3 * Wireshark Protocol Analyzer Library
5 * Copyright (c) 2001 by Gerald Combs <gerald@wireshark.org>
7 * SPDX-License-Identifier: GPL-2.0-or-later
14 #include <wsutil/wsgcrypt.h>
17 #include <gnutls/gnutls.h>
18 #endif /* HAVE_LIBGNUTLS */
22 #include <version_info.h>
23 #include <wsutil/report_message.h>
25 #include <epan/exceptions.h>
28 #include "epan/frame_data.h"
30 #include "dfilter/dfilter.h"
31 #include "epan_dissect.h"
33 #include <wsutil/nstime.h>
35 #include "conversation.h"
39 #include "column-utils.h"
41 #include "addr_resolv.h"
43 #include "wmem/wmem.h"
46 #include "capture_dissectors.h"
47 #include "exported_pdu.h"
48 #include "export_object.h"
49 #include "stat_tap_ui.h"
51 #include "disabled_protos.h"
52 #include "decode_as.h"
53 #include "dissector_filters.h"
54 #include "conversation_table.h"
55 #include "reassemble.h"
56 #include "srt_table.h"
57 #include "stats_tree.h"
61 #include <wsutil/plugins.h>
66 #include <wslua/wslua.h>
74 #include <ares_version.h>
78 #include <nghttp2/nghttp2ver.h>
82 #include <libxml/xmlversion.h>
83 #include <libxml/parser.h>
90 static GSList *epan_plugin_register_all_procotols = NULL;
91 static GSList *epan_plugin_register_all_handoffs = NULL;
93 static wmem_allocator_t *pinfo_pool_cache = NULL;
96 plugins_t *libwireshark_plugins = NULL;
97 static GSList *epan_plugins = NULL;
101 epan_get_version(void) {
106 epan_get_version_number(int *major, int *minor, int *micro)
108 get_ws_version_number(major, minor, micro);
112 // Libgcrypt prints all log messages to stderr by default. This is noisier
113 // than we would like on Windows. In particular slow_gatherer tends to print
114 // "NOTE: you should run 'diskperf -y' to enable the disk statistics"
115 // which we don't care about.
117 quiet_gcrypt_logger (void *dummy _U_, int level, const char *format, va_list args)
119 GLogLevelFlags log_level = G_LOG_LEVEL_WARNING;
122 case GCRY_LOG_CONT: // Continuation. Ignore for now.
129 log_level = G_LOG_LEVEL_WARNING;
132 log_level = G_LOG_LEVEL_ERROR;
135 log_level = G_LOG_LEVEL_CRITICAL;
138 g_logv(NULL, log_level, format, args);
144 epan_plugin_init(gpointer data, gpointer user_data _U_)
146 ((epan_plugin *)data)->init();
150 epan_plugin_dissect_init(gpointer data, gpointer user_data)
152 ((epan_plugin *)data)->dissect_init((epan_dissect_t *)user_data);
156 epan_plugin_dissect_cleanup(gpointer data, gpointer user_data)
158 ((epan_plugin *)data)->dissect_cleanup((epan_dissect_t *)user_data);
162 epan_plugin_cleanup(gpointer data, gpointer user_data _U_)
164 ((epan_plugin *)data)->cleanup();
167 void epan_register_plugin(const epan_plugin *plug)
169 epan_plugins = g_slist_prepend(epan_plugins, (epan_plugin *)plug);
170 if (plug->register_all_protocols)
171 epan_plugin_register_all_procotols = g_slist_prepend(epan_plugin_register_all_procotols, plug->register_all_protocols);
172 if (plug->register_all_handoffs)
173 epan_plugin_register_all_handoffs = g_slist_prepend(epan_plugin_register_all_handoffs, plug->register_all_handoffs);
178 epan_init(register_cb cb, gpointer client_data, gboolean load_plugins)
180 volatile gboolean status = TRUE;
183 * proto_init -> register_all_protocols -> g_async_queue_new which
184 * requires threads to be initialized. This happens automatically with
185 * GLib 2.32, before that g_thread_init must be called. But only since
186 * GLib 2.24, multiple invocations are allowed. Check for an earlier
187 * invocation just in case.
189 /* initialize memory allocation subsystem */
192 /* initialize the GUID to name mapping table */
195 /* initialize name resolution (addr_resolv.c) */
202 libwireshark_plugins = plugins_init(WS_PLUGIN_EPAN);
206 /* initialize libgcrypt (beware, it won't be thread-safe) */
207 gcry_check_version(NULL);
209 gcry_set_log_handler (quiet_gcrypt_logger, NULL);
211 gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
212 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
213 #ifdef HAVE_LIBGNUTLS
214 gnutls_global_init();
222 // We might receive a SIGPIPE due to maxmind_db.
223 signal(SIGPIPE, SIG_IGN);
232 capture_dissector_init();
233 reassembly_tables_init();
235 g_slist_foreach(epan_plugins, epan_plugin_init, NULL);
237 proto_init(epan_plugin_register_all_procotols, epan_plugin_register_all_handoffs, cb, client_data);
238 packet_cache_proto_handles();
240 final_registration_all_protocols();
241 print_cache_field_handles();
242 expert_packet_init();
245 wslua_init(cb, client_data);
248 CATCH(DissectorError) {
250 * This is probably a dissector, or something it calls,
251 * calling REPORT_DISSECTOR_ERROR() in a registration
252 * routine or something else outside the normal dissection
255 const char *exception_message = GET_MESSAGE;
256 static const char dissector_error_nomsg[] =
257 "Dissector writer didn't bother saying what the error was";
259 report_failure("Dissector bug: %s",
260 exception_message == NULL ?
261 dissector_error_nomsg : exception_message);
262 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
271 * Load all settings, from the current profile, that affect libwireshark.
274 epan_load_settings(void)
278 /* load the decode as entries of the current profile */
279 load_decode_as_entries();
281 prefs_p = read_prefs();
284 * Read the files that enable and disable protocols and heuristic
287 read_enabled_and_disabled_lists();
296 g_slist_foreach(epan_plugins, epan_plugin_cleanup, NULL);
297 g_slist_free(epan_plugins);
300 g_slist_free(epan_plugin_register_all_procotols);
301 epan_plugin_register_all_procotols = NULL;
302 g_slist_free(epan_plugin_register_all_handoffs);
303 epan_plugin_register_all_handoffs = NULL;
309 * Note: packet_cleanup() will call registered shutdown routines which
310 * may be used to deregister dynamically registered protocol fields,
311 * and prefs_cleanup() will call uat_clear() which also may be used to
312 * deregister dynamically registered protocol fields. This must be done
313 * before proto_cleanup() to avoid inconsistency and memory leaks.
319 conversation_filters_cleanup();
320 reassembly_table_cleanup();
323 capture_dissector_cleanup();
324 export_pdu_cleanup();
325 cleanup_enabled_and_disabled_lists();
326 stats_tree_cleanup();
331 #ifdef HAVE_LIBGNUTLS
332 gnutls_global_deinit();
338 addr_resolv_cleanup();
341 plugins_cleanup(libwireshark_plugins);
342 libwireshark_plugins = NULL;
345 if (pinfo_pool_cache != NULL) {
346 wmem_destroy_allocator(pinfo_pool_cache);
347 pinfo_pool_cache = NULL;
353 struct epan_session {
354 struct packet_provider_data *prov; /* packet provider data for this session */
355 struct packet_provider_funcs funcs; /* functions using that data */
359 epan_new(struct packet_provider_data *prov,
360 const struct packet_provider_funcs *funcs)
362 epan_t *session = g_slice_new0(epan_t);
364 session->prov = prov;
365 session->funcs = *funcs;
367 /* XXX, it should take session as param */
374 epan_get_user_comment(const epan_t *session, const frame_data *fd)
376 if (session->funcs.get_user_comment)
377 return session->funcs.get_user_comment(session->prov, fd);
383 epan_get_interface_name(const epan_t *session, guint32 interface_id)
385 if (session->funcs.get_interface_name)
386 return session->funcs.get_interface_name(session->prov, interface_id);
392 epan_get_interface_description(const epan_t *session, guint32 interface_id)
394 if (session->funcs.get_interface_description)
395 return session->funcs.get_interface_description(session->prov, interface_id);
401 epan_get_frame_ts(const epan_t *session, guint32 frame_num)
403 const nstime_t *abs_ts = NULL;
405 if (session && session->funcs.get_frame_ts)
406 abs_ts = session->funcs.get_frame_ts(session->prov, frame_num);
409 g_warning("!!! couldn't get frame ts for %u !!!\n", frame_num);
415 epan_free(epan_t *session)
418 /* XXX, it should take session as param */
419 cleanup_dissection();
421 g_slice_free(epan_t, session);
426 epan_conversation_init(void)
428 conversation_epan_reset();
431 /* Overrides proto_tree_visible i epan_dissect_init to make all fields visible.
432 * This is > 0 if a Lua script wanted to see all fields all the time.
433 * This is ref-counted, so clearing it won't override other taps/scripts wanting it.
435 static gint always_visible_refcount = 0;
438 epan_set_always_visible(gboolean force)
441 always_visible_refcount++;
442 else if (always_visible_refcount > 0)
443 always_visible_refcount--;
447 epan_dissect_init(epan_dissect_t *edt, epan_t *session, const gboolean create_proto_tree, const gboolean proto_tree_visible)
451 edt->session = session;
453 memset(&edt->pi, 0, sizeof(edt->pi));
454 if (pinfo_pool_cache != NULL) {
455 edt->pi.pool = pinfo_pool_cache;
456 pinfo_pool_cache = NULL;
459 edt->pi.pool = wmem_allocator_new(WMEM_ALLOCATOR_BLOCK_FAST);
462 if (create_proto_tree) {
463 edt->tree = proto_tree_create_root(&edt->pi);
464 proto_tree_set_visible(edt->tree, (always_visible_refcount > 0) ? TRUE : proto_tree_visible);
473 g_slist_foreach(epan_plugins, epan_plugin_dissect_init, edt);
478 epan_dissect_reset(epan_dissect_t *edt)
480 /* We have to preserve the pool pointer across the memzeroing */
481 wmem_allocator_t *tmp;
485 g_slist_free(edt->pi.proto_data);
486 g_slist_free(edt->pi.dependent_frames);
488 /* Free the data sources list. */
489 free_data_sources(&edt->pi);
492 /* Free all tvb's chained from this tvb */
493 tvb_free_chain(edt->tvb);
498 proto_tree_reset(edt->tree);
503 memset(&edt->pi, 0, sizeof(edt->pi));
508 epan_dissect_new(epan_t *session, const gboolean create_proto_tree, const gboolean proto_tree_visible)
512 edt = g_new0(epan_dissect_t, 1);
514 epan_dissect_init(edt, session, create_proto_tree, proto_tree_visible);
519 epan_dissect_fake_protocols(epan_dissect_t *edt, const gboolean fake_protocols)
522 proto_tree_set_fake_protocols(edt->tree, fake_protocols);
526 epan_dissect_run(epan_dissect_t *edt, int file_type_subtype,
527 wtap_rec *rec, tvbuff_t *tvb, frame_data *fd,
531 wslua_prime_dfilter(edt); /* done before entering wmem scope */
533 wmem_enter_packet_scope();
534 dissect_record(edt, file_type_subtype, rec, tvb, fd, cinfo);
536 /* free all memory allocated */
537 wmem_leave_packet_scope();
541 epan_dissect_run_with_taps(epan_dissect_t *edt, int file_type_subtype,
542 wtap_rec *rec, tvbuff_t *tvb, frame_data *fd,
545 wmem_enter_packet_scope();
547 dissect_record(edt, file_type_subtype, rec, tvb, fd, cinfo);
548 tap_push_tapped_queue(edt);
550 /* free all memory allocated */
551 wmem_leave_packet_scope();
555 epan_dissect_file_run(epan_dissect_t *edt, wtap_rec *rec,
556 tvbuff_t *tvb, frame_data *fd, column_info *cinfo)
559 wslua_prime_dfilter(edt); /* done before entering wmem scope */
561 wmem_enter_packet_scope();
562 dissect_file(edt, rec, tvb, fd, cinfo);
564 /* free all memory allocated */
565 wmem_leave_packet_scope();
569 epan_dissect_file_run_with_taps(epan_dissect_t *edt, wtap_rec *rec,
570 tvbuff_t *tvb, frame_data *fd, column_info *cinfo)
572 wmem_enter_packet_scope();
574 dissect_file(edt, rec, tvb, fd, cinfo);
575 tap_push_tapped_queue(edt);
577 /* free all memory allocated */
578 wmem_leave_packet_scope();
582 epan_dissect_cleanup(epan_dissect_t* edt)
587 g_slist_foreach(epan_plugins, epan_plugin_dissect_cleanup, edt);
590 g_slist_free(edt->pi.proto_data);
591 g_slist_free(edt->pi.dependent_frames);
593 /* Free the data sources list. */
594 free_data_sources(&edt->pi);
597 /* Free all tvb's chained from this tvb */
598 tvb_free_chain(edt->tvb);
602 proto_tree_free(edt->tree);
605 if (pinfo_pool_cache == NULL) {
606 wmem_free_all(edt->pi.pool);
607 pinfo_pool_cache = edt->pi.pool;
610 wmem_destroy_allocator(edt->pi.pool);
615 epan_dissect_free(epan_dissect_t* edt)
617 epan_dissect_cleanup(edt);
622 epan_dissect_prime_with_dfilter(epan_dissect_t *edt, const dfilter_t* dfcode)
624 dfilter_prime_proto_tree(dfcode, edt->tree);
628 epan_dissect_prime_with_hfid(epan_dissect_t *edt, int hfid)
630 proto_tree_prime_with_hfid(edt->tree, hfid);
634 epan_dissect_prime_with_hfid_array(epan_dissect_t *edt, GArray *hfids)
638 for (i = 0; i < hfids->len; i++) {
639 proto_tree_prime_with_hfid(edt->tree,
640 g_array_index(hfids, int, i));
644 /* ----------------------- */
646 epan_custom_set(epan_dissect_t *edt, GSList *field_ids,
649 gchar *expr, const int size )
651 return proto_custom_set(edt->tree, field_ids, occurrence, result, expr, size);
655 epan_dissect_fill_in_columns(epan_dissect_t *edt, const gboolean fill_col_exprs, const gboolean fill_fd_colums)
657 col_custom_set_edt(edt, edt->pi.cinfo);
658 col_fill_in(&edt->pi, fill_col_exprs, fill_fd_colums);
662 epan_dissect_packet_contains_field(epan_dissect_t* edt,
663 const char *field_name)
667 gboolean contains_field;
669 if (!edt || !edt->tree)
671 field_id = proto_get_id_by_filter_name(field_name);
674 array = proto_find_finfo(edt->tree, field_id);
675 contains_field = (array->len > 0) ? TRUE : FALSE;
676 g_ptr_array_free(array, TRUE);
677 return contains_field;
681 * Get compile-time information for libraries used by libwireshark.
684 epan_get_compiled_version_info(GString *str)
687 g_string_append(str, ", ");
689 g_string_append(str, "with SMI " SMI_VERSION_STRING);
690 #else /* no SNMP library */
691 g_string_append(str, "without SMI");
695 g_string_append(str, ", ");
697 g_string_append(str, "with c-ares " ARES_VERSION_STR);
699 g_string_append(str, "without c-ares");
700 #endif /* HAVE_C_ARES */
703 g_string_append(str, ", ");
705 g_string_append(str, "with ");
706 g_string_append(str, LUA_RELEASE);
708 g_string_append(str, "without Lua");
709 #endif /* HAVE_LUA */
712 g_string_append(str, ", ");
713 #ifdef HAVE_LIBGNUTLS
714 g_string_append(str, "with GnuTLS " LIBGNUTLS_VERSION);
716 g_string_append(str, "without GnuTLS");
717 #endif /* HAVE_LIBGNUTLS */
720 g_string_append(str, ", ");
721 g_string_append(str, "with Gcrypt " GCRYPT_VERSION);
724 /* XXX - I don't see how to get the version number, at least for KfW */
725 g_string_append(str, ", ");
727 #ifdef HAVE_MIT_KERBEROS
728 g_string_append(str, "with MIT Kerberos");
730 /* HAVE_HEIMDAL_KERBEROS */
731 g_string_append(str, "with Heimdal Kerberos");
734 g_string_append(str, "without Kerberos");
735 #endif /* HAVE_KERBEROS */
738 g_string_append(str, ", ");
739 #ifdef HAVE_MAXMINDDB
740 g_string_append(str, "with MaxMind DB resolver");
742 g_string_append(str, "without MaxMind DB resolver");
743 #endif /* HAVE_MAXMINDDB */
746 g_string_append(str, ", ");
748 g_string_append(str, "with nghttp2 " NGHTTP2_VERSION);
750 g_string_append(str, "without nghttp2");
751 #endif /* HAVE_NGHTTP2 */
754 g_string_append(str, ", ");
756 g_string_append(str, "with LZ4");
758 g_string_append(str, "without LZ4");
759 #endif /* HAVE_LZ4 */
762 g_string_append(str, ", ");
764 g_string_append(str, "with Snappy");
766 g_string_append(str, "without Snappy");
767 #endif /* HAVE_SNAPPY */
770 g_string_append(str, ", ");
772 g_string_append(str, "with libxml2 " LIBXML_DOTTED_VERSION);
774 g_string_append(str, "without libxml2");
775 #endif /* HAVE_LIBXML2 */
780 * Get runtime information for libraries used by libwireshark.
783 epan_get_runtime_version_info(GString *str)
786 #ifdef HAVE_LIBGNUTLS
787 g_string_append_printf(str, ", with GnuTLS %s", gnutls_check_version(NULL));
788 #endif /* HAVE_LIBGNUTLS */
791 g_string_append_printf(str, ", with Gcrypt %s", gcry_check_version(NULL));
795 * Editor modelines - http://www.wireshark.org/tools/modelines.html
800 * indent-tabs-mode: t
803 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
804 * :indentSize=8:tabSize=8:noTabs=false: