That reduces the number of get_progfile_dir() calls, leaving only the
calls that are done either to 1) get the pathname in order to display it
or 2) get the pathname in order to reset the library path.
That makes it easier to figure out which get_progfile_dir() calls are
made to find the directory in which (non-extcap) binaries from Wireshark
are installed and which - if any - are made to figure out the directory
in which *the currently-running executable* are stored. (Currently,
get_progfile_dir() attemps to get the former, not the latter, so
extcaps in an extcap subdirectory, for example, will get the parent
directory of that subdirectory, *not* the directory in which they weere
installed.)
Windows processes inherit all inheritable handles when a new process is
created using CreateProcess() with bInheritHandles set to TRUE. This can
lead to undesired object lifetime extension. That is, the child process
will keep ineritable handles alive even if it does not use them. Up to
Windows Vista it was not possible explicitly list handles that should be
inherited. Wireshark no longer works on Windows releases earlier than
Vista, so use the new API without checking Windows version.
Require all callers to win32_create_process() to pass in the list of
handles to inherit. Set the listed handles as inheritable shortly before
calling CreateProcess() and set them as not inheritable shortly after
the process is created. This minimizes possibility for other callers
(especially in 3rd party libraries) to inherit handles by accident.
Do not terminate mmdbresolve process on exit. Instead rely on process
exit when EOF is received on standard input. Previously the EOF was
never received because mmdbresolve inherited both ends of standard input
pipe, i.e. the fact that Wireshark closed the write end was not observed
by mmdbresolve because mmdbresolve kept write handle the standard input
pipe open.
The semantics behind ws_pipe_close() were broken since its introduction.
Forcing process termination on Windows, while simply setting variable on
other systems results in more OS specific code sprinkled all over the
place instead of less. Moreover ws_pipe_close() never handled standard
file handles. It is really hard to come up with sensible ws_pipe_close()
replacement, as process exit is actually asynchronous action. It is
recommended to register child watch using g_child_watch_add() instead.
Do not call ws_pipe_close() when deleting capture interface. Things will
break if extcap is still running when interface opts are being freed and
terminating process won't help.
Rework maxmind shutdown to rely on GIOChannel state. For unknown reason
TerminateProcess() is still needed on Windows. The actual root cause
should be identified and fixed instead of giving up hope that it will
ever work correctly on Windows. In other words, TerminateProcess()
should not be used as a pattern, but rather as a last resort.
Remove ws_read_string_from_pipe() as this function encourages bad design
and is no longer necessary. Extcap stderr is read only after the child
process has finished and thus the read will never block.
Close process information thread handle right away as we don't use it.
Remove unused ws_pipe_t member variables.
Non-blocking reads were used to workaround Windows pipe handle leaks.
Now that the underlying issue is fixed (i.e. Wireshark no longer leaks
child process stdin/stdout/stderr handles), we can use blocking reads.
Using blocking reads is the main performance improvement. Reading more
than one byte at a time gives additional 15% performance improvement (on
top of enormous speedup due to blocking reads).
Avoid stdin and stdout file descriptor race conditions by closing the
descriptors only after the respective threads exit.
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
Change our developer.gnome.org/glib URLs to
developer-old.gnome.org/glib. The official documentation for GLib
appears to be at https://docs.gtk.org/glib/, but it has a different
layout than the gnome.org content (and is surprisingly resistant to
exploration IMHO). We can switch to developer-old.gnome.org using a
simple substitution and it still seems to be updated, so do that for
now.
This solves the following issue:
In cases where `mmdbresolve` fails to execute (e.g. when it's simply
missing from a tree) the spawn fails such that a zero initialized file
descriptor is closed (i.e. stdin). The close is silent, unless one
executes something like `tshark -r - ...` where a bad file descriptor
is reported then.
This header was installed incorrectly to epan/wmem_scopes.h.
Instead of creating additional installation rules for a single
header in a subfolder (kept for backward compatibility) just
rename the standard "epan/wmem/wmem.h" include to
"epan/wmem_scopes.h" and fix the documentation.
Now the header is installed *correctly* to epan/wmem_scopes.h.
The mmdb_val needs to be allocated with the same wmem allocator as the
one used for mmdb_ipv4_map and mmdb_ipv6_map hash maps.
Build with ENABLE_ASAN and run `ctest -R suite_fileformats -V`
24: Direct leak of 144 byte(s) in 2 object(s) allocated from:
24: #0 0x55e6deb6eebf in malloc (/home/vasko/sources/wireshark/build_clang/run/tshark+0x1f1ebf)
24: #1 0x7f708f717bb8 in g_malloc (/lib64/libglib-2.0.so.0+0x5bbb8)
24: #2 0x7f709c0a7b3c in maxmind_db_pop_response /home/vasko/sources/wireshark/epan/maxmind_db.c:622:49
24: #3 0x7f709c0a895f in maxmind_db_await_response /home/vasko/sources/wireshark/epan/maxmind_db.c:661:9
24: #4 0x7f709c0a895f in maxmind_db_lookup_ipv4 /home/vasko/sources/wireshark/epan/maxmind_db.c:696:17
24: #5 0x7f709d1a97c5 in add_geoip_info_entry /home/vasko/sources/wireshark/epan/dissectors/packet-ip.c:570:33
24: #6 0x7f709d1a2907 in add_geoip_info /home/vasko/sources/wireshark/epan/dissectors/packet-ip.c:662:3
24: #7 0x7f709d1a2907 in dissect_ip_v4 /home/vasko/sources/wireshark/epan/dissectors/packet-ip.c:2205:7
Fixes: v2.9.0rc0-2687-g1bab83de53 ("maxmind: Move response processing to a thread.")
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
When tshark enables synchronous resolution of IP addresses to names,
forces calls to maxmind_db_lookup_ipv4()/_ipv6() to block-wait for the
maxmind response.
Proposed fix for #14691.
Microsoft reshuffled their documentation - almost all of it moved from
msdn.microsoft.com to docs.microsoft.com. Some blogs moved to
devblogs.microsoft.com; the comments *didn't* move, so in one case we go
to the Wayback Machine - the link isn't dead, but it formats horribly,
at least on my browser, but the archived version formats OK.
Use the Wayback Machine for some URLs, and update others.
Update the sections for MS-ADTS.
Point to the HTML versions of some RFCs and I-Ds.
Change-Id: I344b20f880de63f1ae2a4e3f9ff98af78a7fe139
Reviewed-on: https://code.wireshark.org/review/34101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g_async_queue_timeout_pop can return immediately on macOS and possibly
other OSes when using older versions of GLib. Replace it with
g_async_queue_pop and a "stop" sentinel value.
Bug: 15545
Change-Id: Id0bfacd4a94ec9645d2d27ba92d3a2f48e7d5f37
Reviewed-on: https://code.wireshark.org/review/32289
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This feature was removed in v2.5.1rc0-427-gf529ab5d0a, anticipating that
MaxMind would remove support for it in 2019. They have however changed
their mind and maintained latitude and longitude information.
They recommend displaying an accuracy radius, but the reported values
are 50, 100, 200 and 1000km. When implemented literally, a marker in
Ireland would cover the whole island plus mainland, so I have instead
opted to use a fixed radius of 1km at deeper zoom levels.
The old ipmap.html file was outdated and had broken tiles, I rewrote a
new one from scratch using the light-weight Leaflet library combined
with tiles from OpenStreetMap. This is more mobile-friendly and secure
(https, SRI). To improve handling of nearby or overlapping nodes,
clustering is used (individual nodes can still be inspected).
Browser compatibility results: IE8 is unusable, IE9 partially works
(tooltips sometimes disappear and the cluster radius control is gone),
IE11 works. Of course Firefox 65 and Chromium 72 have no issues.
The map popup description in the generated GeoJSON structure is now
split in several properties, allowing presentation to be handled by the
HTML page instead of the C code.
Bug: 14693
Change-Id: If2ec9c518f7723ac0ab27b6272463356875a0ff2
Reviewed-on: https://code.wireshark.org/review/31952
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Both functions accept an address in network byte order, but
maxmind_db_lookup_ipv4 does not accept a pointer. Add an indirection and
remove unnecessary memcpy calls. This removes some confusion for me.
Change-Id: I291c54c8c55bc8048ca011b84918c8a5d3ed1398
Reviewed-on: https://code.wireshark.org/review/31951
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ensure that country, city, etc. are reset when processing new responses.
Otherwise if the new response lacks a City, then it would use the result
of the last query. Harden against bad addresses and print debug messages
if a bad address is detected.
Miscellaneous cleanups: improve debug messages (strip whitespace
earlier, etc.), use g_string_assign when possible.
Change-Id: I2acad5fcc02c5a8bf684e8fb01ee2d688d926990
Reviewed-on: https://code.wireshark.org/review/31950
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "current address" must remain valid until the end of response is
processed, otherwise a bogus entry will be inserted. Move "cur_addr"
outside the block to avoid undefined behavior.
Change-Id: Icc2c64280ffeabd632b51d36d6be2020eb83a6a9
Fixes: v2.9.1rc0-125-g2d9a6c2583 ("maxmind_db: force buffer contain an empty string (CID: 1441961).")
Reviewed-on: https://code.wireshark.org/review/31949
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Lock our pipe mutex before closing its file descriptors. This should
hopefully fix some infrequent crashes that I'm seeing on my Windows 7 VM.
Add a note about GRWLock behavior on Windows which doesn't appear to be
related to this issue, but which is nevertheless important.
Ping-Bug: 14701
Change-Id: I32e66a24258264fa65a907f319755594f90c0177
Reviewed-on: https://code.wireshark.org/review/31375
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 4154e35cde.
Apparently we do need to call PeekNamedPipe on Windows.
Change-Id: I9c9bbcb56bf1e1c2e6ae240ac5056b8a80674f15
Reviewed-on: https://code.wireshark.org/review/30900
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Don't bother checking to see if our pipe has data.
Change-Id: I55f24850a16f66be9c679ad51e35df9f35c206db
Reviewed-on: https://code.wireshark.org/review/30877
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Process mmdbresolve output one character at a time and only after
ws_pipe_data_available tells us that we can do so without blocking.
Bug: 14701
Change-Id: Ib8f5eabed28e9385585a022d948b83f830c6358c
Reviewed-on: https://code.wireshark.org/review/30850
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We were not calling TerminateProcess() to stop mmdbresolve.Exe process on
Windows.
Bug: 15248
Change-Id: Ic90cf438a8003a6fefb023b7056984681ce09b46
Reviewed-on: https://code.wireshark.org/review/30449
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to GLib documentation, take twice the lock in the same thread
leads to undefined behavior (and could lead to deadlocks).
Change-Id: I40e02ba9d619eb1db2a04f2be54c461c817b15ff
Reviewed-on: https://code.wireshark.org/review/30446
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's possible to block while we're writing to our mmdbresolve pipe,
particularly on Windows. Move the write to a separate thread.
Add an #ifdef to mmdbresolve.c which helps test blocking.
Bug: 14701
Change-Id: I6cb8a46a190a268da64f1e6f54d1052d03743c95
Reviewed-on: https://code.wireshark.org/review/27750
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The answer to
// XXX Should we call maxmind_db_lookup_process first?
in maxmind_db.c is "yes", since it's possible to fill up our pipe
between host name lookup intervals, at least on Windows. Note that we
might want to move request processing to a thread.
Bug: 14701
Change-Id: I8cfb77444d7f999e77571bc6bb61ea7f1f677778
Reviewed-on: https://code.wireshark.org/review/27644
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Set our initial geographic coordinates to DBL_MAX, otherwise we might
give people the wrong impression about the PIRATA weather buoy at 0°0'0"
N 0°0'0" E.
Change-Id: I34683883ef02c4fe40d5d93a7695d0cca277345c
Reviewed-on: https://code.wireshark.org/review/26463
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add and dissect country ISO codes. Prefer them when printing summary
information.
Change-Id: I3ce2bde88fa5ca2604c8bb745c42f239660252ff
Reviewed-on: https://code.wireshark.org/review/26415
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Previously there were three different pipe validity checks:
PID != WS_INVALID_PID, PID != 0 and stdin != 0. This resulted in
using/closing file descriptors which might be owned by something else.
When no GeoIP databases are defined, mmdb_resolve_stop would be called
to close the pipe and set PID to WS_INVALID_PID. stdin is however not
cleared and future invocations would try to close the previous fd.
Change-Id: I1d15da29208efb41098ee6a4edeeabf61f84c2b3
Fixes: v2.5.1rc0-466-ga1da75c554 ("Transition from GeoIP Legacy to MaxMindDB.")
Reviewed-on: https://code.wireshark.org/review/26391
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure the text we read is null terminated. Properly strip our lines
and chunked strings. Copy over cast and strtod fixes from change 26347.
Change-Id: I0695e35c446c1bd277c53b458b07e428cdd90fb8
Reviewed-on: https://code.wireshark.org/review/26370
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>