19405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-12-24 02:30:21 +00:00
Guy Harris 037c64aa34 Clean up initialization code for programs.
Make the init_progfile_dir() call unconditionally, even if plugins
aren't supported, as that doesn't necessarily mean nobody uses the
directory containing the executable.

Report the error the same way in all programs, and free the error string
after we're finished with it.

Make the error - and the comment before the code - reflect what
init_progfile_dir() is actually doing (the goal is to get the full
pathname of the directory *containing* the executable; that's generally
done by getting the pathname of the executable and stripping off the
name of the executable, but that's won't necessarily always be the
case).  Also note for TShark that we won't be able to capture traffic,
just as we do for Wireshark (if we don't have the pathname of the
program file, we don't have a pathname to use to find dumpcap).

Have the plugin scanner just fail silently if we weren't able to get the
plugin directory path, so we don't have to worry about calling it if
init_progfile_dir() fails.

Clean up white space while we're at it.

Change-Id: I8e580c719aab6fbf74a764bf6629962394fff7c8
Reviewed-on: https://code.wireshark.org/review/19076
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-12-05 04:27:49 +00:00
Guy Harris ab07f8e0f8 Have a routine to do all the work of initializing libwiretap.
Have programs that use libwiretap call that routine rather than
separately calling some or all of init_open_routines(),
wtap_register_plugin_types(), and wtap_opttypes_initialize().

Also don't have routines internal to libwiretap call those.  Yes, this
means doing some initialization work when it isn't necessary, but
scattering on-demand calls throughout the code is a great way to forget
to make those calls.

Change-Id: I5828e1c5591c9d94fbb3eb0a0e54591e8fc61710
Reviewed-on: https://code.wireshark.org/review/19069
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-12-04 21:42:44 +00:00
Jim Young 50489fd279 tshark: Add -G folders report
Add a new tshark feature to generate a folders report.  The folders report
is essentially the information presented by Wireshark's About / Folders page
in a TAB delimited format.

Change-Id: Ic4b3d332b4bdaa7e6b7aad1e9cc5dd18413aada6
Reviewed-on: https://code.wireshark.org/review/19002
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-12-03 12:47:05 +00:00
Moshe Kaplan 20c57cb298 Enable exporting objects with tshark
A new "--export-object <protocol>,<destdir>" option is added to tshark.

This required refactoring Export Object behavior in all GUIs to give the
export object handling to the dissector, rather than the ui layer.
Included in the refactoring was fixing some serious memory leaks in Qt
Export Object dialog, crash due to memory scope issues in GTK Export
Object dialog, and addition sorting column feature in Qt dialog (set
up by creating a widget to manage the items that were previously
leaking memory)

Bug: 9319
Ping-Bug: 13174
Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b
Reviewed-on: https://code.wireshark.org/review/18927
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-12-02 16:07:35 +00:00
Pascal Quantin dc2645217e tshark: fix activation of heuristic dissectors by command line
Change-Id: I9499be0d0efd24ce1049513171c657795fa69250
Reviewed-on: https://code.wireshark.org/review/18823
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2016-11-14 20:58:27 +00:00
Guy Harris 5aacafba8e Handle -K, -n, -N, and -u in the common dissection option code.
Also update tfshark to use that code.

Change-Id: Ic03fb8ff48c8bfc460298d180b436e53f0076cbe
Reviewed-on: https://code.wireshark.org/review/18588
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-10-31 05:05:50 +00:00
Guy Harris 706c106634 Have the routine that handles dissection options not exit.
Have it return TRUE if the option is OK and FALSE if it isn't, and let
its caller exit as appropriate.

Also, rename it - it's not adding something to a collection, it's just
handling the option.

Change-Id: I41863cbb67b7c257d900d3011609891b9b4a7467
Reviewed-on: https://code.wireshark.org/review/18587
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-10-31 00:37:42 +00:00
Guy Harris 03c6937e62 Have routines for parsing options that affect dissection.
Have them handle -d, -t, --disable-protocol, --disable-heuristic, and
--enable-heuristic for TShark and both flavors of Wireshark.

Change-Id: I612c276b1f9df8a2092202d23ab3d48be7857e85
Reviewed-on: https://code.wireshark.org/review/18583
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-10-30 22:57:16 +00:00
Guy Harris a7bc4b8146 Properly align the text in an error message.
Change-Id: Id8081c26bbe1349f9a7c89daf1188ba9de7da210
Reviewed-on: https://code.wireshark.org/review/18477
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-10-26 18:17:14 +00:00
Dario Lombardo 61956b8bf3 column-utils: add space to improve readability.
In tshark the UTF8 arrow overlaps the ports.
When pcap file has more than 999 packets the output is
no more aligned.

Bug: 12502
Change-Id: I07f90bbc0d2f065458bc07b7fde8f6a651951b60
Reviewed-on: https://code.wireshark.org/review/18109
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
2016-10-08 18:16:05 +00:00
Michael Mann 268841f3e0 Combine Decode As and port preferences for tcp.port dissector table.
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table.  It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.

The tcp.port dissector table was used as the guinea pig.  This will eventually be
expanded to other dissector tables as well (most notably UDP ports).  Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.

Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference

Also added comments for TCP ports used that aren't IANA registered.

Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-10-08 02:44:53 +00:00
Pascal Quantin e302f5ef6b tshark.c: fix indentation
Change-Id: Ie44f76a063f375df4ae85642cd0d011a0e233d60
Reviewed-on: https://code.wireshark.org/review/17956
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2016-09-27 20:52:25 +00:00
Pascal Quantin e9b94ae81f tshark: register extcap preferences
Bug: 12949
Change-Id: I95ef8a15a2d629bbb351d34dbfc730fa5ea62cd5
Reviewed-on: https://code.wireshark.org/review/17954
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2016-09-27 20:48:26 +00:00
Dario Lombardo e3247b3a71 fix some compilation issues without extcap.
Change-Id: I18c855e13281013a6277c1f38eeac92e74d52b34
Reviewed-on: https://code.wireshark.org/review/17665
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-09-12 14:33:29 +00:00
Peter Wu 583150198b extcap: fix use-after-free for preferences
In commit v2.3.0rc0-117-g485bc45 (backported to v2.2.0rc0-44-g66721ca),
extcap_prefs_dynamic_vals and extcap_cleanup were added in an attempt to
address dangling pointers.

Unfortunately it is not sufficient:

 - A pointer to the preference value is stored in extcap_arg and passed
   to the prefs API, but this extcap_arg structure can become invalid
   which result in use-after-free whenever the preference is accessed.
 - On exit, a use-after-free occurs in prefs_cleanup when the preference
   value is being checked.

As the preference subsystem actually manages the memory for the string
value and consumers should only provide a pointer where the value can be
stored, convert the char* field in extcap to char**. This has as
additional benefit that values are not limited to 256 bytes anymore.

extcap_cleanup is moved after epan_cleanup to ensure that prefs_cleanup
does not operate on dangling pointers.

Crash is reproducible under ASAN with: tshark -i randpkt

Ping-Bug: 12183
Change-Id: Ibf1ba1102a5633aa085dc278a12ffc05a4f4a34b
Reviewed-on: https://code.wireshark.org/review/17631
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
2016-09-11 08:33:42 +00:00
Guy Harris 2a38dc74ed Have scan_plugins() take an argument specify what to do on load failures.
That's a less gross hack to suppress load failures due to not having
libwiretap than providing a no-op failure-message routine, as it at
least allows other code using a failure-message routine, such as
cmdarg_err() and routines that call it, to be used.

We really should put libwiretap and libwireshark plugins into separate
subdirectories of the plugin directories, and avoid even looking at
libwireshark plugins in programs that don't use libwireshark.

Change-Id: I0a6ec01ecb4e718ed36233cfaf638a317f839a73
Reviewed-on: https://code.wireshark.org/review/17506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-09-05 23:27:02 +00:00
Guy Harris 1512ee7d84 Crashing in proto_initialize_all_prefixes()? Debugging output.
Change-Id: I6db711b1730b95460983ee190762753198c1959e
Reviewed-on: https://code.wireshark.org/review/17409
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-08-31 03:04:27 +00:00
Guy Harris 33bb9bed3e Debugging printouts, to see why tshark -G crashes on the Win64 buildbot.
Change-Id: I16f6b7a69eed5ec66842df9d0640216fd273d3b0
Reviewed-on: https://code.wireshark.org/review/17408
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-08-31 02:23:57 +00:00
Roland Knall 485bc456c5 extcap: Restore functionality for options
Allow stored options to be restored to their default values. This
adds a global cleanup method for extcap and globally defined
preference values, which fixes the parameter problem with windows

Change-Id: I48e0cf846ef81f4732d652c6a2ad0020db5df08e
Reviewed-on: https://code.wireshark.org/review/13741
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
2016-07-29 03:15:54 +00:00
Guy Harris 3beab65515 No need to check for string option values being null.
A string option, if present, always has a value; it might be a null
*string*, but you won't get a null pointer (if the option isn't present,
it simply isn't present).

Fix some comments while we're at it.

Change-Id: I9c1420f56998a7d04de5c5cc2e92631b181f303a
Reviewed-on: https://code.wireshark.org/review/16564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-07-21 00:28:18 +00:00
Guy Harris 1f8999bb96 Redo the block options APIs.
A block can have zero or more instances of a given option.  We
distinguish between "one instance only" options, where a block can have
zero or one instance, and "multiple instances allowed" options, where a
block can have zero or more instances.

For "one instance only" options:

	"add" routines add an instance if there isn't one already
	and fail if there is;

	"set" routines add an instance if there isn't one already
	and change the value of the existing instance if there is one;

	"set nth" routines fail;

	"get" routines return the value of the instance if there is one
	and fail if there isn't;

	"get nth" routines fail.

For "multiple instances allowed" options:

	"add" routines add an instance;

	"set" routines fail;

	"set nth" routines set the value of the nth instance if there is
	one and fail otherwise;

	"get" routines fail;

	"get nth" routines get the value if the nth instance if there is
	one and fail otherwise.

Rename "optionblock" to just "block"; it describes the contents of a
block, including both mandatory items and options.

Add some support for NRB options, including IPv4 and IPv6 option types.

Change-Id: Iad184f668626c3d1498b2ed00c7f1672e4abf52e
Reviewed-on: https://code.wireshark.org/review/16444
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-07-14 23:02:39 +00:00
Martin Kacer ceae9e4d1f tshark fields filter added for other outputs
-e fields filter addded to ek|json|pdml output.

Bug: 12529
Change-Id: I1f0f8772eefceb5b71927925ce0c34af483571b9
Reviewed-on: https://code.wireshark.org/review/16193
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-06-29 08:29:16 +00:00
Martin Kacer c3f3bd7fa8 tshark JSON and Elasticsearch output fix
Fixed json and ek escape function
Fixed -j protocol filter to do exact match
Fixed -T json to correctly close json
Added -j protocol filter also to pdml output

Bug: 11754
Change-Id: I02f274e4a5a02346922b37bbe946c10340c242ea
Reviewed-on: https://code.wireshark.org/review/16034
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-06-21 16:57:59 +00:00
Yang Luo d50b981d38 pcap: Add support to "new" Npcap native mode without setting PATH
Npcap decided not to add "C:\Windows\System32\Npcap" to
system PATH in the installation any more (starting from
Npcap 0.07 r14). So this patch needs to be applied, otherwise
Wireshark will not find Packet.dll (the error message will
only say wpcap.dll is missing, but actually is Packet.dll
missing).

Change-Id: Ifd8b6e6d8ecf9866cd37c3368b604de210ff8c7b
Reviewed-on: https://code.wireshark.org/review/15959
Reviewed-by: Yang Luo <hsluoyz@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2016-06-21 08:19:35 +00:00
Michael Mann 147b3d5149 Ability to invoke "Decode As..." as command-line argument for GUIshark.
TShark has had the functionality for awhile. While the GUI version
still has ways to change and persist Decode As functionality, adding
command line functionality gives the Decode As from initial launch
of the GUI.
Was also an excuse to refactor a bunch of code out of tshark.c

Bug: 5143
Change-Id: Ie67007d75e897bc06cc9afd9b84372a96b93778c
Reviewed-on: https://code.wireshark.org/review/16008
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-06-19 18:59:07 +00:00
Pascal Quantin a383e692c8 Revert "tap: change glib functions to wmem."
This reverts commit 2e9f3c5d36.

It breaks the registration of codec, dissector and libwiretap plugins.

Change-Id: I4ef91dd192f765adf87ea9fe9f3693e25dbd24de
Reviewed-on: https://code.wireshark.org/review/16012
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2016-06-19 10:47:10 +00:00
Dario Lombardo 2e9f3c5d36 tap: change glib functions to wmem.
Change-Id: I878ae6b121a669f9b7f4e1e57bc079f0cb44c0bf
Reviewed-on: https://code.wireshark.org/review/15270
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-06-17 15:38:03 +00:00
Martin Kacer 42b060905e tshark JSON and Elasticsearch output
Added ouput -T for json|ek
Added -j switch fo filter EK json|ek fields.
Added -x switch to work with json|ek to insert raw fields.

Bug: 11754

Change-Id: Iad5a9092b843c074b0b774d1745fa14fca09f6b7
Reviewed-on: https://code.wireshark.org/review/15869
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-06-17 06:09:29 +00:00
Michael Mann 614d09af13 Add data structures necessary to support multiple Name Resolution blocks.
This doesn't try to use any data from multiple Name Resolution blocks, it
just converts single Name Resolution block usage into a GArray, so the
potential is there to then use/support multiple Name Resolution blocks
within a file format (like pcapng)

Change-Id: Ib0b584af0bd263f183bd6d31ba18275ab0577d0c
Reviewed-on: https://code.wireshark.org/review/15684
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-06-01 22:58:06 +00:00
Michael Mann 6fa77a6acb Add data structures necessary to support multiple Section Header blocks.
This doesn't try to use any data from multiple Section Header blocks, it
just converts single Section Header block usage into a GArray, so the
potential is there to then use/support multiple Section Header blocks
within a file format (like pcapng)

Change-Id: I6ad1f7b8daf4b1ad7ba0eb1ecf2e170421505486
Reviewed-on: https://code.wireshark.org/review/15636
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-06-01 14:33:23 +00:00
Michael Mann 81d65ccec6 Add wtap_optionblock_set_option_string_format
Also add a length parameter to wtap_optionblock_set_option_string

Change-Id: I8c7bbc48aa96b5c2a91ab9a17980928d6894f1ee
Reviewed-on: https://code.wireshark.org/review/15505
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-22 23:39:14 +00:00
Gerald Combs fee7e95b3a TShark: Separate columns using UTF-8 arrows.
Use UTF8_RIGHTWARDS_ARROW and UTF8_LEFTWARDS_ARROW instead of "->" and
"<-" between addresses. This matches the port-printing behavior of the
TCP, UDP, and SCTP dissectors.

Change-Id: I0add8bfb1748319758a1ce7dbd362af818139db8
Reviewed-on: https://code.wireshark.org/review/15319
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2016-05-11 17:31:05 +00:00
Gerald Combs d7cbea9428 TShark: Add a "-E bom=" option.
Add an option to print the UTF-8 BOM.

Change-Id: I3d30c67852b9b89d1548b0f957d97fd8e8741049
Reviewed-on: https://code.wireshark.org/review/15318
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2016-05-11 17:30:33 +00:00
AndersBroman 505bf5945b [tshark] Document -U option and create a list of tap names when entering
an empty name "".

Change-Id: I2b8332ff6900c8a88514a25a416f342d7b696d34
Reviewed-on: https://code.wireshark.org/review/15332
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-05-11 11:27:49 +00:00
AndersBroman 6d2ea733dd Implement Export PDU for tshark
This patch introduces the "-U tap_name[,filter]" tshark option and
is similar to the "Export PDUs as file" option in Wireshark.

Wireshark implements this feature by reopening a capture file, applying
a tap and finally opening the temporary file. Since tshark knows
in advance that a PDU export is needed, it can optimize by not creating
the temporary file and perform the export at the first opportunity.

This patch splits the opening/tapping functionality from error reporting
since tshark does not need a temp file and has no dialogs.

The capture file comment is now specified explicitly as there is no
"current file" anymore if the tap is running without active file.

TODO:

 - Review whether it is acceptable to overwrite save_file in tshark.
 - Add documentation (tshark manpage).

Bug: 3444
Change-Id: Ie159495d42c32c2ba7400f2991b7b8185b3fda09
Reviewed-on: https://code.wireshark.org/review/5890
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-05-03 10:17:46 +00:00
João Valverde 3db13a7fc9 Link version code statically again
This allows keeping the code-sharing with the static linking.

This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.

A nice side-effect is that libwsutil no longer depends on version.h.

Follow up to f95976eefc.

Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
2016-04-21 18:59:56 +00:00
Gerald Combs cf6501eb45 Windows: Remove the need for _CRT_NONSTDC_NO_DEPRECATE.
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.

Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.

Note that we could probably improve startup performance by using wmem
in diam_dict.*.

Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-04-13 02:16:20 +00:00
João Valverde ecb4dc396e Include ws_diag_control.h in config.h
Change-Id: Ia394071710ecda3b0e6686a51fbca45a8ff20317
Reviewed-on: https://code.wireshark.org/review/14749
Petri-Dish: João Valverde <j@v6e.pt>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
2016-04-04 23:05:31 +00:00
João Valverde e005bc819c Remove synchronous DNS name resolution
Change-Id: Ie5e670b769eb0674950f3679ef511047641c2873
Reviewed-on: https://code.wireshark.org/review/14751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-04-04 06:49:55 +00:00
João Valverde f95976eefc Move zlib version check to wsutil
Change-Id: I0950f61e90af5bb21c0017204de0c0b509616e5c
Reviewed-on: https://code.wireshark.org/review/14747
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-04-03 02:58:04 +00:00
Gerald Combs d877dcc1c4 Parallelize fuzz-test.sh
Run each "argument" test (e.g. "-nVxr" and "-nr") simultaneously in
the background. This should speed up our tests without reducing the
amount of fuzzing that we do.

Change-Id: I737d1dc09b31e07910d56632bec62da0f35fe222
Reviewed-on: https://code.wireshark.org/review/14432
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2016-03-14 15:54:26 +00:00
Michael Mann 08d49ff2e0 Making wiretap option blocks more generic.
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom".  It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.

Also what could be added/refactored is registering block behavior.

Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-02-23 00:39:38 +00:00
Michael Mann 14881e72d6 tshark: load decode_as_entries file
With Wireshark 2.0, some dissector preferences were removed in favor of 'Decode As' functionality.
But the settings saved in the GUI are not loaded in tshark, preventing their use without an explicit call to '-d' option.
Let's load decode_as_entries file by default and have it overridden by the '-d' option if required.

Ping-Bug: 12124
Change-Id: I134a424cb6cf8fc89b7096a659ef1605314a70a2
Reviewed-on: https://code.wireshark.org/review/13956
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-02-21 18:25:01 +00:00
Mike78 ef752689da Allow/Create an option to use "capture filter" labels defined in wireshark GUI from CLI
Move ui/filters.[ch] to filter_files.[ch] because dumpcap is using functionality.

Bug: 8091
Change-Id: I195c82fc023f97d6f331b8718c45a2d83d30faea
Reviewed-on: https://code.wireshark.org/review/5925
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-01-27 13:40:24 +00:00
Michael Mann ea2a3ac402 Initialize Qt info_data_t structure in constructor.
GTK and TShark should already have structure initialized to 0 because they are global variables.

Change-Id: I43a38c58f32967d201ddf78e450b2483f28f8bd6
Reviewed-on: https://code.wireshark.org/review/12847
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
2015-12-23 18:22:38 +00:00
Roland Knall 35ee09e0f0 capture_info: Fix initialization of packet counter
g_hash_table_destroy will crash, if it is called on
 non-initialized memory. For some reason, this does not happen
 with other glib lists (e.g. GList seems to guard cleanly).

 This change initializes at the earliest possible time the
 packet counter hash with NULL

Change-Id: Ice66652fc9639d10b49d006ecbe80efe3f41e2ff
Reviewed-on: https://code.wireshark.org/review/12841
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
2015-12-23 11:35:25 +00:00
Michael Mann 444dfda793 Allow "capture info data" to not be a singleton.
It was buried as a static variable in capture_info.c, and functions were refactored to allow a pointer to the info_data_t structure to be passed in. TShark and GTK will have their own single (global) copy of the structure, while it opens up Qt to have multiple instances.

Change-Id: Ic2d7a2ad574de43f457cb18b194d6bc3fffb6120
Reviewed-on: https://code.wireshark.org/review/12691
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-12-19 14:22:56 +00:00
João Valverde fbf2e3cf8f Make init_progfile_dir() take a function pointer [-Wpedantic]
Change-Id: I45f8ea5ee6ccc5a484c60ad6e686aaf30f6b0c98
Reviewed-on: https://code.wireshark.org/review/12557
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-12-14 23:52:28 +00:00
João Valverde 2aab706c5a Remove -Wwrite-strings compiler flag
The "-Wwrite-strings" flag produces nuisance warnings. These warnings are
not useful, they're impossible to fix in a sane way and therefore are being
handled with casts of static strings to (char *).

This just moves the warning to [-Wcast-qual] and a compiler pragma is
in turn required (and used) to squelch that warning.

Remove the Wwrite-strings warning. Let that responsibility fall on the
programmer (as is done by casting).

Change-Id: I5a44dfd9decd6d80797a521a3373593074962fb5
Reviewed-on: https://code.wireshark.org/review/12162
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-12-12 16:21:19 +00:00
Gerald Combs 4a9705774a Fixup a couple of stdout checks.
Change-Id: I942cd9010901d7b6c4f5b390fb23f79d72fb05d0
Reviewed-on: https://code.wireshark.org/review/11740
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-11 18:15:36 +00:00
Guy Harris 827b7dd756 Skip only the actual file descriptor close when writing to stdout.
Have a "this is stdout" flag for a wtap_dumper, and have "open the
standard output for dumping" routines that set that flag.  When closing
a wtap_dumper, do most of the work regardless of whether we're writing
to the standard output or not (so that everything gets written out) and
only skip the closing of the underlying file descriptor.

Change-Id: I9f7e4d142b3bd598055d806b7ded1cb4c378de8e
Reviewed-on: https://code.wireshark.org/review/11673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-10 10:11:50 +00:00
Guy Harris 6c3c6de340 Treat "-" as "standard input" in the CLI, not in libwiretap.
That's a UI convention, and the GUI shouldn't honor that convention - a
user might get confused if they try to save to "-" and end up with
nothing (and with a ton of crap in a log file if programs launched from
the GUI end up with their standard output and error logged).

While we're at it, make randcap report write and close errors.

Change-Id: I9c450f0ca0320ce4c36d13d209b56d72edb43012
Reviewed-on: https://code.wireshark.org/review/11666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-10 01:23:22 +00:00
Guy Harris 0162e54075 Clean up includes of unistd.h, fcntl.h, and sys/stat.h.
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".

Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).

Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-07 21:52:23 +00:00
Guy Harris ff9f9fc431 Don't include "file.h" if you don't need it.
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do.  In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.

Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h.  Fix includes as necessary.

Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-04 08:46:30 +00:00
Guy Harris c7e42be2e5 Catch REPORT_DISSECTOR_BUG() calls in dissector registration routines.
Have epan_init() return a success/failure Boolean indication.  Catch
exceptions when calling the dissector registration routines and, if we
get one, report the error and return a failure indication.

If epan_init() fails, quit, but first make sure the reported error is
displayed.

Change-Id: I0300cbb1f66a5644f857a205235124909d684c50
Reviewed-on: https://code.wireshark.org/review/11340
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-10-28 00:44:26 +00:00
Peter Wu 6d7b29592a Allow use of variadic macros
Remove variadic macros restriction (c99, c++11 feature) from
README.developer. GCC, Clang, MSVC 2005 all support it.

Enable -Wno-variadic-macros in configure.ac and CMakeLists.txt when
-Wpedantic is enabled (which would enable -Wvariadic-macros).

For all files matching 'define\s*\w+[0-9]\(', replace "FOO[0-9]" by
"FOO" and adjust the macro definition accordingly. The nbap dissector
was regenerated after adjusting its template and .cnf file. The
generated code is the same since all files disabled the debug macros.

Discussed at:
https://www.wireshark.org/lists/wireshark-dev/201209/msg00142.html
https://www.wireshark.org/lists/wireshark-dev/201510/msg00012.html

Change-Id: I3b2e22487db817cbbaac774a592669a4f44314b2
Reviewed-on: https://code.wireshark.org/review/10781
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-10-05 07:57:14 +00:00
Jeff Morriss 3ff5afd541 Add a test to verify we pre-allocated enough hf entries.
This way we'll know as soon as we drop below the pre-allocated limit. As
suggested by Graham on https://code.wireshark.org/review/10601

Change-Id: Ieeb14bdcf991d7a67c30787c97ca24ebb35d1763
Reviewed-on: https://code.wireshark.org/review/10627
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2015-09-23 20:09:39 +00:00
Jeff Morriss cd7387d22b Add a "fieldcount" report to tshark -G to let us easily see how many fields
are registered.

Change-Id: I06f10d96916640cb9a782cae87898a5dd6c9c6e3
Reviewed-on: https://code.wireshark.org/review/10601
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-09-23 04:38:01 +00:00
Matthieu Coudron 68dd2c823a Display the name of the invalid field when tshark is run with -T fields
-e invalidfield

Change-Id: Iaf8733096d9e1d15510a38363397b1dcd972ff59
Reviewed-on: https://code.wireshark.org/review/10504
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-09-12 20:19:59 +00:00
Hadriel Kaplan 78007fa1d2 Add debug printing to tshark
Add g_warning functions for tshark debug printing, disabled by default.

Change-Id: If1720b790b75bd1228afa62efac49dc04bc8addb
Reviewed-on: https://code.wireshark.org/review/10314
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
2015-08-30 17:09:00 +00:00
Hadriel Kaplan e25562badd Pcapng: clean up Section Header Block handling
Change-Id: I8516d0c561ed0b63e49a3594027c9c15bb789258
Reviewed-on: https://code.wireshark.org/review/9726
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-08-18 05:52:45 +00:00
Hadriel Kaplan 910438b17f Pcapng: support Name Resolution Block options
Make pcapng decode options in an NRB during read, and store the comment
option, and write it back out as well. Also make it handle plugin handlers
for unknown options in received NRB(s).

Change-Id: I81863ef8d85cb1c8b5ba6673ba0e562efe77714f
Reviewed-on: https://code.wireshark.org/review/9723
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-08-06 03:32:13 +00:00
Hadriel Kaplan 8b316ff49d Tshark doesn't display column text as field in 2-pass mode
Bug: 11401
Change-Id: I6aa43d5cdd996aaf0980ab59b690212e41046acc
Reviewed-on: https://code.wireshark.org/review/9800
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
2015-07-26 22:46:41 +00:00
Hadriel Kaplan 190e313e9d DNS: move DNS name resolution pref to Name Resolution prefs
Move the boolean flag for using captured DNS packet info for name resolution
to the Name Resolution preferences settings, as it was rather surprising to
disable Name Resolution preferences and still have names being resolved. Also
disble them all if the '-n' command line switch is used, and re-enable it for
a 'd' character in the '-N' option.

Bug: 10337
Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917
Reviewed-on: https://code.wireshark.org/review/9786
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
2015-07-25 17:05:01 +00:00
Pascal Quantin 6452caa3b3 Fix retrieval of data link type supported by remote interfaces with authentication
Make use of -A parameter when querying data link types supported by a given interface with dumpcap.
Ensure to pass the authentication parameters configured for a remote interface when calling capture_get_if_capabilities()

Bug: 11366
Change-Id: I4efea615084a82108e4a12a64e8c46817f30a5c6
Reviewed-on: https://code.wireshark.org/review/9690
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-07-22 07:10:10 +00:00
Jim Young ad82dfd554 Add new long options to GUIs to allow arbitrary protocols and heuristics to be disabled via command-line
Future: Allow multiple protocols to be disabled in one option statement
(perhaps using a comma or colon delmited set of names in <proto_name>)
instead of having to specify --disable-protocol <proto_name> multiple times.

Change-Id: I9b8f960acf75298ebb098d9b667fca49dca52306
Reviewed-on: https://code.wireshark.org/review/9631
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-07-17 11:27:52 +00:00
Michael Mann cdeae7e72b Add a "heuristic dissectors" tab to the Enable Protocols dialog.
This allows for a global place to enable/disable all heuristic dissectors.  This removes the need for individual dissector preferences, but those will be removed at a later date.  The more important part is the epan code to save/restore the enabled state of the heuristic dissector.  The GTK dialog was more for quickly testing the feature (there was already some GTK code in place that started the heuristic dialog tab)

Change-Id: Ie10687505c27a4456c49d5c4c69a5fc5f6394275
Ping-Bug:11152
Reviewed-on: https://code.wireshark.org/review/9508
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-07-14 11:28:55 +00:00
Michael Mann a8ff1e2778 Create very basic "generic" stat tap API to create a "GUI" independent table.
A few sample tap/dissectors (ANSI/A, ANSI MAP) are also included to test the API.  The "GUI output" is a bit raw and could use some "prettying up", but all the basic hooks are there.

Telephony "stat grouping" needs to be better alphabetized to properly populate menu (on GTK, probably Qt)

Change-Id: I98514171f69c4ab3a304dccb26c71d629703c9ab
Reviewed-on: https://code.wireshark.org/review/9110
Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-07-03 23:08:28 +00:00
Michael Mann da09a1bfd8 Take all epan_column_info members that always get allocated to "number of columns" to share their own data structure.
Change-Id: Ib982662db6cf68730a7d121eac60d9bc5ae67429
Reviewed-on: https://code.wireshark.org/review/9195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-06-29 02:11:04 +00:00
Peter Wu 2b68a6f450 tshark: fix memleak from version lookup
Immediately release memory after using it, fixes a direct memleak
warning from ASAN.

Change-Id: Icd3ff19c607da790a4a093966e1966cb0df6bb9d
Reviewed-on: https://code.wireshark.org/review/9069
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-06-23 20:18:37 +00:00
Michael Mann 8f390d4975 Refactor RTD stats.
Very similar to the refactoring of SRT stats, it provides more commonality of the stats for all GUI interfaces.  Currently implemented for TShark and GTK.  Affected dissectors: MEGACO, MGCP, Radius

Change-Id: Icb73a7e603dc3502b39bf696227fcaae37d4ed21
Reviewed-on: https://code.wireshark.org/review/8998
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-06-22 15:13:39 +00:00
Michael Mann 6de6f7f0f8 Further refactor SRT stats.
Create "common" SRT tap data collection intended for all GUIs.   Refactor/merge functionality of existing dissectors that have SRT support (AFP, DCERPC, Diameter, FC, GTP, LDAP, NCP, RPC, SCIS, SMB, and SMB2) for both TShark and GTK.

SMB and DCERPC "tap packet filtering" were different between TShark and GTK, so I went with GTK filter logic.
CAMEL "tap packet filtering" was different between TShark and GTK, so GTK filtering logic was pushed to the dissector and the TShark tap was left alone.

Change-Id: I7d6eaad0673fe628ef337f9165d7ed94f4a5e1cc
Reviewed-on: https://code.wireshark.org/review/8894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-06-21 03:35:13 +00:00
Guy Harris 2e76bb466a Use pid_t on UN*X, and HANDLE on Windows, for the process ID.
This avoids type punning; at least with Xcode 7 beta on El Capitan beta,
that produces warnings that get turned into errors.

Change-Id: I57f47455b9630f359828c07c92a190b5cb33816f
Reviewed-on: https://code.wireshark.org/review/8862
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-06-10 00:30:57 +00:00
Anders 4e60e8fb39 [MSVC 2015] Use intptr_t for "pointer stored as int" to make MSVC happy.
Change-Id: I5dbbea8527a8bb73b17e5a8a5611c3923d82459c
Reviewed-on: https://code.wireshark.org/review/8852
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-06-09 14:13:14 +00:00
Guy Harris d4bfa9c43b Have a common routine for constructing strings listing interfaces.
We have a bunch of duplicated code to make those lists; make a common
routine for that.  (dumpcap currently doesn't use it, as the routine in
question uses a routine in libui, which dumpcap doesn't use.  We should
probably fix that.)

Change-Id: I9058bf3320d420b8713e90743618972da1d1c6ed
Reviewed-on: https://code.wireshark.org/review/7934
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-04-05 23:43:01 +00:00
Guy Harris 083f6b6e6d Have a #define for whether the capture buffer size can be set.
It can be set if either 1) this is Windows (where we're assumed to be
using WinPcap, which includes calls to set the buffer size) or 2) we
have pcap_create() (in which case we also have pcap_set_buffer_size(),
at least in a normal libpcap release).

Use that rather than testing "defined(_WIN32) ||
defined(HAVE_PCAP_CREATE)"; that makes it a bit more obvious what's
being tested.

Change-Id: Id9f8455019d19206b04dd6820a748cb97ae5ad12
Reviewed-on: https://code.wireshark.org/review/7816
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-03-25 03:22:33 +00:00
Gerald Combs cac102eee3 Change a lot of http:// URLs to https://.
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.

Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2015-03-10 19:30:50 +00:00
Gerald Combs 95382c3afb Suppress a bunch of cast-qual warnings.
Squelch

    warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual]

similar to g630f54f.

Change strtod to g_ascii_strtod to squelch a checkAPIs error.

Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e
Reviewed-on: https://code.wireshark.org/review/7269
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2015-02-20 04:04:15 +00:00
Guy Harris 9423a13b2d Just have init_progfile_dir() take a void pointer.
dladdr() takes a void * as a code pointer; have init_progfile_dir() do
so, and do the casting in the calls.  We don't care about the signature
of the function whose address we're passing, we just want to pass a
pointer to *something* in the main program.

Change-Id: I9372620a97b0eb53c2bb3c0c41a238b4408f3709
Reviewed-on: https://code.wireshark.org/review/7270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-02-20 00:24:08 +00:00
Guy Harris cfcbb28671 Clean up ftype-conversion and dfilter error message string handling.
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string.  That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.

Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.

Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.

Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-18 10:22:59 +00:00
Guy Harris 938485436e Use g_strdup_printf(), rather than a fixed-length buffer, for the app name.
Add some missing g_free()s while we're at it.

Change-Id: Id38acc21d3c0b337e5d05baaf5ebbcd63699ff50
Reviewed-on: https://code.wireshark.org/review/6287
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-03 22:35:27 +00:00
Michael Mann 860cb393d8 tshark: Add endpoints statistics
"stat name" has been official changed to "endpoints" for all dissectors, rather than a mixture of "host"/"endpoints" based on dissector.

Change-Id: If34bcb5165b493948e784ba038ab202803a59843
Reviewed-on: https://code.wireshark.org/review/6154
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-01-02 00:02:18 +00:00
Guy Harris 5981dab95b Declare read_keytab_file() in epan/dissectors/packet-kerberos.h.
Don't throw its declaration in file.h, as it's not defined in file.c.
Instead, include it in epan/dissectors/packet-kerberos.h and include
that wherever read_keytab_file() is called.

Yes, that means you also have to include <epan/asn1.h> and, therefore,
you have to include <epan/packet.h>.  Yes, that should be cleaned up,
perhaps by splitting the Kerberos support code into "stuff that handles
encryption keys without any reference to dissection" and "stuff that
does dissection-related work".

Change-Id: Ide5c31e6d85e6011d57202f728dbc656e36138ef
Reviewed-on: https://code.wireshark.org/review/6210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-01 23:05:57 +00:00
Guy Harris 114e7735b9 Call setlocale() before getting version information.
That way, the setlocale() call used to get the current locale will get
the right answer.

Change-Id: Ib43e16a9d98d08e5ddaff81fd3235f5b64d7b95b
Reviewed-on: https://code.wireshark.org/review/6197
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-01 00:47:17 +00:00
Guy Harris 1bc2565bff Don't include signal.h unless we need it.
Change-Id: I3965e0951eee919720f780b5e52732fd18fd9786
Reviewed-on: https://code.wireshark.org/review/6194
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-31 22:54:01 +00:00
Guy Harris 27be466c9b Do the full string in get_{compiled,runtime}_version_info().
Have them start the string with "Compiled" or "Running on", and return
the string when done.

Change-Id: Ic4d290c963621fa0385dc5aab766fd4ad31d3810
Reviewed-on: https://code.wireshark.org/review/6155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-31 06:29:11 +00:00
Pascal Quantin 84110d2981 tshark: endpoints statistics are not supported for now, do not list them in -z
Move statistics registration to "GUI" callback registration

Change-Id: Id27c049dc8f91d311e9231342ae40749ca0ff5fc
Reviewed-on: https://code.wireshark.org/review/6151
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-12-31 04:24:18 +00:00
Guy Harris c1f30471ca Move the version_info.c stuff to wsutil/ws_version_info.c.
Change-Id: I3a5c7e219974bfb924819b43b4d445eaf00e5bde
Reviewed-on: https://code.wireshark.org/review/6153
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-31 03:41:02 +00:00
Dario Lombardo 63ebe918d9 Removed duplicated #include lines
Change-Id: I9cafa3cd5c74121168777d8c656e7e94e89efd3c
Reviewed-on: https://code.wireshark.org/review/6065
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2014-12-28 00:02:39 +00:00
Guy Harris 4536271c0a Don't use a leading - in getopt_long() option strings.
The behavior of a leading - is platform-dependent.  It also means that
non-option arguments are treated in a fashion that we're not handling,
so capture filters given as non-option arguments at the end of the
command line don't work.  (The Linux getopt() man page says that a
leading - "is used by programs that were written to expect options and
other argv-elements in any order and that care about the ordering of the
two."  We are not such a program.)

Change-Id: I5610cf90a8218d48f7516abacc367e0affa3b549
Based-On-A-Change-From: Peter Hatina <phatina@redhat.com>
Reviewed-on: https://code.wireshark.org/review/6071
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-27 02:47:04 +00:00
Guy Harris c2c9a09880 Use getopt_long() for the first pass through the argument list.
That way:

	1) we don't have to worry about the system getopt() and our
	   getopt_long(), on platforms that have getopt() but not
	   getopt_long() (Solaris prior to Solaris 10, HP-UX, AIX), not
	   working well together;

	2) if necessary, we can handle long options in the first pass.

Switch to using getopt_long() for the *second* pass for the GTK+ version
of Wireshark.

Use the documented mechanism for resetting the argument parser for the
glibc version of getopt_long(); use the mostly-undocumented-but-at-least-
they-documented-optreset mechanism for the *BSD version.

(We should look into doing only one pass, saving away arguments that
can't fully be processed in the first pass for further processing after
initializing libwireshark.)

Change-Id: Ide5069f1c7c66a5d04acc712551eb201080ce02f
Reviewed-on: https://code.wireshark.org/review/6063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-26 22:39:46 +00:00
Guy Harris e08eba9b9e Only include <wsutil/os_version_info.h> if we need it.
Change-Id: Idee0e7205969ac2e7b33c4748a1463a0bfffe0a6
Reviewed-on: https://code.wireshark.org/review/6051
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-25 21:03:45 +00:00
Guy Harris 20503c7047 Check for getopt_long(), not getopt().
We support three types of platforms:

	1) UN*Xes that have both getopt() and getopt_long();

	2) UN*Xes that have getopt() but not getopt_long();

	3) Windows, which has neither.

Checking for getopt_long() lets us distinguish between 1) and 2) and
build getopt_long() for them.

Change-Id: Iaf0f142f9bebaa2eed2128d544ec9786711def45
Reviewed-on: https://code.wireshark.org/review/6045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-25 01:11:10 +00:00
Stephen Fisher 2d8ec49ffa Move twelve show_version() functions from the varoius programs and
Wireshark UI files into a single one in wsutil.

Change-Id: I0a64f0cc8106bd681bd185289c36272c4c43baad
Reviewed-on: https://code.wireshark.org/review/6026
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
2014-12-24 16:51:45 +00:00
Gerald Combs 9ba9cd83a4 Qt: Add a CaptureFile class.
Wrap the capture_file struct in a QObject which translates cf_cb_* and
capture_cb_* events into signals. Move the global cfile to
capture_file.cpp.

Don't use a void pointer for the capture file struct.

Change-Id: Ic5d5efb4bb1db64aa0247245890e5669b1da723a
Reviewed-on: https://code.wireshark.org/review/5885
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-12-20 17:39:29 +00:00
Guy Harris 0885d29451 Make sure err_info is always set, and print it iff it's non-null.
Change-Id: Ib5c600c491a3d8adcfa91c00fa9445283610545b
Reviewed-on: https://code.wireshark.org/review/5830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-18 04:04:19 +00:00
Guy Harris 6011a047d3 WTAP_ERR_UNWRITABLE_ errors aren't returned by reads or open-for-reading.
Check for them *only* on opening for writing and writes.

Change-Id: I4b537d511ec04bcfc81f69166a2b9a2ee9310067
Reviewed-on: https://code.wireshark.org/review/5827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-18 00:41:43 +00:00
Guy Harris aa27e665b1 Rename WTAP_ERR_REC_TYPE_UNSUPPORTED to WTAP_ERR_UNWRITABLE_REC_TYPE.
That indicates that it's a problem specific to *writing* capture files;
we've already converted some errors to that style, and added a new one
in that style.

Change-Id: I8268316fd8b1a9e301bf09ae970b4b1fbcb35c9d
Reviewed-on: https://code.wireshark.org/review/5826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-18 00:32:14 +00:00
Guy Harris 51522b3372 Handle "I can't map this for that file format" better.
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.

Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.

Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.

Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-18 00:03:26 +00:00
Guy Harris d2eddde5bd Report WTAP_ERR_UNSUPPORTED correctly.
WTAP_ERR_FILE_UNKNOWN_FORMAT is reported if the file is in a format that
libwiretap doesn't know about (either because it's not a capture file at
all or because it's a capture file in a format it doesn't support).
WTAP_ERR_UNSUPPORTED is for files in a *known* format that are using
features or file format elements (record type, link-layer header type,
etc.) that libwireshark doesn't support.  Fix some copy-and-pasteos
causing WTAP_ERR_UNSUPPORTED to be reported with a message appropriate
for WTAP_ERR_FILE_UNKNOWN_FORMAT.

Change-Id: Ic675ffd501c52838d8944a6c61e1b01041b73098
Reviewed-on: https://code.wireshark.org/review/5799
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-17 08:47:59 +00:00
Guy Harris ddcc2aee3d Rename WTAP_ERR_UNSUPPORTED_FILE_TYPE to WTAP_ERR_UNWRITABLE_FILE_TYPE.
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.

Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-17 08:31:49 +00:00
Guy Harris dbdcae80ba Rename WTAP_ERR_UNSUPPORTED_ENCAP to WTAP_ERR_UNWRITABLE_ENCAP.
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.

Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-17 06:41:45 +00:00
Guy Harris 846bb53948 Add a Buffer to wtap_pkthdr to hold file-type-specific packet metadata.
For example, this can be used for pcap-ng options not mapped to
file-type-independent metadata values.

Change-Id: I398b324c62c1cc1cc61eb5e9631de00481b4aadc
Reviewed-on: https://code.wireshark.org/review/5549
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-01 00:31:03 +00:00
Guy Harris 81ab6012fe Clean up routine names, don't pass capture_file into libwireshark.
Give all routines in epan/print.c that write a particular format a name
beginning with write_{formatname}.

If routines write columns, rather than the raw protocol tree, don't give
it a name containing proto_tree.

Get rid of empty preamble/finale routines.

For CSV, the preamble routine writes out column titles, so call it
write_csv_column_titles().

For C arrays, the body routine writes out raw hex data, so call it
write_carrays_hex_data().

capture_file isn't a structure defined by libwireshark, so don't make it
an argument passed into libwireshark.

Change-Id: I5a7e04de9382cf51a59d9d9802f815b8b3558332
Reviewed-on: https://code.wireshark.org/review/5536
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-29 22:44:29 +00:00
Guy Harris 741db4c751 Get rid of another global in the print code.
Pass the "output only these protocols" hash table as an argument,
instead.

Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1
Reviewed-on: https://code.wireshark.org/review/5440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-22 09:07:46 +00:00
Guy Harris b19b12a85d Get rid of write_headers global variable.
Have write_psml_preamble() and write_csv_preamble() take a capture_file *
as an argument, so they can print the column titles themselves, rather
than having to defer it to the routine that prints packet data.

Change-Id: Ifd1b7a13062be8ad46846315976922a752778153
Reviewed-on: https://code.wireshark.org/review/5438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-22 08:07:24 +00:00
Guy Harris 25f950eca9 Add tshark -G dissector-tables to dump a list of dissector tables.
That list doesn't show the entries in the dissector tables, just
information about the tables themselves.

Clean up some tshark man page issues while we're at it.

Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca
Reviewed-on: https://code.wireshark.org/review/5360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-17 02:26:57 +00:00
Guy Harris 225c86f7a2 Do the "-z help" processing separately, and do it for Wireshark as well.
Yes, Wireshark does a bunch of GUI stuff, and then takes the window down
before printing the help, but the same is true for some command-line
error messages as well.

Change-Id: Id501468416c83308e4c0a9e7a66116d8d33a9d84
Reviewed-on: https://code.wireshark.org/review/5317
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-15 00:27:48 +00:00
Guy Harris 4d3c4c4f12 Rename stat_cmd_args.[ch] to stat_tap_ui.[ch].
The intent is to handle more than just command-line arguments; reflect that.

Change-Id: Ia10efda85a9d11c6579d1bec6f789cee30d9e825
Reviewed-on: https://code.wireshark.org/review/5304
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-14 18:52:06 +00:00
Guy Harris 9f2a87803b Get rid of unnecessary includes of ctype.h.
Change-Id: Ibf9385715b85186f5c7289165acea7233b3fabde
Reviewed-on: https://code.wireshark.org/review/4804
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-18 00:06:19 +00:00
Guy Harris a566f617d8 No need for WTAP_ERR_CANT_READ.
Unlike the standard I/O routines, the code we introduced that supports
fast random seeking on gzipped files will always supply some specific
error code for read errors, so we don't need WTAP_ERR_CANT_READ.

Add WTAP_ERR_CANT_WRITE for writing, as we're still using the standard
I/O routines for that.  Set errno to WTAP_ERR_CANT_WRITE before calling
fwrite() in wtap_dump_file_write(), so that it's used if fwrite() fails
without setting errno.

Change-Id: I6bf066a6838284a532737aa65fd0c9bb3639ad63
Reviewed-on: https://code.wireshark.org/review/4540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 23:19:56 +00:00
Guy Harris 54b733ce9a Make the time stamp resolution per-packet.
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution.  Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.

Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display".  Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.

Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-09-28 18:38:18 +00:00
Pascal Quantin a3c4133847 tshark: fix -H option
The dump of the address info list must be differed to the end of the processing so as to know which host name was actually used in the capture

Bug: 10507
Change-Id: I44dbfae918d4ae92f9740c309804c7ff21bb4e1b
Reviewed-on: https://code.wireshark.org/review/4327
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-09-27 12:13:06 +00:00
Gerald Combs ea6fa049c9 Update the simple dialog code.
Rename simple_dialog_qt.{cpp,h} to simple_dialog.{cpp,h}. Make it a
subclass of QMessageBox. Queue messages at startup similar to GTK+.

Move the GTK+-specific simple_dialog declarations to
gtk/simple_dialog.h.

Don't yell at the user so much. Replace exclamation points with periods.

Change-Id: I1cc771106222d5e06f1f52d67ac29d6dc367cce4
Reviewed-on: https://code.wireshark.org/review/4288
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-09-25 22:02:43 +00:00
Guy Harris 22a0d65a9a Free err_info on WTAP_ERR_DECOMPRESS.
Change-Id: I57fbb17baf43b0f1365fef72778ac0e65935456a
Reviewed-on: https://code.wireshark.org/review/4210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-09-20 19:07:22 +00:00
Graham Bloice 97546165fa Modify includes of config.h so that out-of-tree builds, i.e. CMake
don't pick up the in-tree copy.

Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71
Reviewed-on: https://code.wireshark.org/review/3798
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
2014-08-24 08:04:08 +00:00
Michael Mann 018b84de84 Refactor "common" hostlist/endpoint table functionality.
This is very similar in architecture to the changes made to the Conversation table functionality.  Since all conversations have endpoints/hostlists, the "registered" list is shared for both.

Change-Id: Ie8c6910a68a1b3f27c5b18c4494f49b9404a7b31
Reviewed-on: https://code.wireshark.org/review/3214
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-08-18 04:24:39 +00:00
Bill Meier f3dd7fe1eb Fix whitespace/indentation to match editor modelines.
Change-Id: I3445ae22f10584582d465bf632942e016f5f70ca
Reviewed-on: https://code.wireshark.org/review/3452
Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-08-05 20:42:21 +00:00
Guy Harris 0734ac385f Rename buffer_ routines to ws_buffer_ to avoid name collisions.
In particular, epan/wslua/lrexlib.c has its own buffer_ routines,
causing some linker warnings on some platforms, as reported in bug
10332.

(Not to be backported to 1.12, as that would change the API and ABI of
libwsutil and libwiretap.  We should also make the buffer_ routines in
epan/wslua/lrexlib.c static, which should also address this problem, but
the name change avoids other potential namespace collisions.)

Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28
Reviewed-on: https://code.wireshark.org/review/3351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-08-02 11:01:29 +00:00
Michael Mann dcf6d44b7f Apply refactored "conversation" (tap) data to TShark.
I intentionally left the fields displayed alone (so they don't exactly match Wireshark GUI), because as Guy points out in bug 6310, not sure its A Bug or A Feature.  But at least all types of conversations allowed are in sync with Wireshark GUI.

Bug:6310
Change-Id: I722837df510a39dadc1f9a07a99275509516698c
Reviewed-on: https://code.wireshark.org/review/3212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-07-30 16:12:54 +00:00
Michael Mann 31ecdf5b06 Refactor "common" Conversation table functionality.
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan.  Also refactor "common GUI" conversation table functionality.

The idea is to not have to modify the GUI when a dissector adds a new "conversation type"

Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-07-26 20:59:42 +00:00
Peter Wu 0492921adc Replace lseek/fstat by ws_lseek64/ws_fstat64
lseek returns an off_t type which is system-dependent. Use ws_lseek64 in
favor of lseek as that supports 64-bit quanities.

Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows.
For the majority of the changes, this makes no difference as they do not
apply to Windows ("ifndef _WIN32"; availability of st_blksize).

There are no other users of "struct stat" besides the portability code
in wsutil. Forbid the use of fstat and lseek in checkAPIs.

Change-Id: I17b930ab9543f21a9d3100f3795d250c9b9ae459
Reviewed-on: https://code.wireshark.org/review/3198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-25 21:26:01 +00:00
Guy Harris 4028f56709 Clean up indentation (get rid of tabs).
Change-Id: I14917737db30c80af2d40e40efd79ceb6aea79f8
Reviewed-on: https://code.wireshark.org/review/3170
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-22 23:57:02 +00:00
Guy Harris f6ce0cdacd Get rid of NO_INTERFACES_FOUND - it's not an error.
It just means "pcap didn't give me any interfaces, and didn't report an
error".  Hopefully, in the future, there will be pcap APIs that
distinguish between the (admittedly unlikely, these days) case of "there
really *are* no interfaces on which *anybody* can capture" and "you
don't have sufficient permission to capture", and we can report the
latter as an error.  (Given that pcap supports more than just "regular
interfaces", though, there are cases where you don't have permission to
capture on those but you have permission to capture raw USB traffic, for
example, so perhaps what's really needed is per-interface indications of
permissions.)

Change-Id: I7b8abb0829e8502f5259c95e8af31655f79d36a1
Reviewed-on: https://code.wireshark.org/review/3169
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-22 23:53:49 +00:00
Evan Huus 42b537ea49 Reset state when cycling ring-buffer files in tshark.
This has several implications:
 - we match user expectations that a ring-buffered tshark capture will run
   forever without running out of resources (except where we still have leaks)
 - we lose reassembly and request/response matching when the relevant packets
   are split across files, but this actually makes our output more consistent
   with dissecting those files after-the-fact

I have not made it configurable in this change because I'm not really sure
there's a use case for the old behaviour - if you're running a ring-buffer
capture in the first place it's because you're willing to discard old data to
limit resource usage. If you want the full dissection without breaks, just don't
use a ring buffer at all and take the resource hit in both disk and memory.

Change-Id: I7d8f84b2e6040b430b7112a45538041f2c30f489
Reviewed-on: https://code.wireshark.org/review/2669
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
2014-07-05 22:08:59 +00:00
Guy Harris 9e6487f247 Move utility routines for capturing into a libcaputils static library.
Some of those routines are used only in dumpcap; others are used in
TShark and Wireshark as well.

Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7
Reviewed-on: https://code.wireshark.org/review/2841
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-04 07:25:26 +00:00
Guy Harris 66b02c75ed Include <sys/capaibility.h> to get _LINUX_CAPABILITY_VERSION defined.
It's no longer used in version_info.c, but is used in the main source
files of TShark and Wireshark (it's already included in dumpcap).

Change-Id: I2169a2bbed678baf26fc8711d7c13d95cce3ee2a
Reviewed-on: https://code.wireshark.org/review/2819
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03 15:22:45 +00:00
Guy Harris 1692c520ef Include "capture-pcap-util.h" even if we don't have libpcap.
The routines to get libpcap version information just say "no pcap here"
if we don't have it, so they're called regardless of whether we were
compiled with it.

Change-Id: I4e58cce83f7c0e36aa6ef9b40ec7075732402f3b
Reviewed-on: https://code.wireshark.org/review/2800
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03 09:16:39 +00:00
Guy Harris 35c47214e9 Get rid of an extra blank line.
Change-Id: I321ef1404e37ebb13a456d18eeb81285b7ba477f
Reviewed-on: https://code.wireshark.org/review/2796
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03 08:56:00 +00:00
Guy Harris b4ce352539 Make --help and --version information a bit more uniform.
Have --version print the version number, the copyright information, the
"compiled with" information, the "running on/with" information, and the
compiler information.

Have --help print the version number, a one-line summary of what the
program does, a reference to http://www.wireshark.org for more
information, a Usage: line, and a list of command-line options.

This means programs doing that don't need to include version.h; that's
left up to get_ws_vcs_version_info() to do.

Change-Id: Idac641bc10e4dfd04c9914d379b3a3e0cc5ca8cb
Reviewed-on: https://code.wireshark.org/review/2794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03 08:46:01 +00:00
Guy Harris 6b3391c60a Regularize the help output of programs.
Only print to the standard output, and only give the version
information, if a "print help" command-line option is specified.
Otherwise, leave out the version information, and print to the standard
error.

Leave out the copyright information; it's extra cruft, and

	http://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html

doesn't say anything about it (and bash, at least, doesn't print it).

Change-Id: Ic5029ccf96e096453f3bd38383cc2dd355542e8a
Reviewed-on: https://code.wireshark.org/review/2789
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03 02:29:54 +00:00
Guy Harris 66c342ed59 Regularize the first line of version output.
For Wireshark, say "Wireshark", not "wireshark".

For other programs, put "(Wireshark)" after the program name, as per

	http://www.gnu.org/prep/standards/html_node/_002d_002dversion.html

("If the program is a subsidiary part of a larger package, mention the
package name in parentheses, like this").

Change-Id: I68558f64cfa6ee4423e42f3d6b120633ef1b2716
Reviewed-on: https://code.wireshark.org/review/2788
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03 02:03:35 +00:00
Guy Harris 0cf54e7827 Drop privileges even earlier.
Do it at the same point at which Wireshark does so.  Do some other
things in the same order as well.

Change-Id: I2925366d49d14271ceffa1a938b5e3450337c772
Reviewed-on: https://code.wireshark.org/review/2743
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-01 10:11:49 +00:00
Guy Harris efafca71a3 Drop privileges very early on.
TShark relies on dumpcap to capture packets, and TFShark doesn't even do
packet capturing (it dissects files, not network traffic), so neither of
them need, or should run with, special privileges.  If you *must* run
with special privileges in order to capture, grant those privileges to
dumpcap, which has a *lot* fewer lines of code than libwireshark and
TShark/TFShark.

Change-Id: I8f8fedead355ca163895e025df37240d2f232ba4
Reviewed-on: https://code.wireshark.org/review/2736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-30 23:12:32 +00:00
Guy Harris b33512b704 Move capture_session.h to capchild; what it declares is defined there.
Change-Id: I8b1407839390b7ac0b45bf6f583c1a509073f002
Reviewed-on: https://code.wireshark.org/review/2709
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-30 05:09:31 +00:00
Guy Harris df5833723c Move capture_ui_utils.[ch] to libui.
Change-Id: Id0f3d4d60a1acc7aa64fd3737b8f16df5bca4e5a
Reviewed-on: https://code.wireshark.org/review/2708
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-30 01:36:56 +00:00
Guy Harris fe42762f23 Move some more stuff into wsutil.
Move the routines to parse numerical command-line arguments there.

Make cmdarg_err() and cmdarg_err_cont() routines in wsutil that just
call routines specified by a call to cmdarg_err_init(), and have
programs supply the appropriate routines to it.

Change-Id: Ic24fc758c0e647f4ff49eb91673529bcb9587b01
Reviewed-on: https://code.wireshark.org/review/2704
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-29 23:03:24 +00:00
Jeff Morriss 9d4af5fccd Check the validity of fields given to tshark with "-e": complain and exit if
they aren't valid.

Should help avoid confusion like that in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10201

Bug: 10201
Change-Id: Iff7f51ae042ca1a92d1c803b6cb61aa5d81ce205
Reviewed-on: https://code.wireshark.org/review/2654
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
2014-06-27 00:48:51 +00:00
Jeff Morriss e0461ecd43 Indicate tshark can read (-r) from stdin and named pipes now.
(Though it works only with certain formats.)  As requested in:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2874#c4

Change-Id: I2ce0509d8750b21ae0167d12459074ba0f9506f8
Reviewed-on: https://code.wireshark.org/review/2646
Reviewed-by: Evan Huus <eapache@gmail.com>
2014-06-25 18:01:28 +00:00
Guy Harris 0fb9369a5e Support -w even if we're not built with pcap.
You can, for example, do

	tshark -r file1 -Y filter -w file2

to read a file, apply a read filter, and write the packets that match
the filter to another file even if you can't capture traffic.

Change-Id: Ifd5e1d5c0e745edef5e98ec4babc720bfbcee6d9
Reviewed-on: https://code.wireshark.org/review/2627
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-24 20:49:06 +00:00
Guy Harris 5a3632ef40 Load WinPcap before we get the run-time information string.
That way, we can include the WinPcap version in that string.

Change-Id: I01fa0defce158e122d1c602fdfbc81916a9e80ef
Reviewed-on: https://code.wireshark.org/review/2625
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-24 20:05:28 +00:00
Guy Harris adf6b1a8df For capchild headers, include <capchild/XXX.h>.
Change-Id: I780c69ee637dcd9846756a2e2d6a35baf02d826d
Reviewed-on: https://code.wireshark.org/review/2594
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-24 00:28:08 +00:00
Guy Harris 1d92195de8 Have individual programs get libpcap and libz version info.
That way, the code that constructs the runtime version string doesn't
itself have to call libpcap and libz, and could be usable in programs
that don't call them.

While we're at it, add "with" to the run-time version information for
GnuTLS and libgcrypt, to match the compile-time version information, and
add the version information from libwireshark to TShark.

Change-Id: I3726a027d032270b032292da9314c1cec535dcd2
Reviewed-on: https://code.wireshark.org/review/2587
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-23 21:56:42 +00:00
Guy Harris c46329c27b Add a routine to return a version string including VCS information.
Add a routine get_ws_vcs_version_info() that, for builds from a tree
checked out from Wireshark's version control system, returns a string
that includes both the Wireshark version number and an indication of
what particular VCS version was checked out, and just returns
Wireshark's version number for other builds.

Use that routine rather than manually gluing VERSION and the Git version
number together.

("vcs", not "git", just in case we do something bizarre or mercurial
some day. :-))

Change-Id: Ie5c6dc83b9d3f56655eaef30fec3ec9916b6320d
Reviewed-on: https://code.wireshark.org/review/2529
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-22 01:06:25 +00:00
Guy Harris a70dea1956 Move get_os_major_version() to wsutil and rename it to get_windows_major_version().
It's Windows-specific, so name it appropriately.

Change-Id: Ic518cbfabebf95757f6b308a4d547a6cabed6a5e
Reviewed-on: https://code.wireshark.org/review/2528
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-21 21:33:11 +00:00
Guy Harris 43443af0ac Move get_copyright_info() to wsutil.
Change-Id: I75c1c747cd2b4a9845c659636582d54b2caecf1a
Reviewed-on: https://code.wireshark.org/review/2510
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-21 17:33:05 +00:00
Guy Harris b2622e1194 Move the "capture-comment" long option to LONGOPT_CAPTURE_COMMON.
Change-Id: I55884d48911de307cde52accfebbda69f2989526
Reviewed-on: https://code.wireshark.org/review/2505
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-20 23:43:41 +00:00
Guy Harris 235d3a2a3a Fix build without pcap.
The files that use LONGOPT_CAPTURE_COMMON and OPTSTRING_CAPTURE_COMMON
include capture_opts.h unconditionally, so there's no need to define
them if we don't have pcap.  In addition, we want the capture options
"available" even if we don't have pcap, so we can tell the user "you're
using a version of *shark without pcap, but you gave a capture option".

Change-Id: I0bd3893b73d3d903610d0bc6cacb60bfb37096f4
Reviewed-on: https://code.wireshark.org/review/2503
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-20 23:26:46 +00:00
Guy Harris b3885a9387 Fix builds without pcap.
Change-Id: I6c67f9ea9d115a8396af0904ef9a73d2c528dcaa
Reviewed-on: https://code.wireshark.org/review/2498
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-20 21:51:34 +00:00
Guy Harris cc4710ac5f Also define LONGOPT_CAPTURE_COMMON as nothing if we don't have pcap.
While we're at it, simplify the #ifdefs and #defines in capture_opts.h -
don't do the same tests twice.

Change-Id: I2079167f31789470ef77120054d769d5914745e3
Reviewed-on: https://code.wireshark.org/review/2496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-20 21:39:08 +00:00
Guy Harris 9a50b0f20b Define OPTSTRING_CAPTURE_COMMON as nothing if we don't have pcap.
No capturing, no capture options.

Change-Id: I0023184b9c358d5876f19a098590f34d641c8649
Reviewed-on: https://code.wireshark.org/review/2493
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-20 21:14:27 +00:00
Guy Harris 26bbee3fad Add some long options for capture short options.
The names match tcpdump trunk's names for the corresponding options.

Also have capture_opts.h provide a #define for the part of the short
option string that corresponds to the capture short options that all our
programs that take capture short options take (those are largely the
ones we have in common with tcpdump).

Change-Id: Ia209425959c801725850b56a7d63441ee99b5001
Reviewed-on: https://code.wireshark.org/review/2492
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-20 21:00:16 +00:00
Guy Harris 312ed10900 Add --help and --version long options.
Also, make the convention for long-only options be that their
case-statement values start at 128, so they avoid colliding with any
ASCII code points, including control characters.

Make the tables of long options "static const" while we're at it, and
get rid of unnecessary casts.

Change-Id: I55702a85e9bc078b1cd0f2803ebb68a710405bab
Reviewed-on: https://code.wireshark.org/review/2491
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-20 19:19:47 +00:00
Bill Meier 68a1b552f7 tshark.c: 'tshark -F pcap -w ...' should create a pcap (not pcapng) file; fixes Bug #9991.
Change-Id: I182357fc57d6e57033319afc762549d805c2c10c
Reviewed-on: https://code.wireshark.org/review/1954
Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-06-04 19:31:08 +00:00
Bill Meier dc02627adf tshark.c: Change "Live captures can only be saved in libpcap format" to "[...] in pcap or pcapng format"
Change-Id: I18dd0d15e261ecbc1ec086b4870a994afc7665ee
Reviewed-on: https://code.wireshark.org/review/1953
Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-06-04 19:30:29 +00:00
Guy Harris 318cf8a678 Add support for dissecting non-packet records.
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.

Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-25 00:05:07 +00:00
Guy Harris a344c9736e Revert "Allow wtap_read() and wtap_seek_read() to return non-packet records."
This reverts commit c0c480d08c.

A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes.  That is in-progress.

Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-23 10:50:10 +00:00
Guy Harris 716fdc8e39 Revert "Fix some white space issues."
This reverts commit 2456b22cd3.

Next step: revert my other change.

Change-Id: I7a2302c527c8a85ce9f37d6e4f68c1e2d0adb741
Reviewed-on: https://code.wireshark.org/review/1740
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-23 10:48:57 +00:00
Guy Harris 2456b22cd3 Fix some white space issues.
Change-Id: I3b4f57c2d1ceffeea1770494fe19a0eee8717a76
Reviewed-on: https://code.wireshark.org/review/1737
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-23 03:05:56 +00:00
Guy Harris c0c480d08c Allow wtap_read() and wtap_seek_read() to return non-packet records.
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.

Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-23 03:02:32 +00:00
Peter Wu 3aee917058 wiretap: remove unused code, drop number_of_interfaces
While investigating an ASAN issue (fixed in
commit dcdd076ab0), I got greatly confused
by three different types having the same "interface_data" field name:

 * pcapng_t *pn stores an array of interface_data_t objects.
 * wtap *wth stores an array of wtapng_if_descr_t objects.
 * pcapng_dump_t should store an array of interface_data_t objects.

pcapng_dump_t and friends are unused since
commit c7f1a431d2, so drop it.

To fix the confusion, rename the interface_data_t type to
interface_info_t type and use the local variable "iface_info"
everywhere. Rename interface_data of pcapng_t to "interfaces" and
add a comment what this exactly means (interfaces listed in the capture
file).

Drop the number_of_interfaces field for interfaces as the array
length is already available from GArray. Now interface_data is always
initialized for wth (which also gets copied to idb).

s/int/guint/g and replace cast at some places.

There are no regressions for the in-tree test suite.

Change-Id: I2d5985c9f1e43f8230dbb4a73bd1e243c4858170
Reviewed-on: https://code.wireshark.org/review/1656
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-05-17 12:41:50 +00:00
Guy Harris a1b1c8bed5 Revert "Refactor Wiretap"
This reverts commit 1abeb277f5.

This isn't building, and looks as if it requires significant work to fix.

Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-09 05:21:01 +00:00
Michael Mann 1abeb277f5 Refactor Wiretap
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.

The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.

bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-05-09 03:04:39 +00:00
Guy Harris cb16dff992 Get rid of more tvb_get_nstringz* calls.
Add an FT_STRINGZPAD type, for null-padded strings (typically
fixed-length fields, where the string can be up to the length of the
field, and is null-padded if it's shorter than that), and use it.  Use
IS_FT_STRING() in more cases, so that less code needs to know what types
are string types.

Add a tvb_get_stringzpad() routine, which gets null-padded strings.
Currently, it does the same thing that tvb_get_string_enc() does, but
that might change if we don't store string values as null-terminated
strings.

Change-Id: I46f56e130de8f419a19b56ded914e24cc7518a66
Reviewed-on: https://code.wireshark.org/review/1082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-04-12 22:27:22 +00:00
Hadriel Kaplan e7b3eff721 Fix tshark.c to pass checkAPIs script
Since tshark.c was using strdup, perror, and g_main_quit, changes to
the file won't pass checkAPIs; so this commit replaces those with
the approved functions; except strdup, which was unecessary.

Change-Id: I031aa44594f2b96960a45f48537ab4e9a10d34b1
Reviewed-on: https://code.wireshark.org/review/898
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-04-01 06:06:00 +00:00
Hadriel Kaplan b63b503456 Fix Bug 9938 'tshark "-Y -2 -w" saves non-dependent frames'
When the '-Y' display filter option is given with a '-2', and a '-w' to write out
the packets, tshark grabs *all* dependent frames in the catprue file, even those
that weren't dependents of a matching packet. Note that this also uses the '-2'
two-pass option, since only two-pass mode writes out dependent frames to begin with.

Change-Id: I17726447bec434ba2566e98fb78893d1331e3056
Reviewed-on: https://code.wireshark.org/review/866
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
2014-03-30 17:36:18 +00:00
Hadriel Kaplan ca9c160933 Fix bug9931 'Encapsulated ethernet packets sometimes show invalid FCS'
This fixes part-1 of bug9931: the uninitialized use of a wtap_pkthdr
struct. The second part of the bug deals with dissectors calling
the Ethernet dissector for ecnapsulated Ethernet packets but using
the wrong dissector handle to do so. That's unrelated to the issue this
commit addresses, so I'm splitting them up.

Change-Id: I87be7b736f82dd74d8c261062f88143372b5344c
Reviewed-on: https://code.wireshark.org/review/848
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-27 21:39:57 +00:00
Hadriel Kaplan d1873dbcc8 Fix Bug 9903: 'Clicking reload-file ignores selected file format reader'
There's a relatively new feature in 1.11.3 to select a specific file format
reader, instead of relying on magics or heuristics. If you select a file
reader and open a file, open it, and then click the reload-file button or go
to View->Reload or press the ctrl-R keymap, the file is reloaded but using the
magic/heuristics again instead of the file format reader you previously chose.
Likewise, the Lua relaod() function has the same issue (which is how I found
this problem).

I have tested this change by hand, using a Lua script, but I didn't add it
to the testsuite because I need another change for my test script to work
correctly. (an enhancement rather than a bug fix, which I'll submit separately)

Change-Id: I48c2d9ea443e37fd9d41be43d6b6cd5a866d5b01
Reviewed-on: https://code.wireshark.org/review/764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-21 17:51:45 +00:00
Hadriel Kaplan 041f844d72 Add command-line arg for input file format for tshark/wireshark
Now that we have the ability to choose input file format type
in the GUI, we might as well have it in the command-line too.
Plus it would help me in test-stuies if we had a commandline.
So I've added a '-X read_format:Foo' for this.  Using just
'-X read_format:', or with a bad name, will make it print out
the full list (in tshark); just like the '-F' does for output
file formats.

Note: I am *not* putting in code for Win32 GUI,
because I can't compile that and I wouldn't have even
done the GTK one if I could compile Qt originally. (I don't think we need
to add any more features to GTK or Win32, just Qt from now on,
right?)

Change-Id: I2fe6481d186f63bd2303b9e591edf397a2e14b64
Reviewed-on: https://code.wireshark.org/review/493
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2014-03-05 18:38:05 +00:00
Alexis La Goutte 296591399f Remove all $Id$ from top of file
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')

Fix manually some typo (in export_object_dicom.c and crc16-plain.c)

Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-04 14:27:33 +00:00
Michal Labedzki 579e7e19ce Wireshark: Add option to choose format type of capture file
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.

On the other side now it is possible to open capture file
as file format to be dissected.

Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
2014-02-25 17:43:13 +00:00
Guy Harris c65fbffc95 Force "printing" if -T is specified, even if -w is also specified.
Just as "tshark ... -P -w xxx" writes raw packets to xxx *and* writes
text packet summaries to the standard output, and just as "tshark ...
-V -w xxx" writes raw packets to xxx *and* writes text packet details to
the standard output, so should "tshark ... -T fff -w xxx" write raw
packets to xxx *and* write whatever "-T fff" (and any "-e" options)
specifies to the standard output.

Change-Id: I28ab3a4d48531f297533ec4dfb3742031eb69885
Reviewed-on: https://code.wireshark.org/review/278
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-02-21 01:51:58 +00:00
Guy Harris 114d051aef Fix crash when doing "tshark -2 -r file -w newfile".
We were using cf->buf in some places and a local variable buf in others;
consistenly use the local variable.

Have a local variable for the struct wtap_pkthdr while we're at it; with
some work we may be able to get rid of the struct wtap_pkthdr and the
Buffer in the capture_file structure.

Change-Id: I4762e22e11ef576be6bf9015450d1a270dd3d16b
Reviewed-on: https://code.wireshark.org/review/178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-02-11 19:50:26 +00:00
Gerald Combs f966980937 Replace "svn" with "git" all over the place.
Rename "SVNPATH" to "GITBRANCH" since that seems more appropriate.
Rename "svnversion.h" to "version.h" as Evan suggested. Update some
URLs. In make-version.pl, make sure we don't set an improper upstream
branch name. Use the number of commits + short hash from `git describe`
for package names by default.

Change-Id: I922bba8d83eabdf49284a119f55b4076bc469b96
Reviewed-on: https://code.wireshark.org/review/139
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-02-07 23:03:03 +00:00
Peter Hatina f62450ff93 allow tshark reading from pipes
Change-Id: If20a14b949667911df44f09c6a705b7645d4c49e
Reviewed-on: https://code.wireshark.org/review/85
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
2014-02-03 13:31:27 +00:00
Guy Harris 90d7c5f59b Don't write out packets that have a "captured length" bigger than we're
willing to read or that's bigger than will fit in the file format;
instead, report an error.

For the "I can't write a packet of that type in that file type" error,
report the file type in question.

svn path=/trunk/; revision=54882
2014-01-22 00:26:36 +00:00