Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
The include_directories documentation at
https://cmake.org/cmake/help/latest/command/include_directories.html
says:
"Note: Prefer the target_include_directories() command to add include
directories to individual targets and optionally propagate/export them
to dependents."
Switch from include_directories to target_include_directories in a bunch
of places.
Add "SYSTEM" to the remaining external include_directories calls in
order to minimize our compiler warning blast radius.
Provide a wiretap routine to get an array of all savable file
type/subtypes, sorted with pcap and pcapng at the top, followed by the
other types, sorted either by the name or the description.
Use that routine to list options for the -F flag for various commands
Rename wtap_get_savable_file_types_subtypes() to
wtap_get_savable_file_types_subtypes_for_file(), to indicate that it
provides an array of all file type/subtypes in which a given file can be
saved. Have it sort all types, other than the default type/subtype and,
if there is one, the "other" type (both of which are put at the top), by
the name or the description.
Don't allow wtap_register_file_type_subtypes() to override any existing
registrations; have them always register a new type. In that routine,
if there are any emply slots in the table, due to an entry being
unregistered, use it rather than allocating a new slot.
Don't allow unregistration of built-in types.
Rename the "dump open table" to the "file type/subtype table", as it has
entries for all types/subtypes, even if we can't write them.
Initialize that table in a routine that pre-allocates the GArray before
filling it with built-in types/subtypes, so it doesn't keep getting
reallocated.
Get rid of wtap_num_file_types_subtypes - it's just a copy of the size
of the GArray.
Don't have wtap_file_type_subtype_description() crash if handed an
file type/subtype that isn't a valid array index - just return NULL, as
we do with wtap_file_type_subtype_name().
In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_
names for the backwards-compatibility names - map those names to the
current names, and then look them up. This reduces the number of
uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values.
Clean up the type of wtap_module_count - it has no need to be a gulong.
Have built-in wiretap file handlers register names to be used for their
file type/subtypes, rather than building the table in init.lua.
Add a new Lua C function get_wtap_filetypes() to construct the
wtap_filetypes table, based on the registered names, and use it in
init.lua.
Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended
only for internal use in init.lua, so they can be made available from
Lua without being documented.
Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use
it, as it can just request arrays of types, and the space of
type/subtype codes can be sparse due to registration in any case, so
code has to be careful using it.
wtap_get_num_file_types_subtypes() is no longer used, so remove it. It
returns the number of elements in the file type/subtype array, which is
not necessarily the name of known file type/subtypes, as there may have
been some deregistered types, and those types do *not* get removed from
the array, they just get cleared so that they're available for future
allocation (we don't want the indices of any registered types to changes
if another type is deregistered, as those indicates are the type/subtype
values, so we can't shrink the array).
Clean up white space and remove some comments that shouldn't have been
added.
In the proto tree, copy URLs instead of opening them.
In the export dialog, enable previews only if the advertised MIME type
*and* the contents of the file are plain text, GIF, JPEG, or PNG.
Add warnings to the wslua browser_open_url and browser_open_data_file
documentation.
Fixes#17232.
Use target_include_directories instead of include_directories in a few
places as recommended at
https://cmake.org/cmake/help/latest/command/include_directories.html
Doing so lets us mark a bunch of dependency includes SYSTEM PRIVATE, in
particular LIBXML2_INCLUDE_DIRS. On macOS this keeps us from triggering
the nullability warnings described at
https://www.wireshark.org/lists/wireshark-dev/202004/msg00056.html
(This might also keep the Visual Studio code analyzer from complaining
about various Qt headers, but I haven't tested this.)
Remove most of the built-in file types from the table in
wiretap/file_access.c and, instead, have the file types register
themselves, using wtap_register_file_type_subtypes().
This reduces the source code changes needed to add a new file type from
three (add the handler, add the file type to the table in file_access.c,
add a #define for the file type in wiretap/wtap.h) to one (add the
handler). (It also requires adding the handler's source file to
wiretap/CMakeLists.txt, but that's required in both cases.)
A few remain because the WTAP_FILE_TYPE_SUBTYPE_ #define is used
elsewhere; that needs to be fixed.
Fix the wiretap/CMakefile.txt file to scan k12text.l, as that now
contains a registration routine. In the process, avoid scanning files
that don't implement a file type and won't ever have a registration
routine.
Add a Lua routine to fetch the total number of file types; we use that
in some code to construct the wtap_filetypes table, which we need to do
in order to continue to have all the values that used to come from the
WTAP_FILE_TYPE_SUBTYPE_ types.
While we're at it, add modelines to a file that lacked them.
Recommend the use of wtap_name_to_file_type_subtype() to get filetype
values, unless you need to run on older versions of Wireshark that don't
have it.
Don't even *mention* wtap_filetypes in the documentation for the new
wtap_ routines, as, if you have those routines, you have
wtap_name_to_file_type_subtype(), because it's one of those routines.
Fix references to "nul" while we're at it - it's "nil" in Lua.
(That part of the WSDG - the Lua reference - is generated, so this
involves changing the source code implementing the Lua routines.)
The "short name" is really just the name, used to look it up. The
"name" is really a description intended solely for human consumption.
Rename the fields, and the functions that access them, to match.
The "description" maintained by Lua for file type handlers is used
*only* for one debugging message; we should probably just eliminate it.
Call it an "internal description" for now.
Provide Lua version of wtap_file_type_subtype_string(),
wtap_file_type_subtype_short_string(), and
wtap_short_string_to_file_type_subtype().
This will be backported to the 3.2 and 3.4 branches, to allow scripts
not run on the bleeding-edge version to use them.
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
This bug affects Lua plugin dissectors for encapsulation protocols like
GRE. Typically the dissector creates a range for the payload packet, then
calls the next dissector with a tvb derived from the range, using
TvbRange_tvb(). The original version calls
tvb_new_subset_length_caplen() using the remaining capture length for the
reported_len argument. The fix passes -1 as the reported length, and
tvb_new_subset_length_caplen() calculates the new reported_len as required.
The bug only affects large packets captured with a snaplen and
truncated, then decoded with a Lua plugin for the encapsulation header.
Here's the typical bug symptom, gleaned from tshark decode of
an encapsulated IP payload:
[Expert Info (Error/Protocol): IPv4 total length exceeds packet length (114 bytes)]
[IPv4 total length exceeds packet length (114 bytes)]
Closes#15655.
Fix error handlers in Listener draw() and reset() to avoid getting
LUA_ERRERR from lua_pcall(). Added error handler for Listener draw()
callback.
Handle LUA_ERRERR from lua_pcall() to avoid assert on this.
Changed some capitalized words in various error message.
Closes#16974.
My initial fix caused several double-offset errors in TvbRange_raw()
because I was adjusting for the TvbRange's offset too early in the
process. The proper fix is to only adjust for it in the final call to
get the data.
I also simplified some of the bounds checks to be based on the values in
the TvbRange instead of calling `tvb_captured_length()` and the like,
because its bounds are already checked against the backing Tvb when it's
first taken.
Massively expanded the lua test suite to account for every combination
of passing offsets and lengths to a Tvb or TvbRange and to the
subsequent `:raw()` call.
Return nil from Dissector.get() and DissectorTable.get() when the
reference is not found. This can be used to check for existence of
a dissector or dissector table before use.
We already do this for DissectorTable.get_dissector().
As noted in bug #16386, glib's `g_base64_decode_inplace()` aborts
decoding of base64 strings that aren't padded. This addresses that by
adding padding "=" characters if needed to the buffer which will be
decoded.
I added the test case from the bug report to the test suite, though the
location therein may not be ideal.
Closes#16386
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
FT_STRINGZPAD is for null-*padded* strings, where the field is in an
area of specified length, and, if the string is shorter than that
length, all bytes past the end of the string are NULs.
FT_STRINGZTRUNC is for null-*truncated* strings, where the field is in
an area of specified length and, if the string is shorter than that
length, there's a null character (which might be more than one byte, for
UCS-2, UTF-16, or UTF-32), and anything after that is not guaranteed to
have any particular value.
Use IS_FT_STRING() in some places rather than enumerating all the string
types, so that those places get automatically changed if the set of
string types changes.
Remove the --check-addtext and --build flags. They were used for
checkAddTextCalls, which was removed in e2735ecfdd.
Add the sources in ui/qt except for qcustomplot.{cpp,h}. Fix issues in
main.cpp, rtp_audio_stream.cpp, and wireshark_zip_helper.cpp.
Rename "index"es in packet-usb-hid.c.
The Universal CRT supplies stdint.h, so there's no reason to define our
own types.
Change-Id: I40d4216136aaecae1dc07b0b32ac31032a74b632
Reviewed-on: https://code.wireshark.org/review/37648
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The LUA API provides the "set_color_filter_slot" function, but without
a corresponding "get_" function, it's very hard for two LUA dissectors
to co-exist without one overwriting any color filters set by the other.
It also looks like the documentation comment for
"set_color_filter_slot" had an off-by-one error, which I've corrected
as I was adding almost identical documentation for the new API.
Change-Id: Ic54d23be555ec12e1830bbe6f84a1b04d04fd4f0
Reviewed-on: https://code.wireshark.org/review/37511
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use lua_class_DissectorTable instead of lua_class_DissectorTables.
Use title case for each module.
Change-Id: Ie855022ee59a857c8ced7c3e6ba070ab494fa017
Reviewed-on: https://code.wireshark.org/review/36634
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add content from https://wiki.wireshark.org/LuaAPI/Pinfo and update as
needed.
Change-Id: Ia0b61b529c2a83d6dca8244916154cdc86289a79
Reviewed-on: https://code.wireshark.org/review/36628
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add content from https://wiki.wireshark.org/LuaAPI/Listener and update
as needed.
Add an example that dumps valid listener names.
Change-Id: I009eaa83c645b5ad78b560acb249a3060b2784ba
Reviewed-on: https://code.wireshark.org/review/36624
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add content from https://wiki.wireshark.org/LuaAPI/GUI and update as
needed.
Separate some of our Asciidoctor output with newlines.
Change-Id: I2b8b9449c94bd69095fbd4b65ea415cd4d525c30
Reviewed-on: https://code.wireshark.org/review/36613
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fields such as 'frame.time_delta' have no byte selection, they are added
with offset 0 and length 0, and evidently 'ws_tvb' is NULL. As
tvb_bytes_to_str expects a non-NULL tvb, explicitly check for this and
add a dummy placeholder. This is intended to be a human-readable string,
so prefer `<EMPTY>` over an empty string.
Change-Id: I32efe4cbefc6bcf0fa9fb94fcf25d7bf1628f3a7
Reviewed-on: https://code.wireshark.org/review/36440
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The _wslua_main struct / WireShark class appears to have never been
used, so remove it.
Change-Id: Id80fb2c2065accedf632ea4cc467d566d10870de
Reviewed-on: https://code.wireshark.org/review/35480
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Free one more allocated callback data in TextWindow. This is needed
because text_win_close_cb() is also doing the same as TextWindow__gc().
Bug: 16177
Change-Id: I7c2211e154a6db1dccd22df824e76cce575040c9
Reviewed-on: https://code.wireshark.org/review/34990
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Free allocated callback data in FunnelStringDialog, TextWindow and
registered menu items. Also free strings used in FunnelStringDialog.
Bug: 16177
Change-Id: I9a129b8975a55d1dc89fe851116feebe82763bca
Reviewed-on: https://code.wireshark.org/review/34945
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If a ProtoExpert object was created, but not linked to a Proto, then the
object and some fields (abbrev, text) would leak.
This is a follow-up to g79fef2ae.
Change-Id: Ic0b44e8b70895a19d9b52a0e44064a1e76a58fa0
Reviewed-on: https://code.wireshark.org/review/34876
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
If a ProtoField object was created, but not linked to a Proto, then the
strings field and all elements (depending on type) would leak.
This is a follow-up to g79fef2ae and fixes the real issue in g44870fb1.
Change-Id: I01880a92bb20fae45f68c754b07daeb07630deec
Reviewed-on: https://code.wireshark.org/review/34872
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Improve paremeter check in ProtoField.new() when using ftypes.CHAR:
- Check valid base types and give an error when not supported instead of
terminate in a g_error() (base.DEC is not supported).
- Give an error if used with base.UNIT_STRING instead of silently remove
the flags.
- Support base.RANGE_STRING instead of removing the flag.
Support using base.NONE with a valuestring.
Add ftypes.CHAR to the list of supported types.
Change-Id: I0e3f9698074c807f5da0de23ccd1be7446271135
Reviewed-on: https://code.wireshark.org/review/34783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ProtoField.new() already support ftypes.CHAR, so add ProtoField.char()
to complete the support for FT_CHAR in Lua.
Change-Id: I0568f874fd667f834584a07af14bdda9bb03856b
Reviewed-on: https://code.wireshark.org/review/34784
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fall back on the Wayback Machine for some links.
Change-Id: I6a44a2caaeb4fa521c2f08196e7c36069e3bb842
Reviewed-on: https://code.wireshark.org/review/34103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some dissectors populate pinfo->p2p_dir with a packet's direction
(incoming / outgoing). Make this info available to lua dissectors.
Add a simple test for Pinfo's new p2p_dir attribute to the wslua
test suite. It checks that p2p_dir is unknown for dhcp packets.
(The dhcp dissector does not set p2p_dir).
Change-Id: I8cc39a11cff840d10ef7fa94d30cbac8bf9b533f
Reviewed-on: https://code.wireshark.org/review/33935
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Use call_data_dissector directly for the same effect as lua_data_handle.
Remove the special case where DissectorTable.get_dissector() returns the
data dissector for an unsupported type. The documentation says that nil
is returned if the handle is not found, that seems more appropriate.
Change-Id: I128ef90b79bda925a4329202a0b9956e1cf16200
Reviewed-on: https://code.wireshark.org/review/34032
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Add an optional paramter of type Proto to DissectorTable.new().
If the caller provides a Proto, we can get the protocol id and
use it when we register the dissector table.
Change-Id: I3ab0819c41fa97288ec962d8d495b63d4750ce4b
Reviewed-on: https://code.wireshark.org/review/33608
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reorder the code to have a single return statement at the end.
Take advantage of the fact that WSLUA_OPTARG_ERROR terminates
the C function that called it.
Do only the parameter checks in the switch-case statement.
Get rid of the intermediate steps when we copy name and ui_name.
Change-Id: Ie8917d19589a6ee16a4a5d14f2c1711d35cc8114
Reviewed-on: https://code.wireshark.org/review/33607
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The C code introduced ft_none dissector tables some time ago. They have
no indicator to select the next protocol, only Decode As is supported
for them.
Allow lua code to create ft_none dissector tables as well. The patch
is trying to make as few changes as possible to DissectorTable_new().
Change-Id: Ie3ff58f092e6922ab7878d202c7484a64b2430a3
Reviewed-on: https://code.wireshark.org/review/33588
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Calling DissectorTables's try method for a dissector table of an unknown
type crashes Wireshark.
local dt = DissectorTable.get("iso14443.subdissector")
dt:try(0, tvbuf, pinfo, tree)
causes a segmentation fault
Thread 1 "wireshark" received signal SIGSEGV, Segmentation fault.
except_pop () at /media/sf_wireshark.git/epan/except.c:264
264 set_top(top->except_down);
(gdb) print top
$1 = (struct except_stacknode *) 0x2
(gdb) bt
at /media/sf_wireshark.git/epan/packet.c:590
My gut feeling (I haven't verified this) is that we should not call luaL_error()
inside a TRY-CATCH block. DissectorTable_try does this when the type of the
dissector table is not supported.
Fall back to the data dissector in this case and bring up an expert info
instead of aborting the dissection completely.
Change-Id: I9a49f738a99b2618014f41050d8c0bf6bfbb4138
Reviewed-on: https://code.wireshark.org/review/33357
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We added FT_NONE dissector tables a while ago. These tables can only be
used for Decode As. Support such dissector tables in lua's print() function.
print(DissectorTable.get("iso14443.subdissector"))
will now print
DissectorTable iso14443.subdissector only for Decode As:
Change-Id: I9f5a2f6d6b1edb2a53ca1d2c0ae158c16fddf05f
Reviewed-on: https://code.wireshark.org/review/33356
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Lua 5.2 moves unpack to table.unpack, be sure to define this for Lua 5.1
or LuaJIT. This fixes an error with https://github.com/Lekensteyn/kdnet
when using LuaJIT.
Change-Id: Ib9e4591d9edb1cb3b0c1e86172331055f9f457d9
Ping-Bug: 15745
Reviewed-on: https://code.wireshark.org/review/33046
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get rid of ATTRS_BLOCK, which is either empty or sets a value for attr.
We can initialize attr in any case, either to NULL or to the attributes
provided by the caller. This makes the code a bit easier to read (at
least for me).
Change-Id: Ib26ea5ec099b365303de5aaf407470ad48b126f9
Reviewed-on: https://code.wireshark.org/review/32186
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Users should not be starting Wireshark as root user (sudo or root
login). If they do, then they can already execute arbitrary code via C
plugins, or read and write arbitrary files. Limiting the Lua API will
not really help these users to prevent breaking their system further.
Therefore remove all artificial restrictions and allow users to run
user-supplied scripts by default. If for whatever policy reason this
flag is set to false, then only Lua dissectors from the global system
directory are executed. It is their responsibility not to provide a free
root shell to the user.
Note that "running_superuser" will also be true if setuid root while the
effective and real user is no longer root. This happens due to
relinquish_special_privs_perm(). In this case, disabling the Lua API is
just annoying with no benefits.
Change-Id: Ie8a38e6160d861f02cbb70dcd1d90462153f4665
Link: https://www.wireshark.org/lists/wireshark-dev/201902/msg00004.html
Reviewed-on: https://code.wireshark.org/review/31913
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
dofile is currently disabled whenever Wireshark or tshark was started as
root, calling it will result in Lua errors on startup.
Even if dofile were not disabled, the Lua Evaluate menu option enables
arbitrary Lua code execution. The other options (Console, help links)
are not that important either, so just disable it when run as root.
Change-Id: I0785fe9b3d4678d71ae1e0178811dada471c3525
Link: https://www.wireshark.org/lists/wireshark-dev/201902/msg00004.html
Reviewed-on: https://code.wireshark.org/review/31912
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The subtree indexes are only used in the dissector so it's not
needed to defer the deletion.
Change-Id: I33600897a186c078cc1021cde5a1d90054d475c8
Reviewed-on: https://code.wireshark.org/review/31800
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add missing group values. Update regex to match TELEPHONY_MTP3.
Change-Id: I709a416e30d79c2de69887548015a3c1ecfe5bab
Reviewed-on: https://code.wireshark.org/review/31779
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The filename is included in the error message from Lua so we don't
need to display this twice.
Change-Id: I00aa7255ff24b07b9f45a8e814a97b61c35936e1
Reviewed-on: https://code.wireshark.org/review/31768
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Error messages without a stack trace are rather hard to debug for more
complex Lua dissectors. Be sure to append one, it will look like this:
tshark: Lua: Error during loading:
/tmp/kdnet/kdnet.lua:13: bad argument #3 to 'proto_field_constructor' (Display must be either base.NONE, base.DOT, base.DASH, base.COLON or base.SPACE)
stack traceback:
[C]: in function 'proto_field_constructor'
/tmp/kdnet/kdnet.lua:13: in function 'add_field'
/tmp/kdnet/kdnet.lua:35: in function 'add_fields'
/tmp/kdnet/kdnet.lua:242: in main chunk
It would be nice to reuse the error handler for dissector calls as well,
but I am not sure whether this works with absolute indices which are
used almost everywhere in wslua.
Change-Id: I89b2dcd360fce3865e1bf052b9fe03e888aae167
Reviewed-on: https://code.wireshark.org/review/31763
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixes memory leaks reported by ASAN for the test_wslua_pinfo test.
Change-Id: Id7e79e63559db1e7f8b27d566048eab9268d9237
Reviewed-on: https://code.wireshark.org/review/31754
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If a ProtoField object was created, but not linked to a Proto, then some
fields (name, abbrev, blob) could leak. Fixes ASAN test failures for
four wslua tests.
Change-Id: I570ea154153b505ba81edb2bbf538e6dc1438728
Reviewed-on: https://code.wireshark.org/review/31750
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Proto objects were only freed while reloading Lua plugins, be sure to
release these on program exit too. Fix missing deallocation of heur_list
(matches per-protocol cleanup in proto_cleanup_base).
Be sure to keep a reference to the "Pref" object after registering it to
a Proto, otherwise it could be garbage-collected early, resulting in
memleaks (because the preference was still in use).
Fixes a lot of memory leaks reported by ASAN for tests, ten tests were
affected by Proto_new leaks, four were affected by the new_pref leaks.
Change-Id: Ica52718849a33eda614775f533dc0fcefec9cc74
Reviewed-on: https://code.wireshark.org/review/31746
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change the "Field" type to actually point to a structure. Do not cheat
and overload the pointer to mean "char*" in one context, and
"header_field_info*" in another. It was very confusing.
Implement Field__gc to free the Field structure that was allocated in
Field_new. This fixes the memory leak in Field_new.
Now the test_wslua_field test passes when executed with ASAN and a bunch
of other wslua tests also improve.
Change-Id: Ibc4318b76bb893151fd40c3fbc595402fba7a60a
Reviewed-on: https://code.wireshark.org/review/31743
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
luaL_optinteger will raise an error when the argument is an invalid
number. Delay the allocation to avoid a leak. Fixes the
test_wslua_nstime test under ASAN.
Change-Id: I6856fd218897565a60786d820f43192b41d489f2
Reviewed-on: https://code.wireshark.org/review/31744
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since v2.9.1rc0-528-g31aba351e2, it is clear that wtap file formats
should free earlier comments before writing a new one. Do so.
Fixes leaks reported by ASAN for test_wslua_file_acme_reader.
Change-Id: Iafb643f01f5973f2d3b88f244ee70e8c0c451080
Reviewed-on: https://code.wireshark.org/review/31738
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The memory ownership of wtap_rec::opt_comment was not clear. Users of
wtap were leaking memory (editcap.c). wtap readers were not sure about
freeing old comments (erf) or simply ignored memleaks (pcapng).
To fix this, ensure opt_comment is owned by wtap_rec and free it with
wtap_rec_cleanup. The erf issue was already addressed since
cf_get_packet_comment properly duplicates wth.opt_comment memory.
- wtap file formats (readers):
- Should allocate memory for new comments.
- Should free a comment from an earlier read before writing a new one.
- Users of wth:
- Can only assume that opt_comment remains valid until the next read.
- Can assume that wtap_dump does not modify the comment.
- For random access (wtap_seek_read): should call wtap_rec_cleanup
to free the comment.
The test_tshark_z_expert_comment and test_text2pcap_sip_pcapng tests now
pass when built with ASAN.
This change was created by carefully looking at all users opt
"opt_comment" and cf_get_packet_comment. Thanks to Vasil Velichkov for
an initial patch which helped validating this version.
Bug: 7515
Change-Id: If3152d1391e7e0d9860f04f3bc2ec41a1f6cc54b
Reviewed-on: https://code.wireshark.org/review/31713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At the moment, wslua first registers a class and then adds its
attributes in a second step. This registration creates empty __getters
and __setters tables which are later populated with the getter and
setter methods of the attributes.
Looking at the code and the comments, it seems that this was meant to be
a temporary solution. Eventually, attributes should be stored in
wslua_class' attrs field. The code to read and write attributes was
already updated to handle this.
Add new macros WSLUA_REGISTER_CLASS/_META_WITH_ATTRS that store the
attributes in wslua_class. Defining new macros is simpler than modifying
WSLUA_REGISTER_CLASS/_META to register attributes. If we did the latter,
we'd have to add an empty attribute list for all classes without
attributes.
We can now drop the WSLUA_REGISTER_ATTRIBUTES macro and the
wslua_reg_attributes function.
Using this new way of registering attributes, the __getters and
__setters tables are still available. The tests is the test suite that
rely on those tables still pass.
Change-Id: I526b9116435645c9c54ab69a05c3c7f3d459ec33
Reviewed-on: https://code.wireshark.org/review/31417
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
What we were calling the "name" is actually a description to show to
users; what were calling the "short name" is just the name to use on the
command line.
Rename some routines and structure members, and put the name first and
description second in the table.
Expand some descriptions to give more details (e.g., to be more than
just a capitalized version of the name).
Fix the CamelCase capitalization of InfiniBand.
Change-Id: I060b8bd86573880efd0fab044401b449469563eb
Reviewed-on: https://code.wireshark.org/review/31472
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 5953756305.
The public API should not be polluted with Windows-specific hacks. As we
already override dofile/loadfile, those should be fixed instead.
Ping-Bug: 15118
Change-Id: Ia9d5e64e8ef14032f982f695ffd4cac59067bb17
Reviewed-on: https://code.wireshark.org/review/31134
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reloading Lua plugins did not actually remove registered FileHandler
instances which resulted in a use-after-free of lua_State. Fix this by
tracking instances and release them in wslua_deregister_filehandlers.
Other required fixes to allow reregistration after reloading:
- Fix END_FILEHANDLER_ROUTINE not to block all new registrations.
- wtap file subtypes are apparently persistent, even after
"unregistering". Fix this by looking up the previous subtype that
matches the FileHandler short name. Add a small sanity check to
wtap_register_file_type_subtypes to prevent internal handlers from
being overwritten.
This patch creates a potential memleak of registered_file_handlers as
wslua_deregister_filehandlers is not called on program exit (yet?).
Bug: 13264
Change-Id: I4f5935cde6ff8dc4de333359bad3efca96d4fb9b
Reviewed-on: https://code.wireshark.org/review/31068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add ws_dofile() and ws_loadfile(), which are like the substitute
dofile() and loadfile() we provide, but that, on Windows, take a UTF-8
path rather than a path in the local code page.
Use that to load console.lua.
This means we can load console.lua on Windows even if the full path to
it includes non-ASCII characters.
Bug: 15118
Change-Id: Iaa00639563fe53a34e1e24e42022f3886a38e7c5
Reviewed-on: https://code.wireshark.org/review/31075
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Currently our Windows code looks for data files in the same
folder as the binary executable (presumably to make the
application relocatable, although it should be possible
to improve this with relative paths?).
Ping-Bug: 15301
Change-Id: I0fef4e87dc9d1d8edef81dd11755761fddd0fd12
Reviewed-on: https://code.wireshark.org/review/30819
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
This:
1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);
2) leaves space in the interfaces in question for additional compression
types.
(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup. Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).
Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.
Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code for the Address class already contains commented-out code for a
number of additional address types.
Activate the draft constructor for ethernet addresses and complete it.
Use the newly-added function to parse a string that contains an ethernet
address.
Add a basic test tvb.lua. Read an ethernet address from a tvb and
compare it to a constant Address.ether object.
Change-Id: I9771dd6e7ade4b572a8b864b8986d641b4eba3e5
Reviewed-on: https://code.wireshark.org/review/30163
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A range string is passed as a table of tables, eg:
range_string = {
{ 0, 24, "Some string for values 0 to 24" },
{ 25, 25, "The string for value 25" },
{ 26, 255, "The string for the remainder" }
}
Included is a minimal Lua test for range strings and value strings
(which did not have one previously.) It will take more time than I
currently have to figure out how to do a more exhaustive test.
Also fixed some grammar issues in error messages along the way.
Change-Id: Ia9d1efc8adabb6528c4bdcf1624c9ede49e2fdc6
Reviewed-on: https://code.wireshark.org/review/30211
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
We use the per-file encapsulation everywhere else; use it there as well.
Change-Id: I3e3df234a9f541a9d90e54a3c0f41b5019e00bb3
Reviewed-on: https://code.wireshark.org/review/29940
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No functional change, just using the correct macro for value_strings.
Other fixes: Taking the address of the first element of an array gives
the same address as the array itself. An array of a structure with a
single element is the same as the single element itself (packet-sprt.c).
Change-Id: I08bc9de49fbd1659a6700ace863e5f05144c7b3e
Reviewed-on: https://code.wireshark.org/review/29752
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>