Add some C99 stdio.h numbers to compare with GLib on platforms
(such as Windows) where they use different implementations.
Add a wmem string test with NULL allocator, to compare wmem and GLib
performance with roughly the same memory allocation.
Use the block allocator as being more representative of normal
wmem performance, instead of using strict, that is normally
used for wmem debugging.
These are not pass/fail tests, so the automation cannot
validate them. They just slow down the CI builds. To
enable pass -m perf.
I think the --verbose comment is wrong, I did not detect
any difference in output with or without --verbose.
Because we already have the length of the output string after
calling vsnprintf(), we should avoid calling wmem_strdup(), which
will ignore that and recompute the length.
Increase the buffer size to a value that seems reasonable to
minimize the chance of a second call to vsnprintf().
For historical reasons our logging inherited from GLib the logging of
some levels to stdout. Namely levels "info" and "debug" (to which we
added "noisy").
However this practice is discouraged because it mixes debug output
with application output for CLI tools and breaks many common usage
scenarios, like using tshark in pipes.
This change flips the logic on wslog to make logging to stderr the
default behavior.
Extcap subprocess have a hidden dependency on stdout so add that.
Some GUI users may also have a dependency on stdout. Because
GUI tools are unlikely to depend on stdout for programatic output
add another exception for wireshark GUI, to preserve backward
compatibility.
The type ssize_t is not available on Windows. Because this is
used in the public API we must provide a definition for it.
To avoid having to add a header to fix this use a size_t in
the API instead, and assign SIZE_MAX to represent a null
terminated string.
This adds some custom logic to check if we were given
the obsolete 'console.log.level' setting from the CLI
arguments, that specified the log level using a bitmask
copied from GLib. If we find that map the bitmask to a
wslog log level.
In any case the option is not removed from the argv (unlike
other wslog arguments like --log-level, etc.).
Adds deprecation warning for 'console.log.level' printed to
the console.
Related to #17763.
This matches the original implementation and allows displaying
logs to the console, including debug information, when running
an extcap from the CLI for testing and development purposes.
This should make extcap logging bug-for-bug compatible with the
behavior before dc7f0b88bb.
Imitate the GLib logic for selecting the console output stream
according to the log level. Levels MESSAGE and above go to
stderr. INFO and below go to stdout, unless stderr is chosen
using ws_log_console_writer_set_use_stderr().
It turns out some old extcap code was subtly dependending
on this behavior.
Extcaps require a log file when invoked in child mode. It also has
a specific flag to enable debugging, other that the wslog options.
Fix the logging to:
1. Enable debug log level if --debug is used.
2. Do not emit messages to the stderr if debug is enabled.
This brings extcap logging to the same feature level it had before
wslog replaced GLib logging.
We should not replace chars that cannot be represented
in ASCII, to avoid mangling UTF-8. This assumes every
string is UTF-8, of course.
This only affects the display of the compiled filter.
Before:
Filter: http.user_agent == "João"
Constants:
00000 PUT_FVALUE "Jo\xc3\xa3o" <FT_STRING> -> reg#1
After:
Filter: http.user_agent == "João"
Constants:
00000 PUT_FVALUE "João" <FT_STRING> -> reg#1
Add @file markers for remaining non-dissector
files that contain functions exported with
WS_DLL_PUBLIC so that Doxygen will
generate documentation for them.
Move epan_memmem() and epan_strcasestr() to wsutil/str_util.
Rename to ws_memmem() and ws_strcasestr(). Add compile time
check for a system implementation and use that if available.
We invoke those functions using a wrapper to avoid exposing
_GNU_SOURCE outside of the implementation.
Convert the tm struct to nstime first, then apply the timezone
offset, because applying the offset to the hours and minutes fields
directly can require carrying or borrowing in base 24 and 60 arithmetic.
Don't blindly examine the fifth byte in the input string without testing
earlier bytes. Instead, process the year by hand before calling sscanf.
ISO 8601 times don't switch between Basic and Extended format in the
middle, so for the later possible buffer overflows just use the
previously determined format.
A number of protocols have IDs that can be reused that are used as
lookup keys. In most cases the frame number should be used as well
to differentiate repeat appearances of an ID. For response/request
matching, it is frequently useful to find the most recent frame number
(greatest value less than or equal to the current one) that contained
an ID.
We can achieve that by using a multimap that stores values with a given
ID in a tree keyed with the frame number. This works better than using
a map or a tree alone:
1) A map isn't ordered, so doesn't allow for less than or equal comparison.
2) Using a tree requires an ordering on all the ID components, and then
having to test all the components other than the frame number separately
for equality after retrieval.
Currently the multimap does not support inserting items without specifying
the tree key (and having the multimap generate a key), because the total
capacity of trees (including deleted nodes) is not tracked. If other use
cases are needed, this could be added later along with more generic
multimap support.
Use a multimap in ANSI MAP, ANSI TCAP, and GSM SMS, all of which need to
match lookup IDs that can be reused. Fix#7653.
Change our developer.gnome.org/glib URLs to
developer-old.gnome.org/glib. The official documentation for GLib
appears to be at https://docs.gtk.org/glib/, but it has a different
layout than the gnome.org content (and is surprisingly resistant to
exploration IMHO). We can switch to developer-old.gnome.org using a
simple substitution and it still seems to be updated, so do that for
now.
Instead of removing extra log information in the log handler
for the default log level, do it in the ws_message() macro.
This means ws_log_full() will work as expected.
Rename to ws_return_val_if_null() because the name needs to be more
generic to indicate it should be used to return any kind of value,
not just pointers.
Increase the log level to something more appropriate because failing
any of these checks is considered to be a programming error.
Add the faulty variable name to the output message.
Add the macro ws_return_val_if_zero() for completeness.
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: guint32_to_str_buf(fv->value.uinteger, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: guint64_to_str_buf(val, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: '=': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: fs_len = strlen(fs_buf); [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: ^ [C:\Development\wsbuild-msvc\rawshark.vcxproj]
Have these functions accept a zero max length to mean "display
the whole byte array". Change the max length parameter to receive a
number of bytes to print, not the length of the output character
string.
Adjust the macros bytes_to_str() and bytes_to_string_punct() to
produce the same output. Add more tests. Rename the functions to
bytes_to_str_maxlen() and bytes_to_str_punct_maxlen() because this is
an API break.
Matches is a special case that looks on the RHS and tries
to convert every unparsed value to a string, regardless
of the LHS type. This is not how types work in the display
filter. Require double-quotes to avoid ambiguity, because
matches doesn't follow normal Wireshark display filter
type rules. It doesn't need nor benefit from the flexibility
provided by unparsed strings in the syntax.
For matches the RHS is always a literal strings except
if the RHS is also a field name, then it complains of an
incompatible type. This is confusing. No type can be compatible
because no type rules are ever considered. Every unparsed value is
a text string except if it happens to coincide with a field
name it also requires double-quoting or it throws a syntax error,
just to be difficult. We could remove this odd quirk but requiring
double-quotes for regular expressions is a better, more elegant
fix.
Before:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp.srcport
dftest: tcp and udp.srcport are not of compatible types.
Filter: tcp matches udp.srcportt
Constants:
00000 PUT_PCRE udp.srcportt -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
After:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
dftest: "udp" was unexpected in this context.
Filter: tcp matches udp.srcport
dftest: "udp.srcport" was unexpected in this context.
Filter: tcp matches udp.srcportt
dftest: "udp.srcportt" was unexpected in this context.
The error message could still be improved.
Converting from freq to channel only needed the 6 GHz freq. range
to be added, however, converting from channel to freq. will require
the function ieee80211_chan_to_mhz to take a starting frequency as
there's overlap in the channel numbering between 2.4/5 GHz and 6 GHz
bands. This may not be possible in some cases, so for now the
function will continue to do the conversion based on the order
on which the freq. ranges are defined. Specifically, it will favor
2.4/5 GHz over 6 GHz.
Use wslog to output debug information. Being able to control
it at runtime is a big advantage.
We extend the syntax tree nodes with a method to return a
canonical string representation.
Add a routine to walk the tree and return an textual representation
for debugging purposes.
Profile files which is only used in Qt is not automatically registered
during startup and must be explicit registered.
Add profile_register_persconffile() to handle this registration.
This is more readable and the extra error checking is functionally
the same as the original upstream code too, that trigerred some
compiler warnings.
Add missing 'static' qualifier.
Add a test for 'ws_opterr'.
Fix
wsutil/ws_getopt.c:93:21: error: possible misuse of comma operator here [-Werror,-Wcomma]
return ws_optind++, -1;
^
wsutil/ws_getopt.c:93:10: note: cast expression to void to silence warning
return ws_optind++, -1;
^~~~~~~~~~~
(void)( )
wsutil/ws_getopt.c:188:11: error: possible misuse of comma operator here [-Werror,-Wcomma]
name++, opt++;
^
wsutil/ws_getopt.c:188:5: note: cast expression to void to silence warning
name++, opt++;
^~~~~~
(void)( )
wsutil/ws_getopt.c:199:15: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
int l = arg-start;
~ ~~~^~~~~~
Add a .editorconfig entry for ws_getopt.[ch].
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
On the first packet of the conversation, the MPA layer is
dissected correctly followed by the DDP, RDMAP, RPC-over-RDMA,
RPC and NFS layers. The MPA layer sets the TCP conversation as
MPA protocol but when it dissects the RPC layer it also sets
the TCP conversation as RPC protocol thus overwriting the previous
protocol.
Added new port type PT_IWARP_MPA so that when the RPC layer
is dissected it does not overwrite the default protocol for
the TCP conversation which has already been set to MPA.
Fixes#15869.
This should fix the cppcheck warning "The unsigned expression
'sizeof(struct _PKT_INFO)' will never be negative so it is either
pointless or an error to check if it is."
wmem_safe_mult() was only used to do an overflow-safe multiplication of
a type size and a count of elements of that type; replace it with
wmem_safe_mult_type_size(), which takes the type as the first argument,
and checks only whether the count of elements is <= 0.
Fix the description in wsutil/exported_pdu_tlvs.h to reflect reality
(i.e., to match what the code in Wireshark that reads the exported PDU
TLVs, and all code that writes them, does).
In the code that dissects them, treat all strings as FT_STRINGZPAD, as
any null bytes at the end of the string are padding, not part of the
string.
See merge request !3895 and issue #17535.
Have wsutil/exported_pdu_tlvs.h define the LINKTYPE_WIRESHARK_UPPER_PDU
TLV type and length values, as well as the port type values written to
files in EXP_PDU_TAG_PORT_TYPE TLVs.
Update the comment that describes the LINKTYPE_WIRESHARK_UPPER_PDU TLVs
to more completely and correctly reflect reality (it was moved from
epan/exported_pdu.h to wsutil/exported_pdu_tlvs.h).
Rename those port type values from OLD_PT_ to EXP_PDU_PT_; there is
nothing "old" about them - yes, they originally had the same numerical
values as the PT_ enum values in libwireshark, but that's no longer the
case, and the two are now defined independently. Rename routines that
map between libwireshark PT_ values and EXP_PDU_PT_ values to remove
"old" from the name while we're at it.
Don't include epan/exported_pdu.h if we only need the
LINKTYPE_WIRESHARK_UPPER_PDU definitions - just include
wsutil/exported_pdu_tlvs.h.
In extcap/udpdump.c, include wsutil/exported_pdu_tlvs.h rather than
defining the TLV types ourselves.
This utility function is useful outside of epan. Move it to wsutil
and export the interface.
The move isn't completely clean as it requires duplicating two small
inline functions but that was necessary to avoiding moving too much at
once.
We have two format_size()s, with and without wmem scoped memory.
Move the wmem version to wsutil and add a convenience macro to
use g_malloc()ed memory.