Change-Id: I4f1078b20f41800f72a751612703ad0d4c2ae87b
Reviewed-on: https://code.wireshark.org/review/6323
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Almost all instances require using "manual" memory management, but it gets some ep_ calls out of the GUI.
Change-Id: Ifa7303766b08d09442ccf3d7063cbe061578ecd9
Reviewed-on: https://code.wireshark.org/review/6318
Reviewed-by: Michael Mann <mmann78@netscape.net>
Changed all remaining code in wslua that was using emem, to use wmem or
simpler methods.
Bug: 9927
Change-Id: I3d19a770e0fd77d996bdb6b61a76a722cc2bcd55
Reviewed-on: https://code.wireshark.org/review/6109
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Update a comment pertaining to that, while we're at it.
Change-Id: Ic0a3f8575f8e98ca6032ed3e06e3dd76055d65a1
Reviewed-on: https://code.wireshark.org/review/6192
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise it will trigger an assert
Fixes a regression introduced in gf002332
Change-Id: I0cffa2c952b7eff085a1834ebabfec03342095bd
Reviewed-on: https://code.wireshark.org/review/5950
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I8cce9fddbfe950e27e96ea8a5a6d2e0921ff4260
Reviewed-on: https://code.wireshark.org/review/5933
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Only parse the host file syntax without trying to store the names in the hash tables (it will be done later in host_name_lookup_init())
Change-Id: I2b8c7b29220e6413c1b5c0a0fa238ecb5388c962
Reviewed-on: https://code.wireshark.org/review/4309
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
I made a stupid when simplifying the bit-twiddling, and accidentally reversed
two of the bytes which completely broke MAC address name resolution.
Bug: 10344
Change-Id: I0720755fb290423150e4d84da9d45cb0b76341e4
Reviewed-on: https://code.wireshark.org/review/3522
Reviewed-by: Michael Mann <mmann78@netscape.net>
With autotools, CMake, and nmake, if we have a function, #define
HAVE_{function_name_in_all_caps}, otherwise don't #define it.
If we provide our own version of a function in libwsutil, make sure we
have a header that declares it, and *ONLY* include that header if
HAVE_{function_name_in_all_caps} is *NOT* defined, so that we don't have
the system declaration and our declaration colliding.
Check for inet_aton, strncasecmp, and strptime with CMake, just as we do
with autotools.
Simplify the addition of {function_name_in_all_caps}_LO to libwsutil in
autotools.
Change-Id: Id5be5c73f79f81919a3a865324e400eca7b88889
Reviewed-on: https://code.wireshark.org/review/2903
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As Anders correctly pointed out in I7d8f84b2e, constantly resetting state will
turn init_dissection into a bit of a hot path. Especially as we will already
bear the overhead of switching files, we don't want to fall any further behind
than we have to.
This change includes three unrelated optimizations that reduce the cost of
init_dissection by about 40% as measured by callgrind:
- only initialize ares/ADNS if that preference is enabled (this of course only
applies if you specify -n to tshark or otherwise disable the preference)
- use memcpy instead of a loop in sigcomp UDVM init
- use memcpy instead of a loop in bootp dissector
The only remaining obvious hot spot in this path is reassembly_table_init since
it is called by so many dissectors. Suggestions (perhaps to get rid of the
GPtrArray) welcome.
Oh, and one other change to use g_strerror instead of strerror as insisted
upon by the API pre-commit hook.
Change-Id: I18a74f2b64b25498116079bd4e7fc2b335c7703a
Reviewed-on: https://code.wireshark.org/review/2738
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rather than allocate 4 bytes and use g_int_*, use GUINT_TO_POINTER and
g_direct_*. Should save some time/memory.
Change-Id: Ie03d234703f68bb76131c5ddf17953d23bb54a0d
Reviewed-on: https://code.wireshark.org/review/1582
Reviewed-by: Evan Huus <eapache@gmail.com>
The capture for bug 10078 caused the buildbot to time out; callgrind revealed an
enourmous amount of time being spent looking up ethernet addresses. The previous
code cast each address (6 bytes) to a guint64 (8 bytes) then used the built-in
g_int64_hash. Unfortunately, g_int64_hash is an *awful* hash function - it
produces a 4-byte hash by simply discarding the upper 4 bytes of its input.
For the capture file in question this strategy (which effectively ignores the
upper two bytes of each ethernet address) produced an astounding number of
collisions, leading to the terrible running-time.
Use wmem_strong_hash directly on the 6-byte address instead, which saves us a
bunch of useless casting and bit-twiddling and produces a much better hash
distribution. This shaves 20% off the time to tshark-with-tree the capture file
in question *despite* a substantially more expensive hash function
(wmem_strong_hash is not exactly fast compared to g_int64_hash).
Bug:10078
Change-Id: I8e81cbc478e6394ec3a8efe39eec08f680a55609
Reviewed-on: https://code.wireshark.org/review/1543
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modern hosts typically open many more TCP and UDP connections than in
years past. For an example opening a popular news site in a web browser
can easily trigger dozens of separate connections. At the same time our
services file has accumulated a lot of cruft over time. As a result
transport name resolution is a bunch of lies.
Change-Id: Ibbca5b1c7ea1e800fc46dad63b9270128dacd721
Reviewed-on: https://code.wireshark.org/review/1240
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add ep_ to routines that may return ephemeral strings.
Change "get_XXX" to "XXX_to_display" if the routine returns a formatted
string if it can't get a name.
Change-Id: Ia0e82784349752cf4285bf82788316c9588fdd88
Reviewed-on: https://code.wireshark.org/review/1217
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"get_addr_name()" -> "ep_address_to_display()", to 1) indicate that it
returns a string with ephemeral scope and 2) indicate that it maps an
address to a "displayable" form - a name if possible, an address string
if not.
"se_get_addr_name()" -> "get_addr_name()", to indicate that its strings
have the same scope as "get_ether_name()", "get_hostname()", and
"get_hostname6()".
Change-Id: If2ab776395c7a4a163fef031d92b7757b5d23838
Reviewed-on: https://code.wireshark.org/review/1216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This should significantly reduce memory usage, without increasing the
CPU time required to process a capture file in TShark or Wireshark.
As a result, se_address_to_str() is no longer used; eliminate it.
Fixes bug #9949.
Change-Id: I65a112a426c82cc73a957b81384c765c3d14f2c3
Reviewed-on: https://code.wireshark.org/review/1213
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
bytestring_to_ep_str (now deprecated). Use the new one in a few obvious places.
Also just print directly to the buffer when loading ethernet addresses for
resolution. The straight-to-buffer bytes_to_hexstr seems useful, maybe it
shouldn't be in a private header...
svn path=/trunk/; revision=54270
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
Ref https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9082
Since this commit the IP (source and destination) address in the GUI will be
replaced with some date after I click on the entry, reverting this commit fixes
the problem.
This looks like a memory corruption. I imported an older pcap file.
svn path=/trunk/; revision=51579
[ 6%] Building C object epan/CMakeFiles/epan.dir/addr_resolv.c.o
/home/jmayer/work/wireshark/svn/trunk/epan/addr_resolv.c:1927:1: error: unused function
'get_ipxnetbyname' [-Werror,-Wunused-function]
get_ipxnetbyname(const gchar *name)
^
/home/jmayer/work/wireshark/svn/trunk/epan/addr_resolv.c:2009:1: error: unused function
'add_ipxnet_name' [-Werror,-Wunused-function]
by #if 0/#endif the functions. If they really are not needed any more
they should be removed.
svn path=/trunk/; revision=51438
since it's used in several places. Don't allocate a key just to do a hash-table
lookup, we only need to do that if we're actually inserting. Fixes another ~1KB
of leaks.
svn path=/trunk/; revision=51364
- if we find a name during lookup, return it even if it's not a dummy
- read personal hosts after global hosts so that they take precedence
Neither of these problems appear to be new - the recent work did not change this
logic, so I have no idea how come name resolution wasn't failing before, but I
guess the old hash table was weirder than I thought...
svn path=/trunk/; revision=51326
Also tweak some ifdefs of function signatures. The multiple braces were
confusing my folder and my indenter, so ifdef *only* the changed parameters and
leave the bracing alone. This has the benefit of being a bit clearer too, I
think.
svn path=/trunk/; revision=51291
the various name resolvers; put those two routines next to each other.
Add generic addr_resolv_init() and addr_resolv_cleanup() routines which call
all of those internal routines.
Call the generic init/cleanup routine from epan_init() and epan_cleanup().
Create the hash tables for each name resolver in those initialization routines
in order to avoid having to repeatedly check if the table is already created
or not (and to avoid glib warnings if we neglected to perform that check):
http://www.wireshark.org/lists/wireshark-dev/201308/msg00012.html
Don't clean up hostnames in init_dissection(): it's done already in cleanup_dissection().
Don't initialize hostnames in cleanup_dissection(): it's done already in init_dissection().
svn path=/trunk/; revision=51191
cases; set it before we do the hash table lookup. Don't initialize
serv_proto to null when we declare it - that covers up cases where we
fail to set it correctly.
Clean up indentation.
svn path=/trunk/; revision=51164
this fixes
CC libwireshark_la-addr_resolv.lo
addr_resolv.c: In function 'serv_name_lookup':
addr_resolv.c:666:3: error: logical 'or' of collectively exhaustive tests is always true [-Werror=logical-op]
svn path=/trunk/; revision=51160
in order to fix the compile error
addr_resolv.c:1250:1: error: 'hash_eth_wka' defined but not used
[-Werror=unused-function]
svn path=/trunk/; revision=51085
addresses; they look weird, and can cause problems with existing
versions of Wireshark when written in a Name Resolution Block.
Should fix bug 8763.
svn path=/trunk/; revision=49852
file. That should be loaded no matter what if we have name resolution
enabled.
Add a name resolution test suite. Currently disabled until I can test it
on Windows.
svn path=/trunk/; revision=49657
that directory since 2001 and reading from that directory was only left in for
backwards compatibility with versions prior to r4702. I think it's now safe
to remove that backwards compatibility.
This eliminates the last argument of get_persconffile_path().
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8437
svn path=/trunk/; revision=48797
numbers in adns_init() and adns_submit().
(I haven't checked how long these enums have been there; hopefully for a long
time.)
svn path=/trunk/; revision=48549
for a preferences module. Use it to fill in the remaining preferences.
Don't show the printing preferences since they're not used here.
Change the titles and tooltips for some of the name resolution
preferences.
Disable the capture preferences if we can't capture. This is different
from the GTK+ version which hides it completely.
Thus concludes the preferences dialog (for the time being).
svn path=/trunk/; revision=47545
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
host_name_lookup_process(). If, in the future, we find that we need an
argument for changes we're making, we can add it then.
svn path=/trunk/; revision=45269
Actually I suppose what was meant is more about whether tp->name[0] is the NULL character (that is, that the name is empty).
But since the result of the lookup is already there in 'found' the whole condition can probably be taken out.
svn path=/trunk/; revision=43701
resolution is NOT enabled (it's always been like this and I'm not sure why
and I was hesitant to change that). So: don't use the external name resolver
unless both network-name resolution AND use-external-resolvers are enabled.
svn path=/trunk/; revision=43645
Add a new name resolution option: whether or not use the configured (in the OS)
name resolver (e.g., DNS) to resolve network names. When this option is disabled
but network name resolution is enabled then Wireshark will resolve only those
names that it can from local sources. This includes (at least, AFAIK):
- name resolutions that Wireshark picks up on from DNS packets it decodes
- the "user hosts file" (~/.wireshark/hosts on *NIX)
- what Wireshark reads out of capture file (the PCAPNG name resolution block)
This new preference defaults to "use external resolvers" for backward
compatibility (so people turning on network name resolution will get the old
behavior).
This option can be set via Edit->Preferences and on the command line; there
remain several UIs (e.g., the "open capture file" dialog, the
View->Name Resolution menu, etc.) that don't have the new option yet.
Also expand on the "description" for the name resolution preferences: these
are used not only in the tooltips but are also written to the preferences
file. The previous text didn't include enough context when written do the
preferences file.
svn path=/trunk/; revision=43605
- prefs.name_resolve_concurrency is now just 'name_resolve_concurrency'
- add notes about possible (?) integer overflows.
svn path=/trunk/; revision=43586
which take an OUI, presumably fetched with a routine such as
tvb_get_ntoh24(), as an argument and attempt to look it up in the manuf
file.
Fix up the comments for all the get_manuf_name routines.
Get rid of "extern"s in definitions of functions (definitions, not
declarations).
svn path=/trunk/; revision=42054
the TVB.
Introduce and start using tvb_get_manuf_name() and tvb_get_manuf_name_if_known()
which do the same as the non-tvb versions but take a tvb and an offset instead
of (commonly) a pointer into a TVB.
svn path=/trunk/; revision=37317
* Remove proto_tree_add_eui64 function from 802.15.4 Dissector
* Replace print_eui64/print_eui64 by eui64_to_str/get_eui64_name
* Update Documentation (README.dev)
* Add new function in libwireshark.def
* Support of encoding for tvb_eui64_to_str
* Use FT_EUI64 for ICMPv6, CAPWAP, Zbee ... dissector
svn path=/trunk/; revision=37015
and use it instead of inet_ntop(AF_INET6, ...)
- Add MAX_IP6_STR_LEN define.
- use MAX_IP6_STR_LEN as a buffer size when ip6_to_str_buf() is used.
svn path=/trunk/; revision=37000
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
Remove the filters on IPv6 Link Local and Multicast addresses, since
these _can_ be resolved through the hosts file and manual entry.
svn path=/trunk/; revision=35651
Limit the length of manuf names to 8 characters in make-manuf (this matches
the (old) limit in addr_resolv.c).
Dynamically allocate memory to store the manuf name in epan/addr_resolv.c so
that we don't end up corrupting the UTF-8 if/when we need to truncate the
string.
svn path=/trunk/; revision=35082
- Primarily: ethernet name lookup returns either
unresolved or resolved ethernet name depending upon whether
MAC Name resolution is disabled or enabled.
Previously: Unresolved or resolved name cached at first reference
and then always returned for future references no matter whether
MAC Name Resolution was enabled or disabled.
- Also: Refactor ethernet, manuf & well-known-addr related code;
ToDo: (separately): Redisplay when 'MAC name resolution' enabled/disabled.
svn path=/trunk/; revision=33401
- Use a new hashwka_t struct (instead of hashether_t) for
"well-known-address" hash entries (saves some space);
- Remove unused variable from hashether_t;
- Reorder variables within hashether_t and hashmanuf_t to minimize padding in the structures;
- Rename some variables for clarity;
- Misc whitespace changes.
svn path=/trunk/; revision=33364
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422
From me: Fix a number of instances where the function prototype or
the function definition wasn't changed so there was a mismatch
thus causing Windows (but not gcc) compilation errors.
svn path=/trunk/; revision=32365
resolved since the last time it was called. Use this to redraw the packet
list and detail any time we have newly-resolved objects.
svn path=/trunk/; revision=31350
1) This indicates that the string has ephemeral lifetime
2) More consistent with its existing seasonal counterpart, se_address_to_str().
svn path=/trunk/; revision=29747
Extracted from optimizations patch http://wiki.wireshark.org/Development/Optimization
Optimize address handling.
The address hash should be possible to use from the new_packet_list.
svn path=/trunk/; revision=29735
* Fix memleak (df->deprecated in dfilter_free())
* Free protocol hash tables on cleanup.
* Free protocols list on cleanup.
* Free memory allocated by fgetline() in parse_services_file()
From me:
* proto.c: set gmc_hfinfo to NULL after free
* proto.c: switch order of g_free() and g_list_remove() in proto_cleanup()
svn path=/trunk/; revision=29656
VC6 plus a platform SDK), set INET6. Use that to figure out if we need
to define socklen_t for c-ares. This should fix bug 2797.
svn path=/trunk/; revision=25985
Windows build. Add support for async IPv6 lookups. Update the ADNS
code slightly.
This is not supported (yet) on the UNIX side.
svn path=/trunk/; revision=25953
epan/dissectors/packet-ncp2222.inc is a bit hard to fix, so we're not
ready to enable that warning by default yet.
Throw in some casts to handle GLib routines that take arbitrary
non-const pointers (they can later return the pointers, and some
callers might want to modify or free up those pointers in cases where
they're known to be writable or allocated).
Use ep_tvb_memdup() rather than a combination of ep_alloc() and
tvb_memcpy().
Clean up some indentation.
svn path=/trunk/; revision=25601
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
configure and use more than one set of preferences and configuration files.
This can be found in the "Configuration Profiles..." menu item from the Edit
menu, or by pressing Shift-Ctrl-A. It's also possible to start wireshark
and tshark with a named profile by using the "-C ProfileName" option.
A new status pane in the main window will show the current profile.
The configuration files currently stored in the Profiles are:
- Preferences
- Capture Filters
- Display Filters
- Coloring Rules
- Disabled Protocols
- User Accessible Tables
The recent data are by design not added to the profile.
Planned future enhancements:
- make a more convenient function to switch between profiles
- add a "clone profile" button to copy an existing profile
- make the profiles list active and accept return as OK
- save users "Decode as" in the profile
- make new, clone and deletion of profiles more secure
- make some of the recent values available in the profile
This patch also fixes:
- setting default status pane sizes
- a bug setting status pane for packets when not having main lower pane.
svn path=/trunk/; revision=24089
Replace strncpy with g_strlcpy.
Add g_strlcat for GTK1 and don't use g_snprintf in GTK1 g_strlcpy
printf family is very slow.
svn path=/trunk/; revision=23273
Mikus. Add a buf_len parameter to ip_to_str_buf(), and make sure it's
enforced. Copy the release notes over from the 0.99.5 trunk and add a
note about the ISUP dissector (which is affected by the overrun).
svn path=/trunk/; revision=20607
file.c
time reference menu callback doesn't set cf->filter, it dumps a core if
you have a file big enough in find next/ find prev.
addr_resolv.c
leak memory, break list chain when snooping address.
svn path=/trunk/; revision=17419
The attached patch will fix ethereal so it will only do network address
resolution when network address resolution is enabled. Even when the
RESOLV_NETWORK flag was set ethereal would try to resolve addresses in
the add_ether_byip function.
svn path=/trunk/; revision=17227
This fixes bug 523, but exposes more of bug 658.
The TACACS and SDP dissectors don't call inet_aton(), so don't include it.
svn path=/trunk/; revision=17056
Win32 only: reading a pathname from an environment var requires us to read it in as unicode somehow and convert it to utf8. Using _wgetenv should work under all circumstances on NT, using getenv and g_locale_to_utf8 on Windows OT is the best we can do in this case.
svn path=/trunk/; revision=17024
include fails as we don't do -Iwiretap.
If we have it, include <sys/stat.h> in epan/filesystem.c - we need it
for stat() and the macros and structures it uses.
svn path=/trunk/; revision=16410
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
-use g_snprintf instead of sprintf and snprintf
-use g_strdup_printf where appropriate
-remove #include "snprintf.h" (as only g_snprintf should be used)
-replace some more alloc/realloc/calloc/free with their glib pendants
svn path=/trunk/; revision=15264