Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
In conversation_filter.h, add a separate log_conv_filter_list. Use it in
register_log_conversation_filter and add conversation_filter_from_log.
It looks like we no longer use find_conversation_filter externally, so
remove it from the API.
Add location tracking as a column offset and length from offset
to the scanner. Our input is a single line only so we don't need
to track line offset.
Record that information in the syntax tree. Return the error location
in dfilter_compile(). Use it in dftest to mark the location of the
error in the filter string. Later it would be nice to use the location
in the GUI as well.
$ dftest "ip.proto == aaaaaa and tcp.port == 123"
Filter: ip.proto == aaaaaa and tcp.port == 123
dftest: "aaaaaa" cannot be found among the possible values for ip.proto.
ip.proto == aaaaaa and tcp.port == 123
^~~~~~
Add argument to dfilter_compile_real() to save syntax tree text
representation.
Use it with dftest to print syntax tree.
Misc debug output format improvements.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Add a separate UI application named "Logshark". It's currently a very
thin superclass of Wireshark, but that will change over time. Based on
work by Loris Degioanni.
This replaces the current macro reference system with
a completely different implementation. Instead of a macro a reference
is a syntax element. A reference is a constant that can be filled
in the dfilter code after compilation from an existing protocol tree.
It is best understood as a field value that can be read from a fixed
tree that is not the frame being filtered. Usually this fixed tree
is the currently selected frame when the filter is applied. This
allows comparing fields in the filtered frame with fields in the
selected frame.
Because the field reference syntax uses the same sigil notation
as a macro we have to use a heuristic to distinguish them:
if the name has a dot it is a field reference, otherwise
it is a macro name.
The reference is synctatically validated at compile time.
There are two main advantages to this implementation (and a couple of
minor ones):
The protocol tree for each selected frame is only walked if we have a
display filter and if the display filter uses references. Also only the
actual reference values are copied, intead of loading the entire tree
into a hash table (in textual form even).
The other advantage is that the reference is tested like a protocol
field against all the values in the selected frame (if there is more
than one).
Currently the reference fields are not "primed" during dissection, so
the entire tree is walked to find a particular reference (this is
similar to the previous implementation).
If the display filter contains a valid reference and the reference is
not loaded at the time the filter is run the result is the same as a
non existing field for a regular READ_TREE instruction.
Fixes#17599.
This allows the "needs to be reloaded" indication to be set in the close
process, as is the case for ERF; having a routine that returns the value
of that indication is not useful if it gets seet in the close process,
as the handle for the wtap_dumper is no longer valid after
wtap_dump_close() finishes.
We also get rid of wtap_dump_get_needs_reload(), as callers should get
that information via the added argument to wtap_dump_close().
Fixes#17989.
Create a Wireshark.dSYM bundle for our debugging symbols. Create a
separate .dmg for the dSYM bundle, similar to what we do for Windows.
`dwarfdump --uuid run/Wireshark.dSYM` returns what app
This reduces the size of the application bundle and .dmg quite a bit
(sizes measured with `du -sm`):
51 Wireshark 3.7.0 Intel 64.dmg
81 Wireshark dSYM 3.7.0 Intel 64.dmg
182 Wireshark.app
262 Wireshark.dSYM
Allow export PDU taps to be registered with a wiretap encapsulation
instead of always using WTAP_ENCAP_WIRESHARK_UPPER_PDU. This allows
creating normal capture files that aren't tied to wireshark without
having to do a "editcap -C -L -T", as well as creating files in
formats other than pcapng and pcap with tshark.
Provide a couple sample implementations in Ethernet (WTAP_ENCAP_ETHERNET)
and IP (v4 and v6, WTAP_ENCAP_RAW_IP) that are the most common use cases.
(I can imagine a few others; WTAP_ENCAP_MPEG_2_TS could probably be
useful, for example.) Fixes#15141
It creates bluetooth_data_t what is The Center of the Bluetooth World in Wireshark,
most important is that bluetooth_data_t must provide shared trees (resources) to enable
dissection for non trivial relations in Bluetooth, for example mapping BDADDR to name.
Issue: 17570
Change-Id: Ice17b804ab6d4dcf0f77f1b2356a6712ce7e64b1
We keep our various packaging assets in the "packaging" directory. Move
the Debian assets there. dpkg-buildpackage doesn't seem appear to have a
"debian directory path" option, but symlinking worked in my test
container.
RHEL 8 and derivatives have supported the various CMake macros since
8.4 (June 2021, see https://access.redhat.com/errata/RHEA-2021:1747)
Use them there as well, so that we have a unified spec file for all
recent distributions (with the older RHEL/CentOS 7 and SLES 12 being
the only exceptions.)
Fedora and SUSE 15 use out of source builds by default, but store
the build directory in differently named macros. Define one macro
for the build directory that has the appropriate value (which will
be "." for any distribution that doesn't have either macro, and
thus presumably does in-source builds.) This fixes building and
installing the guides with any of the supported distributions.
Also, since RHEL/CentOS 7 doesn't have a special CMake macro, it
needs to set the install prefix when calling cmake.
Also, fix a comment warning by escaping the percent sign.
If we're building with ninja, we need to require it.
While CentOS/RHEL/Rocky 8 doesn't have a asciidoctor package
(so we install it separately), we can add a BuildRequires on
the file that RubyGems creates for other rpm based distributions.
There's a couple places where /usr/local is hardcoded in the
spec file that need to be replaced with %{_prefix} in order for
RPMs to build correctly on OpenSUSE with prefixes other than
/usr/local
The BuildRequires and Requires for the -qt subpackage need to
go into its %package section, not its %description section.
The dependencies were not being enforced, but instead being added
to the description of the GUI package.
Fedora Linux recently turned on some hardcore RPATH hardening
that causes RPM build to fail with a wide variety of prefixes unless
$ORIGIN is enabled.
It builds fine with /usr as the prefix because in that case we disable
the RPATH.
In the long run perhaps we should have the rpm-package target use the
standard prefix of /usr instead of the CMAKE_INSTALL_PREFIX, but even
so we want the spec file to work if /usr/local is set as the prefix.
Fix#17830
Commit 0d820ddc8d added set -u to
the script, so the test for CI_COMMIT_SHA (added in commit
e7296d5208) needs to be changed
so there isn't a fatal error if it is unset.
Having some options use DISABLE_ and others ENABLE_ is inconsistent
and difficult to remember. Use ENABLE_ instead consistently.
Frame-larger-than remains an exception.
If the Visual C++ Redistributable installation fails, don't point users
to KB2999226. It applied to Windows 8.1 and earlier, and is more likely
to cause confusion than help fix the problem. Ping #17748.
Asciidoctor is now required for packaging. Try to make sure it's
installed on CentOS 8 and openSUSE 15.2. Note that CentOS 8 doesn't have
an Asciidoctor package, which complicates our SPEC.
Convert doc/*.pod to Asciidoctor. This:
* Means we use the same markup for our man pages, the guides, and
release notes.
* Lets us add versions to our man pages.
* Gives us more formatting options, e.g. AsciiDoc supports `commands`,
nested lists and makes it easy to include version information. The
manpage backend doesn't seem to support tables very well,
unfortunately.
Convert our CMake configuration to produce *roff and html man pages
using Asciidoctor. Add a "manarg" block macro which makes our synopses
wrap correctly.
Similar to the release notes, guides, and FAQ, if Asciidoctor isn't
found the man pages won't be generated or installed.
Move Asciidoctor to the list of package build dependencies in various
places.
This commit includes the conversion script (pod2adoc.py), which will be
removed later.
Line count sanity check:
Man page .pod .adoc
androiddump 260 280
asn2deb 93 105
capinfos 401 471
captype 54 55
ciscodump 241 269
dftest 42 42
dpauxmon 153 169
dumpcap 464 534
editcap 528 583
etwdump 136 156
extcap 157 181
idl2deb 91 103
idl2wrs 120 100
mergecap 206 207
mmdbresolve 75 75
randpkt 107 111
randpktdump 158 184
rawshark 558 610
reordercap 76 78
sdjournal 145 157
sshdump 272 302
text2pcap 274 312
tshark 2135 2360
udpdump 133 151
wireshark-filter 486 479
wireshark 2967 3420
Apple provides a status page for various developer services at
https://developer.apple.com/system-status/, including the status of the
Developer ID Notary Service. Show the URL notarization fails so that
troubleshooting is easier.
Attempting to release 3.5.0 failed with
No local changes to save
Creating ./wireshark-3.5.0.tar.xz
fatal: not a valid object name: stash@{0}
Use CI_COMMIT_SHA for our export commit if it exists.
Set `ManifestDPIAware true` in the NSIS installer and uninstaller. Note
that this trades a better appearance on HiDPI displays for some
oddly-sized controls.
Build WiresharkPortable32 or WiresharkPortable64 as appropriate for our
target platform. Add WiresharkPortable64 steps to the Win64 builder.
Update the Developer's Guide. Fixes#17260.
Add missing entries, regularize the descriptions, etc..
Note that pcap and pcapng are the native formats.
Fix various issues.
Update the editcap -F output to match urrent reality.
While we're at it, sort the libwiretap modules, putting observer.c in
the right place.
Ninja keeps track of its built files in .ninja_log, so if you copy a
pre-built target into a fresh build directory, Ninja will ignore and
overwrite it. This includes the tarball generated by the 'dist' target.
In get-export-release.sh, check for a preexisting tarball and preserve
it by default. This lets us pass the dist tarball from one GitLab CI
stage to other stages without recreating it. It's also arguably the
right thing to do in general, since we record and publish the tarball
hashes for each release and different contents for the same filename can
cause confusion.
Move the dist tarball to the build directory in .gitlab-ci.yml, and add
a note about using the tarball exclusively.
Standard naming convention in Wireshark generates a version that
make the rpm build fail on Fedora. Since we've not evidence that
this happens on other platforms, just disable on that one.
We initially disabled dark mode support in Info.plist when we didn't
support it very well, and later passively enabled it depending on our
SDK version. Go ahead and force it on since we officially support dark
mode. Closes#17098.
New link type DLT_ETW is added for write and read Event Trace on Windows.
This change updates MBIM dissector to decode a MBIM message from
a DLT_ETW packet.
Convert wiretap/ascend.y.in from Bison/YACC to Lemon and rename it to
wiretap/ascend_parser.lemon. Tighten up some of our scanning and
parsing. Make the indentation in it and related files consistent. Aside
from the recent IPv4 fragment offset changes, this produces identical
output to the 3.4 branch for the Ascend trace files I have here.
Remove the comment about supporting other commands. Another timeline
might have an Ascend that successfully pivoted to DSL or 15625B+1D
gigabit ISDN, but this one has neither.
This was our last/only Bison/YACC file, so remove Bison/YACC as a
development and packaging dependency and remove references to it from
the documentation.
Re-enable Fedora build and add CentOS 8 and OpenSUSE 15.2 builds.
Fedora 33 does out of build tree cmake builds and needs spec file changes.
CentOS 8 has some changes with cmake and other packages that are similar to
older Fedora, and needs extra repositories enabled to get -devel packages
(still missing -devel for some optional libraries). OpenSUSE Leap 15.2 also
has some changes needed to build. Note that OpenSUSE Leap 15.1 is EOL
at the end of November 2020. Fixes#16971
It's possible to play opus payload with libopus (https://opus-codec.org/).
Closes#16882.
Helped-by: Pascal Quantin <pascal.quantin@gmail.com>
Signed-off-by: Lin Sun <lin.sun@zoom.us>
Signed-off-by: Yuanzhi Li <ryanlee@mail.ustc.edu.cn>
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
The uninstaller should run with elevated privileges to allow deletion
of files from protected directories.
Modifying the uninstall script to require elevation then causes the
uninstaller_installer that creates the uninstaller to also require
elevation which happens at build time so defeat that
by setting the env var __COMPAT_LAYER to "RunAsInvoker" before calling
the uninstaller_installer.
Achieving this from CMake requires a script to call to set the env var
and then calling the executable.
Change-Id: I056931bc4f9b41877b8f31d765d49fee11b54e39
Reviewed-on: https://code.wireshark.org/review/37955
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Extcap binaries are not part of default install.
Normal (graphical) allows them to be selected for installation.
Add flags to allow install when doing command line (silent) install.
Ping-Bug: 16562
Change-Id: I6ce0fa3b46f9820dc7f66945cda963a3f629579b
Reviewed-on: https://code.wireshark.org/review/37185
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When installing ChmodBPF on macOS, assign the access_bpf group to the first
free GID greater than 100, rather to the default which starts at 500. Using
a GID less than 500 hides it in the System Preferences Users & Groups pane.
Bug: 6402
Change-Id: I62ed63bc64cb2721880467ffd0dc290ea57c8461
Reviewed-on: https://code.wireshark.org/review/37676
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Although we don't depend on any of Qt's SVG classes directly, we do use
SVG icons in Preferences → Appearance → Language and QIcon loads its SVG
engine dynamically. If it's not present Wireshark will still run, but
the user won't see any flag icons.
Require QtSVG in the Debian and RPM packaging. It's not that large (~
400k here on Ubuntu 18.04) and ensures that we have a uniform user
experience across platforms. In this particular case, if the user
experience happens to be "Wireshark's UI is in a language I don't
understand" the little flags can come in handy.
Change-Id: If3c2e8a6040967353dbc462ee475ef12514b25f9
Reviewed-on: https://code.wireshark.org/review/36037
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In osx-app.sh, $VERSION used to hold the minor version of the OS. We no
longer set it and it's probably safe to assume that we're building on
Lion or later, so remove it.
Change-Id: I8e85cd7c2fe2162019c7c436b7865be95d4a33e2
Reviewed-on: https://code.wireshark.org/review/36039
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It is possible to decode iLBC payload. It uses libilbc library (https://github.com/TimothyGu/libilbc).
Bug: 16314
Change-Id: Id4cad7ae32305a0e94ef32beb24e07733d7f834e
Reviewed-on: https://code.wireshark.org/review/35686
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Sparkle's AutoUpdate.app has its own signature, which fails Apple's
notarization requirements.
Change-Id: I5fc5490a3e7ef63dd84fe59369ddd8cf42ddeff6
Reviewed-on: https://code.wireshark.org/review/35813
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The updates to windeployqt-to-nsis.ps1 g7a09c78f12 added SetOutPath
calls to qt-dll-manifest.nsh. This means we need to reset the output
path before adding our translation files.
Change-Id: I4b4ede72efa67cc4617aaae5baf8d38df6952df7
Reviewed-on: https://code.wireshark.org/review/35705
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The NSIS licensing page is centered around making the user agree to
a EULA. We don't have one of those. Replace the "you must accept" and
"I agree" text with something more neutral.
We could alternatively omit with the licensing page altogether, but
the GPL is an important aspect of the project and deserves some sort
of mention.
Bug: 1115
Change-Id: I5fd5beac2188b61a90c2842de7d7547aa815ff4f
Reviewed-on: https://code.wireshark.org/review/35624
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We run `windeployqt ... --pdbs` at build time, which means that we need
to be careful not to include them in the NSIS package. Switch from using
wildcards ("File ...\*") to using separate "File" commands for each file.
Simplify the PDB Zip package command while we're here.
Bug: 16307
Change-Id: Ibd9bcbdfdc216f1f6a067baf711bbc184845143f
Reviewed-on: https://code.wireshark.org/review/35670
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Run osx-extras.sh before building the ChmodBPF installer package.
Change-Id: Iec3f88da86e48b5aac385369c7e68f23babc4c34
Reviewed-on: https://code.wireshark.org/review/35491
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs