| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Allow "-U ?" as well as an empty argument; an empty argument is a bit
counterintuitive.
Simplify the introductory line of output - asking for a list of taps
isn't an error in which the user failed to supply a tap name, it's a
case where the user suplied a request for a list of tap names.
Just use fprintf() to print the list, and indent the elements of the
list, as we do with other lists of valid arguments.
List the valid arguments if the user specified an invalid argument as
well.
|
|
Add missing entries, regularize the descriptions, etc..
Note that pcap and pcapng are the native formats.
Fix various issues.
Update the editcap -F output to match urrent reality.
While we're at it, sort the libwiretap modules, putting observer.c in
the right place.
|
|
JDSU bought Network Instruments, and then split into Viavi and Lumentum,
with Viavi getting Observer.
|
|
Since fe94133f0d06935bb5f2afe21f59bbb078d3d9d3 ws_snprintf()
and ws_vsnprintf() don't actually do anything anymore.
The return value of ws_[v]snprintf was discarded before,
now it too conforms to C99.
|
|
|
|
Note that we use EditorConfig in the WSDG and README.developer, and that
you should make sure your editor uses it. Recommend 4 space indentation
more strongly. Ping #17253.
Reorder and reword the coding style sections of each document while
we're here.
|
|
Add a new timestamp encoding format ENC_TIME_NSECS, like ENC_TIME_SEC but
for nanosecond values. Needed for my work-in-progress dissector for Apple
push notifications.
|
|
Instead *_register_plugin() is turned into a noop (with a warning).
The test suit is failing with ENABLE_PLUGINS=Off (it was already failing
before and this patch didn't affect that).
Closes #17202.
|
|
- Fix duplicate "are are".
- Fix NTP epoch year in ENC_TIME_NTP docs (572b80d2 fixed it in the README
but not in proto.h).
- Remove completely redundant "(ie. )" clauses.
|
|
ENC_TIME_MIP6 and ENC_TIME_CLASSIC_MAC_OS_SECS were added recently by
factoring them out of specific dissectors, but they weren't documented.
I added documentation, based on comments in the dissector code they came
from.
|
|
Since 2.9.0, plugin_release has been split up into two different
variables, plugin_want_major and plugin_want_minor.
|
|
Inspired in https://gitlab.com/wireshark/wireshark/-/merge_requests/1618.
Tested:
Timestamps on file used for comparison:
```
$ tshark -r test/captures/snakeoil-dtls.pcap -T fields -e frame.time_epoch
1150121069.248818000
1150121069.249193000
1150121069.251152000
1150121069.251384000
1150121069.293686000
1150121069.319315000
1150121075.230753000
1150121105.510885000
1150121105.510934000
```
Before:
```
$ ./build/run/editcap -B 1150121069.3 test/captures/snakeoil-dtls.pcap -
editcap: "1150121069.3" isn't a valid date and time
$ ./build/run/editcap -A 1150121069.3 test/captures/snakeoil-dtls.pcap -
editcap: "1150121069.3" isn't a valid date and time
$ ./build/run/editcap -A 1150121069 test/captures/snakeoil-dtls.pcap -
editcap: "1150121069" isn't a valid date and time
$ ./build/run/editcap -B 1150121069 test/captures/snakeoil-dtls.pcap -
editcap: "1150121069" isn't a valid date and time
```
After:
```
$ ./build/run/editcap -A 1150121069.3 test/captures/snakeoil-dtls.pcap - | tshark -r - -T fields -e frame.time_epoch
1150121069.319315000
1150121075.230753000
1150121105.510885000
1150121105.510934000
$ ./build/run/editcap -A 1150121069 test/captures/snakeoil-dtls.pcap - | tshark -r - -T fields -e frame.time_epoch
1150121069.248818000
1150121069.249193000
1150121069.251152000
1150121069.251384000
1150121069.293686000
1150121069.319315000
1150121075.230753000
1150121105.510885000
1150121105.510934000
$ ./build/run/editcap -B 1150121069.3 test/captures/snakeoil-dtls.pcap - | tshark -r - -T fields -e frame.time_epoch
1150121069.248818000
1150121069.249193000
1150121069.251152000
1150121069.251384000
1150121069.293686000
$ ./build/run/editcap -B 1150121069 test/captures/snakeoil-dtls.pcap - | tshark -r - -T fields -e frame.time_epoch
```
|
|
|
|
This adds a function to parse a string date-time in ISO 8601 format into
a `nstime_t` structure. It's based on code from epan/tvbuff.c and
wiretap/nettrace_3gpp_32_423.c and meant to eventually replace both.
(Currently only replaces the latter.)
Since most of Wireshark expects ISO 8601 date-times to fit a fairly
strict pattern, iso8601_to_nstime() currently rejects date-times without
separators between the components, even though ISO 8601 actually permits
this. This could be revisited later.
Also uses iso8601_to_nstime in editcap to parse the -A/-B options,
thus allowing the user to specify a time zone if desired. (See #17110)
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
Change wording so that the order of processing becomes more apparent.
Closes #17109
|
|
|
|
New link type DLT_ETW is added for write and read Event Trace on Windows.
This change updates MBIM dissector to decode a MBIM message from
a DLT_ETW packet.
|
|
Improve script by ignoring common contractions, dealing with
e.g. \n within strings, and finding multiple concatenated words even
when no camelCase is used.
Also includes some actual spelling fixes.
|
|
Add support internally to using iconv (always present with glib) to convert
strings from various encodings to UTF-8 (using REPLACEMENT CHARACTER as
recommended), and use that to support GB 18030 and EUC-KR. Replace call
directly to iconv in ANSI 637 for EUC-KR to new API. Update comments
and documentation around character encodings. It is possible to replace
the calls to iconv with an internal decoder later. Tested on Linux and
on Windows (including with illegal characters). Closes #16630.
|
|
|
|
|
|
|
|
Fix some issues discovered by common python linters including:
* switch `None` comparisons to use `is` rather than `==`. Identity !=
equality, and I've spent 40+ hours before tracking down a subtle bug
caused by exactly this issue. Note that this may introduce a problem if
one of the scripts is depending on this behavior, in which case the
comparison should be changed to `True`/`False` rather than `None`.
* Use `except Exception:` as bare `except:` statements have been
discouraged for years. Ideally for some of these we'd examine if there
were specific exceptions that should be caught, but for now I simply
caught all. Again, this could introduce very subtle behavioral changes
under Python 2, but IIUC, that was all fixed in Python 3, so safe to
move to `except Exception:`.
* Use more idiomatic `if not x in y`--> `if x not in y`
* Use more idiomatic 2 blank lines. I only did this at the beginning,
until I realized how overwhelming this was going to be to apply, then I
stopped.
* Add a TODO where an undefined function name is called, so will fail
whenever that code is run.
* Add more idiomatic spacing around `:`. This is also only partially
cleaned up, as I gave up when I saw how `asn2wrs.py` was clearly
infatuated with the construct.
* Various other small cleanups, removed some trailing whitespace and
improper indentation that wasn't a multiple of 4, etc.
There is still _much_ to do, but I haven't been heavily involved with
this project before, so thought this was a sufficient amount to put up
and see what the feedback is.
Linters that I have enabled which highlighted some of these issues
include:
* `pylint`
* `flake8`
* `pycodestyle`
|
|
|
|
|
|
|
|
FT_STRINGZPAD is for null-*padded* strings, where the field is in an
area of specified length, and, if the string is shorter than that
length, all bytes past the end of the string are NULs.
FT_STRINGZTRUNC is for null-*truncated* strings, where the field is in
an area of specified length and, if the string is shorter than that
length, there's a null character (which might be more than one byte, for
UCS-2, UTF-16, or UTF-32), and anything after that is not guaranteed to
have any particular value.
Use IS_FT_STRING() in some places rather than enumerating all the string
types, so that those places get automatically changed if the set of
string types changes.
|
|
We started allowing source files to be encoded as UTF-8 in April 2019 in
bd75f5af0a. Update README.developer to match.
README.developer no longer has a "Code style" section, so update the
Developer's Guide to point to the "Portability" section.
|
|
|
|
Convert various code.wireshark.org URLs to their
gitlab.com/wireshark/wireshark equivalents.
Change-Id: I0150d1bd14208eb451a7de818dce6573363b1d27
|
|
Change-Id: I0fd52a17a80f3d4f6acc3c38d53c7d452e85382f
|
|
FT_STRINGZ should be used *ONLY* if the string is *ALWAYS* supposed to
have a null terminator, either because the length isn't otherwise
specified, so that it can only be determined by finding the terminating
null character, or because a character count *and* a NULL terminator are
both used (yes, there appear to be some cases where that's true).
FT_STRINGZPAD is null-padded rather than null-terminated; this is
typically used for fixed-length fields that contain a string value that
might be shorter than the fixed length.
Change-Id: Ifdf421ca666482583a4dfc76167eae6dc473f48a
Reviewed-on: https://code.wireshark.org/review/38137
Reviewed-by: Guy Harris <gharris@sonic.net>
|
|
This proposal adds a new option '-b printname:<filename>' to dumpcap. If
used, dumpcap will print the name of each ring buffer file it creates
after it is closed. Allows the use of '-'/'stdout' and 'stderr'.
Use case: Since the file name is printed after the file is closed for
writing, an automated capture process can do something like the
following with the guarantee that the file in question will not be
changed.
dumpcap -i eth0 -b files:2 -b printname:stdout [-b ...] | \
while read cap_file_name ; do
# Do something with $cap_file_name
done
This sort of scripting is difficult in dumpcap's current form. Dumpcap
prints the names of new files to stderr as it *opens* them, so a script
attempting to use this must sleep for "-b duration:value" seconds plus
some fudge time to be sure it's getting a closed, unchanging file.
Change-Id: Idb288cc7c8c30443256d35c8cd4460a2e3f0861c
Reviewed-on: https://code.wireshark.org/review/37994
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add the `--capture-comment "comment"` option for appending pcapng
comments to the SHB of the output file(s).
Add the `--discard-capture-comment` option for removing pcapng comments
present in the input file SHB(s) before writing to the output file(s).
Supports multiple comments per SHB. Noted in the documentation that
Wireshark itself doesn't support multiple comments.
Bug: 15033
Change-Id: If07a4e7a93505438639018783a11343cd5992f2a
Reviewed-on: https://code.wireshark.org/review/38074
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Allow user to specify time resolutions as fine as 1 nanosecond for the
start and stop times (-A and -B options) for editcap. Uses `nstime_t`
for the user options and `nstime_cmp()` to compare with packet
timestamps.
Change-Id: I2340bc4830c7d9a6b17a5e53fa4e8837e231bcb6
Reviewed-on: https://code.wireshark.org/review/38057
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The sshdump command is typically not invoked directly, and I need a
place to refer people to for configuring Wireshark.
Change-Id: I10fb3d88dbb3aea0bfcaf22aac90b36a7a8dc814
Reviewed-on: https://code.wireshark.org/review/37897
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
sshdump can now be copied in multiple instances. Each instance will
show up a different interface and will have its own profile.
This will help users connecting to different hosts. Instead of changing
profiles, sshdump can be cloned, and each instance will be used for a
single host.
Change-Id: If4fb42cf78021c6f16213ae91cbf41ec7f61ca77
Reviewed-on: https://code.wireshark.org/review/37883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
We aren't using them now; stick to libpcap APIs (including Windows-only
libpcap APIs).
Change-Id: I812eaa31ba1e6e611418853105d3e00c9130a420
Reviewed-on: https://code.wireshark.org/review/37852
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
|
|
Our authors lists and man pages are encoded as UTF-8 and have been for
quite a while. Remove perlnoutf.pl and ensure that standard I/O uses
UTF-8 as described at
https://www.perl.com/pub/2012/05/perlunicook-make-all-io-default-to-utf-8.html/
Change-Id: I7016ec5e3a12934463b43bcfdde2c424069c20ac
Reviewed-on: https://code.wireshark.org/review/37817
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In each of our executables we were calling "setlocale(LC_ALL, "")" at
startup. This told Windows that output was encoded using the current
system code page. Unless the code page was 65001 (UTF-8), this was a lie.
We write UTF-8 to stdout and stderr, so call "setlocale(LC_ALL, ".UTF-8)"
at startup on Windows. This lets the CRT translate our output correctly
in more cases.
Clarify and expand the OUTPUT section in the tshark man page.
Bug: 16649
Change-Id: If93231fe5b332c292946c7f8e5e813e2f543e799
Reviewed-on: https://code.wireshark.org/review/37560
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Bug: 16652
Change-Id: I2c0e0363b3ea77a616191476d6e27cca1204b7cc
Reviewed-on: https://code.wireshark.org/review/37564
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I35d7420ee41b520437572a0e464ad1a9998bfd30
Reviewed-on: https://code.wireshark.org/review/37068
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.
Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>
|
|
Change-Id: Ic997fa586e11a33abc2c2a054c7ccd415372b27a
Reviewed-on: https://code.wireshark.org/review/36954
Reviewed-by: Guy Harris <gharris@sonic.net>
|
|
They were added in the code, but weren't documented.
Change-Id: Iaa12e2d33aa4a4b889c00a7f10b12b4c9b6e8197
Reviewed-on: https://code.wireshark.org/review/36953
Reviewed-by: Guy Harris <gharris@sonic.net>
|
|
Support for the -m (monospace font) flag was removed from Wireshark in
2.3/2.4 in g37252634c4. Remove it from the man page and help output.
Change-Id: Idaafeb6cd30d7deea6086a065168c91affd6f0ad
Reviewed-on: https://code.wireshark.org/review/36926
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
Check is enabled by #ifdef ENABLE_CHECK_FILTER
Remaining issues found by this check are fixed here,
along with a documentation note that the entries
are checked in order and the first match is used.
The only issue not yet fixed is in packet-isup.c,
where the spec was not available to me.
Change-Id: Ife747cda9b91a265bc2b81ce0a53f55f3389919e
Reviewed-on: https://code.wireshark.org/review/36708
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Commit 3398c2898dcc95c83ab026d62d8a08290ad3cb0b duplicated the '-i'
option in the synopsis. Remove this again.
Change-Id: I85fb78515910b11e9dff9b3aa876746b2ff11fa4
Reviewed-on: https://code.wireshark.org/review/36678
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
