Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
Fix building with Visual C++ and recent versions of falco-libs.
|
|
Instead of always setting the libssh log level to SSH_LOG_INFO
when an extcap has a ws log level of LOG_LEVEL_DEBUG or lower,
set the libssh log level to a corresponding log level
(NOISY/TRACE, DEBUG/DEBUG, INFO/INFO, MESSAGE and above/WARN).
Format the libssh logging messages more similar to our normal
logging messages, with a libssh domain and using the libssh
priority.
Prior to 0.11.0 (that is, this commit:
https://gitlab.com/libssh/libssh-mirror/-/commit/657d9143d121dfff74f5a63f734d0096c7f37194
) libssh sends some merely informational messages at their WARN
level, so lower that down to INFO, which isn't printed by default
and doesn't get printed in the GUI.
Related to #17888
|
|
ssh_pki_import_privkey_file can return SSH_OK ("import good, go ahead
and try to connect") or two types of errors, SSH_EOF ("file doesn't exist
or permission denied") or SSH_ERROR (any other error). Unfortunately
ssh_get_error() is called on the session, and doesn't provide anything
when importing the key failed.
When we get one of those two errors, add a log message explaining
what's going on. Unfortunately ssh_get_error() is called on the
session, not a key, and doesn't provide anything more when importing
the key failed, so we'll have to be somewhat generic in our error
mssage. It's a user-correctible error, so it's worth putting in the GUI.
When importing the key succeeded but authentication failed, keep
doing what we've been doing, as other methods might still succeed.
Fix #17888
|
|
libssh 0.8.5 was released in October 2018, all known Linux distributions
that currently compile on the master branch with their default
packages include a more recent version, and we ship the 0.10.x series
for Windows and MacOS. (Among major Linux distributions that compile currently,
Debian Buster has 0.8.7).
It has several API changes to ssh_options_get and ssh_options_set, new features,
and a number of bugs and CVEs fixed. We can remove a workaround for a
missing API call in extcap/ssh-base
|
|
|
|
libssh 0.10.0 removed SHA-1 based keys and algorithms from its
default configuration, though they are still supported. We
ship with 0.10.5 in Windows and macOS now, and many Linux
distributions are on 0.10.x as well.
Add the ability to re-enable SHA-1 RSA keys, MAC, and KEX algorithms
with a preference to ciscodump, sshdump, and wifidump.
This will be a little easier in 0.11.0, where it's possible to
just specify the algorithms you want to add to the default list,
instead of having to specify the entire list.
Fix #19510. Fix #19594
|
|
|
|
androiddump uses nonblocking connect on Windows, trying 10 times
with 1ms timeouts in select(). (This is short, but it's generally
trying to connect to the loopback interface.) On UN*X, it uses blocking
sockets, also trying 10 times, with SO_SNDTIMEO set to 2s.
Generally the socket returns nears instaneously, because it's
trying to connect to localhost. If the loopback interface goes
down, however, this results in 20s of timeouts.
Use nonblocking sockets on UN*X as well.
Related to #13104, #15295
|
|
Consolidate code to handle IP addresses in inet_addr.[ch].
|
|
|
|
Move our Falco plugin directories up one level so that we're outside the
hierarchy scanned by plugins_init. This also makes it more clear that
these are Falco plugins and that they don't conform to our plugin API.
|
|
Use the system implementation if available, the internal one if not.
|
|
Replace our strptime code, which is from gnulib,
with the simpler and better NetBSD implementation.
This changes the ws_strptime() stub to unconditionally use
the internal implementation. Previously it would use the
system implementation of available. This is still possible
but is opt-in, i.e., code should add the necessary #ifdefs
and assume responsability for handling non-portable formats
or providing limited functionality on some platforms.
Text import allows the user to specify the strptime()
format freely, so in that case it makes sense to use the
system's implementation, and pass the responsability
for understanding the implementation and the supported
specifiers to the user.
Only fall back to our implementation if the system libc
lacks a strptime().
|
|
Flush after writing the pcap header for the same reasons as
in udpdump (see commit 9ad1ec1651689a39e86562d083a0794d6fcbc2c2)
|
|
Call fflush in udpdump and ciscodump after writing the pcap header
so that it is actually written out even if no packets have arrived yet.
By doing so, dumpcap no longer blocks in cap_pipe_open_live waiting
for the pcap header from the extcap pipe until the first packet is
captured, but instead goes on to (attempt to) open its output.
This means that if we capture no packets that a capture file with
a header but no packet records will be created (and, if not a temp
file, will have to be cleaned up), but that is consistent with tshark
and Wireshark behavior otherwise.
This means you can no longer do a capture to a FIFO or Named Pipe
in this order:
1) Start dumpcap
2) Create the FIFO or Named Pipe
3) Start the flow of packets to the UDP port
which only worked when not dissecting packets. It was broken if tshark
also needed to dissect packets, but evaded the checks for if we were
writing to a FIFO or Named Pipe resulting in behavior mysterious to
users, such as only writing to one of the Named Pipe readers on Windows
(or failing if there aren't enough instances), or having tshark and
the other pipe reader compete for the pipe input and eventually failing
on UN*X.
Instead, the FIFO or Named Pipe needs to be created before launching
dumpcap, or else an ordinary file will be created (on UN*X), or an
error about not being able to open the output (on Windows, since
Named Pipes have a magic prefix, and you can't create an ordinary
file with a named pipe filename.)
Fix #17900.
|
|
sinsp::get_plugin_manager is usable again, so switch back to using it.
|
|
Update to match recent libsinsp 0.11 API changes.
|
|
|
|
Change the data source label to "Log data URL". Fix a tooltip typo.
|
|
snprintf(), sensibly, takes a size_t argument specifying the size of the
buffer. g_snprintf(), bogusly, takes a gulong argument specifying the
size of the buffer, so we had to do casts to avoid narrowing complaints,
but we're just using snprintf() now (as we require C11 or later), and
don't need the casts any more.
|
|
Convert writecap to C99 types. Add maximum and minimum values to
convert-glib-types.py.
Ping #19116
|
|
Convert our extcaps to C99 types. Try to preserve padding in
convert-glib-types.py and add globbing support on Windows.
Ping #19116
|
|
Related to #18009 - Have randpkt default to pcapng, allow selecting
a different capture file format via the common -F option that other
command line tools use, and document it.
For the randpktdump extcap, just use pcapng.
This fixes --all-random, because --all-random requires different
encapsulation per packet. It also fixes the related -r option to
randpkt (though note that picking a file format that doesn't support
ENCAP_PER_PACKET with -r causes problems.)
Document -r in the randpkt man page.
Fix #18944
|
|
|
|
wireshark/extcap/androiddump.c:573:48: warning: passing argument 5 of 'select' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
573 | if ((select(0, NULL, &fdset, NULL, &timeout) != 0) && (FD_ISSET(sock, &fdset))) {
| ^~~~~~~~
|
|
Closes #18874
|
|
At least one version of MSVC seems not to like a trailing
comma at the end of variadic arguments.
|
|
|
|
Consolidate some duplicate code.
|
|
Closes #18904
|
|
|
|
|
|
|
|
Forcing the use of a dedicated header to replace pcap.h is
unnecessary code and mental overhead in this case. We can
use config.h instead for the same purpose of defining a
macro symbol before including pcap.h.
|
|
|
|
|
|
|
|
extcap/androiddump.c:1712:36: warning: passing argument 2 of 'ws_inet_pton4' from incompatible pointer type [-Wincompatible-pointer-types]
1712 | ws_inet_pton4(bt_local_ip, &(server.sin_addr.s_addr));
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| |
| u_long * {aka long unsigned int *}
|
|
|
|
|
|
We don't need to do anything special for timeouts.
|
|
Check timeouts and filtered events.
|
|
After android T, BT process might be called i.e.
com.google.android.bluetooth, instead of com.android.bluetooth
It depends on what APEX version is installed.
|
|
|
|
Fix warnings and errors reported by gcc 11.3.
|
|
|
|
|