Commit Graph

223 Commits (695ce22b0d8fc18a3c492d99b0d774e6d77dd744)

Author SHA1 Message Date
João Valverde fe5248717f Replace g_snprintf() with snprintf()
Use macros from inttypes.h with format strings.
2021-12-19 20:06:13 +00:00
João Valverde 504de90a3c wsutil: Split format_size() enum
Use an enum to select units and a bit flag for the other options,
currently only prefix type.
2021-11-29 22:13:32 +00:00
Chuck Craft 1998e7f34b capinfos: man page typos; add longopts to Usage:
The verbiage for first/last packets and start/end times seem
to not be consistent. Changing will also require a change to
Capture File Statistics in the Wireshark Gui. Future MR.
2021-10-12 20:35:15 +00:00
John Thacker 1dd8f3a666 capinfos: Calculate hashes after determining if a capture file
Calculate the hashes for a file after the wtap_open_offline, to avoid
spending time calculating them for files that aren't known capture
formats. We wouldn't print the checksums in those cases anyway,
and the time savings can be considerable on large non-capture files.
2021-10-06 04:38:00 +00:00
João Valverde 5362d0c31b ws_getopt: Rename struct and macros
This is part of the API and should also be renamed to avoid conflicts.
2021-09-30 13:59:28 +00:00
João Valverde 8df2a73594 Use the musl in-tree getopt_long() everywhere
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.

Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.

The API is under the Wireshark namespace to avoid conflicts with
system headers.

Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
2021-09-17 00:43:54 +01:00
David Perry c634315363 [#17519] capinfos: no section headers in table output
Remove "Section N:" headers from capinfos table (`-T`) output when
outputting "additional capture file information" with `-F` and/or
comments with `-k`. These headers broke the formatting of table output.

The downside to this fix is that pcapng files with multiple SHBs and/or
comments will have extra table columns that don't line up with the
header, as in:


There's no real good way around this though.
2021-09-10 05:32:53 +00:00
David Perry 5076aee044 [#17517] capinfos: machine-readable filetype/encap 2021-09-10 04:25:13 +00:00
David Perry 6e12643f19 [#17478] free blocks in more places
Bug 17478 was caused by `wtap_rec.block` being allocated for each
packet, but not freed when it was done being used -- typically at the
end of a loop.

Rather than requiring each caller of `wtap_read()` to know to free a
member of `rec`, I added a new function `wtap_rec_reset()` for a
slightly cleaner API. Added calls to it everywhere that seemed to make

Fixes #17478
2021-08-10 00:08:15 +00:00
João Valverde 100876337a Move version_info.[ch] to ui/
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.

A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.

Also version_info.h should not be installed as a public header.
2021-07-04 10:37:49 +00:00
João Valverde c6a920686c wslog: Check environment initialization for errors
Initialiaze the cmdarg error stream earlier.

Dumpcap also needs to know earlier if it is running in capture
child mode.
2021-06-26 00:18:26 +01:00
João Valverde 759bb234d0 wslog: Check if we are initialized and add missing inits
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead  and use that to initialize the GLib program

ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
2021-06-21 16:03:29 +00:00
João Valverde 0e50979b3f Replace g_assert() with ws_assert() 2021-06-19 01:23:31 +00:00
Guy Harris 57a1514ac7 Cast away the return value of g_strlcpy() and g_strlcat().
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation.  Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
2021-04-30 03:19:19 -07:00
Guy Harris 9b70baac96 Add a new header defining commonly-used exit codes.
"Commonly-used" meaning "used by more than one source file".

Clean up the exit codes, combining some duplicates with different names,
and using some instead of raw numbers in some places.
2021-04-13 01:23:21 -07:00
Guy Harris c33e2f7b51 Add more error-reporting routines that call through a function pointer.
Have routines to report capture-file errors, using libwireshark error
codes and strings, that call through a pointer, so they can pop up
dialogs in GUI apps, print a message to the standard error on
command-line apps, and possibly do something different on server

Have init_report_message() take a pointer to structure containing those
function pointers, rather than the function pointers themselves, as

Make other API changes to make that work.
2021-03-15 12:17:59 -07:00
Guy Harris c0711693ab Enable -Wredundant-decls.
Add it to the default list of checks, and fix some errors it causes.
(Sadly, it doesn't work in CLang.)
2021-02-14 14:43:42 -08:00
Guy Harris 24acef0885 wiretap: file types have a name and a description.
The "short name" is really just the name, used to look it up.  The
"name" is really a description intended solely for human consumption.
Rename the fields, and the functions that access them, to match.

The "description" maintained by Lua for file type handlers is used
*only* for one debugging message; we should probably just eliminate it.
Call it an "internal description" for now.
2021-02-13 01:25:39 -08:00
Guy Harris c6d1031328 Squelch duplicateCondition warning from cppcheck.
Put three statements, all executed iff cap_snaplen is true, into a
single if statement.
2021-01-19 16:16:00 -08:00
Guy Harris 847046a773 capinfos: give another reason to process the IDBs at the end of the file.
Note that reason in a comment.
2020-10-21 01:57:33 -07:00
Gerald Combs 4dc3114c05 Windows: Set our locale to ".UTF-8".
In each of our executables we were calling "setlocale(LC_ALL, "")" at
startup. This told Windows that output was encoded using the current
system code page. Unless the code page was 65001 (UTF-8), this was a lie.

We write UTF-8 to stdout and stderr, so call "setlocale(LC_ALL, ".UTF-8)"
at startup on Windows. This lets the CRT translate our output correctly
in more cases.

Clarify and expand the OUTPUT section in the tshark man page.

Bug: 16649
Change-Id: If93231fe5b332c292946c7f8e5e813e2f543e799
Petri-Dish: Gerald Combs <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <>
2020-07-06 16:20:25 +00:00
Guy Harris 582ad24c38 Remove some single-SHB assumptions.
Make wtap_file_get_shb() take a section number argument, and update code
that called it.  In most cases, we convert the code to iterate over
sections; in cases where a big code change would be required, we
temporarily pass it 0 and mark the code as "needs to be updated for
multiple sections".

Eliminate cf_read_section_comment(); in calls outside file.c, other code
directly calls the libwiretap routines it calls and, inside file.c, we
just transplant the code and then fix it not to assume a single SHB.

Change-Id: I85e94d0a4fc878e9d937088759be04cb004e019b
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2020-05-01 19:46:42 +00:00
Guy Harris 928bbf5984 capinfos: fix absolute and relative time display.
Make the buffers big enough to handle the largest possible time values
you can get with a 64-bit time_t.

Don't cast the seconds value to unsigned long; it's probably signed, and
may not fit in an unsigned long (64-bit on an ILP32 or LLP64 platform),
so cast it to gint64 and print using G_GINT64_MODIFIER followed by "d".

Bug: 16519
Change-Id: I3ab79dfa086d2c4dfb6b93eba8cef3bdce731731
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2020-04-29 19:11:16 +00:00
Guy Harris 20800366dd HTTPS (almost) everywhere.
Change all URLs to use https.

Fix some broken links while we're at it.

Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-by: Guy Harris <>
2019-07-26 18:44:40 +00:00
Guy Harris 937ec02581 1514 is a better initial Buffer size than 1500.
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes
long; using 1514 bytes will avoid a reallocation for a full-sized
Ethernet packet.

Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d
Reviewed-by: Guy Harris <>
2019-04-06 21:04:02 +00:00
Guy Harris 8a5b26efb1 Have wtap_read() fill in a wtap_rec and Buffer.
That makes it - and the routines that implement it - work more like the
seek-read routine.

Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2019-04-05 02:49:43 +00:00
Guy Harris ab352c61fd Report counts of decryption secrets and resolved addresses.
Change-Id: I74e50db685b378afc706215fb9f8e5294aa77f94
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2019-02-19 01:36:58 +00:00
Guy Harris c99882733a Do all the per-capture-file work in process_cap_file().
Open and close the file there, as well as reading it.
Small code cleanup, add comments.

Change-Id: I895dd61c92160649fc9ee1cdcf3df45db3eabe57
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2019-02-14 03:00:53 +00:00
Guy Harris 4f8b3f3d2a By default, don't stop after a read error.
For close to 10 years, we have defaulted not to stop processing on an
open error; default not to stop processing on a read error, either.  -C
causes us to stop for both.

Bug: 15433
Change-Id: I5cd239c160d0ff85eb0425ca4b172532a4659fd3
Reviewed-by: Guy Harris <>
2019-01-24 06:42:58 +00:00
Guy Harris 0c89d8c33a Rename a Boolean flag variable to reflect the non-default behavior.
This makes it slightly clearer, from code inspection, what the -C flag
does.  The default behavior is to continue; -C cause capinfos to stop,
rather than continue, after an open failure.

Change-Id: I8bc67ce61c5d828c7f0ed87ee397ef994ff99aa4
Reviewed-by: Guy Harris <>
2019-01-19 21:56:38 +00:00
Guy Harris 4b6dbf4baf Revert "Change comment to reflect reality."
This reverts commit b32c8432c7.

Reason for revert: the variable name was confusing - it describes
the behavior if the -C flag is *absent*, and -C sets it to *false*.

Change-Id: Ia4d2fb954466b710db3fd1b9897feb9f3818c3a9
Reviewed-by: Guy Harris <>
2019-01-19 21:39:41 +00:00
Guy Harris b32c8432c7 Change comment to reflect reality.
When the -C flag was added, it meant (and still means) "[C]ontinue after
open errors", which was new behavior; the default "exit on open errors"
behavior was not changed.

Change-Id: I066c1aaef544e57efb39404e2dd61acbd9a91754
Reviewed-by: Guy Harris <>
2019-01-19 21:34:58 +00:00
Guy Harris fd93f5490c Clarify the name and description for a link-layer encapsulation type.
What we were calling the "name" is actually a description to show to
users; what were calling the "short name" is just the name to use on the
command line.

Rename some routines and structure members, and put the name first and
description second in the table.

Expand some descriptions to give more details (e.g., to be more than
just a capitalized version of the name).

Fix the CamelCase capitalization of InfiniBand.

Change-Id: I060b8bd86573880efd0fab044401b449469563eb
Reviewed-by: Guy Harris <>
2019-01-09 21:21:56 +00:00
Peter Wu e2e5b01d77 cli_main: remove real_main from stack traces for non-Windows
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.

For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.

Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Petri-Dish: Peter Wu <>
Reviewed-by: Anders Broman <>
2019-01-02 12:08:20 +00:00
Guy Harris ba589a4e44 Move some command-line-oriented routines from wsutil to ui.
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.

The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.

Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2019-01-01 02:07:06 +00:00
Guy Harris 43dfd45faa Move more version-info-related stuff to version_info.c.
Have a ws_init_version_info() routine that, given an application name

	constructs the app-name-and-version-information string, and
	saves it;

	adds the initial crash information on platforms that support it,
	and saves it.

Have show_version() use the saved information and take no arguments.

Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See { URL}" line.

Use those routines in various places, including providing the
"application name" string in pcapng SHBs.

Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2018-12-13 03:16:13 +00:00
Guy Harris a34cc98b2a Put the main() and wmain() routines for CLI programs into a separate file.
That means that code is only in one place, rather than having copies of
it in each of those programs.

CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:

	include the top-level cli_main.h header;

	define the main function as real_main();

	be built with the top-level cli_main.c file.

On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().

On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8

Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2018-12-13 00:52:11 +00:00
Gerald Combs 8c22c5bade Fix some spelling errors found by Lintian.
Change-Id: If6fc3aab7ad4fc634567121f7b9541bc6f6c5766
Reviewed-by: Gerald Combs <>
Petri-Dish: Gerald Combs <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <>
2018-12-05 18:58:19 +00:00
Guy Harris b894c53d5e Add an API to get a description of a compression type, and use it.
Add wtap_compression_type_description(), which returns NULL for
WTAP_UNCOMPRESSED and a descriptive string for other compression types.

Instead of checking for WTAP_GZIP_COMPRESSED and appending "(gzip
compressed)", just pass the compression type to
wtap_compression_type_description() and, if the result is non-null,
append its result, wrapped in parentheses, with a space before the left

Change-Id: I79a999c7838a883953795d5cbab009966e14b65e
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2018-11-16 12:21:00 +00:00
Guy Harris a1372f6d01 Use an enum for compression types in various interfaces.

1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);

2) leaves space in the interfaces in question for additional compression

(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup.  Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).

Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2018-11-16 09:20:36 +00:00
Guy Harris bce13644e9 Bring back arg_list_utf_16to8(), but have it just do UTF-16-to-UTF-8 mapping.
Call it from wmain() in the command-line tools, passing it the input
argument count and vector, and call it from main() in Wireshark, after
getting a UTF-16 argument vector from passing the result of
GetCommandLineW() to CommandLineToArgvW().

Change-Id: I0e51703c0a6c92f7892d196e700ab437bd702514
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2018-10-08 03:05:45 +00:00
Guy Harris a679ae6f79 Use wsetargv.obj, and wmain() rather than main(), on Windows.
Doing so for command-line programs means that the argument list doesn't
ever get converted to the local code page; converting to the local code
page can mangle file names that *can't* be converted to the local code

Furthermore, code that uses setargv.obj rather than wsetargv.obj has
issues in some versions of Windows 10; see bug 15151.

That means that converting the argument list to UTF-8 is a bit simpler -
we don't need to call GetCommandLineW() or CommandLineToArgvW(), we just
loop over the UTF-16LE argument strings in argv[].

While we're at it, note in Wireshark's main() why we discard argv on
Windows (Qt does the same "convert-to-the-local-code-page" stuff); that
means we *do* need to call GetCommandLineW() and CommandLineToArgvW() in
main() (i.e., we duplicate what Qt's WinMain() does, but converting to
UTF-8 rather than to the local code page).

Change-Id: I35b57c1b658fb3e9b0c685097afe324e9fe98649
Ping-Bug: 15151
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2018-10-07 18:57:54 +00:00
Guy Harris 15cfc41e94 Don't use dladdr() to get a pathname for the current executable().
Change-Id: I24ad11a659c2cb936f873339dc2b36ac9944280a
Petri-Dish: Guy Harris <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <>
2018-05-05 08:06:35 +00:00
Peter Wu 461c3f6545 capinfos: fix leak of message digest handle
Change-Id: If67a29b7eff3b3f92e37ac6a6900f9df8aa84818
Petri-Dish: Peter Wu <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <>
2018-03-15 20:28:25 +00:00
Guy Harris 1f5f63f8ef Generalize wtap_pkthdr into a structure for packet and non-packet records.
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.

Add some record-type checks as necessary.

Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-by: Guy Harris <>
2018-02-09 00:29:51 +00:00
Dario Lombardo 8cd389e161 replace SPDX identifier GPL-2.0+ with GPL-2.0-or-later.
The first is deprecated, as per

Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Petri-Dish: Anders Broman <>
Petri-Dish: Dario Lombardo <>
Reviewed-by: Anders Broman <>
2018-02-08 14:57:36 +00:00
Pascal Quantin fc9af81a13 wiretap: add a parameter to wtap_init() indicating whether plugins must be loaded
g995812c5f1 moved wiretap plugins registration from applications to
wiretap library init function.
As we do not want to load plugins for all users of libwiretap, let's
make it configurable.

Bug: 14314
Change-Id: Id8fdcc484e2d0d31d3ab0bd357d3a6678570f700
Reviewed-by: Dario Lombardo <>
Petri-Dish: Dario Lombardo <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <>
2018-01-09 21:25:06 +00:00
João Valverde 995812c5f1 Refactor plugin registration and loading
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.

Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).

The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.

Currently we only distribute "epan" (libwireshark) plugins.

Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Petri-Dish: João Valverde <>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <>
2017-12-14 08:43:57 +00:00
Gerald Combs 775bbbcded Start using SPDX license identifiers.
A while back Graham pointed out the SPDX project (, which is
working on standardizing license specifications:

Appendix V of the specification describes a short identifier
(SPDX-License-Identifier) that you can use in place of boilerplate in
your source files:

Start the conversion process with our top-level C and C++ files.

Change-Id: Iba1d835776714deb6285e2181e8ca17f95221878
Reviewed-by: Gerald Combs <>
Petri-Dish: Gerald Combs <>
Reviewed-by: Balint Reczey <>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <>
2017-11-09 20:03:51 +00:00
Gerald Combs c634f2b184 Capinfos: Add SHA256. Remove MD5.
Print the SHA256, RIPEMD160, and SHA1 hashes for each file instead of
SHA1, RIPEMD160, and MD5. SHA256 seems to be the preferred file hashing
algorithm these days and MD5 is actively discouraged. Note that we might
remove SHA1 (which is also discouraged) as well.

Change-Id: I74d972ae5f3484c83175cd3f3c7a55f99c171e20
Reviewed-by: Gerald Combs <>
Petri-Dish: Gerald Combs <>
Tested-by: Petri Dish Buildbot <>
Reviewed-by: Anders Broman <>
2017-09-27 08:08:44 +00:00