Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix a typo in a comment.
Move a wsutil include in with most of the rest of the wsutil includes.
|
|
If the user gets the "failed to set hardware filter to promiscuous mode"
error, and they're running Npcap 1.71 to 1.73, recommend that they
upgrade to the current version of Npcap.
Clean up the helpful-hint generation code a bit while we're at it.
|
|
This is the same as ws_message(), for status messages, but silent
with the default log level. Do the same as ws_message() and omit
the file/line/func detail to make status messages less busy.
Use some macros and tweak some startup logs.
|
|
Since creating !12280 I've [learned][1] that it's a Bad Idea to create
an array of size `FILENAME_MAX`. Revised to instead use
`g_strdup_printf()`; it's a bit annoying to allocate memory in this way
but better in the long run.
[1]: https://stackoverflow.com/a/65174437/6692652
|
|
Way back in e4379f0ea1 we added an option to dumpcap to output the name
of the most recently closed ringbuffer file. Expose this option to
tshark, and make tshark correctly pass it to dumpcap.
|
|
Some routines that are built only if libpcap 1.10.x is built with remote
capture support, but that are unconditionally declared in pcap/pcap.h,
now have stub implementations in macOS 14 that always fail and set the
error string to "not supported". (This was probably done because those
routines are now declared as "weakly linked symbols":
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPFrameworks/Concepts/WeakLinking.html
om macOS 14.)
This means CMakeLists.txt finds them when you build on Sonoma, so we end
up calling them.
The only place where we didn't arrange that we *only* use them if the
device name begins with rpcap://, indicating that it's a remote-capture
URL, was the code in dumpcap that produces packet counts for the
sparklines in the Wireshark main screen. That meant that all opens
failed, and dumpcap reported that failure to Wireshark, so no sparklines
were drawn. Check for rpcap:// in that case as well, and use
pcap_open_live() if it's not present.
For all code that calls the routines in question, if the any of the
routines in question fail, check for an error string of "not supported",
and replace it with "Remote capture not supported", so as to make the
cause of failure clearer.
Fixes #19349.
|
|
|
|
We create the dummy signal pipe only allowing one instance, so close
the handle when we're done with it (and set it to NULL, so we'll
create another one.)
If creating the dummy signal pipe fails, return failure and set the
error message.
Log error messages on failure of capture_stat_start()
Fix #15470
|
|
On at least some Linux distributions, dumpcap is either installed with
elevated privileges sufficient to support traffic capture by default or
can optionally be given those privileges. If it has those privileges,
it's typically made group-executable but not world-executable and owned
by a special group, e.g. "wireshark", so that only users in that group
can use dumpcap to capture traffic.
The user installing the Wireshark package is *not* necessarily put into
that group by default; this means that any attempt by Wireshark or
TShark to run dumpcap will fail with EACCES.
If the exec call in the child process sends text error mesages, intended
for end users, up the message pipe, as we had been doing, then figuring
out *why* the exec failed would require some heuristic parsing to figure
out whether it's a permissions problem or not.
Instead of doing that, just send a message giving the errno for exec
failing.
For now, we just format an error message for that in the parent process,
but this leaves room to do a better job.
While we're at it, fix some cases where an empty error message could be
printed.
|
|
Don't do so only if no interfaces are reported; we now append extcaps to
the list even if, due to an error, no interfaces were found, so report
an error in that cas regardless of whether the interface list is empty
or not.
Add additional exit status values for -D errors (and potentially for
errors elsewhere), use them, and allow "pcap error" in the tests
for -D.
|
|
|
|
append_extcap_interface_list() does not return an error string; remove
the error string argument from it.
|
|
Give them all names beginning with sync_pipe_write_
Rename pipe_write_block() to sync_pipe_write_string_msg(), as it writes
a message containing a string, not a "block".
Add sync_pipe_write_uint_msg(), which takes an unsigned integer as an
argument and writes a message containing its value (as a string) as the
body.
Make sync_pipe_write_header() and SP_DECISIZE local to
sync_pipe_write.c, as they're no longer used outside that file.
|
|
We use ioctl(SIOCGIFDESCR) to get an interface description on FreeBSD
and OpenBSD.
|
|
This uses ENOMEM, and thus requires <errno.h>, in that case.
|
|
|
|
This code block where we send a quit message to the capture child
in another thread is only on Windows, so use win32strerror to get
a little more informative error about what's going on when it fails
unexpectedly.
Related to #18014
|
|
snprintf(), sensibly, takes a size_t argument specifying the size of the
buffer. g_snprintf(), bogusly, takes a gulong argument specifying the
size of the buffer, so we had to do casts to avoid narrowing complaints,
but we're just using snprintf() now (as we require C11 or later), and
don't need the casts any more.
|
|
Convert occurrences of gu?char and gu?long in capture/.
|
|
Convert capture/*.[ch] to C99 types. Update other files where needed.
Ping #19116
|
|
When not updating the packet list during a capture, the capture
file structure isn't set up, but there is a pending capture.
We currently treat that as "finished reading", but that means
that other code assumes that all the structures are set up and
can crash, and also don't prompt regarding unsaved packets when
trying to close Wireshark.
Add a state for FILE_READ_PENDING that sometimes should be treated
similar to FILE_CLOSED and sometimes should be treated similar to
FILE_READ_IN_PROGRESS.
This fixes a crash when enabling "update packet list during a capture"
while a capture is in progress, as well a crash when applying a filter
while a capture is in progress but real time packet list updates are
off.
Keep track of the number of packets that the capture child has reported
that haven't been read yet, so that the capture statistics stay accurate
even if the pref is toggled. Also run the main status bar statistics at
the end, so that if any packets are processed in cf_finish_tail() they
are reported.
This also restores status bar statistics for when update packet list
during a capture is off, which 461fb517d1f75f607eb3cb670b87754bc24b82ca
accidentally disabled.
Fix #4035
|
|
|
|
|
|
Fixes Windows builds without *pcap.
|
|
The remote capture stuff, including pcap_findalldevs_ex(), isn't
Windows-specific; libpcap can be built with it on UN*X, although it's
not the *default* configuration.
So, if we're not building for Windows, just #define
ws_pcap_findalldevs_ex to be pcap_findalldevs_ex.
|
|
This stub implements an interface from WinPcap/Npcap. The function
declaration differs in a constness attribute between different WinPcap
flavors, leading to pain and tears. Just rename the function instead
so it doesn't clobber any public declaration from WinPcap/Npcap and
cause mismatched declaration errors.
|
|
Fix various issues preventing compilation with Fedora's
MinGW WinPcap package.
|
|
|
|
Expand the set of CAP_DEVICE_OPEN_ errors and warnings to include
specific errors for many of the errors and warnings libpcap returns.
(This doesn't include the errors that would definitely either be
Wireshark or libpcap bugs, such as PCAP_ERROR_NOT_ACTIVATED and
PCAP_ERROR_ACTIVATED.)
Don't give "make sure you have the right permissions" secondary error
messages if we know that the error isn't a permissions error.
For the PCAP_ERROR_ codes that we handle individually, don't bother with
the pcap_statustostr() string, as it would duplicate the error message
we're providing.
For the PCAP_ERROR_ codes we *don't* handle individually, give both the
pcap_statustostr() string and the pcap_geterr() string, to give the user
as much information as possible (even if that's just so that they can
give *us* as much information as possible to figure out what the problem
is).
This should remove the "how to support packet capturing on Debian"
message for "sorry, we don't support PF_PACKET sockets" error that shows
up if either 1) your kernel doesn't have PF_PACKET support configured in
or 2) this is a Flatpak package of Wireshark that's "helpfully" been
sandboxed. See issue #19008.
|
|
GLib 2.76 deprecated G_MODULE_SUFFIX, so just use ".dll" on Windows and
".so" elsewhere. It also deprecated g_module_build_path, so just use
g_strconcat.
ws_module_open was only used to open wpcap.dll, so rename it to
load_wpcap_module.
|
|
Merge common code between sync_pipe_start and sync_pipe_open_command,
which differ in exactly what pipes are opened. sync_pipe_start now
constructs the command line and passes it to sync_pipe_open_command.
This is a precursor for adding a mode where tshark can tell dumpcap to
send data through a pipe instead of to a temporary file (#2743, and
eventually #1650)
|
|
Reduce the default update interval for dumpcap to notify its parent
of new packets (or to check if we've met file duration, etc.) from
500 ms to 100 ms, and put in the capture options.
This makes the GUI appear to update more in real time rather than
in visible batches of packets.
This also reduces the amount of ring buffer space needed in cases
where we're doing dissection, and dissection is able to keep up,
but the files can be deleted before tshark gets to them because of
the notification lag. (See #1650.)
|
|
Forcing the use of a dedicated header to replace pcap.h is
unnecessary code and mental overhead in this case. We can
use config.h instead for the same purpose of defining a
macro symbol before including pcap.h.
|
|
|
|
|
|
|
|
This reverts commit 7a346c398a911a9883cc67f12542f04f87a21ee8.
|
|
Dumpcap depends on wsutil.so. The path to the shared library
is encoded in the RPATH (or RUNPATH) property of ELF binaries.
This is currently an absolute path on most Unixy systems.
Dumpcap could not be made to work with a relative RPATH because it
uses elevated privileges and some loaders will ignore relative
RPATHs and non-standard paths under those circumstances, because of
(justified) security concerns.
To enable relocation of the program we link dumpcap statically
with wsutil instead.
This provides a fully working relocatable installation on Linux
and other platforms that support relative RPATHs.
|
|
capture-pcap-util.c:561:23: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
561 | *((guint32 *)&(ai->sin_addr.s_addr));
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
Remove some unused historical files.
Aggressively disable warnings to keep the lemon source
pristine and avoid the maintenance burden for lemon itself.
Lemon has its own lax policy for warnings that doesn't match our
own and they won't accept external patches to remove the
warnings, so just ignore them. Lemon is just executed to generate
code for the Wireshark build and the minor code issues it has
have no influence at runtime.
For lemon generated code we selectively disable some linting
warnings.
Remove patches for lemon and lempar, they are no longer required
with these changes to silence warnings.
|
|
That reduces the number of get_progfile_dir() calls, leaving only the
calls that are done either to 1) get the pathname in order to display it
or 2) get the pathname in order to reset the library path.
That makes it easier to figure out which get_progfile_dir() calls are
made to find the directory in which (non-extcap) binaries from Wireshark
are installed and which - if any - are made to figure out the directory
in which *the currently-running executable* are stored. (Currently,
get_progfile_dir() attemps to get the former, not the latter, so
extcaps in an extcap subdirectory, for example, will get the parent
directory of that subdirectory, *not* the directory in which they weere
installed.)
|
|
Fix
```
capture/ws80211_utils.c:328:6: error: variable 'bandidx' set but not used [-Werror,-Wunused-but-set-variable]
int bandidx = 1;
^
```
|
|
Reduce the amount of platform specific Wireshark code by using
GIOChannel watch, i.e. do not use UNIX specific GLib functionality and
do not peek into pipe every 100 ms on Windows.
|
|
Strip the timestamps and function names from extcap errors before
displaying them in a dialog. This keeps us from spewing
```
Error by extcap pipe: ** (falcodump:24913) 15:08:20.263535 [falcodump
WARNING] extcap/falcodump.cpp:593 -- main(): cloudtrail plugin error:
failed to list objects: ExpiredToken: The provided token has expired.
status code: 400, request id: M2PYJOT4JGVAA6B9, host id:
+4V8Q+DGV+80Jd3fdc7tODyVdTRvepNgCD9zuvXeL7kzvp2oikaoi9CLMW+UKt/
aR1G2UXIqyQ8=
```
at the user.
Check for warning messages and set our dialog type accordingly.
|
|
Windows processes inherit all inheritable handles when a new process is
created using CreateProcess() with bInheritHandles set to TRUE. This can
lead to undesired object lifetime extension. That is, the child process
will keep ineritable handles alive even if it does not use them. Up to
Windows Vista it was not possible explicitly list handles that should be
inherited. Wireshark no longer works on Windows releases earlier than
Vista, so use the new API without checking Windows version.
Require all callers to win32_create_process() to pass in the list of
handles to inherit. Set the listed handles as inheritable shortly before
calling CreateProcess() and set them as not inheritable shortly after
the process is created. This minimizes possibility for other callers
(especially in 3rd party libraries) to inherit handles by accident.
Do not terminate mmdbresolve process on exit. Instead rely on process
exit when EOF is received on standard input. Previously the EOF was
never received because mmdbresolve inherited both ends of standard input
pipe, i.e. the fact that Wireshark closed the write end was not observed
by mmdbresolve because mmdbresolve kept write handle the standard input
pipe open.
|
|
Send SIGTERM on UNIX systems to all extcap processes when user requests
capture stop. Wait up to 30 seconds for extcaps to finish. If extcaps do
not finish in time, send SIGKILL to remaining extcaps.
Do not call TerminateProcess() on Windows in the same place where UNIX
SIGTERM is sent. Instead schedule extcap termination timeout to happen
as soon as control returns back to the event loop.
There is no universally agreed replacement for SIGTERM on Windows, so
just keep things simple (forcefully terminate like always) until we
have agreed on something.
|