That way, people don't get confused by an "Unrecognized libpcap format"
error - it's *not* libpcap format!
Also, improve *that* message to say "...or not libpcap data", and put a
period at the end of the error messages.
Change-Id: I175f9399fe99ce424f1d83596b7330e1fa5c0625
Reviewed-on: https://code.wireshark.org/review/16349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also update faq to include new temporary file format.
Change-Id: Ie6c318bb359974b89ff3e268155315c22ba7c4e4
Reviewed-on: https://code.wireshark.org/review/15685
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 10203
Change-Id: Ifa24870d711449b87e9839dd46af614e4aa28fde
Reviewed-on: https://code.wireshark.org/review/15608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This didn't fix the test failures.
This reverts commit e5f4c5c8a8.
Change-Id: I0cff5eff88d2b49806797cef83338dbbace42a4c
Reviewed-on: https://code.wireshark.org/review/15135
Reviewed-by: Gerald Combs <gerald@wireshark.org>
As the MSDN documentation says, "CreateProcess returns without waiting
for the new process to finish its initialization." Add an SP_INIT sync
pipe indicator on Windows and use it in dumpcap to signal to its parent
that it has started up.
Change-Id: I88a4c158871dbe2dd6eba13434e92c5d4b1c2e4b
Reviewed-on: https://code.wireshark.org/review/15132
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Having to define two macros for marking a function as never returning
seems a bit redundant. Merge the MSVC and GCC-like attributes into a
single WS_NORETURN.
Tested with Clang 3.7.1, GCC 4.4.7 and even GCC 4.1.2 using this small
program (-Wall -Wextra, the first two generate warnings for
uninitialized variables, the last one compiles without warnings):
#include <stdlib.h>
__attribute__((noreturn)) void foo() { exit(1); }
__attribute__((noreturn)) void bar();
void bar() { exit(1); }
int main() {
int j, i;
if (i) { bar(); return j; }
foo();
return j;
}
Change-Id: I7d19c15e61b8f8fa4936864407199c4109f8cc82
Reviewed-on: https://code.wireshark.org/review/14822
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I0950f61e90af5bb21c0017204de0c0b509616e5c
Reviewed-on: https://code.wireshark.org/review/14747
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add dumpcap support for configuring 80MHz, 80+80MHz, 160MHz monitor
modes via nl80211.
Change-Id: I2ae8955670c2a9b5051e2223d45ce522459f2c5f
Reviewed-on: https://code.wireshark.org/review/13964
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move the code to open capture devices and get properties of capture
devices there, joining the code to get a list of capture devices.
This lets us do a better job of handling pcap_create() in WinPcap,
including handling both WinPcap with pcap_create() and WinPcap without
pcap_create() at run time, just in case somebody tries using WinPcap 3.x
with a Wireshark built with WinPcap 4.x.
It also could make it easier to use libpcap/WinPcap directly in
Wireshark and TShark, if we have versions of libpcap/WinPcap that run
small helper utilities to do privileged functions, allowing programs
using them never to need elevated privileges themselves. That might
make it easier to fix some issues with running TShark when not saving to
a file (we could avoid the file entirely) and with delays when stopping
a capture in Wireshark (Wireshark could stop writing to the file as soon
as you click the stop button, rather than letting dumpcap do so when the
signal gets to it).
It might also make it easier to handle future versions of
libpcap/WinPcap that support using pcap_create()/pcap_activate() for
remote captures, and other future extensions to libpcap/WinPcap.
Rename some XXX_linktype routines to XXX_datalink to indicate that they
work with DLT_ values rather than LINKTYPE_ values; future versions of
libpcap might use LINKTYPE_ values in newer APIs.
Check for pcap_create() on all platforms in CMake.
Change-Id: Ia12e1692c96ec945c07a135d246958771a29c817
Reviewed-on: https://code.wireshark.org/review/13062
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "-Wwrite-strings" flag produces nuisance warnings. These warnings are
not useful, they're impossible to fix in a sane way and therefore are being
handled with casts of static strings to (char *).
This just moves the warning to [-Wcast-qual] and a compiler pragma is
in turn required (and used) to squelch that warning.
Remove the Wwrite-strings warning. Let that responsibility fall on the
programmer (as is done by casting).
Change-Id: I5a44dfd9decd6d80797a521a3373593074962fb5
Reviewed-on: https://code.wireshark.org/review/12162
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's _WIN32, with a leading underscore, not WIN32. See, for example:
https://sourceforge.net/p/predef/wiki/OperatingSystems/
and
https://msdn.microsoft.com/en-us/library/b0084kay.aspx
*Some* environments may also define WIN32, but we shouldn't depend on
that.
Replace all-caps "WIN32" referring to Windows in comments and other text
with "Windows" or "Win32". (The two are pretty much equivalent, these
days; nobody much cares about Win16, not that we ever ran on it, and
64-bit Windows is just a 64-bitified Win32.)
Change-Id: Id327bcd4b1e9baa4f27055eff08c2d9e594d6f70
Reviewed-on: https://code.wireshark.org/review/10367
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make use of -A parameter when querying data link types supported by a given interface with dumpcap.
Ensure to pass the authentication parameters configured for a remote interface when calling capture_get_if_capabilities()
Bug: 11366
Change-Id: I4efea615084a82108e4a12a64e8c46817f30a5c6
Reviewed-on: https://code.wireshark.org/review/9690
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CND_CLASS_CAPTURESIZE condition type needs the tested parameter to be a guint64
Bug: 11305
Change-Id: I096d995e1e08ff3a81b2a95710185d272d849c86
Reviewed-on: https://code.wireshark.org/review/9104
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fixes the current Windows unit test crash.
Clean up a warning message.
Change-Id: I696e70c7656352d9576c1ad29703298cc7109621
Reviewed-on: https://code.wireshark.org/review/8674
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also move the code for setting the buffer size on Windows near the code for
setting it when we have pcap_create(): into open_capture_device().
Bug: 9067
Change-Id: Ica45f74b98094958d8bb0a38de23248aaa251d4b
Reviewed-on: https://code.wireshark.org/review/8551
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
if we HAVE_PCAP_CREATE.
Change-Id: Ic4eb6e69bde7d244b68a9fd97f66682eda6bdf91
Reviewed-on: https://code.wireshark.org/review/8667
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Previous code was assuming that all local pipes were of extcap type. Let's explicitly check for extcap prefix now.
Bug: 10803
Change-Id: If955e77a9ee2af11b553740269964c40273d5177
Reviewed-on: https://code.wireshark.org/review/8013
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The bonding driver does not properly handle unknown ioctls; it returns
ENODEV rather than ENOTSUP, EOPNOTSUPP, ENOTTY, or a "not supported"
error of that type. This causes problems detailed in bug 11058.
On Linux, check for bonding devices before checking for monitor-mode
support.
While we're at it, get rid of a commented-out include of
CheckCSourceCompiles (it's presumably already been implicitly included
by other functions that use it).
Bug: 11058
Change-Id: I13035de0650634c51a52f262829b2b6fb86b39e9
Reviewed-on: https://code.wireshark.org/review/7856
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It can be set if either 1) this is Windows (where we're assumed to be
using WinPcap, which includes calls to set the buffer size) or 2) we
have pcap_create() (in which case we also have pcap_set_buffer_size(),
at least in a normal libpcap release).
Use that rather than testing "defined(_WIN32) ||
defined(HAVE_PCAP_CREATE)"; that makes it a bit more obvious what's
being tested.
Change-Id: Id9f8455019d19206b04dd6820a748cb97ae5ad12
Reviewed-on: https://code.wireshark.org/review/7816
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only print the "Capturing on..." message if we're actually capturing,
not if we're printing link-layer types.
Change-Id: Icc554776a6a2826276893acb38f7d700effd5f78
Reviewed-on: https://code.wireshark.org/review/7726
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Multiple instances of a single flag from -D/-L/-d/-S should behave like
a single instance of that flag; -D plus -L, for example, is not
supported, but -D plus another -D should be. -k, however, takes an
argument, and we only support one.
Change-Id: I8baced346fbffd75f8d768497213f67bb9a0555f
Reviewed-on: https://code.wireshark.org/review/7723
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Squelch
warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual]
similar to g630f54f.
Change strtod to g_ascii_strtod to squelch a checkAPIs error.
Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e
Reviewed-on: https://code.wireshark.org/review/7269
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Have them start the string with "Compiled" or "Running on", and return
the string when done.
Change-Id: Ic4d290c963621fa0385dc5aab766fd4ad31d3810
Reviewed-on: https://code.wireshark.org/review/6155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We support three types of platforms:
1) UN*Xes that have both getopt() and getopt_long();
2) UN*Xes that have getopt() but not getopt_long();
3) Windows, which has neither.
Checking for getopt_long() lets us distinguish between 1) and 2) and
build getopt_long() for them.
Change-Id: Iaf0f142f9bebaa2eed2128d544ec9786711def45
Reviewed-on: https://code.wireshark.org/review/6045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Wireshark UI files into a single one in wsutil.
Change-Id: I0a64f0cc8106bd681bd185289c36272c4c43baad
Reviewed-on: https://code.wireshark.org/review/6026
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
The latest Xcode, as of today, has only 10.9 and 10.10 SDKs, which means
that, if we build Wireshark and request a deployment minimum release of
10.6, we'll be building against an SDK in which libpcap has routines
that aren't available in 10.6 and that doesn't use weak linking for
them, so the resulting binary won't actually work on 10.6.
Use the run-time loader to find those routines (currently, only
pcap_set_tstamp_precision()) and call them only if we find them.
On other UN*Xes, we still assume that we'll be running only on the
release against which we were built and newer releases.
Change-Id: Iab20d86fe3be4b299cfb6e25c1f95dc6e1581661
Reviewed-on: https://code.wireshark.org/review/5120
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we support setting the time stamp precision, we need it to determine
whether we're writing a pcap-ng file so we know whether to request
nanosecond precision or not.
Change-Id: I7df19c1afbe1ba90c40c49aef79f6f88ce5df29b
Reviewed-on: https://code.wireshark.org/review/4359
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we have pcap_set_tstamp_precision(), use it to request nanosecond
time stamp resolution *if* we're writing a pcap-ng file; any code that
reads those files and can't handle nanosecond time stamp resolution is
broken and needs to be fixed.
If we're writing a pcap file, don't ask for nanosecond resolution time
stamps, as that requires a different magic number for pcap files, and
not all code that reads pcap files can handle that. (Unlike pcap-ng,
where the ability to have non-microsecond time stamp resolution was
present from Day One, it's a relatively recent addition to pcap.) We
could add a command-line option/GUI option for that, like the option
recent versions of tcpdump have, if it matters.
Change-Id: I8fa464eb929feecb9a70be70712502c9f0cc5270
Reviewed-on: https://code.wireshark.org/review/4355
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename simple_dialog_qt.{cpp,h} to simple_dialog.{cpp,h}. Make it a
subclass of QMessageBox. Queue messages at startup similar to GTK+.
Move the GTK+-specific simple_dialog declarations to
gtk/simple_dialog.h.
Don't yell at the user so much. Replace exclamation points with periods.
Change-Id: I1cc771106222d5e06f1f52d67ac29d6dc367cce4
Reviewed-on: https://code.wireshark.org/review/4288
Reviewed-by: Gerald Combs <gerald@wireshark.org>
don't pick up the in-tree copy.
Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71
Reviewed-on: https://code.wireshark.org/review/3798
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Extcap is a plugin interface, which allows for the usage
of external capture interfaces via pipes using a predefined
configuration language which results in a graphical gui.
This implementation seeks for a generic implementation,
which results in a seamless integration with the current
system, and does add all external interfaces as simple
interfaces.
Windows Note: Due to limitations with GTK and Windows,
a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe
is needed, which is part of any GTK windows installation.
The default installation directory from the build is an extcap
subdirectory underneath the run directory. The folder used by
extcap may be viewed in the folders tab of the about dialog.
The default installation directory for extcap plugins with
a pre-build or installer version of wireshark is the extcap
subdirectory underneath the main wireshark directory.
For more information see:
http://youtu.be/Nn84T506SwU
bug #9009
Also take a look in doc/extcap_example.py for a Python-example
and in extcap.pod for the arguments grammer.
Todo:
- Integrate with Qt - currently no GUI is generated, but
the interfaces are still usable
Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f
Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net>
Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net>
Signed-off-by: Roland Knall <rknall@gmail.com>
Reviewed-on: https://code.wireshark.org/review/359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris