Extcap is a plugin interface, which allows for the usage
of external capture interfaces via pipes using a predefined
configuration language which results in a graphical gui.
This implementation seeks for a generic implementation,
which results in a seamless integration with the current
system, and does add all external interfaces as simple
interfaces.
Windows Note: Due to limitations with GTK and Windows,
a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe
is needed, which is part of any GTK windows installation.
The default installation directory from the build is an extcap
subdirectory underneath the run directory. The folder used by
extcap may be viewed in the folders tab of the about dialog.
The default installation directory for extcap plugins with
a pre-build or installer version of wireshark is the extcap
subdirectory underneath the main wireshark directory.
For more information see:
http://youtu.be/Nn84T506SwU
bug #9009
Also take a look in doc/extcap_example.py for a Python-example
and in extcap.pod for the arguments grammer.
Todo:
- Integrate with Qt - currently no GUI is generated, but
the interfaces are still usable
Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f
Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net>
Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net>
Signed-off-by: Roland Knall <rknall@gmail.com>
Reviewed-on: https://code.wireshark.org/review/359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use it in the ATM dissector, and use a tvbuff version, so that we don't
do tvb_get_ptr() ourselves.
Change-Id: I0bd3594bc739e0cca447ac06f34a471441cf2e70
Reviewed-on: https://code.wireshark.org/review/3513
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And note that it's the same polynomial for the MPEG-2 CRC.
Change-Id: Ie89e392156ae77a2adeec3eb8e704aa75c0cd0dc
Reviewed-on: https://code.wireshark.org/review/3512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the wsutil routine just accumulate the stuff from the buffer handed
to us. Have the IUUP dissector deal with the extra stuff. Add a
update_crc10_by_bytes_tvb() routine, which is passed a tvbuff, offset,
and length, and use that rather than using tvb_get_ptr() in dissectors.
Change-Id: Iadd0823c764080e60d1339abb94d2e19150eabfe
Reviewed-on: https://code.wireshark.org/review/3509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
So just use crc16_x25_ccitt_tvb(), which goes a byte at a time rather
than a bit at a time, and which takes a tvbuff rather than requiring you
to call tvb_get_ptr().
It also doesn't 1's-complement the result, so we can compare it against the
0x1D0F in ETSI TS 102 821 V1.4.1 (2012-10) rather than against a
1's-complement version, 0xE2F0.
Change-Id: Ia513f851f0a8ff1e7853278ddf3618c532fb2aba
Reviewed-on: https://code.wireshark.org/review/3507
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are routines that take a buffer and a length and that take a
tvbuff, offset, and length; use those routines in the DNP dissector
(which no longer needs its own table and loop), and use the tvbuff
routine instead of calling tvb_get_ptr().
Change-Id: Ic67b0f3b65b94ea47c0fdc2f3d3b6f88df77f9c6
Reviewed-on: https://code.wireshark.org/review/3505
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In particular, epan/wslua/lrexlib.c has its own buffer_ routines,
causing some linker warnings on some platforms, as reported in bug
10332.
(Not to be backported to 1.12, as that would change the API and ABI of
libwsutil and libwiretap. We should also make the buffer_ routines in
epan/wslua/lrexlib.c static, which should also address this problem, but
the name change avoids other potential namespace collisions.)
Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28
Reviewed-on: https://code.wireshark.org/review/3351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
file in the build directory (rather than the source directory).
Change-Id: I365e573ee84e9a41aa76f4aa9a4a6efaf42fb60e
Reviewed-on: https://code.wireshark.org/review/3334
Reviewed-by: Evan Huus <eapache@gmail.com>
Items are sorted by value.
Move common conversation code to ui/conversation_hash.[ch]. Add a
conversation_type_e enum along with convenience functions for fetching
titles, tap names, etc.
We have a single main dialog instead of a main dialog + individual
protocol dialogs. It de-clutters the statistics menu and results in
simpler code. Conversation type tabs can be added and removed within the
dialog itself. The tab list is sticky and saved with the current profile
when the dialog closes. Data can be copied as CSV or YAML.
Add a FilterAction class and a corresponding filterAction slot to
MainWindow. Use it for the Conversations context menu.
Add an addressResolutionChanged signal and related plumbing.
Get rid of the iterator members in the conversation item struct. Update
the GTK+ code accordingly.
Excercise for the reader:
- Update TShark to use the common hash code.
Ping-Bug: 9231
Ping-Bug: 8703
Ping-Bug: 6727
Change-Id: I8728d771fc5b1a85937bed9d898e53c3ecc3a544
Reviewed-on: https://code.wireshark.org/review/2987
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some routines Wireshark uses are present in some, but not all,
platforms; for routines that would be used on all platforms, libwsutil
provides its own implementations on platforms that lack them.
On platforms that provide a routine, that routine will not be part of
the API and ABI, and, if we do an API or ABI check using the header
libwsutil provides to declare the function on platforms that lack it, we
may have a collision between the declaration in our header and the
declaration in a system header.
There's no guarantee that we can make them match, as the declaration
might differ from platform to platform and from platform version to
platform version, so we simply leave the header file out of the check if
we have the function on the platform on which we're checking the API or
ABI.
Change-Id: I8a23e63d9e17e5c1f5a83304dbe14d1e7df22e7e
Reviewed-on: https://code.wireshark.org/review/3115
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise, if you link with both libwiretap and libfiletap, it's
anybody's guess which one you get. That means you're wasting memory
with two copies of its routines if they're identical, and means
surprising behavior if they're not (which showed up when I was debugging
a double-free crash - fixing libwiretap's buffer_free() didn't fix the
problem, because Wireshark happened to be calling libfiletap' unfixed
buffer_free()).
There's nothing *tap-specific about Buffers, anyway, so it really
belongs in wsutil.
Change-Id: I91537e46917e91277981f8f3365a2c0873152870
Reviewed-on: https://code.wireshark.org/review/3066
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit c5a50df51f.
Most of the change to remove "lib" seems to work, but the list of libraries to sign appears not to be in the source repository, so I can't make that step work.
Change-Id: I6ead152fc308480d02266b0f3f0caaa873caf6d2
Reviewed-on: https://code.wireshark.org/review/2973
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"libXXX" is a UN*X convention; see whether we can do without it on
Windows.
Change-Id: I03a377ed5121a8dff7a53203b34e441abffcbb85
Reviewed-on: https://code.wireshark.org/review/2968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The WRETH dissector showed up some garbage in the column display. Upon
further inspection, it turns out that the format string had a trailing
percent sign which caused (unsigned)-1 to be returned by
g_printf_string_upper_bound (in emem_strdup_vprintf). Then ep_alloc is
called with (unsigned)-1 + 1 = 0 memory, no wonder that garbage shows
up. ASAN could not even catch this error because EP is in charge of
this.
So, start adding G_GNUC_PRINTF annotations in each header that uses
the "fmt" or "format" paramters (grepped + awk). This revealed some
other errors. The NCP2222 dissector was missing a format string (not
a security vuln though).
Many dissectors used val_to_str with a constant (but empty) string,
these have been replaced by val_to_str_const. ASN.1 dissectors
were regenerated for this.
Minor: the mate plugin used "%X" instead of "%p" for a pointer type.
The ncp2222 dissector and wimax plugin gained modelines.
Change-Id: I7f3f6a3136116f9b251719830a39a7b21646f622
Reviewed-on: https://code.wireshark.org/review/2881
Reviewed-by: Evan Huus <eapache@gmail.com>
When ASAN is enabled, a false buffer overflow warning is raised. It is
a false positive since everything starting at '\0' will get ignored by
the PCMPISTRI instruction (see Intel(r) SSE4 Programming Reference,
5.3.1.5 "Valid/Invalid Override of Comparisons", and 5.3.1.2
"Aggregrate Operation", case "Equal any").
Concerns about reading past the end of the page turns out to be false,
there always seem to be a valid page after the current one (for static
and heap memory at least). It is an non-issue since strlen also does
not have issues with this.
Rather than fully disabling SSE 4.2 and using the fallback
implementation for ASAN-enabled builds, read the set of characters from
'a' into the mask without a 128-bit read and then still use SSE 4.2
for the actual query.
Bug: 10214
Change-Id: Ie4a526e60b43bfc08dd1d821556766f14a49be4d
Reviewed-on: https://code.wireshark.org/review/2618
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BYTE2WORD() doesn't modify what its argument points to, so make that
argument a const unsigned char *.
This lets us get rid of casts that cast away constness.
Change-Id: I44a58bd3d75fc77a022b7e8f7fa9b43990bcf81c
Reviewed-on: https://code.wireshark.org/review/2876
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pull the "cast this to a pointer to an __m128i" idiom into a macro, and
use the macro; have that macro use "const" in the casts.
Change-Id: Ife90b7daef2f09368790f3b2ffbb227d6d794dea
Reviewed-on: https://code.wireshark.org/review/2871
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wsutil contains the only code that uses version.h; make the dependency
explicit, to see whether that fixes the current build issues with Debian
packaging.
Also, get rid of all *other* dependencies on gitversion.
Change-Id: I89fa5e4112633b83a1a7dfa349bc337e3688575f
Reviewed-on: https://code.wireshark.org/review/2823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
SetProcessDEPPolicy() is the API; PSetProcessDEPPolicy is just a local
pointer variable that either points to that API's implementation (if
it's available) or is null (if it isn't).
Change-Id: I676fbb75019e32af511cefa6f1c7b7124ac9d8e8
Reviewed-on: https://code.wireshark.org/review/2735
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move the routines to parse numerical command-line arguments there.
Make cmdarg_err() and cmdarg_err_cont() routines in wsutil that just
call routines specified by a call to cmdarg_err_init(), and have
programs supply the appropriate routines to it.
Change-Id: Ic24fc758c0e647f4ff49eb91673529bcb9587b01
Reviewed-on: https://code.wireshark.org/review/2704
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I have ***NO*** idea why this makes a difference, but, without this
change, APPLE_CORE_FOUNDATION_LIBRARY is apparently *not* set correctly
for wsutil/CMakeLists.txt, and, with this change, it is. I guess
there's something magic involved here with "global" CMake variables or
something crazy such as that.
Change-Id: I7a0046b9c249568cd666720838104f48e854e203
Reviewed-on: https://code.wireshark.org/review/2612
Reviewed-by: Guy Harris <guy@alum.mit.edu>
You shouldn't be including cfutils.h if you don't have CF, but this may
be tripping up the ABI checker.
Change-Id: Ib736a33013c6ab0f416ebbedaa4ebf112bade6f7
Reviewed-on: https://code.wireshark.org/review/2530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a routine get_ws_vcs_version_info() that, for builds from a tree
checked out from Wireshark's version control system, returns a string
that includes both the Wireshark version number and an indication of
what particular VCS version was checked out, and just returns
Wireshark's version number for other builds.
Use that routine rather than manually gluing VERSION and the Git version
number together.
("vcs", not "git", just in case we do something bizarre or mercurial
some day. :-))
Change-Id: Ie5c6dc83b9d3f56655eaef30fec3ec9916b6320d
Reviewed-on: https://code.wireshark.org/review/2529
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's Windows-specific, so name it appropriately.
Change-Id: Ic518cbfabebf95757f6b308a4d547a6cabed6a5e
Reviewed-on: https://code.wireshark.org/review/2528
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This mean we also have to move CFString_to_C_string() there for OS X.
Change-Id: Ic91ad872e9d5290cf34f842503ededd5452e4337
Reviewed-on: https://code.wireshark.org/review/2511
Reviewed-by: Guy Harris <guy@alum.mit.edu>