Matches is a special case that looks on the RHS and tries
to convert every unparsed value to a string, regardless
of the LHS type. This is not how types work in the display
filter. Require double-quotes to avoid ambiguity, because
matches doesn't follow normal Wireshark display filter
type rules. It doesn't need nor benefit from the flexibility
provided by unparsed strings in the syntax.
For matches the RHS is always a literal strings except
if the RHS is also a field name, then it complains of an
incompatible type. This is confusing. No type can be compatible
because no type rules are ever considered. Every unparsed value is
a text string except if it happens to coincide with a field
name it also requires double-quoting or it throws a syntax error,
just to be difficult. We could remove this odd quirk but requiring
double-quotes for regular expressions is a better, more elegant
fix.
Before:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp.srcport
dftest: tcp and udp.srcport are not of compatible types.
Filter: tcp matches udp.srcportt
Constants:
00000 PUT_PCRE udp.srcportt -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
After:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
dftest: "udp" was unexpected in this context.
Filter: tcp matches udp.srcport
dftest: "udp.srcport" was unexpected in this context.
Filter: tcp matches udp.srcportt
dftest: "udp.srcportt" was unexpected in this context.
The error message could still be improved.
Converting from freq to channel only needed the 6 GHz freq. range
to be added, however, converting from channel to freq. will require
the function ieee80211_chan_to_mhz to take a starting frequency as
there's overlap in the channel numbering between 2.4/5 GHz and 6 GHz
bands. This may not be possible in some cases, so for now the
function will continue to do the conversion based on the order
on which the freq. ranges are defined. Specifically, it will favor
2.4/5 GHz over 6 GHz.
Use wslog to output debug information. Being able to control
it at runtime is a big advantage.
We extend the syntax tree nodes with a method to return a
canonical string representation.
Add a routine to walk the tree and return an textual representation
for debugging purposes.
Profile files which is only used in Qt is not automatically registered
during startup and must be explicit registered.
Add profile_register_persconffile() to handle this registration.
This is more readable and the extra error checking is functionally
the same as the original upstream code too, that trigerred some
compiler warnings.
Add missing 'static' qualifier.
Add a test for 'ws_opterr'.
Fix
wsutil/ws_getopt.c:93:21: error: possible misuse of comma operator here [-Werror,-Wcomma]
return ws_optind++, -1;
^
wsutil/ws_getopt.c:93:10: note: cast expression to void to silence warning
return ws_optind++, -1;
^~~~~~~~~~~
(void)( )
wsutil/ws_getopt.c:188:11: error: possible misuse of comma operator here [-Werror,-Wcomma]
name++, opt++;
^
wsutil/ws_getopt.c:188:5: note: cast expression to void to silence warning
name++, opt++;
^~~~~~
(void)( )
wsutil/ws_getopt.c:199:15: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
int l = arg-start;
~ ~~~^~~~~~
Add a .editorconfig entry for ws_getopt.[ch].
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
On the first packet of the conversation, the MPA layer is
dissected correctly followed by the DDP, RDMAP, RPC-over-RDMA,
RPC and NFS layers. The MPA layer sets the TCP conversation as
MPA protocol but when it dissects the RPC layer it also sets
the TCP conversation as RPC protocol thus overwriting the previous
protocol.
Added new port type PT_IWARP_MPA so that when the RPC layer
is dissected it does not overwrite the default protocol for
the TCP conversation which has already been set to MPA.
Fixes#15869.
This should fix the cppcheck warning "The unsigned expression
'sizeof(struct _PKT_INFO)' will never be negative so it is either
pointless or an error to check if it is."
wmem_safe_mult() was only used to do an overflow-safe multiplication of
a type size and a count of elements of that type; replace it with
wmem_safe_mult_type_size(), which takes the type as the first argument,
and checks only whether the count of elements is <= 0.
Fix the description in wsutil/exported_pdu_tlvs.h to reflect reality
(i.e., to match what the code in Wireshark that reads the exported PDU
TLVs, and all code that writes them, does).
In the code that dissects them, treat all strings as FT_STRINGZPAD, as
any null bytes at the end of the string are padding, not part of the
string.
See merge request !3895 and issue #17535.
Have wsutil/exported_pdu_tlvs.h define the LINKTYPE_WIRESHARK_UPPER_PDU
TLV type and length values, as well as the port type values written to
files in EXP_PDU_TAG_PORT_TYPE TLVs.
Update the comment that describes the LINKTYPE_WIRESHARK_UPPER_PDU TLVs
to more completely and correctly reflect reality (it was moved from
epan/exported_pdu.h to wsutil/exported_pdu_tlvs.h).
Rename those port type values from OLD_PT_ to EXP_PDU_PT_; there is
nothing "old" about them - yes, they originally had the same numerical
values as the PT_ enum values in libwireshark, but that's no longer the
case, and the two are now defined independently. Rename routines that
map between libwireshark PT_ values and EXP_PDU_PT_ values to remove
"old" from the name while we're at it.
Don't include epan/exported_pdu.h if we only need the
LINKTYPE_WIRESHARK_UPPER_PDU definitions - just include
wsutil/exported_pdu_tlvs.h.
In extcap/udpdump.c, include wsutil/exported_pdu_tlvs.h rather than
defining the TLV types ourselves.
This utility function is useful outside of epan. Move it to wsutil
and export the interface.
The move isn't completely clean as it requires duplicating two small
inline functions but that was necessary to avoiding moving too much at
once.
We have two format_size()s, with and without wmem scoped memory.
Move the wmem version to wsutil and add a convenience macro to
use g_malloc()ed memory.
This allows wmem to be used from other libraries, namely wsutil.
It is often the case that a funtion exists in wsutil and cannot
be used with a wmem scope, requiring some code duplication or
extra memory allocations, or vice-versa, code in epan cannot be
moved to wsutil because it has a wmem dependency.
To this end wmem is moved to wsutil. Scope management remains part
of epan because those scope semantics are specific to dissection.
fcntl.h appears to be available on all of our supported platforms,
including Windows. We've also been including it without HAVE_FCNTL_H
guards in a few places (e.g. sshdump.c) without any issues for some
time.
floorl is part of C99.
Mark wsutil's includes SYSTEM PRIVATE. This exposed a lot of targets
that were indirectly picking up include paths via the wsutil target, so
add direct includes where needed. The G.722 and G.726 codecs were
implicilty including tiffio.h; find it explicitly instead.
Mark some of wsutil's libraries PRIVATE, but leave commonly-used ones
PUBLIC.
Ping #17477.
Revert change to format_size() added in
f509a83381. This commit broke formatting
with spaces and introduced some dead code.
Also replace unnecessary call to format_size_wmem() and remove
unnecessary casts (since our warning settings were fixed in the
mean time).
Functions clock_gettime() and timespec_get() cover all the platforms
we support with sub-second resolution in a a portable manner. Fallback
to using time().
Pass a struct timespec to the log writer callback for maximum
flexibility.
At least according to the Single UNIX Standard, it merely has to be big
enough to hold a value in the range [-1, 1000000], and there must be
*an* environment in which it's no *larger* than a long.
Just cast it to long, and continue to print the result of dividing it by
1000 with %03ld.
Calling GLib functions inside the log writer is not safe,
it might infinitely recurse or abort if g_date_time_* logs
warnings because we registered our log handler for GLib itself.
This includes as little as possible in the assertion header, so
that it can be included globally in every file without pulling
any unwanted definitions. In particular pulling stdlib.h is
avoided because that can have side effects if it wants to
include non-portable extensions.
It is possible to have side-effects from include glib.h too, for
example because of G_LOG_DOMAIN.
These side-effects are usually avoidable with careful ordering
of pre-processor directives but with multiple levels of indirections
it can be hard to track. Better to make it robust to these kinds
of failures in the first place.
Also integrate with our logger for a cohesive experience (but
keep it a private dependency).
Minimizing the dependencies on other wsutil and GLib functions
reduces the chance that we will have a weird recursion pattern
in wslog and makes the code easier to analyze.
This avoids having to manage two different implementations.
For example with this change GLib functions will terminate
if Wireshark's fatal log level is set to a matching level
and the --log-file option will also output messages from
GLib itself.
This changes color use to be the very similar with GLib to
maintain familiarity. The only difference is that Message
and Info use a different color than Debug.
Also use the more familiar format of <domain> <level> instead
of <level> <domain>.
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
Currently we are not filtering the unset (NULL) domain, on
the assumption that every log call should belong to a defined
domain.
However there are still many places in the codebase where this isn't
true and the fact that the null/default domain name is omitted from
the output and never filtered is probably surprising and user-unfriendly.
Users might understandably assume the filtering is buggy.
Give an indication, such as (none)-MESSAGE, to make this more
obvious.
The --log-debug and --log-noisy now accepts a '!' to invert the
match and disable the debug (noisy respectively) log level for
the listed domains.
Note this is different from --log-domains, that option
enables/disables the entire log domain itself, regardless of log
level.
ws_log_domains.h needs to be included before wslog.h to be used
to define WS_LOG_DOMAIN. Also the definition for enum ws_log_level
needs to be exported for other APIs so move that to ws_log_domains.h
and rename the file to ws_log_defs.h to reflect the new scope.
This is intended to replace logging in dissectors that has a
debug level with #ifdef DEBUG_foo and an extra level guarded
by a #ifdef DEBUG_EXTRA_foo.
But generally it can be used as another level of granularity
for debugging output, to avoid flooding the log with too
much information with typical usage.
Rename the filter functions without the unnecessary 'str'
suffix.
Option --log-debug or WIRESHARK_LOG_DEBUG is a list
of domains that are set to a "debug" log level. This
takes precedence over the normal log level and domain
filter options.
Enviroment variable WIRESHARK_LOG_FATAL and command line
option --log-fatal set the fatal log level. Messages with
fatal or highr priority cause the program to abort. By
default the fatal level is "error", but it can be set to
"critical" or "warning" with this option.
Domain filter expressions starting with '!' invert the match.
Only domains that do not match become active. Note that '!'
must be the first character in the filter and applies to the
whole expression.
Add macros to round to multiples of 2, 4, 8, 16, and 32.
Use them instead of independently defined macros.
(We don't define a general "round to a power of 2" macro to avoid the
risk of somebody passing something other than a power of 2 to it.)
A domain filter can be given in the environment variable
'WS_LOG_DOMAINS' or in a command-line options "--log-domains".
The filter is specified as a comma separated case insensitive list,
for example:
./tshark --log-domains=main,capture
Domain data type switches from an enum to a string. There is no
constaint on adding new domains, neither in code or at runtime.
The string format is arbitrary, only positive matches will produce
output.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Add a generic function to write content to file. Use this on write
TLS session keys from UI and tshark, and for export objects.
Remove the now unused export_object_ui.[ch].
The GLib documentation says G_STRLOC includes the function name
but that is a lie[1]. Change ws_debug() to not use G_STRLOC and receive
__FILE__, __LINE__ and G_STRFUNC separately instead.
[1]https://bugzilla.gnome.org/show_bug.cgi?id=69097
Default to taking the VLAN ID into account when reassembling only
for private IPv4 addresses as defined by RFC 1918 and for link-local
addresses. Otherwise, do not take the VLAN ID into account unless
the "Enable stricter conversation tracking heuristics" preference
is enabled. Fixes#14356.
Replace most instances of ws_debug_printf() except in
epan/dissectors and dissector plugins.
Some replacements use printf(), some use ws_debug(), and
some were removed because they were dead or judged to be
temporary.
Use a void expression instead of removing the expression
entirely. Under certain conditions, for example as the only
statement in an if() conditional, removing the assertion
will generate compiler warnings.
Currently our build generates very many warnings if
G_DISABLE_ASSERT is defined.
Add ws_assert() and ws_assert_not_reached() to incrementally
replace existing assertions and then disable them using
WS_DISABLE_ASSERT.
Assertions are disabled with CMake build type Release.
By default the build type is RelWithDebInfo so the current
behaviour of enabling assertions by default is (for now) preserved.
Add some notes to README.Developer.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
Calling cmake with -DENABLE_VLD=ON when building with Visual Studio,
results in debug configuration being linked to Visual Leak Detector.
By default, Visual Leak Detector outputs the leak summary to Visual
Studio debug window. When ENABLE_VLD is active, VLD is linked to all
wireshark libraries and executables.
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
Have routines to report capture-file errors, using libwireshark error
codes and strings, that call through a pointer, so they can pop up
dialogs in GUI apps, print a message to the standard error on
command-line apps, and possibly do something different on server
programs.
Have init_report_message() take a pointer to structure containing those
function pointers, rather than the function pointers themselves, as
arguments.
Make other API changes to make that work.
FOr 11b and 11g, also set the metadata to provide the "short preamble"
indication.
Add some macros to wsutil/802_11-utils.h to help there, as I threatened
to do in the previous commit. :-)
I believe this was the original intention, to use these API restricitons
with dissectors only (not that I necessarily agree with that policy either),
and through copy-paste and lack of clear guidelines it spread to other
parts of the build.
Rename the checkAPI groups to make it very clear that this is dissector-only.
This doesn't mean, of course, that good programming practices shouldn't be
followed everywhere. In particular assertions need to be used properly.
Don't use them to catch runtime errors or validate input data.
This commit will be followed by another removing the various ugly hacks
people have been using to get around the checkAPI hammer.
Since fe94133f0d ws_snprintf()
and ws_vsnprintf() don't actually do anything anymore.
The return value of ws_[v]snprintf was discarded before,
now it too conforms to C99.
Instead *_register_plugin() is turned into a noop (with a warning).
The test suit is failing with ENABLE_PLUGINS=Off (it was already failing
before and this patch didn't affect that).
Closes#17202.
This adds a function to parse a string date-time in ISO 8601 format into
a `nstime_t` structure. It's based on code from epan/tvbuff.c and
wiretap/nettrace_3gpp_32_423.c and meant to eventually replace both.
(Currently only replaces the latter.)
Since most of Wireshark expects ISO 8601 date-times to fit a fairly
strict pattern, iso8601_to_nstime() currently rejects date-times without
separators between the components, even though ISO 8601 actually permits
this. This could be revisited later.
Also uses iso8601_to_nstime in editcap to parse the -A/-B options,
thus allowing the user to specify a time zone if desired. (See #17110)
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
Replace bugs.wireshark.org links with their equivalent
gitlab.com/wireshark/wireshark/issues links in the AsciiDoctor buglink
macro and the please_report_bug function. Update the bug URLs in
comments in the tools and test directories.
Remove the --check-addtext and --build flags. They were used for
checkAddTextCalls, which was removed in e2735ecfdd.
Add the sources in ui/qt except for qcustomplot.{cpp,h}. Fix issues in
main.cpp, rtp_audio_stream.cpp, and wireshark_zip_helper.cpp.
Rename "index"es in packet-usb-hid.c.
It's used in a number of source files; don't force each of them to test
GCRYPT_VERSION_NUMBER independently.
Make sure every file that uses HAVE_LIBGCRYPT_AEAD includes
wsutil/wsgcrypt.h.
Also do some other definitions that are based on the libgcrypt version
there as well.
This requires that the Qt UI code be given the include directory for
libgcrypt, as the follow stream code includes
epan/dissectors/packet-quic.h, which includes wsutil/wsgcrypt.h to get
HAVE_LIBGCRYPT_AEAD defined, and wsutil/wsgcrypt.h includes <gcrypt.h>.
Change-Id: I9cb50f411f5b2b6b9e28a38bfd901f4a66d9cc8f
Reviewed-on: https://code.wireshark.org/review/38116
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
/opt/SourceCode/wireshark/epan/dissectors/packet-osc.c 367 err V562 It's odd to compare 0 or 1 with a value of 0.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 960 note V576 Incorrect format. Consider checking the eighth actual argument of the 'proto_tree_add_subtree_format' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 980 note V576 Incorrect format. Consider checking the third actual argument of the 'proto_item_append_text' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2473 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_prepend_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2482 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_append_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2633 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_append_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2650 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_prepend_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-stun.c 565 warn V1051 Consider checking for misprints. It's possible that the 'reported_length' should be checked here.
/opt/SourceCode/wireshark/epan/dissectors/packet-umts_fp.c 4126 warn V1051 Consider checking for misprints. It's possible that the 'reported_length' should be checked here.
/opt/SourceCode/wireshark/epan/dissectors/packet-umts_fp.c 4942 warn V1051 Consider checking for misprints. It's possible that the 'reported_length' should be checked here.
/opt/SourceCode/wireshark/ui/voip_calls.c 1444 err V773 The 'comment' pointer was assigned values twice without releasing the memory. A memory leak is possible.
/opt/SourceCode/wireshark/wsutil/filesystem.c 1531 err V773 The function was exited without releasing the 'files' pointer. A memory leak is possible.
/opt/SourceCode/wireshark/wsutil/filesystem.c 1717 err V773 The function was exited without releasing the 'files' pointer. A memory leak is possible.
Bug: 16335
Change-Id: I8df3ba6d070823dcb43c4152d9156358f701e8dc
Reviewed-on: https://code.wireshark.org/review/37069
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
wsutil/nstime.c:116: warning: Function 'nstime_sum' argument order different: declaration 'sum, b, a' definition 'sum, a, b'
Most likely copy/paste error from nstime_delta() above where that order makes sense.
Change-Id: Icea52b21781ebc09b2b80acdb34d61a28eb1e498
Reviewed-on: https://code.wireshark.org/review/36562
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Those fetch gint and guint values, respectively, rather than values with
specified sizes in bits.
This should squelch Coverity CID 1457357.
Change-Id: Ia8f100bd3fe90c266e24a4346f80b2667c653b93
Reviewed-on: https://code.wireshark.org/review/36177
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The processor brand string returned by CPUID is left-padded in some
cases. For example, adding
g_warning("==>%s<==\n", CPUBrandString);
to get_cpu_info() on a test machine here returns
** (tshark.exe:3808): WARNING **: ==> Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz<==
Make sure it's stripped before we add it to our version information.
Change-Id: Idf9f9574477043a5e7fe4ff1ecb7890d6da90e0a
Reviewed-on: https://code.wireshark.org/review/36108
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are some deltas between the UN*X epoch and other epochs that are
used in a number of places; put them into a header.
Change-Id: Ia2d9d69b9d91352d730d97d9e4897518635b4861
Reviewed-on: https://code.wireshark.org/review/35895
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Revert the removal of replacing disallowed filename characters in
create_tempfile() to allow this characters in extcap interface names.
This is a regression from g2925fb08.
Change-Id: I833d1d19080c9c688dcaf076a840f55ef31e457d
Reviewed-on: https://code.wireshark.org/review/35669
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't contain the text "please do not report it", so nobody will
think it's a warning not to report the problem, it just says "don't call
it a crash".
Change-Id: I9ce71e6a1cc37446a08e44da64c8411166844f75
Reviewed-on: https://code.wireshark.org/review/35649
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Say "as a bug" upfront, and clarify that "please do not report it as
such" doesn't mean "please do not report this at all" (even though we
say "please report this" earlier), it means "please do not report this
as being a crash".
Change-Id: I2656c4c13e90fcf41d00a4b6ab3c2f2998f55fd6
Reviewed-on: https://code.wireshark.org/review/35647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Added API description clarifies when bytes/samples are used. New variable names
proposed and all existing codecs are adapted to it. Change is just renaming...
Change-Id: I75dba64a49eb3f4369ec7160cb793dda4b44c810
Reviewed-on: https://code.wireshark.org/review/35576
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Much better to use a known library than create it ourselves.
Also remove get_tempfile_path as it's not used.
Bug: 15992
Change-Id: I17b9bd879e8bdb540f79db83c6c138f8ee724764
Reviewed-on: https://code.wireshark.org/review/34420
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
It's a "wmem version" of format_size (from wsutil/str_util.h).
Also improved the flexibility in formatting of format_size() to handle future
needs of format_size_wmem
Ping-Bug: 15360
Change-Id: Id9977bbd7ec29375bbac955f685d46e75b0cef2c
Reviewed-on: https://code.wireshark.org/review/31233
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
strchr() is declared in <string.h>, and we now use strchr(), so we must
include <string.h>.
Change-Id: Ie80763c10c4ad1ef85d4a83d8eacc3ea236bea56
Reviewed-on: https://code.wireshark.org/review/35052
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The buffer needs to be big enough to include the trailing '\0', so we
need to compare the buffer's length against strlen(name) + 1, not
against strlen(name).
Bug: 15751
Change-Id: I75ae65f8c818284834d761d9dd911d029cfca3b1
Reviewed-on: https://code.wireshark.org/review/34892
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit f1285fcf06.
NSIS package is broken with this commit.
Change-Id: Ief22a308edad188fa2d5fab79355f19493359fa6
Reviewed-on: https://code.wireshark.org/review/34758
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
HTML docs are installed to both $docdir and $pkgdatadir. Fix that
to install to $docdir only.
Change-Id: I115158585b6df9170d9a01249adbc8548df91f14
Reviewed-on: https://code.wireshark.org/review/34640
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
There's no extra benefit in having FILE pointer (over file descriptor)
passed to file_needs_reopen().
Change-Id: Id49eb2f02b776c2f1ccd9d67fedd7eac38432f52
Reviewed-on: https://code.wireshark.org/review/34600
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On Windows, fstat() and stat() sets st_dev to different value depending
on whether it was called with file handle or file path. If file handle
was used, the st_dev is simply the file handle casted to unsigned.
If file path was used, then st_dev corresponds to drive letter
(A=0, B=1, C=2, ...).
Compare the files using the file index information retrieved by
GetFileInformationByHandle(). When compiled in configuration that
supports FILE_ID_INFO, the code first tries to obtain 128-bit FILE_ID_INFO
and if that fails, fallback to GetFileInformationByHandle().
Bug: 16059
Change-Id: I5f8d8d8127337891ef9907c291e550b1d17aabbb
Reviewed-on: https://code.wireshark.org/review/34573
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide _U_ macro definition for Visual Studio.
Change the way _U_ macro is ifdefed for some targets to allow Visual
Studio to recognize it.
Ping-Bug: 15832
Change-Id: Ic7ce145cbe9e8aa751d64c9c09ce8ba6c1bbbd30
Reviewed-on: https://code.wireshark.org/review/34530
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Pass working directory parameter to win32_create_process() in
ws_pipe_spawn_sync().
Change-Id: I0abbc4fbf733138b20c2a34845b147530417c91e
Reviewed-on: https://code.wireshark.org/review/34533
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
That also keeps us from looking at the non-existent first octet of an
empty buffer.
Bug: 16031
Change-Id: I3fcf4201d21dc44ccd8815cb0637c1eae4995560
Reviewed-on: https://code.wireshark.org/review/34439
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
jsmn_parse() is handed a buffer and a count of octets in the buffer; it
treats either running out of octets, as specified by the count, *OR*
seeing a NUL as meaning "end of JSON string".
That means that a buffer, of arbitrary size, the first octet of which is
zero is a null string and considered valid JSON.
That is clearly bogus; it messes up both tests for JSON files *and*,
potentially, heuristic checks for JSON in packet payloads.
Bug: 16031
Change-Id: I5ee78b613df3358f19787f2ce28ddc883368f03d
Reviewed-on: https://code.wireshark.org/review/34438
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Using g_hash_table_insert() in cases where the key is contained within
value is error prone. Use g_hash_table_replace() to eliminate the risk
of ending up with incoherent hash table state.
Change-Id: I595457476a2682e927d2c56b2692404aef4dc43a
Reviewed-on: https://code.wireshark.org/review/34385
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Before the unzipped files are being copied from the temp directory,
they are checked against the stored list of profile names, to ensure,
that only allowed files are being imported.
Also ensures, that no empty directory exists for the skipped one
Bug: 15969
Change-Id: I6ae8c9fb5f63d089d42fc0ef18dbe84baec515a2
Reviewed-on: https://code.wireshark.org/review/34184
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change the Profile types from User/System to Personal/Global in UI
to match the terminology used in About Wireshark -> Folders.
This reverts commit 40af4aa93e.
This reverts commit f0cde7ca34.
This reverts commit c37cabe900.
Change-Id: I9012db6385707754e26a2dadb57f6003f8112f9b
Reviewed-on: https://code.wireshark.org/review/34134
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
get_profile_dir() already calls the corresponding variable is_system;
use that in profile_exists() as well.
Change-Id: Icce42b2074d64c46598cc7561b3c5468da8ede90
Reviewed-on: https://code.wireshark.org/review/34131
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's called system profiles in UI so update function names and
variables to use the same name. This will increase code readability.
Change-Id: I048e9ea85bd6ebab4a2c3ed1c685487ac8f7e40e
Reviewed-on: https://code.wireshark.org/review/34116
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Fall back on the Wayback Machine for some links.
Change-Id: I6a44a2caaeb4fa521c2f08196e7c36069e3bb842
Reviewed-on: https://code.wireshark.org/review/34103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Microsoft reshuffled their documentation - almost all of it moved from
msdn.microsoft.com to docs.microsoft.com. Some blogs moved to
devblogs.microsoft.com; the comments *didn't* move, so in one case we go
to the Wayback Machine - the link isn't dead, but it formats horribly,
at least on my browser, but the archived version formats OK.
Use the Wayback Machine for some URLs, and update others.
Update the sections for MS-ADTS.
Point to the HTML versions of some RFCs and I-Ds.
Change-Id: I344b20f880de63f1ae2a4e3f9ff98af78a7fe139
Reviewed-on: https://code.wireshark.org/review/34101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's broken, unmaintained, poorly implemented and obsoleted by saner
debug-info methods.
Note: To do the compliance check properly would require much more
extensive work to clearly define public and private interfaces (without
manual bookeeping of files or symbols either, of course, because who
would want that...).
Change-Id: Ib801f3c152ca2369f95ca1f4af4d37cd8cc7c47a
Reviewed-on: https://code.wireshark.org/review/33928
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Use a shorter URL and use HTTPS.
Change-Id: I9cfcd52775c95457e81694272dbe795d4eae4e58
Reviewed-on: https://code.wireshark.org/review/34026
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The libwsutil symbols file contains two public symbols which depend on
Libgcrypt 1.7.0. As the version included with Ubuntu 16.04 is too old,
building a Debian package fails due to missing two curve25519 symbols.
Add stub implementations as workaround.
Change-Id: Ie39e784e9e631750b5269d038772496565b2dce8
Reviewed-on: https://code.wireshark.org/review/33780
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use realpath() to resolve our program file directory on macOS. This lets
us create symlinks to the program files in our application bundle
without affecting our plugin and other paths.
Change-Id: If77cbd7da56e01f2cd602334d361c8aa52afeae0
Reviewed-on: https://code.wireshark.org/review/33151
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: Ic5a3653cb8bcc33e0be108c8b201567e7090f9f5
Reviewed-on: https://code.wireshark.org/review/33043
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I5326b87784817fb353329e2d686fe0515c32f6cb
Reviewed-on: https://code.wireshark.org/review/33038
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In ws_pipe_wait_for_pipe() on Windows, the WaitForMultipleObjects() waits
on the pending pipe connection events and process handle. If the process
handle is signalled, then it means that the process did exit without
connecting to the pipes.
The WaitForMultipleObjects() was not waiting on the process handle and thus
if the process did fail without connecting to pipes the Wireshark gui was
frozen for 30 seconds.
This change fixes the freeze by increasing the number of handles, so
WaitForMultipleObjects() is aware of the process handle.
Change-Id: Id13824a60baf4be7795cbe1d5ed1c7932edbff45
Reviewed-on: https://code.wireshark.org/review/33028
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I9b0c6b118b5f866abc969a437bbd9b9a28271bf0
Reviewed-on: https://code.wireshark.org/review/32841
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Creating Job Object named "Local\Wireshark child process cleanup"
results in the job being shared between all Wireshark instances run
within a single session.
When two or more Wireshark instances were running, debug message appeared:
"Could not assign child cleanup process: Access is denied. (5)"
As the child process was not assigned to a job, it was possible that the
child process was still active even after Wireshark did terminate.
This fixes the issue by creating unnamed job object which is not shared.
Change-Id: I59adc2aacff0151802163f155d68cbc8022c1479
Reviewed-on: https://code.wireshark.org/review/32985
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
On Windows, ws_pipe_spawn_sync always leaks 'winargs', and leaks 'argv'
on some error paths. Fix these and refactor the common argument parsing
functionality to reduce duplication of functionality.
Change-Id: I8fa5ca45aec20b53f6fa243b0dd07241a345f7ab
Reviewed-on: https://code.wireshark.org/review/32932
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The function returns a GPid, not a gboolean. Callers (mmdbresolv and
extcap) only assume WS_INVALID_PID to be invalid (as documented).
Change-Id: I40b491272a451f569864fa3259009d6d3fcce772
Fixes: v2.5.1rc0-413-g1a0987904f ("Generalize our process spawning code.")
Reviewed-on: https://code.wireshark.org/review/32933
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The ws_pipe_wait_for_pipe() implementation had multiple issues:
* Use auto-reset events with ConnectNamedPipe (should be manual-reset)
* Leaking event handles
* Not checking return value from CreateEvent()
* Waiting on closed handles
This change fixes all the above mentioned issues.
Bug: 15696
Change-Id: Ia0c389a902655f85eccb0c59288b4a7d49da48c9
Reviewed-on: https://code.wireshark.org/review/32896
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The WIRESHARK_EXTCAP_DIR environment variable is currently only used on
Windows, and on UN*X when not running from the build directory. In order
to avoid copying the sampleif.py test utility to the program directory,
let's prioritize the environment variable over the build directory.
Update the outdated comments while at it, the version directory has been
removed long time ago. (The comments are based on the one for plugins.)
This also fixes the test suite on macOS where the extcap subdirectory is
located in the appbundle directory and not the build directory.
Change-Id: I329bb233b1dd0b9c1422c2ebd60a6455347e1d62
Reviewed-on: https://code.wireshark.org/review/32890
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Callers should not include empty strings in arguments list. Log warning
message instead of silently dropping remaining arguments.
Change-Id: Ia68c7b90cec860e032f81a4008aa005b07ebcfd5
Ping-Bug: 15586
Reviewed-on: https://code.wireshark.org/review/32849
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This significantly reduces the initialization time when system is using
small pipe buffers. No time is lost on periodic process status checks as
WaitForMultipleObjects() returns when the stdout/stderr data was read
and/or when process finishes.
Bug: 14657
Change-Id: I61fabf986577db7102a3136df83d2d92c7156727
Reviewed-on: https://code.wireshark.org/review/32773
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the PATHEXT environment variable contains .py and extcap is enabled,
then Wireshark did leak 2 pipes for every .py file present in the extcap
directory (regardless if there was .bat wrapper for it or not).
Bug: 15689
Change-Id: Iae402c0075ee8155a7205a59711bbae734da7e9e
Reviewed-on: https://code.wireshark.org/review/32812
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Routines, so that if we internationalize strings not in the Qt code,
this can return the appropriately translated version.)
Change-Id: I1c169d79acde2f0545af7af2a737883d58f52509
Reviewed-on: https://code.wireshark.org/review/32549
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This helps the developer in the debug phases.
Change-Id: I85558334b5d618219a48a6c00129cd36a6ab0b10
Reviewed-on: https://code.wireshark.org/review/32531
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.
SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.
Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.
Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Set a bigger IO buffer to avoid syscall overhead.
See https://github.com/the-tcpdump-group/libpcap/issues/792
Change-Id: If370da5ab2b70a9d0c925dd7c4c5c135c675c3f6
Reviewed-on: https://code.wireshark.org/review/31326
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In CMake we only used PROJECT_RELEASE_VERSION to construct our plugin
path, so rename it to PLUGIN_PATH_ID. Use a dash to separate version
numbers on macOS in order to allow code signing and a period elsewhere.
In the C code we only used VERSION_RELEASE to construct our plugin path,
so rename it to PLUGIN_PATH_ID.
Change-Id: I02abc591d7857269e8d47b414b61df4b28a25f2d
Reviewed-on: https://code.wireshark.org/review/32013
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If the JSON output is written in a script tag for a HTML page, be sure
to not to break it.
Change-Id: I1b9ba6a39faf266e8a7bf9befa2899978beb130c
Reviewed-on: https://code.wireshark.org/review/31953
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add locale-independent version that replaces json_dumper_value_anyf for
floating-point numbers. NaN and -/+Infinity are mapped to null.
Change-Id: I8e7856de480b7bcafe77ddd015239e1257768ced
Reviewed-on: https://code.wireshark.org/review/31948
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <jbwzawadzki@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
User guides are installed to doc/Wireshark. Use doc/wireshark instead.
Remove leftover variable CPACK_PACKAGE_NAME.
Change-Id: I9a1d6bdc7d8f0b48c61e43679285d5ba83904a63
Reviewed-on: https://code.wireshark.org/review/31851
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
That's what g_strerror() does, and it means that the caller doesn't need
to free the string (it's kept around, and if another call to
win32strerror() generates the same string, the interned string is
returned).
Change-Id: I564bb700fabe2629131fb1c6468494dd5f5fc9e3
Reviewed-on: https://code.wireshark.org/review/31854
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use FormatMessageW() to get a UTF-16-encoded Unicode error string,
rather than an error string in the local code page, and then convert it
from UTF-16 to UTF-8.
Make it dynamically-allocated, so it's big enough and so that we are
thread-safe. Make the callers free the result.
Change-Id: I217aec5a644fa0176a829f181eb05561cb9d10f4
Reviewed-on: https://code.wireshark.org/review/31846
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of using "$ORIGIN/../lib" just use "$ORIGIN".
Also be explicit in configuring the relative RPATH. We don't want
to assume a default relative path, in case more targets are addded,
out of caution.
Change-Id: I3b7f5e8de7be8bb30aca3b433212113d876c4163
Reviewed-on: https://code.wireshark.org/review/31647
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The new value has been chosen to make room for sharkd packet output
as: proto.c:MAX_TREE_LEVELS * 2 + 10% of additional sharkd overhead.
A new regression test for sharkd has been added that requires more
than 15 levels.
Change-Id: Ie54955c79c50c60b95c99b1a3c472888fc4842ac
Reviewed-on: https://code.wireshark.org/review/31624
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This is more explicit and easier to read with slightly better locality
while using less code.
Also less awkward when the package doesn't fit the narrow package list
expectations.
The ws_find_package() macro doesn't include all the status messages. The
choice was to rely on standard find_package() and feature_summary() output
and be less verbose.
Avoid polluting the CLI build interface. Per target include paths and
macro definitions are preferred.
Because this patch intentionally removes the global CMAKE_*_FLAGS
and include_directories() usage in favor of target properties, some
untested build configurations may inadvertently break because of
missing ${PACKAGE}_INCLUDE_DIRS or ${PACKAGE}_DEFINITIONS. This
required a manual review of dependencies that might have been
incomplete.
${PACKAGE_VAR}_LINK_FLAGS seems to be unused.
Changing the CMake Qt code to use more modern CMake component syntax
is left as future work.
Change-Id: I3ed75252189a6e05a23ed6e619088f519cd7ed78
Reviewed-on: https://code.wireshark.org/review/31496
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
parameter 'argv' not found in the function declaration [-Wdocumentation]
Change-Id: I68262a23e3a6f4b50d8b5e666b92f055feeaf74f
Reviewed-on: https://code.wireshark.org/review/31424
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
parameter 'string' not found in the function declaration [-Wdocumentation]
Change-Id: I8c6fe47e708411e329954a682ea4da10aad348f6
Reviewed-on: https://code.wireshark.org/review/31423
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Found by clang-tidy.
Change-Id: I2f89c6860d591c5c1563b9ca01306bb3d9e5e42c
Reviewed-on: https://code.wireshark.org/review/31359
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by clang-tidy.
Change-Id: I0d324faf494f6b68275d6ff600304f716529778b
Reviewed-on: https://code.wireshark.org/review/31358
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by clang-tidy.
Change-Id: I5afce9464536cbbaf8f7f84b165d2ef56e166c2e
Reviewed-on: https://code.wireshark.org/review/31357
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Generated code and 256-element lookup table with pycrc
* Combined 2 crc6 functions which both have same poly 0x6f and lookup table
* Using the example file from the bug report,
$ tshark -r ~/Downloads/M1_header_crc.pcapng -V | grep "Calculated CRC"
1101 00.. = Header CRC: 0x34 [Calculated CRC 0x34]
Header and Calculated CRC are now both 0x34 (correct value)
* pycrc settings for generation:
$ python pycrc.py --reflect-in False \
--reflect-out False \
--xor-in 0 \
--xor-out 0 \
--algorithm table-driven
--width 6 \
--poly 0x2f
* To manually check 3GPP protocol header CRCs, use above command with flag
--check-hexstring=<HEADER HEX>
Bug: 14875
Change-Id: I283f52fcae10b2f92f107df6988629d49d692428
Reviewed-on: https://code.wireshark.org/review/31356
Reviewed-by: Ross Jacobs <rossbjacobs@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Newer versions of libpcap define it (due to the somewhat infelicitous
API for "active mode" remote capture, which returns a socket); don't
define it ourselves if it's already defined.
Change-Id: I620576620fd2708ebd503da696e17b472bc20472
Reviewed-on: https://code.wireshark.org/review/31344
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A call to this function means a programming error. g_error makes it
fatal and terminates the program, making the debug easier.
Change-Id: I5c9e82507482733b4d450ed6c3a9fc17fb0fcdca
Reviewed-on: https://code.wireshark.org/review/31310
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Gracefully handle repeated calls of ws_buffer_free on the same buffer to
avoid strange crashes in other new users that allocate a "small" buffer.
The first call to ws_buffer_free would store data pointer in the
'small_buffers' array for reuse and set the pointer to NULL. Result:
(gdb) p cfile.rec.options_buf
$2 = {
data = 0x0,
allocated = 2048, // Oops, not modified!
start = 0,
first_free = 0
}
All users of Buffer (including ws_buffer_free) however asssume that
'allocated' reflects the actual size of 'data'. If this is not the case
(if ws_buffer_free is called again), then a data pointer (NULL!) will be
stored and the next ws_buffer_init request for a "small buffer" will
result in unexpected behavior (including crashes).
Fix the issue by clearing the 'allocated' field as well. Add assertions
to catch such issues earlier rather than crashing at random users of
these buffers (such as frame_tvbuff).
Bug: 15263
Change-Id: I0b491c3fccac8c6fddd43779629343d721638ca9
Reviewed-on: https://code.wireshark.org/review/31278
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
NISO Z39.50 is a protocol used by libraries and library vendors for information retrieval and catalog manipulation. It is defined using ASN.1 using BER encoding. It has an assigned TCP port of 210. This is an initial implementation.
Features:
- The Z39.50 standard OIDs are defined.
- The bib-1 attribute set is decoded.
- The bib-1 diagnostics are decoded.
- Some OCTET STRINGs which are nearly always printable ASCII are special-cased.
- The MARC (MAchine Readable Cataloging) format is decoded. Only the MARC21 variant is
currently handled, but this is one of the most common variants. The most common tags
are decoded. The MARC dissector is included in the Z39.50 dissector, but the code is
structured in such away that it could be pulled out.
Todo:
- Add information to the Wiki about Z39.50.
As part of this work, the definition of isdigit_string() was fixed to avoid const complaints.
Change-Id: I29a7db53375ef8be83738a1ab98707761d878717
Reviewed-on: https://code.wireshark.org/review/31209
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs