That's a less gross hack to suppress load failures due to not having
libwiretap than providing a no-op failure-message routine, as it at
least allows other code using a failure-message routine, such as
cmdarg_err() and routines that call it, to be used.
We really should put libwiretap and libwireshark plugins into separate
subdirectories of the plugin directories, and avoid even looking at
libwireshark plugins in programs that don't use libwireshark.
Change-Id: I0a6ec01ecb4e718ed36233cfaf638a317f839a73
Reviewed-on: https://code.wireshark.org/review/17506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow stored options to be restored to their default values. This
adds a global cleanup method for extcap and globally defined
preference values, which fixes the parameter problem with windows
Change-Id: I48e0cf846ef81f4732d652c6a2ad0020db5df08e
Reviewed-on: https://code.wireshark.org/review/13741
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Fixed json and ek escape function
Fixed -j protocol filter to do exact match
Fixed -T json to correctly close json
Added -j protocol filter also to pdml output
Bug: 11754
Change-Id: I02f274e4a5a02346922b37bbe946c10340c242ea
Reviewed-on: https://code.wireshark.org/review/16034
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
TShark has had the functionality for awhile. While the GUI version
still has ways to change and persist Decode As functionality, adding
command line functionality gives the Decode As from initial launch
of the GUI.
Was also an excuse to refactor a bunch of code out of tshark.c
Bug: 5143
Change-Id: Ie67007d75e897bc06cc9afd9b84372a96b93778c
Reviewed-on: https://code.wireshark.org/review/16008
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I0950f61e90af5bb21c0017204de0c0b509616e5c
Reviewed-on: https://code.wireshark.org/review/14747
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "-Wwrite-strings" flag produces nuisance warnings. These warnings are
not useful, they're impossible to fix in a sane way and therefore are being
handled with casts of static strings to (char *).
This just moves the warning to [-Wcast-qual] and a compiler pragma is
in turn required (and used) to squelch that warning.
Remove the Wwrite-strings warning. Let that responsibility fall on the
programmer (as is done by casting).
Change-Id: I5a44dfd9decd6d80797a521a3373593074962fb5
Reviewed-on: https://code.wireshark.org/review/12162
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have epan_init() return a success/failure Boolean indication. Catch
exceptions when calling the dissector registration routines and, if we
get one, report the error and return a failure indication.
If epan_init() fails, quit, but first make sure the reported error is
displayed.
Change-Id: I0300cbb1f66a5644f857a205235124909d684c50
Reviewed-on: https://code.wireshark.org/review/11340
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows for a global place to enable/disable all heuristic dissectors. This removes the need for individual dissector preferences, but those will be removed at a later date. The more important part is the epan code to save/restore the enabled state of the heuristic dissector. The GTK dialog was more for quickly testing the feature (there was already some GTK code in place that started the heuristic dialog tab)
Change-Id: Ie10687505c27a4456c49d5c4c69a5fc5f6394275
Ping-Bug:11152
Reviewed-on: https://code.wireshark.org/review/9508
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib982662db6cf68730a7d121eac60d9bc5ae67429
Reviewed-on: https://code.wireshark.org/review/9195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Squelch
warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual]
similar to g630f54f.
Change strtod to g_ascii_strtod to squelch a checkAPIs error.
Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e
Reviewed-on: https://code.wireshark.org/review/7269
Reviewed-by: Gerald Combs <gerald@wireshark.org>
dladdr() takes a void * as a code pointer; have init_progfile_dir() do
so, and do the casting in the calls. We don't care about the signature
of the function whose address we're passing, we just want to pass a
pointer to *something* in the main program.
Change-Id: I9372620a97b0eb53c2bb3c0c41a238b4408f3709
Reviewed-on: https://code.wireshark.org/review/7270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string. That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.
Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.
Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.
Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't throw its declaration in file.h, as it's not defined in file.c.
Instead, include it in epan/dissectors/packet-kerberos.h and include
that wherever read_keytab_file() is called.
Yes, that means you also have to include <epan/asn1.h> and, therefore,
you have to include <epan/packet.h>. Yes, that should be cleaned up,
perhaps by splitting the Kerberos support code into "stuff that handles
encryption keys without any reference to dissection" and "stuff that
does dissection-related work".
Change-Id: Ide5c31e6d85e6011d57202f728dbc656e36138ef
Reviewed-on: https://code.wireshark.org/review/6210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, the setlocale() call used to get the current locale will get
the right answer.
Change-Id: Ib43e16a9d98d08e5ddaff81fd3235f5b64d7b95b
Reviewed-on: https://code.wireshark.org/review/6197
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have them start the string with "Compiled" or "Running on", and return
the string when done.
Change-Id: Ic4d290c963621fa0385dc5aab766fd4ad31d3810
Reviewed-on: https://code.wireshark.org/review/6155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The behavior of a leading - is platform-dependent. It also means that
non-option arguments are treated in a fashion that we're not handling,
so capture filters given as non-option arguments at the end of the
command line don't work. (The Linux getopt() man page says that a
leading - "is used by programs that were written to expect options and
other argv-elements in any order and that care about the ordering of the
two." We are not such a program.)
Change-Id: I5610cf90a8218d48f7516abacc367e0affa3b549
Based-On-A-Change-From: Peter Hatina <phatina@redhat.com>
Reviewed-on: https://code.wireshark.org/review/6071
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way:
1) we don't have to worry about the system getopt() and our
getopt_long(), on platforms that have getopt() but not
getopt_long() (Solaris prior to Solaris 10, HP-UX, AIX), not
working well together;
2) if necessary, we can handle long options in the first pass.
Switch to using getopt_long() for the *second* pass for the GTK+ version
of Wireshark.
Use the documented mechanism for resetting the argument parser for the
glibc version of getopt_long(); use the mostly-undocumented-but-at-least-
they-documented-optreset mechanism for the *BSD version.
(We should look into doing only one pass, saving away arguments that
can't fully be processed in the first pass for further processing after
initializing libwireshark.)
Change-Id: Ide5069f1c7c66a5d04acc712551eb201080ce02f
Reviewed-on: https://code.wireshark.org/review/6063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We support three types of platforms:
1) UN*Xes that have both getopt() and getopt_long();
2) UN*Xes that have getopt() but not getopt_long();
3) Windows, which has neither.
Checking for getopt_long() lets us distinguish between 1) and 2) and
build getopt_long() for them.
Change-Id: Iaf0f142f9bebaa2eed2128d544ec9786711def45
Reviewed-on: https://code.wireshark.org/review/6045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Wireshark UI files into a single one in wsutil.
Change-Id: I0a64f0cc8106bd681bd185289c36272c4c43baad
Reviewed-on: https://code.wireshark.org/review/6026
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
For example, this can be used for pcap-ng options not mapped to
file-type-independent metadata values.
Change-Id: I398b324c62c1cc1cc61eb5e9631de00481b4aadc
Reviewed-on: https://code.wireshark.org/review/5549
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pass the "output only these protocols" hash table as an argument,
instead.
Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1
Reviewed-on: https://code.wireshark.org/review/5440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That list doesn't show the entries in the dissector tables, just
information about the tables themselves.
Clean up some tshark man page issues while we're at it.
Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca
Reviewed-on: https://code.wireshark.org/review/5360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Yes, Wireshark does a bunch of GUI stuff, and then takes the window down
before printing the help, but the same is true for some command-line
error messages as well.
Change-Id: Id501468416c83308e4c0a9e7a66116d8d33a9d84
Reviewed-on: https://code.wireshark.org/review/5317
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The intent is to handle more than just command-line arguments; reflect that.
Change-Id: Ia10efda85a9d11c6579d1bec6f789cee30d9e825
Reviewed-on: https://code.wireshark.org/review/5304
Reviewed-by: Guy Harris <guy@alum.mit.edu>
don't pick up the in-tree copy.
Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71
Reviewed-on: https://code.wireshark.org/review/3798
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
This is very similar in architecture to the changes made to the Conversation table functionality. Since all conversations have endpoints/hostlists, the "registered" list is shared for both.
Change-Id: Ie8c6910a68a1b3f27c5b18c4494f49b9404a7b31
Reviewed-on: https://code.wireshark.org/review/3214
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We decided at sharkfest that this wasn't the right design for file dissection;
we have more-or-less settled on way forward, but nobody's shown interest in
implementing it. Whether or not that ever happens, this code is effectively
dead and should be removed.
Change-Id: I14d6086df3204fffb6485228db39d9f407661417
Reviewed-on: https://code.wireshark.org/review/3400
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
In particular, epan/wslua/lrexlib.c has its own buffer_ routines,
causing some linker warnings on some platforms, as reported in bug
10332.
(Not to be backported to 1.12, as that would change the API and ABI of
libwsutil and libwiretap. We should also make the buffer_ routines in
epan/wslua/lrexlib.c static, which should also address this problem, but
the name change avoids other potential namespace collisions.)
Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28
Reviewed-on: https://code.wireshark.org/review/3351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality.
The idea is to not have to modify the GUI when a dissector adds a new "conversation type"
Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda
Reviewed-on: https://code.wireshark.org/review/3113
Reviewed-by: Gerald Combs <gerald@wireshark.org>
lseek returns an off_t type which is system-dependent. Use ws_lseek64 in
favor of lseek as that supports 64-bit quanities.
Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows.
For the majority of the changes, this makes no difference as they do not
apply to Windows ("ifndef _WIN32"; availability of st_blksize).
There are no other users of "struct stat" besides the portability code
in wsutil. Forbid the use of fstat and lseek in checkAPIs.
Change-Id: I17b930ab9543f21a9d3100f3795d250c9b9ae459
Reviewed-on: https://code.wireshark.org/review/3198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have --version print the version number, the copyright information, the
"compiled with" information, the "running on/with" information, and the
compiler information.
Have --help print the version number, a one-line summary of what the
program does, a reference to http://www.wireshark.org for more
information, a Usage: line, and a list of command-line options.
This means programs doing that don't need to include version.h; that's
left up to get_ws_vcs_version_info() to do.
Change-Id: Idac641bc10e4dfd04c9914d379b3a3e0cc5ca8cb
Reviewed-on: https://code.wireshark.org/review/2794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only print to the standard output, and only give the version
information, if a "print help" command-line option is specified.
Otherwise, leave out the version information, and print to the standard
error.
Leave out the copyright information; it's extra cruft, and
http://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html
doesn't say anything about it (and bash, at least, doesn't print it).
Change-Id: Ic5029ccf96e096453f3bd38383cc2dd355542e8a
Reviewed-on: https://code.wireshark.org/review/2789
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For Wireshark, say "Wireshark", not "wireshark".
For other programs, put "(Wireshark)" after the program name, as per
http://www.gnu.org/prep/standards/html_node/_002d_002dversion.html
("If the program is a subsidiary part of a larger package, mention the
package name in parentheses, like this").
Change-Id: I68558f64cfa6ee4423e42f3d6b120633ef1b2716
Reviewed-on: https://code.wireshark.org/review/2788
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do it at the same point at which Wireshark does so. Do some other
things in the same order as well.
Change-Id: I2925366d49d14271ceffa1a938b5e3450337c772
Reviewed-on: https://code.wireshark.org/review/2743
Reviewed-by: Guy Harris <guy@alum.mit.edu>
TShark relies on dumpcap to capture packets, and TFShark doesn't even do
packet capturing (it dissects files, not network traffic), so neither of
them need, or should run with, special privileges. If you *must* run
with special privileges in order to capture, grant those privileges to
dumpcap, which has a *lot* fewer lines of code than libwireshark and
TShark/TFShark.
Change-Id: I8f8fedead355ca163895e025df37240d2f232ba4
Reviewed-on: https://code.wireshark.org/review/2736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move the routines to parse numerical command-line arguments there.
Make cmdarg_err() and cmdarg_err_cont() routines in wsutil that just
call routines specified by a call to cmdarg_err_init(), and have
programs supply the appropriate routines to it.
Change-Id: Ic24fc758c0e647f4ff49eb91673529bcb9587b01
Reviewed-on: https://code.wireshark.org/review/2704
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some come from the recent version information changes, some were broken
before that.
Change-Id: I9429f7d45d3c51c579aef592b37c79130a443299
Reviewed-on: https://code.wireshark.org/review/2531
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit c0c480d08c.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 1abeb277f5.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add an FT_STRINGZPAD type, for null-padded strings (typically
fixed-length fields, where the string can be up to the length of the
field, and is null-padded if it's shorter than that), and use it. Use
IS_FT_STRING() in more cases, so that less code needs to know what types
are string types.
Add a tvb_get_stringzpad() routine, which gets null-padded strings.
Currently, it does the same thing that tvb_get_string_enc() does, but
that might change if we don't store string values as null-terminated
strings.
Change-Id: I46f56e130de8f419a19b56ded914e24cc7518a66
Reviewed-on: https://code.wireshark.org/review/1082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's a relatively new feature in 1.11.3 to select a specific file format
reader, instead of relying on magics or heuristics. If you select a file
reader and open a file, open it, and then click the reload-file button or go
to View->Reload or press the ctrl-R keymap, the file is reloaded but using the
magic/heuristics again instead of the file format reader you previously chose.
Likewise, the Lua relaod() function has the same issue (which is how I found
this problem).
I have tested this change by hand, using a Lua script, but I didn't add it
to the testsuite because I need another change for my test script to work
correctly. (an enhancement rather than a bug fix, which I'll submit separately)
Change-Id: I48c2d9ea443e37fd9d41be43d6b6cd5a866d5b01
Reviewed-on: https://code.wireshark.org/review/764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Should fix build issue and none of the current taps are relevant to tfshark
anyways.
Change-Id: I29168e0b296cd64fe3783de63e1fdd2a472ee6d3
Reviewed-on: https://code.wireshark.org/review/218
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Rename "SVNPATH" to "GITBRANCH" since that seems more appropriate.
Rename "svnversion.h" to "version.h" as Evan suggested. Update some
URLs. In make-version.pl, make sure we don't set an improper upstream
branch name. Use the number of commits + short hash from `git describe`
for package names by default.
Change-Id: I922bba8d83eabdf49284a119f55b4076bc469b96
Reviewed-on: https://code.wireshark.org/review/139
Reviewed-by: Gerald Combs <gerald@wireshark.org>
tfshark.c:1676:102: warning: unused parameter ‘data_offset’ [-Wunused-parameter]
tfshark.c:177:1: warning: ‘string_compare’ defined but not used [-Wunused-function]
tfshark.c:184:1: warning: ‘string_elem_print’ defined but not used [-Wunused-function]
svn path=/trunk/; revision=54685
cast packet_size to unsigned int. Yes, that means that it can't read
more than 65535 bytes.
Clean up white space while we're at it.
svn path=/trunk/; revision=54652
This is a VERY PRELIMINARY version of tfshark. It's an attempt to jumpstart FileShark and its architecture. Right now it's mostly just a very stripped down version of tshark with all of the necessary build modifications (including now building filetap library since tfshark depends on it)
This code has helped me identify what I believe to be all of the necessary layers for a complete fileshark architecture. And those layers will slowly be added in time (patches always welcome!).
svn path=/trunk/; revision=54646