Age | Commit message (Collapse) | Author | Files | Lines |
|
In capture input closed, the msg passed along can have
several log messages from extcap concatenated together,
whether from one interface or many.
Remove the logging prefix from each message for display
in the GUI, instead of just from the first message.
|
|
ssh_pki_import_privkey_file can return SSH_OK ("import good, go ahead
and try to connect") or two types of errors, SSH_EOF ("file doesn't exist
or permission denied") or SSH_ERROR (any other error). Unfortunately
ssh_get_error() is called on the session, and doesn't provide anything
when importing the key failed.
When we get one of those two errors, add a log message explaining
what's going on. Unfortunately ssh_get_error() is called on the
session, not a key, and doesn't provide anything more when importing
the key failed, so we'll have to be somewhat generic in our error
mssage. It's a user-correctible error, so it's worth putting in the GUI.
When importing the key succeeded but authentication failed, keep
doing what we've been doing, as other methods might still succeed.
Fix #17888
|
|
|
|
The capture session sometimes calls the error handler with an
empty error message. This is generally on extcap errors, because
extcap errors aren't reported from dumpcap over the sync pipe
but instead gathered from the extcap stderr only after the session
closes. They're reported a bit later in the closed function.
Avoid console messages like:
** [Capture MESSAGE] -- Error message from child: "", ""
and
tshark:
|
|
interface_t contains an if_info_t as its member. It
doesn't need to copy the friendly name, vendor description,
and type from the if_info_t into separate members. The vast
majority of the time, we're already using the member from
the embedded if_info_t, but change a couple of cases.
The display name is a unique transformation of the name, friendly
name (OS name), and vendor description (hardware name) that depends
somewhat on the OS, so that needsto be seprate. The addresses and
links are also transformed from the if_info format. The name is
copied as well, but at least that's the primary key for the interface.
|
|
The current code assumes that if deserialize_interface_list sets `err`
to non-zero, then it also sets `err_msg`. This is not always the case,
e.g.
```
GList *
deserialize_interface_list(char *data, int *err, char **err_str)
{
/* ... */
if (data == NULL) {
ws_info("Passed NULL capture interface list");
*err = CANT_GET_INTERFACE_LIST; // sets *err, but not *err_str
return if_list;
}
/* ... */
}
```
This change works around the crash by initializing err_msg to NULL in
the calling code.
Fixes https://gitlab.com/wireshark/wireshark/-/issues/19586.
|
|
When stopping (but not restarting) a capture, we free the save file
name so that if another capture is started immediately without
opening the Capture Options dialog (e.g., via the Start button or
double-clicking the interface from the welcome screen list) we
don't overwrite the most recently captured file.
However, multiple file mode (ring buffer or not) requires a permanent
file name. When stopping a capture in multiple file mode, restore the
original save file name template, so that a new capture uses the
template instead of failing with the error message:
"Ring buffer requested, but capture isn't being saved to a permanent file."
Since multiple file mode inserts the time and file number into the file
name, this won't overwrite any files already created. We could instead
clear multiple file mode when stopping the capture, but that would
alter the behavior when reopening the Capture Options dialog from
currently (the user would have to re-enable multiple file mode), whereas
currently the template is restored if the dialog is opened.
Fix #16759
|
|
If the message when closing a capture session is an empty string,
don't print a warning message to the console.
We already have the message like:
** (wireshark:1938687) 11:33:39.555100 [Capture MESSAGE] -- Capture stopped.
We don't need an additional:
** (wireshark:1938687) 11:33:39.555116 [Capture WARNING] ui/capture.c:723 -- capture_input_closed():
|
|
Use the welcome mode to fill in the interface list and start
the stats at the same time, instead of two calls.
Also now restart the stats when refreshing the interface list
because an interface has changed.
Add a comment that there are still some situations where we don't
trigger an interface refresh on a interface monitor notification
on Linux
Related to #15082
|
|
Allow dumpcap to have the "-D" "-L" and "-S" flags all specified.
This is a "welcome mode" that prints out the interfaces and their
capabilities, and then prints out the running statistics.
("-L" and "-S" without "-D" will just print the statistics, but
doesn't give an error.)
In capture child mode, the interface information is sent as a
message on the sync pipe before the success message; the statistics
are sent on the data pipe as usual.
Actually using this in Wireshark will be added next.
Related to #15082
|
|
Fix misppellings in root and ui directories.
Most of these are comments, but some are in
error messages.
|
|
We create the dummy signal pipe only allowing one instance, so close
the handle when we're done with it (and set it to NULL, so we'll
create another one.)
If creating the dummy signal pipe fails, return failure and set the
error message.
Log error messages on failure of capture_stat_start()
Fix #15470
|
|
On at least some Linux distributions, dumpcap is either installed with
elevated privileges sufficient to support traffic capture by default or
can optionally be given those privileges. If it has those privileges,
it's typically made group-executable but not world-executable and owned
by a special group, e.g. "wireshark", so that only users in that group
can use dumpcap to capture traffic.
The user installing the Wireshark package is *not* necessarily put into
that group by default; this means that any attempt by Wireshark or
TShark to run dumpcap will fail with EACCES.
If the exec call in the child process sends text error mesages, intended
for end users, up the message pipe, as we had been doing, then figuring
out *why* the exec failed would require some heuristic parsing to figure
out whether it's a permissions problem or not.
Instead of doing that, just send a message giving the errno for exec
failing.
For now, we just format an error message for that in the parent process,
but this leaves room to do a better job.
While we're at it, fix some cases where an empty error message could be
printed.
|
|
Convert capture/*.[ch] to C99 types. Update other files where needed.
Ping #19116
|
|
When not updating the packet list during a capture, the capture
file structure isn't set up, but there is a pending capture.
We currently treat that as "finished reading", but that means
that other code assumes that all the structures are set up and
can crash, and also don't prompt regarding unsaved packets when
trying to close Wireshark.
Add a state for FILE_READ_PENDING that sometimes should be treated
similar to FILE_CLOSED and sometimes should be treated similar to
FILE_READ_IN_PROGRESS.
This fixes a crash when enabling "update packet list during a capture"
while a capture is in progress, as well a crash when applying a filter
while a capture is in progress but real time packet list updates are
off.
Keep track of the number of packets that the capture child has reported
that haven't been read yet, so that the capture statistics stay accurate
even if the pref is toggled. Also run the main status bar statistics at
the end, so that if any packets are processed in cf_finish_tail() they
are reported.
This also restores status bar statistics for when update packet list
during a capture is off, which 461fb517d1f75f607eb3cb670b87754bc24b82ca
accidentally disabled.
Fix #4035
|
|
|
|
|
|
Sometimes you have a capture file that has many duplicate frames
because of how the capture was made, and its convenient to ignore
the duplicates so you can concentrate on the data and not all
the TCP warnings.
This adds a preference in the "Protocols" section to ignore
duplicates. This currently only works while reading a capture file
*not* during a live capture.
|
|
Strip the timestamps and function names from extcap errors before
displaying them in a dialog. This keeps us from spewing
```
Error by extcap pipe: ** (falcodump:24913) 15:08:20.263535 [falcodump
WARNING] extcap/falcodump.cpp:593 -- main(): cloudtrail plugin error:
failed to list objects: ExpiredToken: The provided token has expired.
status code: 400, request id: M2PYJOT4JGVAA6B9, host id:
+4V8Q+DGV+80Jd3fdc7tODyVdTRvepNgCD9zuvXeL7kzvp2oikaoi9CLMW+UKt/
aR1G2UXIqyQ8=
```
at the user.
Check for warning messages and set our dialog type accordingly.
|
|
Send SIGTERM on UNIX systems to all extcap processes when user requests
capture stop. Wait up to 30 seconds for extcaps to finish. If extcaps do
not finish in time, send SIGKILL to remaining extcaps.
Do not call TerminateProcess() on Windows in the same place where UNIX
SIGTERM is sent. Instead schedule extcap termination timeout to happen
as soon as control returns back to the event loop.
There is no universally agreed replacement for SIGTERM on Windows, so
just keep things simple (forcefully terminate like always) until we
have agreed on something.
|
|
Replace the redundant main_window_quit with the
more specialized exit_application and return 0
as a state
|
|
|
|
Use macros from inttypes.h.
|
|
Use macros from inttypes.h with format strings.
|
|
Changing profile during capture may change the capture_opts->show_info
setting. Always init cap_session->wtap and check if valid before doing
capture_info_new_packets(). Always close dialog and cap_session->wtap
in capture_input_closed().
This will not bring up the Capture Information dialog when switching
to a profile having this enabled.
Fixes #17622
|
|
Bug 17478 was caused by `wtap_rec.block` being allocated for each
packet, but not freed when it was done being used -- typically at the
end of a loop.
Rather than requiring each caller of `wtap_read()` to know to free a
member of `rec`, I added a new function `wtap_rec_reset()` for a
slightly cleaner API. Added calls to it everywhere that seemed to make
sense.
Fixes #17478
|
|
Don't store the comments in a capture_options structure, because that's
available only if we're being built with capture support, and
--capture-comment can be used in TShark when reading a capture file and
writing another capture file, with no live capture taking place.
This means we don't handle that option in capture_opts_add_opt(); handle
it in the programs that support it.
Support writing multiple comments in dumpcap when capturing.
These changes also fix builds without pcap, and makes --capture-comment
work in Wireshark when a capture is started from the command line with
-k.
Update the help messages to indicate that --capture-comment adds a
capture comment, it doesn't change any comment (much less "the" comment,
as there isn't necessarily a single comment).
Update the man pages:
- not to presume that only pcapng files support file comments (even if
that's true now, it might not be true in the future);
- to note that multiple instances of --capture-comment are supported,
and that multiple comments will be written, whether capturing or reading
one file and writing another;
- clarify that Wireshark doesn't *discard* SHB comments other than the
first one, even though it only displays the first one;
|
|
|
|
|
|
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
|
|
Remove the editor modeline blocks from the source files in ui that use 4
space indentation by running
perl -i -p0e 's{ \n+ /[ *\n]+ editor \s+ modelines .* shiftwidth= .* \*/ \s+ } {\n}gsix' $( ag -l shiftwidth=4 $( ag -g '\.(c|cpp|h|m|mm)') )
This gives us one source of indentation truth for these files, and it
*shouldn't* affect anyone since
- These files match the default in our top-level .editorconfig.
- The one notable editor that's likely to be used on these files and
*doesn't* support EditorConfig (Qt Creator) defaults to 4 space
indentation.
|
|
The distinction between the different kinds of capture utility
may not warrant a special subfolfer for each, and sometimes the
distinction is not be clear or some functions could stradle
multiple "categories" (like capture_ifinfo.[ch]).
Simplify by having only a generic 'capture' subfolder. The
separate CMake libraries are kept as a way to reuse object code
efficiently.
|
|
This only opens files for reading, so throw out all the stuff to handle
opening files for writing.
|
|
The "short name" is really just the name, used to look it up. The
"name" is really a description intended solely for human consumption.
Rename the fields, and the functions that access them, to match.
The "description" maintained by Lua for file type handlers is used
*only* for one debugging message; we should probably just eliminate it.
Call it an "internal description" for now.
|
|
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
|
|
This reverts commit 5df29254347daab8ab9f530a0b9dfd0b32a40efc.
The problem only showed up in tfshark.c, and was caused by tfshark.c
using stuff from ui/urls.h but not *including* ui/urls.h.
|
|
If you use it, GCC 9.3.0 seems to think there's a missing parenthesis
somewhere, just as the version of clang++ in my version of Xcode does,
even though other versions of GCC don't. I'm clearly missing something
obscure about C here; I give up.
|
|
That way, users won't just see "You got an internal error", the details
will be given, so they can report them in a bug.
|
|
|
|
Add ui/urls.h to define some URLs on various of our websites. Use the
GitLab URL for the wiki. Add a macro to generate wiki URLs.
Update wiki URLs in comments etc.
Use the #defined URL for the docs page in
WelcomePage::on_helpLabel_clicked; that removes the last user of
topic_online_url(), so get rid of it and swallow it up into
topic_action_url().
|
|
Instead of having programs that use the capchild library define
functions with known names, with the library routines calling back
routines with those names, have function pointers for those callbacks in
the capture_session structure, and have capture_session_init() set them.
Make the callback routines in TShark and in the ui library static.
Change-Id: Ia1ba6119c5ef7708e0f87b8420f200136ba41eae
Reviewed-on: https://code.wireshark.org/review/36583
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
|
|
When using the "Create a new file automatically" feature the capture in
Wireshark will stop and start, but the extcap utility will continue run
as normal. Ensure the control channels are kept when doing this.
Rename the unused capture_session.session_started to session_will_restart
to detect this.
Bug: 16178
Change-Id: I6797c982760a1013fca2a24699befff1dc82f28c
Reviewed-on: https://code.wireshark.org/review/35013
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Change-Id: I2aabe735316e05495370b5bceb8ca56a1c9b3558
Reviewed-on: https://code.wireshark.org/review/34538
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That means the packet-count-during-capture stuff is scattered amongst
fewer locations.
Move capture_info.h into ui; it's now a header that declares routines
whose implementations are GUI-platform-dependent.
Change-Id: I475815724a4766f6bc2511e67ebae14865e1a9d1
Reviewed-on: https://code.wireshark.org/review/26249
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
That way we aren't allocating memory, reading packets from a batch, and
freeing the memory for each batch of packets delivered by dumpcap; we do
the allocation when the capture starts and the freeing when it finishes.
Change-Id: If012ab865f3a99d869535ad10827ad8680c1b10c
Reviewed-on: https://code.wireshark.org/review/32766
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Move it to the capture_session structure from the info_data_t structure,
and pass it as an argument to capture_info_new_packets().
Change-Id: I822392bbf48eeb27ba9e17b73775d2fc4349bc17
Reviewed-on: https://code.wireshark.org/review/32765
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
capture_input_drops() doesn't, and shouldn't, modify or free or... the
interface name, so make the pointer to it a const pointer.
Change-Id: Iafc5c5dd9939225b3aeb8a8e36c5bdeecc394e12
Reviewed-on: https://code.wireshark.org/review/32465
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
capture_input_cfilter_error_message() doesn't, and shouldn't, modify or
free or... the error message, so make the pointer to it a const pointer.
Change-Id: Ic14ac306add328df369af4b6e149c856f4283912
Reviewed-on: https://code.wireshark.org/review/32464
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Throw away the old temporary filename when restart capture to create
a new temporary file. This was omitted from the previous restart
capture fix.
Change-Id: I39396d26563ec3d424161f81667864440a13e6d2
Reviewed-on: https://code.wireshark.org/review/32184
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Set capture_opts->restart before restart current capture.
Update the restart handling in capture_input_closed() to not remove
the current save file; this is either the last file in a ring buffer
or a temporary file which will be reused later. Also remove the code
which starts the capture again because this is now done in
MainWindow::on_actionCaptureRestart_triggered().
Keep the code to restore the original save file when having a ring
buffer. This will avoid the error message "Ring buffer requested,
but capture isn't being saved to a permanent file" and a following
unwanted capture stop.
This fix will also avoid the "No packets captured" warning when
restart capture without having any packets captured.
Remove the unused capture_restart() function which was used in GTK.
Change-Id: I80802217b71810eaa36b78a2eb4c32697ddc92ce
Reviewed-on: https://code.wireshark.org/review/32110
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|