Close pipe handles when spawning asynchronous processes, so only the
child process holds handle to the other end of the pipe. Closing the
handles makes it possible to use pipes the same way as on other OS, that
is to rely on blocking read() to end when child process finishes.
Do not call CloseHandle() on signal pipe in capture sync after the
handle ownership was transferred to file descriptor. Close the file
descriptor instead.
Instead of using an OS-independent and (somewhat) toolchain-independent,
but x86-only, mechanism to fetch a string that identifies the type(s) of
CPU on the machine, use OS-dependent but instruction-set-independent
mechanisms.
That way, we can get CPU type strings for non-x86 processors - ARM
processors, in particular, but others as well (yes, you can run
Wireshark on an IBM mainframe...).
Fixes#18187.
Add and install default coloring rules and filter buttons for Logray.
Add is_packet_configuration_namespace() and use it to set the default
timestamp type for Logray to "Absolute", which is more appropriate for
log entries.
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
Windows implements so called CRT handlers, which will catch any
assertions happening inside so called crt routines and either
displays a debug dialog (Cancel, Retry, Ignore) or outright crashes
the application.
See
https://docs.microsoft.com/en-us/cpp/c-runtime-library/parameter-validation?view=msvc-170
for an explanation of the behaviour.
Now, in the current situation here, close will detect (correctly)
that the pipe it is supposed to be closing is already closed. This
happens (again correctly) because it had been closed by the extcap
application.
The change added, checks for a closed pipe first, and if so just
returns -1 (as it should) silently without calling the CRT routine,
therefore not crashing
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
Libgcrypt 1.8.x is required for a large amount of decryption
support and is the current LTS version of libgcrypt. The 1.6 and
1.7 series have been end-of-life since 2017-06-30 and 2019-06-30,
respectively.
The Linux distributions that have versions of libgcrypt before 1.8.0
are nearing or at end of support (RHEL7, SLES 12, Debian stretch,
Ubuntu 16.04LTS) and can be supported by the Wireshark 3.6 LTS release
series.
Remove an enormous amount of ifdefs based on libgcrypt versions
1.6.0, 1.7.0, and 1.8.0. There will be a second pass for the
commons defines HAVE_LIBGCRYPT_AEAD, HAVE_LIBGCRYPT_CHACHA20, and
HAVE_LIBGCRYPT_CHACHA20_POLY1305, which are now always defined.
The ISAKMP dissector has some comments noting that some workarounds
were used for libgcrypt 1.6 that aren't needed with 1.7; perhaps
that could be updated now.
If we're running in the Logwolf configuration namespace, look for
extcaps in a directory named "extlog". This paves the way for adding
log-specific capture utilities.
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
Add support for display filter binary addition and subtraction.
The grammar is intentionally kept simple for now. The use case
is to add a constant to a protocol field, or (maybe) add two
fields in an expression.
We use signed arithmetic with unsigned numbers, checking for
overflow and casting where necessary to do the conversion.
We could legitimately opt to use traditional modular arithmetic
instead (like C) and if it turns out that that is more useful for
some reason we may want to in the future.
Fixes#15504.
g_utf8_validate_len doesn't exist until glib 2.60, so just
use g_utf8_validate. It does the same thing when the length parameter
is unsigned. Fixes CentOS 7.
Add BASE_SHOW_UTF_8_PRINTABLE and related function tvb_utf_8_isprint
for supporting fields of bytes that are "maybe UTF-8" (default or
SHOULD be UTF-8 but could be something else, with no encoding indicator),
such as SSID fields in IEEE 802.11 (See #16208), certain OctetString
fields in Diameter or PFCP, and other places where
BASE_SHOW_ASCII_PRINTABLE is currently used. Fix#5307
Add a LOG_LEVEL_ECHO that is always active and always non-fatal.
Use that to implement a WS_DEBUG_HERE() macro for quick print outs
during debugging sessions.
The format "23:59:59+2000" is valid but the code assumes that
if the date/time format uses separators, the timezone offset
must have them too. Fix that. Add test cases for timezone
offsets +HHMM and +HH.
Rewrite ws_inet_pton{4,6} and ws_inet_ntop{4,6} without
GLib types.
Check for strerrorname_np() and use that is available,
to simplify error handling.
Add some minimal tests.
Encapsulate the feature requirements for strptime() in a
portability wrapper.
Use _GNU_SOURCE to expose strptime. It should be enough on glibc
without the side-effect of selecting a particular SUS version,
which we don't need and might hide other definitions.
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
On Windows the POSIX read() and write() don't use the C99/POSIX
types size_t and ssize_t so we must do the same to avoid
gymnastics to squelch narrowing warnings.
This adds two types for that purpose that have the correct
definition for both Windows and POSIX.
Currently used to define ssize_t on platforms that lack it.
Fix some Windows build errors caused by moving the definition into a
separate header.
Fix some narrowing warnings on Windows x64 from changing the definition
of ssize_t from long int to int64_t.
The casts in dumpcap are ugly but necessary. The whole code needs
to be rewritten for portability, or the warnings disabled.
Split ws_regex_matches() into two functions with better semantics
and remove the WS_REGEX_ZERO_TERMINATED symbol.
ws_regex_matches() matches zero terminated strings.
ws_regex_matches_length() matches a string length in code units.
Add some C99 stdio.h numbers to compare with GLib on platforms
(such as Windows) where they use different implementations.
Add a wmem string test with NULL allocator, to compare wmem and GLib
performance with roughly the same memory allocation.
Use the block allocator as being more representative of normal
wmem performance, instead of using strict, that is normally
used for wmem debugging.
These are not pass/fail tests, so the automation cannot
validate them. They just slow down the CI builds. To
enable pass -m perf.
I think the --verbose comment is wrong, I did not detect
any difference in output with or without --verbose.
Because we already have the length of the output string after
calling vsnprintf(), we should avoid calling wmem_strdup(), which
will ignore that and recompute the length.
Increase the buffer size to a value that seems reasonable to
minimize the chance of a second call to vsnprintf().
For historical reasons our logging inherited from GLib the logging of
some levels to stdout. Namely levels "info" and "debug" (to which we
added "noisy").
However this practice is discouraged because it mixes debug output
with application output for CLI tools and breaks many common usage
scenarios, like using tshark in pipes.
This change flips the logic on wslog to make logging to stderr the
default behavior.
Extcap subprocess have a hidden dependency on stdout so add that.
Some GUI users may also have a dependency on stdout. Because
GUI tools are unlikely to depend on stdout for programatic output
add another exception for wireshark GUI, to preserve backward
compatibility.
The type ssize_t is not available on Windows. Because this is
used in the public API we must provide a definition for it.
To avoid having to add a header to fix this use a size_t in
the API instead, and assign SIZE_MAX to represent a null
terminated string.
This adds some custom logic to check if we were given
the obsolete 'console.log.level' setting from the CLI
arguments, that specified the log level using a bitmask
copied from GLib. If we find that map the bitmask to a
wslog log level.
In any case the option is not removed from the argv (unlike
other wslog arguments like --log-level, etc.).
Adds deprecation warning for 'console.log.level' printed to
the console.
Related to #17763.
This matches the original implementation and allows displaying
logs to the console, including debug information, when running
an extcap from the CLI for testing and development purposes.
This should make extcap logging bug-for-bug compatible with the
behavior before dc7f0b88bb.
Imitate the GLib logic for selecting the console output stream
according to the log level. Levels MESSAGE and above go to
stderr. INFO and below go to stdout, unless stderr is chosen
using ws_log_console_writer_set_use_stderr().
It turns out some old extcap code was subtly dependending
on this behavior.
Extcaps require a log file when invoked in child mode. It also has
a specific flag to enable debugging, other that the wslog options.
Fix the logging to:
1. Enable debug log level if --debug is used.
2. Do not emit messages to the stderr if debug is enabled.
This brings extcap logging to the same feature level it had before
wslog replaced GLib logging.
We should not replace chars that cannot be represented
in ASCII, to avoid mangling UTF-8. This assumes every
string is UTF-8, of course.
This only affects the display of the compiled filter.
Before:
Filter: http.user_agent == "João"
Constants:
00000 PUT_FVALUE "Jo\xc3\xa3o" <FT_STRING> -> reg#1
After:
Filter: http.user_agent == "João"
Constants:
00000 PUT_FVALUE "João" <FT_STRING> -> reg#1
Add @file markers for remaining non-dissector
files that contain functions exported with
WS_DLL_PUBLIC so that Doxygen will
generate documentation for them.
Move epan_memmem() and epan_strcasestr() to wsutil/str_util.
Rename to ws_memmem() and ws_strcasestr(). Add compile time
check for a system implementation and use that if available.
We invoke those functions using a wrapper to avoid exposing
_GNU_SOURCE outside of the implementation.
Convert the tm struct to nstime first, then apply the timezone
offset, because applying the offset to the hours and minutes fields
directly can require carrying or borrowing in base 24 and 60 arithmetic.
Don't blindly examine the fifth byte in the input string without testing
earlier bytes. Instead, process the year by hand before calling sscanf.
ISO 8601 times don't switch between Basic and Extended format in the
middle, so for the later possible buffer overflows just use the
previously determined format.