Windows implements so called CRT handlers, which will catch any
assertions happening inside so called crt routines and either
displays a debug dialog (Cancel, Retry, Ignore) or outright crashes
the application.
See
https://docs.microsoft.com/en-us/cpp/c-runtime-library/parameter-validation?view=msvc-170
for an explanation of the behaviour.
Now, in the current situation here, close will detect (correctly)
that the pipe it is supposed to be closing is already closed. This
happens (again correctly) because it had been closed by the extcap
application.
The change added, checks for a closed pipe first, and if so just
returns -1 (as it should) silently without calling the CRT routine,
therefore not crashing
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
Libgcrypt 1.8.x is required for a large amount of decryption
support and is the current LTS version of libgcrypt. The 1.6 and
1.7 series have been end-of-life since 2017-06-30 and 2019-06-30,
respectively.
The Linux distributions that have versions of libgcrypt before 1.8.0
are nearing or at end of support (RHEL7, SLES 12, Debian stretch,
Ubuntu 16.04LTS) and can be supported by the Wireshark 3.6 LTS release
series.
Remove an enormous amount of ifdefs based on libgcrypt versions
1.6.0, 1.7.0, and 1.8.0. There will be a second pass for the
commons defines HAVE_LIBGCRYPT_AEAD, HAVE_LIBGCRYPT_CHACHA20, and
HAVE_LIBGCRYPT_CHACHA20_POLY1305, which are now always defined.
The ISAKMP dissector has some comments noting that some workarounds
were used for libgcrypt 1.6 that aren't needed with 1.7; perhaps
that could be updated now.
If we're running in the Logwolf configuration namespace, look for
extcaps in a directory named "extlog". This paves the way for adding
log-specific capture utilities.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Add support for display filter binary addition and subtraction.
The grammar is intentionally kept simple for now. The use case
is to add a constant to a protocol field, or (maybe) add two
fields in an expression.
We use signed arithmetic with unsigned numbers, checking for
overflow and casting where necessary to do the conversion.
We could legitimately opt to use traditional modular arithmetic
instead (like C) and if it turns out that that is more useful for
some reason we may want to in the future.
Fixes#15504.
g_utf8_validate_len doesn't exist until glib 2.60, so just
use g_utf8_validate. It does the same thing when the length parameter
is unsigned. Fixes CentOS 7.
Add BASE_SHOW_UTF_8_PRINTABLE and related function tvb_utf_8_isprint
for supporting fields of bytes that are "maybe UTF-8" (default or
SHOULD be UTF-8 but could be something else, with no encoding indicator),
such as SSID fields in IEEE 802.11 (See #16208), certain OctetString
fields in Diameter or PFCP, and other places where
BASE_SHOW_ASCII_PRINTABLE is currently used. Fix#5307
Add a LOG_LEVEL_ECHO that is always active and always non-fatal.
Use that to implement a WS_DEBUG_HERE() macro for quick print outs
during debugging sessions.
The format "23:59:59+2000" is valid but the code assumes that
if the date/time format uses separators, the timezone offset
must have them too. Fix that. Add test cases for timezone
offsets +HHMM and +HH.
Rewrite ws_inet_pton{4,6} and ws_inet_ntop{4,6} without
GLib types.
Check for strerrorname_np() and use that is available,
to simplify error handling.
Add some minimal tests.
Encapsulate the feature requirements for strptime() in a
portability wrapper.
Use _GNU_SOURCE to expose strptime. It should be enough on glibc
without the side-effect of selecting a particular SUS version,
which we don't need and might hide other definitions.
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
On Windows the POSIX read() and write() don't use the C99/POSIX
types size_t and ssize_t so we must do the same to avoid
gymnastics to squelch narrowing warnings.
This adds two types for that purpose that have the correct
definition for both Windows and POSIX.
Currently used to define ssize_t on platforms that lack it.
Fix some Windows build errors caused by moving the definition into a
separate header.
Fix some narrowing warnings on Windows x64 from changing the definition
of ssize_t from long int to int64_t.
The casts in dumpcap are ugly but necessary. The whole code needs
to be rewritten for portability, or the warnings disabled.
Split ws_regex_matches() into two functions with better semantics
and remove the WS_REGEX_ZERO_TERMINATED symbol.
ws_regex_matches() matches zero terminated strings.
ws_regex_matches_length() matches a string length in code units.
Add some C99 stdio.h numbers to compare with GLib on platforms
(such as Windows) where they use different implementations.
Add a wmem string test with NULL allocator, to compare wmem and GLib
performance with roughly the same memory allocation.
Use the block allocator as being more representative of normal
wmem performance, instead of using strict, that is normally
used for wmem debugging.
These are not pass/fail tests, so the automation cannot
validate them. They just slow down the CI builds. To
enable pass -m perf.
I think the --verbose comment is wrong, I did not detect
any difference in output with or without --verbose.
Because we already have the length of the output string after
calling vsnprintf(), we should avoid calling wmem_strdup(), which
will ignore that and recompute the length.
Increase the buffer size to a value that seems reasonable to
minimize the chance of a second call to vsnprintf().
For historical reasons our logging inherited from GLib the logging of
some levels to stdout. Namely levels "info" and "debug" (to which we
added "noisy").
However this practice is discouraged because it mixes debug output
with application output for CLI tools and breaks many common usage
scenarios, like using tshark in pipes.
This change flips the logic on wslog to make logging to stderr the
default behavior.
Extcap subprocess have a hidden dependency on stdout so add that.
Some GUI users may also have a dependency on stdout. Because
GUI tools are unlikely to depend on stdout for programatic output
add another exception for wireshark GUI, to preserve backward
compatibility.
The type ssize_t is not available on Windows. Because this is
used in the public API we must provide a definition for it.
To avoid having to add a header to fix this use a size_t in
the API instead, and assign SIZE_MAX to represent a null
terminated string.
This adds some custom logic to check if we were given
the obsolete 'console.log.level' setting from the CLI
arguments, that specified the log level using a bitmask
copied from GLib. If we find that map the bitmask to a
wslog log level.
In any case the option is not removed from the argv (unlike
other wslog arguments like --log-level, etc.).
Adds deprecation warning for 'console.log.level' printed to
the console.
Related to #17763.
This matches the original implementation and allows displaying
logs to the console, including debug information, when running
an extcap from the CLI for testing and development purposes.
This should make extcap logging bug-for-bug compatible with the
behavior before dc7f0b88bb.
Imitate the GLib logic for selecting the console output stream
according to the log level. Levels MESSAGE and above go to
stderr. INFO and below go to stdout, unless stderr is chosen
using ws_log_console_writer_set_use_stderr().
It turns out some old extcap code was subtly dependending
on this behavior.
Extcaps require a log file when invoked in child mode. It also has
a specific flag to enable debugging, other that the wslog options.
Fix the logging to:
1. Enable debug log level if --debug is used.
2. Do not emit messages to the stderr if debug is enabled.
This brings extcap logging to the same feature level it had before
wslog replaced GLib logging.
We should not replace chars that cannot be represented
in ASCII, to avoid mangling UTF-8. This assumes every
string is UTF-8, of course.
This only affects the display of the compiled filter.
Before:
Filter: http.user_agent == "João"
Constants:
00000 PUT_FVALUE "Jo\xc3\xa3o" <FT_STRING> -> reg#1
After:
Filter: http.user_agent == "João"
Constants:
00000 PUT_FVALUE "João" <FT_STRING> -> reg#1
Add @file markers for remaining non-dissector
files that contain functions exported with
WS_DLL_PUBLIC so that Doxygen will
generate documentation for them.
Move epan_memmem() and epan_strcasestr() to wsutil/str_util.
Rename to ws_memmem() and ws_strcasestr(). Add compile time
check for a system implementation and use that if available.
We invoke those functions using a wrapper to avoid exposing
_GNU_SOURCE outside of the implementation.
Convert the tm struct to nstime first, then apply the timezone
offset, because applying the offset to the hours and minutes fields
directly can require carrying or borrowing in base 24 and 60 arithmetic.
Don't blindly examine the fifth byte in the input string without testing
earlier bytes. Instead, process the year by hand before calling sscanf.
ISO 8601 times don't switch between Basic and Extended format in the
middle, so for the later possible buffer overflows just use the
previously determined format.
A number of protocols have IDs that can be reused that are used as
lookup keys. In most cases the frame number should be used as well
to differentiate repeat appearances of an ID. For response/request
matching, it is frequently useful to find the most recent frame number
(greatest value less than or equal to the current one) that contained
an ID.
We can achieve that by using a multimap that stores values with a given
ID in a tree keyed with the frame number. This works better than using
a map or a tree alone:
1) A map isn't ordered, so doesn't allow for less than or equal comparison.
2) Using a tree requires an ordering on all the ID components, and then
having to test all the components other than the frame number separately
for equality after retrieval.
Currently the multimap does not support inserting items without specifying
the tree key (and having the multimap generate a key), because the total
capacity of trees (including deleted nodes) is not tracked. If other use
cases are needed, this could be added later along with more generic
multimap support.
Use a multimap in ANSI MAP, ANSI TCAP, and GSM SMS, all of which need to
match lookup IDs that can be reused. Fix#7653.
Change our developer.gnome.org/glib URLs to
developer-old.gnome.org/glib. The official documentation for GLib
appears to be at https://docs.gtk.org/glib/, but it has a different
layout than the gnome.org content (and is surprisingly resistant to
exploration IMHO). We can switch to developer-old.gnome.org using a
simple substitution and it still seems to be updated, so do that for
now.
Instead of removing extra log information in the log handler
for the default log level, do it in the ws_message() macro.
This means ws_log_full() will work as expected.
Rename to ws_return_val_if_null() because the name needs to be more
generic to indicate it should be used to return any kind of value,
not just pointers.
Increase the log level to something more appropriate because failing
any of these checks is considered to be a programming error.
Add the faulty variable name to the output message.
Add the macro ws_return_val_if_zero() for completeness.
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: guint32_to_str_buf(fv->value.uinteger, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: guint64_to_str_buf(val, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: '=': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: fs_len = strlen(fs_buf); [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: ^ [C:\Development\wsbuild-msvc\rawshark.vcxproj]
Have these functions accept a zero max length to mean "display
the whole byte array". Change the max length parameter to receive a
number of bytes to print, not the length of the output character
string.
Adjust the macros bytes_to_str() and bytes_to_string_punct() to
produce the same output. Add more tests. Rename the functions to
bytes_to_str_maxlen() and bytes_to_str_punct_maxlen() because this is
an API break.
Matches is a special case that looks on the RHS and tries
to convert every unparsed value to a string, regardless
of the LHS type. This is not how types work in the display
filter. Require double-quotes to avoid ambiguity, because
matches doesn't follow normal Wireshark display filter
type rules. It doesn't need nor benefit from the flexibility
provided by unparsed strings in the syntax.
For matches the RHS is always a literal strings except
if the RHS is also a field name, then it complains of an
incompatible type. This is confusing. No type can be compatible
because no type rules are ever considered. Every unparsed value is
a text string except if it happens to coincide with a field
name it also requires double-quoting or it throws a syntax error,
just to be difficult. We could remove this odd quirk but requiring
double-quotes for regular expressions is a better, more elegant
fix.
Before:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp.srcport
dftest: tcp and udp.srcport are not of compatible types.
Filter: tcp matches udp.srcportt
Constants:
00000 PUT_PCRE udp.srcportt -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
After:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
dftest: "udp" was unexpected in this context.
Filter: tcp matches udp.srcport
dftest: "udp.srcport" was unexpected in this context.
Filter: tcp matches udp.srcportt
dftest: "udp.srcportt" was unexpected in this context.
The error message could still be improved.
Converting from freq to channel only needed the 6 GHz freq. range
to be added, however, converting from channel to freq. will require
the function ieee80211_chan_to_mhz to take a starting frequency as
there's overlap in the channel numbering between 2.4/5 GHz and 6 GHz
bands. This may not be possible in some cases, so for now the
function will continue to do the conversion based on the order
on which the freq. ranges are defined. Specifically, it will favor
2.4/5 GHz over 6 GHz.
Use wslog to output debug information. Being able to control
it at runtime is a big advantage.
We extend the syntax tree nodes with a method to return a
canonical string representation.
Add a routine to walk the tree and return an textual representation
for debugging purposes.
Profile files which is only used in Qt is not automatically registered
during startup and must be explicit registered.
Add profile_register_persconffile() to handle this registration.
This is more readable and the extra error checking is functionally
the same as the original upstream code too, that trigerred some
compiler warnings.
Add missing 'static' qualifier.
Add a test for 'ws_opterr'.
Fix
wsutil/ws_getopt.c:93:21: error: possible misuse of comma operator here [-Werror,-Wcomma]
return ws_optind++, -1;
^
wsutil/ws_getopt.c:93:10: note: cast expression to void to silence warning
return ws_optind++, -1;
^~~~~~~~~~~
(void)( )
wsutil/ws_getopt.c:188:11: error: possible misuse of comma operator here [-Werror,-Wcomma]
name++, opt++;
^
wsutil/ws_getopt.c:188:5: note: cast expression to void to silence warning
name++, opt++;
^~~~~~
(void)( )
wsutil/ws_getopt.c:199:15: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
int l = arg-start;
~ ~~~^~~~~~
Add a .editorconfig entry for ws_getopt.[ch].
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
On the first packet of the conversation, the MPA layer is
dissected correctly followed by the DDP, RDMAP, RPC-over-RDMA,
RPC and NFS layers. The MPA layer sets the TCP conversation as
MPA protocol but when it dissects the RPC layer it also sets
the TCP conversation as RPC protocol thus overwriting the previous
protocol.
Added new port type PT_IWARP_MPA so that when the RPC layer
is dissected it does not overwrite the default protocol for
the TCP conversation which has already been set to MPA.
Fixes#15869.
This should fix the cppcheck warning "The unsigned expression
'sizeof(struct _PKT_INFO)' will never be negative so it is either
pointless or an error to check if it is."
wmem_safe_mult() was only used to do an overflow-safe multiplication of
a type size and a count of elements of that type; replace it with
wmem_safe_mult_type_size(), which takes the type as the first argument,
and checks only whether the count of elements is <= 0.
Fix the description in wsutil/exported_pdu_tlvs.h to reflect reality
(i.e., to match what the code in Wireshark that reads the exported PDU
TLVs, and all code that writes them, does).
In the code that dissects them, treat all strings as FT_STRINGZPAD, as
any null bytes at the end of the string are padding, not part of the
string.
See merge request !3895 and issue #17535.
Have wsutil/exported_pdu_tlvs.h define the LINKTYPE_WIRESHARK_UPPER_PDU
TLV type and length values, as well as the port type values written to
files in EXP_PDU_TAG_PORT_TYPE TLVs.
Update the comment that describes the LINKTYPE_WIRESHARK_UPPER_PDU TLVs
to more completely and correctly reflect reality (it was moved from
epan/exported_pdu.h to wsutil/exported_pdu_tlvs.h).
Rename those port type values from OLD_PT_ to EXP_PDU_PT_; there is
nothing "old" about them - yes, they originally had the same numerical
values as the PT_ enum values in libwireshark, but that's no longer the
case, and the two are now defined independently. Rename routines that
map between libwireshark PT_ values and EXP_PDU_PT_ values to remove
"old" from the name while we're at it.
Don't include epan/exported_pdu.h if we only need the
LINKTYPE_WIRESHARK_UPPER_PDU definitions - just include
wsutil/exported_pdu_tlvs.h.
In extcap/udpdump.c, include wsutil/exported_pdu_tlvs.h rather than
defining the TLV types ourselves.
This utility function is useful outside of epan. Move it to wsutil
and export the interface.
The move isn't completely clean as it requires duplicating two small
inline functions but that was necessary to avoiding moving too much at
once.
We have two format_size()s, with and without wmem scoped memory.
Move the wmem version to wsutil and add a convenience macro to
use g_malloc()ed memory.
Guy Harris