Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Ia46903586219ee79210a980a04024af02acb0db0
Reviewed-on: https://code.wireshark.org/review/24189
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I81892f2624920ccf3e2f18734665b9b2e99de5cf
Reviewed-on: https://code.wireshark.org/review/24081
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Also fix buffer length define, as it is not guaranteed to be 46 on
Windows (it never was guaranteed anyway for the libc implementation,
but the likelyhood of being greater was small).
Change-Id: I2db705d86f825765ed32ec70b8d22058b5d629e8
Reviewed-on: https://code.wireshark.org/review/24074
Reviewed-by: João Valverde <j@v6e.pt>
|
|
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
When capturing from multiple interfaces the extcap pipe detection
must be done based on the correct interface, not the first one.
Change-Id: I7428388d84ee18d0bfa693ffc9ddae98126ceca4
Ping-Bug: 13653
Reviewed-on: https://code.wireshark.org/review/23390
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Change access of ifaces elements from by val to by reference.
With this change unnecessary copying of the whole struct is avoided
but even more important is that elements no longer have to be
removed and inserted whenever data is updated.
This change aims to make it more clear that ifaces elements shall
never directly be removed from the array. Instead use function
capture_opts_del_iface
NOTE: Code for GTK UI not updated
Ping-Bug: 13864
Change-Id: I04b65d5ee36526b30d959b8e5a2a48a3c7c4f15b
Reviewed-on: https://code.wireshark.org/review/23204
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
|
|
While "os_info_str" is freed after the loop, "cpu_info_str" was leaked.
Change-Id: Ia4069403c0a5dd5cc6bd7ed61726c1bfa9736b19
Reviewed-on: https://code.wireshark.org/review/22465
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When the current capture buffer is too small, it must be increased
before attempting to read the next data packet.
Fix developed by Mikael Kanstrup (and Guy), I added comments such that
the next reader does not have to guess whether "incl_len" is
accidentally used for reading from the buffer (it is not).
Change-Id: I980bd21ac79601a34d57ffc99a34bfb54c297ac0
Fixes: v2.5.0rc0-28-gd0865fd619 ("Allow bigger snapshot lengths for D-Bus captures.")
Bug: 13852
Reviewed-on: https://code.wireshark.org/review/22464
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We were allocating it every time we called cap_pipe_dispatch() (or,
prior to I0256daae8478f1100fdde96a16a404465ec200b3, in
capture_loop_dispatch()) and freeing it before the routine in question
returned.
However, we were treating that buffer as if it persisted from call to
call, which worked *only* if freeing and re-allocating the buffer meant
that we'd get back the same buffer with its previous contents intact.
That is *not* guaranteed to work.
Instead, allocate the buffer when we open the capture pipe, and free it
when we close the capture pipe.
Change-Id: Ic785b1f47b71b55aba426db3b1e868186c265263
Reviewed-on: https://code.wireshark.org/review/21948
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The buffer is only used when reading from a pipe; no need to allocate it
when capturing from a pcap_t.
Doing it in cap_pipe_dispatch() makes it clearer when the buffer exists
and when it doesn't.
Change-Id: I0256daae8478f1100fdde96a16a404465ec200b3
Reviewed-on: https://code.wireshark.org/review/21930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ice2727d691719a10c7163b9496107ec95fbd2e3b
Reviewed-on: https://code.wireshark.org/review/21288
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Default value for snaplen is defined in wiretap/wtap.h:
#define WTAP_MAX_PACKET_SIZE 262144
and used in capture_opts.c:
capture_opts->default_options.snaplen =
WTAP_MAX_PACKET_SIZE;
but help and man pages don't reflect this change.
Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id365b533812bd972a5e7732ad43b6b6e3221029b
Reviewed-on: https://code.wireshark.org/review/20755
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Windows vscodeanalysis complains even though the event is probably
very unlikely.
Change-Id: Iafe158eea5586908209d6bfe1e45540117558673
Reviewed-on: https://code.wireshark.org/review/20727
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Make a url in a comment more readable.
Change-Id: I9a34e442434cc50c6d631622d680c12049c7dbf8
Reviewed-on: https://code.wireshark.org/review/20472
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Consistently use 4-space indentation.
Change-Id: I8418241924a5b77a9e223869ff707335b8a52b75
Reviewed-on: https://code.wireshark.org/review/20419
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The structure called a pcap_options structure doesn't (only) hold
options for a packet capture; it holds all information about a
particular device, pipe, or socket from which we're capturing. Rename
it capture_src - and rename all the pointer variables that point to
something of that type to pcap_src from pcap_opts.
Change-Id: I8476146f174c82f331227528381defcc2828d822
Reviewed-on: https://code.wireshark.org/review/20416
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
found by gcc7
Change-Id: I46bf9ae4150d9bd7efe5387919091ac49143232d
Reviewed-on: https://code.wireshark.org/review/20414
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This required a restyle of the way the different apps exit.
Change-Id: Iedf728488954cc415b620ff0284d2e60f38f87d2
Reviewed-on: https://code.wireshark.org/review/19780
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Dumpcap doesn't yet support capturing pcapng from stdin. On Windows,
make sure we invalidate our file handle so that instead of printing
"Error reading from pipe: The operation completed successfully. (error 0)"
we show the more useful
"Capturing from a pipe doesn't support pcapng format."
Change-Id: I472c1bf5c8520c9ee3fe4b6299a6e0250262ea51
Reviewed-on: https://code.wireshark.org/review/19876
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Make sure that simple_dialog displays plain text. Trim whitespace
and remove excessive newlines in order to improve message formatting.
Add a comment about simple_dialog's behavior in Qt and GTK+ and how it
might be improved.
Bug: 13178
Change-Id: Ic6ff3cecd5ef1d76ec095d7a409f38e602b41ce2
Reviewed-on: https://code.wireshark.org/review/18985
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
And some comments in the case where we're converting the result of
time() - if your machine's idea of time predates January 1, 1970,
00:00:00 UTC, it'll crash on Windows, but that's not a case where a
*file* can cause the problem due either to a bad file time stamp or bad
time stamps in the file.
Change-Id: I837a438e4b875dd8c4f3ec2137df7a16ee4e9498
Reviewed-on: https://code.wireshark.org/review/18369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add CPU info as hardware description in session header block when
using pcapng.
Use capture_comment from the capture_options structure when using
ring buffer.
Change-Id: I5e688fc2d6ab61de1f64ad9a8a96e6e39e8cf708
Reviewed-on: https://code.wireshark.org/review/17862
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Invocation of tshark -D (dumpcap -D -Z none) under ASAN fails with:
tshark: Child dumpcap process died: Abort - core dumped
Change-Id: Ida363089066205d579e841b019b32c2e33516f12
Reviewed-on: https://code.wireshark.org/review/17633
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3adeb2974b1093270bec12039cd855c92f660f4d
Reviewed-on: https://code.wireshark.org/review/17588
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6520971e607623dadcb3ae392ce264bf49c621bd
Reviewed-on: https://code.wireshark.org/review/17499
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I323b2c203b49a6921251583772bdb3c3afacd31b
Reviewed-on: https://code.wireshark.org/review/17510
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie9d47da4b1758cbf475989a04847853a714e1447
Reviewed-on: https://code.wireshark.org/review/17503
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I627dd6c514066ba67cd501925ff95e9cf819c0e9
Reviewed-on: https://code.wireshark.org/review/16828
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Change-Id: I70c7bc270946d104218afc4d9c8ac888471f6524
Reviewed-on: https://code.wireshark.org/review/16821
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This patch reads out the stderr messages from an extcap
utility and displays it to an user. It was tested on Qt
but not on GTK, but should work their as well.
On Mac OS/X and Windows the child_watch does not behave
as it was intended. Therefore in extcap_cleanup, the callbacks
are called manually, if and only if, they have not been
called already.
The reason why it displays two error messages is, that
by the time the first one is being displayed, glib has not
returned from the spawned process on Linux yet. So there
is no way to add the stderr correctly, and putting a handler
to stderr into interface_opts will lead to memory errors,
cause then the code tries to access memory outside of its
protection.
Bug: 11892
Change-Id: I2db60dd480fed3e01428b91a705057e4f088bd15
Reviewed-on: https://code.wireshark.org/review/12954
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That way, people don't get confused by an "Unrecognized libpcap format"
error - it's *not* libpcap format!
Also, improve *that* message to say "...or not libpcap data", and put a
period at the end of the error messages.
Change-Id: I175f9399fe99ce424f1d83596b7330e1fa5c0625
Reviewed-on: https://code.wireshark.org/review/16349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Also update faq to include new temporary file format.
Change-Id: Ie6c318bb359974b89ff3e268155315c22ba7c4e4
Reviewed-on: https://code.wireshark.org/review/15685
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Ping-Bug: 10203
Change-Id: Ifa24870d711449b87e9839dd46af614e4aa28fde
Reviewed-on: https://code.wireshark.org/review/15608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
This didn't fix the test failures.
This reverts commit e5f4c5c8a80e2f5970b8c1d4fdfc29ab851f0e6f.
Change-Id: I0cff5eff88d2b49806797cef83338dbbace42a4c
Reviewed-on: https://code.wireshark.org/review/15135
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
As the MSDN documentation says, "CreateProcess returns without waiting
for the new process to finish its initialization." Add an SP_INIT sync
pipe indicator on Windows and use it in dumpcap to signal to its parent
that it has started up.
Change-Id: I88a4c158871dbe2dd6eba13434e92c5d4b1c2e4b
Reviewed-on: https://code.wireshark.org/review/15132
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefcbeb5d24df383c29d29ef888b503945.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Having to define two macros for marking a function as never returning
seems a bit redundant. Merge the MSVC and GCC-like attributes into a
single WS_NORETURN.
Tested with Clang 3.7.1, GCC 4.4.7 and even GCC 4.1.2 using this small
program (-Wall -Wextra, the first two generate warnings for
uninitialized variables, the last one compiles without warnings):
#include <stdlib.h>
__attribute__((noreturn)) void foo() { exit(1); }
__attribute__((noreturn)) void bar();
void bar() { exit(1); }
int main() {
int j, i;
if (i) { bar(); return j; }
foo();
return j;
}
Change-Id: I7d19c15e61b8f8fa4936864407199c4109f8cc82
Reviewed-on: https://code.wireshark.org/review/14822
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: Ia394071710ecda3b0e6686a51fbca45a8ff20317
Reviewed-on: https://code.wireshark.org/review/14749
Petri-Dish: João Valverde <j@v6e.pt>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I0950f61e90af5bb21c0017204de0c0b509616e5c
Reviewed-on: https://code.wireshark.org/review/14747
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib89f345c072a38bc01f0513366a4bdae3bf6f08e
Reviewed-on: https://code.wireshark.org/review/14615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add dumpcap support for configuring 80MHz, 80+80MHz, 160MHz monitor
modes via nl80211.
Change-Id: I2ae8955670c2a9b5051e2223d45ce522459f2c5f
Reviewed-on: https://code.wireshark.org/review/13964
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ifc344ed33f2f7ca09a6912a5adb49dc35f07c81f
Reviewed-on: https://code.wireshark.org/review/13881
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: Id928258326a1bd4512d88fe0f74b0a34262da56a
Reviewed-on: https://code.wireshark.org/review/13104
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Move the code to open capture devices and get properties of capture
devices there, joining the code to get a list of capture devices.
This lets us do a better job of handling pcap_create() in WinPcap,
including handling both WinPcap with pcap_create() and WinPcap without
pcap_create() at run time, just in case somebody tries using WinPcap 3.x
with a Wireshark built with WinPcap 4.x.
It also could make it easier to use libpcap/WinPcap directly in
Wireshark and TShark, if we have versions of libpcap/WinPcap that run
small helper utilities to do privileged functions, allowing programs
using them never to need elevated privileges themselves. That might
make it easier to fix some issues with running TShark when not saving to
a file (we could avoid the file entirely) and with delays when stopping
a capture in Wireshark (Wireshark could stop writing to the file as soon
as you click the stop button, rather than letting dumpcap do so when the
signal gets to it).
It might also make it easier to handle future versions of
libpcap/WinPcap that support using pcap_create()/pcap_activate() for
remote captures, and other future extensions to libpcap/WinPcap.
Rename some XXX_linktype routines to XXX_datalink to indicate that they
work with DLT_ values rather than LINKTYPE_ values; future versions of
libpcap might use LINKTYPE_ values in newer APIs.
Check for pcap_create() on all platforms in CMake.
Change-Id: Ia12e1692c96ec945c07a135d246958771a29c817
Reviewed-on: https://code.wireshark.org/review/13062
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The "-Wwrite-strings" flag produces nuisance warnings. These warnings are
not useful, they're impossible to fix in a sane way and therefore are being
handled with casts of static strings to (char *).
This just moves the warning to [-Wcast-qual] and a compiler pragma is
in turn required (and used) to squelch that warning.
Remove the Wwrite-strings warning. Let that responsibility fall on the
programmer (as is done by casting).
Change-Id: I5a44dfd9decd6d80797a521a3373593074962fb5
Reviewed-on: https://code.wireshark.org/review/12162
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|