#include <locale.h>
#include <limits.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#include <errno.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
#ifndef _WIN32
#include <signal.h>
#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-
-#ifdef HAVE_LIBZ
-#include <zlib.h> /* to get the libz version number */
-#endif
-
#ifdef HAVE_LIBCAP
# include <sys/capability.h>
#endif
#include <wsutil/file_util.h>
#include <wsutil/privileges.h>
#include <wsutil/report_err.h>
-#include <wsutil/ws_diag_control.h>
-#include <wsutil/ws_version_info.h>
+#include <ws_version_info.h>
+#include <wiretap/wtap_opttypes.h>
+#include <wiretap/pcapng.h>
#include "globals.h"
#include <epan/timestamp.h>
#endif
#include "ui/util.h"
#include "ui/ui_util.h"
+#include "ui/decode_as_utils.h"
#include "ui/cli/tshark-tap.h"
+#include "ui/tap_export_pdu.h"
#include "register.h"
+#include "filter_files.h"
#include <epan/epan_dissect.h>
#include <epan/tap.h>
#include <epan/stat_tap_ui.h>
#include <epan/srt_table.h>
#include <epan/rtd_table.h>
#include <epan/ex-opt.h>
+#include <epan/exported_pdu.h>
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
#include <epan/asn1.h>
#endif /* _WIN32 */
#include <capchild/capture_session.h>
#include <capchild/capture_sync.h>
+#include <capture_info.h>
#endif /* HAVE_LIBPCAP */
#include "log.h"
#include <epan/funnel.h>
#include <wsutil/str_util.h>
+#include <wsutil/utf8_entities.h>
+
+#ifdef HAVE_EXTCAP
+#include "extcap.h"
+#endif
#ifdef HAVE_PLUGINS
#include <wsutil/plugins.h>
#define tshark_debug(...)
#endif
-
-/*
- * This is the template for the decode as option; it is shared between the
- * various functions that output the usage for this parameter.
- */
-static const gchar decode_as_arg_template[] = "<layer_type>==<selector>,<decode_as_protocol>";
-
static guint32 cum_bytes;
static const frame_data *ref;
static frame_data ref_frame;
static frame_data *prev_cap;
static frame_data prev_cap_frame;
-static const char* prev_display_dissector_name = NULL;
-
static gboolean perform_two_pass_analysis;
/*
typedef enum {
WRITE_TEXT, /* summary or detail text */
WRITE_XML, /* PDML or PSML */
- WRITE_FIELDS /* User defined list of fields */
+ WRITE_FIELDS, /* User defined list of fields */
+ WRITE_JSON, /* JSON */
+ WRITE_EK /* JSON bulk insert to Elasticsearch */
/* Add CSV and the like here */
} output_action_e;
static print_stream_t *print_stream;
static output_fields_t* output_fields = NULL;
+static gchar **protocolfilter = NULL;
/* The line separator used between packets, changeable via the -S option */
static const char *separator = "";
static capture_options global_capture_opts;
static capture_session global_capture_session;
+static info_data_t global_info_data;
#ifdef SIGINFO
static gboolean infodelay; /* if TRUE, don't print capture info in SIGINFO handler */
fprintf(output, " syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
- fprintf(output, " -d %s ...\n", decode_as_arg_template);
+ fprintf(output, " -d %s ...\n", DECODE_AS_ARG_TEMPLATE);
fprintf(output, " \"Decode As\", see the man page for details\n");
fprintf(output, " Example: tcp.port==8888,http\n");
fprintf(output, " -H <hosts file> read a list of entries from a hosts file, which will\n");
fprintf(output, " -P print packet summary even when writing to a file\n");
fprintf(output, " -S <separator> the line separator to print between packets\n");
fprintf(output, " -x add output of hex and ASCII dump (Packet Bytes)\n");
- fprintf(output, " -T pdml|ps|psml|text|fields\n");
+ fprintf(output, " -T pdml|ps|psml|json|ek|text|fields\n");
fprintf(output, " format of text output (def: text)\n");
+ fprintf(output, " -j <protocolfilter> protocols layers filter if -T ek|pdml|json selected,\n");
+ fprintf(output, " (e.g. \"http tcp ip\",\n");
fprintf(output, " -e <field> field to print if -Tfields selected (e.g. tcp.port,\n");
fprintf(output, " _ws.col.Info)\n");
fprintf(output, " this option can be repeated to print multiple fields\n");
fprintf(output, " -E<fieldsoption>=<value> set options for output when -Tfields selected:\n");
+ fprintf(output, " bom=y|n print a UTF-8 BOM\n");
fprintf(output, " header=y|n switch headers on and off\n");
fprintf(output, " separator=/t|/s|<char> select tab, space, printable character as separator\n");
fprintf(output, " occurrence=f|l|a print first, last or all occurrences of each field\n");
fprintf(output, " -W n Save extra information in the file, if supported.\n");
fprintf(output, " n = write network address resolution information\n");
fprintf(output, " -X <key>:<value> eXtension options, see the man page for details\n");
+ fprintf(output, " -U tap_name PDUs export mode, see the man page for details\n");
fprintf(output, " -z <statistics> various statistics, see the man page for details\n");
fprintf(output, " --capture-comment <comment>\n");
fprintf(output, " add a capture comment to the newly created\n");
fprintf(output, "\n");
}
-/*
- * For a dissector table, print on the stream described by output,
- * its short name (which is what's used in the "-d" option) and its
- * descriptive name.
- */
-static void
-display_dissector_table_names(const char *table_name, const char *ui_name,
- gpointer output)
-{
- if ((prev_display_dissector_name == NULL) ||
- (strcmp(prev_display_dissector_name, table_name) != 0)) {
- fprintf((FILE *)output, "\t%s (%s)\n", table_name, ui_name);
- prev_display_dissector_name = table_name;
- }
-}
-
-/*
- * For a dissector handle, print on the stream described by output,
- * the filter name (which is what's used in the "-d" option) and the full
- * name for the protocol that corresponds to this handle.
- */
-static void
-display_dissector_names(const gchar *table _U_, gpointer handle, gpointer output)
-{
- int proto_id;
- const gchar *proto_filter_name;
- const gchar *proto_ui_name;
-
- proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle);
-
- if (proto_id != -1) {
- proto_filter_name = proto_get_protocol_filter_name(proto_id);
- proto_ui_name = proto_get_protocol_name(proto_id);
- g_assert(proto_filter_name != NULL);
- g_assert(proto_ui_name != NULL);
-
- if ((prev_display_dissector_name == NULL) ||
- (strcmp(prev_display_dissector_name, proto_filter_name) != 0)) {
- fprintf((FILE *)output, "\t%s (%s)\n",
- proto_filter_name,
- proto_ui_name);
- prev_display_dissector_name = proto_filter_name;
- }
- }
-}
-
-/*
- * The protocol_name_search structure is used by find_protocol_name_func()
- * to pass parameters and store results
- */
-struct protocol_name_search{
- gchar *searched_name; /* Protocol filter name we are looking for */
- dissector_handle_t matched_handle; /* Handle for a dissector whose protocol has the specified filter name */
- guint nb_match; /* How many dissectors matched searched_name */
-};
-typedef struct protocol_name_search *protocol_name_search_t;
-
-/*
- * This function parses all dissectors associated with a table to find the
- * one whose protocol has the specified filter name. It is called
- * as a reference function in a call to dissector_table_foreach_handle.
- * The name we are looking for, as well as the results, are stored in the
- * protocol_name_search struct pointed to by user_data.
- * If called using dissector_table_foreach_handle, we actually parse the
- * whole list of dissectors.
- */
-static void
-find_protocol_name_func(const gchar *table _U_, gpointer handle, gpointer user_data)
-
-{
- int proto_id;
- const gchar *protocol_filter_name;
- protocol_name_search_t search_info;
-
- g_assert(handle);
-
- search_info = (protocol_name_search_t)user_data;
-
- proto_id = dissector_handle_get_protocol_index((dissector_handle_t)handle);
- if (proto_id != -1) {
- protocol_filter_name = proto_get_protocol_filter_name(proto_id);
- g_assert(protocol_filter_name != NULL);
- if (strcmp(protocol_filter_name, search_info->searched_name) == 0) {
- /* Found a match */
- if (search_info->nb_match == 0) {
- /* Record this handle only if this is the first match */
- search_info->matched_handle = (dissector_handle_t)handle; /* Record the handle for this matching dissector */
- }
- search_info->nb_match++;
- }
- }
-}
-
-/*
- * Allow dissector key names to be sorted alphabetically
- */
-
-static gint
-compare_dissector_key_name(gconstpointer dissector_a, gconstpointer dissector_b)
-{
- return strcmp((const char*)dissector_a, (const char*)dissector_b);
-}
-
-/*
- * Print all layer type names supported.
- * We send the output to the stream described by the handle output.
- */
-
-static void
-fprint_all_layer_types(FILE *output)
-
-{
- prev_display_dissector_name = NULL;
- dissector_all_tables_foreach_table(display_dissector_table_names, (gpointer)output, (GCompareFunc)compare_dissector_key_name);
-}
-
-/*
- * Print all protocol names supported for a specific layer type.
- * table_name contains the layer type name in which the search is performed.
- * We send the output to the stream described by the handle output.
- */
-
-static void
-fprint_all_protocols_for_layer_types(FILE *output, gchar *table_name)
-
-{
- prev_display_dissector_name = NULL;
- dissector_table_foreach_handle(table_name,
- display_dissector_names,
- (gpointer)output);
-}
-
-/*
- * The function below parses the command-line parameters for the decode as
- * feature (a string pointer by cl_param).
- * It checks the format of the command-line, searches for a matching table
- * and dissector. If a table/dissector match is not found, we display a
- * summary of the available tables/dissectors (on stderr) and return FALSE.
- * If everything is fine, we get the "Decode as" preference activated,
- * then we return TRUE.
- */
-static gboolean
-add_decode_as(const gchar *cl_param)
-{
- gchar *table_name;
- guint32 selector, selector2;
- gchar *decoded_param;
- gchar *remaining_param;
- gchar *selector_str;
- gchar *dissector_str;
- dissector_handle_t dissector_matching;
- dissector_table_t table_matching;
- ftenum_t dissector_table_selector_type;
- struct protocol_name_search user_protocol_name;
- guint64 i;
- char op;
-
- /* The following code will allocate and copy the command-line options in a string pointed by decoded_param */
-
- g_assert(cl_param);
- decoded_param = g_strdup(cl_param);
- g_assert(decoded_param);
-
-
- /* The lines below will parse this string (modifying it) to extract all
- necessary information. Note that decoded_param is still needed since
- strings are not copied - we just save pointers. */
-
- /* This section extracts a layer type (table_name) from decoded_param */
- table_name = decoded_param; /* Layer type string starts from beginning */
-
- remaining_param = strchr(table_name, '=');
- if (remaining_param == NULL) {
- cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template);
- /* If the argument does not follow the template, carry on anyway to check
- if the table name is at least correct. If remaining_param is NULL,
- we'll exit anyway further down */
- }
- else {
- *remaining_param = '\0'; /* Terminate the layer type string (table_name) where '=' was detected */
- }
-
- /* Remove leading and trailing spaces from the table name */
- while ( table_name[0] == ' ' )
- table_name++;
- while ( table_name[strlen(table_name) - 1] == ' ' )
- table_name[strlen(table_name) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
-
-/* The following part searches a table matching with the layer type specified */
- table_matching = NULL;
-
-/* Look for the requested table */
- if ( !(*(table_name)) ) { /* Is the table name empty, if so, don't even search for anything, display a message */
- cmdarg_err("No layer type specified"); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */
- }
- else {
- table_matching = find_dissector_table(table_name);
- if (!table_matching) {
- cmdarg_err("Unknown layer type -- %s", table_name); /* Note, we don't exit here, but table_matching will remain NULL, so we exit below */
- }
- }
-
- if (!table_matching) {
- /* Display a list of supported layer types to help the user, if the
- specified layer type was not found */
- cmdarg_err("Valid layer types are:");
- fprint_all_layer_types(stderr);
- }
- if (remaining_param == NULL || !table_matching) {
- /* Exit if the layer type was not found, or if no '=' separator was found
- (see above) */
- g_free(decoded_param);
- return FALSE;
- }
-
- if (*(remaining_param + 1) != '=') { /* Check for "==" and not only '=' */
- cmdarg_err("WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"", table_name, remaining_param + 1);
- }
- else {
- remaining_param++; /* Move to the second '=' */
- *remaining_param = '\0'; /* Remove the second '=' */
- }
- remaining_param++; /* Position after the layer type string */
-
- /* This section extracts a selector value (selector_str) from decoded_param */
-
- selector_str = remaining_param; /* Next part starts with the selector number */
-
- remaining_param = strchr(selector_str, ',');
- if (remaining_param == NULL) {
- cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template);
- /* If the argument does not follow the template, carry on anyway to check
- if the selector value is at least correct. If remaining_param is NULL,
- we'll exit anyway further down */
- }
- else {
- *remaining_param = '\0'; /* Terminate the selector number string (selector_str) where ',' was detected */
- }
-
- dissector_table_selector_type = get_dissector_table_selector_type(table_name);
-
- switch (dissector_table_selector_type) {
-
- case FT_UINT8:
- case FT_UINT16:
- case FT_UINT24:
- case FT_UINT32:
- /* The selector for this table is an unsigned number. Parse it as such.
- There's no need to remove leading and trailing spaces from the
- selector number string, because sscanf will do that for us. */
- switch (sscanf(selector_str, "%u%c%u", &selector, &op, &selector2)) {
- case 1:
- op = '\0';
- break;
- case 3:
- if (op != ':' && op != '-') {
- cmdarg_err("Invalid selector numeric range \"%s\"", selector_str);
- g_free(decoded_param);
- return FALSE;
- }
- if (op == ':') {
- if ((selector2 == 0) || ((guint64)selector + selector2 - 1) > G_MAXUINT32) {
- cmdarg_err("Invalid selector numeric range \"%s\"", selector_str);
- g_free(decoded_param);
- return FALSE;
- }
- }
- else if (selector2 < selector) {
- /* We could swap them for the user, but maybe it's better to call
- * this out as an error in case it's not what was intended? */
- cmdarg_err("Invalid selector numeric range \"%s\"", selector_str);
- g_free(decoded_param);
- return FALSE;
- }
- break;
- default:
- cmdarg_err("Invalid selector number \"%s\"", selector_str);
- g_free(decoded_param);
- return FALSE;
- }
- break;
-
- case FT_STRING:
- case FT_STRINGZ:
- case FT_UINT_STRING:
- case FT_STRINGZPAD:
- /* The selector for this table is a string. */
- break;
-
- default:
- /* There are currently no dissector tables with any types other
- than the ones listed above. */
- g_assert_not_reached();
- }
-
- if (remaining_param == NULL) {
- /* Exit if no ',' separator was found (see above) */
- cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name);
- fprint_all_protocols_for_layer_types(stderr, table_name);
- g_free(decoded_param);
- return FALSE;
- }
-
- remaining_param++; /* Position after the selector number string */
-
- /* This section extracts a protocol filter name (dissector_str) from decoded_param */
-
- dissector_str = remaining_param; /* All the rest of the string is the dissector (decode as protocol) name */
-
- /* Remove leading and trailing spaces from the dissector name */
- while ( dissector_str[0] == ' ' )
- dissector_str++;
- while ( dissector_str[strlen(dissector_str) - 1] == ' ' )
- dissector_str[strlen(dissector_str) - 1] = '\0'; /* Note: if empty string, while loop will eventually exit */
-
- dissector_matching = NULL;
-
- /* We now have a pointer to the handle for the requested table inside the variable table_matching */
- if ( ! (*dissector_str) ) { /* Is the dissector name empty, if so, don't even search for a matching dissector and display all dissectors found for the selected table */
- cmdarg_err("No protocol name specified"); /* Note, we don't exit here, but dissector_matching will remain NULL, so we exit below */
- }
- else {
- user_protocol_name.nb_match = 0;
- user_protocol_name.searched_name = dissector_str;
- user_protocol_name.matched_handle = NULL;
-
- dissector_table_foreach_handle(table_name, find_protocol_name_func, &user_protocol_name); /* Go and perform the search for this dissector in the this table's dissectors' names and shortnames */
-
- if (user_protocol_name.nb_match != 0) {
- dissector_matching = user_protocol_name.matched_handle;
- if (user_protocol_name.nb_match > 1) {
- cmdarg_err("WARNING: Protocol \"%s\" matched %u dissectors, first one will be used", dissector_str, user_protocol_name.nb_match);
- }
- }
- else {
- /* OK, check whether the problem is that there isn't any such
- protocol, or that there is but it's not specified as a protocol
- that's valid for that dissector table.
- Note, we don't exit here, but dissector_matching will remain NULL,
- so we exit below */
- if (proto_get_id_by_filter_name(dissector_str) == -1) {
- /* No such protocol */
- cmdarg_err("Unknown protocol -- \"%s\"", dissector_str);
- } else {
- cmdarg_err("Protocol \"%s\" isn't valid for layer type \"%s\"",
- dissector_str, table_name);
- }
- }
- }
-
- if (!dissector_matching) {
- cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name);
- fprint_all_protocols_for_layer_types(stderr, table_name);
- g_free(decoded_param);
- return FALSE;
- }
-
-/* This is the end of the code that parses the command-line options.
- All information is now stored in the variables:
- table_name
- selector
- dissector_matching
- The above variables that are strings are still pointing to areas within
- decoded_parm. decoded_parm thus still needs to be kept allocated in
- until we stop needing these variables
- decoded_param will be deallocated at each exit point of this function */
-
-
- /* We now have a pointer to the handle for the requested dissector
- (requested protocol) inside the variable dissector_matching */
- switch (dissector_table_selector_type) {
-
- case FT_UINT8:
- case FT_UINT16:
- case FT_UINT24:
- case FT_UINT32:
- /* The selector for this table is an unsigned number. */
- if (op == '\0') {
- dissector_change_uint(table_name, selector, dissector_matching);
- } else if (op == ':') {
- for (i = selector; i < (guint64)selector + selector2; i++) {
- dissector_change_uint(table_name, (guint32)i, dissector_matching);
- }
- } else { /* op == '-' */
- for (i = selector; i <= selector2; i++) {
- dissector_change_uint(table_name, (guint32)i, dissector_matching);
- }
- }
- break;
-
- case FT_STRING:
- case FT_STRINGZ:
- case FT_UINT_STRING:
- case FT_STRINGZPAD:
- /* The selector for this table is a string. */
- dissector_change_string(table_name, selector_str, dissector_matching);
- break;
-
- default:
- /* There are currently no dissector tables with any types other
- than the ones listed above. */
- g_assert_not_reached();
- }
- g_free(decoded_param); /* "Decode As" rule has been successfully added */
- return TRUE;
-}
-
static void
tshark_log_handler (const gchar *log_domain, GLogLevelFlags log_level,
const gchar *message, gpointer user_data)
{
/* Capture libraries */
get_compiled_caplibs_version(str);
-
- /* LIBZ */
- g_string_append(str, ", ");
-#ifdef HAVE_LIBZ
- g_string_append(str, "with libz ");
-#ifdef ZLIB_VERSION
- g_string_append(str, ZLIB_VERSION);
-#else /* ZLIB_VERSION */
- g_string_append(str, "(version unknown)");
-#endif /* ZLIB_VERSION */
-#else /* HAVE_LIBZ */
- g_string_append(str, "without libz");
-#endif /* HAVE_LIBZ */
}
static void
get_runtime_caplibs_version(str);
#endif
- /* zlib */
-#if defined(HAVE_LIBZ) && !defined(_WIN32)
- g_string_append_printf(str, ", with libz %s", zlibVersion());
-#endif
-
/* stuff used by libwireshark */
epan_get_runtime_version_info(str);
}
GString *runtime_info_str;
char *init_progfile_dir_error;
int opt;
-DIAG_OFF(cast-qual)
static const struct option long_options[] = {
- {(char *)"help", no_argument, NULL, 'h'},
- {(char *)"version", no_argument, NULL, 'v'},
+ {"help", no_argument, NULL, 'h'},
+ {"version", no_argument, NULL, 'v'},
LONGOPT_CAPTURE_COMMON
{0, 0, 0, 0 }
};
-DIAG_ON(cast-qual)
gboolean arg_error = FALSE;
#ifdef _WIN32
char *gpf_path, *pf_path;
char *gdp_path, *dp_path;
+ char *cf_path;
int gpf_open_errno, gpf_read_errno;
int pf_open_errno, pf_read_errno;
int gdp_open_errno, gdp_read_errno;
int dp_open_errno, dp_read_errno;
+ int cf_open_errno;
int err;
volatile int exit_status = 0;
#ifdef HAVE_LIBPCAP
GSList *disable_protocol_slist = NULL;
GSList *enable_heur_slist = NULL;
GSList *disable_heur_slist = NULL;
+ gchar *volatile pdu_export_arg = NULL;
+ exp_pdu_t exp_pdu_tap_data;
/*
* The leading + ensures that getopt_long() does not permute the argv[]
* We do *not* use a leading - because the behavior of a leading - is
* platform-dependent.
*/
-#define OPTSTRING "+2" OPTSTRING_CAPTURE_COMMON "C:d:e:E:F:gG:hH:" "K:lnN:o:O:PqQr:R:S:t:T:u:vVw:W:xX:Y:z:"
+#define OPTSTRING "+2" OPTSTRING_CAPTURE_COMMON "C:d:e:E:F:gG:hH:j:" "K:lnN:o:O:PqQr:R:S:t:T:u:U:vVw:W:xX:Y:z:"
static const char optstring[] = OPTSTRING;
/*
* Attempt to get the pathname of the executable file.
*/
- init_progfile_dir_error = init_progfile_dir(argv[0], (void *)main);
+ init_progfile_dir_error = init_progfile_dir(argv[0], main);
if (init_progfile_dir_error != NULL) {
fprintf(stderr, "tshark: Can't get pathname of tshark program: %s.\n",
init_progfile_dir_error);
initialize_funnel_ops();
#ifdef _WIN32
+ ws_init_dll_search_path();
/* Load wpcap if possible. Do this before collecting the run-time version information */
load_wpcap();
g_string_free(comp_info_str, TRUE);
g_string_free(runtime_info_str, TRUE);
+ /* Fail sometimes. Useful for testing fuzz scripts. */
+ /* if (g_random_int_range(0, 100) < 5) abort(); */
+
/*
* In order to have the -X opts assigned before the wslua machine starts
* we need to call getopt_long before epan_init() gets called.
/* Scan for plugins. This does *not* call their registration routines;
that's done later. */
- scan_plugins();
+ scan_plugins(REPORT_LOAD_FAILURE);
/* Register all libwiretap plugin modules. */
register_all_wiretap_modules();
return 0;
}
+ /* load the decode as entries of this profile */
+ load_decode_as_entries();
+
tshark_debug("tshark reading preferences");
prefs_p = read_prefs(&gpf_open_errno, &gpf_read_errno, &gpf_path,
pf_path = NULL;
}
+ read_filter_list(CFILTER_LIST, &cf_path, &cf_open_errno);
+ if (cf_path != NULL) {
+ cmdarg_err("Could not open your capture filter file\n\"%s\": %s.",
+ cf_path, g_strerror(cf_open_errno));
+ g_free(cf_path);
+ }
+
/* Read the disabled protocols file. */
read_disabled_protos_list(&gdp_path, &gdp_open_errno, &gdp_read_errno,
&dp_path, &dp_open_errno, &dp_read_errno);
/* already processed; just ignore it now */
break;
case 'd': /* Decode as rule */
- if (!add_decode_as(optarg))
+ if (!decode_as_command_option(optarg))
return 1;
break;
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
return 1;
}
break;
+ case 'j':
+ protocolfilter = wmem_strsplit(wmem_epan_scope(), optarg, " ", -1);
+ break;
case 'W': /* Select extra information to save in our capture file */
/* This is patterned after the -N flag which may not be the best idea. */
if (strchr(optarg, 'n')) {
if (badopt != '\0') {
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:",
badopt);
- cmdarg_err_cont("\t'C' to enable concurrent (asynchronous) DNS lookups\n"
- "\t'd' to enable address resolution from captured DNS packets\n"
+ cmdarg_err_cont("\t'd' to enable address resolution from captured DNS packets\n"
"\t'm' to enable MAC address resolution\n"
"\t'n' to enable network address resolution\n"
"\t'N' to enable using external resolvers (e.g., DNS)\n"
output_action = WRITE_FIELDS;
print_details = TRUE; /* Need full tree info */
print_summary = FALSE; /* Don't allow summary */
- } else {
+ } else if (strcmp(optarg, "json") == 0) {
+ output_action = WRITE_JSON;
+ print_details = TRUE; /* Need details */
+ print_summary = FALSE; /* Don't allow summary */
+ } else if (strcmp(optarg, "ek") == 0) {
+ output_action = WRITE_EK;
+ print_details = TRUE; /* Need details */
+ print_summary = FALSE; /* Don't allow summary */
+ }
+ else {
cmdarg_err("Invalid -T parameter \"%s\"; it must be one of:", optarg); /* x */
cmdarg_err_cont("\t\"fields\" The values of fields specified with the -e option, in a form\n"
"\t specified by the -E option.\n"
"\t summary information of a decoded packet. This information is\n"
"\t equivalent to the information shown in the one-line summary\n"
"\t printed by default.\n"
+ "\t\"json\" Packet Summary, an JSON-based format for the details\n"
+ "\t summary information of a decoded packet. This information is \n"
+ "\t equivalent to the packet details printed with the -V flag.\n"
+ "\t\"ek\" Packet Summary, an EK JSON-based format for the bulk insert \n"
+ "\t into elastic search cluster. This information is \n"
+ "\t equivalent to the packet details printed with the -V flag.\n"
"\t\"text\" Text of a human-readable one-line summary of each of the\n"
"\t packets, or a multi-line view of the details of each of the\n"
"\t packets, depending on whether the -V flag was specified.\n"
return 1;
}
break;
+ case 'U': /* Export PDUs to file */
+ {
+ GSList *export_pdu_tap_name_list = NULL;
+
+ if (!*optarg) {
+ cmdarg_err("Tap name is required! Valid names are:");
+ for (export_pdu_tap_name_list = get_export_pdu_tap_list(); export_pdu_tap_name_list; export_pdu_tap_name_list = g_slist_next(export_pdu_tap_name_list)) {
+ cmdarg_err("%s\n", (const char*)(export_pdu_tap_name_list->data));
+ }
+ return 1;
+ }
+ pdu_export_arg = g_strdup(optarg);
+ break;
+ }
case 'v': /* Show version and exit */
comp_info_str = get_compiled_version_info(get_tshark_compiled_version_info,
epan_get_compiled_version_info);
* $ ./tools/valgrind-wireshark -n
* much more useful. */
epan_cleanup();
+#ifdef HAVE_EXTCAP
+ extcap_cleanup();
+#endif
return 0;
case 'O': /* Only output these protocols */
/* already processed; just ignore it now */
}
/* If we specified output fields, but not the output field type... */
- if (WRITE_FIELDS != output_action && 0 != output_fields_num_fields(output_fields)) {
+ if ((WRITE_FIELDS != output_action && WRITE_XML != output_action && WRITE_JSON != output_action && WRITE_EK != output_action) && 0 != output_fields_num_fields(output_fields)) {
cmdarg_err("Output fields were specified with \"-e\", "
- "but \"-Tfields\" was not specified.");
+ "but \"-Tek, -Tfields, -Tjson or -Tpdml\" was not specified.");
return 1;
} else if (WRITE_FIELDS == output_action && 0 == output_fields_num_fields(output_fields)) {
cmdarg_err("\"-Tfields\" was specified, but no fields were "
}
if (print_hex) {
- if (output_action != WRITE_TEXT) {
- cmdarg_err("Raw packet hex data can only be printed as text or PostScript");
+ if (output_action != WRITE_TEXT && output_action != WRITE_JSON && output_action != WRITE_EK) {
+ cmdarg_err("Raw packet hex data can only be printed as text, PostScript, JSON or EK JSON");
return 1;
}
}
cmdarg_err("%s", err_msg);
g_free(err_msg);
epan_cleanup();
+#ifdef HAVE_EXTCAP
+ extcap_cleanup();
+#endif
#ifdef HAVE_PCAP_OPEN_DEAD
{
pcap_t *pc;
cmdarg_err("%s", err_msg);
g_free(err_msg);
epan_cleanup();
+#ifdef HAVE_EXTCAP
+ extcap_cleanup();
+#endif
#ifdef HAVE_PCAP_OPEN_DEAD
{
pcap_t *pc;
}
}
+ /* PDU export requested. Take the ownership of the '-w' file, apply tap
+ * filters and start tapping. */
+ if (pdu_export_arg) {
+ const char *exp_pdu_filename;
+ const char *exp_pdu_tap_name = pdu_export_arg;
+ const char *exp_pdu_filter = dfilter; /* may be NULL to disable filter */
+ char *exp_pdu_error;
+ int exp_fd;
+
+ if (!cf_name) {
+ cmdarg_err("PDUs export requires a capture file (specify with -r).");
+ return 1;
+ }
+ /* Take ownership of the '-w' output file. */
+#ifdef HAVE_LIBPCAP
+ exp_pdu_filename = global_capture_opts.save_file;
+ global_capture_opts.save_file = NULL;
+#else
+ exp_pdu_filename = output_file_name;
+ output_file_name = NULL;
+#endif
+ if (exp_pdu_filename == NULL) {
+ cmdarg_err("PDUs export requires an output file (-w).");
+ return 1;
+ }
+
+ exp_pdu_error = exp_pdu_pre_open(exp_pdu_tap_name, exp_pdu_filter,
+ &exp_pdu_tap_data);
+ if (exp_pdu_error) {
+ cmdarg_err("Cannot register tap: %s", exp_pdu_error);
+ g_free(exp_pdu_error);
+ return 2;
+ }
+
+ exp_fd = ws_open(exp_pdu_filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
+ if (exp_fd == -1) {
+ cmdarg_err("%s: %s", exp_pdu_filename, file_open_error_message(errno, TRUE));
+ return 2;
+ }
+
+ /* Activate the export PDU tap */
+ err = exp_pdu_open(&exp_pdu_tap_data, exp_fd,
+ g_strdup_printf("Dump of PDUs from %s", cf_name));
+ if (err != 0) {
+ cmdarg_err("Failed to start the PDU export: %s", g_strerror(err));
+ return 2;
+ }
+ }
+
/* We have to dissect each packet if:
we're printing information about each packet;
we're using a display filter on the packets;
+ we're exporting PDUs;
+
we're using any taps that need dissection. */
- do_dissection = print_packet_info || rfcode || dfcode || tap_listeners_require_dissection();
+ do_dissection = print_packet_info || rfcode || dfcode || pdu_export_arg ||
+ tap_listeners_require_dissection();
tshark_debug("tshark: do_dissection = %s", do_dissection ? "TRUE" : "FALSE");
if (cf_name) {
*/
if (cf_open(&cfile, cf_name, in_file_type, FALSE, &err) != CF_OK) {
epan_cleanup();
+#ifdef HAVE_EXTCAP
+ extcap_cleanup();
+#endif
return 2;
}
read some packets; however, we exit with an error status. */
exit_status = 2;
}
+
+ if (pdu_export_arg) {
+ err = exp_pdu_close(&exp_pdu_tap_data);
+ if (err) {
+ cmdarg_err("%s", wtap_strerror(err));
+ exit_status = 2;
+ }
+ g_free(pdu_export_arg);
+ }
} else {
tshark_debug("tshark: no capture file specified");
/* No capture file specified, so we're supposed to do a live capture
* suppress the information printed for each packet, but it'll
* also suppress the packet counts.
*/
- if (!isatty(fileno(stderr)))
+ if (!ws_isatty(ws_fileno(stderr)))
print_packet_counts = FALSE;
- else if (print_packet_info && isatty(fileno(stdout)))
+ else if (print_packet_info && ws_isatty(ws_fileno(stdout)))
print_packet_counts = FALSE;
else if (quiet)
print_packet_counts = FALSE;
funnel_dump_all_text_windows();
epan_free(cfile.epan);
epan_cleanup();
+#ifdef HAVE_EXTCAP
+ extcap_cleanup();
+#endif
output_fields_free(output_fields);
output_fields = NULL;
fflush(stderr);
g_string_free(str, TRUE);
- ret = sync_pipe_start(&global_capture_opts, &global_capture_session, NULL);
+ ret = sync_pipe_start(&global_capture_opts, &global_capture_session, &global_info_data, NULL);
if (!ret)
return FALSE;
do a dissection and do so. */
if (edt) {
if (gbl_resolv_flags.mac_name || gbl_resolv_flags.network_name ||
- gbl_resolv_flags.transport_name || gbl_resolv_flags.concurrent_dns)
+ gbl_resolv_flags.transport_name)
/* Grab any resolved addresses */
host_name_lookup_process();
do a dissection and do so. */
if (edt) {
if (gbl_resolv_flags.mac_name || gbl_resolv_flags.network_name ||
- gbl_resolv_flags.transport_name || gbl_resolv_flags.concurrent_dns)
+ gbl_resolv_flags.transport_name)
/* Grab any resolved addresses */
host_name_lookup_process();
char *save_file_string = NULL;
gboolean filtering_tap_listeners;
guint tap_flags;
- wtapng_section_t *shb_hdr = NULL;
+ GArray *shb_hdrs = NULL;
wtapng_iface_descriptions_t *idb_inf = NULL;
- wtapng_name_res_t *nrb_hdr = NULL;
+ GArray *nrb_hdrs = NULL;
struct wtap_pkthdr phdr;
Buffer buf;
epan_dissect_t *edt = NULL;
+ char *shb_user_appl;
wtap_phdr_init(&phdr);
}
tshark_debug("tshark: snapshot_length = %d", snapshot_length);
- shb_hdr = wtap_file_get_shb_for_new_file(cf->wth);
- nrb_hdr = wtap_file_get_nrb_for_new_file(cf->wth);
+ shb_hdrs = wtap_file_get_shb_for_new_file(cf->wth);
+ nrb_hdrs = wtap_file_get_nrb_for_new_file(cf->wth);
/* If we don't have an application name add Tshark */
- if (shb_hdr->shb_user_appl == NULL) {
- /* this is free'd by wtap_free_shb() later */
- shb_hdr->shb_user_appl = g_strdup_printf("TShark (Wireshark) %s", get_ws_vcs_version_info());
+ if (wtap_block_get_string_option_value(g_array_index(shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, &shb_user_appl) != WTAP_OPTTYPE_SUCCESS) {
+ /* this is free'd by wtap_block_free() later */
+ wtap_block_add_string_option_format(g_array_index(shb_hdrs, wtap_block_t, 0), OPT_SHB_USERAPPL, "TShark (Wireshark) %s", get_ws_vcs_version_info());
}
if (linktype != WTAP_ENCAP_PER_PACKET &&
out_file_type == WTAP_FILE_TYPE_SUBTYPE_PCAP) {
tshark_debug("tshark: writing PCAP format to %s", save_file);
- pdh = wtap_dump_open(save_file, out_file_type, linktype,
- snapshot_length, FALSE /* compressed */, &err);
+ if (strcmp(save_file, "-") == 0) {
+ /* Write to the standard output. */
+ pdh = wtap_dump_open_stdout(out_file_type, linktype,
+ snapshot_length, FALSE /* compressed */, &err);
+ } else {
+ pdh = wtap_dump_open(save_file, out_file_type, linktype,
+ snapshot_length, FALSE /* compressed */, &err);
+ }
}
else {
tshark_debug("tshark: writing format type %d, to %s", out_file_type, save_file);
- pdh = wtap_dump_open_ng(save_file, out_file_type, linktype,
- snapshot_length, FALSE /* compressed */, shb_hdr, idb_inf, nrb_hdr, &err);
+ if (strcmp(save_file, "-") == 0) {
+ /* Write to the standard output. */
+ pdh = wtap_dump_open_stdout_ng(out_file_type, linktype,
+ snapshot_length, FALSE /* compressed */, shb_hdrs, idb_inf, nrb_hdrs, &err);
+ } else {
+ pdh = wtap_dump_open_ng(save_file, out_file_type, linktype,
+ snapshot_length, FALSE /* compressed */, shb_hdrs, idb_inf, nrb_hdrs, &err);
+ }
}
g_free(idb_inf);
break;
}
wtap_dump_close(pdh, &err);
- wtap_free_shb(shb_hdr);
- wtap_free_nrb(nrb_hdr);
+ wtap_block_array_free(shb_hdrs);
+ wtap_block_array_free(nrb_hdrs);
exit(2);
}
}
break;
}
wtap_dump_close(pdh, &err);
- wtap_free_shb(shb_hdr);
- wtap_free_nrb(nrb_hdr);
+ wtap_block_array_free(shb_hdrs);
+ wtap_block_array_free(nrb_hdrs);
exit(2);
}
}
cf->wth = NULL;
g_free(save_file_string);
- wtap_free_shb(shb_hdr);
- wtap_free_nrb(nrb_hdr);
+ wtap_block_array_free(shb_hdrs);
+ wtap_block_array_free(nrb_hdrs);
return err;
}
do a dissection and do so. */
if (edt) {
if (print_packet_info && (gbl_resolv_flags.mac_name || gbl_resolv_flags.network_name ||
- gbl_resolv_flags.transport_name || gbl_resolv_flags.concurrent_dns))
+ gbl_resolv_flags.transport_name))
/* Grab any resolved addresses */
host_name_lookup_process();
write_fields_preamble(output_fields, stdout);
return !ferror(stdout);
+ case WRITE_JSON:
+ write_json_preamble(stdout);
+ return !ferror(stdout);
+
+ case WRITE_EK:
+ return !ferror(stdout);
+
default:
g_assert_not_reached();
return FALSE;
*
* If we printed a network source and are printing a
* network destination of the same type next, separate
- * them with " -> "; if we printed a network destination
- * and are printing a network source of the same type
- * next, separate them with " <- "; otherwise separate them
- * with a space.
+ * them with a UTF-8 right arrow; if we printed a network
+ * destination and are printing a network source of the same
+ * type next, separate them with a UTF-8 left arrow;
+ * otherwise separate them with a space.
*
- * We add enough space to the buffer for " <- " or " -> ",
- * even if we're only adding " ".
+ * We add enough space to the buffer for " \xe2\x86\x90 "
+ * or " \xe2\x86\x92 ", even if we're only adding " ".
*/
- line_bufp = get_line_buf(buf_offset + 4);
+ line_bufp = get_line_buf(buf_offset + 5);
switch (col_item->col_fmt) {
case COL_DEF_SRC:
case COL_DEF_DST:
case COL_RES_DST:
case COL_UNRES_DST:
- put_string(line_bufp + buf_offset, " -> ", 4);
- buf_offset += 4;
+ put_string(line_bufp + buf_offset, " " UTF8_RIGHTWARDS_ARROW " ", 5);
+ buf_offset += 5;
break;
default:
case COL_DEF_DL_DST:
case COL_RES_DL_DST:
case COL_UNRES_DL_DST:
- put_string(line_bufp + buf_offset, " -> ", 4);
- buf_offset += 4;
+ put_string(line_bufp + buf_offset, " " UTF8_RIGHTWARDS_ARROW " ", 5);
+ buf_offset += 5;
break;
default:
case COL_DEF_NET_DST:
case COL_RES_NET_DST:
case COL_UNRES_NET_DST:
- put_string(line_bufp + buf_offset, " -> ", 4);
- buf_offset += 4;
+ put_string(line_bufp + buf_offset, " " UTF8_RIGHTWARDS_ARROW " ", 5);
+ buf_offset += 5;
break;
default:
case COL_DEF_SRC:
case COL_RES_SRC:
case COL_UNRES_SRC:
- put_string(line_bufp + buf_offset, " <- ", 4);
- buf_offset += 4;
+ put_string(line_bufp + buf_offset, " " UTF8_LEFTWARDS_ARROW " ", 5);
+ buf_offset += 5;
break;
default:
case COL_DEF_DL_SRC:
case COL_RES_DL_SRC:
case COL_UNRES_DL_SRC:
- put_string(line_bufp + buf_offset, " <- ", 4);
- buf_offset += 4;
+ put_string(line_bufp + buf_offset, " " UTF8_LEFTWARDS_ARROW " ", 5);
+ buf_offset += 5;
break;
default:
case COL_DEF_NET_SRC:
case COL_RES_NET_SRC:
case COL_UNRES_NET_SRC:
- put_string(line_bufp + buf_offset, " <- ", 4);
- buf_offset += 4;
+ put_string(line_bufp + buf_offset, " " UTF8_LEFTWARDS_ARROW " ", 5);
+ buf_offset += 5;
break;
default:
write_psml_columns(edt, stdout);
return !ferror(stdout);
case WRITE_FIELDS: /*No non-verbose "fields" format */
+ case WRITE_JSON:
+ case WRITE_EK:
g_assert_not_reached();
break;
}
break;
case WRITE_XML:
- write_pdml_proto_tree(edt, stdout);
+ write_pdml_proto_tree(output_fields, protocolfilter, edt, stdout);
printf("\n");
return !ferror(stdout);
case WRITE_FIELDS:
write_fields_proto_tree(output_fields, edt, &cf->cinfo, stdout);
printf("\n");
return !ferror(stdout);
+ case WRITE_JSON:
+ print_args.print_hex = print_hex;
+ write_json_proto_tree(output_fields, &print_args, protocolfilter, edt, stdout);
+ printf("\n");
+ return !ferror(stdout);
+ case WRITE_EK:
+ print_args.print_hex = print_hex;
+ write_ek_proto_tree(output_fields, &print_args, protocolfilter, edt, stdout);
+ printf("\n");
+ return !ferror(stdout);
}
}
if (print_hex) {
write_fields_finale(output_fields, stdout);
return !ferror(stdout);
+ case WRITE_JSON:
+ write_json_finale(stdout);
+ return !ferror(stdout);
+
+ case WRITE_EK:
+ return !ferror(stdout);
+
default:
g_assert_not_reached();
return FALSE;