Obviate allocation on every call to get_plugins_pers_dir().
Change-Id: I089ae499f93739d490d4552f59b5db5996f7d26f
Reviewed-on: https://code.wireshark.org/review/23495
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
For a sane plugin build environment. Include config.h as the first
header in the .c file instead.
Fix by moving required compiler attribute macros to a new
"ws_attributes.h" API header.
Change-Id: I34f58a927f68c1a0e59686c14d214825149749e1
Reviewed-on: https://code.wireshark.org/review/23400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Optimize code and open possibility for enriching IPv6 tap data.
Change-Id: I5a204d7464cde32123d5bfe664cc9b6bcf08dbe1
Reviewed-on: https://code.wireshark.org/review/23340
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It seems the locked field of interface_t was used to avoid
simultaneous updates of interface entries from either multiple
threads or most likely the recursive UI update callbacks
case later identified.
Since 802362e ("Avoid recursive scan_local_interfaces operation")
the recursive callback behavior is no longer happening. And as
code does not have consistent checks the locked field can anyway
hardly protect a multi-threaded case if such a case exists.
Remove the unnecessary locked field.
Ping-Bug: 13864
Change-Id: Idc393f702b82aa6014dd636572d00f0d67120bf3
Reviewed-on: https://code.wireshark.org/review/23262
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The interface_options struct passed to dumpcap is populated
differently when running Wireshark with and without -k.
Previously, only with -k was there a valid pointer in
interface_opts.timestamp_type
Fixes: aca55a2 ("Add hardware timestamping support")
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Change-Id: Ic7ecc5a1190c28197d6a7271f1b353f74d43ca61
Reviewed-on: https://code.wireshark.org/review/23160
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert from using TreeWidgetItems to UAT model/delegate. More of the GUI
is "just handled" within the table.
Required to add support for "colors" and "protocol fields" to UAT types.
Also needed to add some hacks for "custom" UAT field handlers for
backwards compatibility with the existing UAT structure used.
Because UAT functionality was switched completely to the model, some
information in the table was "lost in translation" because the UATs
themselves aren't translated to other languages.
TODO:
2. Better "order of operations"? A bunch of NULL/size checks needed to be added to prevent crashing.
Now with model/"view" should events/functions be reordered?
Bug: 13585
Change-Id: I2bbba78182317c4fada07b927c05d0c6f4cdc0fe
Reviewed-on: https://code.wireshark.org/review/22766
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename cf_read_shb_comment() to cf_read_section_comment(); an SHB is a
record type in a particular capture file format (pcapng), and not all
files that have per-file or per-file-section comments have something
called a Section Header Block.
Rename cf_update_capture_comment() to cf_update_section_comment();
pcapng, at least, supports multiple sections, although we don't curently
support that.
This also gives them matching names.
Change-Id: Idd8cb0f0fd9125b9626411274aebfb1ec0097665
Reviewed-on: https://code.wireshark.org/review/22659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
Go from <expression>,<comment> to <comment>\n<expression>
Bug: 13814
Change-Id: I842e38798eba7ff87751733ce0b2befdc9c8c27f
Reviewed-on: https://code.wireshark.org/review/22395
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a field to the display filter button UAT to allow comments
to be displayed as part of the tooltip to the diplay filter
button
Bug: 13814
Change-Id: I74459e4102856258d31d6429e2fd924a9f798cd5
Reviewed-on: https://code.wireshark.org/review/22390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The filter expressions data was shoved into the preference file in a
very loose, non-arrayed form. It's much easier to manage in code
(and for users in a separate file) as a UAT.
The GTK GUI was hacked to use the existing UAT dialog rather than
rewrite the pref_filter_expressions.c to support a UAT. Should
be okay since it's deprecated.
Change-Id: I688cebb4b7b6594878c1398365e79a205f1902d9
Ping-Bug: 13814
Reviewed-on: https://code.wireshark.org/review/22354
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Warning" is a more appropriate name because filter may not
be as deterministic as user desires
Bug: 13834
Change-Id: Ie34e37db8866dc409f25df227a4d34e7c11d0058
Reviewed-on: https://code.wireshark.org/review/22392
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Put custom column field settings in quotes in the recent file to
support multi custom columns which contains space. Otherwise the
space will be removed in prefs_get_string_list() and the field will
not match when reading the recent file.
Change-Id: Ic6e2b1e02d68970a4e11fbecbe55a7b10f8b10dd
Reviewed-on: https://code.wireshark.org/review/22349
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "Previous/Next Packet in Conversation" actions accidentally
overwrites more specific filters (like TCP port matching) by less
specific ones (like IP addresses). This resulted in strange behavior
where packets from different TCP streams were selected.
Change-Id: Ifa93064e1db3777fa3c12e2220bbb0b36b9478fe
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22274
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Places that only need color_t, such as certain preferences, don't need
the color filter stuff.
Change-Id: I88fc2858454d04e659b323a8bc28b21d362ca3fb
Reviewed-on: https://code.wireshark.org/review/22060
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Current layer number needs to be unconditionally saved after v2.3.0rc0-3740-ge1f84f985e,
which increased the number of dissectors that use current layer number to
determine Decode As value.
Change-Id: Ib82370af94ea00613a337890369e228cffa1ed81
Reviewed-on: https://code.wireshark.org/review/21928
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either 1) it can be determined from the libwiretap encapsulation type,
in which case it's redundant information or 2) there *is* no pcap/pcapng
link-layer header type for that encapsulation type, in which case you
need to check for the attempt to determine it failing and handle that
failure appropriately.
Change-Id: Ie9557b513365c1fc8c6df74b9c8239e29aad46bc
Reviewed-on: https://code.wireshark.org/review/21924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Matches Id45052f21ebb290bf92c201370584156a65f2e19
Change-Id: I2b097d176ec3ce0637af95d66d2f58b834c79ea2
Reviewed-on: https://code.wireshark.org/review/21783
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There isn't an API to do it and if WinPcap isn't present it can
cause a crash.
Change-Id: I5338f854acb26f0822ac027e6c853a550da3f7b1
Reviewed-on: https://code.wireshark.org/review/21758
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move gtk's fld_tostr() to epan API as uat_fld_tostr.
Change-Id: I01e3b66ca9ea3cd1e2e06e2122190ee42b9ad44b
Reviewed-on: https://code.wireshark.org/review/21664
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have a header file that defines HAVE_REMOTE if HAVE_PCAP_REMOTE is
defined, and then includes pcap.h. Replace all other includes of
pcap.h, and the definition of HAVE_REMOTE, with includes of that file.
Check for anything other than wspcap.h including pcap.h in checkAPIs.pl.
Change-Id: I3cbee8208944ad6f006f568b3fe3134e10b2a883
Reviewed-on: https://code.wireshark.org/review/21605
Reviewed-by: Guy Harris <guy@alum.mit.edu>
WinPcap made the mistake of having stuff in its public header fines
depend on a configuration #define, HAVE_REMOTE; this means that we need
to forcibly define it when building with remote capture support.
The tip of the libpcap master branch does not have that botch; hopefully
future versions of libpcap-for-Windows will be based on that libpcap and
thus lack that botch as well.
Defining HAVE_REMOTE in config.h is not the right fix, as it makes it
look like a *Wireshark* configuration option that code in Wireshark
should test, rather than a *WinPcap* configuration option that the
pcap.h that ships with the WinPcap SDK should have been changed, as part
of the build process, to correctly define or not, so that users of
WinPcap don't have to define it themselves.
Change-Id: I62d1eca6d3c900d0dcc9fbc011db77f595a86313
Reviewed-on: https://code.wireshark.org/review/21593
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Expand comments while we're at it.
Change-Id: I6dcc791eab1c9e323a9572f3d54720d223bdd64b
Reviewed-on: https://code.wireshark.org/review/21252
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Take cf_close_failure_alert_box() and put it into libui, with the name
cfile_close_failure_alert_box(). Use it not only in file.c but also
in ui/export_pdu_ui_utils.c, ui/gtk/file_import_dlg.c, and
ui/qt/import_text_dialog.cpp where the error we get back isn't
necessarily an errno.
Have ui/gtk/file_import_dlg.c and ui/qt/import_text_dialog.cpp also use
cfile_open_failure_alert_box() on open errors.
Change-Id: I987f339a23ea58609390306a319923e7f92d5c07
Reviewed-on: https://code.wireshark.org/review/21203
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is a breaking change.
prefs_register_filename_preference hasn't been differentiating
between files to be saved and ones to be opened.
On GTK, a neutral dialog is used, so no problems there.
On Qt, a save dialog has been always used, even in dissectors that
were reading configuration files without modification.
prefs_register_filename_preference now takes an argument to indicate
whether UI could be a save dialog with a warning on overwriting
a file, or whether it's a general purpose open file dialog.
Qt now does this. Previously no warning was shown on overwriting a file,
so it may be used for opening files too without irritating the user.
This has been changed, as non-destructive reads should now use
the open dialog.
Dissectors were changed accordingly.
Change-Id: I9087fefa5ee7ca58de0775d4fe2c0fdcfa3a3018
Reviewed-on: https://code.wireshark.org/review/21086
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
XXX_prime_with_YYY makes it a bit clearer than does XXX_prime_YYY that
we're not priming YYY, we're priming XXX *using* YYY.
Change-Id: I1686b8b5469bc0f0bd6db8551fb6301776a1b133
Reviewed-on: https://code.wireshark.org/review/21031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Currently, this is only used to determine whether a protocol tree needs
to be built on the first pass or not - if there are postdissectors that
need fields, it does - but eventually we should be able to use it to
prime the dissection to deliver those fields in cases where we don't
need the *entire* protocol tree (rather than using a hack such as
cooking up a fake tap with a fake filter to do that).
Update MATE and TRANSUM to use it.
Clean up code to check whether we need a protocol tree, and add comments
before that code indicating, in each case, what the criteria are.
The array of postdissectors includes a length, so we don't need to
separately keep track of the number of postdissectors.
Clean up indentation while we're at it.
Change-Id: I71d4025848206d144bc54cc82941089a50e80ab7
Reviewed-on: https://code.wireshark.org/review/21029
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, nothing using libwireshark needs to know what settings need to
be loaded, they just call epan_load_settings().
Change-Id: I9390e259e286fc4f5acaeaac2767e4c3c4b656af
Reviewed-on: https://code.wireshark.org/review/20983
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't belong in libwireshark, as it doesn't affect dissection, but
it *does* belong in libui, as it's helper code for the UIs.
Change-Id: I8a5e0640a299a08e9ec1917dd253197438ebfdbc
Reviewed-on: https://code.wireshark.org/review/20974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need to duplicate it in N different programs.
Update comments while we're at it.
Change-Id: I3096cbe5448a19363eff6303bdd54e522dae9336
Reviewed-on: https://code.wireshark.org/review/20973
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's identical in the GTK+ and Qt UIs, and it should just be done in
libwireshark.
Rename some routines to just speak of enabled_and_disabled_lists, so we
don't have to say enabled_and_disabled_protos_and_heuristic_dissectors
or something such as that.
Clean up indentation.
Change-Id: Ief2e612d9e1b60d8d0123b6bd3409dce5faf6495
Reviewed-on: https://code.wireshark.org/review/20970
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While this is one possible way to fix it, it probably is not the "right"
way to do it. I just don't know which one would be right. I regard
several options to be cleaner:
- Remove if_info from interface_t altogether and add the required fields
to interface_t directly.
- Never use device.if_info.name but always use device.name (same with
friendly_name)
- Initialize both fields the same (same with friendly_name)
- Also not nice: device is optically a struct, not a pointer. So into the
function, when we create a new struct (that's where the error "is made"),
the same name continues to be used.
Not improving my confidence into my solution:
- I haven't bee able to figure out why the automated Windows builds don't
crash/assert.
Last but not least: The two qt/gtk functions should probably have their common
core extracted into a common function.
Change-Id: I1b36d1765d1a1ec975927cb5785a1540ba4952f5
Ping-Bug: 13448
Reviewed-on: https://code.wireshark.org/review/20721
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
That way, if we ever increase WTAP_MAX_PACKET_SIZE, this code won't need
to be changed.
Change-Id: I68d21e10810b7b8a4732d9ecf7e145668b0fe1cb
Reviewed-on: https://code.wireshark.org/review/20761
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I4b78a3bff7ed158eef2008e52ec8abc9f7a8d1d3
Reviewed-on: https://code.wireshark.org/review/20748
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Windows vscodeanalysis complains even though the event is probably
very unlikely.
Change-Id: Iafe158eea5586908209d6bfe1e45540117558673
Reviewed-on: https://code.wireshark.org/review/20727
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reset auth_str for each round of the loop.
Change-Id: Ib5be6a3d172c28d7b1634fdba3e72c83622405dd
Reviewed-on: https://code.wireshark.org/review/20698
Reviewed-by: Jörg Mayer <jmayer@loplof.de>