#include <wsutil/clopts_common.h>
#include <wsutil/cmdarg_err.h>
-#include <wsutil/crash_info.h>
#include <wsutil/filesystem.h>
#include <wsutil/file_util.h>
#include <wsutil/privileges.h>
#include <wsutil/report_message.h>
+#include <cli_main.h>
#include <version_info.h>
#include <wiretap/wtap_opttypes.h>
#include <wiretap/pcapng.h>
#include <epan/rtd_table.h>
#include <epan/ex-opt.h>
#include <epan/exported_pdu.h>
+#include <epan/secrets.h>
#include "capture_opts.h"
#include "caputils/capture_ifinfo.h"
#ifdef _WIN32
#include "caputils/capture-wpcap.h"
-#include <wsutil/unicode-utils.h>
#endif /* _WIN32 */
#include <capchild/capture_session.h>
#include <capchild/capture_sync.h>
*/
#define LONGOPT_COLOR (65536+1000)
#define LONGOPT_NO_DUPLICATE_KEYS (65536+1001)
-#ifdef HAVE_JSONGLIB
#define LONGOPT_ELASTIC_MAPPING_FILTER (65536+1002)
-#endif
#if 0
#define tshark_debug(...) g_warning(__VA_ARGS__)
fprintf(output, " -Y <display filter> packet displaY filter in Wireshark display filter\n");
fprintf(output, " syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
- fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
+ fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtdv\"\n");
fprintf(output, " -d %s ...\n", DECODE_AS_ARG_TEMPLATE);
fprintf(output, " \"Decode As\", see the man page for details\n");
fprintf(output, " Example: tcp.port==8888,http\n");
/*fprintf(output, "\n");*/
fprintf(output, "Output:\n");
+#ifdef PCAP_NG_DEFAULT
+ fprintf(output, " -w <outfile|-> write packets to a pcapng-format file named \"outfile\"\n");
+#else
fprintf(output, " -w <outfile|-> write packets to a pcap-format file named \"outfile\"\n");
+#endif
fprintf(output, " (or to the standard output for \"-\")\n");
fprintf(output, " -C <config profile> start with specified configuration profile\n");
+#ifdef PCAP_NG_DEFAULT
fprintf(output, " -F <output file type> set the output file type, default is pcapng\n");
+#else
+ fprintf(output, " -F <output file type> set the output file type, default is pcap\n");
+#endif
fprintf(output, " an empty \"-F\" option will list the file types\n");
fprintf(output, " -V add output of packet tree (Packet Details)\n");
fprintf(output, " -O <protocols> Only show packet details of these protocols, comma\n");
fprintf(output, " --no-duplicate-keys If -T json is specified, merge duplicate keys in an object\n");
fprintf(output, " into a single key with as value a json array containing all\n");
fprintf(output, " values\n");
-#ifdef HAVE_JSONGLIB
fprintf(output, " --elastic-mapping-filter <protocols> If -G elastic-mapping is specified, put only the\n");
fprintf(output, " specified protocols within the mapping file\n");
-#endif
fprintf(output, "\n");
fprintf(output, "Miscellaneous:\n");
output = stdout;
- fprintf(output, "TShark (Wireshark) %s\n", get_ws_vcs_version_info());
+ fprintf(output, "%s\n", get_appname_and_version());
fprintf(output, "\n");
fprintf(output, "Usage: tshark -G [report]\n");
fprintf(output, " -G column-formats dump column format codes and exit\n");
fprintf(output, " -G decodes dump \"layer type\"/\"decode as\" associations and exit\n");
fprintf(output, " -G dissector-tables dump dissector table names, types, and properties\n");
-#ifdef HAVE_JSONGLIB
fprintf(output, " -G elastic-mapping dump ElasticSearch mapping file\n");
-#endif
fprintf(output, " -G fieldcount dump count of header fields and exit\n");
fprintf(output, " -G fields dump fields glossary and exit\n");
fprintf(output, " -G ftypes dump field type basic and descriptive names\n");
}
int
-main(int argc, char *argv[])
+real_main(int argc, char *argv[])
{
- GString *comp_info_str;
- GString *runtime_info_str;
char *init_progfile_dir_error;
int opt;
static const struct option long_options[] = {
{"export-objects", required_argument, NULL, LONGOPT_EXPORT_OBJECTS},
{"color", no_argument, NULL, LONGOPT_COLOR},
{"no-duplicate-keys", no_argument, NULL, LONGOPT_NO_DUPLICATE_KEYS},
-#ifdef HAVE_JSONGLIB
{"elastic-mapping-filter", required_argument, NULL, LONGOPT_ELASTIC_MAPPING_FILTER},
-#endif
{0, 0, 0, 0 }
};
gboolean arg_error = FALSE;
gchar *err_str;
#else
gboolean capture_option_specified = FALSE;
+ int max_packet_count = 0;
#endif
gboolean quiet = FALSE;
#ifdef PCAP_NG_DEFAULT
gchar *volatile pdu_export_arg = NULL;
char *volatile exp_pdu_filename = NULL;
exp_pdu_t exp_pdu_tap_data;
-#ifdef HAVE_JSONGLIB
const gchar* elastic_mapping_filter = NULL;
-#endif
/*
* The leading + ensures that getopt_long() does not permute the argv[]
cmdarg_err_init(failure_warning_message, failure_message_cont);
#ifdef _WIN32
- arg_list_utf_16to8(argc, argv);
create_app_running_mutex();
#endif /* _WIN32 */
#endif /* HAVE_LIBPCAP */
#endif /* _WIN32 */
- /* Get the compile-time version information string */
- comp_info_str = get_compiled_version_info(get_tshark_compiled_version_info,
- epan_get_compiled_version_info);
-
- /* Get the run-time version information string */
- runtime_info_str = get_runtime_version_info(get_tshark_runtime_version_info);
-
- /* Add it to the information to be reported on a crash. */
- ws_add_crash_info("TShark (Wireshark) %s\n"
- "\n"
- "%s"
- "\n"
- "%s",
- get_ws_vcs_version_info(), comp_info_str->str, runtime_info_str->str);
- g_string_free(comp_info_str, TRUE);
- g_string_free(runtime_info_str, TRUE);
+ /* Initialize the version information. */
+ ws_init_version_info("TShark (Wireshark)", get_tshark_compiled_version_info,
+ epan_get_compiled_version_info,
+ get_tshark_runtime_version_info);
/* Fail sometimes. Useful for testing fuzz scripts. */
/* if (g_random_int_range(0, 100) < 5) abort(); */
case 'X':
ex_opt_add(optarg);
break;
-#ifdef HAVE_JSONGLIB
case LONGOPT_ELASTIC_MAPPING_FILTER:
elastic_mapping_filter = optarg;
break;
-#endif
default:
break;
}
write_prefs(NULL);
else if (strcmp(argv[2], "dissector-tables") == 0)
dissector_dump_dissector_tables();
-#ifdef HAVE_JSONGLIB
else if (strcmp(argv[2], "elastic-mapping") == 0)
proto_registrar_dump_elastic(elastic_mapping_filter);
-#endif
else if (strcmp(argv[2], "fieldcount") == 0) {
/* return value for the test suite */
exit_status = proto_registrar_dump_fieldcount();
* file.
*/
output_file_name = g_strdup(optarg);
+ } else if (opt == 'c') {
+ max_packet_count = get_positive_int(optarg, "packet count");
} else {
capture_option_specified = TRUE;
arg_error = TRUE;
break;
case 'h': /* Print help and exit */
- printf("TShark (Wireshark) %s\n"
- "Dump and analyze network traffic.\n"
- "See https://www.wireshark.org for more information.\n",
- get_ws_vcs_version_info());
+ show_help_header("Dump and analyze network traffic.");
print_usage(stdout);
exit_status = EXIT_SUCCESS;
goto clean_exit;
break;
}
case 'v': /* Show version and exit */
- comp_info_str = get_compiled_version_info(get_tshark_compiled_version_info,
- epan_get_compiled_version_info);
- runtime_info_str = get_runtime_version_info(get_tshark_runtime_version_info);
- show_version("TShark (Wireshark)", comp_info_str, runtime_info_str);
- g_string_free(comp_info_str, TRUE);
- g_string_free(runtime_info_str, TRUE);
+ show_version();
/* We don't really have to cleanup here, but it's a convenient way to test
* start-up and shut-down of the epan library without any UI-specific
* cruft getting in the way. Makes the results of running
#ifdef HAVE_LIBPCAP
if (!global_capture_opts.saving_to_file) {
+#else
+ if (!output_file_name) {
+#endif
/* We're not saving the capture to a file; if "-q" wasn't specified,
we should print packet information */
if (!quiet)
print_packet_info = TRUE;
} else {
+#ifdef HAVE_LIBPCAP
+ const char *save_file = global_capture_opts.save_file;
+#else
+ const char *save_file = output_file_name;
+#endif
/* We're saving to a file; if we're writing to the standard output.
and we'll also be writing dissected packets to the standard
output, reject the request. At best, we could redirect that
to the standard error; we *can't* write both to the standard
output and have either of them be useful. */
- if (strcmp(global_capture_opts.save_file, "-") == 0 && print_packet_info) {
+ if (strcmp(save_file, "-") == 0 && print_packet_info) {
cmdarg_err("You can't write both raw packet data and dissected packets"
" to the standard output.");
exit_status = INVALID_OPTION;
goto clean_exit;
}
}
-#else
- /* We're not saving the capture to a file; if "-q" wasn't specified,
- we should print packet information */
- if (!quiet)
- print_packet_info = TRUE;
-#endif
#ifndef HAVE_LIBPCAP
if (capture_option_specified)
/* Activate the export PDU tap */
comment = g_strdup_printf("Dump of PDUs from %s", cf_name);
err = exp_pdu_open(&exp_pdu_tap_data, exp_fd, comment);
+ g_free(comment);
if (err != 0) {
cfile_dump_open_failure_message("TShark", exp_pdu_filename, err,
WTAP_FILE_TYPE_SUBTYPE_PCAPNG);
- g_free(comment);
exit_status = INVALID_EXPORT;
goto clean_exit;
}
global_capture_opts.has_autostop_packets ? global_capture_opts.autostop_packets : 0,
global_capture_opts.has_autostop_filesize ? global_capture_opts.autostop_filesize : 0);
#else
- success = process_cap_file(&cfile, output_file_name, out_file_type, out_file_name_res, 0, 0);
+ success = process_cap_file(&cfile, output_file_name, out_file_type, out_file_name_res, max_packet_count, 0);
#endif
}
CATCH(OutOfMemoryError) {
#endif
}
- g_free(cf_name);
-
if (cfile.provider.frames != NULL) {
free_frame_data_sequence(cfile.provider.frames);
cfile.provider.frames = NULL;
output_fields = NULL;
clean_exit:
+ g_free(cf_name);
destroy_print_stream(print_stream);
#ifdef HAVE_LIBPCAP
capture_opts_cleanup(&global_capture_opts);
static gboolean
capture(void)
{
- gboolean ret;
+ volatile gboolean ret = TRUE;
guint i;
GString *str;
#ifdef USE_TSHARK_SELECT
if (ret == -1)
{
fprintf(stderr, "%s: %s\n", "select()", g_strerror(errno));
- return TRUE;
+ ret = TRUE;
+ loop_running = FALSE;
} else if (ret == 1) {
#endif
/* Call the real handler */
if (!pipe_input.input_cb(pipe_input.source, pipe_input.user_data)) {
g_log(NULL, G_LOG_LEVEL_DEBUG, "input pipe closed");
- return FALSE;
+ ret = FALSE;
+ loop_running = FALSE;
}
#ifdef USE_TSHARK_SELECT
}
"\n"
"More information and workarounds can be found at\n"
"https://wiki.wireshark.org/KnownBugs/OutOfMemory\n");
- exit(1);
+ abort();
}
ENDTRY;
- return TRUE;
+ return ret;
}
/* capture child detected an error */
gboolean out_file_name_res, int max_packet_count, gint64 max_byte_count)
{
gboolean success = TRUE;
- gint linktype;
- int snapshot_length;
wtap_dumper *pdh;
guint32 framenum;
int err = 0, err_pass1 = 0;
gint64 data_offset;
gboolean filtering_tap_listeners;
guint tap_flags;
- GArray *shb_hdrs = NULL;
- wtapng_iface_descriptions_t *idb_inf = NULL;
- GArray *nrb_hdrs = NULL;
+ wtap_dump_params params = WTAP_DUMP_PARAMS_INIT;
wtap_rec rec;
Buffer buf;
epan_dissect_t *edt = NULL;
- char *shb_user_appl;
+ char *shb_user_appl;
wtap_rec_init(&rec);
- idb_inf = wtap_file_get_idb_info(cf->provider.wth);
-#ifdef PCAP_NG_DEFAULT
- if (idb_inf->interface_data->len > 1) {
- linktype = WTAP_ENCAP_PER_PACKET;
- } else {
- linktype = wtap_file_encap(cf->provider.wth);
- }
-#else
- linktype = wtap_file_encap(cf->provider.wth);
-#endif
if (save_file != NULL) {
/* Set up to write to the capture file. */
- snapshot_length = wtap_snapshot_length(cf->provider.wth);
- if (snapshot_length == 0) {
- /* Snapshot length of input file not known. */
- snapshot_length = WTAP_MAX_PACKET_SIZE_STANDARD;
- }
- tshark_debug("tshark: snapshot_length = %d", snapshot_length);
-
- shb_hdrs = wtap_file_get_shb_for_new_file(cf->provider.wth);
- nrb_hdrs = wtap_file_get_nrb_for_new_file(cf->provider.wth);
+ wtap_dump_params_init(¶ms, cf->provider.wth);
/* If we don't have an application name add Tshark */
- if (wtap_block_get_string_option_value(g_array_index(shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) {
+ if (wtap_block_get_string_option_value(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) {
/* this is free'd by wtap_block_free() later */
- wtap_block_add_string_option_format(g_array_index(shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, "TShark (Wireshark) %s", get_ws_vcs_version_info());
+ wtap_block_add_string_option_format(g_array_index(params.shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, "%s", get_appname_and_version());
}
- if (linktype != WTAP_ENCAP_PER_PACKET &&
- out_file_type == WTAP_FILE_TYPE_SUBTYPE_PCAP) {
- tshark_debug("tshark: writing PCAP format to %s", save_file);
- if (strcmp(save_file, "-") == 0) {
- /* Write to the standard output. */
- pdh = wtap_dump_open_stdout(out_file_type, linktype,
- snapshot_length, FALSE /* compressed */, &err);
- } else {
- pdh = wtap_dump_open(save_file, out_file_type, linktype,
- snapshot_length, FALSE /* compressed */, &err);
- }
- }
- else {
- tshark_debug("tshark: writing format type %d, to %s", out_file_type, save_file);
- if (strcmp(save_file, "-") == 0) {
- /* Write to the standard output. */
- pdh = wtap_dump_open_stdout_ng(out_file_type, linktype,
- snapshot_length, FALSE /* compressed */, shb_hdrs, idb_inf, nrb_hdrs, &err);
- } else {
- pdh = wtap_dump_open_ng(save_file, out_file_type, linktype,
- snapshot_length, FALSE /* compressed */, shb_hdrs, idb_inf, nrb_hdrs, &err);
- }
+ tshark_debug("tshark: writing format type %d, to %s", out_file_type, save_file);
+ if (strcmp(save_file, "-") == 0) {
+ /* Write to the standard output. */
+ pdh = wtap_dump_open_stdout(out_file_type, WTAP_UNCOMPRESSED, ¶ms,
+ &err);
+ } else {
+ pdh = wtap_dump_open(save_file, out_file_type, WTAP_UNCOMPRESSED, ¶ms,
+ &err);
}
- g_free(idb_inf);
- idb_inf = NULL;
+ g_free(params.idb_inf);
+ params.idb_inf = NULL;
if (pdh == NULL) {
/* We couldn't set up to write to the capture file. */
goto out;
}
}
- g_free(idb_inf);
- idb_inf = NULL;
pdh = NULL;
}
err, err_info, framenum,
out_file_type);
wtap_dump_close(pdh, &err);
- wtap_block_array_free(shb_hdrs);
- wtap_block_array_free(nrb_hdrs);
+ wtap_dump_params_cleanup(¶ms);
exit(2);
}
}
cfile_write_failure_message("TShark", cf->filename, save_file,
err, err_info, framenum, out_file_type);
wtap_dump_close(pdh, &err);
- wtap_block_array_free(shb_hdrs);
- wtap_block_array_free(nrb_hdrs);
+ wtap_dump_params_cleanup(¶ms);
exit(2);
}
}
wtap_close(cf->provider.wth);
cf->provider.wth = NULL;
- wtap_block_array_free(shb_hdrs);
- wtap_block_array_free(nrb_hdrs);
+ wtap_dump_params_cleanup(¶ms);
return success;
}
wtap_set_cb_new_ipv4(cf->provider.wth, add_ipv4_name);
wtap_set_cb_new_ipv6(cf->provider.wth, (wtap_new_ipv6_callback_t) add_ipv6_name);
+ wtap_set_cb_new_secrets(cf->provider.wth, secrets_wtap_callback);
return CF_OK;