Change a strlen() check because this can never be less than zero.
This will remove this warning from cppcheck:
warning: Checking if unsigned expression 'strlen(extcap->fifo)' is
less than zero. [unsignedLessThanZero]
Instead of always setting the libssh log level to SSH_LOG_INFO
when an extcap has a ws log level of LOG_LEVEL_DEBUG or lower,
set the libssh log level to a corresponding log level
(NOISY/TRACE, DEBUG/DEBUG, INFO/INFO, MESSAGE and above/WARN).
Format the libssh logging messages more similar to our normal
logging messages, with a libssh domain and using the libssh
priority.
Prior to 0.11.0 (that is, this commit:
657d9143d1
) libssh sends some merely informational messages at their WARN
level, so lower that down to INFO, which isn't printed by default
and doesn't get printed in the GUI.
Related to #17888
ssh_pki_import_privkey_file can return SSH_OK ("import good, go ahead
and try to connect") or two types of errors, SSH_EOF ("file doesn't exist
or permission denied") or SSH_ERROR (any other error). Unfortunately
ssh_get_error() is called on the session, and doesn't provide anything
when importing the key failed.
When we get one of those two errors, add a log message explaining
what's going on. Unfortunately ssh_get_error() is called on the
session, not a key, and doesn't provide anything more when importing
the key failed, so we'll have to be somewhat generic in our error
mssage. It's a user-correctible error, so it's worth putting in the GUI.
When importing the key succeeded but authentication failed, keep
doing what we've been doing, as other methods might still succeed.
Fix#17888
libssh 0.8.5 was released in October 2018, all known Linux distributions
that currently compile on the master branch with their default
packages include a more recent version, and we ship the 0.10.x series
for Windows and MacOS. (Among major Linux distributions that compile currently,
Debian Buster has 0.8.7).
It has several API changes to ssh_options_get and ssh_options_set, new features,
and a number of bugs and CVEs fixed. We can remove a workaround for a
missing API call in extcap/ssh-base
libssh 0.10.0 removed SHA-1 based keys and algorithms from its
default configuration, though they are still supported. We
ship with 0.10.5 in Windows and macOS now, and many Linux
distributions are on 0.10.x as well.
Add the ability to re-enable SHA-1 RSA keys, MAC, and KEX algorithms
with a preference to ciscodump, sshdump, and wifidump.
This will be a little easier in 0.11.0, where it's possible to
just specify the algorithms you want to add to the default list,
instead of having to specify the entire list.
Fix#19510. Fix#19594
androiddump uses nonblocking connect on Windows, trying 10 times
with 1ms timeouts in select(). (This is short, but it's generally
trying to connect to the loopback interface.) On UN*X, it uses blocking
sockets, also trying 10 times, with SO_SNDTIMEO set to 2s.
Generally the socket returns nears instaneously, because it's
trying to connect to localhost. If the loopback interface goes
down, however, this results in 20s of timeouts.
Use nonblocking sockets on UN*X as well.
Related to #13104, #15295
Move our Falco plugin directories up one level so that we're outside the
hierarchy scanned by plugins_init. This also makes it more clear that
these are Falco plugins and that they don't conform to our plugin API.
Replace our strptime code, which is from gnulib,
with the simpler and better NetBSD implementation.
This changes the ws_strptime() stub to unconditionally use
the internal implementation. Previously it would use the
system implementation of available. This is still possible
but is opt-in, i.e., code should add the necessary #ifdefs
and assume responsability for handling non-portable formats
or providing limited functionality on some platforms.
Text import allows the user to specify the strptime()
format freely, so in that case it makes sense to use the
system's implementation, and pass the responsability
for understanding the implementation and the supported
specifiers to the user.
Only fall back to our implementation if the system libc
lacks a strptime().
Call fflush in udpdump and ciscodump after writing the pcap header
so that it is actually written out even if no packets have arrived yet.
By doing so, dumpcap no longer blocks in cap_pipe_open_live waiting
for the pcap header from the extcap pipe until the first packet is
captured, but instead goes on to (attempt to) open its output.
This means that if we capture no packets that a capture file with
a header but no packet records will be created (and, if not a temp
file, will have to be cleaned up), but that is consistent with tshark
and Wireshark behavior otherwise.
This means you can no longer do a capture to a FIFO or Named Pipe
in this order:
1) Start dumpcap
2) Create the FIFO or Named Pipe
3) Start the flow of packets to the UDP port
which only worked when not dissecting packets. It was broken if tshark
also needed to dissect packets, but evaded the checks for if we were
writing to a FIFO or Named Pipe resulting in behavior mysterious to
users, such as only writing to one of the Named Pipe readers on Windows
(or failing if there aren't enough instances), or having tshark and
the other pipe reader compete for the pipe input and eventually failing
on UN*X.
Instead, the FIFO or Named Pipe needs to be created before launching
dumpcap, or else an ordinary file will be created (on UN*X), or an
error about not being able to open the output (on Windows, since
Named Pipes have a magic prefix, and you can't create an ordinary
file with a named pipe filename.)
Fix#17900.
snprintf(), sensibly, takes a size_t argument specifying the size of the
buffer. g_snprintf(), bogusly, takes a gulong argument specifying the
size of the buffer, so we had to do casts to avoid narrowing complaints,
but we're just using snprintf() now (as we require C11 or later), and
don't need the casts any more.
Related to #18009 - Have randpkt default to pcapng, allow selecting
a different capture file format via the common -F option that other
command line tools use, and document it.
For the randpktdump extcap, just use pcapng.
This fixes --all-random, because --all-random requires different
encapsulation per packet. It also fixes the related -r option to
randpkt (though note that picking a file format that doesn't support
ENCAP_PER_PACKET with -r causes problems.)
Document -r in the randpkt man page.
Fix#18944
Forcing the use of a dedicated header to replace pcap.h is
unnecessary code and mental overhead in this case. We can
use config.h instead for the same purpose of defining a
macro symbol before including pcap.h.