Store the field filter strings in a wmem_map pointing to the
field flags for each string. This allows specifying multiple
filter options (-j or -J) on the command line, including some
of both.
Fix#17470
XML 1.0 allows valid UTF-8 characters, except for the ASCII control
characters other than tab, carriage return, and line feed.
(It does not allow form feed and vertical tab, so the allowed group is
not the same as the standard ctype.h isspace category. It also
allows but discourages DEL (\x7F).)
The characters cannot be included as character references of the
form &#xx; either; there is technically no way to include them.
Escape them as done prior to 89e96c1e77
but continue to leave bytes with the high bit set alone so that
UTF-8 printable characters are not escaped.
Fix#10445
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix#18168.
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
The header ftypes-int.h should not be used outside of epan/ftypes
because it is a private header.
The functions fvalue_free() and fvalue_cleanup() need not and should
not be macros either.
Dependending on version_info is unnecessary and forces an epan
rebuild every time the git commit id changes, which can be slow,
especially with LTO enabled, and again is unnecessary.
Printing the VCS version to the TLS debug log is a minor convenience
that doesn't justify the cost to relink epan with every commit.
Note that it was impossible to actually overflow
the buffer, and there is a check to flush and restart
if it gets to within a few bytes of the end, but static
analyzers (CID: 1477927) are unlikely to be able to work
this out.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
It has the "feature" that, if handed a negative value, it might just
exit. gmtime() doesn't have that "feature", and is sufficiently
thread-safe for our purposes; use it instead, and check to make sure it
doesn't return a null pointer.
The previous fix for #17179 still used gmtime_s(); this doesn't, so it's
a better fix for #17179.
Speed functions to print hex bytes, escape XML strings and
print out indents by avoiding specifier calls, and building
larger strings before calling fputs().
Someone mentioned this in the sharkfest chat yesterday.
Also, Ostinato relies upon this when importing from pcap.
An example capture I have has gone from 18 to 11 seconds.
The check in the caller suggests this function can fail. The
assert should not be necessary, then.
Bug: 16218
Change-Id: Ic2186f3c51751db61436719bbf5bce609d364d40
Reviewed-on: https://code.wireshark.org/review/35162
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The outputs of -T ek and -G elastic-mapping don't match. To be effective
the fields in the mapping report and the fields in the traffic output must
be the same.
2 issues have been fixed. The elastic-mapping requires the parent protocol
to be prepended to the field to match the traffic output. The field "dns.a"
has been changed to "dns_dns_a".
The traffic output prints some fields with a leading "text_". This happens
for some fields that have been created under a text only field. One example
is "dns.a", that was printed as "text_dns_a". This has been fixed by accessing
the parent hfinfo resulting in "dns_dns_a" as other fields for the dns
protocol.
Bug: 15759
Change-Id: Ibd000c865102ca49bb6a6394019a475483eae4cc
Reviewed-on: https://code.wireshark.org/review/33099
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Newer versions of elastic are using 'doc' as type. Change the code
according to that.
Fix point (4) of the linked bug.
Bug: 15763
Change-Id: Ia28102a0914c6308eb3516daa57af2e49ce9a4e5
Reviewed-on: https://code.wireshark.org/review/33111
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Small rework while here to prevent the creation of str_escaped if
the input string is enough for the check.
Bug: 15758
Change-Id: I5facf0307d1e0fed882bbe3ef91463164cf3440c
Reviewed-on: https://code.wireshark.org/review/33100
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The 'null' placeholder has been used in such a fields. Otherwise
the json dumper would complain for the lack of a value, getting
confused by a double name add without values.
Bug: 15628
Change-Id: I016325790f8d4a02ed9288225e861ba2d23a82f9
Reviewed-on: https://code.wireshark.org/review/32532
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
fix warning found with clang and -Wdocumentation CFLAG
Change-Id: I9fc122012161c5942c08cb90a9aeda1da6185180
Reviewed-on: https://code.wireshark.org/review/31808
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the assertion to check for the actual requirements. Add tests for -T
combined with -e.
Bug: 15444
Change-Id: I83e7663572db0c60194f6d6128b9e1ae7396b3f6
Fixes: v2.9.1rc0-226-g30c90fa745 ("epan: use json_dumper for json outputs.")
Reviewed-on: https://code.wireshark.org/review/31724
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of using the current date (that can differ from packets)
take if from the current frame. That will put the frame in an index
related to its capture date instead of its loading date.
Small indentation fixes.
Change-Id: If9f9dad1399c2b1bf145e8bcc45a6936e4599cd7
Reviewed-on: https://code.wireshark.org/review/31204
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This fixes the following asserts
#2 0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e11f90 "/home/vasko/sources/wireshark/epan/print.c", line=598, func=0x7ffff4e12e20 <__func__.18585> "proto_tree_write_node_pdml",
message=0x555555aaab70 "code should not be reached") at gtestutils.c:2532
#3 0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#2 0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e11f90 "/home/vasko/sources/wireshark/epan/print.c", line=983,
func=0x7ffff4e12e40 <__func__.18697> "write_json_proto_node_hex_dump", message=0x555555aac9d0 "code should not be reached") at gtestutils.c:2532
#3 0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#4 0x00007ffff39a8f87 in write_json_proto_node_hex_dump (node=0x7fffdc86e550, data=0x7fffffffce60) at /home/vasko/sources/wireshark/epan/print.c:983
#2 0x00007ffff0d270f3 in g_assertion_message (domain=0x0, file=0x7ffff4e12010 "/home/vasko/sources/wireshark/epan/print.c", line=1299,
func=0x7ffff4e12ef0 <__func__.18804> "ek_write_hex", message=0x555555aac290 "code should not be reached") at gtestutils.c:2532
#3 0x00007ffff0d8015e in g_assertion_message_expr () at gtestutils.c:2555
#4 0x00007ffff39a9a32 in ek_write_hex (fi=0x7fffdc86e4e0, pdata=0x7fffffffce90) at /home/vasko/sources/wireshark/epan/print.c:1299
Change-Id: I48a7e87863fb6708cd668582a240e5ba71d1b5a0
Reviewed-on: https://code.wireshark.org/review/28891
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tshark poorly handles printing when using -T options where a field
contains newline, carriage return, or other special characters such as tab.
Bug: 14907
Change-Id: I94a797bb98b94aac254bcd2e6911b37192e9c91f
Reviewed-on: https://code.wireshark.org/review/28442
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
For each occurrence, if there was already an occurrence in the array, we
were just removing it. not freeing what it pointed to.
While we're at it, expand comments. and always check the array size with
"!= 0", not "> 0" - the value is unsigned, so they're equivalent, but
this makes the code more self-consistent.
Change-Id: I538f46b296a7721a39ba4366c2f6269e7e097b0d
Reviewed-on: https://code.wireshark.org/review/26328
Reviewed-by: Guy Harris <guy@alum.mit.edu>
John Thacker