path: root/tfshark.c
AgeCommit message (Collapse)AuthorFilesLines
2015-02-20Suppress a bunch of cast-qual warnings.Gerald Combs1-2/+5
Squelch warning: cast discards ‘__attribute__((const))’ qualifier from pointer target type [-Wcast-qual] similar to g630f54f. Change strtod to g_ascii_strtod to squelch a checkAPIs error. Change-Id: Ib2d26ef89f08827a5adc07e35eaf876cd7b8d14e Reviewed-on: https://code.wireshark.org/review/7269 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2015-02-20Just have init_progfile_dir() take a void pointer.Guy Harris1-1/+1
dladdr() takes a void * as a code pointer; have init_progfile_dir() do so, and do the casting in the calls. We don't care about the signature of the function whose address we're passing, we just want to pass a pointer to *something* in the main program. Change-Id: I9372620a97b0eb53c2bb3c0c41a238b4408f3709 Reviewed-on: https://code.wireshark.org/review/7270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-23Fix an uninitialized variable warning.Gerald Combs1-2/+2
Change-Id: I3a5c211db767e1980a8c1f2fd706139c0bf6f943 Reviewed-on: https://code.wireshark.org/review/6764 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2015-01-18Clean up ftype-conversion and dfilter error message string handling.Guy Harris1-4/+7
Have dfilter_compile() take an additional gchar ** argument, pointing to a gchar * item that, on error, gets set to point to a g_malloc()ed error string. That removes one bit of global state from the display filter parser, and doesn't impose a fixed limit on the error message strings. Have fvalue_from_string() and fvalue_from_unparsed() take a gchar ** argument, pointer to a gchar * item, rather than an error-reporting function, and set the gchar * item to point to a g_malloc()ed error string on an error. Allow either gchar ** argument to be null; if the argument is null, no error message is allocated or provided. Change-Id: Ibd36b8aaa9bf4234aa6efa1e7fb95f7037493b4c Reviewed-on: https://code.wireshark.org/review/6608 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-01Declare read_keytab_file() in epan/dissectors/packet-kerberos.h.Guy Harris1-0/+6
Don't throw its declaration in file.h, as it's not defined in file.c. Instead, include it in epan/dissectors/packet-kerberos.h and include that wherever read_keytab_file() is called. Yes, that means you also have to include <epan/asn1.h> and, therefore, you have to include <epan/packet.h>. Yes, that should be cleaned up, perhaps by splitting the Kerberos support code into "stuff that handles encryption keys without any reference to dissection" and "stuff that does dissection-related work". Change-Id: Ide5c31e6d85e6011d57202f728dbc656e36138ef Reviewed-on: https://code.wireshark.org/review/6210 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-01-01Call setlocale() before getting version information.Guy Harris1-3/+3
That way, the setlocale() call used to get the current locale will get the right answer. Change-Id: Ib43e16a9d98d08e5ddaff81fd3235f5b64d7b95b Reviewed-on: https://code.wireshark.org/review/6197 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-31Don't include signal.h unless we need it.Guy Harris1-2/+0
Change-Id: I3965e0951eee919720f780b5e52732fd18fd9786 Reviewed-on: https://code.wireshark.org/review/6194 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-31Wrong function name.Guy Harris1-1/+1
Change-Id: I56e6a7dbb7290963548fdd61784554d67fc70bfe Reviewed-on: https://code.wireshark.org/review/6156 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-31Do the full string in get_{compiled,runtime}_version_info().Guy Harris1-8/+6
Have them start the string with "Compiled" or "Running on", and return the string when done. Change-Id: Ic4d290c963621fa0385dc5aab766fd4ad31d3810 Reviewed-on: https://code.wireshark.org/review/6155 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-31Move the version_info.c stuff to wsutil/ws_version_info.c.Guy Harris1-1/+0
Change-Id: I3a5c7e219974bfb924819b43b4d445eaf00e5bde Reviewed-on: https://code.wireshark.org/review/6153 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-28Removed duplicated #include linesDario Lombardo1-1/+0
Change-Id: I9cafa3cd5c74121168777d8c656e7e94e89efd3c Reviewed-on: https://code.wireshark.org/review/6065 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2014-12-27Don't use a leading - in getopt_long() option strings.Guy Harris1-4/+9
The behavior of a leading - is platform-dependent. It also means that non-option arguments are treated in a fashion that we're not handling, so capture filters given as non-option arguments at the end of the command line don't work. (The Linux getopt() man page says that a leading - "is used by programs that were written to expect options and other argv-elements in any order and that care about the ordering of the two." We are not such a program.) Change-Id: I5610cf90a8218d48f7516abacc367e0affa3b549 Based-On-A-Change-From: Peter Hatina <phatina@redhat.com> Reviewed-on: https://code.wireshark.org/review/6071 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-26Use getopt_long() for the first pass through the argument list.Guy Harris1-12/+47
That way: 1) we don't have to worry about the system getopt() and our getopt_long(), on platforms that have getopt() but not getopt_long() (Solaris prior to Solaris 10, HP-UX, AIX), not working well together; 2) if necessary, we can handle long options in the first pass. Switch to using getopt_long() for the *second* pass for the GTK+ version of Wireshark. Use the documented mechanism for resetting the argument parser for the glibc version of getopt_long(); use the mostly-undocumented-but-at-least- they-documented-optreset mechanism for the *BSD version. (We should look into doing only one pass, saving away arguments that can't fully be processed in the first pass for further processing after initializing libwireshark.) Change-Id: Ide5069f1c7c66a5d04acc712551eb201080ce02f Reviewed-on: https://code.wireshark.org/review/6063 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-25Check for getopt_long(), not getopt().Guy Harris1-1/+1
We support three types of platforms: 1) UN*Xes that have both getopt() and getopt_long(); 2) UN*Xes that have getopt() but not getopt_long(); 3) Windows, which has neither. Checking for getopt_long() lets us distinguish between 1) and 2) and build getopt_long() for them. Change-Id: Iaf0f142f9bebaa2eed2128d544ec9786711def45 Reviewed-on: https://code.wireshark.org/review/6045 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-24Move twelve show_version() functions from the varoius programs andStephen Fisher1-16/+1
Wireshark UI files into a single one in wsutil. Change-Id: I0a64f0cc8106bd681bd185289c36272c4c43baad Reviewed-on: https://code.wireshark.org/review/6026 Reviewed-by: Stephen Fisher <sfisher@sdf.org>
2014-12-01Fix compile error.Guy Harris1-1/+1
Change-Id: I858248e252a09f4348e7ab88bef81c8452f39051 Reviewed-on: https://code.wireshark.org/review/5550 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-12-01Add a Buffer to wtap_pkthdr to hold file-type-specific packet metadata.Guy Harris1-1/+3
For example, this can be used for pcap-ng options not mapped to file-type-independent metadata values. Change-Id: I398b324c62c1cc1cc61eb5e9631de00481b4aadc Reviewed-on: https://code.wireshark.org/review/5549 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-29Fix tfshark.c to match changes to epan/print.[ch].Guy Harris1-6/+6
Change-Id: I765cd0dbb5451b578ccabd221afc477a6559e60c Reviewed-on: https://code.wireshark.org/review/5537 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-22Get rid of another global in the print code.Guy Harris1-1/+3
Pass the "output only these protocols" hash table as an argument, instead. Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1 Reviewed-on: https://code.wireshark.org/review/5440 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-22Pass a capture_file * to write_psml_preamble() in tfshark as well.Guy Harris1-1/+1
Change-Id: I2b2ae78d4b75bb27a44d185b48e3d85794effdb7 Reviewed-on: https://code.wireshark.org/review/5439 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-17Add tshark -G dissector-tables to dump a list of dissector tables.Guy Harris1-0/+3
That list doesn't show the entries in the dissector tables, just information about the tables themselves. Clean up some tshark man page issues while we're at it. Change-Id: I70beee34110f5c0d58105944dd71105a8400f5ca Reviewed-on: https://code.wireshark.org/review/5360 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-15Do the "-z help" processing separately, and do it for Wireshark as well.Guy Harris1-5/+5
Yes, Wireshark does a bunch of GUI stuff, and then takes the window down before printing the help, but the same is true for some command-line error messages as well. Change-Id: Id501468416c83308e4c0a9e7a66116d8d33a9d84 Reviewed-on: https://code.wireshark.org/review/5317 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-11-14Rename stat_cmd_args.[ch] to stat_tap_ui.[ch].Guy Harris1-1/+1
The intent is to handle more than just command-line arguments; reflect that. Change-Id: Ia10efda85a9d11c6579d1bec6f789cee30d9e825 Reviewed-on: https://code.wireshark.org/review/5304 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-18Get rid of unnecessary includes of ctype.h.Guy Harris1-1/+0
Change-Id: Ibf9385715b85186f5c7289165acea7233b3fabde Reviewed-on: https://code.wireshark.org/review/4804 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-08-24Modify includes of config.h so that out-of-tree builds, i.e. CMakeGraham Bloice1-1/+1
don't pick up the in-tree copy. Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71 Reviewed-on: https://code.wireshark.org/review/3798 Petri-Dish: Graham Bloice <graham.bloice@trihedral.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Roland Knall <rknall@gmail.com> Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
2014-08-18Refactor "common" hostlist/endpoint table functionality.Michael Mann1-1/+0
This is very similar in architecture to the changes made to the Conversation table functionality. Since all conversations have endpoints/hostlists, the "registered" list is shared for both. Change-Id: Ie8c6910a68a1b3f27c5b18c4494f49b9404a7b31 Reviewed-on: https://code.wireshark.org/review/3214 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-08-05Fix whitespace/indentation to match editor modelines.Bill Meier1-10/+10
Change-Id: I3445ae22f10584582d465bf632942e016f5f70ca Reviewed-on: https://code.wireshark.org/review/3452 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-08-04Rip out the filetap codeEvan Huus1-38/+18
We decided at sharkfest that this wasn't the right design for file dissection; we have more-or-less settled on way forward, but nobody's shown interest in implementing it. Whether or not that ever happens, this code is effectively dead and should be removed. Change-Id: I14d6086df3204fffb6485228db39d9f407661417 Reviewed-on: https://code.wireshark.org/review/3400 Petri-Dish: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Evan Huus <eapache@gmail.com>
2014-08-02Rename buffer_ routines to ws_buffer_ to avoid name collisions.Guy Harris1-2/+2
In particular, epan/wslua/lrexlib.c has its own buffer_ routines, causing some linker warnings on some platforms, as reported in bug 10332. (Not to be backported to 1.12, as that would change the API and ABI of libwsutil and libwiretap. We should also make the buffer_ routines in epan/wslua/lrexlib.c static, which should also address this problem, but the name change avoids other potential namespace collisions.) Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28 Reviewed-on: https://code.wireshark.org/review/3351 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-26Refactor "common" Conversation table functionality.Michael Mann1-0/+1
Refactor (non-GUI) conversation table functionality from gtk/Qt to epan. Also refactor "common GUI" conversation table functionality. The idea is to not have to modify the GUI when a dissector adds a new "conversation type" Change-Id: I11f08d0d7edd631218663ba4b902c4a4c849acda Reviewed-on: https://code.wireshark.org/review/3113 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-07-25Replace lseek/fstat by ws_lseek64/ws_fstat64Peter Wu1-2/+2
lseek returns an off_t type which is system-dependent. Use ws_lseek64 in favor of lseek as that supports 64-bit quanities. Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows. For the majority of the changes, this makes no difference as they do not apply to Windows ("ifndef _WIN32"; availability of st_blksize). There are no other users of "struct stat" besides the portability code in wsutil. Forbid the use of fstat and lseek in checkAPIs. Change-Id: I17b930ab9543f21a9d3100f3795d250c9b9ae459 Reviewed-on: https://code.wireshark.org/review/3198 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03Make --help and --version information a bit more uniform.Guy Harris1-2/+35
Have --version print the version number, the copyright information, the "compiled with" information, the "running on/with" information, and the compiler information. Have --help print the version number, a one-line summary of what the program does, a reference to http://www.wireshark.org for more information, a Usage: line, and a list of command-line options. This means programs doing that don't need to include version.h; that's left up to get_ws_vcs_version_info() to do. Change-Id: Idac641bc10e4dfd04c9914d379b3a3e0cc5ca8cb Reviewed-on: https://code.wireshark.org/review/2794 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03More getopt_long(), for --help and --version.Guy Harris1-1/+6
Change-Id: Ia02d7b1fbeaa8e581e85ad8b87afabd576515434 Reviewed-on: https://code.wireshark.org/review/2792 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03Regularize the help output of programs.Guy Harris1-18/+8
Only print to the standard output, and only give the version information, if a "print help" command-line option is specified. Otherwise, leave out the version information, and print to the standard error. Leave out the copyright information; it's extra cruft, and http://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html doesn't say anything about it (and bash, at least, doesn't print it). Change-Id: Ic5029ccf96e096453f3bd38383cc2dd355542e8a Reviewed-on: https://code.wireshark.org/review/2789 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-03Regularize the first line of version output.Guy Harris1-4/+4
For Wireshark, say "Wireshark", not "wireshark". For other programs, put "(Wireshark)" after the program name, as per http://www.gnu.org/prep/standards/html_node/_002d_002dversion.html ("If the program is a subsidiary part of a larger package, mention the package name in parentheses, like this"). Change-Id: I68558f64cfa6ee4423e42f3d6b120633ef1b2716 Reviewed-on: https://code.wireshark.org/review/2788 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-07-01Drop privileges even earlier.Guy Harris1-18/+18
Do it at the same point at which Wireshark does so. Do some other things in the same order as well. Change-Id: I2925366d49d14271ceffa1a938b5e3450337c772 Reviewed-on: https://code.wireshark.org/review/2743 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-30Drop privileges very early on.Guy Harris1-9/+5
TShark relies on dumpcap to capture packets, and TFShark doesn't even do packet capturing (it dissects files, not network traffic), so neither of them need, or should run with, special privileges. If you *must* run with special privileges in order to capture, grant those privileges to dumpcap, which has a *lot* fewer lines of code than libwireshark and TShark/TFShark. Change-Id: I8f8fedead355ca163895e025df37240d2f232ba4 Reviewed-on: https://code.wireshark.org/review/2736 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-29Put in missing forward declaration.Guy Harris1-0/+1
Change-Id: I734b07beaecf0c180f4423a6e59c8040207e0c31 Reviewed-on: https://code.wireshark.org/review/2705 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-29Move some more stuff into wsutil.Guy Harris1-23/+8
Move the routines to parse numerical command-line arguments there. Make cmdarg_err() and cmdarg_err_cont() routines in wsutil that just call routines specified by a call to cmdarg_err_init(), and have programs supply the appropriate routines to it. Change-Id: Ic24fc758c0e647f4ff49eb91673529bcb9587b01 Reviewed-on: https://code.wireshark.org/review/2704 Reviewed-by: Evan Huus <eapache@gmail.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-22Fix build errors for tfshark and echld.Guy Harris1-8/+9
Some come from the recent version information changes, some were broken before that. Change-Id: I9429f7d45d3c51c579aef592b37c79130a443299 Reviewed-on: https://code.wireshark.org/review/2531 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-06-21Move get_copyright_info() to wsutil.Guy Harris1-0/+1
Change-Id: I75c1c747cd2b4a9845c659636582d54b2caecf1a Reviewed-on: https://code.wireshark.org/review/2510 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-23Revert "Allow wtap_read() and wtap_seek_read() to return non-packet records."Guy Harris1-1/+1
This reverts commit c0c480d08c175eed4524ea9e73ec86298f468cf4. A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress. Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6 Reviewed-on: https://code.wireshark.org/review/1741 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-23Allow wtap_read() and wtap_seek_read() to return non-packet records.Guy Harris1-1/+1
This is the first step towards implementing the mechanisms requestd in bug 8590; currently, we don't return any records other than packet records from libwiretap, and just ignore non-packet records in the rest of Wireshark, but this at least gets the ball rolling. Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574 Reviewed-on: https://code.wireshark.org/review/1736 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-09Revert "Refactor Wiretap"Guy Harris1-23/+44
This reverts commit 1abeb277f5e6bd27fbaebfecc8184e37ba9d008a. This isn't building, and looks as if it requires significant work to fix. Change-Id: I622b1bb243e353e874883a302ab419532b7601f2 Reviewed-on: https://code.wireshark.org/review/1568 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-05-09Refactor WiretapMichael Mann1-44/+23
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality. The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes. bug:9607 Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae Reviewed-on: https://code.wireshark.org/review/1485 Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-04-12Get rid of more tvb_get_nstringz* calls.Guy Harris1-0/+4
Add an FT_STRINGZPAD type, for null-padded strings (typically fixed-length fields, where the string can be up to the length of the field, and is null-padded if it's shorter than that), and use it. Use IS_FT_STRING() in more cases, so that less code needs to know what types are string types. Add a tvb_get_stringzpad() routine, which gets null-padded strings. Currently, it does the same thing that tvb_get_string_enc() does, but that might change if we don't store string values as null-terminated strings. Change-Id: I46f56e130de8f419a19b56ded914e24cc7518a66 Reviewed-on: https://code.wireshark.org/review/1082 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-03-21Fix Bug 9903: 'Clicking reload-file ignores selected file format reader'Hadriel Kaplan1-0/+3
There's a relatively new feature in 1.11.3 to select a specific file format reader, instead of relying on magics or heuristics. If you select a file reader and open a file, open it, and then click the reload-file button or go to View->Reload or press the ctrl-R keymap, the file is reloaded but using the magic/heuristics again instead of the file format reader you previously chose. Likewise, the Lua relaod() function has the same issue (which is how I found this problem). I have tested this change by hand, using a Lua script, but I didn't add it to the testsuite because I need another change for my test script to work correctly. (an enhancement rather than a bug fix, which I'll submit separately) Change-Id: I48c2d9ea443e37fd9d41be43d6b6cd5a866d5b01 Reviewed-on: https://code.wireshark.org/review/764 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-04Remove all $Id$ from top of fileAlexis La Goutte1-2/+0
(Using sed : sed -i '/^ \* \$Id\$/,+1 d') Fix manually some typo (in export_object_dicom.c and crc16-plain.c) Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8 Reviewed-on: https://code.wireshark.org/review/497 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-02-25Wireshark: Add option to choose format type of capture fileMichal Labedzki1-3/+5
The best heuristic can fail, so add possibility to manually choose capture file format type, so not correctly recognize file format can be loaded in Wireshark. On the other side now it is possible to open capture file as file format to be dissected. Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a Reviewed-on: https://code.wireshark.org/review/16 Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com> Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Evan Huus <eapache@gmail.com>
2014-02-14Disable tfshark taps for now.Evan Huus1-0/+4
Should fix build issue and none of the current taps are relevant to tfshark anyways. Change-Id: I29168e0b296cd64fe3783de63e1fdd2a472ee6d3 Reviewed-on: https://code.wireshark.org/review/218 Reviewed-by: Gerald Combs <gerald@wireshark.org> Reviewed-by: Evan Huus <eapache@gmail.com>