Reloading Lua plugins did not actually remove registered FileHandler
instances which resulted in a use-after-free of lua_State. Fix this by
tracking instances and release them in wslua_deregister_filehandlers.
Other required fixes to allow reregistration after reloading:
- Fix END_FILEHANDLER_ROUTINE not to block all new registrations.
- wtap file subtypes are apparently persistent, even after
"unregistering". Fix this by looking up the previous subtype that
matches the FileHandler short name. Add a small sanity check to
wtap_register_file_type_subtypes to prevent internal handlers from
being overwritten.
This patch creates a potential memleak of registered_file_handlers as
wslua_deregister_filehandlers is not called on program exit (yet?).
Bug: 13264
Change-Id: I4f5935cde6ff8dc4de333359bad3efca96d4fb9b
Reviewed-on: https://code.wireshark.org/review/31068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Ie5ab56f1ee80d14032969cbe7f31e086fb2b4b91
Reviewed-on: https://code.wireshark.org/review/31159
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Setting LIBRARY_OUTPUT_DIRECTORY to Wireshark.app/Contents/Frameworks
for each of our libraries ends up installing a fully versioned .dylib
along with soversion and unversioned symlinks, which is more than we
want and which wastes disk space when osx-app.sh dsymifies our
libraries.
Leave LIBRARY_OUTPUT_DIRECTORY unset and depend on osx-app.sh to copy
our libraries into place.
Bug: 15361
Change-Id: If0fbaa796b4be806e2aa13887e511a330fe55df5
Reviewed-on: https://code.wireshark.org/review/31139
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add temperature and power tags, represented using millidegrees/milliwatts.
Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number.
Also fix a few implicit floating point conversions (confirmed values are the same).
Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b
Reviewed-on: https://code.wireshark.org/review/31136
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
With the change from Wireshark's default capture file format from
pcap to pcapng the suffix of the temporary file created in wiretap
was also changed from .pcap to .pcapng. This irrespective of the
actual file type requested. This change retrieves the registered
extension for the requested file type (in its uncompressed form)
and used that for the suffix. File types without a defined default
extension will get .tmp as suffix.
Change-Id: If809fef4325e483072c1fa4ee962125d991a197e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31065
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libwireshark and libwiretap have their INTERFACE link dependencies
changed to the required set.
libwsutil keeps a default public visibility. Further work may
show some unneeded link requirements.
The executable dependencies are adjusted accordingly.
Change-Id: I3a534f72403819cac136ae47a3d80acee76e0fb3
Reviewed-on: https://code.wireshark.org/review/30815
Reviewed-by: João Valverde <j@v6e.pt>
Pass the correct buffer size to find_signature so that we don't read
past it.
Bug: 15279
Change-Id: I822ed0fe8b48196dadd9c0062ed53fa1c4f6f404
Reviewed-on: https://code.wireshark.org/review/30809
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Install headers to support plugins development on Windows.
Change-Id: I3161bd2f730edf62ab44fee6ce4fedbb9aee0d31
Reviewed-on: https://code.wireshark.org/review/30776
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
As the comment says, this is a table of "File types that can be
identified by file extensions."; a file type that doesn't have an
extension that's used for files with that format obviously *can't* be
identified by a file extension and thus *doesn't* belong in this table.
Change-Id: Ic14dc55e6d9dbad4651e535cdf44293f8b449659
Reviewed-on: https://code.wireshark.org/review/30735
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename wsjson_unescape_json_string to json_decode_string_inplace
(inspired by the g_base64_decode_inplace name). Rename
wsjson_is_valid_json to json_validate (inspired by g_unichar_validate).
Ideally json_parse is inlined with its user (sharkd_session.c), but that
requires exporting the jsmn_init and jsmn_parse functions... Hence the
dependency on jsmn.h remains in wsjson.h.
Change-Id: I7ecfe3565f15516e9115cbd7e025362df2da5416
Reviewed-on: https://code.wireshark.org/review/30731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move all the compressed-file type stuff to wiretap/file_wrappers.c.
Rename wtap_compressed_file_extension() to
wtap_compression_type_extension() for consistency with the other
compression-type-extension routine names.
Move the declarations of the compression-type-extension routines in the
header file.
wtap_compression_type_extension() now returns NULL for
WTAP_UNCOMPRESSED; there's no need to special-case it.
Get rid of the now-unused wtap_compression_type_supported() and
WTAP_NUM_COMPRESSION_TYPES.
Change-Id: Ib93874079bea669a0c87104513dba0d21390455a
Reviewed-on: https://code.wireshark.org/review/30729
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Using an enum type with the increment operator causes the following
error to be emitted by newer compilers:
"increment of enumeration value is invalid in C++ [-Werror=c++-compat]"
Numerical operations seem only allowed when taking their integer value.
Convert the loops involved to use integer and cast back to
wtap_compression_type when needed.
Change-Id: Ic96a6350c7d4db9ba2ba99df8b922649924c0e7a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30722
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add wtap_compressed_file_extension(), which returns NULL for
WTAP_UNCOMPRESSED and the appropriate file extension for other
compression types.
Add wtap_compression_type_supported(), which returns TRUE for
WTAP_UNCOMPRESSED and all supported compression types and FALSE
otherwise. ("Supported" means "the code can decompmress files in that
compression format and can write files in that compression format", so
WTAP_GAIP_COMPRESSED is supported iff libwiretap is built with zlib.)
In MainWindow::fileAddExtension, instead of checking for
WTAP_GZIP_COMPRESSED and using ".gz" as the extension, use the extension
returned by wtap_compressed_file_extension() for the compression type.
Change-Id: I47cb0eca8c887ada3562df30b54e76509008180f
Reviewed-on: https://code.wireshark.org/review/30707
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The three merge_files routines (filename, tempfile, stdout) have exactly
the same code except for a single wtap_dump_open routine. Reduce code
duplication to ease further improvements to this file.
Change-Id: I4fa890730d54c11b3614e56cf4d3d3da1ae9f5fd
Reviewed-on: https://code.wireshark.org/review/30678
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add wtap_compression_type_description(), which returns NULL for
WTAP_UNCOMPRESSED and a descriptive string for other compression types.
Instead of checking for WTAP_GZIP_COMPRESSED and appending "(gzip
compressed)", just pass the compression type to
wtap_compression_type_description() and, if the result is non-null,
append its result, wrapped in parentheses, with a space before the left
parenthesis.
Change-Id: I79a999c7838a883953795d5cbab009966e14b65e
Reviewed-on: https://code.wireshark.org/review/30666
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This:
1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);
2) leaves space in the interfaces in question for additional compression
types.
(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup. Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).
Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.
Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Just directly set wth->file_encap.
Change-Id: I9fb3d34d3d46d9bef6b7206e25ba72049d9b12f1
Reviewed-on: https://code.wireshark.org/review/30648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The information given by the person who provided the change to do so for
V7 files seems to indicate that 1) V5 and V6 files have the same file
header and 2) the protoNum field shouldn't be used for this purpose.
It also provided information about the bits in the flags and status
field, so add that.
The first three of those bits appear to match the first three bits of
the flags field in Peek tagged files, so note that in the Peek tagged
reader, in case the other bits also match.
Change-Id: I492afd594676efc14b487b3030c861bf5feb2d23
Reviewed-on: https://code.wireshark.org/review/30647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We set the file encapsulation to WTAP_ENCAP_IXVERIWAVE when we open the
file; we don't need to update it when we read packets. and we don't need
to set the per-packet encapsulation because it's set to the file
encapsulation for us by wtap_read() and wtap_seek_read().
Change-Id: I2f123e3fb0d505334f3451685290bdbae77a598b
Reviewed-on: https://code.wireshark.org/review/30622
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we have no records, we can't determine the link-layer type.
Also:
Use more signed values, and do more sanity checks on the file header and
TLVs to make sure we don't run into the first packet.
When writing the file header, accumulate the header length/first packet
offset in a 32-bit variable, and stuff it into the
offset-to-first-packet fields (plural) once we're done.
Change-Id: I3aeb5258bc16ddd8cf0ec86ef379287d0c4b351a
Reviewed-on: https://code.wireshark.org/review/30620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If, in the process of opening the input file, we determine that it has
packets of more than one link-layer type, we can catch attempts to write
that file to a file of a format that doesn't support more than one
link-layer type at the time we try to open the output file.
If, however, we don't discover that the file has more than one
link-layer type until we've already created the output file - for
example, if we have a pcapng file with a new IDB, with a different
link-layer type from previous IDBs, after packet blocks for the earlier
interfces - we can't catch that until we try to write the packet.
Currently, that causes the packet's data to be written out as is, so the
output file claims it's of the file's link-layer type, causing programs
reading the file to misdissect the packet.
Report WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on the write attempt
instead, and have a nicer error message for
WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on a write.
Change-Id: Ic41f2e4367cfe5667eb30c88cc6d3bfe422462f6
Reviewed-on: https://code.wireshark.org/review/30617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It loads, but displays nothing (either in Safari 12, or a presumably
recent Chrome, on my Mac).
Change-Id: I4a5530007ddf3c14a5fd349998318d5868da5d5c
Reviewed-on: https://code.wireshark.org/review/30588
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Four variants of wtap_dump_open_ng exists, each of them take the same
three parameters for the SHB, IDB and NRB blocks that has to be written
before packets are even written. Similarly, a lot of tools always create
these arguments based on an existing capture file session (wth).
Address the former duplication by creating a new data structure to hold
the arguments. Address the second issue by creating new helper functions
to initialize the parameters based on a wth. This refactoring should
make it easier to add the new Decryption Secrets Block (DSB).
No functional change intended.
Change-Id: I42c019dc1d48a476773459212ca213de91a55684
Reviewed-on: https://code.wireshark.org/review/30578
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A lot of file dissectors (pcapng, json, etc.) assumed that the packet
size is equal to the file size. This is not true if the file was
compressed and could result in silently truncating reads or failing to
open a file (if the compressed file is larger than the actual data).
Observe that a lot of file dissectors are simply copies of each other.
Move the fixed implementation to wtap.c and reuse the methods everywhere
else. While at it, avoid an unnecessary large allocation/read in
ruby_marshal.
Change-Id: I8e9cd0af9c4d1bd37789a3b509146ae2182a5379
Reviewed-on: https://code.wireshark.org/review/30570
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The radiotap spec says "dB antenna signal" and "dB antenna noise" are
unsigned. Make it universally so.
Change-Id: Iea2c5360d7352ca5e84862ea338d1fc689272191
Reviewed-on: https://code.wireshark.org/review/30410
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, only set the RSSI column once - no need to do it at
the beginning and later when we're setting fields.
Change-Id: Ia729019e5e6dfbe1cdad61f1f8397b0a3a171996
Reviewed-on: https://code.wireshark.org/review/30405
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename ascend_seek() to ascend_find_next_packet(), to indicate what it
does; it doesn't seek to an arbitrary place, it tries to find the
starting offset of the next packet when reading sequentially.
Don't have it set the header type - that's the job of the parser.
Don't set the "next packet seek start" when doing random access I/O -
that field is only for sequential I/O, and we don't want random I/O
happening at the same time (which can happen in Wireshark) interfering.
Clean up comments.
Change-Id: I2808479eeec074afa16945ffb577b91d8cb356f7
Reviewed-on: https://code.wireshark.org/review/29975
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Read and seek-read routines shouldn't do that; it causes TShark to
report an error when there was no error.
Change-Id: If564348fa01dce83c6a2317ac56ac8716d514bf7
Reviewed-on: https://code.wireshark.org/review/29972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no guarantee that there will be two digits after PRI-XMIT or
PRI-RCV; the capture file in bug 3535, for exmaple, has "PRI-XMIT-0/1"
and "PRI-RCV-0".
Require a minimum of 1, not 2, non-{/(:} characters. Leave the maximum
of 20 in place.
Change-Id: Ie8f8f4ff5eb04baf0ee61bf28015e59a1fa43948
Reviewed-on: https://code.wireshark.org/review/29947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "first_free" pointer is currently only increaseed by
ws_buffer_increase_length (unused) and ws_buffer_append (for writes).
Reading into the buffer should not reduce the available space. Otherwise
the next wtap_read_packet_bytes call will reallocate the buffer.
This reallocation is unexpected by some users of cf_read_record and
results in a use-after-free crash following these steps:
1. Open packet capture.
2. Ignore packet.
3. Open context menu, twice.
This crashes because the ByteViewText class points to the buffer which
is reallocated after calling PacketList::getFilterFromRowAndColumn.
Change-Id: I4f1264a406a28c79491dcd77c552193bf3cdf62d
Fixes: v2.9.0rc0-2001-g123bcb0362 ("Make systemd journal entries events.")
Reviewed-on: https://code.wireshark.org/review/29915
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an sdjournal extcap, which reads journal entries using the
sd-journal API and dumps them as journal Export Format records.
Change-Id: I17ccfa88ab5d053c16c869cd26e580d84022502e
Reviewed-on: https://code.wireshark.org/review/29479
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That puts the two arguments to fill in - the wtap_rec and the Buffer -
together.
Change-Id: I8850a7aaccc98e5acd292e3cebc1f37cee8a6ce7
Reviewed-on: https://code.wireshark.org/review/29946
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Peter Wu