Update the dns_pkt_addr_resolution, use_external_name_resolver, and
use_custom_dns_servers names to be more consistent. Make it more clear
that use_external_name_resolver uses you're system's DNS settings.
If nameservers use a different default port than 53, Wireshark
is not able to resolve, as it always assumes the default port.
This allows to configure both tcp/udp ports for name resolutions,
with the udp port being asked first and tcp only used for fallback
Implements #18214
Currently Wireshark does not close the vlans file on profile change.
This leads to major problems, when vlan resolution is turned on:
- Deleting a profile (not even selected) is not possible without exiting
Wireshark.
- Switching from one profile with vlans to another with vlans, does
not switch the resolution but stays on the names of the old profile!
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
When tshark enables synchronous resolution of IP addresses to names,
forces calls to maxmind_db_lookup_ipv4()/_ipv6() to block-wait for the
maxmind response.
Proposed fix for #14691.
It never returns a null pointer.
(At least some compilers support decorating function declarations with
indications that they never return a null pointer; hopefully at least
some of them attempt to validate that claim, and report at least a
warning, if not an error, if they can't. We should look at decorating
functions in that fashion.)
This should squelch a nullPointerRedundantCheck warning from cppcheck.
Check if profile specific file exists for ethers, ipxnets and enterprises.tsv
before falling back to personal configuration file.
Fixes: wireshark/wireshark#16878
This is roughly 10% of tshark startup time.
- Enterprise string does not need to be trimmed at the beginning
- No need to call g_hash_table_replace() as keys are just guint32
This saves around 3% time (profiling a small capture file) at startup.
parse_ether_address_fast() was returning FALSE in some cases
where it shouldn't have, i.e.
- the test for the having hex chars incorrectly discarded any case where the
msb of any address octet is set, i.e. any value from 80 to f0.
- it now allows ':' and '-' as a separator (so that many of the wka entries
also match).
1. Switch list of manually resolved names from a list to a map
(IP Address --> Custom Hostname)
2. If an address was already in the list, just update the old entry.
Previously this added a new entry anytime somebody would edit a
hostname.
3. Display the previous hostname in the GUI
4. Remove unused manually_resolve_cleanup()
Bug: 11221
Change-Id: I42d5b6267eb6613bdf7783865bc2d30d6bda1147
Reviewed-on: https://code.wireshark.org/review/36059
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Although c-ares support was techically optional, it was either on by
default or required in all of our packaging. Go ahead and require it
globally. C-ares is widely available and synchronous name resolution can
easily result in a horrific user experience.
Change-Id: Id67c797316ed6b8a0ab5052e55a43a1b9e2a2464
Reviewed-on: https://code.wireshark.org/review/35188
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use the C-ARES ares_set_servers() API to set a list of DNS servers to use.
The list of DNS servers is controlled through a UAT. There is also a boolean
preference to determine if the custom list should be used. The boolean preference
was added to arbitrate between the "default" list of servers that C-ARES creates
during initialization and using the "custom" list (which may be empty and we don't
want the "default" list to be overwritten)
Bug: 15960
Change-Id: I4ba071777f6bb9bc2fef313b7618908d805c0690
Reviewed-on: https://code.wireshark.org/review/34419
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use existsing file_exists() function to check if the profile contains
a vlans file.
Change-Id: Ibc3d32b27059edd80b7c4e88ceb48fded2334909
Reviewed-on: https://code.wireshark.org/review/33384
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If the profile directory contains a vlans file we will use it. Otherwise
fall back to normal user preferences.
Bug: 15795
Change-Id: Ie6a63a6f7a29bd83a15799875aa5883be7010039
Reviewed-on: https://code.wireshark.org/review/33378
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's just noise, especially if the signal is SIGINT.
Change-Id: I97df2396d60280e5978f637ec3bb8f93966674b8
Reviewed-on: https://code.wireshark.org/review/32718
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove name resolution from DNS packets from the tooltip because
resolving from DNS packets has it's own check box.
Change-Id: I0a4039a1639f22b51429c3771fd828d9727aca08
Reviewed-on: https://code.wireshark.org/review/31581
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Found by clang-tidy.
Change-Id: Iaf6cf84c33b03ddfcd39a333b49f4987002afa56
Reviewed-on: https://code.wireshark.org/review/31338
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When no mask is allowed, reject addresses like "aa:bb:cc:...".
Fix the type of 'cp' to avoid reading from a negative array index.
Fix parsing, a nibble is four bits, not eight.
Bug: 15297
Change-Id: Ibb0d0c17005b1e6213c09092e4b3c888a9024304
Fixes: v2.9.0rc0-2629-g3bb32ede26 ("addr_resolv: add fast path for parsing addresses from manuf")
Reviewed-on: https://code.wireshark.org/review/30768
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The manuf file is large but has a consistent format (25.7k entries with
three octets, 9.8k entries with a mask). Add a fast path for this file
that is 20% faster (saves 20ms on an unoptimized Debug+ASAN build).
Change-Id: Ida509b0305caf4e26131dc5cf5fb04c49392ad4b
Reviewed-on: https://code.wireshark.org/review/30757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The key for the manuf table is 24 bits of the ether addr while the key
for services table needs is a 16 bit port. Store this value directly,
saving some memory and improving startup time by a tiny bit.
Likewise for ipxnet_hash_table and vlan_hash_table. These tables seem
unused though, perhaps it should be removed.
Change-Id: Ide9ffad8e2c9af24afa82adb2e009f32a5f43d38
Reviewed-on: https://code.wireshark.org/review/30756
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
An unoptimized, Debug+ASAN `tshark --version` takes about 1 second. 17%
of the cycles are spent in addr_resolv_init and 7% within fgetline. Use
fgets instead, now fgetline only costs ~0.5% (11% for addr_resolv_init).
This limits the line length to 1K which should more than be sufficient
for all involved files (longest lines: manuf 154, services 222).
Change-Id: I8fe4dff317beaa2926c4106909b10898bcd35f21
Reviewed-on: https://code.wireshark.org/review/30755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a function to convert a string that contains an ethernet address
(including the colons) into a sequence of 6 bytes.
Use the existing internal functions to parse an ethernet address.
Declare the new function as local to libwireshark. It'll be used by
wslua to support ethernet addresses.
While at it, fix an incorrect comment about parse_ether_address(). If
accept_mask is false, only a complete 6-byte ethernet address is
accepted.
Change-Id: Ib03306c44866fe97d3cbff2634411b7f5ec31a79
Reviewed-on: https://code.wireshark.org/review/30162
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IPv4 and v6 name resolution are bound to a capture file. Using a lua
script, it is possible to trigger a name resolution when no capture file
is open. This crashes Wireshark as the hash tables for name resolution
are not initialized at this time.
martin@reykholt:~/src/wireshark.git/build$ echo "print(Address.ip(\"1.1.1.1\"))" > bla.lua
martin@reykholt:~/src/wireshark.git/build$ ./run/tshark -Xlua_script:bla.lua
Segmentation fault
martin@reykholt:~/src/wireshark.git/build$ echo "print(Address.ipv6(\"::1\"))" > bla6.lua
martin@reykholt:~/src/wireshark.git/build$ ./run/tshark -Xlua_script:bla6.lua
Segmentation fault
Make sure that the hash tables are available as long as the epan library
is initialized. Add a new function host_name_lookup_reset(), call this
function every time we set up dissection for a new capture file. This
way, we keep the name resolution results separate per capture file.
Reorder the steps in init_dissection(). Host name lookup is now
available at all times, there's no need to be in file scope when it's
initialized.
Change-Id: I9599100d5f378b6a0f73dc630e4c8af3b3ffb2cc
Reviewed-on: https://code.wireshark.org/review/29398
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And handle comments in manuf file entries correctly.
There are entries in the manuf file where columns are
separated by two or more tab characters. These extra
tab characters are not being trimmed from the manuf name.
OUI: 00:40:96 ( Cisco Systems, Inc.)
->
OUI: 00:40:96 (Cisco Systems, Inc.)
Change-Id: Ie6545480848bb84c20bea6566a3ccf11c7ed9233
Reviewed-on: https://code.wireshark.org/review/27759
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Otherwise, the first N packets printed, for a value of N dependent on
various factors, won't get IP addresses resolved to names, even if the
user wants them resolved. Unlike Wireshark, which, when a name is
resolved in asynchronously, can go back and fix up the displayed packet
when the asynchronous operation completes, once TShark has written
packet data to the standard output, it can't go back and fix it if it
did name resolution asynchronously.
Bug: 14711
Change-Id: I8ebbd83103e5780c903b5560e01b7b92fa39c924
Reviewed-on: https://code.wireshark.org/review/27668
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't have add_async_dns_ipv6(), we just do the same stuff inline in
host_lookup6(); this removes an irrelevant difference between
host_lookup() and host_lookup6().
Change-Id: Ib4aa1783ddec1bc390e2a7f64c87f1c8441fa849
Reviewed-on: https://code.wireshark.org/review/27661
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by valgrind. Remove unnecessary "if" guard for g_free while at it.
Change-Id: I58a18472f2c82e4c6c810d3cb3eeb2358b64f4ab
Reviewed-on: https://code.wireshark.org/review/27133
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We might not yet have allocated the manually-resolved address lists;
only free the if we have.
Change-Id: Iff9864e397a04cdcb613268603c073ecd1fa77fb
Reviewed-on: https://code.wireshark.org/review/26236
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We have WS_INET_ADDRSTRLEN and WS_INET6_ADDRSTRLEN; use them.
Change-Id: Idade0da9fae70d891901acd787b06d21e2ddbc5f
Reviewed-on: https://code.wireshark.org/review/24156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.
Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
inet_pton(), and thus ws_inet_pton(), won't accept hex or
fewer-than-four-component IPv4 addresses, at least on Single UNIX
Specification-compliant systems - the SUSv4 explicitly says
The inet_pton() function does not accept other formats (such as
the octal numbers, hexadecimal numbers, and fewer than four
numbers that inet_addr() accepts).
so we don't need to check for "inet_atons that accept strings such as -
"130.230" as valid addresses".
That also means that, "if there are any places where this needs to
support the hex-address form for IPv4 addresses, or to support fewer
than 4 components for a network address", those places were hosed even
before we stopped using inet_aton(), so there are presumably no such
places. (Itojun's comment was probably just an expression of general
concern, rather than a note of a known problem.)
Change-Id: Id16b6ebd3550dc3bf5a0fc283898a99b7abc163c
Reviewed-on: https://code.wireshark.org/review/24057
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need a temporary IPv4 address variable in get_host_ipaddr(), we
can just use the pointer we've been handed.
Change-Id: Id7cbd0c14b2eeb3efde5a556f3414bd635411908
Reviewed-on: https://code.wireshark.org/review/24056
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Note the dropping of support for hex IPv4 addresses and addresses with
fewer than four components, and indicate that, if there are any places
where that support is expected, we should change those places (i.e.,
don't just change get_host_ipaddr() and, if there aren't any such
places, just leave everything as it is).
It's not clear that get_host_ipaddr() is "Used more in the dfilter
parser rather than in packet dissectors"; that may depend on whether
you're counting number of calls executed from those places or the number
of lines of code making those calls. Just drop the claim, which is
absent in the comment for get_host_ipaddr6().
Also ask whether we're using get_host_ipaddr{6}() in any places where it
should *only* support numeric addresses rather than names.
Change-Id: Ib5d8730ca703339342f308081a68309479f842c5
Reviewed-on: https://code.wireshark.org/review/24055
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Including where it says not to in comments. Use IPv4 dotted-decimal
notation.
Change-Id: Iafe1f6fbd2bd5867c41642dc27411f47dff8ce6a
Reviewed-on: https://code.wireshark.org/review/24044
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>