Install headers to support plugins development on Windows.
Change-Id: I3161bd2f730edf62ab44fee6ce4fedbb9aee0d31
Reviewed-on: https://code.wireshark.org/review/30776
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The glib gboolean and integer types are used interchangably,
while a proper use is easily achievable.
While at it, replace the duplicate definition of the IPv4 source
and destination addresses (endian sensitive).
Change-Id: I5378544f370dc41962eb6303ddeeecb184db14f4
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30770
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of annotating every TFTP ERROR packet as "TFTP blocksize out of range",
let's flag them as TFTP error packets using their own expert info type.
Let's also try to figure out whether an ERROR packet represents a "close"
operation after a transfer-size ("tsize") query. Such ERROR packets aren't
really errors, so we can use a separate expert info type to report those with
lower severity.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including tsize probes and real errors
(file not found, permission denied). From the menu, chose Analyze > Expert
Information, and saw the tsize probes listed together at "Chat" severity,
and actual errors reported at "Warning" severity, all appropriately labeled.
Change-Id: I5605ce00559264ed94a47435c8f6d253f143fefb
Reviewed-on: https://code.wireshark.org/review/30760
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In RTI Connext DDS 5.3.3 and later PID_TYPE_CONSISTENCY has six
new fields: Ignore Sequence Bounds, Ignore String Bounds,
Ignore Member Names, Prevent Type Widening, Force Type Validation,
Ignore Enum Literal Names.
Change-Id: I456097a3baf733351dcb86f2cba0a3f03d2fc100
Reviewed-on: https://code.wireshark.org/review/30753
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packets.
Topic Information Feature used to link packets belonging to the same
topic now is used in APP_ACK and APP_ACK_CONF packets.
Change-Id: Ib4e1dd4dfed41962bc76e8600a1213247a3bf588
Reviewed-on: https://code.wireshark.org/review/30752
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When no mask is allowed, reject addresses like "aa:bb:cc:...".
Fix the type of 'cp' to avoid reading from a negative array index.
Fix parsing, a nibble is four bits, not eight.
Bug: 15297
Change-Id: Ibb0d0c17005b1e6213c09092e4b3c888a9024304
Fixes: v2.9.0rc0-2629-g3bb32ede26 ("addr_resolv: add fast path for parsing addresses from manuf")
Reviewed-on: https://code.wireshark.org/review/30768
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When giving the command line option '-D' and having 'I' and 'O' markers in
the hexdump to import the IP addresses are adjusted, transport layer ports
are adjusted, the TCP window information is adjusted, but still the frames
originate from the same interface and go to the other interface.
This changes makes it so that the Ethernet destination and source address
is also adjusted with the direction indicated, to match the other adjusted
addressing used.
Bug: 15287
Change-Id: I762f195ece206ed14e6bca1c1160055df7c4dac1
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30767
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Split interface discovery in three stages: discover available programs
(extcap_get_extcap_paths), obtain outputs for each (extcap_run_all) and
processing of the output (process_new_extcap). The second step is most
expensive, do it in parallel in multiple threads.
extcap_foreach used to call extcap_if_exists, but as "cb_info.ifname" is
always NULL for interface discovery, it would always pass. Remove this
check and all other unused functions.
This saves 100ms startup time on Linux with 7 extcap tools.
Change-Id: I511e491d3b23c0a7f2fe2447842e87a9bd75adbe
Ping-Bug: 15295
Reviewed-on: https://code.wireshark.org/review/30766
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
extcap_foreach has two purposes: discovery of all interfaces for each
tool and querying info for an extcap interface. Observe that the latter
requires extcap_if_exists(ifname) to be true. This makes extcap_foreach
match exactly one interface, so we can avoid some complexity.
Change-Id: I1842f50aa19553608ee5f2bb7bd8d94bba9629f2
Reviewed-on: https://code.wireshark.org/review/30764
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This avoids an unnecessary explicit cast. For clarity, rename the
working directory argument to match g_spawn_sync.
Change-Id: Idf7072cd590e686294d953f77da2a52c861a89c0
Reviewed-on: https://code.wireshark.org/review/30763
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The manuf file is large but has a consistent format (25.7k entries with
three octets, 9.8k entries with a mask). Add a fast path for this file
that is 20% faster (saves 20ms on an unoptimized Debug+ASAN build).
Change-Id: Ida509b0305caf4e26131dc5cf5fb04c49392ad4b
Reviewed-on: https://code.wireshark.org/review/30757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Cleanup to unify the two distinct places where tftp_info was identically created
and initialized. While we're here, remove two unnecessary initializers of
'conversation'. Behavior should be unchanged.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of TFTP
packet captures in the GUI.
Change-Id: I9702a3dbeea357ec903166144918a71abc742846
Reviewed-on: https://code.wireshark.org/review/30758
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
The key for the manuf table is 24 bits of the ether addr while the key
for services table needs is a 16 bit port. Store this value directly,
saving some memory and improving startup time by a tiny bit.
Likewise for ipxnet_hash_table and vlan_hash_table. These tables seem
unused though, perhaps it should be removed.
Change-Id: Ide9ffad8e2c9af24afa82adb2e009f32a5f43d38
Reviewed-on: https://code.wireshark.org/review/30756
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
An unoptimized, Debug+ASAN `tshark --version` takes about 1 second. 17%
of the cycles are spent in addr_resolv_init and 7% within fgetline. Use
fgets instead, now fgetline only costs ~0.5% (11% for addr_resolv_init).
This limits the line length to 1K which should more than be sufficient
for all involved files (longest lines: manuf 154, services 222).
Change-Id: I8fe4dff317beaa2926c4106909b10898bcd35f21
Reviewed-on: https://code.wireshark.org/review/30755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.
Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Ie900a70477a21b82650e6504d3b2f175f20c7caa
Reviewed-on: https://code.wireshark.org/review/30725
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
All request types have a corresponding test_sharkd_req_* test names
which tests the current (documented) behavior. The frame and download
tests are not very comprehensive though, but it's better than nothing.
(The original test_sharkd_hello_dhcp_pcap test is replaced by
test_sharkd_req_status and test_sharkd_req_frames, although the latter
does not literally check for the "DHCP" column anymore.)
Change-Id: Ic39b954fc50065345ac46e96a7057b7aba2a09e3
Reviewed-on: https://code.wireshark.org/review/30743
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Align comments and add two fixup notes while at it.
Change-Id: I977c1a6e55712414f7af042cb215bac49926a019
Reviewed-on: https://code.wireshark.org/review/30742
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new line that explains the Platform ID, e.g. "Z101: vCMP Guest"
Also: Include the terminating zero bytes of STRINGZ values in the highlighting.
Change-Id: I6b79af708816c5c2b45d1c50d9a3587f46906018
Reviewed-on: https://code.wireshark.org/review/30724
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
systemd Journal Export text fields are UTF-8. Use tvb_get_string_enc
instead of tvb_format_text. Use col_add_str to add packet-scoped strings.
Change-Id: I01d8d9127e6baf2f9c27d1e4a66071ec6173f181
Reviewed-on: https://code.wireshark.org/review/30708
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following CIP Safety Supervisor services skipped processing the first byte:
Safety Reset
Configuration Lock
Mode Change
Change-Id: I90e411ced410f9924565d50c8d6bf44e92859e2c
Reviewed-on: https://code.wireshark.org/review/30728
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To keep git logs readable, enforce a short summary line. Strive for 80
characters, reject everything past 120. Descriptions should also stay
under 80 characters, but as error messages and links to protocol
specifications can be quite long, do not check the description.
Change-Id: Ife46b9ef6330aab015fc4ee5cc774a8ef6b9ad4e
Reviewed-on: https://code.wireshark.org/review/30667
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When Wireshark uses a synchronous spawn (e.g., to launch an extcap)
it would be nice to be able to see what command line is constructed
to launch the process, and to see what comes back. The output will
go to the g_log.
Change-Id: Iec6baeebc026cd80398084c9644fc916ab068e2f
Reviewed-on: https://code.wireshark.org/review/30475
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In check_dumpcap_pcapng_sections, append a copy of our check_val dict so
that we properly check our first file.
Skip IDB checks when we have multiple interfaces. Dumpcap creates a
separate thread for each interface when the interface count is > 1,
which means that we can't guarantee that we will always read and write
everything in the same order.
Change-Id: Ie458f31e0e901db2b538e9826a136dbe89167bcf
Reviewed-on: https://code.wireshark.org/review/30718
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
As the comment says, this is a table of "File types that can be
identified by file extensions."; a file type that doesn't have an
extension that's used for files with that format obviously *can't* be
identified by a file extension and thus *doesn't* belong in this table.
Change-Id: Ic14dc55e6d9dbad4651e535cdf44293f8b449659
Reviewed-on: https://code.wireshark.org/review/30735
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use the libwiretap APIs to get lists of all compressed file suffixes or
to get the compressed file suffix for a given compression type.
(The net effect is the same, as the only compression type supported is
gzip, but if any compression types are added in the future, that code
won't need to be changed.)
Change-Id: I7de3b764604d50c4c60b6f20dd16ee87fc00e5b2
Reviewed-on: https://code.wireshark.org/review/30734
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Added decodings for TLVs 46.10 and 46.11.
Fixed formatting of TLVs.
Change-Id: Iec8829929a8b6981e1760614f76d16400b94d05c
Reviewed-on: https://code.wireshark.org/review/30709
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new option to insert decryption secrets into a pcapng file.
Change-Id: I0e024585cac9a8a328e88d32f9eb03d37d350e2a
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AppleClang 9.1.0.9020039 is complaining about a "missing initializer" in
dumpcap.c. Rather than doing ugly things like one of the following:
struct s x;
memset(&x, 0, sizeof(x));
struct s y = {.field=0};
just disable the warning (enabled via -Wextra) on broken compilers. The
minimum versions were determined using https://gcc.godbolt.org/
The special "universal zero initializer { 0 }" exception is explicitly
documented in the GCC manual (as shipped with GCC 8.2.1). Clang 6 does
not document it, but r314499 (as included with Clang 6) does implement
it and adds tests for it. (Xcode 10.0 seems based on Clang 6.0.1.)
Change-Id: I8e48d8c424a512ca36ef8c4f832ce81b3675232c
Reviewed-on: https://code.wireshark.org/review/30684
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The verbose config option has been replaced by an extcap base debug
option. Presenting verbose as an available option makes Wireshark
trying to retrieve the value of this option. As the option is not
really supported and invalid options after a recent change now
generate errors the androiddump tool does not start properly.
For reference the problem happens due the unfortunate combo of
these two patches:
v2.3.0rc0-1108-gb83ea46 ("extcap: put missed parameters into the help")
v2.9.0rc0-2431-g945d441 ("extcap: fix return value in extcap_base_parse_options().")
Fix by removing verbose as an available config option.
Change-Id: I894f599708a7160f50ca9ee1f9586022342705cb
Reviewed-on: https://code.wireshark.org/review/30716
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Already when selecting the extcap interface to use the encap type is
known. For some reason when adding packets the type is explicitly
checked for certain values and if not known type is set to
WTAP_ENCAP_WIRESHARK_UPPER_PDU.
This conversion break tcpdump function for all but ETHERNET interface
type. For example NLMON and 802.11 radiotap interfaces does not work.
This problem has probably been there since quite a while back but was not
seen (in the sense that current capture looked OK). Though when:
"3aec5e1 Catch attempts to write multiple encapsulation types if unsupported."
got applied the encap type mismatch is now detected and packet capture stops.
As encap type is known already when selecting the interface to use, fix
this by simply reusing the initial value when dumping the packets.
Change-Id: Ica9824e715c47b285c985ea48cbae0e10e18d542
Reviewed-on: https://code.wireshark.org/review/30715
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implementing ICMP extended echo (RFC8335) for IPv6.
To dissect ICMP Extension objects we use the IPv4
implementation.
Bug: 14457
Change-Id: I5be59ccf9058466369c072cfed3ad1cd17bf243b
Reviewed-on: https://code.wireshark.org/review/30563
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
JSON-GLib was added in v2.9.0rc0-201-g511c2e166a, but is no longer
necessary since we have a home-grown JSON dumper (wsutil/json_dumper.h).
Remove the remaining traces and additionally remove GObject from
FindGLIB2.cmake since it was only added for JSON-GLib.
Change-Id: If9dfd2c60cec130f98109d100bdb6618bde06ba0
Reviewed-on: https://code.wireshark.org/review/30733
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde