path: root/tshark.c
AgeCommit message (Collapse)AuthorFilesLines
2019-12-15Reorganize long option valuesJaap Keuter1-7/+4
For long options, without corresponding short options, to be processed they need to be assigned a value, preferably outside of the range of all possible short options. The code in various places tries to stay clear of these low values, but further coordination is missing, easily leading to issues when option processing code gets extended and/or reorganized. This change introduces a single location from where each catagory of command line long option can derive a base value, which should minimize potential option value collisions. Change-Id: Ic8861a347d0050f74002de3aa1fcfb01202866e5 Reviewed-on: https://code.wireshark.org/review/35459 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2019-11-30Documentation: update (long) cmd line optionsJaap Keuter1-24/+39
Documentation of the Tshark and dumpcap command line options between help text, manual page and user's guide diverged over time. One aspect of this is the implementation of more long options. This change tries to update all documentation to be complete and in sync again. Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f Reviewed-on: https://code.wireshark.org/review/35261 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2019-11-11Don't report EPIPE errors writing out packet information.Guy Harris1-0/+17
EPIPE almost certainly means "the next program after us in the pipeline exited before we were finished writing", so this isn't a real error, it just means we're done. (We don't get SIGPIPE because libwireshark ignores SIGPIPE to avoid getting killed if writing to the MaxMind process gets SIGPIPE because that process died.) Presumably either that program exited deliberately (for example, "head -N" read N lines and printed them), in which case there's no error to report, or it terminated due to an error or a signal, in which case *that's* the error and that error has been reported. (We don't do that for EINVAL, as that's presumably a real error. It shows up on Windows in bug 16192, but what we probably want to do there is to, on Windows, use _doserrno, check for the equivalent Windows errors, and, for the default case, convert _doserrno to the appropriate string, using Windows APIs, and report *that* string; the MS C library converts a whole bunch of Windows errors to EINVAL, thus losing information and making it harder to determine what the real error is. Therefore, I'm just marking this with Ping-Bug, as it's only fixing the problem on UN*Xes.) Change-Id: I94c392f478561e29501facd657487716a5882295 Ping-Bug: 16192 Reviewed-on: https://code.wireshark.org/review/35053 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-09-15Move the last of the routines from capture_info.c into ui/capture.c.Guy Harris1-1/+1
That means the packet-count-during-capture stuff is scattered amongst fewer locations. Move capture_info.h into ui; it's now a header that declares routines whose implementations are GUI-platform-dependent. Change-Id: I475815724a4766f6bc2511e67ebae14865e1a9d1 Reviewed-on: https://code.wireshark.org/review/26249 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2019-08-24tshark: Warn on overwriting protocol filterMoshe Kaplan1-0/+6
Change-Id: I41a56cf384cda91fa6ed217f7c292f325ec8c07f Reviewed-on: https://code.wireshark.org/review/34345 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-06-09tshark/tfshark: fix error message.Dario Lombardo1-1/+1
Bug: 15825 Change-Id: Iec8dff38dd89e3947f3fe7053e38101c3ad7b1b2 Reviewed-on: https://code.wireshark.org/review/33523 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2019-05-02Move the Winsock initialization and cleanup to wsutil routines.Guy Harris1-16/+12
Those routines exist on both Windows and UN*X, but they don't do anything on UN*X (they could if it were ever necessary). That eliminates some #ifdefs, and also means that the gory details of initializing Winsock, including the Winsock version being requested, are buried in one routine. The initialization routine returns NULL on success and a pointer to a g_malloc()ated error message on failure; report the error to the user, along with a "report this to the Wireshark developers" suggestion. That means including wsutil/socket.h, which obviates the need to include some headers for socket APIs, as it includes them for you. Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186 Reviewed-on: https://code.wireshark.org/review/33045 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-05-01Windows: Modernize our WSAStartup usage.Gerald Combs1-1/+1
Make sure we link each application that calls WSAStartup with ws2_32.lib. Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996, so we should be OK. Ping-Bug: 15711 Change-Id: I431839e930e7c646669af7373789640b5180ec28 Reviewed-on: https://code.wireshark.org/review/33033 Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Tomasz Moń <desowin@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Gerald Combs <gerald@wireshark.org>
2019-04-061514 is a better initial Buffer size than 1500.Guy Harris1-4/+4
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes long; using 1514 bytes will avoid a reallocation for a full-sized Ethernet packet. Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d Reviewed-on: https://code.wireshark.org/review/32761 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-04-05Have wtap_read() fill in a wtap_rec and Buffer.Guy Harris1-22/+39
That makes it - and the routines that implement it - work more like the seek-read routine. Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d Reviewed-on: https://code.wireshark.org/review/32727 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-04-04Reset the terminal color if we're ^C'ed when reading a capture.Guy Harris1-59/+196
Catch signals/ctrl events when we're reading a capture, and stop reading if we get one of those. When we close a print stream, restore the color as appropriate. Change-Id: I3dd936964560fb3902befe0fd2e961f80437ca72 Ping-Bug: 15659 Reviewed-on: https://code.wireshark.org/review/32716 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-04-04Clean file reading code.Guy Harris1-266/+359
Put the pass 1 of a two-pass read, pass 2 of a two-pass read, and only pass of a one-pass read into separate routines, returning success/read error/write error status codes. This makes the processing a bit cleaner, and makes it easier to have the file-reading code catch signals/control events. Change-Id: I58cd9e4b86f219f3afa2dc61b57f41978fc2f853 Reviewed-on: https://code.wireshark.org/review/32711 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-03-31Don't draw the taps if we never got a capture file.Guy Harris1-1/+6
There's nothing to draw. Maybe we should also avoid it if we didn't get any packets. Change-Id: If76f7909f78e66b7302d0ab2caa284ca36c43bfb Reviewed-on: https://code.wireshark.org/review/32649 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-03-26Print extcap plugins with "tshark -G plugins".Guy Harris1-0/+1
This makes it match the "Plugins" tab of the "About" dialog. While we're at it, use the same code to enumerate extcap plugins in that dialog. Change-Id: I50f402a7ab5d83d46baab070d145558ed8f688f4 Reviewed-on: https://code.wireshark.org/review/32589 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-03-18More constification, to squelch warnings.Guy Harris1-1/+1
capture_input_drops() doesn't, and shouldn't, modify or free or... the interface name, so make the pointer to it a const pointer. Change-Id: Iafc5c5dd9939225b3aeb8a8e36c5bdeecc394e12 Reviewed-on: https://code.wireshark.org/review/32465 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-03-18More constification, to squelch warnings.Guy Harris1-1/+1
capture_input_cfilter_error_message() doesn't, and shouldn't, modify or free or... the error message, so make the pointer to it a const pointer. Change-Id: Ic14ac306add328df369af4b6e149c856f4283912 Reviewed-on: https://code.wireshark.org/review/32464 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-02-13Make some code common between pcap and no-pcap TShark.Guy Harris1-34/+29
Set the output_file_name variable for -w regardless of whether we were built with libpcap or not. If we were built with libpcap, also pass the flag and its argument to capture_opts_add_opt(). In the reading-a-file code (rather than the doing-a-live-capture code), use output_file_name as the name of the output file, regardless of whether we were built with libpcap or not. This takes a few twists out of the maze of #ifdefs, all different. Change-Id: I828f1b04dacbf0ea4f3aff36f26cb9a3ffcbc480 Reviewed-on: https://code.wireshark.org/review/32011 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-02-05tshark: recognize protocol aliases such as "-O ssl"Peter Wu1-1/+6
Be sure to map "ssl" to "tls" instead of silently ignoring it. Change-Id: If1edc10ead4a9f25ee4802e1395390dc3c51796f Reviewed-on: https://code.wireshark.org/review/31894 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-31tshark: Improve options help textsStig Bjørlykke1-2/+2
Align the usage help text for '-' as filename for stdin and stdout with the text used for wireshark. Change-Id: I67011b8234616940b7878fd5768c9e2a9e79f9f0 Reviewed-on: https://code.wireshark.org/review/31838 Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-27tshark: fix minor memleak of the interface descriptionPeter Wu1-0/+1
Capturing with "tshark -i lo" results in capture_opts->descr being set to "Loopback" via: #3 0x55c5f575720c in fill_in_interface_opts_from_ifinfo capture_opts.c:547:33 #4 0x55c5f5750dc5 in capture_opts_add_iface_opt capture_opts.c:695:9 #5 0x55c5f574b6bd in capture_opts_add_opt capture_opts.c:843:18 #6 0x55c5f5785efc in main tshark.c:1087:21 but tshark overwrites it, presumably to offer textual descriptions like "Standard input" for "-i -". Fix this memory leak, reported by ASAN for three tests from case_tshark_capture that capture from Loopback. Change-Id: I4f393c4440bde7a621271cca3066bef3d57e250a Reviewed-on: https://code.wireshark.org/review/31756 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-03tshark: remove redundant casts.Dario Lombardo1-5/+5
Found by clang-tidy. Change-Id: I7fe1c3219758d8daf411d094e2df17916f2eb57b Reviewed-on: https://code.wireshark.org/review/31330 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-01-03epan: use json_dumper for json outputs.Dario Lombardo1-6/+9
They include -Tjson, -Tjsonraw, -Tek. Change-Id: Ib3d700482ce5c29727c3f778cc3c46a1bf7756c4 Reviewed-on: https://code.wireshark.org/review/31000 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2019-01-02cli_main: remove real_main from stack traces for non-WindowsPeter Wu1-1/+1
Restore the "main" name since that is used everywhere else except for Windows. On Windows, "main" is renamed via a macro to avoid a conflict with "wmain" and to allow it to be called in cli_main.c. For those wondering, GUI applications (such as Qt) have a different entry point, namely WinMain. In Qt5, src/winmain/qtmain_win.cpp defines WinMain, but seems to convert its arguments from Unicode to CP_ACP (ASCII). It might not support UTF-8, but I did not verify this. Change-Id: I93fa59324eb2ef95a305b08fc5ba34d49cc73bf0 Reviewed-on: https://code.wireshark.org/review/31208 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-01-01Move some command-line-oriented routines from wsutil to ui.Guy Harris1-2/+2
cmdarg_err() is for reporting errors for command-line programs and command-line errors in GUI programs; it's not something for any of the Wireshark libraries to use. The various routines for parsing numerical command-line arguments are not for general use, they're just for use when parsing arguments. Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f Reviewed-on: https://code.wireshark.org/review/31281 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-29Add interface name when outputting packets dropped.Michael Mann1-2/+6
Add interface name (colon delimited) to SP_DROPS ('D') message so when dropped packets are outputted, they include the interface name for clarity. Bug: 13498 Change-Id: I68cdde4f20a574580f089dc5096d815cde5d3357 Reviewed-on: https://code.wireshark.org/review/31218 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-12-27Try to squeeze some bytes out of the frame_data structure.Guy Harris1-3/+3
Make the time stamp precision a 4-bit bitfield, so, when combined with the other bitfields, we have 32 bits. That means we put the flags at the same structure level as the time stamp precision, so they can be combined; that gets rid of an extra "flags." for references to the flags. Put the two pointers next to each other, and after a multiple of 8 bytes worth of other fields, so that there's no padding before or between them. It's still not down to 64 bytes, which is the next lower power of 2, so there's more work to do. Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe Reviewed-on: https://code.wireshark.org/review/31213 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-21tshark: fix compilation with gcc-8 without pcap.Dario Lombardo1-1/+1
Error: CMakeFiles/tshark.dir/tshark.c.o -c ../tshark.c ../tshark.c: In function 'real_main': ../tshark.c:706:24: error: variable 'max_packet_count' might be clobbered by 'longjmp' or 'vfork' [-Werror=clobbered] int max_packet_count = 0; ^~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors ninja: build stopped: subcommand failed. Change-Id: I92c0e2a57f5d0d2e39188cc18f0b25e1d5136a43 Reviewed-on: https://code.wireshark.org/review/31149 Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-12-19tshark: handle option -c when ENABLE_PCAP=OFFPeter Wu1-1/+4
Option '-c' is not only a capture option, it also affects offline reads as documented in the tshark manual. Fixes failing tests since v2.9.1rc0-18-g5bf37f63a8 ("text2pcap: allow to set interface name"). Change-Id: Iffe4fd60f62766282e1a8b02a942673ba4e605f0 Reviewed-on: https://code.wireshark.org/review/31130 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2018-12-19Clean up exp_pdu_open() API.Guy Harris1-1/+1
It really shouldn't free the comment passed to it, as the caller allocated it, and knows how to free it if necessary; it might not even have been allocated. Make the comment argument a "const char *" to 1) allow passing string constants etc. and 2) to catch any attempts to free it in exp_pdu_open(). Make the callers free it after exp_pdu_open() returns. (Alternatively, we could have exp_pdu_open() take the file name argument and generate the comment itself, so that all code paths generate the same comment.) Change-Id: I6e6924b05565761b641a6c3b4d9a2e97f4264e1b Ping-Bug: 15365 Reviewed-on: https://code.wireshark.org/review/31105 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-13Move more version-info-related stuff to version_info.c.Guy Harris1-31/+8
Have a ws_init_version_info() routine that, given an application name string: constructs the app-name-and-version-information string, and saves it; adds the initial crash information on platforms that support it, and saves it. Have show_version() use the saved information and take no arguments. Add a show_help_header() routine to print the header for --help command-line options, given a description of the application; it prints the application name and version information, the description, and the "See {wireshark.org URL}" line. Use those routines in various places, including providing the "application name" string in pcapng SHBs. Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df Reviewed-on: https://code.wireshark.org/review/31029 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-13Put the main() and wmain() routines for CLI programs into a separate file.Guy Harris1-19/+2
That means that code is only in one place, rather than having copies of it in each of those programs. CLI programs that, on Windows, should get UTF-8 arguments rather than arguments in the local code page should: include the top-level cli_main.h header; define the main function as real_main(); be built with the top-level cli_main.c file. On UN*X, cli_main.c has a main() program, and just passes the arguments on to real_main(). On Windows, cli_main.c has a wmain() function that converts the UTF-16 arguments it's handed to UTF-8 arguments, using WideCharToMultiByte() so that it doesn't use any functions other than those provided by the system, and then calls real_main() with the argument count and UTF-8 arguments. Change-Id: I8b11f01dbc5c63fce599d1bef9ad96cd92c3c01e Reviewed-on: https://code.wireshark.org/review/31017 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-07PCAP/PCAPNG: Be consistent in documentation, etcJaap Keuter1-0/+8
1) The default build configuration is to select PCAPNG as output format, but it can be selected as PCAP. Some of the command line tools have the option to select the output format and default towards the build configuration. This has to be reflected in their help output also. 2) Various documentation files are still stating that PCAP is the default format of various tools. With the default build configuration being PCAPNG these have to be adjusted as well. (with lack of dynamic content the documentation can only refer to the default build configuration format). Change-Id: I51d19642a7ed8c99817971c1f25d20972095021e Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-on: https://code.wireshark.org/review/30951 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-20Add new Secrets API and allow TLS to use pcapng decryption secretsPeter Wu1-0/+2
Add a new secrets API to the core, one that can outlive the lifetime of a single capture file. Expose decryption secrets from wiretap through a callback and let the secrets API route it to a dissector. Bug: 15252 Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7 Reviewed-on: https://code.wireshark.org/review/30705 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-20Replace JSON-GLib by custom JSON dumper libraryPeter Wu1-14/+0
The (optional) JSON-GLib library adds dependencies on GObject, GIO. For statically linked oss-fuzz builds it also adds libffi and more. To avoid these dependencies, replace JSON-GLib by some custom code. This allows `tshark -G elastic-mapping` to be enabled by default without extra deps. API design goals of the new JSON dumper library: - Small interface without a lot of abstraction. - Avoid memory allocations if possible (currently none, but maybe json_puts_string will be replaced to improve UTF-8 support). - Do not implement parsing, this is currently handled by jsmn. Methods to open/close array/objects and to set members are inspired by the JsonGlib interface. The interfaces to write values is inspired by the sharkd code (json_puts_string is also borrowed from that). The only observed differences in the tshark output: - JSON-GLib ignores duplicates, json_dumper does not and may produce duplicates and currently print two "ip.opt.sec_prot_auth_unassigned". - JSON-GLib adds a space before a colon (unimportant formatting detail). - (Not observed, but UTF-8 strings will be wrong like bug 14948.) A test was added to catch changes in the tshark output. I also fuzzed json_dumper with libFuzzer + UBSAN/ASAN and fixed an off-by-one error. Change-Id: I0c85b18777b04d1e0f613a3d59935ec59be87ff4 Link: https://www.wireshark.org/lists/wireshark-dev/201811/msg00052.html Reviewed-on: https://code.wireshark.org/review/30732 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-16tshark: do not print packet information when using -w without libpcapPeter Wu1-7/+9
The test_tshark_io_direct_stdout test was failing because the command "tshark -r test/captures/dhcp.pcap -w - > some.pcap" produced a corrupt capture file which has the packet information appended at the end. Change-Id: I1a79e98f1475c29d7dad3ff90d4cb689f46b0e57 Fixes: 57389a0c69 ("make tshark compile and work also when pcap is not available") Reviewed-on: https://code.wireshark.org/review/30668 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2018-11-16Use an enum for compression types in various interfaces.Guy Harris1-4/+4
This: 1) means that we don't have to flag the compression argument with a comment to indicate what it means (FALSE doesn't obviously say "not compressed", WTAP_UNCOMPRESSED does); 2) leaves space in the interfaces in question for additional compression types. (No, this is not part 1 of an implementation of additional compression types, it's just an API cleanup. Implementing additional compression types involves significant work in libwiretap, as well as UI changes to replace "compress the file" checkboxes with something to indicate *how* to compress the file, or to always use some other form of compression). Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf Reviewed-on: https://code.wireshark.org/review/30660 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-11-16Use the dump parameters structure for non-pcapng-specific stuff.Guy Harris1-36/+18
Use it for all the per-file information, including the per-file link-layer type and the per-file snapshot length. Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629 Reviewed-on: https://code.wireshark.org/review/30616 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2018-11-15Always use the input file's encapsulation for the output file.Guy Harris1-8/+0
Using WTAP_ENCAP_PER_PACKET if there's more than one interface forces a format supporting multiple encapsulations even if all interfaces use the same encapsulation; there's no reason to force that - you might as well let the user specify pcap format, for example, if that's what they really want. (If there are multiple interfaces and they have different encapsulations, the file encapsulation will be WTAP_ENCAP_PER_PACKET *anyway*.) Change-Id: I0e65c06e1ae3ff159ccd27f72cc63014e30a58f3 Reviewed-on: https://code.wireshark.org/review/30658 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-11-15Just pass on a snapshot length of 0 to the dumper.Guy Harris1-6/+0
It means "snapshot length unknown". For most file formats, the snapshot length isn't recorded (even for formats that support slicing - all they record is the on-the-network length, and length after slicing, for each packet), so it's ignored in the dumper. The one exception is pcap, which records it in the file header; if it's unknown, the pcap-writing code picks the maximum supported snapshot length for the file's link-layer header type. Change-Id: Ieda5dfe34c4bac63e43fdadeff31799ac3c908de Reviewed-on: https://code.wireshark.org/review/30657 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-11-13Don't have _ng versions of the dumper open routines.Guy Harris1-4/+4
Have the routines always take a parameters pointer; pass either null or a pointer to an initialized-to-nothing structure in cases where we were calling the non-_ng versions. Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2 Reviewed-on: https://code.wireshark.org/review/30590 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-11-12wiretap: refactor common parameters for pcapng dump routinesPeter Wu1-29/+20
Four variants of wtap_dump_open_ng exists, each of them take the same three parameters for the SHB, IDB and NRB blocks that has to be written before packets are even written. Similarly, a lot of tools always create these arguments based on an existing capture file session (wth). Address the former duplication by creating a new data structure to hold the arguments. Address the second issue by creating new helper functions to initialize the parameters based on a wth. This refactoring should make it easier to add the new Decryption Secrets Block (DSB). No functional change intended. Change-Id: I42c019dc1d48a476773459212ca213de91a55684 Reviewed-on: https://code.wireshark.org/review/30578 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2018-10-19tshark: replace exit with abort in TRY/CATCH.Dario Lombardo1-5/+7
Change-Id: I3fe6c63fcf179fd10b0b722b2749c68365eb0870 Reviewed-on: https://code.wireshark.org/review/30258 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2018-10-08Bring back arg_list_utf_16to8(), but have it just do UTF-16-to-UTF-8 mapping.Guy Harris1-7/+4
Call it from wmain() in the command-line tools, passing it the input argument count and vector, and call it from main() in Wireshark, after getting a UTF-16 argument vector from passing the result of GetCommandLineW() to CommandLineToArgvW(). Change-Id: I0e51703c0a6c92f7892d196e700ab437bd702514 Reviewed-on: https://code.wireshark.org/review/30063 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-10-07Use wsetargv.obj, and wmain() rather than main(), on Windows.Guy Harris1-3/+22
Doing so for command-line programs means that the argument list doesn't ever get converted to the local code page; converting to the local code page can mangle file names that *can't* be converted to the local code page. Furthermore, code that uses setargv.obj rather than wsetargv.obj has issues in some versions of Windows 10; see bug 15151. That means that converting the argument list to UTF-8 is a bit simpler - we don't need to call GetCommandLineW() or CommandLineToArgvW(), we just loop over the UTF-16LE argument strings in argv[]. While we're at it, note in Wireshark's main() why we discard argv on Windows (Qt does the same "convert-to-the-local-code-page" stuff); that means we *do* need to call GetCommandLineW() and CommandLineToArgvW() in main() (i.e., we duplicate what Qt's WinMain() does, but converting to UTF-8 rather than to the local code page). Change-Id: I35b57c1b658fb3e9b0c685097afe324e9fe98649 Ping-Bug: 15151 Reviewed-on: https://code.wireshark.org/review/30051 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-10-05*shark: Update help and manpage for name resolvingUli Heilmeier1-1/+1
Add 'v' option for VLAN ID resolving and get rid of deprecated 'C' option. Bug: 14826 Change-Id: I63104f4a465d251048693ad02882ea7eb2c4d926 Reviewed-on: https://code.wireshark.org/review/30029 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-18tshark memory leak: g_free(cf_name) moved under 'clean_exit' labelPatrikMosko1-2/+1
Change-Id: Ie29af2e2ff2eac2e3a97323175391070c7bceb73 Reviewed-on: https://code.wireshark.org/review/29710 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-09epan: Add argument to epan_init() to disable pluginsJoão Valverde1-1/+1
Change-Id: I8dc76e6bf8c4d5a3081cbdc1d47b88e857415d29 Reviewed-on: https://code.wireshark.org/review/29498 Petri-Dish: João Valverde <j@v6e.pt> Tested-by: Petri Dish Buildbot Reviewed-by: João Valverde <j@v6e.pt>
2018-08-29epan: Remove unnecessary all protocols registration callbackJoão Valverde1-3/+1
We are exporting a registration function from libwireshark just to have it passed back as a callback. Seems unnecessary. Change-Id: I7621005c9be11691d319102326824c5e3520a6f3 Reviewed-on: https://code.wireshark.org/review/29328 Petri-Dish: João Valverde <j@v6e.pt> Tested-by: Petri Dish Buildbot Reviewed-by: João Valverde <j@v6e.pt>
2018-08-22Fixed a bug related to epan initializationAdam Morrison1-5/+3
In various places, <program>_epan_new was called before setting the provider, so the wth field was null. This fix is necessary for the next commit, adding Secrets Description Block, as it uses this field. Change-Id: Ice8ee01c56b3e04fc71d7b2c659d9635cb366951 Reviewed-on: https://code.wireshark.org/review/28868 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-08-17tshark: free exp_pdu_filename and capture_opts->save_fileVasil Velichkov1-2/+5
valgrind --tool=memcheck --leak-check=full ./run/tshark -r sctp.pcap -U "OSI layer 3" -w exported.pcap 13 bytes in 1 blocks are definitely lost in loss record 20 of 93 at 0x4C2EBAB: malloc (vg_replace_malloc.c:299) by 0xB27B3C5: g_malloc (gmem.c:99) by 0xB294D22: g_strdup (gstrfuncs.c:363) by 0x117B5D: capture_opts_add_opt (capture_opts.c:889) by 0x118C0E: main (tshark.c:1112) Change-Id: I9b794015aa4d2626b43a5743864c2d732c6acaa1 Reviewed-on: https://code.wireshark.org/review/29125 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Gerald Combs <gerald@wireshark.org>