Use the C-ARES ares_set_servers() API to set a list of DNS servers to use.
The list of DNS servers is controlled through a UAT. There is also a boolean
preference to determine if the custom list should be used. The boolean preference
was added to arbitrate between the "default" list of servers that C-ARES creates
during initialization and using the "custom" list (which may be empty and we don't
want the "default" list to be overwritten)
Bug: 15960
Change-Id: I4ba071777f6bb9bc2fef313b7618908d805c0690
Reviewed-on: https://code.wireshark.org/review/34419
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use existsing file_exists() function to check if the profile contains
a vlans file.
Change-Id: Ibc3d32b27059edd80b7c4e88ceb48fded2334909
Reviewed-on: https://code.wireshark.org/review/33384
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If the profile directory contains a vlans file we will use it. Otherwise
fall back to normal user preferences.
Bug: 15795
Change-Id: Ie6a63a6f7a29bd83a15799875aa5883be7010039
Reviewed-on: https://code.wireshark.org/review/33378
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's just noise, especially if the signal is SIGINT.
Change-Id: I97df2396d60280e5978f637ec3bb8f93966674b8
Reviewed-on: https://code.wireshark.org/review/32718
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove name resolution from DNS packets from the tooltip because
resolving from DNS packets has it's own check box.
Change-Id: I0a4039a1639f22b51429c3771fd828d9727aca08
Reviewed-on: https://code.wireshark.org/review/31581
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Found by clang-tidy.
Change-Id: Iaf6cf84c33b03ddfcd39a333b49f4987002afa56
Reviewed-on: https://code.wireshark.org/review/31338
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When no mask is allowed, reject addresses like "aa:bb:cc:...".
Fix the type of 'cp' to avoid reading from a negative array index.
Fix parsing, a nibble is four bits, not eight.
Bug: 15297
Change-Id: Ibb0d0c17005b1e6213c09092e4b3c888a9024304
Fixes: v2.9.0rc0-2629-g3bb32ede26 ("addr_resolv: add fast path for parsing addresses from manuf")
Reviewed-on: https://code.wireshark.org/review/30768
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The manuf file is large but has a consistent format (25.7k entries with
three octets, 9.8k entries with a mask). Add a fast path for this file
that is 20% faster (saves 20ms on an unoptimized Debug+ASAN build).
Change-Id: Ida509b0305caf4e26131dc5cf5fb04c49392ad4b
Reviewed-on: https://code.wireshark.org/review/30757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The key for the manuf table is 24 bits of the ether addr while the key
for services table needs is a 16 bit port. Store this value directly,
saving some memory and improving startup time by a tiny bit.
Likewise for ipxnet_hash_table and vlan_hash_table. These tables seem
unused though, perhaps it should be removed.
Change-Id: Ide9ffad8e2c9af24afa82adb2e009f32a5f43d38
Reviewed-on: https://code.wireshark.org/review/30756
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
An unoptimized, Debug+ASAN `tshark --version` takes about 1 second. 17%
of the cycles are spent in addr_resolv_init and 7% within fgetline. Use
fgets instead, now fgetline only costs ~0.5% (11% for addr_resolv_init).
This limits the line length to 1K which should more than be sufficient
for all involved files (longest lines: manuf 154, services 222).
Change-Id: I8fe4dff317beaa2926c4106909b10898bcd35f21
Reviewed-on: https://code.wireshark.org/review/30755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a function to convert a string that contains an ethernet address
(including the colons) into a sequence of 6 bytes.
Use the existing internal functions to parse an ethernet address.
Declare the new function as local to libwireshark. It'll be used by
wslua to support ethernet addresses.
While at it, fix an incorrect comment about parse_ether_address(). If
accept_mask is false, only a complete 6-byte ethernet address is
accepted.
Change-Id: Ib03306c44866fe97d3cbff2634411b7f5ec31a79
Reviewed-on: https://code.wireshark.org/review/30162
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IPv4 and v6 name resolution are bound to a capture file. Using a lua
script, it is possible to trigger a name resolution when no capture file
is open. This crashes Wireshark as the hash tables for name resolution
are not initialized at this time.
martin@reykholt:~/src/wireshark.git/build$ echo "print(Address.ip(\"1.1.1.1\"))" > bla.lua
martin@reykholt:~/src/wireshark.git/build$ ./run/tshark -Xlua_script:bla.lua
Segmentation fault
martin@reykholt:~/src/wireshark.git/build$ echo "print(Address.ipv6(\"::1\"))" > bla6.lua
martin@reykholt:~/src/wireshark.git/build$ ./run/tshark -Xlua_script:bla6.lua
Segmentation fault
Make sure that the hash tables are available as long as the epan library
is initialized. Add a new function host_name_lookup_reset(), call this
function every time we set up dissection for a new capture file. This
way, we keep the name resolution results separate per capture file.
Reorder the steps in init_dissection(). Host name lookup is now
available at all times, there's no need to be in file scope when it's
initialized.
Change-Id: I9599100d5f378b6a0f73dc630e4c8af3b3ffb2cc
Reviewed-on: https://code.wireshark.org/review/29398
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And handle comments in manuf file entries correctly.
There are entries in the manuf file where columns are
separated by two or more tab characters. These extra
tab characters are not being trimmed from the manuf name.
OUI: 00:40:96 ( Cisco Systems, Inc.)
->
OUI: 00:40:96 (Cisco Systems, Inc.)
Change-Id: Ie6545480848bb84c20bea6566a3ccf11c7ed9233
Reviewed-on: https://code.wireshark.org/review/27759
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Otherwise, the first N packets printed, for a value of N dependent on
various factors, won't get IP addresses resolved to names, even if the
user wants them resolved. Unlike Wireshark, which, when a name is
resolved in asynchronously, can go back and fix up the displayed packet
when the asynchronous operation completes, once TShark has written
packet data to the standard output, it can't go back and fix it if it
did name resolution asynchronously.
Bug: 14711
Change-Id: I8ebbd83103e5780c903b5560e01b7b92fa39c924
Reviewed-on: https://code.wireshark.org/review/27668
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't have add_async_dns_ipv6(), we just do the same stuff inline in
host_lookup6(); this removes an irrelevant difference between
host_lookup() and host_lookup6().
Change-Id: Ib4aa1783ddec1bc390e2a7f64c87f1c8441fa849
Reviewed-on: https://code.wireshark.org/review/27661
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by valgrind. Remove unnecessary "if" guard for g_free while at it.
Change-Id: I58a18472f2c82e4c6c810d3cb3eeb2358b64f4ab
Reviewed-on: https://code.wireshark.org/review/27133
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We might not yet have allocated the manually-resolved address lists;
only free the if we have.
Change-Id: Iff9864e397a04cdcb613268603c073ecd1fa77fb
Reviewed-on: https://code.wireshark.org/review/26236
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We have WS_INET_ADDRSTRLEN and WS_INET6_ADDRSTRLEN; use them.
Change-Id: Idade0da9fae70d891901acd787b06d21e2ddbc5f
Reviewed-on: https://code.wireshark.org/review/24156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.
Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
inet_pton(), and thus ws_inet_pton(), won't accept hex or
fewer-than-four-component IPv4 addresses, at least on Single UNIX
Specification-compliant systems - the SUSv4 explicitly says
The inet_pton() function does not accept other formats (such as
the octal numbers, hexadecimal numbers, and fewer than four
numbers that inet_addr() accepts).
so we don't need to check for "inet_atons that accept strings such as -
"130.230" as valid addresses".
That also means that, "if there are any places where this needs to
support the hex-address form for IPv4 addresses, or to support fewer
than 4 components for a network address", those places were hosed even
before we stopped using inet_aton(), so there are presumably no such
places. (Itojun's comment was probably just an expression of general
concern, rather than a note of a known problem.)
Change-Id: Id16b6ebd3550dc3bf5a0fc283898a99b7abc163c
Reviewed-on: https://code.wireshark.org/review/24057
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need a temporary IPv4 address variable in get_host_ipaddr(), we
can just use the pointer we've been handed.
Change-Id: Id7cbd0c14b2eeb3efde5a556f3414bd635411908
Reviewed-on: https://code.wireshark.org/review/24056
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Note the dropping of support for hex IPv4 addresses and addresses with
fewer than four components, and indicate that, if there are any places
where that support is expected, we should change those places (i.e.,
don't just change get_host_ipaddr() and, if there aren't any such
places, just leave everything as it is).
It's not clear that get_host_ipaddr() is "Used more in the dfilter
parser rather than in packet dissectors"; that may depend on whether
you're counting number of calls executed from those places or the number
of lines of code making those calls. Just drop the claim, which is
absent in the comment for get_host_ipaddr6().
Also ask whether we're using get_host_ipaddr{6}() in any places where it
should *only* support numeric addresses rather than names.
Change-Id: Ib5d8730ca703339342f308081a68309479f842c5
Reviewed-on: https://code.wireshark.org/review/24055
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Including where it says not to in comments. Use IPv4 dotted-decimal
notation.
Change-Id: Iafe1f6fbd2bd5867c41642dc27411f47dff8ce6a
Reviewed-on: https://code.wireshark.org/review/24044
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Comments were discarded based on a fourth column using tab separators.
Use a pound sign instead.
Change-Id: Icb5dd33c4a2c9c441eebda74bc8d813443efe1b6
Reviewed-on: https://code.wireshark.org/review/23351
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Some places (like MAC resolution) want to keep a fixed length, but for places
that want to display "full organization name", save the long name that is
treated as a comment in the manuf file.
Have make-manuf convert companies with all caps to mixed case so we're not
screaming the company name at the user.
Convert the manuf.tmpl to be tab delimited without a comment for the "long name"
so it can match the format now created by make-manuf.
Remove uint_get_manuf_name as it was unnecessary.
Bug: 3666
Change-Id: If2af5a1ce64e2784fe3941eeae8d8093d4f1467b
Reviewed-on: https://code.wireshark.org/review/23150
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename range_foreach_r() to range_foreach(), getting rid of the old
range_foreach().
If your callback doesn't require an additional argument, just pass NULL
when calling range_foreach(), and declare the argument as unused.
Change-Id: I49a56f90610e39cf2ddc398c9e30ed11a6ca90db
Reviewed-on: https://code.wireshark.org/review/23025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
to avoid mistaking it for a range function that operates on pairs.
Change-Id: If9117c195ba21d55a476c3b9deb2a2ca7a1056ed
Reviewed-on: https://code.wireshark.org/review/22994
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove assignee and other miscellaneous information that changes more
frequently than service name and can be consulted directly in the IANA
registry.
Allow merging identical transports into a single line for convenience
and size/speed optimization (a backward-compatible change).
Remove obsolete make-services.pl.
Change-Id: I3ecbd1a6a68d87c084d77498a0eeb44b7afdab67
Reviewed-on: https://code.wireshark.org/review/22872
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Having two distinct logical concepts (OUI and Well Known Address)
concatenated to a single "manuf" file is needlessly obfuscating
the WKA feature.
Have a distinct "wka" file instead and just skip the cat.
Change-Id: I46f53b0015a37331d65f8cfac7cbbd499dd0c5b8
Reviewed-on: https://code.wireshark.org/review/22742
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Version 1.5 was released on 21-nov-2007. RHEL, Suse, etc supported versions
are all above c-ares v1.5.
We don't bother testing for it at build time for now, because it's non-trivial
(times two build systems).
Change-Id: I9253256d8d905da0c75d80b2b0fa4527df2b1420
Reviewed-on: https://code.wireshark.org/review/22741
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed get_ipxnet_addr(), get_ether_addr(). If this feature is desired at
a minimum it should use an efficent data structure (and no disk-based
lookups mid-dissection).
Change-Id: Ie72449c631f21f4a3d82ec435bb5e1d7892f122c
Reviewed-on: https://code.wireshark.org/review/22729
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
We can do so easily because the format is so simple. This makes it
more convenient for a user to hand-edit a dictionary in the personal
config folder. We still use tabs in the system file for a small space
gain.
Also add a brief description of the format as a comment.
Change-Id: If3f741bff16f1f42c8ef07d643dc6463caaad1a5
Reviewed-on: https://code.wireshark.org/review/22678
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename "enterprises" to "enterprises.tsv" so that its format is a bit more
obvious and so that double-clicking the file might do something useful.
Add it to the Windows packages.
Change-Id: I5ef54a04ce1b4926aa4535e756e04b3e2a56d463
Reviewed-on: https://code.wireshark.org/review/22616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I27517bdfc4d00ee758d3795bd74e54968e70efad
Reviewed-on: https://code.wireshark.org/review/22497
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Clear DUMMY_ADDRESS_ENTRY when add_ipv4_name/add_ipv6_name. This flag is checked in ipv4_hash_table_resolved_to_list().
TODO: clean up these flags as they are confusing and DUMMY appears somewhat redundant.
Change-Id: I81d40cc778cbe5c36314631d3fa0997cee409368
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22109
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a "report a warning message" routine to the "report_err" code in
libwsutil, and rename files and routines appropriately, as they don't
only handle errors any more.
Have a routine read_enabled_and_disabled_protos() that reads all the
files that enable or disable protocols or heuristic dissectors, enables
and disables them based on the contents of those files, and reports
errors itself (as warnings) using the new "report a warning message"
routine. Fix that error reporting to report separately on the disabled
protocols, enabled protocols, and heuristic dissectors files.
Have a routine to set up the enabled and disabled protocols and
heuristic dissectors from the command-line arguments, so it's done the
same way in all programs.
If we try to enable or disable an unknown heuristic dissector via a
command-line argument, report an error.
Update a bunch of comments.
Update the name of disabled_protos_cleanup(), as it cleans up
information for disabled *and* enabled protocols and for heuristic
dissectors.
Support the command-line flags to enable and disable protocols and
heuristic dissectors in tfshark.
Change-Id: I9b8bd29947cccdf6dc34a0540b5509ef941391df
Reviewed-on: https://code.wireshark.org/review/20966
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11228
Change-Id: Id8bcc51ff694ef9f2019bc7509e440021d049d22
Reviewed-on: https://code.wireshark.org/review/19735
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This is mostly to address memory leaks in range preferences (the biggest
user of range functionality) on shutdown.
Now range preferences must use epan scoped memory when referencing
internal preference structures to keep consistency.
Change-Id: Idc644f59b5b42fa1d46891542b53ff13ea754157
Reviewed-on: https://code.wireshark.org/review/19387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Michael Mann