Strip the timestamps and function names from extcap errors before
displaying them in a dialog. This keeps us from spewing
```
Error by extcap pipe: ** (falcodump:24913) 15:08:20.263535 [falcodump
WARNING] extcap/falcodump.cpp:593 -- main(): cloudtrail plugin error:
failed to list objects: ExpiredToken: The provided token has expired.
status code: 400, request id: M2PYJOT4JGVAA6B9, host id:
+4V8Q+DGV+80Jd3fdc7tODyVdTRvepNgCD9zuvXeL7kzvp2oikaoi9CLMW+UKt/
aR1G2UXIqyQ8=
```
at the user.
Check for warning messages and set our dialog type accordingly.
Send SIGTERM on UNIX systems to all extcap processes when user requests
capture stop. Wait up to 30 seconds for extcaps to finish. If extcaps do
not finish in time, send SIGKILL to remaining extcaps.
Do not call TerminateProcess() on Windows in the same place where UNIX
SIGTERM is sent. Instead schedule extcap termination timeout to happen
as soon as control returns back to the event loop.
There is no universally agreed replacement for SIGTERM on Windows, so
just keep things simple (forcefully terminate like always) until we
have agreed on something.
Changing profile during capture may change the capture_opts->show_info
setting. Always init cap_session->wtap and check if valid before doing
capture_info_new_packets(). Always close dialog and cap_session->wtap
in capture_input_closed().
This will not bring up the Capture Information dialog when switching
to a profile having this enabled.
Fixes#17622
Bug 17478 was caused by `wtap_rec.block` being allocated for each
packet, but not freed when it was done being used -- typically at the
end of a loop.
Rather than requiring each caller of `wtap_read()` to know to free a
member of `rec`, I added a new function `wtap_rec_reset()` for a
slightly cleaner API. Added calls to it everywhere that seemed to make
sense.
Fixes#17478
Don't store the comments in a capture_options structure, because that's
available only if we're being built with capture support, and
--capture-comment can be used in TShark when reading a capture file and
writing another capture file, with no live capture taking place.
This means we don't handle that option in capture_opts_add_opt(); handle
it in the programs that support it.
Support writing multiple comments in dumpcap when capturing.
These changes also fix builds without pcap, and makes --capture-comment
work in Wireshark when a capture is started from the command line with
-k.
Update the help messages to indicate that --capture-comment adds a
capture comment, it doesn't change any comment (much less "the" comment,
as there isn't necessarily a single comment).
Update the man pages:
- not to presume that only pcapng files support file comments (even if
that's true now, it might not be true in the future);
- to note that multiple instances of --capture-comment are supported,
and that multiple comments will be written, whether capturing or reading
one file and writing another;
- clarify that Wireshark doesn't *discard* SHB comments other than the
first one, even though it only displays the first one;
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Remove the editor modeline blocks from the source files in ui that use 4
space indentation by running
perl -i -p0e 's{ \n+ /[ *\n]+ editor \s+ modelines .* shiftwidth= .* \*/ \s+ } {\n}gsix' $( ag -l shiftwidth=4 $( ag -g '\.(c|cpp|h|m|mm)') )
This gives us one source of indentation truth for these files, and it
*shouldn't* affect anyone since
- These files match the default in our top-level .editorconfig.
- The one notable editor that's likely to be used on these files and
*doesn't* support EditorConfig (Qt Creator) defaults to 4 space
indentation.
The distinction between the different kinds of capture utility
may not warrant a special subfolfer for each, and sometimes the
distinction is not be clear or some functions could stradle
multiple "categories" (like capture_ifinfo.[ch]).
Simplify by having only a generic 'capture' subfolder. The
separate CMake libraries are kept as a way to reuse object code
efficiently.
The "short name" is really just the name, used to look it up. The
"name" is really a description intended solely for human consumption.
Rename the fields, and the functions that access them, to match.
The "description" maintained by Lua for file type handlers is used
*only* for one debugging message; we should probably just eliminate it.
Call it an "internal description" for now.
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
This reverts commit 5df2925434.
The problem only showed up in tfshark.c, and was caused by tfshark.c
using stuff from ui/urls.h but not *including* ui/urls.h.
If you use it, GCC 9.3.0 seems to think there's a missing parenthesis
somewhere, just as the version of clang++ in my version of Xcode does,
even though other versions of GCC don't. I'm clearly missing something
obscure about C here; I give up.
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
Instead of having programs that use the capchild library define
functions with known names, with the library routines calling back
routines with those names, have function pointers for those callbacks in
the capture_session structure, and have capture_session_init() set them.
Make the callback routines in TShark and in the ui library static.
Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae
Reviewed-on: https://code.wireshark.org/review/36583
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
When using the "Create a new file automatically" feature the capture in
Wireshark will stop and start, but the extcap utility will continue run
as normal. Ensure the control channels are kept when doing this.
Rename the unused capture_session.session_started to session_will_restart
to detect this.
Bug: 16178
Change-Id: I6797c982760a1013fca2a24699befff1dc82f28c
Reviewed-on: https://code.wireshark.org/review/35013
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
That means the packet-count-during-capture stuff is scattered amongst
fewer locations.
Move capture_info.h into ui; it's now a header that declares routines
whose implementations are GUI-platform-dependent.
Change-Id: I475815724a4766f6bc2511e67ebae14865e1a9d1
Reviewed-on: https://code.wireshark.org/review/26249
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
That way we aren't allocating memory, reading packets from a batch, and
freeing the memory for each batch of packets delivered by dumpcap; we do
the allocation when the capture starts and the freeing when it finishes.
Change-Id: If012ab865f3a99d869535ad10827ad8680c1b10c
Reviewed-on: https://code.wireshark.org/review/32766
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move it to the capture_session structure from the info_data_t structure,
and pass it as an argument to capture_info_new_packets().
Change-Id: I822392bbf48eeb27ba9e17b73775d2fc4349bc17
Reviewed-on: https://code.wireshark.org/review/32765
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
capture_input_drops() doesn't, and shouldn't, modify or free or... the
interface name, so make the pointer to it a const pointer.
Change-Id: Iafc5c5dd9939225b3aeb8a8e36c5bdeecc394e12
Reviewed-on: https://code.wireshark.org/review/32465
Reviewed-by: Guy Harris <guy@alum.mit.edu>
capture_input_cfilter_error_message() doesn't, and shouldn't, modify or
free or... the error message, so make the pointer to it a const pointer.
Change-Id: Ic14ac306add328df369af4b6e149c856f4283912
Reviewed-on: https://code.wireshark.org/review/32464
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Throw away the old temporary filename when restart capture to create
a new temporary file. This was omitted from the previous restart
capture fix.
Change-Id: I39396d26563ec3d424161f81667864440a13e6d2
Reviewed-on: https://code.wireshark.org/review/32184
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Set capture_opts->restart before restart current capture.
Update the restart handling in capture_input_closed() to not remove
the current save file; this is either the last file in a ring buffer
or a temporary file which will be reused later. Also remove the code
which starts the capture again because this is now done in
MainWindow::on_actionCaptureRestart_triggered().
Keep the code to restore the original save file when having a ring
buffer. This will avoid the error message "Ring buffer requested,
but capture isn't being saved to a permanent file" and a following
unwanted capture stop.
This fix will also avoid the "No packets captured" warning when
restart capture without having any packets captured.
Remove the unused capture_restart() function which was used in GTK.
Change-Id: I80802217b71810eaa36b78a2eb4c32697ddc92ce
Reviewed-on: https://code.wireshark.org/review/32110
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes ASAN test failures for test_wireshark_capture_from_stdin and
test_wireshark_capture_from_fifo tests.
Change-Id: I196fe2a299761f95e07b3091b934a566403e3e3f
Reviewed-on: https://code.wireshark.org/review/31844
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add interface name (colon delimited) to SP_DROPS ('D') message so when dropped
packets are outputted, they include the interface name for clarity.
Bug: 13498
Change-Id: I68cdde4f20a574580f089dc5096d815cde5d3357
Reviewed-on: https://code.wireshark.org/review/31218
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ensure that capture_stat_start always returns a non-NULL if_stat_cache_t
pointer. This keeps InterfaceTreeModel::updateStatistic from repeatedly
running dumpcap when we're unable to gather statistics, e.g. when we
don't have capture permissions.
Bug: 14284
Change-Id: Id408714a934abab2abdee1d4bb5e4bed872af016
Reviewed-on: https://code.wireshark.org/review/31038
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we aren't built with libz, report a new "decompression not supported"
error if the file is gzipped; the problem isn't that it's a new capture
file format we don't support, it's that a *compressed* capture file, in
some format, but we don't support the *compression* format used.
This can be extended if we add support for other compression formats.
Change-Id: I19239525d4e02357e3ca7189996556839af8fce2
Reviewed-on: https://code.wireshark.org/review/25315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Id302e88bed4da8b9b457049fb78b0bc7d7ffabe3 forgot to add brackets around
functionality
Change-Id: I3aa2ed6e927a6daca93846650645d76b0d62043e
Reviewed-on: https://code.wireshark.org/review/24885
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The split isn't necessary now that epan no longer uses the capture_file
structure.
Change-Id: Ia232712a2fb5db511865805518e8d03509b2167f
Reviewed-on: https://code.wireshark.org/review/24693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have cfile-int.h declare the structure, and use it in files that
directly access the structure.
Have cfile.h just incompletely declare the structure and include it
rather than explicitly declaring it in source files or other header
files.
Never directly refer to struct _capture_file except when typedeffing
capture_file.
Add #includes as necessary, now that cfile.h doesn't drag in a ton of
Change-Id: I7931c8039d75ff7c980b0f2a6e221f20e602a556
Reviewed-on: https://code.wireshark.org/review/24686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make sure each ui/*.[ch] file uses identical (4-space) indentation.
Remove ui/.editorconfig. Fix up other formatting where needed.
SPDX-abbreviate the license blurb in the files we modify.
Change-Id: I5faa1c1eae9a4b6220422ad8e4ba7a341c7deb1f
Reviewed-on: https://code.wireshark.org/review/24632
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
In preparation for possibly using AUTOUIC in CMake which treats "ui_*.h"
files specially, rename ui_util.h. No other changes.
Change-Id: Id026572c000b713ff0e9388dc7fff8d81d4df73e
Reviewed-on: https://code.wireshark.org/review/23916
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs