Age | Commit message (Collapse) | Author | Files | Lines |
|
Prior to fix the last column no matter if hidden or not was
always included when exporting packet dissections to CSV.
Fixes #19666.
|
|
|
|
One of these modifies a field name ("hart_ip.pt.rsp.transducer_serail_number"
in packet-hartip.c), a few are in text displayed for fields (in packet-nvme.c)
or for unknown fields (in packet-oer.c and packet-per.c), one is in a
preprocessor macro (in packet-cip.[ch]), and the rest are all in comments.
arry -> array
authos -> authors
compatability -> compatibility
contigous -> contiguous
dispaly -> display
erorr -> error
filed (where it was obviously incorrect) -> field or filled
hueristic -> heuristic
regsiter -> register
serail -> serial
|
|
If the last hex character in a line of a packet is 0x5c (ASCII '\'),
we have to make sure that doesn't end the line, because a backslash-newline
gets treated as a spliced line in C (and that happens in syntax
translation in a very early phase, before comment removal).
We can't just add whitespace (even though §5.1.2.2 of the C standard
says we could), because gcc (and clang) helpfully assume that a
backslash with only whitespace before a newline is probably programmer
error and treats it as a continuation while warning about it:
https://gcc.gnu.org/onlinedocs/gcc/Escaped-Newlines.html#Escaped-Newlines
Surround the text with `|` because that's what hexdump(1) does, though
really most anything that isn't whitespace would do.
Fix #19615
|
|
Add a new hfi reference type for when we're printing items,
that supersedes direct reference - in addition to ensuring that
we don't fake an item, it also defaults the item to visible
(doesn't mark it as hidden when the tree isn't visible), so
that the string representation isn't faked either for fields
that have non-default formats.
Use it when fields are specified with -e; instead of setting
the entire tree as visible, only mark visible the items that
we want to print. This speeds up tshark -e output with all the
-T options that support it, sometimes by 2 to 4 times.
Part of #19573
|
|
|
|
If the quote character appears in a field value, then escape
it by printing the character twice. When escaping whitespace
with the backslash character, also escape the backslash
character itself.
Add a ws_escape_csv function to wsutil and use it for tshark.
Adopt the existing static escape_string_len function so that
ws_escape_csv can use it while maintaining the same output
for the other ws_escape_ functions.
Fix #10284
|
|
Update epan to not initialize static proto values to -1.
|
|
The Export Packet Dissections as C Arrays format includes
comments with the ASCII representation of the bytes.
It's possible for those bytes to include adjacent / and * in
either order, which causes warnings or errors when including
the output directly in a file.
We always put these comments at the end of a line, so just
use C++ style comments, don't cause any sort of issues that
would require escaping. If for some reason someone needs to
include the files but doesn't support C99, it's easier to remove
them than it is to fix C style comments.
Fix #9684
|
|
We should represent JSON values in JSON,
such as booleans using true/false.
The changes in cdc8e2f5119a20e905b60d2afab66114a86b45c9
didn't actually fix anything for JSON output in that
regard, they just replace one string representation with
a different incorrect representation, so revert the part
affecting JSON to avoid inconveniencing users without
sufficient justification.
|
|
Ping #19116
|
|
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
|
|
Move some utility functions to wsutil/to_str.c.
Add interfaces to convert nstime to string representation in
ISO8601 and Unix time.
Use it in epan/print.c.
|
|
Do not mix wire size, a protocol property, with fvalue
length, a property of certain types of objects (sequences).
Rename ftype_length() to ftype_wire_size(). Do not return
wire_size with fvalue_length() (use ftype_wire_size()
instead).
Make the semantic check reject taking the len() of objects
that are not arrays or lists. If the (fixed) len() of a number
is somehow useful we can add a different function for that.
|
|
By coincidence the value for hf_text_only after proto_init() is 0,
but this may change. Fix a check in write_json_proto_node_list().
|
|
Move the protocolfilter map to being a member of output_fields,
consolidating some of the API. The only functions that accept
one accept both, and callers that always pass either as NULL
always pass both as NULL.
|
|
Allow the escaping of whitespace characters and backspace with
the -T fields options to be disabled. There may be some use
cases (particular for redirected output instead of viewing at
a terminal) for not escaping, particularly since escaping makes
it difficult to distinguish a literal "\n" from an escaped newline.
Document this option, which also documents the escaping behavior.
Also add vertical tab to the list of escaped characters, for the
same reason as the others.
Fix #15796
|
|
Instead of adding the aggregator character to the array of field
values (and then iterating with stride 2 for all the output formats
other than fields), add the aggregator character between fields
when outputting.
This means that the aggregator character and the field values can
be treated differently with regards to escaping. The aggregator
character should never be escaped (the user might have chosen
something like the tab character), but as of 3.0, the field values
are escaped. (Possibly for strings there should be an -E option not
to escape the characters, along with documenting it, see #15796.)
It also avoids some unnecessary calls to strdup.
Fix #18002
|
|
When printing selected fields with multiple occurences, separator
strings are added to a GPtrArray containing the values. However,
only the default CSV (-T fields) output method uses those separators,
and the JSON and PDML outputs iterator through the array two elements
at a time, skipping the separators.
Unfortunately, this means that the separators are never freed.
Simplify things by calling g_ptr_array_new_with_free_func() so
that the elements in the GPtrArray are freed automatically when
removed (including by resizing to 0) or the array is destroyed.
Then remove all the separate g_free statements.
|
|
Fix a leak introduced by commit 1e8d3d869546a4fef8a5b4277b70561362a7cc4e
|
|
Exposing the fvalue_t implementation is exposing internal
details of the implementation. Fix that by making the fvalue_t
internal to the ftypes implementation and using setters/getters
where necessary.
|
|
Fvalues are immutable objects. This isn't strictly true in
the case of FT_BYTES because of widespread use of
proto_item_set_len() but that can be worked around and using
GBytes should be more convenient for callers and make some
aspects of the implementation simplers (others not).
|
|
Store the field filter strings in a wmem_map pointing to the
field flags for each string. This allows specifying multiple
filter options (-j or -J) on the command line, including some
of both.
Fix #17470
|
|
Add README because this stuff is somewhat obscure and move XSLT
file to DOCDIR because it is not used by wireshark directly.
|
|
Fix: #18036.
|
|
Move this generic function to wsutil so it can be used
by other libraries.
|
|
Try to fix
```
*** CID 1515532: Memory - corruptions (OVERRUN)
/builds/wireshark/wireshark/epan/print.c: 1859 in print_escaped_xml()
1853 } else {
1854 temp_buffer[offset++] = *p;
1855 }
1856 }
1857 if (offset > ESCAPED_BUFFER_MAX-8) {
1858 /* Getting close to end of buffer so flush to fh */
>>> CID 1515532: Memory - corruptions (OVERRUN)
>>> Overrunning array "temp_buffer" of 256 bytes at byte offset 260 using index "offset" (which evaluates to 260).
1859 temp_buffer[offset] = '\0';
1860 fputs(temp_buffer, fh);
1861 offset = 0;
1862 }
1863 }
1864 if (offset) {
```
|
|
XML 1.0 allows valid UTF-8 characters, except for the ASCII control
characters other than tab, carriage return, and line feed.
(It does not allow form feed and vertical tab, so the allowed group is
not the same as the standard ctype.h isspace category. It also
allows but discourages DEL (\x7F).)
The characters cannot be included as character references of the
form &#xx; either; there is technically no way to include them.
Escape them as done prior to 89e96c1e77a39a259cafb488c6057e6c123d692b
but continue to leave bytes with the high bit set alone so that
UTF-8 printable characters are not escaped.
Fix #10445
|
|
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix #18168.
|
|
|
|
|
|
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
|
|
The header ftypes-int.h should not be used outside of epan/ftypes
because it is a private header.
The functions fvalue_free() and fvalue_cleanup() need not and should
not be macros either.
|
|
Replace %F and %T in the format string. These specifiers are just
short-hand so just write them in full.
|
|
|
|
Dependending on version_info is unnecessary and forces an epan
rebuild every time the git commit id changes, which can be slow,
especially with LTO enabled, and again is unnecessary.
Printing the VCS version to the TLS debug log is a minor convenience
that doesn't justify the cost to relink epan with every commit.
|
|
|
|
Note that it was impossible to actually overflow
the buffer, and there is a check to flush and restart
if it gets to within a few bytes of the end, but static
analyzers (CID: 1477927) are unlikely to be able to work
this out.
|
|
|
|
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
|
|
|
|
Fix for previous fixes to #17179.
|
|
It has the "feature" that, if handed a negative value, it might just
exit. gmtime() doesn't have that "feature", and is sufficiently
thread-safe for our purposes; use it instead, and check to make sure it
doesn't return a null pointer.
The previous fix for #17179 still used gmtime_s(); this doesn't, so it's
a better fix for #17179.
|
|
At least on Windows, gmtime_s() will *not* succeed if passed a negative
value.
Fixes #17179.
|
|
Should not be needed because the attribute encoding="utf-8" is there.
closes #10445
|
|
Speed functions to print hex bytes, escape XML strings and
print out indents by avoiding specifier calls, and building
larger strings before calling fputs().
Someone mentioned this in the sharkfest chat yesterday.
Also, Ostinato relies upon this when importing from pcap.
An example capture I have has gone from 18 to 11 seconds.
|
|
Convert various code.wireshark.org URLs to their
gitlab.com/wireshark/wireshark equivalents.
Change-Id: I0150d1bd14208eb451a7de818dce6573363b1d27
|
|
The check in the caller suggests this function can fail. The
assert should not be necessary, then.
Bug: 16218
Change-Id: Ic2186f3c51751db61436719bbf5bce609d364d40
Reviewed-on: https://code.wireshark.org/review/35162
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 16207
Change-Id: I95047f76430f5e83083b950a8ed7400e6cdd40ec
Reviewed-on: https://code.wireshark.org/review/35117
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 16187
Change-Id: I440ef96c1743a0e75fb7556f16fc510cf4754f34
Reviewed-on: https://code.wireshark.org/review/35017
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|