New link type DLT_ETW is added for write and read Event Trace on Windows.
This change updates MBIM dissector to decode a MBIM message from
a DLT_ETW packet.
sshdump can now be copied in multiple instances. Each instance will
show up a different interface and will have its own profile.
This will help users connecting to different hosts. Instead of changing
profiles, sshdump can be cloned, and each instance will be used for a
single host.
Change-Id: If4fb42cf78021c6f16213ae91cbf41ec7f61ca77
Reviewed-on: https://code.wireshark.org/review/37883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
add_libssh_info() can be used by ciscodump, sshdump. and any other
extcap program that uses libssh.
Change-Id: I60474bd610eeb7dfb6ec07fc1aaaf19c4f745cdd
Reviewed-on: https://code.wireshark.org/review/37882
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
We require 0.6 or later in CMakeLists.txt, and both ssh_version() and
LIBSSH_VERSION having to be fed to SSH_STRINGIFY() date back before 0.5,
so just assume ssh_version() is available and LIBSSH_VERSION has to be
fed to SSH_STRINGIFY().
Change-Id: I4f62a720424383f88e0410cad07dbe67d0c69297
Reviewed-on: https://code.wireshark.org/review/37881
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Guy Harris <gharris@sonic.net>
Thanks, libssh developers, for making it so straightforward!
This means we don't need to construct it in the CMake module that finds
libssh.
Change-Id: I6c173bf7c0671dfdfac423a7d01ecced7b69e851
Reviewed-on: https://code.wireshark.org/review/37878
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the version parameter be just the version number; other code
expects it to be that.
Have additional parameters for the "compiled with" and "running with"
information.
Add a extcap_version_print() routine to show the version message,
printing
{exename} version {version}
and then printing
Compiled with {compiled_with}
if "compiled with" information is supplied and printing
Running with {running_with}
if "running with" information is supplied.
This fixes some messages, as well as fixing the display of extcap
modules in the About dialog.
Change-Id: I3d298d30e83bd363abd599d75adfc780a90f34fd
Reviewed-on: https://code.wireshark.org/review/37877
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Just use extcap->exename.
Change-Id: I85cfda2afaf776f3222cf362bcd6c675b4ff1504
Reviewed-on: https://code.wireshark.org/review/37876
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If we have ssh_version(), then ssh_version(0) will return a string for
the version being used.
Change-Id: I0717f6d4d5c3fa04aa7938dc6bc0d4c8abfa95fd
Reviewed-on: https://code.wireshark.org/review/37875
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Since the original introduction of sshdump, ssh_userauth_publickey_auto
was already in use which would try the ssh-agent on non-Windows
platforms. There is no need to explicitly call ssh_userauth_agent which
is dead code anyway due to a typo in the macro name.
Change-Id: I976ec3da9e35ade63983ba5ca01163714d466912
Reviewed-on: https://code.wireshark.org/review/37476
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
/opt/SourceCode/wireshark/epan/dissectors/packet-frame.c 818 warn V547 Expression 'fi' is always true.
/opt/SourceCode/wireshark/epan/dissectors/packet-gsm_sms.c 2692 warn V547 Expression 'length <= (offset - saved_offset)' is always false.
/opt/SourceCode/wireshark/epan/dissectors/packet-isup.c 4688 warn V1037 Two or more case-branches perform the same actions. Check lines: 4688, 4697
/opt/SourceCode/wireshark/extcap/androiddump.c 1237 warn V560 A part of conditional expression is always true: data_str.
/opt/SourceCode/wireshark/extcap/androiddump.c 1603 warn V547 Expression is always true.
/opt/SourceCode/wireshark/ui/qt/models/packet_list_model.cpp 497 warn V560 A part of conditional expression is always true: ok_r1.
For the voip_calls.c change, I preferred to initailize along with every other field, rather than set to actual value it gets set to later.
For the isobus-vt change, I could not find a spec but followed the pattern from other error bit fields.
Bug: 16335
Change-Id: Ie55082222b582f6fff4e8c7a992d863acee6cf15
Reviewed-on: https://code.wireshark.org/review/37160
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Set mustexist option to true to use Open file dialog instead of Save.
Change-Id: Ic8890facb6eebdacdc52881f617e8137585220f4
Reviewed-on: https://code.wireshark.org/review/36832
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The packet time calculation used the time(NULL) call to get the time
in seconds and than divided by 1000 to get micro seconds. This results
in correct seconds but some random micro seconds values.
Now get the time in microseconds and divide by 1000000 to get the
seconds and use the remainder for the micro seconds part.
Change-Id: I31f90960e27b0089c20936f69c7dc30f1efd50d9
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Reviewed-on: https://code.wireshark.org/review/36067
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With BUILD_androiddump and EXTCAP_ANDROIDDUMP_LIBPCAP enabled, the
linker notices a couple of cases of underlinking:
extcap/androiddump.c:541: error: undefined reference to 'ws_inet_pton4'
extcap/androiddump.c:685: error: undefined reference to 'ws_hexstrtou32'
extcap/androiddump.c:2513: error: undefined reference to 'cmdarg_err_init'
extcap/androiddump.c:2517: error: undefined reference to 'data_file_url'
extcap/androiddump.c:2629: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:2592: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:2646: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:1708: error: undefined reference to 'ws_inet_pton4'
extcap/androiddump.c:1783: error: undefined reference to 'ws_inet_pton4'
Fix that by explicitly linking against libwiretap and libwsutil when the
linker cannot find those symbols by linking to them through libwireshark.
Change-Id: I4db266fe82927c12d18fec06f9d766b9390bcec3
Reviewed-on: https://code.wireshark.org/review/35855
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When EXTCAP_ANDROIDDUMP_LIBPCAP=1, the compiler warns:
In file included from /usr/include/glib-2.0/glib.h:62:0,
from extcap-base.h:29,
from androiddump.c:26:
androiddump.c: In function ‘extcap_dumper_open’:
androiddump.c:366:19: warning: format ‘%s’ expects a matching ‘char *’
argument [-Wformat=]
g_warning("Can't open %s for saving packets: %s",
pcap_geterr(pcap));
(et cetera)
Fix three occurrences of that warning by using char *fifo as it was
apparently intended.
Fixes: 67a5d9bebe
Change-Id: I0597a345d87594cbe548d118a57e3751d0e3abf6
Reviewed-on: https://code.wireshark.org/review/35853
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
androiddump determines encap type by reading the data link type
value from pcap content generated by tcpdump running on the device.
The data link type is converted from an uint type to an int type
because int is what the pcap/wtap API expects. However the signed
to unsigned conversion is performed on an 8-bit data value rather
than the full 32-bit value making DLT values larger than 127 fail.
Fix the unsigned to signed conversion by determining DLT from the
full 32-bit "network" field from pcap global header instead of
the 8-bit data char array. While at it also take caore of device
to host endianness conversion.
Fixes: v2.5.1rc0-65-gbfef57ebb7 ("androiddump: Fix and simplify tcpdump capture")
Fixes: v2.9.0rc0-694-gafd0eef4f6 ("androiddump: Fix tcpdump encap type when libwiretap is used")
Change-Id: I71629b166a6893763b16e9df33408fee8c99cbd2
Reviewed-on: https://code.wireshark.org/review/34788
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
This reverts commit f1285fcf06.
NSIS package is broken with this commit.
Change-Id: Ief22a308edad188fa2d5fab79355f19493359fa6
Reviewed-on: https://code.wireshark.org/review/34758
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
HTML docs are installed to both $docdir and $pkgdatadir. Fix that
to install to $docdir only.
Change-Id: I115158585b6df9170d9a01249adbc8548df91f14
Reviewed-on: https://code.wireshark.org/review/34640
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The number of packets to generate is unsigned and always finite. The
code supports 64 bits integers as the count and thus for most use cases
(2^64)-1 is good enough alternative for infinite.
Change-Id: I9f83002358d0ab11724dce22802390b145e4ac67
Reviewed-on: https://code.wireshark.org/review/34613
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When there is a problem with output pipe, randpktdump will call
cfile_write_failure_message() which in turn calls cmdarg_err() which
calls print_err. Call cmdarg_err_init() so print_err is not NULL.
Change-Id: Ie459596a473c83204e9aa1d48bb2d2d3717b340a
Reviewed-on: https://code.wireshark.org/review/34495
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On macOS, <build directory>/run/wireshark is a wrapper script that execs
run/Wireshark.app/Contents/MacOS/Wireshark so that Launch Services will
activate our application properly. We don't need to worry about this for
our other executables. Make them symlinks so that we can run things like
`lldb run/tshark` with impunity.
Change-Id: I4e656d778040ece722f873b1a7f6e6e60d21e2a6
Reviewed-on: https://code.wireshark.org/review/33071
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Packet data is raw octets, meaning guint8s, not chars or gchars.
The last argument to recvfrom should be of type socklen_t on UN*X and
int on Windows; wsutil/socket.h defines socklen_t to be int on Windows,
so just use socklen_t.
Change-Id: I5355a246e0f74f39c0f8e198d8dd9769b623af49
Reviewed-on: https://code.wireshark.org/review/33242
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ic5a3653cb8bcc33e0be108c8b201567e7090f9f5
Reviewed-on: https://code.wireshark.org/review/33043
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I5326b87784817fb353329e2d686fe0515c32f6cb
Reviewed-on: https://code.wireshark.org/review/33038
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
And if you call init_progfile_dir(), you must call
init_process_policies() before that.
And even if you *don't* use data_file_url(), you might use it in the
future, or you might use other calls to get data file paths, so make
*all* the extcap programs make those calls.
(Yes, this is important on macOS, for example; it may also be important
on Windows. On other UN*Xes we may just compile in the data file path,
but that's not true on *all* our platforms.)
Change-Id: I99265ed69ec24096884ec067feddd7d7f3855436
Reviewed-on: https://code.wireshark.org/review/32775
Reviewed-by: Guy Harris <guy@alum.mit.edu>
None of the patterns try to match UTF-8 text. Treat the inputs as bytes
to avoid potential crashes on invalid subjects (e.g. malformed data from
an extcap binary, ADB or SSH server).
Change-Id: I6f3113cfd9da04ae3fa2b0ece7b0a3a94312830e
Ping-Bug: 14905
Reviewed-on: https://code.wireshark.org/review/31939
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Clarify that this is only needed for the sdjournal extcap interface and
report the found version in the CMake output.
Change-Id: I40bc540631bda32d0b92e4fcd59d8c1726606d86
Reviewed-on: https://code.wireshark.org/review/31834
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the username or port number are unspecified, libssh will pick an
appropriate default (the local username or port 22 respectively).
Additionally, it will use the ssh config file if possible.
The eth0 interface is not always appropriate. If the -i option is not
specified, tcpdump will select an appropriate default.
Change-Id: I99d2136ab27d1652bb420f44d16df063030fb9ce
Reviewed-on: https://code.wireshark.org/review/31752
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Include directories are no longer globally included, be explicit with
the required include directories or else function checks will fail.
Change-Id: I72d88f94854fcfe6529554f84e49d1dba696e9df
Fixes: v2.9.1rc0-436-ga3991874eb ("CMake: Replace PACKAGELIST magic")
Reviewed-on: https://code.wireshark.org/review/31693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
ui is required by randpkt_core, move it to its deps.
Bug: 15401
Change-Id: Ia8cfaddd220a22c1cf03ec6bf8f83f068f8d94ba
Reviewed-on: https://code.wireshark.org/review/31670
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Instead of using "$ORIGIN/../lib" just use "$ORIGIN".
Also be explicit in configuring the relative RPATH. We don't want
to assume a default relative path, in case more targets are addded,
out of caution.
Change-Id: I3b7f5e8de7be8bb30aca3b433212113d876c4163
Reviewed-on: https://code.wireshark.org/review/31647
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When built with -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib
(as is done by many Linux distributions), do not set an unnecessary
RPATH. This was the case before v2.9.0rc0-2727-g697623411c.
Relocatable builds will still be possible with the default options as
/usr/local/lib is typically not considered a system library path.
Change-Id: Ic6ff1760183c20d3f9f9fb787604e888e116534e
Reviewed-on: https://code.wireshark.org/review/31602
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This is more explicit and easier to read with slightly better locality
while using less code.
Also less awkward when the package doesn't fit the narrow package list
expectations.
The ws_find_package() macro doesn't include all the status messages. The
choice was to rely on standard find_package() and feature_summary() output
and be less verbose.
Avoid polluting the CLI build interface. Per target include paths and
macro definitions are preferred.
Because this patch intentionally removes the global CMAKE_*_FLAGS
and include_directories() usage in favor of target properties, some
untested build configurations may inadvertently break because of
missing ${PACKAGE}_INCLUDE_DIRS or ${PACKAGE}_DEFINITIONS. This
required a manual review of dependencies that might have been
incomplete.
${PACKAGE_VAR}_LINK_FLAGS seems to be unused.
Changing the CMake Qt code to use more modern CMake component syntax
is left as future work.
Change-Id: I3ed75252189a6e05a23ed6e619088f519cd7ed78
Reviewed-on: https://code.wireshark.org/review/31496
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Some source files are duplicated via add_executable. Assuming that these
are not affected by target-specific preprocessor macros, they can be
built only once and shared among executables.
In one configuration, this reduces the number of object files by 55
(cli_main.c and version_info.c alone were built 15 times each).
Removes the version dependency from each target since the 'version_info'
target can now declare this dependency. Remove CLEAN_C_FILES from extcap
since it is not used to set -Werror. Due to removing some files from
wireshark_FILES (and others), these are no longer part of checkAPIs
though. Hopefully that is acceptable.
Change-Id: I0a3f1ffb950e70a6176c96d867f694fbc6476f58
Reviewed-on: https://code.wireshark.org/review/31509
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
What is is it saying we shouldn't be doing?
Change-Id: Iad26687f3f3f482af09760255fef7189ed71a3ae
Reviewed-on: https://code.wireshark.org/review/31391
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I96f937ac7f0b085cd1db80b67f490193b02f9aca
Reviewed-on: https://code.wireshark.org/review/31203
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The pcapng file format specification speaks of a secion block, not
a session block. Let the function name reflect the proper name of
the block it writes.
Change-Id: Id399fae3648c93f4750fedaa297b18f95f2bb96f
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31099
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make our package relocatable on Unix systems.
Linux, Solaris and FreeBSD are known to support $ORIGIN.
Change-Id: Ibcdda33d62c075bfa867d006cb6aaf5824609011
Reviewed-on: https://code.wireshark.org/review/30896
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The verbose config option has been replaced by an extcap base debug
option. Presenting verbose as an available option makes Wireshark
trying to retrieve the value of this option. As the option is not
really supported and invalid options after a recent change now
generate errors the androiddump tool does not start properly.
For reference the problem happens due the unfortunate combo of
these two patches:
v2.3.0rc0-1108-gb83ea46 ("extcap: put missed parameters into the help")
v2.9.0rc0-2431-g945d441 ("extcap: fix return value in extcap_base_parse_options().")
Fix by removing verbose as an available config option.
Change-Id: I894f599708a7160f50ca9ee1f9586022342705cb
Reviewed-on: https://code.wireshark.org/review/30716
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Already when selecting the extcap interface to use the encap type is
known. For some reason when adding packets the type is explicitly
checked for certain values and if not known type is set to
WTAP_ENCAP_WIRESHARK_UPPER_PDU.
This conversion break tcpdump function for all but ETHERNET interface
type. For example NLMON and 802.11 radiotap interfaces does not work.
This problem has probably been there since quite a while back but was not
seen (in the sense that current capture looked OK). Though when:
"3aec5e1 Catch attempts to write multiple encapsulation types if unsupported."
got applied the encap type mismatch is now detected and packet capture stops.
As encap type is known already when selecting the interface to use, fix
this by simply reusing the initial value when dumping the packets.
Change-Id: Ica9824e715c47b285c985ea48cbae0e10e18d542
Reviewed-on: https://code.wireshark.org/review/30715
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This:
1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);
2) leaves space in the interfaces in question for additional compression
types.
(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup. Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).
Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.
Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update sshdump and ciscodump to use it.
Change-Id: I5fbb9e3a870ec8baa0f326ad34733743cbb981f3
Reviewed-on: https://code.wireshark.org/review/30571
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's operating system dependent, but the library takes care of it
on different operating systems.
Options are set with this precedence:
- if user-provided, use it
- if not, take the one from config file
- (username only) if none in the config file, take the current user from OS
Change-Id: I00dcc1c9a8613e6d1250b6404bf2100f6ccff7b7
Reviewed-on: https://code.wireshark.org/review/30558
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I15f5989f08b7e3851a7c4b949d63434fbc750020
Reviewed-on: https://code.wireshark.org/review/30557
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
sshdump and ciscodump have been updated to use it.
Change-Id: I4e1e0d35f086d76c13264939bc4f14308cc88cfb
Reviewed-on: https://code.wireshark.org/review/30496
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We need to split good options' from bad options' return value.
Change-Id: I836e58c0f05716484664f354e7332a74d6a08c20
Reviewed-on: https://code.wireshark.org/review/30503
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch from using WinMain in extcap to wmain.
Change-Id: I54fafad598f5ff74fe84a3ce3e993ac5a31188f7
Reviewed-on: https://code.wireshark.org/review/30094
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use a single template file for most of our program resources. Encode
our resource files as UTF-8. Add resources to extcap/*.exe.
Replace a regex with concatenation.
Change-Id: I0ed49086618127ca4fdef69272f849d8f16e4dab
Reviewed-on: https://code.wireshark.org/review/30088
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add an sdjournal extcap, which reads journal entries using the
sd-journal API and dumps them as journal Export Format records.
Change-Id: I17ccfa88ab5d053c16c869cd26e580d84022502e
Reviewed-on: https://code.wireshark.org/review/29479
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It doesn't matter on UN*X, but it definitely matters on Windows; we're
writing a pcap file, not a text file, so every byte we write should go
down the pipe as is.
Bug: 14989
Change-Id: I26c067b8ff5dba644a579846dd97b568a81c7053
Reviewed-on: https://code.wireshark.org/review/28764
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For testing live capture mode in the Qt UI, it is useful to have a
continous capture source with some dummy packets.
Change-Id: Id76ecbf24828dd3212b208c96679524e4c25b00f
Reviewed-on: https://code.wireshark.org/review/28537
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multi-configuration generators (such as Xcode or VS) append the current build configuration to most paths (eg. Debug/Release). Currently this results in inconsistent paths for the application bundle and the included command line tools. This commit sets the correct path information for multi-configuration generators for macOS application bundles. The standard Makefile behaviour is untouched.
One Windows specific configuration was changed, as it was conflicting with these changes. This needs to be checked before merging.
Additionally the wrapper scripts are omitted for Xcode, as the path to the binaries depends on the configuration chosen in Xcode. Therefore it is not viable to create these scripts in the cmake run.
Bug: 11816
Change-Id: Ib43d82eb04600a0e2f2b020afb44b579ffc7a7c9
Reviewed-on: https://code.wireshark.org/review/28291
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The EXTCAP_DIR must be known in the root file to be set in config.h
and it's still needed in extcap/ to install the binaries, hence we
need caching it as well.
Bug: 14724
Change-Id: I58bac7de7a00e06c23fe8c8f1a7e3d299de6a560
Reviewed-on: https://code.wireshark.org/review/27776
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
androiddump determines encap type by parsing pcap global header from
tcpdump binary output. Only when libpcap is used with androiddump
this (pcap linktype) value can be used right away. Libwiretap
uses its own encap values but is feed with pcap linktype values
making the whole packet encapsulation invalid.
Fix by converting pcap linktype values into wiretap encap values
(For pcap linktype definitions see http://www.tcpdump.org/linktypes.html)
(For wtap encap defininitions see wiretap/wtap.h)
Fixes: bfef57ebb7 ("androiddump: Fix and simplify tcpdump capture")
Change-Id: I5ea86204b8e5774fd84d4007db8c2910680dbd53
Reviewed-on: https://code.wireshark.org/review/27747
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Florian Bezold <florian.bezold@esrlabs.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
caputils/ws80211_utils.c contains a re-definition of the linux kernel's
nla_for_each_nested() macro that applies the correct casts to allow
compilation with a C++ compiler.
Make this definition public by moving it into a new wsutil/netlink.h
file. Include the kernel's original definition before we overwrite it. This
way, it's not necessary for a .c file to include wsutil/netlink.h after
the system includes.
Use our nla_for_each_nested() version in extcap/dpauxmon.c to squelch the
following compiler warning:
[1664/2251] Building C object
extcap/CMakeFiles/dpauxmon.dir/dpauxmon.c.o
../extcap/dpauxmon.c: In function ‘family_handler’:
../extcap/dpauxmon.c:168:13: warning: request for implicit conversion
from ‘void *’ to ‘struct nlattr *’ not permitted in C++ [-Wc++-compat]
nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], rem_mcgrp) {
Change-Id: I6ba40ef6343c5d168c1b0c4554f13202911ded76
Reviewed-on: https://code.wireshark.org/review/27688
Reviewed-by: Anders Broman <a.broman58@gmail.com>
You either need to tell mktime() that 1) DST/Summer Time is in effect,
2) DST/Summer Time isn't in effect, or 3) we don't know whether
DST/Summer Time is in effect, you figure it out.
We set tm_isdst to -1, to choose option 3), which is what we want.
Fixes Coverity CID 1435496.
Change-Id: I0f22ef1201ee8abefb3fa75aa3432b021fb13cfd
Reviewed-on: https://code.wireshark.org/review/27408
Reviewed-by: Guy Harris <guy@alum.mit.edu>
extcap-base.c:293:43: error: cast between incompatible function types from ‘void (*)(void *)’ to ‘void (*)(void *, void *)’ [-Werror=cast-function-type]
extcap-base.c:302:45: error: cast between incompatible function types from ‘void (*)(void *)’ to ‘void (*)(void *, void *)’ [-Werror=cast-function-type]
extcap-base.c:321:42: error: cast between incompatible function types from ‘void (*)(void *)’ to ‘void (*)(void *, void *)’ [-Werror=cast-function-type]
Change-Id: Ifd9151d04412c5e29636dc14c57a327cc12d33f3
Reviewed-on: https://code.wireshark.org/review/27265
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an optional argument to extcap-version, which tells the utilities
the wireshark version and therefore allows them to handle different
versions differently.
If no version is provided, the utility has to assume it is dealing
with a Wireshark 2.x version (default behavior).
Change-Id: I51658300f28f503ca8050d204b73749f1a54df16
Reviewed-on: https://code.wireshark.org/review/26752
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The code to read and skip btsnoop header was written in a way where
it reads up to PACKET_LENGTH bytes of data, skips the header, then
move rest of data back start of buffer. So far so good. The code
then resets number of bytes used in buffer making it skip rest of
all data read.
Many times this works fine but only by luck. When there's no data
transfers first recv call will always only return the header
(sender side writes header separately right after accept).
When data transfers are ongoing first recv call will return both
header and data. Then initial data is lost but more importantly
risk parsing data with invalid offset.
Fix by reading btsnoop header separately from rest of data.
Change-Id: Ie52c33f943d8b311e0cd5638ec1a7d4840e271b8
Reviewed-on: https://code.wireshark.org/review/26659
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
ps command is used to find com.android.bluetooth process. From
Android Oreo the ps command needs -A parameter for listing all
processes.
Change-Id: I1a547a0d61175c1e194823462661ec69e711ca50
Reviewed-on: https://code.wireshark.org/review/26652
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Code assumes btsnoop net port is the first tcp socket found in
/proc/<pid>/net/tcp. If it is not the port number lookup will
fail.
Fixed by searching all open tcp sockets for a match.
Change-Id: I988fe18680600b59c595f3d619d95c72c1a6966d
Reviewed-on: https://code.wireshark.org/review/26651
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Commit 043ed1f6 enabled non-blocking connect on Windows. This seems to
break androiddump on Windows completely, since a successful connection
always returns SOCKET_ERROR on connect, with WSAGetLastError() set to
WSAEWOULDBLOCK.
Apparently, the only way to check for a real connection is to try a
write select on the socket:
https://stackoverflow.com/questions/35370239/timeout-in-connect-function-from-winsock
This fixes androiddump on Windows:
- If ADB server is running, extcap interfaces are listed
- If ADB is not running, there is no noticeable delay in Wireshark
Change-Id: I6bd772215c7b232c8fe8e840cb7ad1d54c7d8860
Reviewed-on: https://code.wireshark.org/review/25715
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use "exec:" ADB command to get raw (non-PTY) tcpdump output
This is also supported on Android devices before Android 7, and is a
much easier approach than testing the new "shell,raw:" command and
falling back if unsupported. This basically undoes commit 5ebc3277.
2. Pass "-U" to tcpdump to prevent on-target buffering
Before using the "shell,raw" approach in commit 5ebc3277, I tried the
"exec:" command already, but experienced extreme buffering of the
tcpdump output, which is unacceptable for live trace viewing.
Turns out, the buffering is determined "automatically" by libpcap:
- When running in a PTY, output is flushed fast for viewing
- When _not_ in a PTY, output is not flushed and thus heavily buffered.
The "exec" command obviously doesn't use a PTY.
Fortunately, tcpdump has a "-U" option to flush the output after each
catpured packet, which is exactly what we need.
3. Ignore tcpdump stderr output
Enabling "-U" caused androiddump to fail, because it happened that the
tcpdump stderr logs were mixed with the stdout data. (We were probably
lucky this didn't happen without -U as well).
To fix this, we just ignore stderr completely by adding "2>/dev/null" to
the tcpdump command.
4. Get linktype from pcap global header
The stderr logs were previously parsed to get the textual linktype.
This is now replaced by a simpler & less fragile approach: tcpdump
prints the global pcap header, which contains precicesly the linktype
info we need.
5. Parse pcap global header magic correctly for timestamps & endianness
The previous code only supported the "classic" pcap header magic and
might also been incorrect on big-endian host machines.
Now, endian handling is simplified and we can detect the "nanosecond
timestamp" magic values as well.
This fixes the problem that extcap_dumper_dump expects *nano*second
timestamps, but the previous code supplied *micro*seconds if on-target
tcpdump outputs microseconds.
6. The parsing simplifications above allowed the main loop for tcpdump
capture to be simplified considerably.
Change-Id: Id66791e700a8943b86128f044f080bee60a9fa79
Reviewed-on: https://code.wireshark.org/review/25713
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Running "tcpdump -D" on target seems to be a expensive operation in some
cases, not finishing within the 500ms timeout on several devices (~1000 ms
in one of our cases).
Change-Id: I57e4d31f12c4e393ff84e79b64cb024b74a11f0e
Reviewed-on: https://code.wireshark.org/review/24719
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
g995812c5f1 moved wiretap plugins registration from applications to
wiretap library init function.
As we do not want to load plugins for all users of libwiretap, let's
make it configurable.
Bug: 14314
Change-Id: Id8fdcc484e2d0d31d3ab0bd357d3a6678570f700
Reviewed-on: https://code.wireshark.org/review/25194
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If there's a network interface on the device without the 'flags'
field and at the same time exist other network interfaces
with the 'flags' field present a null-dereference happens accessing
the non-matched regex flags field.
Fix crash by adding explicit null check to ensure (optional) regex
group really matched.
Fixes: 7dcf57719f ("androiddump: Support older on-target tcpdump versions")
Change-Id: Ia08dd8547c9cdda96b3c62b99d98ff1d85bd6cd2
Reviewed-on: https://code.wireshark.org/review/25198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The output of 'tcpdump -D' only outputs interface flags from Android 7
onwards. Since it would be sad to lose the great androiddump support for
all older devices because of this, the logic is extended so that it
lists all interfaces if no '[' and ']' is found in the output.
Also, the used regex seemed to require an interface description, which
might not exist (even with new tcpdump versions). Now, interfaces
without description are not filtered.
Change-Id: I92b550a37b9bc0d0142aed68ee98f26de79be759
Reviewed-on: https://code.wireshark.org/review/24720
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Devices running Android >= 7 have a different adb shell handling than
before:
- Before Android 7, adb always runs shell commands in a PTY
(pseudoterminal), which automatically converts all \n to \r\n
- Since Android 7, adb no longer uses a PTY if a command is directly
started (like 'tcpdump' in our case).
The original androiddump code reversed the PTY \r\n handling as for
older devices. Commit 66507b9 for bug 13510 removed that which supported
newer devices while breaking all older devices.
This fix tries to support both by first trying to use the new
"shell,raw:" adb command syntax. If that succeeds, adb/device must
support non-PTY shells and we don't reverse any \r\n.
If that fails, it's most likely an older device, and we fall back to the
original "shell:" command and enable \r\n reversal.
(To prevent misleading error popups in Wireshark, the warning log in
adb_send when the first attempt fails is changed to a debug log).
Ping-Bug: 13510
Change-Id: I7e0a4f594ebe5dde682cceb667330459337a0c9c
Reviewed-on: https://code.wireshark.org/review/24721
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
This looked a bit odd since the capture filter is variable length.
Removing it makes sshdump work.
Change-Id: I454c6263c04019d5e8ecbecd2490dd10185f5c67
Reviewed-on: https://code.wireshark.org/review/24531
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This sets the scope of the static build option to Wireshark support
libraries only.
Before the patch:
Static plugins don't work with CMake and autotools.
autotools static build is broken, and most likely will always be, as
building Wireshark all-static is difficult and time-consuming.
After the patch:
For CMake Wireshark will be built with static or shared libraries and
dynamic plugins. Everything just works. CMake apparently doesn't want
you building static and shared libraries at the same time.
For autotools Wireshark will be built with shared libraries by default.
--disable-shared and --enable-static options work as usual. Dlopened
plugins are not built if --disable-shared is given to configure (to
disable shared libraries). This is a limitations imposed by libtool.
Tested on Linux. This removes broken support for building plugins
statically.
Change-Id: Ib8e8176976f136eea93a2ce8f9857b6cf9bec64c
Reviewed-on: https://code.wireshark.org/review/24241
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Error checking omitted like in original code.
Change-Id: If8b4181d30ddf5717951aaf7ec61db25c0bc5322
Reviewed-on: https://code.wireshark.org/review/24309
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: Id3d9229f5d61390f2f4127c8dfdf445935297e85
Reviewed-on: https://code.wireshark.org/review/24300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to README.extcap documentation all extcap tools must
support the --extcap-dlts option. For performance reasons support
for this option was removed by commit:
9328eb6 androiddump: Register interfaces when list interfaces
A side effect of not implementing the option is that dumpcap is
then also called to try to retrieve interface capabilities
for all androiddump interfaces. As extcap interfaces are not
local network interfaces errors like these are logged
whenever the interface list is refreshed:
Capture Dbg sync_if_capabilities_open
Capture Info sync_pipe_run_command() starts
Capture Dbg argv[0]: /usr/local/bin/wireshark/dumpcap
Capture Dbg argv[1]: -i
Capture Dbg argv[2]: android-tcpdump-wlan0...
Capture Dbg argv[3]: -L
Capture Dbg argv[4]: -Z
Capture Dbg argv[5]: none
Capture Dbg sync_pipe_open_command
Capture Dbg read 25 ok indicator: E len: 333 msg: E
Capture Dbg sync_pipe_wait_for_child: wait till child closed
Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
Capture Info sync_pipe_run_command() ends, taking 0.012s, result=-1
Capture Msg Capture Interface Capabilities failed. Error -1, The
capabilities of the capture device "android-tcpdump-wlan0..."
could not be obtained (android-tcpdump-wlan0...:
SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: No such device).
Please check to make sure you have sufficient permissions, and
that you have the proper interface or pipe specified. ()
To avoid error prints and to fulfil the documented equirements for extcap
tools register a fake interface with what would be the properties of such
an interface.
Change-Id: If174adbb64c66132be4225f854bbf9f66d2f5ed1
Reviewed-on: https://code.wireshark.org/review/23093
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The packet-per.c intialisation of ext_length is not really
needed - idx could be -1 with or without extension_flag
being set. But it'd be best not to have someone need to
think this through again.
Change-Id: If07f98ac7d7f2619149e35a2a0d75b765839a7ba
Reviewed-on: https://code.wireshark.org/review/23905
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
struct timeval is defined in <sys/time.h>, include it.
It should fix building with musl:
udpdump.c: In function 'setup_listener':
udpdump.c:126:9: error: variable 'timeout' has initializer but incomplete type
struct timeval timeout = { 1, 0 };
Change-Id: Id9be579e50ea2845ca609708e8ec4d1a3858ecc0
Reviewed-on: https://code.wireshark.org/review/23728
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
For a sane plugin build environment. Include config.h as the first
header in the .c file instead.
Fix by moving required compiler attribute macros to a new
"ws_attributes.h" API header.
Change-Id: I34f58a927f68c1a0e59686c14d214825149749e1
Reviewed-on: https://code.wireshark.org/review/23400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Bug: 13847
Change-Id: I3a706db25204fe4c1fd1b7be3b17b8c55365dccf
Reviewed-on: https://code.wireshark.org/review/23169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some Android devices support 802.11 monitor mode and nlmon
interfaces. Add linktype defines to be able to capture frames
from such interfaces.
Change-Id: I8b8b444ac2821542fc946694b71c8d9fb7ba1238
Reviewed-on: https://code.wireshark.org/review/23080
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Recent changes had the bt snoop capturing function stop working for
Android API versions >= 21. One of the command strings used for
detecting btsnoop server socket interface got messed up when
refactoring code. Fix by using the correct command strings again.
Fixes: faf100ec ("androiddump: Introduce adb_connect_transport helper function")
Change-Id: Id645d24cfb0cb23f36484cfd6416768c89bce51b
Reviewed-on: https://code.wireshark.org/review/23106
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Let androiddump's internal definition of encap types directly
use linktype values from libpcap/wiretap. This way back and forth
conversion between internal and public values can be avoided.
Change-Id: I67522283cc3eb15cbdb1bfdd829bb1ff0031bb82
Reviewed-on: https://code.wireshark.org/review/23079
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This function is helpful to debug the interaction between the
calling UI and the extcap itself.
All extcaps have been changed accordingly.
Change-Id: I358caf4c50797501672bf77fdd91f7276897078c
Reviewed-on: https://code.wireshark.org/review/22806
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Some more repeated code patterns identified. Reduce code duplication
by adding some helper functions.
Change-Id: I0fecd511fd56049e9eae111cdad08252dffff6cb
Reviewed-on: https://code.wireshark.org/review/22480
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix a few cases where socket is not closed on failure path.
Change-Id: Id116a8e5f14979f962fdf725c62999758b79109e
Reviewed-on: https://code.wireshark.org/review/22481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If linktype cannot be determined from tcpdump output the
lookup function is handed a NULL which is then strcmp:ed.
Handle NULL parameter by explicit check.
Fixes Coverity CID 1413923
Change-Id: I290c116991d15cef0a1e954a9f8b76722a5f450c
Reviewed-on: https://code.wireshark.org/review/22483
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The regex matching for linktype might be performed multiple
times. Make sure string is freed before fetched again.
Change-Id: Ice7812ff4a3a8e6a1497ab2ef5aa94976502c16f
Reviewed-on: https://code.wireshark.org/review/22482
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
androiddump used to start tcpdump without specifying the interface
to capture packets on. This works when only one interface is up
but when multiple interfaces are up the output might be empty.
This change let tcpdump list all available network interfaces
and adds a unique extcap interface for each interface that is 'up'
on the device.
Change-Id: Icf0d7fa8f38320092579d4163dcdbcf2b687d8cc
Reviewed-on: https://code.wireshark.org/review/22402
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Instead of treating all output from Android tcpdump as Ethernet
data link type parse what tcpdump acually tells it to be.
This is needed as there are cases when the output is not Ethernet.
For example when starting packet capture on a device with multiple
interfaces up.
NOTE: As translation between tcpdump reported DLT and androiddump's
internal type was needed for now support is only added for types
used by network interfaces of tested devices (i.e. ETHERNET and
LINUX_SSL).
Change-Id: Ie3f9167176c336cb31f6e681f1daac6135a78883
Reviewed-on: https://code.wireshark.org/review/22401
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the variable used for it an int; that's large enough, and, on
Windows, not so large that it provokes warnings.
Change-Id: I00600d816f69d79f7a42eb09b1290ff7708b0bfc
Reviewed-on: https://code.wireshark.org/review/22420
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All strings sent to adb are prefixed with the length as a 4 byte
hex string. The length info prefix was manually hard coded into
strings. To avoid mistakes when updating code and to simplify
reading the source code instead let the various adb_send functions
calculate string lengths and generate the 4 byte hex string
prefixes.
Change-Id: I4178e9df5930a1c7904053e5a7750c943efddc84
Reviewed-on: https://code.wireshark.org/review/22399
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Same code pattern is used over and over when connecting to an adb
server. Introduce a helper function that perform the function of
connecting to specified adb server and transport.
Change-Id: Id2f72f1eb976fa0d742a6db1ef6d592264990ba1
Reviewed-on: https://code.wireshark.org/review/22398
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Comments in code claim:
"The data we are getting from the tcpdump stdoutput stream as the
stdout is the text stream it is convertinng the 0A=0D0A; So we
need to remove these extra character."
This is not true on non-Windows systems at least so avoid the filter
when not built for Windows.
NOTE: A problem with the filter is that it operates on all bytes
received on the socket, including packet data(!). Capturing
data with CR/LFs (for example an HTTP request) will fail. Ideally
the filter should be replaced with some other mechanism but as I
don't have a Windows system to verify that the comment claims are
valid, this change will at least make androiddump work on
non-Windows systems.
Bug: 13510
Change-Id: Ic00f44fa7516c0db7fc015ed8685deb365a347db
Reviewed-on: https://code.wireshark.org/review/22397
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
udpdump has local copies of the tag values from exported_pdu.h, so the
dependency isn't needed. exported_pdu.h required tv_buff.h and packet_info.h,
whose inclusion caused link errors on SPARC.
Bug: 13801
Change-Id: Icbf7b59b8af0d3a0fc73599baad6932e76dc3462
Reviewed-on: https://code.wireshark.org/review/22131
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have a header file that defines HAVE_REMOTE if HAVE_PCAP_REMOTE is
defined, and then includes pcap.h. Replace all other includes of
pcap.h, and the definition of HAVE_REMOTE, with includes of that file.
Check for anything other than wspcap.h including pcap.h in checkAPIs.pl.
Change-Id: I3cbee8208944ad6f006f568b3fe3134e10b2a883
Reviewed-on: https://code.wireshark.org/review/21605
Reviewed-by: Guy Harris <guy@alum.mit.edu>
WinPcap made the mistake of having stuff in its public header fines
depend on a configuration #define, HAVE_REMOTE; this means that we need
to forcibly define it when building with remote capture support.
The tip of the libpcap master branch does not have that botch; hopefully
future versions of libpcap-for-Windows will be based on that libpcap and
thus lack that botch as well.
Defining HAVE_REMOTE in config.h is not the right fix, as it makes it
look like a *Wireshark* configuration option that code in Wireshark
should test, rather than a *WinPcap* configuration option that the
pcap.h that ships with the WinPcap SDK should have been changed, as part
of the build process, to correctly define or not, so that users of
WinPcap don't have to define it themselves.
Change-Id: I62d1eca6d3c900d0dcc9fbc011db77f595a86313
Reviewed-on: https://code.wireshark.org/review/21593
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pascal Quantin