MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove the endpoint map and its button from the Qt and GTK+ UIs. It
depends on GeoIP Legacy for coordinate information and those databases
are being deprecated in favor of MaxMind DB. We *could* upgrade the code
to use mmdbresolve, but according to
https://dev.maxmind.com/geoip/geoip2/geolite2/ they're also going to
remove coordinate information from GeoLite2:
"In addition, in 2019, latitude and longitude coordinates in the
GeoLite2 databases will be removed.* Latitude and longitude coordinates
will continue to be provided in GeoIP2 databases. Please check back for
updates."
Change-Id: I43e1593d282a0f1aae897b1f4724117d1496b21e
Reviewed-on: https://code.wireshark.org/review/26229
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch from AsciiDoc's smart quotes markup to the quotes themselves,
along with apostrophes.
Change-Id: I78930d6902e2691b6a2cb35ed5bae6fef4bb7257
Reviewed-on: https://code.wireshark.org/review/26108
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add "QA engineers use it to verify network applications",
as suggested by Alexander Sashnov.
Change-Id: Ia9c83fd2f2610db747043f861931470e3f4e4c53
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/26057
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use "or" instead of a comma for alternate keyboard shortcuts.
Change-Id: I3f2abf63b4c437ca0fe439d91dfac44e24d9d8e5
Reviewed-on: https://code.wireshark.org/review/25624
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Convert some passthrough XML comments left over from the DocBook →
AsciiDoc conversion to AsciiDoc / Asciidoctor comments.
Change-Id: Iaf44bcf0b8a3a383e735b2b4394722cbbb2bdff3
Reviewed-on: https://code.wireshark.org/review/25615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch from AsciiDoc's smart quotes markup to the quotes themselves. Use
double curly quotes in place of singles.
Switch from XML entities to their direct equivalents where we can.
Switch from hex entities to decimal entities where we can't or it's not
convenient. (Asciidoctor PDF doesn't yet handle hex entities).
Change-Id: Iaf5ec33249e1c91b3d50b5d96251763243b72836
Reviewed-on: https://code.wireshark.org/review/25606
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Start using markup that is preferred by Asciidoctor but compatible with
both generators.
Add a missing "cpp" attribute and set a couple of Asciidoctor-specific
compatibility attributes.
Change-Id: Iff4c31362e4493b97a85f46db2c39b18c336536f
Reviewed-on: https://code.wireshark.org/review/25600
Reviewed-by: Gerald Combs <gerald@wireshark.org>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Add links to the online man page for each tool. Make sure tshark
generates pre-commit-compatible output on Linux.
Change-Id: I00d2973475f27460065bc8a65471abef152ded33
Reviewed-on: https://code.wireshark.org/review/23754
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a CMake target that dumps the help output for our command line tools
to individual files. Include those files in the tools appendix instead
of pasting them in manually.
Fixup the output of some tools so that they pass the pre-commit checks.
Change-Id: I925f24818422a190927a96531c21f4d16d3fe5b5
Reviewed-on: https://code.wireshark.org/review/23737
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Relax requirements for upgrades and make running side-by-side installations
more convenient.
Change-Id: I5299eed005a4748c54465dec90f477adb577e056
Reviewed-on: https://code.wireshark.org/review/23619
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Installing machine code to XDG_CONFIG_HOME is problematic.
Use ~/.local/lib/wireshark/plugins instead.
XDG_CONFIG_HOME should be architecture independent. This allows copying the
configuration between different architectures safely.
Reference: https://www.freedesktop.org/software/systemd/man/file-hierarchy.html
Change-Id: I1b18f64aab4dd351d611cfbea3b9333f23c98bfa
Reviewed-on: https://code.wireshark.org/review/23498
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Wireshark patch releases (X.Y.Z) are binary compatible so reflect
that in the plugin installation path.
By installing to $pkglibdir/plugins/X.Y out-of-tree plugins don't
need to be reinstalled with every patch release.
Change-Id: I9d1728e6fb12bcb51d2a723af22c750cb7a966cf
Reviewed-on: https://code.wireshark.org/review/23497
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change the name of the button macro to "btn" in order to be compatible
with AsciiDoctor.
Change-Id: I673e0fe0ae7b343abeb1afba0b9b11402efdf0d6
Reviewed-on: https://code.wireshark.org/review/23187
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create a common_src directory for common guide content. Add a
typographic convention section. Update some of the content accordingly.
Change-Id: I4f69c0f52a985c48e07fa0628b19734ec691f74e
Reviewed-on: https://code.wireshark.org/review/23131
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The protocol help feature was completely removed in g09efa5fb8b and
deprecated long before that.
Change-Id: Ia0bde785002025c0cf9e3f783a5cad7f784938a2
Reviewed-on: https://code.wireshark.org/review/23076
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Have a separate section, before all the others, giving the top-level
directories under which those folders are placed, with names for use in
later sections.
Update the example personal application data folder on Windows to the NT
6.x-and-beyond standard.
Don't give the pathnames for configuration files in the table, just give
the name and the description.
For the global files, distinguish between macOS and other Unix-like
systems, and, for the latter, mention both /usr/XXX and /usr/local/XXX.
The preferences file isn't "wireshark.conf", and hasn't been that for
quite a while.
For all the configuration files, give the details of personal vs. global
files - they're different for different files.
Have separate sections for configuration files and plugin folders. For
plugin folders, note both the use of the top-level plugin folder for Lua
scripts and the use of the per-Wireshark-version subfolder for compiled
plugins.
Use fixed-format text for the non-variable parts of pathnames, and
italics for the variable parts.
This should, among other things, make it easier for other documents,
such as the Lua documentation in the Wireshark wiki, to refer to folders
such as the configuration file and plugin folders.
Change-Id: I133c1e159e992827458bee64c4f37be5b50f9b6f
Reviewed-on: https://code.wireshark.org/review/23060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the "matches" operator case-insensitive by default. Case
sensitivity can be switched back on using "(?-i)".
It might be nice to make "contains" case-insensitive as well, but we'd
need a caseless version of epan_memmem.
Change-Id: I5e39a52c148477c30c808152bcace08348df815a
Reviewed-on: https://code.wireshark.org/review/22330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spurious retransmission check operates on the last-seen
acknowledgment in the reverse direction. Adjust the analysis logic so
that it is checked independently of the forward sequence number.
Update the documentation accordingly.
Change-Id: I3714f44398501a581f967c61e119fe95f90209b1
Reviewed-on: https://code.wireshark.org/review/21769
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Try to document as accurately as possible the circumstances under which
each TCP analysis flag is added.
Update some TCP debugging code.
Change-Id: I793756f73b8ade328e150acf32bc203792e29449
Reviewed-on: https://code.wireshark.org/review/21749
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Default value for snaplen is defined in wiretap/wtap.h:
#define WTAP_MAX_PACKET_SIZE 262144
and used in capture_opts.c:
capture_opts->default_options.snaplen =
WTAP_MAX_PACKET_SIZE;
but help and man pages don't reflect this change.
Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I25bab6eb1072bec102e00a76027c7742a0ea883b
Reviewed-on: https://code.wireshark.org/review/20714
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since v2.1.0rc0-184-gb0b53fa593, $XDG_CONFIG_HOME/wireshark (instead of
$HOME/.wireshark) is used, clarify this in the WSUG and manuals.
Change-Id: I74a6f9b86bd8d54ee326ca83d7536e091d6da08a
Reviewed-on: https://code.wireshark.org/review/20364
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add the ability to move back and forth in the packet selection history
similar to GTK+. Update the documentation accordingly.
Change-Id: If1fdc1e59b240c0588c292dc0f7f0a5f083c30e1
Reviewed-on: https://code.wireshark.org/review/20320
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added examples for the matches, contains and bitwise_and operators.
Most of the text and the examples have been taken from the wiki and the
wireshark-filter manpage.
Bug: 13320
Change-Id: Icd9a325c05ecd4ecd1cbde8162a4c88cae335d1d
Reviewed-on: https://code.wireshark.org/review/19758
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move the replacement definitions in asciidoc.conf to
attributes.asciidoc. This makes the markup a bit cleaner and is more
compatible with AsciiDoctor. Use a standard naming scheme for URLs.
Change-Id: Ica73aaadb013be2a4e6a3963fb54e6db6e02e98f
Reviewed-on: https://code.wireshark.org/review/18655
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Set variablelist.as.blocks in custom_layer_pdf.xsl so that we don't end
up with list text squeezed into tiny columns on the right. Set column
widths for most of our tables.
Change-Id: I3fe47d945a7945618012c9de1fc0e97b788dea9e
Reviewed-on: https://code.wireshark.org/review/17893
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Adjust the column widths of some tables to that they render more cleanly
and without FOP warnings. Move some table content to plain text instead
of trying to shove it into table cells. Fix some other layout and
formatting.
Change-Id: I40e40fd7ca5c3cc594ea30c8b1ad233afd4cdca4
Reviewed-on: https://code.wireshark.org/review/17880
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Wrap monospace text in our PDF output. Fix the formatting of a list. Fix
an anchor reference.
Change-Id: Id9433f3e3462569299e6702b4a4e137481ad80c4
Reviewed-on: https://code.wireshark.org/review/17877
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pass relative image directory paths to xsltproc. The DocBook documentation
says you can use a URI, but trying to get that to work with CMake
and Windows appears to be a path to tears and undignified wails of
frustration.
Add attributes for our different types of images and use them so that
the PDFs don't scale our screenshots to an unusable size.
Change-Id: I786d09d9ef9be3d423b2af426a8867739ae12c1a
Reviewed-on: https://code.wireshark.org/review/17688
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a checkbox which lets you toggle between absolute and relative start
times. Use the local time for now. Fixes bug 11618.
Adjust our time precision based on the capture file's time precision.
Fixes bug 12803.
Update the User's Guide accordingly.
Bug: 11618
Bug: 12803
Change-Id: I0049d6db6e4d0b6967bf35e6d056a61bfb4de10f
Reviewed-on: https://code.wireshark.org/review/17448
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a timeline indicator to the Start and Duration columns in the
Conversations dialog. Add tooltips to the columns that explain what's
going on.
Round the timeline rect corners and do the same for Prototocol Hierarchy
Statistics. This should hopefully differentiate the graph bars from a
text selection and IMHO it looks better.
Update the PHS and Conversations images in the User's Guide.
Change-Id: I61d6c25843be522cc444e01ba77cb5b1e991fa36
Reviewed-on: https://code.wireshark.org/review/17396
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Compress the source tarball using xz instead of bzip2. Other open source
projects (including many of our dependencies) have been using xz for a
while so hopefully this won't be too much of a shock.
Remove the patch-bzip2 Autotools target while we're here.
Change-Id: I456d27b6cd56a43aba829bd45938f98568eb7b1d
Reviewed-on: https://code.wireshark.org/review/16735
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
TShark has had the functionality for awhile. While the GUI version
still has ways to change and persist Decode As functionality, adding
command line functionality gives the Decode As from initial launch
of the GUI.
Was also an excuse to refactor a bunch of code out of tshark.c
Bug: 5143
Change-Id: Ie67007d75e897bc06cc9afd9b84372a96b93778c
Reviewed-on: https://code.wireshark.org/review/16008
Reviewed-by: Michael Mann <mmann78@netscape.net>
Many of our AsciiDoc "macros" are simple string replacements. Start
converting them to attributes.
Update the release notes.
Change-Id: I23d9ffd311f13a34c16cde3b4898b7f7bb8ba638
Reviewed-on: https://code.wireshark.org/review/15778
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Bug: 12455
Change-Id: I1c1fc4b2bff0e446d3eb8e1b3be4ea7669cec923
Reviewed-on: https://code.wireshark.org/review/15511
Reviewed-by: Michael Mann <mmann78@netscape.net>