Commit Graph

104 Commits (a4304de1ccb3646dec74ed3a380485e80006b877)

Author SHA1 Message Date
Bill Meier 60ffafdb7c Fix compile error when building w/o GNUTLS
Specifically: <wsutil/file_util.h> is aleays needed (for create_app_running_mutex())

Change-Id: I78e5a767f62bc2af67b6407539742dc245259f56
Reviewed-by: Bill Meier <>
2014-06-29 17:50:55 +00:00
Jeff Morriss 3773a7561c Add command-line argument to request the version to a number of the utilities.
In some cases "-v" was already used so "-V" is the option.
Note that the version information in these utilities is much shorter than what
is presented by the big programs.

As requested by

Bug: 5804
Change-Id: I35db35a4eace2797afd895f9be7322ef39928480
Reviewed-by: Guy Harris <>
2014-06-21 01:05:02 +00:00
Guy Harris 6db77b000f Allow wtap_read() and wtap_seek_read() to return records other than packets.
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific

Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.

Rename some routines to indicate that they handle more than just

We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug

Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-by: Guy Harris <>
2014-05-24 18:31:25 +00:00
Guy Harris a344c9736e Revert "Allow wtap_read() and wtap_seek_read() to return non-packet records."
This reverts commit c0c480d08c.

A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes.  That is in-progress.

Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-by: Guy Harris <>
2014-05-23 10:50:10 +00:00
Guy Harris c0c480d08c Allow wtap_read() and wtap_seek_read() to return non-packet records.
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.

Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-by: Guy Harris <>
2014-05-23 03:02:32 +00:00
Guy Harris a1b1c8bed5 Revert "Refactor Wiretap"
This reverts commit 1abeb277f5.

This isn't building, and looks as if it requires significant work to fix.

Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-by: Guy Harris <>
2014-05-09 05:21:01 +00:00
Michael Mann 1abeb277f5 Refactor Wiretap
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.

The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.

Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-by: Michael Mann <>
2014-05-09 03:04:39 +00:00
Alexis La Goutte 296591399f Remove all $Id$ from top of file
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')

Fix manually some typo (in export_object_dicom.c and crc16-plain.c)

Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-by: Anders Broman <>
2014-03-04 14:27:33 +00:00
Michal Labedzki 579e7e19ce Wireshark: Add option to choose format type of capture file
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.

On the other side now it is possible to open capture file
as file format to be dissected.

Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-by: Michal Labedzki <>
Reviewed-by: Hadriel Kaplan <>
Reviewed-by: Evan Huus <>
Tested-by: Evan Huus <>
2014-02-25 17:43:13 +00:00
Gerald Combs f966980937 Replace "svn" with "git" all over the place.
Rename "SVNPATH" to "GITBRANCH" since that seems more appropriate.
Rename "svnversion.h" to "version.h" as Evan suggested. Update some
URLs. In, make sure we don't set an improper upstream
branch name. Use the number of commits + short hash from `git describe`
for package names by default.

Change-Id: I922bba8d83eabdf49284a119f55b4076bc469b96
Reviewed-by: Gerald Combs <>
2014-02-07 23:03:03 +00:00
Alexis La Goutte c6022b3b85 Drop support of Visual Studio 2005
* Remove _MSC_VER < 1500 check
* Cleanup config.nmake


svn path=/trunk/; revision=54965
2014-01-26 12:56:32 +00:00
Bill Meier 8ef3e2fad3 For getopt() arg processing:
- Use exit(0) for -h option as per convention;

For g_option...() arg processing (when USE_GOPTION is set):
 - Fix bug: 'capinfos x' doesn't print any info about x;
   (bug introduced in SVN #48481);
 - Use stderr for error messages related to cmd-line arg parsing;

svn path=/trunk/; revision=54555
2014-01-02 15:41:45 +00:00
Guy Harris 0cc1545d05 Move most of the plugin code from epan to wsutil and remove all
knowledge of particular types of plugins.  Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.

In particular applications, only process the relevant plugin types.

Add a Makefile.common to the codecs directory.

svn path=/trunk/; revision=53710
2013-12-02 08:30:29 +00:00
Guy Harris db25270df8 Move the epan/filesystem.c routines to wsutil; they're not specific to
packet dissection, they're specific to the entire Wireshark suite of

svn path=/trunk/; revision=53377
2013-11-17 02:55:14 +00:00
Jakub Zawadzki ef30aee86a nstime_to_sec() and capinfos secs_nsecs() seems to be same.
svn path=/trunk/; revision=53185
2013-11-09 11:03:02 +00:00
Jakub Zawadzki 38edae1c71 Replace wtap_nstime with nstime_t, remove wtap_nstime_to_sec.
After r50154 nstime_t is inside wsutil/ so wiretap don't need it's own copy. 

svn path=/trunk/; revision=53184
2013-11-09 10:38:02 +00:00
Guy Harris 853da2eb9b The "file types" we have are actually combinations of types and
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network

Rename various functions, #defines, and variables appropriately.

svn path=/trunk/; revision=53166
2013-11-08 09:53:01 +00:00
Michael Mann ab78bb54c4 Print informations even on short reads. Bug 9310 (
Before this patch, an error message would be printed when the file
appears to be truncated. After this patch, a warning will be printed,
but the information is still displayed. In both cases, capinfos exits
with status code 1.

From Peter Wu

svn path=/trunk/; revision=52762
2013-10-22 14:52:28 +00:00
Chris Maynard a4595812f9 Trivial: Fix typo.
svn path=/trunk/; revision=51011
2013-07-29 15:43:37 +00:00
Jeff Morriss 54bb2e7a5c Move report_err.{h,c} from epan into wsutil: there's nothing epan-specific there and moving it avoids having to recompile the file for use in editcap and capinfos (which don't link against libwireshark).
svn path=/trunk/; revision=50598
2013-07-15 02:48:26 +00:00
Martin Kaiser 07a024dc90 disable printing of all infos when USE_GOPTION is set and
a command line option for a specific info was set

(in other words: make the behaviour of goption and getopt the same)

svn path=/trunk/; revision=48841
2013-04-13 18:15:46 +00:00
Martin Kaiser 1daadad423 TABs -> spaces
add editor modelines
reformat some parts

svn path=/trunk/; revision=48840
2013-04-13 18:08:11 +00:00
Martin Kaiser 412fcff0cb add a cast to make capinfos compile when USE_GOPTION is defined
svn path=/trunk/; revision=48839
2013-04-13 17:55:54 +00:00
Martin Kaiser 9e4ad1f01e capinfos -k displays the capture comment (from the shb)
svn path=/trunk/; revision=48837
2013-04-13 17:48:51 +00:00
Gerald Combs 29ceca1b26 From Balint:
[PATCH 1/2] Revert "Try to fix the "LNK4217: locally defined symbol"

This reverts commit r48158.

[PATCH 2/2] Employ small hack in editcap to link with a few objects from
libwireshark properly

From me:

Add the ability to reset symbol exports via ws_symbol_export.h's include
guard and do so in capinfos.c and editcap.c. We include ws_symbol_export.h
in over 200 files so it didn't seem to make sense to remove its include
guard entirely.

svn path=/trunk/; revision=48170
2013-03-07 17:20:12 +00:00
Anders Broman b204e38aef Use explicit casts.
svn path=/trunk/; revision=48108
2013-03-05 22:15:20 +00:00
Gerald Combs 2f47e63a88 str_util.c: Although the glib documentation doesn't explicitly say so,
it looks like the thousands grouping (') modifier is supported so use it
in format_size.

capinfos.c: Set our locale.

svn path=/trunk/; revision=47934
2013-02-28 04:44:38 +00:00
Gerald Combs ccc78e6b63 Try to fix compilation on Windows.
svn path=/trunk/; revision=47901
2013-02-26 07:14:44 +00:00
Gerald Combs 0645396514 Print human-readable statistics by default. Raw values can be printed
using "-M". Based on a suggestion by Hansang Bae.

svn path=/trunk/; revision=47900
2013-02-26 06:40:25 +00:00
Martin Kaiser 38a73a32f3 include the wsutil/wsgcrypt.h instead of including gcrypt.h directly
svn path=/trunk/; revision=47802
2013-02-21 18:23:29 +00:00
Gerald Combs bd4cffae58 When any of our executables start on Windows create or open a "Wireshark
is running" mutex. Have the NSIS installer check for this mutex and ask
the user to close Wireshark if it's found. While not perfect this makes
the WinSparkle update process much less annoying.

svn path=/trunk/; revision=47758
2013-02-20 01:19:42 +00:00
Pascal Quantin deb4f08cb2 Fix :
Allow use of huges values for localtime / ctime / gmtime with MSVC 2008 or later

svn path=/trunk/; revision=46930
2013-01-04 14:56:27 +00:00
Jeff Morriss 3551a86c36 We always HAVE_CONFIG_H so don't bother checking whether we have it or not.
svn path=/trunk/; revision=45015
2012-09-20 01:29:52 +00:00
Anders Broman 713dbd01c9 Remove #define USE_GOPTION = 1, the code is incomplete
svn path=/trunk/; revision=43945
2012-07-23 19:18:00 +00:00
Anders Broman c19583b72c From Michael Mann:
Generic preferences implementation - Printing and Name Resolution.

svn path=/trunk/; revision=43579
2012-07-06 04:48:36 +00:00
Jakub Zawadzki bf81b42e1e Update Free Software Foundation address.
(COPYING will be updated in next commit)

svn path=/trunk/; revision=43536
2012-06-28 22:56:06 +00:00
Guy Harris cf6d9841e3 Keep track, in Wiretap, of whether the file is compressed, and provide
an API to fetch that.

When doing "Save" on a compressed file, write it out compressed.

In the Statistics -> Summary dialog and in capinfos, report whether the
file is gzip-compressed.

svn path=/trunk/; revision=42818
2012-05-24 05:05:29 +00:00
Guy Harris 08d7ff268b Don't show time stamp-based information if we don't have it (now that we
know whether packets - or "packets" - have time stamps).

Show the time stamp order as "Unknown" if we don't have enough
information to determine whether it's certainly in order or out of order
(XXX - we should do that if we have only one packet that has a time stamp).

svn path=/trunk/; revision=41186
2012-02-26 05:51:54 +00:00
Guy Harris d94bd07f99 Rename WTAP_ERR_BAD_RECORD to WTAP_ERR_BAD_FILE; it really reports any
form of corruption/bogosity in a file, including in a file header as
well as in records in the file.  Change the error message
wtap_strerror() returns for it to reflect that.

Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.

svn path=/trunk/; revision=40175
2011-12-13 09:53:50 +00:00
Guy Harris 741432d483 Handle ctime() and localtime() returning NULL and localtime() on Windows
blowing up when handed a bad value.

svn path=/trunk/; revision=39878
2011-11-16 03:13:02 +00:00
Jeff Morriss bf95c7b5e4 Fix :
getopt() can/should normally be found in unistd.h, so:

- When testing for getopt(), define that we HAVE_GETOPT instead of
  HAVE_GETOPT_H (to avoid confusion).
- Don't attempt to include getopt.h: not all OS's have it (for example,
  Solaris 9 does not).
- (All the places which need getopt already include unistd.h (if we have it).)

If this breaks things on some OS, we might need (a real) HAVE_GETOPT_H check.

svn path=/trunk/; revision=38437
2011-08-09 21:02:10 +00:00
Stig Bjørlykke 0623a49e2d From Jose Pedro Oliveira via bug 5803:
#ifdef HAVE_LIBGCRYPT block includes a line too many.
"Fixes 2nd instance of the problem"

svn path=/trunk/; revision=37816
2011-06-28 15:18:21 +00:00
Stig Bjørlykke 8443bbbf75 Replace all strerror() with g_strerror().
Remove our local strerror implementation.
Mark strerror as locale unsafe API.

This fixes bug 5715.

svn path=/trunk/; revision=37812
2011-06-28 09:00:11 +00:00
Gerald Combs a24687ce8e Move the Windows argument list conversion code to a common routine.
svn path=/trunk/; revision=37372
2011-05-24 00:07:56 +00:00
Gerald Combs 32749c0fad Use a comparison instead of an assignment. Fixes Coverity CID 1194.
svn path=/trunk/; revision=37066
2011-05-11 20:39:11 +00:00
Bill Meier 61bc175a82 For "per packet" file encapsulation, display a list of the encapsulations seen ("long form" report).
 File type:           Microsoft NetMon 2.x
 File encapsulation:  Per packet
                        IEEE 802.11 plus Network Monitor radio header

ToDo: For the tabular form report display the list of per-packet encapsulations seen.

svn path=/trunk/; revision=36962
2011-05-02 02:06:52 +00:00
Guy Harris 6cbf6ce16c Add a new WTAP_ERR_DECOMPRESS error, and use that for errors discovered
by the gunzipping code.  Have it also supply a err_info string, and
report it.  Have file_error() supply an err_info string.

Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.

Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.

svn path=/trunk/; revision=36748
2011-04-21 09:41:52 +00:00
Chris Maynard f9fa7e8def Use g_snprintf instead of sprintf: Coverity 622.
Use g_strlcpy instead of strcpy: Coverity 632.

svn path=/trunk/; revision=36595
2011-04-12 17:52:52 +00:00
Bill Meier 9121c18590 IMHO capinfos, when finished processing, should exit with an error status
if an error occurred while processing.
E.G.,: For the default (no -C option):
  'capinfos' or 'capinfos a.pcap c.pcap'
 should exit with an error status
  (after processing all the input args) if there is an error for

With this fix, I expect (and
and presumably other scripts) will work a bit more as as expected.

svn path=/trunk/; revision=36487
2011-04-06 01:41:03 +00:00
Anders Broman 8735a8d631 From Jose Pedro Oliveira:
#ifdef HAVE_LIBGCRYPT block includes a line too many.

svn path=/trunk/; revision=36470
2011-04-05 05:50:45 +00:00