For long options, without corresponding short options, to be processed
they need to be assigned a value, preferably outside of the range of
all possible short options. The code in various places tries to stay
clear of these low values, but further coordination is missing, easily
leading to issues when option processing code gets extended and/or
reorganized.
This change introduces a single location from where each catagory of
command line long option can derive a base value, which should minimize
potential option value collisions.
Change-Id: Ic8861a347d0050f74002de3aa1fcfb01202866e5
Reviewed-on: https://code.wireshark.org/review/35459
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 15360
Change-Id: Iceaa5c2336cfb58966ef12f4267fcd09ae48bfe7
Reviewed-on: https://code.wireshark.org/review/31234
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removes the limit to export more than 1000 files with the same name
when exporting objects.
For this a preference name gui.max_export_objects is used.
Bug: 16010
Change-Id: Iefc138ac2617491aad3b6ad5827c9058aed112c7
Reviewed-on: https://code.wireshark.org/review/34339
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The QUIC transport protocol provides a stream, similar to HTTP/2. Make
it possible to look at the stream contents. This can be helpful while
HTTP/3 support is not yet complete.
Known issues that will be addressed in the future:
- If a single packet contains multiple streams, then Follow QUIC Stream
will wrongly include data from streams other than the selected one.
This is tracked by bug 16093 and affects HTTP/2 as well.
- The Substream index menu does not properly filter for available
stream numbers. If a non-existing stream is selected, then changing
to another (potentially valid) index results in the "Capture file
invalid." error. As workaround, clear the display filter first.
- Follow Stream always selects Stream ID 0 instead of the first or
currently selected stream field in a packet. Users should manually
update the stream index as needed.
Change-Id: I5866be380d58c96f0a71a29abdbd1be20ae3534a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/34694
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make it consistent with -z conv,ip and -z endpoints,ip
Bug: 15660
Change-Id: I9a3d2e95fed47231c0bab20e6cf069987eed142f
Reviewed-on: https://code.wireshark.org/review/34426
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This new tap collects credentials (username and paassword)
from the dissectors.
So far, few dissectors have been instrumented:
- http (basic auth)
- http (header auth)
- ftp
Others can be instrumented as well using the same technique.
Tshark has a new option (-z credentials) and Wireshark a new
"tools" menu: the documentation has been updated accordingly.
Change-Id: I2d0d96598c85bb3ea4fb5ec090dd8dc28b481fc9
Reviewed-on: https://code.wireshark.org/review/33453
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Giving the pathname of a temporary file that will be deleted once TShark
exits isn't useful; just refer to "the temporary capture file".
Change-Id: I7333ac3cef4e4ae1076a5b0e3c46a04e0328d505
Reviewed-on: https://code.wireshark.org/review/32645
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We've already reported the files that couldn't be saved; no need to tell
the user something they already know by that point.
Change-Id: I8251a46134342df6b40a6324aa76a5237fde7c93
Reviewed-on: https://code.wireshark.org/review/31298
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If a particular save failed, always let the user know.
Change-Id: I618e0ff82813cd4249ab7b1714f9a50e095a1ea8
Reviewed-on: https://code.wireshark.org/review/31296
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Limiting the maximum *path* name length is bogus; if the user wants to
store the file in some directory deep under the root (UN*X) or the root
of the drive (Windows), that's their choice - don't prevent them from
saving in a directory with a path longer than some maximum or limit the
file name based on the length of the path leading up to it.
Limiting the maximum *file* name is presumably to cope with, for
example, HTTP objects with a URL that had a very long query component,
so it makes sense.
Change-Id: Idfc7de8124ee80bdd4950341ff2239834eb9f6f6
Reviewed-on: https://code.wireshark.org/review/31295
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have eo_save_entry() use the report_ routines to report errors, so they
pop up a dialog in Wireshark and print an error message in command-line
programs such as TShark. Use it instead of local_eo_save_entry().
Change-Id: I689fd880ff2a31486372374560129ee9d9692b1e
Reviewed-on: https://code.wireshark.org/review/31294
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Free the wspstat_t only after freeing the hash table contained in it.
Change-Id: I2aa31d74b6d0f86e5404a9b614fee8a3f6708938
Ping-Bug: 15365
Reviewed-on: https://code.wireshark.org/review/31108
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no guarantee that sp->filter is non-null; if it's null, that
means there's no filter.
Bug: 15369
Change-Id: I2a61db2e134aa70d30c2265b63aabf99c35e362e
Reviewed-on: https://code.wireshark.org/review/31096
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Previously 'tshark -z expert' was failing with abort when a packet
contains a comment
- Add a new comment parameter and update the tshark's manual page
- Add a new comment_level severity and change the default lavel to it.
- Add various 'tshark -z expert' tests
Change-Id: I188317da5e00019b8f2b725f0fe84942f774520f
Reviewed-on: https://code.wireshark.org/review/30610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I9d81bda8a33c7a07118e8aff2917215c92e870f4
Reviewed-on: https://code.wireshark.org/review/30436
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Register the follow_free as a finish callback.
Call the tap's finish callback in free_tap_listener which is called from
both remove_tap_listener and tap_cleanup.
Describe the finish callback in README.tapping
Change-Id: Ie79ce8f39b0ca6d84810d2e3307dcff38b18d3ac
Reviewed-on: https://code.wireshark.org/review/29309
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
- It cannot support IPv6.
- Non-standard use (specifically recommended against in the RFCs)
of the IPv4 fragment ID field.
- Has a narrow and non-obvious use case, IMO.
- It is not supported in the Qt GUI.
- Significant maintenance burden for an obscure feature.
Change-Id: Icaf429269dc42f78c38b8d20001508132499faf8
Reviewed-on: https://code.wireshark.org/review/29239
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reverse the payload chunks list to achieve a running time of O(n) rather
than O(n²) for insertion of all chunks. Executing a RelWithDebInfo+ASAN
build with `tshark -r chargen-session.pcapng.gz -qz follow,tcp,hex,0`
previously took 11m5s to complete, but now finishes in 16 seconds.
Tested using a capture file with 152k TCP packets (from bug 11777).
Backport note: must update ui/gtk/follow_stream.c too.
Change-Id: Icf70d45f33d4399e53209fb6199d3809608c8d99
Reviewed-on: https://code.wireshark.org/review/28595
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
*rtp_stream* -> rtpstream to follow common name
Change-Id: I381bc1cdb8206c5cfe67e94dd7fb1a5cb25f9c16
Reviewed-on: https://code.wireshark.org/review/28394
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changes:
- rtpstream_info_calc_t created
- rtpstream_info_calculate and rtpstream_info_calc_free functions created
- RTP code updated to use such functions
Change-Id: I1053a46cbd0cdef9d70382135da46e732b5af8b8
Reviewed-on: https://code.wireshark.org/review/28361
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changes:
- rtpstream_id_t is introduced and its related functions. It encapsulates comparsion of two rtpstreams.
- dest_* renamed to dst_*
- src_port and dst_port are 16bits only.
- sharkd_session.c use common id functions
- IAX2 part related to RTP updated to common *id* function
Change-Id: Id38728a4e5d80363480c7ce42ff9c6eaad069686
Reviewed-on: https://code.wireshark.org/review/28340
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changes:
- rtpstream_packet renamed to rtpstream_packet_cb to follow *_cb pattern
- variables/types used in iax2_analysis_dialog were created as copy of *rtp* ones, but names were left as *rtp* -> *iax2*
- struct _rtp_stream_info replaced with rtp_stream_info_t
- there was tap-rtp-analysis.h, but no tap-rtp-analysis.c - related content was moved from tap-rtp-common.c
- *rtp_stream* functions renamed to *rtpstream*
- renamed rtp_stream_info_t to rtpstream_info_t to follow *rtpstream* pattern.
- renamed ui/rtp_stream.c rtpstream_draw -> rtpstream_draw_cb
Change-Id: Ib11ff5367cc464ea1b0c73432bc50b0eb9cd203e
Reviewed-on: https://code.wireshark.org/review/28299
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Respect the "ipv4" and "ipv6" filters and actually restrict the output.
Change-Id: I06ee62ee2c85cb45fb33a52e86ce3698452d175f
Fixes: v1.11.0-rc1-2592-ge3cccd17f4 ("Get rid of some users the addrinfo_list.")
Reviewed-on: https://code.wireshark.org/review/27452
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move */ to a separate line below the SPDX identifier.
Change-Id: Id1032215449cfccae0933147b45e04b65e0b727f
Reviewed-on: https://code.wireshark.org/review/27211
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"field" might be allocated even if the calculation type is
CALC_TYPE_BYTES, CALC_TYPE_FRAMES, or CALC_TYPE_FRAMES_AND_BYTES.
Change-Id: I0c70397a89e32172769c277bebfd950f1d21c679
Reviewed-on: https://code.wireshark.org/review/26378
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to dynamically allocate a guint variable to hold the
response code value - and then not bother to free it! - if we're just
doing a lookup; we can use an automatic variable and pass a pointer to
it.
Change-Id: I6edbb352f0aa33c91ede0f4e1bbb962fa921bea2
Reviewed-on: https://code.wireshark.org/review/26375
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we're constructing the string, assign the pointer to it to a
non-const pointer variable, set the stat_tap_ui cli_string member to
that variable, and then use the variable to free it when we're done.
Don't cast away constness if we don't have to.
Change-Id: If3b24dbf1c910e1e6eceb76f2f6a7ae3898315f9
Reviewed-on: https://code.wireshark.org/review/25952
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are no "old" versions of them that we're keeping around.
Change-Id: I3c76a14d0ec1a06df39c547da37f4dea9987df4d
Reviewed-on: https://code.wireshark.org/review/25892
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>