Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
Remember all the IDBs we've seen from the input file so far and, if
we're writing multiple files (splitting an input file into multiple
output files), add all those IDBs to each of the output files.
Fixes issue #17060.
Systemd journal entries aren't file-type-specific; they're found in both
systemd journal entry blocks in pcapng files and in systemd journal
export files. Give it a record type, for use with both file types.
This fixes#16955.
It also means that you can open a systemd journal export file and save
it as a pcapng file.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes#15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
What we care about here is the packet type, not the file type, as we
care what's at the beginning of the packet. This should have no effect
in practice, but it makes it clearer what we're testing for.
If the encapsulation is WTAP_ENCAP_PER_PACKET, all we know about the
file is that it might not include radiotap packets and, if it does, it
also includes non-radiotap packets.
If it's *not* WTAP_ENCAP_PER_PACKET, properly report it
(wtap_file_type_subtype() returns the *file type* of the file, not the
*link-layer header type* - yes, that *happens* to work for a pcap file
with Ethernet packets, because the values of WTAP_ENCAP_ETHERNET and
WTAP_FILE_TYPE_SUBTYPE_PCAP both *happen* to be 1, but that's pure
luck).
While we're at it, test only once for --skip-radiotap-header and put
both tests inside that if.
Add the `--capture-comment "comment"` option for appending pcapng
comments to the SHB of the output file(s).
Add the `--discard-capture-comment` option for removing pcapng comments
present in the input file SHB(s) before writing to the output file(s).
Supports multiple comments per SHB. Noted in the documentation that
Wireshark itself doesn't support multiple comments.
Bug: 15033
Change-Id: If07a4e7a93505438639018783a11343cd5992f2a
Reviewed-on: https://code.wireshark.org/review/38074
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"XXX isn't a valid time format" could be read as "XXX isn't a valid
format to use for times" in the sense of, for example, a format argument
to strftime() or strptime(). It's also a date *and* time, so just say
it "isn't a valid date and time".
Change-Id: I7e0f01914c5e16b7eaa89b798cf94a2964fc764c
Reviewed-on: https://code.wireshark.org/review/38068
Reviewed-by: Guy Harris <gharris@sonic.net>
Have separate Boolean flags to indicate whether the start and stop times
were specified, rather than having a value of 0 meaning it wasn't.
Change-Id: Ie9968ebd588df6b150062caa50f0b23e6f77f214
Reviewed-on: https://code.wireshark.org/review/38067
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Only check whether the start time is after the stop time if both a start
time and a stop time were specified.
Change-Id: I864480a789c52312dc934c217910e7b68597f066
Reviewed-on: https://code.wireshark.org/review/38066
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Use ws_strtou32() so that we're guaranteed to produce a value that fits
in a 32-bit integer (and don't get a narrowing warning on LP64 platforms
for converting a long to an int), and then make sure it's less than one
billion.
Note, while we're at it, that you can, for example, specify a date of
2020-10-40 and it won't produce an error.
Change-Id: I26c36d346cfa5c2bdc9ecdbdf821a9bc3529c940
Reviewed-on: https://code.wireshark.org/review/38065
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Allow user to specify time resolutions as fine as 1 nanosecond for the
start and stop times (-A and -B options) for editcap. Uses `nstime_t`
for the user options and `nstime_cmp()` to compare with packet
timestamps.
Change-Id: I2340bc4830c7d9a6b17a5e53fa4e8837e231bcb6
Reviewed-on: https://code.wireshark.org/review/38057
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcapng has been the compile-time default since 2011. If there are any
users who would like to use the libpcap format, then they should use
runtime options instead (e.g. `tshark -P` or `editcap -F pcap`).
Change-Id: I54b70368cdc3ca78bc8617bc488cc687740a1eb9
Reviewed-on: https://code.wireshark.org/review/36721
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
As pointed out by @debookee in
https://twitter.com/debookee/status/1229711779648933888
if you pass a start time (-A) and no stop time (-B) to editcap, it will
set the stop time to December 31, 2035. Adjust our logic to work without
a stop time instead.
Change-Id: Ic724ce8ee6d8c346be1d4caf2899d3e10e68fa94
Reviewed-on: https://code.wireshark.org/review/36138
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For long options, without corresponding short options, to be processed
they need to be assigned a value, preferably outside of the range of
all possible short options. The code in various places tries to stay
clear of these low values, but further coordination is missing, easily
leading to issues when option processing code gets extended and/or
reorganized.
This change introduces a single location from where each catagory of
command line long option can derive a base value, which should minimize
potential option value collisions.
Change-Id: Ic8861a347d0050f74002de3aa1fcfb01202866e5
Reviewed-on: https://code.wireshark.org/review/35459
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename a variable to reflect the final name given to the option to get
rid of decryption secrets stored in the file.
Fix whitespace.
Change-Id: I19ea14fa205369500790adaa00244a15412548eb
Reviewed-on: https://code.wireshark.org/review/33154
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes
long; using 1514 bytes will avoid a reallocation for a full-sized
Ethernet packet.
Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d
Reviewed-on: https://code.wireshark.org/review/32761
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While the documentation of "editcap --inject-secrets" mentions support
for key log files only, people might misinterpret that and assume
support for RSA private keys. This is explicitly not supported due to
the sensitivity of these files. In order to be helpful, print a warning.
Change-Id: Ia7b464c17f1dfb550729dd35775290ed28e14510
Reviewed-on: https://code.wireshark.org/review/31893
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The memory ownership of wtap_rec::opt_comment was not clear. Users of
wtap were leaking memory (editcap.c). wtap readers were not sure about
freeing old comments (erf) or simply ignored memleaks (pcapng).
To fix this, ensure opt_comment is owned by wtap_rec and free it with
wtap_rec_cleanup. The erf issue was already addressed since
cf_get_packet_comment properly duplicates wth.opt_comment memory.
- wtap file formats (readers):
- Should allocate memory for new comments.
- Should free a comment from an earlier read before writing a new one.
- Users of wth:
- Can only assume that opt_comment remains valid until the next read.
- Can assume that wtap_dump does not modify the comment.
- For random access (wtap_seek_read): should call wtap_rec_cleanup
to free the comment.
The test_tshark_z_expert_comment and test_text2pcap_sip_pcapng tests now
pass when built with ASAN.
This change was created by carefully looking at all users opt
"opt_comment" and cf_get_packet_comment. Thanks to Vasil Velichkov for
an initial patch which helped validating this version.
Bug: 7515
Change-Id: If3152d1391e7e0d9860f04f3bc2ec41a1f6cc54b
Reviewed-on: https://code.wireshark.org/review/31713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If there was no secrets type specified, say so. Otherwise, if the
secrets type wasn't valid, report the correct string as the invalid
secrets type.
Change-Id: I3cd7d419ce3577fc176a256069456c5b49e81608
Reviewed-on: https://code.wireshark.org/review/31667
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
What we were calling the "name" is actually a description to show to
users; what were calling the "short name" is just the name to use on the
command line.
Rename some routines and structure members, and put the name first and
description second in the table.
Expand some descriptions to give more details (e.g., to be more than
just a capitalized version of the name).
Fix the CamelCase capitalization of InfiniBand.
Change-Id: I060b8bd86573880efd0fab044401b449469563eb
Reviewed-on: https://code.wireshark.org/review/31472
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Restore the "main" name since that is used everywhere else except for
Windows. On Windows, "main" is renamed via a macro to avoid a conflict
with "wmain" and to allow it to be called in cli_main.c.
For those wondering, GUI applications (such as Qt) have a different
entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines
WinMain, but seems to convert its arguments from Unicode to CP_ACP
(ASCII). It might not support UTF-8, but I did not verify this.
Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0
Reviewed-on: https://code.wireshark.org/review/31208
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That means that code is only in one place, rather than having copies of
it in each of those programs.
CLI programs that, on Windows, should get UTF-8 arguments rather than
arguments in the local code page should:
include the top-level cli_main.h header;
define the main function as real_main();
be built with the top-level cli_main.c file.
On UN*X, cli_main.c has a main() program, and just passes the arguments
on to real_main().
On Windows, cli_main.c has a wmain() function that converts the UTF-16
arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so
that it doesn't use any functions other than those provided by the
system, and then calls real_main() with the argument count and UTF-8
arguments.
Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e
Reviewed-on: https://code.wireshark.org/review/31017
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1) The default build configuration is to select PCAPNG as
output format, but it can be selected as PCAP. Some of the
command line tools have the option to select the output
format and default towards the build configuration.
This has to be reflected in their help output also.
2) Various documentation files are still stating that PCAP is
the default format of various tools. With the default build
configuration being PCAPNG these have to be adjusted as well.
(with lack of dynamic content the documentation can only refer
to the default build configuration format).
Change-Id: I51d19642a7ed8c99817971c1f25d20972095021e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new option to insert decryption secrets into a pcapng file.
Change-Id: I0e024585cac9a8a328e88d32f9eb03d37d350e2a
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This:
1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);
2) leaves space in the interfaces in question for additional compression
types.
(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup. Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).
Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.
Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Just silently not bothering to do any work isn't all that useful in that
case; giving the usage message indicates that you need both input and
output files.
Change-Id: I9512d3e45e1e9a9d4bccb28b49aeea8c12ad0100
Reviewed-on: https://code.wireshark.org/review/30614
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Four variants of wtap_dump_open_ng exists, each of them take the same
three parameters for the SHB, IDB and NRB blocks that has to be written
before packets are even written. Similarly, a lot of tools always create
these arguments based on an existing capture file session (wth).
Address the former duplication by creating a new data structure to hold
the arguments. Address the second issue by creating new helper functions
to initialize the parameters based on a wth. This refactoring should
make it easier to add the new Decryption Secrets Block (DSB).
No functional change intended.
Change-Id: I42c019dc1d48a476773459212ca213de91a55684
Reviewed-on: https://code.wireshark.org/review/30578
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Call it from wmain() in the command-line tools, passing it the input
argument count and vector, and call it from main() in Wireshark, after
getting a UTF-16 argument vector from passing the result of
GetCommandLineW() to CommandLineToArgvW().
Change-Id: I0e51703c0a6c92f7892d196e700ab437bd702514
Reviewed-on: https://code.wireshark.org/review/30063
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Doing so for command-line programs means that the argument list doesn't
ever get converted to the local code page; converting to the local code
page can mangle file names that *can't* be converted to the local code
page.
Furthermore, code that uses setargv.obj rather than wsetargv.obj has
issues in some versions of Windows 10; see bug 15151.
That means that converting the argument list to UTF-8 is a bit simpler -
we don't need to call GetCommandLineW() or CommandLineToArgvW(), we just
loop over the UTF-16LE argument strings in argv[].
While we're at it, note in Wireshark's main() why we discard argv on
Windows (Qt does the same "convert-to-the-local-code-page" stuff); that
means we *do* need to call GetCommandLineW() and CommandLineToArgvW() in
main() (i.e., we duplicate what Qt's WinMain() does, but converting to
UTF-8 rather than to the local code page).
Change-Id: I35b57c1b658fb3e9b0c685097afe324e9fe98649
Ping-Bug: 15151
Reviewed-on: https://code.wireshark.org/review/30051
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Treat systemd journal entries filetype-specific events instead of
packets.
Add support for reading and writing systemd journal entries to pcapng.
Note that pcapng IDBs should be optional.
Add support for REC_TYPE_FT_SPECIFIC_EVENT where needed.
Change-Id: Ided999b1732108f480c6c75323a0769a9d9ef09f
Reviewed-on: https://code.wireshark.org/review/29611
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Implement a --seed option to be used in conjunction with -E. The option
allows the user to set the seed for the pseudo-random number generator,
which can be useful for recreating a particular sequence of errors.
Change-Id: Id427ab5fd7711652ad56c72271b2e0acb7380858
Reviewed-on: https://code.wireshark.org/review/29306
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is useful when processing packets that were captured by multiple radios on the same channel.
Change-Id: I9dacc35294a4ed4e817014e563e7c9a54ee05e40
Reviewed-on: https://code.wireshark.org/review/28843
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows code to initialize them without having to know the details
of the structure; the initializes should, and will, be changed if the
members of the structure are changed.
Change-Id: I93e6ebfcde9ceca17df696fcba4e8410c5afb175
Reviewed-on: https://code.wireshark.org/review/28501
Reviewed-by: Guy Harris <guy@alum.mit.edu>
One billion nanoseconds is 1 second, so that should just be expressed as
1 second.
Change-Id: I0d49838141fa877168d068a2e27b3dcc104c0cef
Reviewed-on: https://code.wireshark.org/review/28380
Reviewed-by: Guy Harris <guy@alum.mit.edu>
time shift to a whole number of seconds need to carry the seconds
Change-Id: I188d915bca8f86a2cc19fc603bf472f461e8beea
Reviewed-on: https://code.wireshark.org/review/28372
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Except in rare cases, we want to set it to -1 so that we let mktime()
determine whether DST/Summer Time was in effect at the given date and
time rather than pretending that we know whether it's in effect or not.
Change-Id: I0ea75317dd308a515cedf4d1260b583e1592cc9b
Reviewed-on: https://code.wireshark.org/review/27431
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need for len, and call caplen event_filelen and move it after
event_len.
Change-Id: I8b3825d4022ee083ee52f83f7a69f22829ed9fc4
Reviewed-on: https://code.wireshark.org/review/25698
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do as we do in other cases - copy the current struct wtap_pkthdr to a
temporary one (which might copy the temporary one to itself), modify it,
and set the pointer to the struct wtap_pkthdr to point to the temporary
one.
Note all the places wherw we do this with a comment.
Change-Id: Ia11df6b997a5369d96436d3bd825ab0138742504
Reviewed-on: https://code.wireshark.org/review/25377
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g995812c5f1 moved wiretap plugins registration from applications to
wiretap library init function.
As we do not want to load plugins for all users of libwiretap, let's
make it configurable.
Bug: 14314
Change-Id: Id8fdcc484e2d0d31d3ab0bd357d3a6678570f700
Reviewed-on: https://code.wireshark.org/review/25194
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Avoid printing a noisy "option requires an argument" error when using
'-T' and '-F' as documented. Fix warning that started showing on macOS
with CMake 3.9.4 about CMP0058 since v2.5.0rc0-1180-g799f4f0e14.
Change-Id: Ie0cc352c6b0b2724997e7fe6b49fd5b1f02d1e07
Reviewed-on: https://code.wireshark.org/review/24404
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Ahmad Fatoum <ahmad@a3f.at>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
A while back Graham pointed out the SPDX project (spdx.org), which is
working on standardizing license specifications:
https://www.wireshark.org/lists/wireshark-dev/201509/msg00119.html
Appendix V of the specification describes a short identifier
(SPDX-License-Identifier) that you can use in place of boilerplate in
your source files:
https://spdx.org/spdx-specification-21-web-version#h.twlc0ztnng3b
Start the conversion process with our top-level C and C++ files.
Change-Id: Iba1d835776714deb6285e2181e8ca17f95221878
Reviewed-on: https://code.wireshark.org/review/24302
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.
Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
The editcap man page says that you can pass in -F and -T without
arguments in order to get a list of valid capture and encapsulation
types. Instead of treating these as errors just print the information to
stdout and return 0.
Adjust the docbook _tools_help targets accordingly.
Change-Id: I590cbd59059dd8965299bef4434f522eff8a4e2c
Reviewed-on: https://code.wireshark.org/review/23741
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a CMake target that dumps the help output for our command line tools
to individual files. Include those files in the tools appendix instead
of pasting them in manually.
Fixup the output of some tools so that they pass the pre-commit checks.
Change-Id: I925f24818422a190927a96531c21f4d16d3fe5b5
Reviewed-on: https://code.wireshark.org/review/23737
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Expand comments while we're at it.
Change-Id: I6dcc791eab1c9e323a9572f3d54720d223bdd64b
Reviewed-on: https://code.wireshark.org/review/21252
Reviewed-by: Guy Harris <guy@alum.mit.edu>
These are similar to the routines added to ui/alert_box.c for dialog-box
libwiretap error reporting.
This centralizes the knowledge about what to say for various libwiretap
errors, removing some duplicate code, and giving more details in some
programs.
Change-Id: I737405c4edaa0e6c27840f78a8c587a8b3ee120b
Reviewed-on: https://code.wireshark.org/review/21234
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace the dash in a range with a '\0', so that the first value in the
range is properly terminated.
Change-Id: Ib2807c2534c1e99e643848ca0fc32f4b78025ce3
Reviewed-on: https://code.wireshark.org/review/21099
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Our user-facing messages should have a helpful (or at the very least
neutral) tone. In English, exclamation points are neither. Replace a
bunch of them with periods.
Change-Id: I29c3b2f84c25e06aae5b559860224559053a0378
Reviewed-on: https://code.wireshark.org/review/20189
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The cleanup routine has been added to exit section of the applications.
Those which required a exit restyle have been patched as well.
Change-Id: I3a8787f0718ac7fef00dc58176869c7510fda7b1
Reviewed-on: https://code.wireshark.org/review/19949
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
With option -I one can ignore the first number of bytes from the frame
while doing duplicate frame removal. This doesn't handle shorter frames
correctly. Add safeguards for this, and update the help text.
Bug: 13378
Change-Id: Ia6b65d0797f4069f0b89fa134114d88d80988211
Reviewed-on: https://code.wireshark.org/review/20004
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Make the init_progfile_dir() call unconditionally, even if plugins
aren't supported, as that doesn't necessarily mean nobody uses the
directory containing the executable.
Report the error the same way in all programs, and free the error string
after we're finished with it.
Make the error - and the comment before the code - reflect what
init_progfile_dir() is actually doing (the goal is to get the full
pathname of the directory *containing* the executable; that's generally
done by getting the pathname of the executable and stripping off the
name of the executable, but that's won't necessarily always be the
case). Also note for TShark that we won't be able to capture traffic,
just as we do for Wireshark (if we don't have the pathname of the
program file, we don't have a pathname to use to find dumpcap).
Have the plugin scanner just fail silently if we weren't able to get the
plugin directory path, so we don't have to worry about calling it if
init_progfile_dir() fails.
Clean up white space while we're at it.
Change-Id: I8e580c719aab6fbf74a764bf6629962394fff7c8
Reviewed-on: https://code.wireshark.org/review/19076
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have programs that use libwiretap call that routine rather than
separately calling some or all of init_open_routines(),
wtap_register_plugin_types(), and wtap_opttypes_initialize().
Also don't have routines internal to libwiretap call those. Yes, this
means doing some initialization work when it isn't necessary, but
scattering on-demand calls throughout the code is a great way to forget
to make those calls.
Change-Id: I5828e1c5591c9d94fbb3eb0a0e54591e8fc61710
Reviewed-on: https://code.wireshark.org/review/19069
Reviewed-by: Guy Harris <guy@alum.mit.edu>
secs_per_block is a unsigned integer. Therefore we can't
compare a signed integer with it.
Change-Id: Ic965a88e0e704e296c4af9193ca4a3504173ae36
Reviewed-on: https://code.wireshark.org/review/17901
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It doesn't have to be non-zero.
Change-Id: If578906855abd9eb9fa07e97ee5508c139b6f61b
Reviewed-on: https://code.wireshark.org/review/17646
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The version string stuff mirrors an earlier tshark change. Move some
cleanup calls (in case no packets are selected) and add wtap_close.
Change-Id: I6f282e89279a732c226824e10857be04b40841e8
Reviewed-on: https://code.wireshark.org/review/17621
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
By analogy to get_natural_int() and get_positive_int(), add routines to
get a guint32 and to get a non-zero guint32, doing all the necessary
error checks, and use it.
Change-Id: I65a9ac8a3d136886df3588806ae7af5bdc7b8cb6
Reviewed-on: https://code.wireshark.org/review/17586
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's a less gross hack to suppress load failures due to not having
libwiretap than providing a no-op failure-message routine, as it at
least allows other code using a failure-message routine, such as
cmdarg_err() and routines that call it, to be used.
We really should put libwiretap and libwireshark plugins into separate
subdirectories of the plugin directories, and avoid even looking at
libwireshark plugins in programs that don't use libwireshark.
Change-Id: I0a6ec01ecb4e718ed36233cfaf638a317f839a73
Reviewed-on: https://code.wireshark.org/review/17506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A string option, if present, always has a value; it might be a null
*string*, but you won't get a null pointer (if the option isn't present,
it simply isn't present).
Fix some comments while we're at it.
Change-Id: I9c1420f56998a7d04de5c5cc2e92631b181f303a
Reviewed-on: https://code.wireshark.org/review/16564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I5669e2442582f899643fae4a9f86ab6d505dde07
Reviewed-on: https://code.wireshark.org/review/16505
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A block can have zero or more instances of a given option. We
distinguish between "one instance only" options, where a block can have
zero or one instance, and "multiple instances allowed" options, where a
block can have zero or more instances.
For "one instance only" options:
"add" routines add an instance if there isn't one already
and fail if there is;
"set" routines add an instance if there isn't one already
and change the value of the existing instance if there is one;
"set nth" routines fail;
"get" routines return the value of the instance if there is one
and fail if there isn't;
"get nth" routines fail.
For "multiple instances allowed" options:
"add" routines add an instance;
"set" routines fail;
"set nth" routines set the value of the nth instance if there is
one and fail otherwise;
"get" routines fail;
"get nth" routines get the value if the nth instance if there is
one and fail otherwise.
Rename "optionblock" to just "block"; it describes the contents of a
block, including both mandatory items and options.
Add some support for NRB options, including IPv4 and IPv6 option types.
Change-Id: Iad184f668626c3d1498b2ed00c7f1672e4abf52e
Reviewed-on: https://code.wireshark.org/review/16444
Reviewed-by: Guy Harris <guy@alum.mit.edu>
editcap -r only sets max_packet_number to the earliest, instead of latest,
packet or end of range selection. This changes it to the proper test.
Bug: 12547
Change-Id: I81772962b00fc6566ccead4fb44c6626a47fff31
Reviewed-on: https://code.wireshark.org/review/16045
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Moshe Kaplan