Age | Commit message (Collapse) | Author | Files | Lines |
|
It's been broken for over a year, needs to be modernized and as
implemented it's a maintenance nightmare. Get rid of it.
Ping-Bug: 13036
Change-Id: I34a6e4c28b6d3b96dd6550dd21e9cbeaf050d58f
Reviewed-on: https://code.wireshark.org/review/23967
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: Iedae94ffefe27b13b1967d69cacb757b5aa4576d
Reviewed-on: https://code.wireshark.org/review/23928
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
NULL checks were removed for following free functions:
- g_free "If mem is NULL it simply returns"
https://developer.gnome.org/glib/stable/glib-Memory-Allocation.html#g-free
- g_slist_free(_full)? "NULL is considered to be the empty list"
https://developer.gnome.org/glib/stable/glib-Singly-Linked-Lists.html
- g_strfreev "If str_array is NULL, this function simply returns."
https://developer.gnome.org/glib/stable/glib-String-Utility-Functions.html#g-strfreev
- g_slice_free "If mem is NULL, this macro does nothing."
https://developer.gnome.org/glib/stable/glib-Memory-Slices.html#g-slice-free
- g_match_info_free "not NULL... otherwise does nothing"
https://developer.gnome.org/glib/stable/glib-Perl-compatible-regular-expressions.html#g-match-info-free
- dfilter_free defined in Wireshark code. Returns early when passed NULL
epan/dfilter/dfilter.c
They were also removed around calls to g_strdup where applicable:
- g_strdup "If str is NULL it returns NULL."
https://developer.gnome.org/glib/stable/glib-String-Utility-Functions.html#g-strdup
Change-Id: Ie80c2db89bef531edc3aed7b7c9f654e1d654d04
Reviewed-on: https://code.wireshark.org/review/23406
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Autotools has the very useful feature by design of allowing the user
to override the default build flags (you break it you keep it).
Apparently CMake applies COMPILE_OPTIONS target property after
CMAKE_{C,CXX}_FLAGS so that doesn't work here. Prepend our flags to those
variables instead to make it work then.
Specific target flag overrides can still be added with COMPILER_OPTIONS
(e.g: generated files with -Wno-warning) but this is less effective and
then we're back at the point where this overrides user flags. It's less
of a concern though.
Change-Id: I44761a79be4289238e02d4e781fef0099628817b
Reviewed-on: https://code.wireshark.org/review/23675
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I0f343ab69a6592a466e12e5d258f0878b9c32c25
Reviewed-on: https://code.wireshark.org/review/23752
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: If145137bfd44025ccab762b67960072777efd302
Reviewed-on: https://code.wireshark.org/review/23750
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Add a CMake target that dumps the help output for our command line tools
to individual files. Include those files in the tools appendix instead
of pasting them in manually.
Fixup the output of some tools so that they pass the pre-commit checks.
Change-Id: I925f24818422a190927a96531c21f4d16d3fe5b5
Reviewed-on: https://code.wireshark.org/review/23737
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Icd64014b597a8e60d2aff9d180c441c6ffccff26
Reviewed-on: https://code.wireshark.org/review/23329
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: Ie7376ac5fd8a950e3c1c744ce4701b14ee1849ea
Reviewed-on: https://code.wireshark.org/review/23664
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
NetMon apparently didn't zero out the file header, so those fields have
random values in pre-2.2.
Change-Id: I3aeede6ab273d57ca937a5e18e67223fb4ed18da
Reviewed-on: https://code.wireshark.org/review/23666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
IXIA^WKeysight Technologies's vitual IxNetwork version 8.30 will
create capture files in a modified format: It uses a different magic
and adds the total size of all records, i.e. the filesize minus the
headersize. Add support for this.
v2: Different file types use different magic numbers.
Not yet tested/supported: The default fileending is .lcap
Bug: 14073
Change-Id: Ida90b188ca66a78ff22dca237e4fd6b22e02dc14
Reviewed-on: https://code.wireshark.org/review/23614
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iace0462e6bb50573f3e4603f7a19e4b7ee1f9733
Reviewed-on: https://code.wireshark.org/review/23541
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: Ie618ed61fb098bfe55529e31e9cc3f6bfe7d4ac0
Reviewed-on: https://code.wireshark.org/review/23575
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If we're not going to subtract 4 from actual_octets, there's no reason
to treat actual_octets < 4 as an error.
This makes the "subtract 4 octets of crap" code similar in all cases,
hopefully further reducing the opacity of the code.
Change-Id: I41cda101b321422ce5fd4474fb6903bfe471cb63
Reviewed-on: https://code.wireshark.org/review/23534
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(In the hope of making the code slightly less opaque.)
Change-Id: Ic635eedac4eb9fb764b3633c9003608b9b4ae3df
Reviewed-on: https://code.wireshark.org/review/23533
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie9fe895a2763e74a5f1e25f3f1b9d63e02c0bd71
Reviewed-on: https://code.wireshark.org/review/23532
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Be consistent in the treatment of those 4 octets.
Change-Id: If35c94bd299c3e7ec76306daf325d5aa5e3a19b9
Reviewed-on: https://code.wireshark.org/review/23530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
error.
Also fix some whitespace "errors".
Change-Id: Ic1dc1bad6dafbbc21a87665675e654cd322178a0
Bug: 14051
Reviewed-on: https://code.wireshark.org/review/23476
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
There may be some amount of bogosity involved but initialize the
variables and add a default case to prevent the noise and the build
from breaking with -Werror.
Change-Id: I20432ea74a1e5edc28be75a97077c9aa7bc87a35
Reviewed-on: https://code.wireshark.org/review/23426
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
It's just a WTAP_ENCAP_IEEE_802_11
Change-Id: I7369fac06a7d63812bb7ce7b3c16b9fe606f544c
Reviewed-on: https://code.wireshark.org/review/23418
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
For a sane plugin build environment. Include config.h as the first
header in the .c file instead.
Fix by moving required compiler attribute macros to a new
"ws_attributes.h" API header.
Change-Id: I34f58a927f68c1a0e59686c14d214825149749e1
Reviewed-on: https://code.wireshark.org/review/23400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I85fd990781a47e738c22bff0218aabdc04122e15
Reviewed-on: https://code.wireshark.org/review/23403
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Normally a .cap file contains a network type that when masked with 0xFFF
will convert to a pcap LINKTYPE_ value. However, Microsoft Analyzer
used 0xE080-0xE08A for their own purposes within a .cap file.
Add support for the WPFCapture formats and give a "not supported" error
message to the few left unsupported.
Bug: 10556
Change-Id: I321a75ce769fdec75bdc6b595936c25932950a97
Reviewed-on: https://code.wireshark.org/review/23386
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 4221
Change-Id: I59aff777c364af1a064e1e99ea9ac6692a4cedfa
Reviewed-on: https://code.wireshark.org/review/23333
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
There isn't a place at the moment that uses it, but prepare
that use by parsing out the process info table and placing
it the netmon private data.
Bug: 4224
Ping-Bug: 1184
Change-Id: I6186b3dce0333042357089d8517c8b47b5ff7f70
Reviewed-on: https://code.wireshark.org/review/23316
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The NetMon wiretap reads the title and description comment fields from a
NetMon file and saves it in the wiretap private structure. Then when
it's time to make a frame, the comment fields are added to a NetMon
pseudoheader with a new WTAP ENCAP type, with the potential for netmon
pseudoheader to contain pseudoheader data from "base" wiretap. Then the
netmon_header dissector displays the comment fields and passes any "base"
wiretap pseudoheader data when calling the wtap_encap dissector table
that the frame dissector normally calls.
Bug: 4225
Change-Id: I8f772bc9494364c98434c78b61eb5a64012ff3b9
Reviewed-on: https://code.wireshark.org/review/23210
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Assigned a WTAP_ENCAP value (WTAP_ENCAP_NETMON_NET_NETEVENT) for the
dissection of Event Tracing records inside a NetworkMonitor file.
Ping-Bug: 6520
Ping-Bug: 6694
Change-Id: Ib100f3779095842e78f9b7741e80258aa866d818
Reviewed-on: https://code.wireshark.org/review/23278
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ibd89fcb8e9fc2aa7e368eb8723fb367db5e8d11e
Reviewed-on: https://code.wireshark.org/review/23245
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use this for nordic_ble dissection.
Change-Id: I5323cbd8c244c4e3b645825c60d040e1ae8f3b81
Reviewed-on: https://code.wireshark.org/review/23219
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Undo most of the changes, but turn the return at the end of the default
case into a break.
Change-Id: I022b62a85254ff188f19fd3d7c3fe40b0789b3d2
Reviewed-on: https://code.wireshark.org/review/22695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit 74a2ae4abac3be78d140d9671fa79977de449ed1.
No, that's just Coverity not understanding macros *again*, and thinking a particular expanded instance of a macro is the result of some human being silly rather than of the arguments being such that some computations can be elided at compile time.
Change-Id: I40f2ad8bf018b0df02d90ed0e272505be68dae7e
Reviewed-on: https://code.wireshark.org/review/22693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CIDs 1415436.
Change-Id: I21ada7a308d888b4cbb8557197a2e30bda118f44
Reviewed-on: https://code.wireshark.org/review/22691
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Convert it to a 4-byte value and byte-swap *that*.
Fixes CID 1415438.
Change-Id: I5cf0b5905f5dd2086c5d8ed6b13b1921bdb69a84
Reviewed-on: https://code.wireshark.org/review/22689
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CID 1415439.
Change-Id: Id2609c0828561c560820f9cb5e6b5a0ae614aead
Reviewed-on: https://code.wireshark.org/review/22686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The array of headers has MAX_ERF_EHDR entries, and the additional
entries are appended after the first entry, so that leaves room for at
most MAX_ERF_EHDR - 1.
Fixes CID 1415440.
Change-Id: Iaa2c3577bbff429bcc1301e4cfdf1961f067be93
Reviewed-on: https://code.wireshark.org/review/22684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
A packet time stamp is an nstime_t, and the seconds part of an nstime_t
is a time_t.
Change-Id: Id2452ceb2f33f43e4a040436d7b3ea1a5c4a0be3
Reviewed-on: https://code.wireshark.org/review/22673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
A linktype was recently assigned to Linux vsock in libpcap commit
cfdded36ddcf5d01e1ed9f5d4db596b744a6cda5 ("added DLT_VSOCK for
http://qemu-project.org/Features/VirtioVsock").
The Wireshark vsock dissector can now be automatically applied when
wtap_encap matches the new WTAP_ENCAP_VSOCK constant.
This patch makes Wireshark dissect vsock packet captures without
manually specifying the dissector.
Change-Id: If252071499a61554f624c9ce0ce45a0ccfa88d7a
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22611
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
It needed to be done:
https://github.com/shirriff/pup-wireshark
(And, yes, there really *is* a DLT_/LINKTYPE_ for it! The original DLT_
values were ARP hardware types, and 3MB Ethernet was assigned an ARP
hardware type of 2.)
Change-Id: I60d96c28e67854adcb28c7e3579ae5dd1f07df4b
Reviewed-on: https://code.wireshark.org/review/22336
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
In change 18a3b0659c209a2e0121eacd640b75e6c1c3b87d, I moved the table
that uses it, but not the actual definition, from libpcap.c to
pcap-common.c; they both should have been moved. Make it so.
Change-Id: I266fce455df3848b873cdfadb12cecdbf9c8d4d3
Reviewed-on: https://code.wireshark.org/review/22216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have them all be "usb-XXX", where XXX indicates the type of header.
Change-Id: I7f1bfea7e264b17c57f94c484d64d1cce91b9b78
Reviewed-on: https://code.wireshark.org/review/22147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iec2126fa1b71d9923ef0fb9ca2a027f7752d71f3
Reviewed-on: https://code.wireshark.org/review/22144
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Correct some symbolic references in source file comments
and add a note about the CMake configuration options.
Change-Id: Idb670a2c798c2a52cdce142340ce8fc5a2022508
Reviewed-on: https://code.wireshark.org/review/22138
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I5797407a18fda674b2c9b2cc1c192c211c91c496
Reviewed-on: https://code.wireshark.org/review/22052
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add support for handling LoRaTap (https://github.com/eriknl/LoRaTap) DLT in
wiretap and add dissector for LoRaTap headers.
Exposes Syncword for subdissectors to dissect frame payload.
Change-Id: Ie4ba2189964376938f45eb3da93f2c3376042e85
Reviewed-on: https://code.wireshark.org/review/21915
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Either 1) it can be determined from the libwiretap encapsulation type,
in which case it's redundant information or 2) there *is* no pcap/pcapng
link-layer header type for that encapsulation type, in which case you
need to check for the attempt to determine it failing and handle that
failure appropriately.
Change-Id: Ie9557b513365c1fc8c6df74b9c8239e29aad46bc
Reviewed-on: https://code.wireshark.org/review/21924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
For HT mixed, set it the same way it's set for HT greenfield.
For pre-HT, set it to 0.
Also, for the "unknown" case, set rate_mcs_index to 0.
This should obviate the need to initialize either of those variables,
don't initialize them, so that failing to set them in an arm of the
switch statement shows up as an error if the compiler's dataflow
analysis actually bothers to check this.
Change-Id: I92703770dd5000a579b53609fb93a2085fd9fca3
Reviewed-on: https://code.wireshark.org/review/21573
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Clang Analyzer
Change-Id: I45766c7e89a009176ae56fe9e9f5a8dd63b2995b
Reviewed-on: https://code.wireshark.org/review/21567
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|