This allows for a global place to enable/disable all heuristic dissectors. This removes the need for individual dissector preferences, but those will be removed at a later date. The more important part is the epan code to save/restore the enabled state of the heuristic dissector. The GTK dialog was more for quickly testing the feature (there was already some GTK code in place that started the heuristic dialog tab)
Change-Id: Ie10687505c27a4456c49d5c4c69a5fc5f6394275
Ping-Bug:11152
Reviewed-on: https://code.wireshark.org/review/9508
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A few sample tap/dissectors (ANSI/A, ANSI MAP) are also included to test the API. The "GUI output" is a bit raw and could use some "prettying up", but all the basic hooks are there.
Telephony "stat grouping" needs to be better alphabetized to properly populate menu (on GTK, probably Qt)
Change-Id: I98514171f69c4ab3a304dccb26c71d629703c9ab
Reviewed-on: https://code.wireshark.org/review/9110
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib982662db6cf68730a7d121eac60d9bc5ae67429
Reviewed-on: https://code.wireshark.org/review/9195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Immediately release memory after using it, fixes a direct memleak
warning from ASAN.
Change-Id: Icd3ff19c607da790a4a093966e1966cb0df6bb9d
Reviewed-on: https://code.wireshark.org/review/9069
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Very similar to the refactoring of SRT stats, it provides more commonality of the stats for all GUI interfaces. Currently implemented for TShark and GTK. Affected dissectors: MEGACO, MGCP, Radius
Change-Id: Icb73a7e603dc3502b39bf696227fcaae37d4ed21
Reviewed-on: https://code.wireshark.org/review/8998
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create "common" SRT tap data collection intended for all GUIs. Refactor/merge functionality of existing dissectors that have SRT support (AFP, DCERPC, Diameter, FC, GTP, LDAP, NCP, RPC, SCIS, SMB, and SMB2) for both TShark and GTK.
SMB and DCERPC "tap packet filtering" were different between TShark and GTK, so I went with GTK filter logic.
CAMEL "tap packet filtering" was different between TShark and GTK, so GTK filtering logic was pushed to the dissector and the TShark tap was left alone.
Change-Id: I7d6eaad0673fe628ef337f9165d7ed94f4a5e1cc
Reviewed-on: https://code.wireshark.org/review/8894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This avoids type punning; at least with Xcode 7 beta on El Capitan beta,
that produces warnings that get turned into errors.
Change-Id: I57f47455b9630f359828c07c92a190b5cb33816f
Reviewed-on: https://code.wireshark.org/review/8862
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We have a bunch of duplicated code to make those lists; make a common
routine for that. (dumpcap currently doesn't use it, as the routine in
question uses a routine in libui, which dumpcap doesn't use. We should
probably fix that.)
Change-Id: I9058bf3320d420b8713e90743618972da1d1c6ed
Reviewed-on: https://code.wireshark.org/review/7934
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It can be set if either 1) this is Windows (where we're assumed to be
using WinPcap, which includes calls to set the buffer size) or 2) we
have pcap_create() (in which case we also have pcap_set_buffer_size(),
at least in a normal libpcap release).
Use that rather than testing "defined(_WIN32) ||
defined(HAVE_PCAP_CREATE)"; that makes it a bit more obvious what's
being tested.
Change-Id: Id9f8455019d19206b04dd6820a748cb97ae5ad12
Reviewed-on: https://code.wireshark.org/review/7816
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Squelch
warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual]
similar to g630f54f.
Change strtod to g_ascii_strtod to squelch a checkAPIs error.
Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e
Reviewed-on: https://code.wireshark.org/review/7269
Reviewed-by: Gerald Combs <gerald@wireshark.org>
dladdr() takes a void * as a code pointer; have init_progfile_dir() do
so, and do the casting in the calls. We don't care about the signature
of the function whose address we're passing, we just want to pass a
pointer to *something* in the main program.
Change-Id: I9372620a97b0eb53c2bb3c0c41a238b4408f3709
Reviewed-on: https://code.wireshark.org/review/7270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have dfilter_compile() take an additional gchar ** argument, pointing to
a gchar * item that, on error, gets set to point to a g_malloc()ed error
string. That removes one bit of global state from the display filter
parser, and doesn't impose a fixed limit on the error message strings.
Have fvalue_from_string() and fvalue_from_unparsed() take a gchar **
argument, pointer to a gchar * item, rather than an error-reporting
function, and set the gchar * item to point to a g_malloc()ed error
string on an error.
Allow either gchar ** argument to be null; if the argument is null, no
error message is allocated or provided.
Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c
Reviewed-on: https://code.wireshark.org/review/6608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add some missing g_free()s while we're at it.
Change-Id: Id38acc21d3c0b337e5d05baaf5ebbcd63699ff50
Reviewed-on: https://code.wireshark.org/review/6287
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"stat name" has been official changed to "endpoints" for all dissectors, rather than a mixture of "host"/"endpoints" based on dissector.
Change-Id: If34bcb5165b493948e784ba038ab202803a59843
Reviewed-on: https://code.wireshark.org/review/6154
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't throw its declaration in file.h, as it's not defined in file.c.
Instead, include it in epan/dissectors/packet-kerberos.h and include
that wherever read_keytab_file() is called.
Yes, that means you also have to include <epan/asn1.h> and, therefore,
you have to include <epan/packet.h>. Yes, that should be cleaned up,
perhaps by splitting the Kerberos support code into "stuff that handles
encryption keys without any reference to dissection" and "stuff that
does dissection-related work".
Change-Id: Ide5c31e6d85e6011d57202f728dbc656e36138ef
Reviewed-on: https://code.wireshark.org/review/6210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, the setlocale() call used to get the current locale will get
the right answer.
Change-Id: Ib43e16a9d98d08e5ddaff81fd3235f5b64d7b95b
Reviewed-on: https://code.wireshark.org/review/6197
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have them start the string with "Compiled" or "Running on", and return
the string when done.
Change-Id: Ic4d290c963621fa0385dc5aab766fd4ad31d3810
Reviewed-on: https://code.wireshark.org/review/6155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The behavior of a leading - is platform-dependent. It also means that
non-option arguments are treated in a fashion that we're not handling,
so capture filters given as non-option arguments at the end of the
command line don't work. (The Linux getopt() man page says that a
leading - "is used by programs that were written to expect options and
other argv-elements in any order and that care about the ordering of the
two." We are not such a program.)
Change-Id: I5610cf90a8218d48f7516abacc367e0affa3b549
Based-On-A-Change-From: Peter Hatina <phatina@redhat.com>
Reviewed-on: https://code.wireshark.org/review/6071
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way:
1) we don't have to worry about the system getopt() and our
getopt_long(), on platforms that have getopt() but not
getopt_long() (Solaris prior to Solaris 10, HP-UX, AIX), not
working well together;
2) if necessary, we can handle long options in the first pass.
Switch to using getopt_long() for the *second* pass for the GTK+ version
of Wireshark.
Use the documented mechanism for resetting the argument parser for the
glibc version of getopt_long(); use the mostly-undocumented-but-at-least-
they-documented-optreset mechanism for the *BSD version.
(We should look into doing only one pass, saving away arguments that
can't fully be processed in the first pass for further processing after
initializing libwireshark.)
Change-Id: Ide5069f1c7c66a5d04acc712551eb201080ce02f
Reviewed-on: https://code.wireshark.org/review/6063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We support three types of platforms:
1) UN*Xes that have both getopt() and getopt_long();
2) UN*Xes that have getopt() but not getopt_long();
3) Windows, which has neither.
Checking for getopt_long() lets us distinguish between 1) and 2) and
build getopt_long() for them.
Change-Id: Iaf0f142f9bebaa2eed2128d544ec9786711def45
Reviewed-on: https://code.wireshark.org/review/6045
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Wireshark UI files into a single one in wsutil.
Change-Id: I0a64f0cc8106bd681bd185289c36272c4c43baad
Reviewed-on: https://code.wireshark.org/review/6026
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
Wrap the capture_file struct in a QObject which translates cf_cb_* and
capture_cb_* events into signals. Move the global cfile to
capture_file.cpp.
Don't use a void pointer for the capture file struct.
Change-Id: Ic5d5efb4bb1db64aa0247245890e5669b1da723a
Reviewed-on: https://code.wireshark.org/review/5885
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Check for them *only* on opening for writing and writes.
Change-Id: I4b537d511ec04bcfc81f69166a2b9a2ee9310067
Reviewed-on: https://code.wireshark.org/review/5827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That indicates that it's a problem specific to *writing* capture files;
we've already converted some errors to that style, and added a new one
in that style.
Change-Id: I8268316fd8b1a9e301bf09ae970b4b1fbcb35c9d
Reviewed-on: https://code.wireshark.org/review/5826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
WTAP_ERR_FILE_UNKNOWN_FORMAT is reported if the file is in a format that
libwiretap doesn't know about (either because it's not a capture file at
all or because it's a capture file in a format it doesn't support).
WTAP_ERR_UNSUPPORTED is for files in a *known* format that are using
features or file format elements (record type, link-layer header type,
etc.) that libwireshark doesn't support. Fix some copy-and-pasteos
causing WTAP_ERR_UNSUPPORTED to be reported with a message appropriate
for WTAP_ERR_FILE_UNKNOWN_FORMAT.
Change-Id: Ic675ffd501c52838d8944a6c61e1b01041b73098
Reviewed-on: https://code.wireshark.org/review/5799
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For example, this can be used for pcap-ng options not mapped to
file-type-independent metadata values.
Change-Id: I398b324c62c1cc1cc61eb5e9631de00481b4aadc
Reviewed-on: https://code.wireshark.org/review/5549
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Give all routines in epan/print.c that write a particular format a name
beginning with write_{formatname}.
If routines write columns, rather than the raw protocol tree, don't give
it a name containing proto_tree.
Get rid of empty preamble/finale routines.
For CSV, the preamble routine writes out column titles, so call it
write_csv_column_titles().
For C arrays, the body routine writes out raw hex data, so call it
write_carrays_hex_data().
capture_file isn't a structure defined by libwireshark, so don't make it
an argument passed into libwireshark.
Change-Id: I5a7e04de9382cf51a59d9d9802f815b8b3558332
Reviewed-on: https://code.wireshark.org/review/5536
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pass the "output only these protocols" hash table as an argument,
instead.
Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1
Reviewed-on: https://code.wireshark.org/review/5440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have write_psml_preamble() and write_csv_preamble() take a capture_file *
as an argument, so they can print the column titles themselves, rather
than having to defer it to the routine that prints packet data.
Change-Id: Ifd1b7a13062be8ad46846315976922a752778153
Reviewed-on: https://code.wireshark.org/review/5438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That list doesn't show the entries in the dissector tables, just
information about the tables themselves.
Clean up some tshark man page issues while we're at it.
Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca
Reviewed-on: https://code.wireshark.org/review/5360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Yes, Wireshark does a bunch of GUI stuff, and then takes the window down
before printing the help, but the same is true for some command-line
error messages as well.
Change-Id: Id501468416c83308e4c0a9e7a66116d8d33a9d84
Reviewed-on: https://code.wireshark.org/review/5317
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The intent is to handle more than just command-line arguments; reflect that.
Change-Id: Ia10efda85a9d11c6579d1bec6f789cee30d9e825
Reviewed-on: https://code.wireshark.org/review/5304
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Unlike the standard I/O routines, the code we introduced that supports
fast random seeking on gzipped files will always supply some specific
error code for read errors, so we don't need WTAP_ERR_CANT_READ.
Add WTAP_ERR_CANT_WRITE for writing, as we're still using the standard
I/O routines for that. Set errno to WTAP_ERR_CANT_WRITE before calling
fwrite() in wtap_dump_file_write(), so that it's used if fwrite() fails
without setting errno.
Change-Id: I6bf066a6838284a532737aa65fd0c9bb3639ad63
Reviewed-on: https://code.wireshark.org/review/4540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The dump of the address info list must be differed to the end of the processing so as to know which host name was actually used in the capture
Bug: 10507
Change-Id: I44dbfae918d4ae92f9740c309804c7ff21bb4e1b
Reviewed-on: https://code.wireshark.org/review/4327
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename simple_dialog_qt.{cpp,h} to simple_dialog.{cpp,h}. Make it a
subclass of QMessageBox. Queue messages at startup similar to GTK+.
Move the GTK+-specific simple_dialog declarations to
gtk/simple_dialog.h.
Don't yell at the user so much. Replace exclamation points with periods.
Change-Id: I1cc771106222d5e06f1f52d67ac29d6dc367cce4
Reviewed-on: https://code.wireshark.org/review/4288
Reviewed-by: Gerald Combs <gerald@wireshark.org>
don't pick up the in-tree copy.
Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71
Reviewed-on: https://code.wireshark.org/review/3798
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Michael Mann