Split the match functions in twain, one for case-sensitive and
one for case-insensitive, so we can use memchr to search for the
first byte in the case-sensitive version and ws_mempbrk for the
case-insensitive version. They are highly optimized on most systems
and considerably faster on large files.
Also fix a few issues regarding wide strings, such as false positives
and the length to highlight when matching. Fix#12908
Add a checkbox to the packet format group box to allow the
hexdump to only have the main frame instead of secondary data
sources as well, so that Print and Export Packet Dissections can
be used for input to text2pcap.
Without that, you could add a comment to a record in a file format the
reading code for which doesn't allocate blocks, but the comment doesn't
get saved, as there's no block in which to save the comment option.
This simplifies some code paths, as we're either using the record's
modified block or we're using the block as read from the file, there's
no third possibility.
If we attempt to read a record, and we get an error, and a block was
allocated for the record, unreference it, so the individual file readers
don't have to worry about it.
Bug 17478 was caused by `wtap_rec.block` being allocated for each
packet, but not freed when it was done being used -- typically at the
end of a loop.
Rather than requiring each caller of `wtap_read()` to know to free a
member of `rec`, I added a new function `wtap_rec_reset()` for a
slightly cleaner API. Added calls to it everywhere that seemed to make
sense.
Fixes#17478
"User" sounds as if the blocks belong to the user; at most, the current
user might have modified them directly, but they might also have, for
example, run a Lua script that, unknown to them, modified comments.
Also, a file might have "user comments" added by a previous user, who
them wrote the file and and provided it to the current user.
"Modified" seems a bit clearer than "changed".
Mostly functioning proof of concept for #14329. This work is intended to
allow Wireshark to support multiple packet comments per packet.
Uses and expands upon the `wtap_block` API in `wiretap/wtap_opttypes.h`.
It attaches a `wtap_block` structure to `wtap_rec` in place of its
current `opt_comment` and `packet_verdict` members to hold OPT_COMMENT
and OPT_PKT_VERDICT option values.
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
If cf_export_specified_packets() succeeds, and it wrote to a temporary
file, it leaks the name of the file to which it was writing. Free that
after we've renamed that file on top of the target file (safe save).
In cf_export_specified_packets(), if the loop processing the packets
fails, we're going to go to the failure code, which will unlink the file
to which we were writing if we were writing to a temporary file, so we
don't need to unlink it before going there.
While we're at it, note why we don't report any error from
wtap_dump_close() in that case.
If the user aborted the process of exporting packets, if we're writing
to a temporary file, we unlink the file, but we don't free the
g_mallocated name of the file, so it's leaked. Free it.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
Save a copy of the pathname used to open a file in the wtap structure.
This allows the BER file reader to put a pointer to it in the
pseudo-header; it also would allow file readers to attempt to read
"associated" files that have the same name as the file, but with a
different extension.
Instead of having cf_open() special-case BER files, and calling a
routine in the BER dissector to specify the file name to the dissector,
have separate dissectors for "dissect packet payload as BER" and
"dissect a file as BER", and have the latter get the pathname of the
file from the pseudo-header and determine the ASN.1 syntax from that.
(Side-effect - this means that you can now dissect a BER file, and have
the syntax be determined by the file extension, in TShark as well; the
above cf_open() special-casing was *not* done in TShark, so it didn't
work before. Now the application code doesn't need to do any of that,
so it works in TShark as well as Wireshark.)
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
Start the limit at 2^32-1, as we use a guint32 to store the frame
number.
With Qt prior to Qt 6, lower the limit to 53 million packets; this
should fix issue #16908.
This reverts commit 5df2925434.
The problem only showed up in tfshark.c, and was caused by tfshark.c
using stuff from ui/urls.h but not *including* ui/urls.h.
If you use it, GCC 9.3.0 seems to think there's a missing parenthesis
somewhere, just as the version of clang++ in my version of Xcode does,
even though other versions of GCC don't. I'm clearly missing something
obscure about C here; I give up.
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
Programatically show the master split widget before elements are added
to prevent pending resize events from resizing packet columns to insane
widths (in my case orders of magnitude higher than display resolution)
Such resize was occuring when loading capture file if configuration file
included hidden columns (e.g. 55 defined columns, 8 visible). The resize
was not directly visible to user. Resize event call chain included calls
to recent_set_column_width() that changed width stored in configuration.
Modified configuration column width value would become effective after
user added or removed columns.
Hide PacketList when freezing and show it when thawing. Do not call
setUpdatesEnabled(false) as it leads to widget/preferences columns
missynchronization.
Clear packet list before freeing frame data. This prevents accessing
freed memory in ProtoTree on file close if packet list was in focus and
the next widget to get focus is packet details.
Ping-Bug: 16063
Bug: 16491
Change-Id: I2c21d928348681af1793b3263815c81ee73d41b0
Reviewed-on: https://code.wireshark.org/review/37029
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make wtap_file_get_shb() take a section number argument, and update code
that called it. In most cases, we convert the code to iterate over
sections; in cases where a big code change would be required, we
temporarily pass it 0 and mark the code as "needs to be updated for
multiple sections".
Eliminate cf_read_section_comment(); in calls outside file.c, other code
directly calls the libwiretap routines it calls and, inside file.c, we
just transplant the code and then fix it not to assume a single SHB.
Change-Id: I85e94d0a4fc878e9d937088759be04cb004e019b
Reviewed-on: https://code.wireshark.org/review/37000
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If we're not going to distinguish between "Loading" and "Reloading" in
the progress bar here, we don't need to check, when creating the
progress bar, whether we're loading or reloading.
Should fix Coverity CID 1461194.
Change-Id: Ib58799c3a43a7ff549006034e2a47cce1ea87a98
Reviewed-on: https://code.wireshark.org/review/36689
Reviewed-by: Guy Harris <gharris@sonic.net>
Adding back progress titles in g3069129fe5 revealed the fact that we had
duplicate messages in the Qt UI and in file.c. Remove the ones in file.c
in favor of the Qt UI, since the latter are translated.
Change-Id: I5ff8f1bd34e963e9e66c01420ad8c5fe9c2f0caa
Reviewed-on: https://code.wireshark.org/review/36646
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If read from capture file fails, set a flag that result in subsequent
read attempts to not display alert box on read failure.
This solves endless "An error occurred while reading the capture file"
error when the underlying trace file becomes unavailable. Now it is
possible for the user to close the capture file.
Bug: 4811
Change-Id: I411bbb3fb717bc994ab1f5e3805e2c8b4ee09c5e
Reviewed-on: https://code.wireshark.org/review/36114
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
During live capture, the previous logic was to jump to row 1 when there is no
'current_frame'. When multiselect is active, there is no 'current_frame', so
it would always jump back to row 1, when >1 packet was selected.
Bug: 16293
Change-Id: Id1c9eb36fcae83f67ae342be6f9dfc1405ce7025
Reviewed-on: https://code.wireshark.org/review/35747
Reviewed-by: Michael Mann <mmann78@netscape.net>
Much better to use a known library than create it ourselves.
Also remove get_tempfile_path as it's not used.
Bug: 15992
Change-Id: I17b9bd879e8bdb540f79db83c6c138f8ee724764
Reviewed-on: https://code.wireshark.org/review/34420
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The pointer returned by create_tempfile() must not be freed. As the
wtap_dump_open_tempfile() callers are freeing the returned filename,
duplicate the string so it can be freed.
Bug: 15377
Change-Id: Ib0b23aaee748ef67600ef3f7d40610ebbbec721c
Reviewed-on: https://code.wireshark.org/review/34272
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Replace g_get_current_time by g_get_monotonic_time (since GLib 2.28, we
require 2.32) to simplify code and ignore time jumps. Qt does not need
the elapsed time, so remove the parameter from the progress callback.
Change-Id: Icaad4b909b9cb4bb07d28fcdf3d383d64aa00127
Reviewed-on: https://code.wireshark.org/review/33975
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's slightly less arbitrary.
Change-Id: Ie505a5d128f00ae3a1d9280ab076e483a85e2be3
Reviewed-on: https://code.wireshark.org/review/32881
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have cf_read_current_record() take a capture_file as an argument and
read, into its wtap_rec and Buffer for the currently-selected frame,
information for the currently-selected frame.
Rename cf_read_record_r() to cf_read_record().
That gives us 1) a routine that reads the currently-selected frame into
the wtap_rec and Buffer for the currently-selected frame and 2) a
routine that reads an arbitrary frame into the wtap_rec and Buffer
supplied to it. If you *want* the currently-selected record, use the
former, otherwise use the latter.
Change-Id: If6bd5915dd5bc18334d7b89859822a19234153a4
Reviewed-on: https://code.wireshark.org/review/32858
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We use one in all the other loop-over-all-records operations, such as
retapping, saving, printing/writing dissections, etc.; these are the
only ones remaining.
Change-Id: Ib854e3a3dfb5c4b05ae103998046f4bd11c39e7e
Reviewed-on: https://code.wireshark.org/review/32819
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way we aren't allocating memory, reading packets from a batch, and
freeing the memory for each batch of packets delivered by dumpcap; we do
the allocation when the capture starts and the freeing when it finishes.
Change-Id: If012ab865f3a99d869535ad10827ad8680c1b10c
Reviewed-on: https://code.wireshark.org/review/32766
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move it next to other capture_file fields for the currently-selected
packet, add a comment indicating that's what all those fields are for,
separate them from the following fields that *aren't* for the
currently-selected field, and explicitly use them in cf_select_packet().
Also add a comment about why we're waiting until the end to free up the
old cf->edt in cf_select_packet() and cf_unselect_packet().
Change-Id: I1653af06eeb4ebe1131bc08bcaa2dc639932c7fa
Ping-Bug: 15683
Reviewed-on: https://code.wireshark.org/review/32764
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes
long; using 1514 bytes will avoid a reallocation for a full-sized
Ethernet packet.
Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d
Reviewed-on: https://code.wireshark.org/review/32761
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 9445403f95.
cf_select_packet frees the buffer backing the dissection result
(cf->edt) which results in use-after-frees when callers try to access
the contents. See for example this call trace:
* PacketList::selectionChanged
* cf_select_packet(cap_file_, row)
* frameSelected(row) -> ByteViewTab::selectedFrameChanged
* addTab(source_name, get_data_source_tvb(source))
get_data_source_tvb returns the buffer that backs the dissection and
must remain valid even after dissection has completed. If this is not
done, then a possibly expensive redissection must be done in order to
populate the byte view. The temporary memory savings are not worth it.
Bug: 15683
Change-Id: Ia5ec2c7736cdebbac3c5bf46a4e2470c9236262d
Reviewed-on: https://code.wireshark.org/review/32758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most code that reads from a capture_file already has its own wtap_rec
and Buffer; change the remaining ones to do so as well.
Change-Id: I9b7c136642bbb375848c37ebe23c9cdeffe830c3
Reviewed-on: https://code.wireshark.org/review/32732
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
David Perry