The name of the block, in the pcapng specification is the systemd
Journal Export Block; add "export" after "journal" in various
variable/enum/define names.
A domain filter can be given in the environment variable
'WS_LOG_DOMAINS' or in a command-line options "--log-domains".
The filter is specified as a comma separated case insensitive list,
for example:
./tshark --log-domains=main,capture
Domain data type switches from an enum to a string. There is no
constaint on adding new domains, neither in code or at runtime.
The string format is arbitrary, only positive matches will produce
output.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Calling cmake with -DENABLE_VLD=ON when building with Visual Studio,
results in debug configuration being linked to Visual Leak Detector.
By default, Visual Leak Detector outputs the leak summary to Visual
Studio debug window. When ENABLE_VLD is active, VLD is linked to all
wireshark libraries and executables.
Have routines to report capture-file errors, using libwireshark error
codes and strings, that call through a pointer, so they can pop up
dialogs in GUI apps, print a message to the standard error on
command-line apps, and possibly do something different on server
programs.
Have init_report_message() take a pointer to structure containing those
function pointers, rather than the function pointers themselves, as
arguments.
Make other API changes to make that work.
Register the pcap and pcapng file types/subtypes rather than hardwiring
them into the table.
Call the registration routines for them directly, rather than through a
generated table; they're always supposed to be there, as some code in
Wireshark either writes only one of those formats or defaults to writing
one of those formats. Don't run their source code through the
registration-routine-finder script.
Have the file type/subtype codes for them be directly exported to the
libwiretap core, and provide routines to return each of them, to be used
by the aforementioned code.
When reporting errors with cfile_write_failure_message(), use
wtap_dump_file_type_subtype() to get the file type/subtype value for the
wtap_dumper to which we're writing, rather than hardcoding it.
Have the "export PDU" code capable of supporting arbitrary file
types/subtypes, although we currently only use pcapng.
Get rid of declarations of now-static can_write_encap and
dump_open routines in various headers.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
Remove NG from the names - it adds nothing.
Don't use the abbreviations for pcapng block names, spell out what the
block does (e.g. "WTAP_BLOCK_DECRYPTION_SECRETS" rather than
"WTAP_BLOCK_DSB"), to make it more obvious what the block does.
Spell out some other abbreviations.
Add WTAP_BLOCK_PACKET for future use for packet blocks; there's no need
to distinguish between the Enhanced Packet Block, the Simple Packet
Block, and the deprecated Packet Block here.
It corresponds to LINKTYPE_ETW in pcap and pcapng files; the structures
in the record format come from the Event Tracing for Windows (ETW) API
rather than directly from Event Trace Log files.
While we're at it, explain what extcap/etl does.
New link type DLT_ETW is added for write and read Event Trace on Windows.
This change updates MBIM dissector to decode a MBIM message from
a DLT_ETW packet.
sshdump can now be copied in multiple instances. Each instance will
show up a different interface and will have its own profile.
This will help users connecting to different hosts. Instead of changing
profiles, sshdump can be cloned, and each instance will be used for a
single host.
Change-Id: If4fb42cf78021c6f16213ae91cbf41ec7f61ca77
Reviewed-on: https://code.wireshark.org/review/37883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
add_libssh_info() can be used by ciscodump, sshdump. and any other
extcap program that uses libssh.
Change-Id: I60474bd610eeb7dfb6ec07fc1aaaf19c4f745cdd
Reviewed-on: https://code.wireshark.org/review/37882
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
We require 0.6 or later in CMakeLists.txt, and both ssh_version() and
LIBSSH_VERSION having to be fed to SSH_STRINGIFY() date back before 0.5,
so just assume ssh_version() is available and LIBSSH_VERSION has to be
fed to SSH_STRINGIFY().
Change-Id: I4f62a720424383f88e0410cad07dbe67d0c69297
Reviewed-on: https://code.wireshark.org/review/37881
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Guy Harris <gharris@sonic.net>
Thanks, libssh developers, for making it so straightforward!
This means we don't need to construct it in the CMake module that finds
libssh.
Change-Id: I6c173bf7c0671dfdfac423a7d01ecced7b69e851
Reviewed-on: https://code.wireshark.org/review/37878
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the version parameter be just the version number; other code
expects it to be that.
Have additional parameters for the "compiled with" and "running with"
information.
Add a extcap_version_print() routine to show the version message,
printing
{exename} version {version}
and then printing
Compiled with {compiled_with}
if "compiled with" information is supplied and printing
Running with {running_with}
if "running with" information is supplied.
This fixes some messages, as well as fixing the display of extcap
modules in the About dialog.
Change-Id: I3d298d30e83bd363abd599d75adfc780a90f34fd
Reviewed-on: https://code.wireshark.org/review/37877
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Just use extcap->exename.
Change-Id: I85cfda2afaf776f3222cf362bcd6c675b4ff1504
Reviewed-on: https://code.wireshark.org/review/37876
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If we have ssh_version(), then ssh_version(0) will return a string for
the version being used.
Change-Id: I0717f6d4d5c3fa04aa7938dc6bc0d4c8abfa95fd
Reviewed-on: https://code.wireshark.org/review/37875
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Since the original introduction of sshdump, ssh_userauth_publickey_auto
was already in use which would try the ssh-agent on non-Windows
platforms. There is no need to explicitly call ssh_userauth_agent which
is dead code anyway due to a typo in the macro name.
Change-Id: I976ec3da9e35ade63983ba5ca01163714d466912
Reviewed-on: https://code.wireshark.org/review/37476
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
/opt/SourceCode/wireshark/epan/dissectors/packet-frame.c 818 warn V547 Expression 'fi' is always true.
/opt/SourceCode/wireshark/epan/dissectors/packet-gsm_sms.c 2692 warn V547 Expression 'length <= (offset - saved_offset)' is always false.
/opt/SourceCode/wireshark/epan/dissectors/packet-isup.c 4688 warn V1037 Two or more case-branches perform the same actions. Check lines: 4688, 4697
/opt/SourceCode/wireshark/extcap/androiddump.c 1237 warn V560 A part of conditional expression is always true: data_str.
/opt/SourceCode/wireshark/extcap/androiddump.c 1603 warn V547 Expression is always true.
/opt/SourceCode/wireshark/ui/qt/models/packet_list_model.cpp 497 warn V560 A part of conditional expression is always true: ok_r1.
For the voip_calls.c change, I preferred to initailize along with every other field, rather than set to actual value it gets set to later.
For the isobus-vt change, I could not find a spec but followed the pattern from other error bit fields.
Bug: 16335
Change-Id: Ie55082222b582f6fff4e8c7a992d863acee6cf15
Reviewed-on: https://code.wireshark.org/review/37160
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Set mustexist option to true to use Open file dialog instead of Save.
Change-Id: Ic8890facb6eebdacdc52881f617e8137585220f4
Reviewed-on: https://code.wireshark.org/review/36832
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The packet time calculation used the time(NULL) call to get the time
in seconds and than divided by 1000 to get micro seconds. This results
in correct seconds but some random micro seconds values.
Now get the time in microseconds and divide by 1000000 to get the
seconds and use the remainder for the micro seconds part.
Change-Id: I31f90960e27b0089c20936f69c7dc30f1efd50d9
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Reviewed-on: https://code.wireshark.org/review/36067
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With BUILD_androiddump and EXTCAP_ANDROIDDUMP_LIBPCAP enabled, the
linker notices a couple of cases of underlinking:
extcap/androiddump.c:541: error: undefined reference to 'ws_inet_pton4'
extcap/androiddump.c:685: error: undefined reference to 'ws_hexstrtou32'
extcap/androiddump.c:2513: error: undefined reference to 'cmdarg_err_init'
extcap/androiddump.c:2517: error: undefined reference to 'data_file_url'
extcap/androiddump.c:2629: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:2592: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:2646: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:1708: error: undefined reference to 'ws_inet_pton4'
extcap/androiddump.c:1783: error: undefined reference to 'ws_inet_pton4'
Fix that by explicitly linking against libwiretap and libwsutil when the
linker cannot find those symbols by linking to them through libwireshark.
Change-Id: I4db266fe82927c12d18fec06f9d766b9390bcec3
Reviewed-on: https://code.wireshark.org/review/35855
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When EXTCAP_ANDROIDDUMP_LIBPCAP=1, the compiler warns:
In file included from /usr/include/glib-2.0/glib.h:62:0,
from extcap-base.h:29,
from androiddump.c:26:
androiddump.c: In function ‘extcap_dumper_open’:
androiddump.c:366:19: warning: format ‘%s’ expects a matching ‘char *’
argument [-Wformat=]
g_warning("Can't open %s for saving packets: %s",
pcap_geterr(pcap));
(et cetera)
Fix three occurrences of that warning by using char *fifo as it was
apparently intended.
Fixes: 67a5d9bebe
Change-Id: I0597a345d87594cbe548d118a57e3751d0e3abf6
Reviewed-on: https://code.wireshark.org/review/35853
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
androiddump determines encap type by reading the data link type
value from pcap content generated by tcpdump running on the device.
The data link type is converted from an uint type to an int type
because int is what the pcap/wtap API expects. However the signed
to unsigned conversion is performed on an 8-bit data value rather
than the full 32-bit value making DLT values larger than 127 fail.
Fix the unsigned to signed conversion by determining DLT from the
full 32-bit "network" field from pcap global header instead of
the 8-bit data char array. While at it also take caore of device
to host endianness conversion.
Fixes: v2.5.1rc0-65-gbfef57ebb7 ("androiddump: Fix and simplify tcpdump capture")
Fixes: v2.9.0rc0-694-gafd0eef4f6 ("androiddump: Fix tcpdump encap type when libwiretap is used")
Change-Id: I71629b166a6893763b16e9df33408fee8c99cbd2
Reviewed-on: https://code.wireshark.org/review/34788
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
This reverts commit f1285fcf06.
NSIS package is broken with this commit.
Change-Id: Ief22a308edad188fa2d5fab79355f19493359fa6
Reviewed-on: https://code.wireshark.org/review/34758
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
HTML docs are installed to both $docdir and $pkgdatadir. Fix that
to install to $docdir only.
Change-Id: I115158585b6df9170d9a01249adbc8548df91f14
Reviewed-on: https://code.wireshark.org/review/34640
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The number of packets to generate is unsigned and always finite. The
code supports 64 bits integers as the count and thus for most use cases
(2^64)-1 is good enough alternative for infinite.
Change-Id: I9f83002358d0ab11724dce22802390b145e4ac67
Reviewed-on: https://code.wireshark.org/review/34613
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When there is a problem with output pipe, randpktdump will call
cfile_write_failure_message() which in turn calls cmdarg_err() which
calls print_err. Call cmdarg_err_init() so print_err is not NULL.
Change-Id: Ie459596a473c83204e9aa1d48bb2d2d3717b340a
Reviewed-on: https://code.wireshark.org/review/34495
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On macOS, <build directory>/run/wireshark is a wrapper script that execs
run/Wireshark.app/Contents/MacOS/Wireshark so that Launch Services will
activate our application properly. We don't need to worry about this for
our other executables. Make them symlinks so that we can run things like
`lldb run/tshark` with impunity.
Change-Id: I4e656d778040ece722f873b1a7f6e6e60d21e2a6
Reviewed-on: https://code.wireshark.org/review/33071
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Packet data is raw octets, meaning guint8s, not chars or gchars.
The last argument to recvfrom should be of type socklen_t on UN*X and
int on Windows; wsutil/socket.h defines socklen_t to be int on Windows,
so just use socklen_t.
Change-Id: I5355a246e0f74f39c0f8e198d8dd9769b623af49
Reviewed-on: https://code.wireshark.org/review/33242
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ic5a3653cb8bcc33e0be108c8b201567e7090f9f5
Reviewed-on: https://code.wireshark.org/review/33043
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>