| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Elements of an array don't have names.
|
|
Add routines to open and close an object, and use them. The open
routine takes a member name as an argument, sets it, and begins an
object; the close routine ends the object.
Have sharkd_json_response_close() end the object, just as
sharkd_json_response_open() begins it.
Have sharkd_session_process_tap_stats_node_cb() take a key and use that
when opening the array.
Have sharkd_session_process_frame_cb_tree() take a key and use that when
opening the array.
This makes the structure of the code better mirror the structure of the
JSON objects it marshals.
If there's a key for a string value, but there's no string value or no
format for a string value, crash with a null-pointer dereference rather
than putting out the key and then, on the next operation, getting a
"json_dumper_bad(): Bad json_dumper state: illegal transition" error as
in, for example, issue #18886. This way, it will be a bit more obvious
what the true error is.
If thre's no key for a base-64 value, crash rather than not setting the
key, for the same reason.
|
|
If dfilter_compile() succeeds, but the filter contains deprecated
tokens, don't report an error from dfilter_compile() as a warning, as
there *is* no error from dfilter_compile(). Instead, report "Filter
contains deprecated tokens". (Feel free to improve the error text.)
Fixes the crash, at least, in #18886.
|
|
The token format used by rtp-analyse and rtp-download expect the SSRC
field to be a hex string parsable by `ws_hexstrtou32()` as seen in
sharkd_session.c:760. The output from tap:rtp-streams was displaying
it as an unsigned integer.
For consistency, this field is now displayed as a hex string in the
output.
If the call to download an RTP stream did not match any payloads, Sharkd
would not return any information at all.
This now returns an error message indicating that there is no RTP data
available.
Adds three new selftests and sample pcap.
|
|
Fixes a bug when the return value from load_cap_file() is nonzero.
No response is currently returned causing the client to hang. A non-zero
error code can happen for a variety of reasons, one of which is when the
PCAP is truncated.
An error message from cfile_read_failure_message() is displayed on the
console, but no data was returned to the RPC client.
This adds a call to wtap_strerrror() to look up a human consumable error
message for the specific error code returned during wtap_read().
Adds new self-test to suite_sharkd.py
|
|
The 'frame' command accepts both 'prev_frame' and 'ref_frame' as arguments.
Both should be defined as a UINTEGER rather than a BOOL.
|
|
|
|
The `color_t_to_rgb` method returns an unsigned int, taking a 32-bit
color code and reducing it to an integer. Sharkd displays these as hex
colors.
However, if this color is missing a Red or Green component, the hex
output is missing the zero-padding for those parts of the color,
resulting in the wrong or invalid hex code.
This patch simply pads the output with zeros.
|
|
|
|
Remove bundled code and use vcpkg binary library instead.
|
|
Return an struct containing error information. This simplifies
the interface to more easily provide richer diagnostics in the future.
Add an error code besides a human-readable error string to allow
checking programmatically for errors in a robust manner. Currently
there is only a generic error code, it is expected to increase
in the future.
Move error location information to the struct. Change callers and
implementation to use the new interface.
|
|
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
|
|
More {host, hostlist} -> endpoint.
|
|
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
|
|
Move all the declarations of routines that are internal and
not for use by dissectors from column-utils.h column-info.h
Move the column max length defines into column-utils.h because
dissectors might need that
Since packet.h already includes column-utils.h, dissectors don't
need to include column-utils.h anymore.
Remove or downgrade a few other column header includes that are
unnecessary.
|
|
Add a function to get the column text of the nth column, taking
into account whether the column is resolved or unresolved. Use
this function in the GUI, as well as in tshark, when writing
PSML, exporting dissection to PSML, etc., instead of accessing
col_data directly.
This removes the direct accesses of col_data from outside
column.c and column-utils.c
Fix #18168.
|
|
This allows flags to be passed by the registering listener
to the collection of information
|
|
|
|
|
|
Use macros from inttypes.h.
|
|
Use macros from inttypes.h with format strings.
|
|
sharkd_session.c:3307:18: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
|
|
Without that, you could add a comment to a record in a file format the
reading code for which doesn't allocate blocks, but the comment doesn't
get saved, as there's no block in which to save the comment option.
This simplifies some code paths, as we're either using the record's
modified block or we're using the block as read from the file, there's
no third possibility.
If we attempt to read a record, and we get an error, and a block was
allocated for the record, unreference it, so the individual file readers
don't have to worry about it.
|
|
The compiler pointed them out. I'm not sure what purpose they were meant
to serve originally but they're dead now.
|
|
Extend sharkd_dissect_request() so that it can replace
sharkd_dissect_columns().
Have it return a status indicating success, invalid frame number, or
read error, so that the caller knows what the problem is.
Pass it pointers to the wtap_rec and Buffer to use when reading packets
from the file, so that if it's called in a loop iterating over all
frames, those structures can be initialized once, before the loop, and
cleaned up once, after the loop, rather than doing both once per loop
iteration.
Pass pointers to the read error code and additional read error
information string pointer, so that, on a file read error, that
information is available to the caller.
Get rid of sharkd_dissect_columns(); instead, use
sharkd_dissect_request(), with code from the loop body pulled into a
callback routine. Fix that code to correctly determine whether the
current frame has any comments, rather than just treating all frames
that have blocks as having comments.
Use _U_ to mark arguments as unused, rather than throwing in a
(void) variablename;
statement.
Move some variables used only within a loop into the for() statement or
the loop body.
|
|
"User" sounds as if the blocks belong to the user; at most, the current
user might have modified them directly, but they might also have, for
example, run a Lua script that, unknown to them, modified comments.
Also, a file might have "user comments" added by a previous user, who
them wrote the file and and provided it to the current user.
"Modified" seems a bit clearer than "changed".
|
|
Mostly functioning proof of concept for #14329. This work is intended to
allow Wireshark to support multiple packet comments per packet.
Uses and expands upon the `wtap_block` API in `wiretap/wtap_opttypes.h`.
It attaches a `wtap_block` structure to `wtap_rec` in place of its
current `opt_comment` and `packet_verdict` members to hold OPT_COMMENT
and OPT_PKT_VERDICT option values.
|
|
Version info is an aspect of UI implementation so move it to
a more appropriate place, such as ui/. This also helps declutter
the top-level.
A static library is appropriate to encapsulate the dependencies
as private and it is better supported by CMake than object libraries.
Also version_info.h should not be installed as a public header.
|
|
|
|
With int we have a implicit conversion loses integer precision warning
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The *real* maximum object size is size_t, so change payload_len
to match this.
|
|
All users of ssl_export_sessions() calculates the length of the
returned string, so let's return the length instead.
|
|
Retap and UI response are much faster when many RTP streams are
processed. RTP Streams/Analyse 1000+, RTP Player 500+.
Changes:
- RTP streams are searched with hash, not by iterating over list.
- UI operations do not redraw screen after every change, just after all
changes. UI is locked when rereading packets.
- Sample list during RTP decoding is stored in memory so wireshark uses
just half of opened files for audio decoding than before.
- Analysis window checkbox area is limited in height
- Dialogs shows shows count of streams, count of selected streams and
count of unmuted streams
- Documentation extended with chapter about RTP decoding parameters
- Documentation extended with performance estimates
|
|
Changes:
- epan/follow.c: follow_conv_filter_func has new parameter
epan_dissect_t *edt, so filter can be generated based on decoded tree
of packet below the cursor
- menu Follow/SIP Call is enabled when sip packet is selected
- value of sip.Call-ID is used as filter for SIP call
- for sharkd it generates filter just 'sip.Call-ID' with no value
|
|
g_memdup() was deprecated and replaced with g_memdup2() in GLib 2.68,
we provide our own copy of g_memdup2() for older GLib versions.
|
|
Since fe94133f0d06935bb5f2afe21f59bbb078d3d9d3 ws_snprintf()
and ws_vsnprintf() don't actually do anything anymore.
The return value of ws_[v]snprintf was discarded before,
now it too conforms to C99.
|
|
This change adds code to allow the selection of a configuration
profile during sharkd start by adding a -C command line option.
A new -a option has been added to specify the api service
endpoint e.g. tcp:127.0.0.1:4446
The change also adds version display (-v) and help display (-h) options.
These additions have been made in a way to ensure that the original
command line options still work correctly to maintain backward
compatibility.
The new options have been added using the getopt_long(...) function
that is used by tshark to simplify the addition of further command
line options.
Closes #17222
|
|
VoIP Calls dialog and RTP Streams dialog has now option to apply display
filter dialog during processing packets.
Filter checkbox is activated during dialog open when display filter is active.
New field apply_display_filter had to be added to voip_calls_tapinfo_t and
_rtpstream_tapinfo/rtpstream_tapinfo_t structures.
|
|
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
|
|
Bug: 16780
Change-Id: I07ca12675fc79a7c524719d18b85e5d3dada6652
Reviewed-on: https://code.wireshark.org/review/38160
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
warning: ‘%s’ directive argument is null [-Wformat-overflow=]
544 | fprintf(stderr, "load: filename=%s\n", tok_file);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: I583a94308ad53b461606053def17e8537eec8d65
Reviewed-on: https://code.wireshark.org/review/37195
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Although c-ares support was techically optional, it was either on by
default or required in all of our packaging. Go ahead and require it
globally. C-ares is widely available and synchronous name resolution can
easily result in a horrific user experience.
Change-Id: Id67c797316ed6b8a0ab5052e55a43a1b9e2a2464
Reviewed-on: https://code.wireshark.org/review/35188
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
