Age | Commit message (Collapse) | Author | Files | Lines |
|
Replace various almost-the-same get_frame_ts routines with a common
routine.
|
|
Named pipes have special names on Windows
( https://learn.microsoft.com/en-us/windows/win32/ipc/pipe-names )
If we're on Windows, and the interface name given has such a name,
assume it is a pipe and don't bother retrieving the interface list.
Dumpcap and rawshark already have identical code for testing if an
interface name is a pipe. Move that into win32-utils and have
capture_opts, dumpcap, and rawshark all use the common function.
Fix #17721
|
|
pcapng allows simple packet blocks (which don't have timestamps),
enhanced packet blocks (which do) and custom blocks (which might
or might not have timestamps, and even if they do have timestamps,
libwiretap might not know about them), and so some records may have
timestamps while others do not.
Do not use frames without timestamps in delta time calculations.
Don't use them as reference frames for time calculations, or for
the previously displayed frame for time calculations, where the
previously displayed frame that actually has a timestamp is used.
Have the various _get_frame_ts functions return null instead of
their ts value (that is currently handled; if records without
timestamps set their abs_ts to the special "unset" value of nstime_t
that could work too, except that isn't currently handled.)
Still allow the GUI to set frames without timestamps as "Time
References", because that does still affect the "Cumulative Bytes"
column, so it's not entirely pointless; unset the reference time
so that the timestamp from the next frame that does have a timestamp
will be used as reference time.
The "previous captured frame" will show a 0 time delta when
the previous frame doeesn't have a timestamp. Perhaps a user
would also want "previous captured frame with a timestamp,"
but we'd have to store that in frame data (adding memory to
that struct.)
Fix #19397
|
|
The tshark man page and help claims to support the --read-file,
--read-filter, and --display-filter long options. Make it so.
Programs have to dissect in order to run filters, so add the
filtering options to dissect_opts.h, which Wireshark, tshark,
and rawshark already include, so that they stay consistent
between applications.
Reading a file is a common activity that we might want to have
more (all?) command line tools support with the same syntax
eventually, so add that to clopts_common.h
rawshark doesn't distinguish between read filters and display
filters; to make things easy and consistent, make them synonymous
for rawshark.
Fix #19365
|
|
Fix misppellings in root and ui directories.
Most of these are comments, but some are in
error messages.
|
|
Instead of adding a TFS(&tfs_true_false) to every boolean
field, make it the default if "strings" is NULL.
This seems to match the already existing documentation:
If the Boolean field is to be displayed as "False" or "True", the
'strings' field would be set to NULL.
|
|
Putting it there makes it not obvious why the check is being done.
Instead, do the check before calling timestamp_set_precision() - and do
the same for timestamp_set_type(), as, in both cases, the _NOT_SET value
means that no command-line option was specified to set the timestamp
type or precision, so there's nothing to set them *to*.
|
|
It's in the latest Single UNIX Standard, but OpenBSD doesn't have it as
of 7.3.
While we're at it, if setrlimit() fails, report what error it got.
|
|
--disable-all-protocols will mark all protocols as disabled by default,
and then disable them. Certain protocols can then be enabled one by one
by using --enable-protocol.
--only-protocols is a helper option to make it easier to enable only
certain protocols It's equivalent to passing --disable-all-protocols and
then several --enable-protocol options. It accepts a comma separated
list of protocols. First all protocols will be disabled, and then all
protocols included in the list will be enabled one by one.
Side-note, it wouldn't make much sense to enable only "tcp" for example
without enabling the protocols in the lower layers (e.g: eth, sll, ip,
ipv6). In this case, something like --only-protocols eth,sll,ip,ipv6,tcp
will generally be needed in order to make sure that TCP is decoded.
Signed-off-by: Juanma Sanchez <juasanch@redhat.com>
|
|
Rename IS_FT_*() to FT_IS_*(). I find it to be more natural and
a better namespace for a public interface.
|
|
Make it easier and more natural to test for errors and hand-over
error results.
|
|
Exposing the fvalue_t implementation is exposing internal
details of the implementation. Fix that by making the fvalue_t
internal to the ftypes implementation and using setters/getters
where necessary.
|
|
Use the common dissection options processing for rawshark.
This means that the error message for resolving options includes
all the possible resolving options (e.g. instead of omitting VLAN).
This add support for the other options, which generally make sense,
like enabling and disabling protocols and heuristics.
The only option that isn't supported is the Decode As option, only
because '-d' is used by rawshark for its payload link layer type /
dissector selection.
|
|
|
|
|
|
|
|
|
|
Return an struct containing error information. This simplifies
the interface to more easily provide richer diagnostics in the future.
Add an error code besides a human-readable error string to allow
checking programmatically for errors in a robust manner. Currently
there is only a generic error code, it is expected to increase
in the future.
Move error location information to the struct. Change callers and
implementation to use the new interface.
|
|
|
|
Wait up to 30 seconds for extcap process to finish after closing pipes.
The wait is achieved in non-blocking fashion, i.e. the UI is completely
responsive during the wait. Only actions related to capture process like
capture control, file open, save, export are inactive during the wait.
On Windows extcap child watch callback gets called immediately as the
process is forcefully terminated. Prior to this change the extcap was
forcefully terminated on Windows anyway.
The wait is possible on UNIX systems if extcap does handle SIGPIPE and
SIGTERM signals. The defaults handlers for SIGPIPE and SIGTERM simply
terminate the process so for large number of extcaps there is no change.
If extcap does not finish within 30 seconds, it is forcefully terminated
using SIGKILL signal.
|
|
This allows flags to be passed by the registering listener
to the collection of information
|
|
Rename init_progfile_dir to configuration_init. Add an argument which
specifies our configuration namespace, which can be "Wireshark"
(default) or "Logwolf".
|
|
|
|
Add docs/diagnostic-options.adoc, which is a snippet that documents our
various --log-* options. Include it in the dumpcap, rawshark, and tshark
man pages.
Make the ws_log_print_usage output more consistent.
|
|
Use macros from inttypes.h.
|
|
Use macros from inttypes.h with format strings.
|
|
wireshark/rawshark.c:1239:15: warning: ‘fs_ptr’ may be used
uninitialized in this function [-Wmaybe-uninitialized]
printf(" %d=\"%s\"", cmd_line_index, fs_ptr);
^
wireshark/rawshark.c:1120:26:
note: ‘fs_ptr’ was declared here
char *fs_ptr;
^
|
|
Say that the preference is "obsolete", not "unknown".
Wireshark GUI already uses this language.
|
|
|
|
The header ftypes-int.h should not be used outside of epan/ftypes
because it is a private header.
The functions fvalue_free() and fvalue_cleanup() need not and should
not be macros either.
|
|
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: guint32_to_str_buf(fv->value.uinteger, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: guint64_to_str_buf(val, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: '=': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: fs_len = strlen(fs_buf); [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: ^ [C:\Development\wsbuild-msvc\rawshark.vcxproj]
|
|
This function is unnecessary. Clients are receiving a wmem-allocated
buffer and have no need to know the length apriori.
|
|
This is part of the API and should also be renamed to avoid conflicts.
|
|
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
|
|
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
|
|
Initialiaze the cmdarg error stream earlier.
Dumpcap also needs to know earlier if it is running in capture
child mode.
|
|
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
|
|
|
|
|
|
|
|
A domain filter can be given in the environment variable
'WS_LOG_DOMAINS' or in a command-line options "--log-domains".
The filter is specified as a comma separated case insensitive list,
for example:
./tshark --log-domains=main,capture
Domain data type switches from an enum to a string. There is no
constaint on adding new domains, neither in code or at runtime.
The string format is arbitrary, only positive matches will produce
output.
|
|
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
|
|
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
|
|
The secs field is a time_t, which is not necessarily 32 bits. If it's
not, casting away the upper bits, by casting to guint32, introduces a
Y2.038K bug.
Either cast to time_t or, if you're assigning a time_t to it, don't
bother with the cast.
|
|
"Commonly-used" meaning "used by more than one source file".
Clean up the exit codes, combining some duplicates with different names,
and using some instead of raw numbers in some places.
|
|
The distinction between the different kinds of capture utility
may not warrant a special subfolfer for each, and sometimes the
distinction is not be clear or some functions could stradle
multiple "categories" (like capture_ifinfo.[ch]).
Simplify by having only a generic 'capture' subfolder. The
separate CMake libraries are kept as a way to reuse object code
efficiently.
|
|
Have routines to report capture-file errors, using libwireshark error
codes and strings, that call through a pointer, so they can pop up
dialogs in GUI apps, print a message to the standard error on
command-line apps, and possibly do something different on server
programs.
Have init_report_message() take a pointer to structure containing those
function pointers, rather than the function pointers themselves, as
arguments.
Make other API changes to make that work.
|
|
Eliminate WTAP_FILE_TYPE_SUBTYPE_ERF and
WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL - instead, fetch the values by
name, using wtap_name_to_file_type_subtype().
This requires that wtap_init() be called before epan_init(); that's
currently the case, but put in comments to indicate why it must continue
to be the case.
|
|
Add it to the default list of checks, and fix some errors it causes.
(Sadly, it doesn't work in CLang.)
|
|
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
|