* The QPACK decoder code has not significantly changed since the initial
nghttp3 0.1.0 release. The `user_data` field of `nghttp3_mem` was
renamed from `mem_user_data` in 0.2.0. Since we do not use it, just
remove the field to make it build on Ubuntu 22.04 with 0.1.1.
* Arch Linux, BSD, Debian, Alpine: add (lib)nghttp3.
* debian/control: add libnghttp3-dev dependency.
* brew: Install libnghttp2 instead of nghttp2, we only need the library.
* brew: libnghttp3 was just made available in Homebrew, so install it:
https://github.com/Homebrew/homebrew-core/pull/150922
Move our Falco plugin directories up one level so that we're outside the
hierarchy scanned by plugins_init. This also makes it more clear that
these are Falco plugins and that they don't conform to our plugin API.
In .gitlab-ci.yml, add spaces and emoji to the build directory name. In
CMakeLists.txt, quote a path in a wrapper script. Quote our executable
and file paths where needed in our tests.
Quote the path name variables in -fmacro-prefix-map so that source or build
directories with spaces work when compiling with recent gcc or clang.
Fix#17487 (LocatePythonModule was removed recently so that doesn't
need fixing.)
Separate enabling assertions from WS_DEBUG. Use NDEBUG if ENABLE_ASSERT
is not defined, to conform to CMake conventions for the build type.
Misc assertion header enhancements.
This partially reverts 25d4a099f7.
It is annoying to have to manage two CMake flags independently
for debugging.
Instead of simply removing ENABLE_DEBUG_UTF_8 make it enabled by
default with ENABLE_DEBUG. So ENABLE_DEBUG enables everything and
ENABLE_DEBUG_UTF_8=Off can be used to disable only UTF-8 validation,
if that is desirable for some reason.
Do not define WS_DEBUG with RelWithDebInfo code. This is a release
build so it should not include debug code, unless specifically
requested with ENABLE_DEBUG=Yes.
Instead of having a global init.lua in datafile_dir that may
contain library code, load the init.lua script from the plugins
directories, similar to other Lua scripts, but guaranteed to
be the first one loaded.
This is consistent with our practice and avoids overwriting the
customizable share/wireshark/init.lua with each instalation or
upgrade.
It also should allow using package.path correctly (which does
not include the configuration directory).
The init.lua in the configuration directory is still loaded for
backward compatibility. It generates a warning in the console.
Previously, a `download` method request for an `eo:<name>_<row>`
export object (for example, `eo:http_0` to download the HTTP export
object with row 0) would fail unless a `tap` method for `eo:<name>`
had already been run. This behavior is surprising as the other
resources downloadable via the `download` method do not work this way.
This commit addresses this issue by updating the `download` method to,
when a `eo:<name>_<row>` export object is requested, see if an
`eo:<name>` object list already exists in `sharkd_eo_list`. If it
does not exist, the `download` method first generates the object list
for `eo:<name>` and adds it to `sharkd_eo_list` using `sharkd_retap`
in the same manner that the `tap` method does. After that, the
`download` method looks for the exported object in `sharkd_eo_list`
just as it did before.
This commit also adds a `sha1` field to the list of exported objects
returned by the `tap` method for `eo` objects in
`sharkd_session_process_tap_eo_cb`.
Replace our code with the upstream version, simplified to search
only for our supported Lua versions.
This allows selecting Lua versions 5.2, 5.2 or "any". The default
is 5.2 only because supporting more than one Lua versions is
generally the wrong thing to do. Allow falling back to
5.1 *explicitly*
Add `voip-calls` and `voip-convs` taps to `sharkd`, which provide the
same information as the `Telephony -> VoIP Calls` GUI menu item. The
`voip-convs` tap accepts an optional comma-separated list of call ID's
allowing the caller to limit which conversations are returned. Both a
single call ID or a `<start>-<end>` call ID range is accepted. For
example, `voip-convs:` returns all conversations, `voip-convs:123`
returns only the conversation with call ID 123 and
`voip-convs:1,5-7,9` returns conversations with call ID's 1, 5, 6, 7
and 9. The call ID for a conversation is returned in the `call`
field. The set of call ID's requested by the caller is stored in a
bit-array which, on a standard Linux amd64 machine, supports storing a
maximum of 65536 call ID's.
Because many of the taps initialized by `voip_calls_init_all_taps` are
not able to be built without it, a basic CLI-based implementation of
`simple_dialog` which prints to `stderr` has been added in
`ui/cli/simple_dialog.c`.
Add `phs` tap to `sharkd`, providing the same information as
`tshark`'s `-z io,phs` option.
Additionally, modify how `tshark -z io,phs` (and therefore `sharkd`'s
new `phs` tap) handles packet comments (aka `pkt_comment` protocol
frames). Previously, `pkt_comment` protocol frames were handled no
differently from any other protocol in `io,phs`'s `tap_packet`
callback `protohierstat_packet` but were skipped in its `tap_draw`
callback `protohierstat_draw`. This behavior seems to have been first
introduced in 80ae3708. For captures containing packet comments, this
lead to surprising `tshark -z io,phs` output with multiple root-level
`eth` trees. Below is example output of the old behavior for the
`test/captures/protohier-with-comments.pcapng` capture in this
repository with two packet comments, one on an ICMPv6 packet and
another on an SSDP packet:
# tshark -qz io,phs -r ./test/captures/protohier-with-comments.pcapng
===================================================================
Protocol Hierarchy Statistics
Filter:
eth frames:113 bytes:21809
ipv6 frames:38 bytes:7456
icmpv6 frames:35 bytes:3574
udp frames:3 bytes:3882
data frames:3 bytes:3882
ip frames:69 bytes:13993
udp frames:59 bytes:13391
mdns frames:1 bytes:138
ssdp frames:29 bytes:8561
nbns frames:20 bytes:2200
nbdgm frames:1 bytes:248
smb frames:1 bytes:248
mailslot frames:1 bytes:248
browser frames:1 bytes:248
dhcp frames:4 bytes:1864
dns frames:4 bytes:380
igmp frames:10 bytes:602
arp frames:6 bytes:360
eth frames:2 bytes:377
ipv6 frames:1 bytes:110
icmpv6 frames:1 bytes:110
ip frames:1 bytes:267
udp frames:1 bytes:267
ssdp frames:1 bytes:267
===================================================================
Despite the comment in `phs_draw` in `ui/cli/tap-protohierstat.c`,
this does not seem to match the behavior for PHS as shown in the GUI.
The GUI seems to ignore the `pkt_comment` protocol frames and merges
their children up a level. This commit tries to reproduce this
behavior in the `tshark -z io,phs` output by ignoring `pkt_comment`
protocol frames in `protohierstat_packet` instead of
`protohierstat_draw`. The result is output like the following:
# tshark -qz io,phs -r ./test/captures/protohier-with-comments.pcapng
===================================================================
Protocol Hierarchy Statistics
Filter:
eth frames:115 bytes:22186
ipv6 frames:39 bytes:7566
icmpv6 frames:36 bytes:3684
udp frames:3 bytes:3882
data frames:3 bytes:3882
ip frames:70 bytes:14260
udp frames:60 bytes:13658
mdns frames:1 bytes:138
ssdp frames:30 bytes:8828
nbns frames:20 bytes:2200
nbdgm frames:1 bytes:248
smb frames:1 bytes:248
mailslot frames:1 bytes:248
browser frames:1 bytes:248
dhcp frames:4 bytes:1864
dns frames:4 bytes:380
igmp frames:10 bytes:602
arp frames:6 bytes:360
===================================================================
Note that there are no `pkt_comment` protocols and only a single
root-level `eth` protocol. Additionally, the commented ICMPv6 and
SSDP packets have been merged into the first `eth` tree, and the frame
and byte counts have been incremented appropriately.
Remove bundled dtd_gen.lua script. It has never been enabled.
Remove it as part of a policy to remove dead code.
Currently it breaks with a runtime error. I did not investigate
the root cause.
To reduce startup external file parsing replce the manuf file with
static arrays compiled into the binary.
Add 3 tables for MA-L, MA-M and MA-S. Add a fourth table to direct
a 24-bit MAC prefix (OUI) to one of these tables.
Adapt the make-manuf.py script to generate the static C data
instead of the text file.
The arrays are sorted and a binary search is performed to map
an OUI (24bit/28bit/36bit) to a short and long name.
To speed up start-up we no longer read the services file
from an external resource. Instead it is compiled statically
into the binary in a sorted array.
The personal services file is still parsed and loaded at startup,
if it exists, to allow users to add custom entries and override
global entries.
For historical reasons the port list is mostly composed of
the same entry for TCP and UDP. To avoid a lot of duplication
we add an extra TCP+UDP table and do two lookups for TCP or
UDP, one in the TCP+UDP table and the other in the TCP/UDP table.
Because the services name space is pretty sparse, with lots of
holes, we also use a binary search instead of a linear array
with aprox. 49000 entries, where most would be empty.
This allows creating simple compressed binary packages easily,
which is handy on less mainstream platforms which lack
dedicated packages, or such packages are overkill and
impractical (eg: debian).
For the future it is planned to add some support for at least the
CPack RPM and NSIS generators.
The CPack code is based on the Inkscape project[1].
[1]https://gitlab.com/inkscape/inkscape
Previously this was lib/wireshark/cmake. User lib/cmake/wireshark
instead. Both are standard search paths but the second is more
conventional and inline with expected package behaviour on Unix.
Use "x64" to refer to "Windows running on 64-bit Intel processors". Get
rid of WIRESHARK_TARGET_PROCESSOR_ARCHITECTURE in favor of
WIRESHARK_TARGET_PLATFORM because the latter is shorter.
This adds a FETCH_lua CMake option to download and build a static
lua library as part of Wireshark's build, using CMake's
ExternalProject.
This is useful to avoid having to add a MinGW Lua 5.2 binary package
for every distribution one might want to support for cross-compilation,
for an easy to build project like Lua that was designed specifically
for embedding.
This is opt-in and should be useful for every platform where Lua 5.2
is not packaged (and there are many).
Tested using Arch Linux with cross and non-cross builds using GCC.
The default stack size for the main process on most OSes we support is
8MiB, including Linux, MacOS, most UN*Xes.
The default on Windows (when compiled with MSVC) is 1MiB.
Increase the stack size on Windows to match the others.
We set some maximum recursion limits several places in the code, and
set a maximum frame size, and those rough calculations are easier
if we're using the same stack size.
All the TRY..EXCEPT code goes on the stack, so a stack overflow can
lead to not leaving a memory scope, which probably means a crash.
Fix#19090
Use "x64" to refer to "Windows running on 64-bit Intel processors". Get
rid of WIRESHARK_TARGET_PROCESSOR_ARCHITECTURE in favor of
WIRESHARK_TARGET_PLATFORM because the latter is shorter.
Use the new COMPONENTS feature of find_papckage() to configure
Qt6. Leave Qt5 using the old method.
In the past using target_link_libraries() with an OBJECT library
wasn't fully supported but I think we are now requiring a modern
enough CMake version.
Besides being cleaner and more modern this also fixes some detection
problems I am experiencing[1].
[1]https://bugreports.qt.io/browse/QTBUG-95791
Sometimes you have a capture file that has many duplicate frames
because of how the capture was made, and its convenient to ignore
the duplicates so you can concentrate on the data and not all
the TCP warnings.
This adds a preference in the "Protocols" section to ignore
duplicates. This currently only works while reading a capture file
*not* during a live capture.