Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Ping #19116
|
|
|
|
Add a new option (checkbox) to the `Name Resolution` section of the settings
dialog.
When enabling `Use SNI information from captured handshake packets` the Server
Name Indication of TLS connections is used to resolve IPv4 and IPv6 addresses.
This option can be useful when monitoring traffic that uses encrypted DNS.
Part of #11567
|
|
With the aid of a script, convert our boolean preferences from gboolean
to bool.
Ping #19116
|
|
This one is complicated because a gboolean is an int, but a bool
is not, in the way that a pointer to a bool (including in the
return of a function pointer) cannot be substituted for a pointer
to a gboolean. (They can convert a bool used internally to a gboolean
on return.)
Continue for that reason to have some functions return gboolean
when used with glib callback functions:
https://docs.gtk.org/glib/callback.HRFunc.html
Another small gotcha is that macros like UINT64_C are not necessarily
guaranteed to wrap the return in parentheses, which G_GUINT64_CONSTANT
and the like do.
In wtap.h, the file subtype "dump_open" function was typedef'd
as returning an int, but almost all users (except in wslua) returned
a gboolean. Switch it to a bool.
Make a note about why can_write_encap does not return a bool,
because it returns error codes on failure (for Lua) instead of
having the err as a separate parameter.
Update the usbdump wiretap plugin too.
A few places outside of wiretap use wiretap function pointers, such
as in the Lua interface, adding IP addresses to NRBs, merging, and
the frame dissector using wiretap functions. Switch those to bool.
Ping #19116
|
|
|
|
In the first pass of two-pass wireshark, where we can do
asynchronous DNS lookups, make sure to actually take the
requests off the queue and process them, instead of waiting
until the end of the first pass.
Use a mutex to protect taking requests off the queue, just in
case.
Related to #19629.
|
|
Keep the custom services entries in a separate table and
only copy them to the externally visible table when looked up.
This allows us to make the externally visible strings const,
and means that we don't have to copy the strings from the global
services C array table.
It also means that the externally visible table only has entries
that have actually been looked up, instead of being mixed with
the static entries.
Fix #13857
|
|
Change the hashether status flags to be more consistent with the others.
In the Resolved Addresses dialog, only show addresses that are
actually present in the capture file and resolved, not all entries
in an ethers or wka file. (Entries in the wka file with a /48 mask
are added to the ethers hashtable.)
Part of #13857
|
|
For manuf/OUI, change the status flags to be more consistent with
other types, and provide an accessor for status. In the Resolved
Addresses dialog, only display the OUI that have actually been
looked up in the capture file.
Part of #13857
|
|
For well-known addresses, store whether the address has actually
been used in a lookup or is just present in the global file.
In the Resolved Addresses dialog, only display the well known
addresses that have actually been looked up.
Part of #13857
|
|
Some protocols specifically have 24-bit OUI fields, not
contained within a EUI-48 or EUI-64. Don't return the MA-M
or MA-S that starts with those 24 bits and has 4th and 5th
octet zero when looking up a 24-bit OUI.
When finding a MA-M or MA-S in the global manuf hash tables
(whether from a 24-bit OUI or from a EUI-48 or EUI-64), don't
store the results in the used manuf hashtable, which results
in incorrectly matching other MA-M and MA-S with the same
first 24 bits.
We probably do want to eventually store all MA-M and MA-S used
in some sort of resolved hash table for the Resolved Addresses
dialog.
We also eventually should go through and determine which cases of
tvb_get_manuf_name_if_known are really 24-bit OUIs (e.g.,
roaming consortium in IEEE 802.11) and which are looking
up EUI-48s (e.g., packet-pw-eth.c)
Fix the label writing for the MA-M and MA-S so as not to include
the proper number of nibbles, splitting a byte if appropriate.
Fix #15300
|
|
Once upon a time, Wireshark could use GNU ADNS instead of c-ares
for asynchronous DNS lookups. GNU ADNS didn't check the system
hosts file (see 51984de040b804ca6614830acc62c641cd6d8959), so
we added the system hosts file using the same mechanism as profile
paths when using ADNS.
This was then confusing, because "use external DNS resolver / use
system DNS resolving" could be off but /etc/hosts was still used,
so the "only use profile hosts" option was created to avoid using
external system DNS hostsnames at all.
c-ares (and, for that matter, libunbound) does read /etc/hosts, so
this option doesn't do its primary purpose anymore. All it usually
does now is keep any hosts file in the global profile from being used,
but we don't have any other name resolution options where there's a
pref not to use global profile data.
Even more confusingly, if the option is true, then the -H option
to tshark to give a hosts file on the command line doesn't work.
add_hosts_file checks the preference and then doesn't actually
read the file from the command line, which is surely never wanted.
Most people don't understand what the option means, despite the
tooltip, and assume that it means "only use the hosts file as a
source of name resolution data", not "when using hosts files as
a source of name resolution data, only use the one from the personal
profile and not any from the global profile, the tshark command line,
or any other source."
Just mark the option as obsolete.
Related to #11470
|
|
inet_netw.c -> inet_cidr.c
inet_netw.h -> inet_cidr.h
|
|
Consolidate code to handle CIDR network addresses in inet_netw.[ch].
|
|
Make sure we always pass at least 6 bytes to ws_manuf_lookup_str().
Fixes #19344.
|
|
Fix OUI lookups for 802.11 and other protocols that use a
dedicated API for manuf lookups and not the normal MAC Address
name resolution code path.
Of note is that the existing code assumes the byte order is
little-endian.
Fixes #19337.
|
|
Move MaxMind lookups to a global Name Resolution preference.
That's a bit of a misnomer (it's not name resolution, but it
is using external sources of data to update information about
a network object), but the MaxMind DB path location is already there.
This means that MaxMind lookups can be disabled with the '-n'
option, and enabled with a 'g' for the '-N' option. This is
significant for tshark, because MaxMind lookups are now synchronous.
Disabling the new global preference also keeps the Endpoints window
from doing MaxMind lookups; currently, even if the IPv4 and IPv6 GeoIP
prefs are disabled the data is still looked up and inserted in the
Endpoints window.
Fix #14692
|
|
Ping #18075
|
|
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.
|
|
Replace:
g_snprintf() -> snprintf()
g_vsnprintf() -> vsnprintf()
g_strdup_printf() -> ws_strdup_printf()
g_strdup_vprintf() -> ws_strdup_vprintf()
This is more portable, user-friendly and faster on platforms
where GLib does not like the native I/O.
Adjust the format string to use macros from intypes.h.
|
|
Add @file markers for most files that
contain functions exported with
WS_DLL_PUBLIC so that Doxygen will
generate documentation for them.
|
|
1. Switch list of manually resolved names from a list to a map
(IP Address --> Custom Hostname)
2. If an address was already in the list, just update the old entry.
Previously this added a new entry anytime somebody would edit a
hostname.
3. Display the previous hostname in the GUI
4. Remove unused manually_resolve_cleanup()
Bug: 11221
Change-Id: I42d5b6267eb6613bdf7783865bc2d30d6bda1147
Reviewed-on: https://code.wireshark.org/review/36059
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use the C-ARES ares_set_servers() API to set a list of DNS servers to use.
The list of DNS servers is controlled through a UAT. There is also a boolean
preference to determine if the custom list should be used. The boolean preference
was added to arbitrate between the "default" list of servers that C-ARES creates
during initialization and using the "custom" list (which may be empty and we don't
want the "default" list to be overwritten)
Bug: 15960
Change-Id: I4ba071777f6bb9bc2fef313b7618908d805c0690
Reviewed-on: https://code.wireshark.org/review/34419
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add a function to convert a string that contains an ethernet address
(including the colons) into a sequence of 6 bytes.
Use the existing internal functions to parse an ethernet address.
Declare the new function as local to libwireshark. It'll be used by
wslua to support ethernet addresses.
While at it, fix an incorrect comment about parse_ether_address(). If
accept_mask is false, only a complete 6-byte ethernet address is
accepted.
Change-Id: Ib03306c44866fe97d3cbff2634411b7f5ec31a79
Reviewed-on: https://code.wireshark.org/review/30162
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
IPv4 and v6 name resolution are bound to a capture file. Using a lua
script, it is possible to trigger a name resolution when no capture file
is open. This crashes Wireshark as the hash tables for name resolution
are not initialized at this time.
martin@reykholt:~/src/wireshark.git/build$ echo "print(Address.ip(\"1.1.1.1\"))" > bla.lua
martin@reykholt:~/src/wireshark.git/build$ ./run/tshark -Xlua_script:bla.lua
Segmentation fault
martin@reykholt:~/src/wireshark.git/build$ echo "print(Address.ipv6(\"::1\"))" > bla6.lua
martin@reykholt:~/src/wireshark.git/build$ ./run/tshark -Xlua_script:bla6.lua
Segmentation fault
Make sure that the hash tables are available as long as the epan library
is initialized. Add a new function host_name_lookup_reset(), call this
function every time we set up dissection for a new capture file. This
way, we keep the name resolution results separate per capture file.
Reorder the steps in init_dissection(). Host name lookup is now
available at all times, there's no need to be in file scope when it's
initialized.
Change-Id: I9599100d5f378b6a0f73dc630e4c8af3b3ffb2cc
Reviewed-on: https://code.wireshark.org/review/29398
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Otherwise, the first N packets printed, for a value of N dependent on
various factors, won't get IP addresses resolved to names, even if the
user wants them resolved. Unlike Wireshark, which, when a name is
resolved in asynchronously, can go back and fix up the displayed packet
when the asynchronous operation completes, once TShark has written
packet data to the standard output, it can't go back and fix it if it
did name resolution asynchronously.
Bug: 14711
Change-Id: I8ebbd83103e5780c903b5560e01b7b92fa39c924
Reviewed-on: https://code.wireshark.org/review/27668
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Skipping dissectors dir for now.
Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa
Reviewed-on: https://code.wireshark.org/review/25694
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Some places (like MAC resolution) want to keep a fixed length, but for places
that want to display "full organization name", save the long name that is
treated as a comment in the manuf file.
Have make-manuf convert companies with all caps to mixed case so we're not
screaming the company name at the user.
Convert the manuf.tmpl to be tab delimited without a comment for the "long name"
so it can match the format now created by make-manuf.
Remove uint_get_manuf_name as it was unnecessary.
Bug: 3666
Change-Id: If2af5a1ce64e2784fe3941eeae8d8093d4f1467b
Reviewed-on: https://code.wireshark.org/review/23150
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Removed get_ipxnet_addr(), get_ether_addr(). If this feature is desired at
a minimum it should use an efficent data structure (and no disk-based
lookups mid-dissection).
Change-Id: Ie72449c631f21f4a3d82ec435bb5e1d7892f122c
Reviewed-on: https://code.wireshark.org/review/22729
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I27517bdfc4d00ee758d3795bd74e54968e70efad
Reviewed-on: https://code.wireshark.org/review/22497
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Various cleanups and corrections regarding MAC address handling.
Change-Id: I31e2e377bc1c73705a89517c776d51bbb19b9ce3
Reviewed-on: https://code.wireshark.org/review/18836
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
bug: 7592
Change-Id: I1af2c5d6664e172c358cd19bc20e9352c2582eae
Reviewed-on: https://code.wireshark.org/review/17677
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ice7533fbeac700dae0a46766838818a32b0d5736
Reviewed-on: https://code.wireshark.org/review/15051
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I932c156cbc6883d1d63bf0457fd62cfb67c3340e
Reviewed-on: https://code.wireshark.org/review/14750
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: Ie5e670b769eb0674950f3679ef511047641c2873
Reviewed-on: https://code.wireshark.org/review/14751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Relevant mailing list message:
https://www.wireshark.org/lists/wireshark-dev/201503/msg00007.html
Change-Id: I0cff6d4d64fb52a651bcf6b28c183e43653b1cc2
Reviewed-on: https://code.wireshark.org/review/14519
Reviewed-by: João Valverde <j@v6e.pt>
|
|
A vlans file in the personal preference directory add an option to resolve
VLAN IDs to a describing name.
Format of vlan file is
123\tName of VLAN
To enable the resolving the preference nameres.vlan_name must be set
to TRUE.
Bug: 11209
Change-Id: I3f00b4897aace89c03c57b68b6c4b6c8b7d4685a
Reviewed-on: https://code.wireshark.org/review/14471
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I0ece488f43aae27e7c055c2edacbf09ff11ce16d
Reviewed-on: https://code.wireshark.org/review/13889
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Have a flag for addresses indicating whether the address is resolved to
a name or whether its "name" is just a printable version of the address.
If the name corresponding to an IP address isn't really a name, don't
assign it to a MAC address.
Clean up some code a bit (have a fill_dummy_ip6() corresponding to
fill_dummy_ip4()).
Bug: 10212
Change-Id: I9d0ffa2706be17842f832c64cea7acc5c1dc6536
Reviewed-on: https://code.wireshark.org/review/13412
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
By analogy to ipv4.h.
Change-Id: I147565b332024b1bb88e9cd15889255773d04524
Reviewed-on: https://code.wireshark.org/review/13034
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't just define it yourself.
(And especially don't define it yourself if you're already including
epan/ipv6-utils.h.)
Change-Id: I9970d0edecef0c820b2a7fdce34509b54e7b3106
Reviewed-on: https://code.wireshark.org/review/13020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I111558df3d36436ddf5e2728f113b022cc48a713
Reviewed-on: https://code.wireshark.org/review/13013
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The functions str_to_ip() and str_to_ip6() are not yet exposed to plugins so
they cannot be used there.
Now they are added to the plugin API.
Change-Id: I9df267934ad43887a6326c8c9a1a666f263c08a2
Reviewed-on: https://code.wireshark.org/review/11728
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Move the definitions of hashipv4_t and hashipv6_t to wiretap/wtap.h, as
that's the main place they're used. Change them a bit not to depend on
other stuff from libwireshark, and change the code as required by those
changes.
This should fix the Solaris build; apparently, the Sun^WOracle compiler
is generating code for static inline functions even if they're never
called, so that libwiretap ends up including code that calls tvbuff and
wmem functions.
There's probably further cleanup that could be done here, but this
should at least fix the build, as well as getting rid of a dependency
between two libraries that are at least somewhat independent (libwiretap
should *not* depend on libwireshark, as some programs use libwiretap but
not libwireshark, and, ultimately, we probably want it to be possible to
use libwireshark without libwiretap but that'd be more work).
Change-Id: I91c745282f17d7c8bff7809aa277eab2b3cf47c1
Reviewed-on: https://code.wireshark.org/review/11537
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|