Add --ifname and --ifdescr to allow the name and description for an
interface or pipe to be set; this overrides the specified name or
reported description for an interface, and overrides the pipe path name
and provides a description for a pipe.
Provide those arguments when capturing from an extcap program.
This is mainly for extcaps, so you have something more meaningful than
some random path name as the interface name and something descriptive
for the description.
Have dumpcap in child mode return an error message with a primary and
secondary string, instead of using stderr. When writing to the console
log we ignore the second message to prevent flooding the log with
tutorial-like info on permissions.
Turn the sequence of details to supply in an Npcap bug into a list, with
one element per line, and provide the interface name, Windows version
string, and Npcap version string. Put that into a common routine.
Give a whole bunch of details to put into the bug, in the (vain?) hope
that the user will put them in the bug, to try to help Daniel and
possibly Microsoft networking stack folk figure out what's happening.
(Remove an extra report_capture_error() left over from the previous
commit.)
dumpcap can capture on more than one interface at a time. If the
capture stops due to an error on an interface, report the name of the
interface on which the error occurred.
For "PacketReceivePacket error: The device has been removed. (1617)",
report the error in that fashion, indicate that the interface is no
longer attached, *and* suggest that this may be an Npcap bug and that
the user should report it as such; give the URL for the Npcap issue
list.
For "The other host terminated the connection", report the error in that
fashion, and suggest that it might be a problem with the host on which
the capture is being done.
Hopefully this will mean fewer bugs filed as *Wireshark* bugs for those
issues.
(And, with any new capture API in libpcap, these should all turn into
specific PCAP_ERROR_ codes, to make it easier to detect them in callers
of libpcap.)
On Windows, some devices don't let promiscuous mode be enabled, and
return an error rather than silently ignoring the request to use
promiscuous mode (as UN*X devices tend to do). Check for the error
message from that error, and suggest that the user turn off promiscuous
mode on that device.
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
On Windows, we do pipe I/O in a separate thread, as we can't do select()
- or even WaitForMultipleObjects() - on pipes, so
cap_pipe_read_data_bytes() is used only on sockets.
Update a comment.
We check for that when *writing* the block, but the error message for
that is not at all clear; check for it after we've read the block total
length, and report it with a better error message.
Clean up some other error messages while we're at it.
Doing a blocking read from a pipe on Windows is done in several places,
using similar sequences of code; put that sequence into a subroutine,
with the parts that differ in arguments to the routine.
Add some comments, and update some comments, to better clarify what the
code is doing in various places.
In the switch statement that tests the first 4 bytes read from a pipe or
socket, call pcap_pipe_open_live() at the end of all of the cases where
the file appears to be a pcap file; that makes the handling of pcap
files look a bit more like the handling of pcapng files.
Some UN*Xes (4.4-lite-derived, such as the obscure, little-known macOS,
FreeBSD, NetBSD, OpenBSD, and DragonFly BSD) have a length field in the
socket address structure.
That was originally done for OSI address support; unlike most transport
addresses, such as IPv4 (and IPv6) addresses, where the size of the
address is fixed, the size of an OSI transport layer address is *not*
fixed, so it cannot be inferred from the address type.
With the dropping of OSI support, that field is no longer necessary in
userland. System calls that take a socket address argument also take an
address length argument; in newer (all?) versions of the {macOS,
FreeBSD, NetBSD, OpenBSD, DragonFly BSD} kernel, the system call code
sets the length field in the kernel's copy of the address to the address
length field value.
However, that means that you have to pass in the appropriate length; if
you have a sockaddr_storage that might contain an IPv4 address or an
IPv6 address, connect() (and bind()) calls should use the IPv4 address
size for IPv4 addresses and the IPv6 address size for IPv6 addresses,
otherwise, at least on macOS, the call fails.
In cap_open_socket(), report socket() and connect() errors separately,
to make it easier to determine where TCP@ captures fail, if they do
fail. (That's how I got here in the first place.)
The macOS installer works differently from the way it did when that
message was written (it's now a drag-install for Wireshark, with
separate installers for ChmodBPF and for files to add the Wireshark
binary directory to the default $PATH), and the macOS main screen now
offers a "click this to install" link, running the ChmodBPF installer,
if the user doesn't have permissions to capture. Update the message
to reflect that (although that's wrong if you directly run dumpcap or
run it via TShark - this needs to be cleaned up in some fashion).
Fix a capitalization error while we're at it.
In the code that generates the main screen message to which the dumpcap
message refers, add a comment saying that, if the main screen message
changes, dumpcap's message should also be updated.
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
This proposal adds a new option '-b printname:<filename>' to dumpcap. If
used, dumpcap will print the name of each ring buffer file it creates
after it is closed. Allows the use of '-'/'stdout' and 'stderr'.
Use case: Since the file name is printed after the file is closed for
writing, an automated capture process can do something like the
following with the guarantee that the file in question will not be
changed.
dumpcap -i eth0 -b files:2 -b printname:stdout [-b ...] | \
while read cap_file_name ; do
# Do something with $cap_file_name
done
This sort of scripting is difficult in dumpcap's current form. Dumpcap
prints the names of new files to stderr as it *opens* them, so a script
attempting to use this must sleep for "-b duration:value" seconds plus
some fudge time to be sure it's getting a closed, unchanging file.
Change-Id: Idb288cc7c8c30443256d35c8cd4460a2e3f0861c
Reviewed-on: https://code.wireshark.org/review/37994
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We aren't using them now; stick to libpcap APIs (including Windows-only
libpcap APIs).
Change-Id: I812eaa31ba1e6e611418853105d3e00c9130a420
Reviewed-on: https://code.wireshark.org/review/37852
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Initialize err in capture_loop_init_output, as caught by both clang's
scan-build and Visual Studio's code analysis. Initialze err in
capture_loop_init_pcapng_output to match.
Move another variable to the code block in which it is used.
Change-Id: I0306ae6a02a02a8e1ebda89b7c574a7cae01b68f
Reviewed-on: https://code.wireshark.org/review/37274
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Have ws80211_init() return an indication that channel setting isn't
supported on those platforms.
In dumpcap, try to set up ws80211 before checking the channel argument
and, if it fails, report the failure, rather than failing because the
"convert channel name to channel code" routine fails.
See
https://ask.wireshark.org/question/15535/dumpcap-k-is-not-accepting-channel-type-values/
for an example of confusion caused by the previous behavior.
Change-Id: I303f560704700bbcd4f0ecea041f8632744212f3
Reviewed-on: https://code.wireshark.org/review/36659
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
We require libpcap 0.8 or later, so somebody's *really* have to go out
of their way to get a version of Wireshark running with a pre-0.6
libpcap.
Change-Id: I329b3a37cd37ca5d9e76db447daabfe1dc47e75d
Reviewed-on: https://code.wireshark.org/review/36422
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2004 called, they want their libpcap/WinPcap back.
RHEL 6 initially shipped with libpcap 1.0; even old Enterprise(TM)
versions of OSes ship with something shinier than 0.7.x these days.
This lets us get rid of a bunch of #ifdefs and workaround code for
missing APIs.
Change-Id: I862cb027418b0a0c0f45a26979acea82f93f833b
Reviewed-on: https://code.wireshark.org/review/36383
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Much better to use a known library than create it ourselves.
Also remove get_tempfile_path as it's not used.
Bug: 15992
Change-Id: I17b9bd879e8bdb540f79db83c6c138f8ee724764
Reviewed-on: https://code.wireshark.org/review/34420
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Option string composition has grown organically over time and is
depending on compilation options also. This results in somewhat complex
macro definitions and the use of the string concatenation feature of the
C compiler. This change tries to clean up some of this magic by removing
definitions of empty strings and merging of adjacent strings.
Change-Id: I968449ea9b564915bee468a0cac0e114983ceebe
Reviewed-on: https://code.wireshark.org/review/35429
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.
Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ensure to call load_wpcap() berfore building the version info string.
Bug: 16108
Change-Id: Ida7ecf6ad5186f816e1bf33902a0ae70f7f36b40
Reviewed-on: https://code.wireshark.org/review/34719
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Wireshark does create named pipes and waits for the child process to
connect. The named pipe server handle is inheritable and thus available
in child dumpcap process. Pass the handle identifier instead of named
pipe name so dumpcap can use it.
Bug: 13653
Change-Id: Id2c019f67a63f1ea3d98b9da2153d6de5078cd01
Reviewed-on: https://code.wireshark.org/review/34503
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide _U_ macro definition for Visual Studio.
Change the way _U_ macro is ifdefed for some targets to allow Visual
Studio to recognize it.
Ping-Bug: 15832
Change-Id: Ic7ce145cbe9e8aa751d64c9c09ce8ba6c1bbbd30
Reviewed-on: https://code.wireshark.org/review/34530
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fall back on the Wayback Machine for some links.
Change-Id: I6a44a2caaeb4fa521c2f08196e7c36069e3bb842
Reviewed-on: https://code.wireshark.org/review/34103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reproduce with: dumpcap -pdf bad
Change-Id: I8c1f80c9d88262bc57651e886740083ea8e6ad52
Fixes: 4d6cb744df ("Add a "-d" flag to dumpcap")
Reviewed-on: https://code.wireshark.org/review/33863
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have separate errors for "the interface went down" on Linux and "the
interface no longer exists" on *BSD/Darwin/Windows.
Change-Id: I1951c647e88eb7ebeb20a72d9e03a2072168c8e5
Reviewed-on: https://code.wireshark.org/review/33794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A recent change to libpcap means that the error message if an interface
disappears (e.g., removing a hot-pluggable device, or shutting down a
PPP connection that was dynamically set up) is "The interface
disappeared" rather than "The interface went down" - on FreeBSD,
DragonFly BSD, OpenBSD, and Darwin-based OSes, capturing continues with
no error if the interface is configured down, but either ENXIO or EIO
(depending on the OS) is delivered if the interface disappears.
Treat that error as another one to show the user without the "report
this to the Wireshark developers" note.
Change-Id: I477d87957ce30a52385f07f4b47a7824e3fca2c7
Reviewed-on: https://code.wireshark.org/review/33790
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Linux isn't the only platform where libpcap may return "The interface
went down".
Put the test for "The interface went down" first.
Change-Id: I5241f0744bd12eb5e090b8e1717268bdf8392ea7
Reviewed-on: https://code.wireshark.org/review/33785
Reviewed-by: Guy Harris <guy@alum.mit.edu>
pcapng.h defines some typedefs for its structs for more readability.
Use them in dumpcap.
Change-Id: I7f4cc47819314732ddcd5076b38f68c52aedb071
Reviewed-on: https://code.wireshark.org/review/33329
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No, not every machine on which Wireshark is built, run, and tested is
little-endian. See bugs 15772 and 15754.
Change-Id: Ice1d012e1a788f6a7bb031bdf0e2f01f523a91ec
Reviewed-on: https://code.wireshark.org/review/33192
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We only need to call WSAStartup and WSACleanup once, so do so. If we
encounter an error, report it using win32strerror.
Use win32strerror instead of FormatMessage in cap_open_socket.
Change-Id: I59868d6baecb1dfc98946dc68c2346b79436d2c7
Reviewed-on: https://code.wireshark.org/review/33044
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It prevents format checking; use "%s" as the format string.
Change-Id: Ic05ed64f4b2b6c243f072b0b306e0e06aa1eb3fd
Reviewed-on: https://code.wireshark.org/review/33041
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The deadlock would occur if pipe was closed before the requested number
of bytes was read.
Bug: 15695
Change-Id: I1236dd397d3c268dd52233ea78fb58165d0c9398
Reviewed-on: https://code.wireshark.org/review/32907
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Routines, so that if we internationalize strings not in the Qt code,
this can return the appropriately translated version.)
Change-Id: I1c169d79acde2f0545af7af2a737883d58f52509
Reviewed-on: https://code.wireshark.org/review/32549
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This fixes several "Use of uninitialised value" and "Conditional
jump or move depends on uninitialised value(s)" errors detected by
valgrind.
Change-Id: I682bd4a1d2e5ef23969baf34b3e438fcd7499bd5
Reviewed-on: https://code.wireshark.org/review/32397
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Set a bigger IO buffer to avoid syscall overhead.
See https://github.com/the-tcpdump-group/libpcap/issues/792
Change-Id: If370da5ab2b70a9d0c925dd7c4c5c135c675c3f6
Reviewed-on: https://code.wireshark.org/review/31326
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert WinPcap references and URLs in error messages and the FAQ
to their Npcap equivalents. Remove some obsolete FAQ entries.
Change-Id: I695d358a2c9cff0939f4ea84ba02d4c62ad7dd01
Reviewed-on: https://code.wireshark.org/review/31943
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
'save_file' is used both for holding the -w command-line argument as
well as the current filename that is being written. In ringbuffer mode,
the former is already freed while the latter changes after rotation. Be
sure to free all ringbuffer filenames on exit.
Fixes test failures due to ASAN reporting memory leaks for:
test_dumpcap_ringbuffer_filesize
test_dumpcap_pcapng_single_in_multi_out
test_dumpcap_pcapng_multi_in_multi_out
test_dumpcap_ringbuffer_packets
Change-Id: Ib817d8340275d7afa7e149dcfbbc59ed78293c34
Reviewed-on: https://code.wireshark.org/review/31739
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Capture tests fail under ASAN due to leaking capture_opts->save_file.
Since v2.9.0rc0-1493-g787d61c0a4, capture_opts_cleanup takes care of
freeing "save_file", so avoid clearing the pointer.
Change-Id: Ice90efe0959cc8016f47db20970bd2397909e28d
Reviewed-on: https://code.wireshark.org/review/31727
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add "Please report this to us" and "Please report this to whoever wrote
the program that's writing to the pipe" secondary error messages. Use
the latter for most of the errors, as the most likely cause is that the
program writing to the pipe is messing up somehow.
If we don't recoginze the first 4 bytes of the file, say "Data written
to the pipe is neither in a supported pcap format nor in pcapng
format." - it's not necessarily a pcap file.
Speak of "pcap" rather than "libpcap" format - it's not completely tied
to libpcap (although two of the libraries not called "libpcap" that read
it are basically libpcap+a Windows driver+a library for the Windows
driver, at this point), and the suffix generally used it ".pcap".
Change-Id: Ifb5518af5cade788294c93a7ac416893f57f6bc8
Reviewed-on: https://code.wireshark.org/review/31273
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add interface name (colon delimited) to SP_DROPS ('D') message so when dropped
packets are outputted, they include the interface name for clarity.
Bug: 13498
Change-Id: I68cdde4f20a574580f089dc5096d815cde5d3357
Reviewed-on: https://code.wireshark.org/review/31218
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The pcapng file format specification speaks of a secion block, not
a session block. Let the function name reflect the proper name of
the block it writes.
Change-Id: Id399fae3648c93f4750fedaa297b18f95f2bb96f
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31099
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When we capture from multiple interfaces, we won't necessarily write our
IDBs in the same order we read them. This means that we need to call
pcapng_adjust_block when we write packets, not when we read them.
Otherwise we might map a given capture source's local interface number
to the wrong global IDB entry.
Bug: 15311
Change-Id: Ia787d7f167dcd18d432020a715e2321f4060b851
Reviewed-on: https://code.wireshark.org/review/30798
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we have a single capture source and that capture source is pcapng and
we're writing a pcapng file, do the following:
- Pass its SHB and IDBs through unmodified. Don't save or write command
line interface IDBs.
- Save the most recent SHB and IDBs so that we can write them when we're
writing multiple output files.
If we have multiple capture sources, do the following:
- Write Dumpcap's SHB.
- Keep a global list of IDBs, consisting of both command line interfaces
and IDBs read from pcapng sources.
- When reading an EPB or ISB, remap its local interface number to its
corresponding global number.
Add Dumpcap pcapng section tests. Make the application IDs in the
"many_interfaces" captures unique.
Change-Id: I2005934c1f83d839727421960005f106d6c682dd
Reviewed-on: https://code.wireshark.org/review/30085
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Check for pipe status only when we no longer have packets. This keeps us
from flushing packets that we should have written.
Change-Id: I714f52597da792a0b228b5e1a1dd3a993dc93681
Reviewed-on: https://code.wireshark.org/review/30651
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure cap_pipe_read_data_bytes sets pcap_src->cap_pipe_err if it
encounters an error or EOF. This fixes a regression introduced in
ga51b3d1d16. Have it return -1 or the number of bytes read similar to
read(2). Explicitly treat its return value as a signed integer.
Change-Id: I3de92859eee45e8d4a24a8c8309a816ef1b7924a
Reviewed-on: https://code.wireshark.org/review/30639
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If a capture source is a pipe and it reaches the end of its input, don't
stop capturing globally since we might have other active interfaces. We
do need to stop capturing if all of our interfaces are pipes and none of
them are open, so add a check to do so.
Change-Id: Id7f950349e72113c9b4bfeee4f0a9c8a97aefe8c
Reviewed-on: https://code.wireshark.org/review/30615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dequeue and write packets in capture_loop_dequeue_packet. This ensures
that we properly handle pcapng packets both inside our capture loop and
after it's finished.
Change-Id: Iacc980c90481b1378761eac83d8044aaddabfdc2
Reviewed-on: https://code.wireshark.org/review/30609
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If it *is* called when global_capture_opts.use_pcapng is false, don't
just silently drop the packet on the floor, abort.
Change-Id: Idb8f8e4c4ba231cfe674a81da34bf46e00f8247c
Reviewed-on: https://code.wireshark.org/review/30562
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add capture_loop_wrote_one_packet, which increments the appropriate
counters and checks for autostop and ring buffer conditions. Call it
when we write a pcap or pcapng packet. This fixes `-b packets:NUM` for
pcapng output.
Change-Id: Ie2bdd725fbee59c1ae10b05be84ae9a3a6d80111
Reviewed-on: https://code.wireshark.org/review/30561
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of trying to byte swap all of pcapng's block types, refuse
to handle pcapng sources that have a different byte order.
Rename cap_pipe_adjust_header to cap_pipe_adjust_pcap_header.
Change-Id: I2615da57ba9d3fc365c631dc191f7767a284d460
Reviewed-on: https://code.wireshark.org/review/30235
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: James Ko <jim.list@hotmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Call it from wmain() in the command-line tools, passing it the input
argument count and vector, and call it from main() in Wireshark, after
getting a UTF-16 argument vector from passing the result of
GetCommandLineW() to CommandLineToArgvW().
Change-Id: I0e51703c0a6c92f7892d196e700ab437bd702514
Reviewed-on: https://code.wireshark.org/review/30063
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Doing so for command-line programs means that the argument list doesn't
ever get converted to the local code page; converting to the local code
page can mangle file names that *can't* be converted to the local code
page.
Furthermore, code that uses setargv.obj rather than wsetargv.obj has
issues in some versions of Windows 10; see bug 15151.
That means that converting the argument list to UTF-8 is a bit simpler -
we don't need to call GetCommandLineW() or CommandLineToArgvW(), we just
loop over the UTF-16LE argument strings in argv[].
While we're at it, note in Wireshark's main() why we discard argv on
Windows (Qt does the same "convert-to-the-local-code-page" stuff); that
means we *do* need to call GetCommandLineW() and CommandLineToArgvW() in
main() (i.e., we duplicate what Qt's WinMain() does, but converting to
UTF-8 rather than to the local code page).
Change-Id: I35b57c1b658fb3e9b0c685097afe324e9fe98649
Ping-Bug: 15151
Reviewed-on: https://code.wireshark.org/review/30051
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reading from a TCP socket in Windows must not change read state
variables to values required by cap_thread_read on pipes.
Bug: 15149
Change-Id: I1efa9288b5954dc4a18b2c68772c54a098a224e7
Reviewed-on: https://code.wireshark.org/review/29894
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an sdjournal extcap, which reads journal entries using the
sd-journal API and dumps them as journal Export Format records.
Change-Id: I17ccfa88ab5d053c16c869cd26e580d84022502e
Reviewed-on: https://code.wireshark.org/review/29479
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
capture_opts_add_iface_opt(), when called in a program acting as a
capture child, will fetch the description for the interface, and will
also generate a "display name" for the interface.
In the process, we clean up capture_opts_add_iface_opt() a bit,
combining duplicate code.
We rename console_display_name to just display_name, as it may also be
used in the title bar of Wireshark when capturing.
Change-Id: Ifd18955bb3cb41df4c0ed4362d4854068c825b96
Reviewed-on: https://code.wireshark.org/review/29117
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't put identical code in both arms of a conditional - move it out of
the conditional.
Doing that with one line of code means that the conditional is now
*itself* duplicated in both arms of a conditional, so move it out, too.
Change-Id: I07c1d00e7d0053684aa2ef74b460eb008b145015
Reviewed-on: https://code.wireshark.org/review/29093
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Indicate what you're supposed to do when running dpkg-reconfigure
wireshark-common, and indicate that you have to run it as root using
sudo.
Emphasize in README.Debian, and indicate in the permission failure
secondary message, that you have to add users to the "wireshark" group
after doing that, and that a user may have to log out and log in again
to make this change take effect.
Bug: 14847
Change-Id: Ia83ff8e92bd2f00b6c3779272322a40201416da0
Reviewed-on: https://code.wireshark.org/review/28206
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the user installed from the wireshark.org package, perhaps they chose
not to install the "Set capture permissions on startup" item. Suggest
that they choose otherwise.
Change-Id: Ic5053da9cb6e54e7a7b1aa5a9dd59a1a84ddee16
Reviewed-on: https://code.wireshark.org/review/28197
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On Windows, if WinPcap isn't installed, warn about that for errors other
than failed attempts to start capturing.
On HP-UX, if we appear to have an old version of libpcap, warn about
that for errors other than failed attempts to start capturing.
If we know the error is a permissions problem, don't make suggestions
appropriate to other problems.
If we know the error is *not* a permissions problem, don't make
suggestions appropriate to permissions problems.
For permissions problems, or possible permissions problems, on Linux,
suggest doing dpkg-reconfigure wireshark-common if you've installed from
a package on Debian or a Debian derivative such as Ubuntu.
Change-Id: If4aac0343095ac0b984eebc21853920c3b6d3c63
Ping-Bug: 14847
Reviewed-on: https://code.wireshark.org/review/28189
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sys/stat.h and sys/types.h date back to V7 UNIX, so they should be
present on all UN*Xes, and we're assuming they're available on Windows,
so, unless and until we ever support platforms that are neither UN*Xes
nor Windows, we don't need to check for them.
Remove the CMake checks for them, remove the HAVE_ values from
cmakeconfig.h.in, and remove all tests for the HAVE_ values.
Change-Id: I90bb2aab37958553673b03b52f4931d3b304b9d0
Reviewed-on: https://code.wireshark.org/review/27603
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't tell the user that, if they run out of space or go over their disk
quote, they should report that as a Wireshark bug; instead, tell them
that they're going to need to free up some space or do the capture to a
different file system.
Clean up some argument types, and get rid of tabs in indentation, while
we're at it.
Change-Id: I7839f38c14253a114e7e02e762243df5e09682ef
Ping-Bug: 14677
Reviewed-on: https://code.wireshark.org/review/27472
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default value of kernel.unprivileged_bpf_disabled is 0 which means
this is enabling the BPF JIT compiler for unprivileged users. Given that
this is a known attack vector for Spectre variant 1 (CVE-2017-5753) this
is not a setting that a utility should be tampering with.
Tshark's and dumpcap's help message is changed by Balint Reczey to suggest
enabling BPF manually after considering security-related implications.
Change-Id: I1cc34cbd6e84485eba9dee79a8700aa388354885
Signed-off-by: Balint Reczey <balint.reczey@canonical.com>
Bug: 14313
Reviewed-on: https://code.wireshark.org/review/25192
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>