From e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 10 Apr 2024 22:34:10 +0200 Subject: Adding upstream version 4.2.2. Signed-off-by: Daniel Baumann --- docbook/CMakeLists.txt | 490 +++++ docbook/README.adoc | 136 ++ docbook/asciidoctor-macros/README.adoc | 5 + docbook/asciidoctor-macros/commaize-block.rb | 6 + .../asciidoctor-macros/commaize-block/extension.rb | 44 + .../asciidoctor-macros/commaize-block/sample.adoc | 31 + .../asciidoctor-macros/cveidlink-inline-macro.rb | 8 + .../cveidlink-inline-macro/extension.rb | 24 + docbook/asciidoctor-macros/manarg-block.rb | 8 + .../asciidoctor-macros/manarg-block/extension.rb | 45 + .../asciidoctor-macros/manarg-block/sample.adoc | 19 + docbook/asciidoctor-macros/ws_utils.rb | 13 + .../asciidoctor-macros/wsbuglink-inline-macro.rb | 8 + .../wsbuglink-inline-macro/extension.rb | 26 + .../asciidoctor-macros/wssalink-inline-macro.rb | 8 + .../wssalink-inline-macro/extension.rb | 23 + docbook/attributes.adoc | 107 + docbook/common_src/gpl_appendix.adoc | 355 +++ docbook/common_src/typographic_conventions.adoc | 99 + docbook/custom_layer_single_html.xsl | 16 + docbook/faq.adoc | 1087 +++++++++ docbook/logray-quick-start.adoc | 57 + docbook/make-wsluarm.py | 458 ++++ docbook/ws.css | 770 +++++++ docbook/wsdg_src/developer-guide-docinfo.xml | 85 + docbook/wsdg_src/developer-guide.adoc | 72 + docbook/wsdg_src/images/caution.svg | 3 + docbook/wsdg_src/images/git-triangular-workflow.gv | 59 + .../wsdg_src/images/git-triangular-workflow.svg | 62 + docbook/wsdg_src/images/important.svg | 4 + docbook/wsdg_src/images/note.svg | 3 + docbook/wsdg_src/images/tip.svg | 3 + docbook/wsdg_src/images/warning.svg | 4 + docbook/wsdg_src/images/ws-capture-sync.dia | Bin 0 -> 2943 bytes docbook/wsdg_src/images/ws-capture-sync.png | Bin 0 -> 5507 bytes docbook/wsdg_src/images/ws-capture_internals.dia | Bin 0 -> 2149 bytes docbook/wsdg_src/images/ws-capture_internals.png | Bin 0 -> 3699 bytes docbook/wsdg_src/images/ws-dev-guide-cover.png | Bin 0 -> 13679 bytes docbook/wsdg_src/images/ws-function-blocks.dia | Bin 0 -> 3343 bytes docbook/wsdg_src/images/ws-function-blocks.png | Bin 0 -> 10555 bytes docbook/wsdg_src/images/ws-logo.png | Bin 0 -> 5707 bytes docbook/wsdg_src/images/wslua-new-dialog.png | Bin 0 -> 21786 bytes docbook/wsdg_src/images/wslua-progdlg.png | Bin 0 -> 12695 bytes docbook/wsdg_src/images/wslua-textwindow.png | Bin 0 -> 26843 bytes docbook/wsdg_src/wsdg_asn2wrs.adoc | 1256 +++++++++++ docbook/wsdg_src/wsdg_build_intro.adoc | 52 + docbook/wsdg_src/wsdg_capture.adoc | 505 +++++ docbook/wsdg_src/wsdg_dissection.adoc | 1498 +++++++++++++ docbook/wsdg_src/wsdg_env_intro.adoc | 524 +++++ docbook/wsdg_src/wsdg_libraries.adoc | 349 +++ docbook/wsdg_src/wsdg_lua_support.adoc | 276 +++ docbook/wsdg_src/wsdg_preface.adoc | 84 + docbook/wsdg_src/wsdg_quick_setup.adoc | 965 ++++++++ docbook/wsdg_src/wsdg_sources.adoc | 1412 ++++++++++++ docbook/wsdg_src/wsdg_tests.adoc | 298 +++ docbook/wsdg_src/wsdg_tools.adoc | 1043 +++++++++ docbook/wsdg_src/wsdg_userinterface.adoc | 318 +++ docbook/wsdg_src/wsdg_works.adoc | 119 + docbook/wsug_src/capinfos-h.txt | 68 + docbook/wsug_src/dumpcap-h.txt | 94 + docbook/wsug_src/editcap-F.txt | 39 + docbook/wsug_src/editcap-T.txt | 225 ++ docbook/wsug_src/editcap-h.txt | 117 + docbook/wsug_src/images/caution.svg | 3 + docbook/wsug_src/images/important.svg | 4 + docbook/wsug_src/images/note.svg | 3 + docbook/wsug_src/images/related-ack.png | Bin 0 -> 221 bytes docbook/wsug_src/images/related-current.png | Bin 0 -> 92 bytes docbook/wsug_src/images/related-dup-ack.png | Bin 0 -> 247 bytes docbook/wsug_src/images/related-first.png | Bin 0 -> 105 bytes docbook/wsug_src/images/related-last.png | Bin 0 -> 105 bytes docbook/wsug_src/images/related-other.png | Bin 0 -> 99 bytes docbook/wsug_src/images/related-request.png | Bin 0 -> 148 bytes docbook/wsug_src/images/related-response.png | Bin 0 -> 153 bytes docbook/wsug_src/images/related-segment.png | Bin 0 -> 165 bytes docbook/wsug_src/images/tip.svg | 3 + docbook/wsug_src/images/toolbar/document-open.png | Bin 0 -> 1393 bytes docbook/wsug_src/images/toolbar/edit-find.png | Bin 0 -> 763 bytes .../wsug_src/images/toolbar/filter-toolbar-add.png | Bin 0 -> 101 bytes .../images/toolbar/filter-toolbar-apply.png | Bin 0 -> 601 bytes .../images/toolbar/filter-toolbar-bookmark.png | Bin 0 -> 402 bytes .../images/toolbar/filter-toolbar-clear.png | Bin 0 -> 482 bytes .../images/toolbar/filter-toolbar-input.png | Bin 0 -> 261 bytes .../images/toolbar/filter-toolbar-recent.png | Bin 0 -> 162 bytes docbook/wsug_src/images/toolbar/go-first.png | Bin 0 -> 547 bytes docbook/wsug_src/images/toolbar/go-jump.png | Bin 0 -> 594 bytes docbook/wsug_src/images/toolbar/go-last.png | Bin 0 -> 535 bytes docbook/wsug_src/images/toolbar/go-next.png | Bin 0 -> 740 bytes docbook/wsug_src/images/toolbar/go-previous.png | Bin 0 -> 743 bytes .../images/toolbar/x-capture-file-close.png | Bin 0 -> 1248 bytes .../images/toolbar/x-capture-file-reload.png | Bin 0 -> 1284 bytes .../images/toolbar/x-capture-file-save.png | Bin 0 -> 1186 bytes .../wsug_src/images/toolbar/x-capture-options.png | Bin 0 -> 848 bytes .../wsug_src/images/toolbar/x-capture-restart.png | Bin 0 -> 1129 bytes .../wsug_src/images/toolbar/x-capture-start.png | Bin 0 -> 995 bytes docbook/wsug_src/images/toolbar/x-capture-stop.png | Bin 0 -> 148 bytes .../wsug_src/images/toolbar/x-colorize-packets.png | Bin 0 -> 157 bytes .../wsug_src/images/toolbar/x-resize-columns.png | Bin 0 -> 299 bytes docbook/wsug_src/images/toolbar/x-stay-last.png | Bin 0 -> 238 bytes docbook/wsug_src/images/toolbar/zoom-in.png | Bin 0 -> 485 bytes docbook/wsug_src/images/toolbar/zoom-original.png | Bin 0 -> 477 bytes docbook/wsug_src/images/toolbar/zoom-out.png | Bin 0 -> 474 bytes docbook/wsug_src/images/warning.svg | 4 + docbook/wsug_src/images/ws-about-codecs.png | Bin 0 -> 57604 bytes docbook/wsug_src/images/ws-analyze-menu.png | Bin 0 -> 52817 bytes docbook/wsug_src/images/ws-asap-statistics.png | Bin 0 -> 127589 bytes docbook/wsug_src/images/ws-bluetooth-devices.png | Bin 0 -> 69083 bytes docbook/wsug_src/images/ws-bt-hci-summary.png | Bin 0 -> 92829 bytes .../wsug_src/images/ws-bytes-pane-popup-menu.png | Bin 0 -> 197570 bytes docbook/wsug_src/images/ws-bytes-pane-tabs.png | Bin 0 -> 18490 bytes docbook/wsug_src/images/ws-bytes-pane.png | Bin 0 -> 6313 bytes .../images/ws-calcappprotocol-statistics.png | Bin 0 -> 79688 bytes .../wsug_src/images/ws-capture-file-properties.png | Bin 0 -> 22450 bytes docbook/wsug_src/images/ws-capture-info.png | Bin 0 -> 9558 bytes .../images/ws-capture-interfaces-main-macos.png | Bin 0 -> 73946 bytes .../images/ws-capture-interfaces-main-win32.png | Bin 0 -> 10465 bytes docbook/wsug_src/images/ws-capture-menu.png | Bin 0 -> 53166 bytes .../ws-capture-options-compile-selected-bpfs.png | Bin 0 -> 9448 bytes .../wsug_src/images/ws-capture-options-options.png | Bin 0 -> 9918 bytes .../wsug_src/images/ws-capture-options-output.png | Bin 0 -> 10716 bytes docbook/wsug_src/images/ws-capture-options.png | Bin 0 -> 37310 bytes docbook/wsug_src/images/ws-choose-color-rule.png | Bin 0 -> 38640 bytes docbook/wsug_src/images/ws-coloring-fields.png | Bin 0 -> 42734 bytes .../wsug_src/images/ws-coloring-rules-dialog.png | Bin 0 -> 86176 bytes .../images/ws-column-header-popup-menu.png | Bin 0 -> 195258 bytes docbook/wsug_src/images/ws-csp-statistics.png | Bin 0 -> 39735 bytes docbook/wsug_src/images/ws-decode-as.png | Bin 0 -> 15591 bytes .../wsug_src/images/ws-details-pane-popup-menu.png | Bin 0 -> 74518 bytes docbook/wsug_src/images/ws-details-pane.png | Bin 0 -> 7205 bytes .../wsug_src/images/ws-diagram-pane-popup-menu.png | Bin 0 -> 5452 bytes docbook/wsug_src/images/ws-diagram-pane.png | Bin 0 -> 7250 bytes docbook/wsug_src/images/ws-display-filter-tcp.png | Bin 0 -> 40945 bytes docbook/wsug_src/images/ws-dns.png | Bin 0 -> 151855 bytes docbook/wsug_src/images/ws-edit-menu.png | Bin 0 -> 48059 bytes docbook/wsug_src/images/ws-enabled-protocols.png | Bin 0 -> 21977 bytes docbook/wsug_src/images/ws-enrp-statistics.png | Bin 0 -> 78250 bytes docbook/wsug_src/images/ws-expert-colored-tree.png | Bin 0 -> 44360 bytes docbook/wsug_src/images/ws-expert-column.png | Bin 0 -> 97013 bytes docbook/wsug_src/images/ws-expert-information.png | Bin 0 -> 235306 bytes docbook/wsug_src/images/ws-export-objects.png | Bin 0 -> 154811 bytes .../images/ws-export-packet-dissections.png | Bin 0 -> 24546 bytes docbook/wsug_src/images/ws-export-pdus-to-file.png | Bin 0 -> 28903 bytes docbook/wsug_src/images/ws-export-selected.png | Bin 0 -> 25319 bytes .../images/ws-export-specified-packets.png | Bin 0 -> 38066 bytes docbook/wsug_src/images/ws-fgp-statistics.png | Bin 0 -> 47411 bytes docbook/wsug_src/images/ws-file-import-regex.png | Bin 0 -> 7502 bytes docbook/wsug_src/images/ws-file-import.png | Bin 0 -> 18522 bytes docbook/wsug_src/images/ws-file-menu.png | Bin 0 -> 49589 bytes docbook/wsug_src/images/ws-file-set-dialog.png | Bin 0 -> 11837 bytes .../wsug_src/images/ws-filter-add-expression.png | Bin 0 -> 99425 bytes docbook/wsug_src/images/ws-filter-macros.png | Bin 0 -> 53404 bytes docbook/wsug_src/images/ws-filter-toolbar.png | Bin 0 -> 17135 bytes docbook/wsug_src/images/ws-filters.png | Bin 0 -> 106617 bytes docbook/wsug_src/images/ws-find-packet.png | Bin 0 -> 68633 bytes docbook/wsug_src/images/ws-flow-graph.png | Bin 0 -> 287244 bytes docbook/wsug_src/images/ws-follow-http2-stream.png | Bin 0 -> 57209 bytes docbook/wsug_src/images/ws-follow-sip-stream.png | Bin 0 -> 152551 bytes docbook/wsug_src/images/ws-follow-stream.png | Bin 0 -> 99270 bytes docbook/wsug_src/images/ws-go-menu.png | Bin 0 -> 54427 bytes docbook/wsug_src/images/ws-goto-packet.png | Bin 0 -> 106466 bytes docbook/wsug_src/images/ws-gui-config-profiles.png | Bin 0 -> 120304 bytes docbook/wsug_src/images/ws-help-menu.png | Bin 0 -> 57646 bytes docbook/wsug_src/images/ws-list-pane.png | Bin 0 -> 179959 bytes docbook/wsug_src/images/ws-main-toolbar.png | Bin 0 -> 12384 bytes docbook/wsug_src/images/ws-main.png | Bin 0 -> 61749 bytes docbook/wsug_src/images/ws-manage-interfaces.png | Bin 0 -> 16108 bytes docbook/wsug_src/images/ws-mate-analysis.png | Bin 0 -> 15235 bytes docbook/wsug_src/images/ws-mate-dns_pane.png | Bin 0 -> 10026 bytes docbook/wsug_src/images/ws-mate-dns_pdu.png | Bin 0 -> 5438 bytes docbook/wsug_src/images/ws-mate-ftp_over_gre.png | Bin 0 -> 6319 bytes docbook/wsug_src/images/ws-mate-gop_analysis.png | Bin 0 -> 26029 bytes .../images/ws-mate-isup_over_mtp3_over_ip.png | Bin 0 -> 8019 bytes docbook/wsug_src/images/ws-mate-mmse_over_http.png | Bin 0 -> 6450 bytes docbook/wsug_src/images/ws-mate-pdu_analysis.png | Bin 0 -> 12338 bytes docbook/wsug_src/images/ws-mate-tcp-output.png | Bin 0 -> 15193 bytes docbook/wsug_src/images/ws-mate-transform.png | Bin 0 -> 5285 bytes docbook/wsug_src/images/ws-menu.png | Bin 0 -> 1224 bytes docbook/wsug_src/images/ws-merge-qt5.png | Bin 0 -> 87107 bytes docbook/wsug_src/images/ws-merge-win32.png | Bin 0 -> 31903 bytes .../wsug_src/images/ws-netperfmeter-statistics.png | Bin 0 -> 292140 bytes docbook/wsug_src/images/ws-open-qt5.png | Bin 0 -> 94718 bytes docbook/wsug_src/images/ws-open-win32.png | Bin 0 -> 36529 bytes docbook/wsug_src/images/ws-packet-format.png | Bin 0 -> 59055 bytes .../wsug_src/images/ws-packet-pane-popup-menu.png | Bin 0 -> 63939 bytes docbook/wsug_src/images/ws-packet-range.png | Bin 0 -> 3354 bytes docbook/wsug_src/images/ws-packet-selected.png | Bin 0 -> 185251 bytes docbook/wsug_src/images/ws-packet-sep-win.png | Bin 0 -> 17826 bytes .../images/ws-pingpongprotocol-statistics.png | Bin 0 -> 47806 bytes docbook/wsug_src/images/ws-pref-advanced.png | Bin 0 -> 20099 bytes .../wsug_src/images/ws-pref-appearance-columns.png | Bin 0 -> 11435 bytes .../images/ws-pref-appearance-fonts-and-colors.png | Bin 0 -> 15859 bytes .../wsug_src/images/ws-pref-appearance-layout.png | Bin 0 -> 17347 bytes docbook/wsug_src/images/ws-pref-appearance.png | Bin 0 -> 16902 bytes docbook/wsug_src/images/ws-pref-capture.png | Bin 0 -> 11318 bytes docbook/wsug_src/images/ws-pref-expert.png | Bin 0 -> 9931 bytes docbook/wsug_src/images/ws-pref-filter-buttons.png | Bin 0 -> 10546 bytes .../wsug_src/images/ws-pref-name-resolution.png | Bin 0 -> 15776 bytes docbook/wsug_src/images/ws-pref-protocols.png | Bin 0 -> 10711 bytes docbook/wsug_src/images/ws-pref-rsa-keys.png | Bin 0 -> 10373 bytes docbook/wsug_src/images/ws-pref-statistics.png | Bin 0 -> 13621 bytes docbook/wsug_src/images/ws-print.png | Bin 0 -> 641979 bytes docbook/wsug_src/images/ws-resolved-addr.png | Bin 0 -> 86141 bytes docbook/wsug_src/images/ws-rlc-graph.png | Bin 0 -> 61853 bytes docbook/wsug_src/images/ws-save-as-qt5.png | Bin 0 -> 43012 bytes docbook/wsug_src/images/ws-save-as-win32.png | Bin 0 -> 19241 bytes docbook/wsug_src/images/ws-sctp-1-association.png | Bin 0 -> 119620 bytes docbook/wsug_src/images/ws-sctp.png | Bin 0 -> 38473 bytes docbook/wsug_src/images/ws-ssp-statistics.png | Bin 0 -> 84536 bytes docbook/wsug_src/images/ws-statistics-menu.png | Bin 0 -> 58896 bytes docbook/wsug_src/images/ws-stats-conversations.png | Bin 0 -> 482854 bytes docbook/wsug_src/images/ws-stats-endpoints.png | Bin 0 -> 277413 bytes docbook/wsug_src/images/ws-stats-hierarchy.png | Bin 0 -> 86949 bytes .../images/ws-stats-http-requestsequences.png | Bin 0 -> 32351 bytes docbook/wsug_src/images/ws-stats-iographs.png | Bin 0 -> 48212 bytes .../wsug_src/images/ws-stats-lte-mac-traffic.png | Bin 0 -> 24809 bytes .../wsug_src/images/ws-stats-lte-rlc-traffic.png | Bin 0 -> 23041 bytes .../wsug_src/images/ws-stats-packet-lengths.png | Bin 0 -> 92831 bytes docbook/wsug_src/images/ws-stats-srt-smb2.png | Bin 0 -> 21338 bytes docbook/wsug_src/images/ws-stats-wlan-traffic.png | Bin 0 -> 26157 bytes docbook/wsug_src/images/ws-statusbar-empty.png | Bin 0 -> 8447 bytes docbook/wsug_src/images/ws-statusbar-filter.png | Bin 0 -> 17185 bytes docbook/wsug_src/images/ws-statusbar-loaded.png | Bin 0 -> 12944 bytes docbook/wsug_src/images/ws-statusbar-profile.png | Bin 0 -> 34604 bytes docbook/wsug_src/images/ws-statusbar-selected.png | Bin 0 -> 15042 bytes docbook/wsug_src/images/ws-tcp-analysis.png | Bin 0 -> 70774 bytes docbook/wsug_src/images/ws-tel-playlist.dia | Bin 0 -> 1615 bytes docbook/wsug_src/images/ws-tel-playlist.png | Bin 0 -> 13572 bytes docbook/wsug_src/images/ws-tel-rtp-player_1.png | Bin 0 -> 287286 bytes docbook/wsug_src/images/ws-tel-rtp-player_1.xcf | Bin 0 -> 1094564 bytes docbook/wsug_src/images/ws-tel-rtp-player_2.png | Bin 0 -> 329291 bytes docbook/wsug_src/images/ws-tel-rtp-player_2.xcf | Bin 0 -> 686083 bytes docbook/wsug_src/images/ws-tel-rtp-player_3.png | Bin 0 -> 31422 bytes .../wsug_src/images/ws-tel-rtp-player_button.png | Bin 0 -> 20816 bytes docbook/wsug_src/images/ws-tel-rtp-streams.png | Bin 0 -> 76336 bytes .../images/ws-tel-rtpstream-analysis_1.png | Bin 0 -> 214220 bytes .../images/ws-tel-rtpstream-analysis_2.png | Bin 0 -> 87689 bytes .../images/ws-tel-rtpstream-analysis_3.png | Bin 0 -> 213706 bytes docbook/wsug_src/images/ws-tel-seq-dialog.png | Bin 0 -> 284185 bytes docbook/wsug_src/images/ws-tel-voip-calls.png | Bin 0 -> 88363 bytes docbook/wsug_src/images/ws-telephony-menu.png | Bin 0 -> 55412 bytes docbook/wsug_src/images/ws-time-reference.png | Bin 0 -> 45981 bytes docbook/wsug_src/images/ws-time-shift-details.png | Bin 0 -> 34914 bytes docbook/wsug_src/images/ws-time-shift.png | Bin 0 -> 22411 bytes docbook/wsug_src/images/ws-tls-session-keys.png | Bin 0 -> 39511 bytes docbook/wsug_src/images/ws-tools-menu.png | Bin 0 -> 90865 bytes .../wsug_src/images/ws-udp-multicast-stream.png | Bin 0 -> 135427 bytes docbook/wsug_src/images/ws-user-guide-cover.png | Bin 0 -> 12238 bytes docbook/wsug_src/images/ws-view-menu.png | Bin 0 -> 40750 bytes docbook/wsug_src/images/ws-wireless-menu.png | Bin 0 -> 53973 bytes docbook/wsug_src/mergecap-h.txt | 20 + docbook/wsug_src/rawshark-h.txt | 59 + docbook/wsug_src/reordercap-h.txt | 10 + docbook/wsug_src/text2pcap-h.txt | 108 + docbook/wsug_src/tshark-h.txt | 166 ++ docbook/wsug_src/user-guide-docinfo.xml | 150 ++ docbook/wsug_src/user-guide.adoc | 64 + docbook/wsug_src/wireshark-h.txt | 112 + docbook/wsug_src/wsug_advanced.adoc | 1297 +++++++++++ docbook/wsug_src/wsug_build_install.adoc | 396 ++++ docbook/wsug_src/wsug_capture.adoc | 733 +++++++ docbook/wsug_src/wsug_customize.adoc | 1496 +++++++++++++ docbook/wsug_src/wsug_files.adoc | 647 ++++++ docbook/wsug_src/wsug_howitworks.adoc | 75 + docbook/wsug_src/wsug_introduction.adoc | 521 +++++ docbook/wsug_src/wsug_io.adoc | 1254 +++++++++++ docbook/wsug_src/wsug_mate.adoc | 2318 ++++++++++++++++++++ docbook/wsug_src/wsug_messages.adoc | 81 + docbook/wsug_src/wsug_preface.adoc | 91 + docbook/wsug_src/wsug_protocols.adoc | 15 + docbook/wsug_src/wsug_statistics.adoc | 928 ++++++++ docbook/wsug_src/wsug_telephony.adoc | 619 ++++++ docbook/wsug_src/wsug_tools.adoc | 301 +++ docbook/wsug_src/wsug_troubleshoot.adoc | 79 + docbook/wsug_src/wsug_use.adoc | 1171 ++++++++++ docbook/wsug_src/wsug_wireless.adoc | 74 + docbook/wsug_src/wsug_work.adoc | 1506 +++++++++++++ 276 files changed, 27688 insertions(+) create mode 100644 docbook/CMakeLists.txt create mode 100644 docbook/README.adoc create mode 100644 docbook/asciidoctor-macros/README.adoc create mode 100644 docbook/asciidoctor-macros/commaize-block.rb create mode 100644 docbook/asciidoctor-macros/commaize-block/extension.rb create mode 100644 docbook/asciidoctor-macros/commaize-block/sample.adoc create mode 100644 docbook/asciidoctor-macros/cveidlink-inline-macro.rb create mode 100644 docbook/asciidoctor-macros/cveidlink-inline-macro/extension.rb create mode 100644 docbook/asciidoctor-macros/manarg-block.rb create mode 100644 docbook/asciidoctor-macros/manarg-block/extension.rb create mode 100644 docbook/asciidoctor-macros/manarg-block/sample.adoc create mode 100644 docbook/asciidoctor-macros/ws_utils.rb create mode 100644 docbook/asciidoctor-macros/wsbuglink-inline-macro.rb create mode 100644 docbook/asciidoctor-macros/wsbuglink-inline-macro/extension.rb create mode 100644 docbook/asciidoctor-macros/wssalink-inline-macro.rb create mode 100644 docbook/asciidoctor-macros/wssalink-inline-macro/extension.rb create mode 100644 docbook/attributes.adoc create mode 100644 docbook/common_src/gpl_appendix.adoc create mode 100644 docbook/common_src/typographic_conventions.adoc create mode 100644 docbook/custom_layer_single_html.xsl create mode 100644 docbook/faq.adoc create mode 100644 docbook/logray-quick-start.adoc create mode 100755 docbook/make-wsluarm.py create mode 100644 docbook/ws.css create mode 100644 docbook/wsdg_src/developer-guide-docinfo.xml create mode 100644 docbook/wsdg_src/developer-guide.adoc create mode 100644 docbook/wsdg_src/images/caution.svg create mode 100644 docbook/wsdg_src/images/git-triangular-workflow.gv create mode 100644 docbook/wsdg_src/images/git-triangular-workflow.svg create mode 100644 docbook/wsdg_src/images/important.svg create mode 100644 docbook/wsdg_src/images/note.svg create mode 100644 docbook/wsdg_src/images/tip.svg create mode 100644 docbook/wsdg_src/images/warning.svg create mode 100644 docbook/wsdg_src/images/ws-capture-sync.dia create mode 100644 docbook/wsdg_src/images/ws-capture-sync.png create mode 100644 docbook/wsdg_src/images/ws-capture_internals.dia create mode 100644 docbook/wsdg_src/images/ws-capture_internals.png create mode 100644 docbook/wsdg_src/images/ws-dev-guide-cover.png create mode 100644 docbook/wsdg_src/images/ws-function-blocks.dia create mode 100644 docbook/wsdg_src/images/ws-function-blocks.png create mode 100644 docbook/wsdg_src/images/ws-logo.png create mode 100644 docbook/wsdg_src/images/wslua-new-dialog.png create mode 100644 docbook/wsdg_src/images/wslua-progdlg.png create mode 100644 docbook/wsdg_src/images/wslua-textwindow.png create mode 100644 docbook/wsdg_src/wsdg_asn2wrs.adoc create mode 100644 docbook/wsdg_src/wsdg_build_intro.adoc create mode 100644 docbook/wsdg_src/wsdg_capture.adoc create mode 100644 docbook/wsdg_src/wsdg_dissection.adoc create mode 100644 docbook/wsdg_src/wsdg_env_intro.adoc create mode 100644 docbook/wsdg_src/wsdg_libraries.adoc create mode 100644 docbook/wsdg_src/wsdg_lua_support.adoc create mode 100644 docbook/wsdg_src/wsdg_preface.adoc create mode 100644 docbook/wsdg_src/wsdg_quick_setup.adoc create mode 100644 docbook/wsdg_src/wsdg_sources.adoc create mode 100644 docbook/wsdg_src/wsdg_tests.adoc create mode 100644 docbook/wsdg_src/wsdg_tools.adoc create mode 100644 docbook/wsdg_src/wsdg_userinterface.adoc create mode 100644 docbook/wsdg_src/wsdg_works.adoc create mode 100644 docbook/wsug_src/capinfos-h.txt create mode 100644 docbook/wsug_src/dumpcap-h.txt create mode 100644 docbook/wsug_src/editcap-F.txt create mode 100644 docbook/wsug_src/editcap-T.txt create mode 100644 docbook/wsug_src/editcap-h.txt create mode 100644 docbook/wsug_src/images/caution.svg create mode 100644 docbook/wsug_src/images/important.svg create mode 100644 docbook/wsug_src/images/note.svg create mode 100644 docbook/wsug_src/images/related-ack.png create mode 100644 docbook/wsug_src/images/related-current.png create mode 100644 docbook/wsug_src/images/related-dup-ack.png create mode 100644 docbook/wsug_src/images/related-first.png create mode 100644 docbook/wsug_src/images/related-last.png create mode 100644 docbook/wsug_src/images/related-other.png create mode 100644 docbook/wsug_src/images/related-request.png create mode 100644 docbook/wsug_src/images/related-response.png create mode 100644 docbook/wsug_src/images/related-segment.png create mode 100644 docbook/wsug_src/images/tip.svg create mode 100644 docbook/wsug_src/images/toolbar/document-open.png create mode 100644 docbook/wsug_src/images/toolbar/edit-find.png create mode 100644 docbook/wsug_src/images/toolbar/filter-toolbar-add.png create mode 100644 docbook/wsug_src/images/toolbar/filter-toolbar-apply.png create mode 100644 docbook/wsug_src/images/toolbar/filter-toolbar-bookmark.png create mode 100644 docbook/wsug_src/images/toolbar/filter-toolbar-clear.png create mode 100644 docbook/wsug_src/images/toolbar/filter-toolbar-input.png create mode 100644 docbook/wsug_src/images/toolbar/filter-toolbar-recent.png create mode 100644 docbook/wsug_src/images/toolbar/go-first.png create mode 100644 docbook/wsug_src/images/toolbar/go-jump.png create mode 100644 docbook/wsug_src/images/toolbar/go-last.png create mode 100644 docbook/wsug_src/images/toolbar/go-next.png create mode 100644 docbook/wsug_src/images/toolbar/go-previous.png create mode 100644 docbook/wsug_src/images/toolbar/x-capture-file-close.png create mode 100644 docbook/wsug_src/images/toolbar/x-capture-file-reload.png create mode 100644 docbook/wsug_src/images/toolbar/x-capture-file-save.png create mode 100644 docbook/wsug_src/images/toolbar/x-capture-options.png create mode 100644 docbook/wsug_src/images/toolbar/x-capture-restart.png create mode 100644 docbook/wsug_src/images/toolbar/x-capture-start.png create mode 100644 docbook/wsug_src/images/toolbar/x-capture-stop.png create mode 100644 docbook/wsug_src/images/toolbar/x-colorize-packets.png create mode 100644 docbook/wsug_src/images/toolbar/x-resize-columns.png create mode 100644 docbook/wsug_src/images/toolbar/x-stay-last.png create mode 100644 docbook/wsug_src/images/toolbar/zoom-in.png create mode 100644 docbook/wsug_src/images/toolbar/zoom-original.png create mode 100644 docbook/wsug_src/images/toolbar/zoom-out.png create mode 100644 docbook/wsug_src/images/warning.svg create mode 100644 docbook/wsug_src/images/ws-about-codecs.png create mode 100644 docbook/wsug_src/images/ws-analyze-menu.png create mode 100644 docbook/wsug_src/images/ws-asap-statistics.png create mode 100644 docbook/wsug_src/images/ws-bluetooth-devices.png create mode 100644 docbook/wsug_src/images/ws-bt-hci-summary.png create mode 100644 docbook/wsug_src/images/ws-bytes-pane-popup-menu.png create mode 100644 docbook/wsug_src/images/ws-bytes-pane-tabs.png create mode 100644 docbook/wsug_src/images/ws-bytes-pane.png create mode 100644 docbook/wsug_src/images/ws-calcappprotocol-statistics.png create mode 100644 docbook/wsug_src/images/ws-capture-file-properties.png create mode 100644 docbook/wsug_src/images/ws-capture-info.png create mode 100644 docbook/wsug_src/images/ws-capture-interfaces-main-macos.png create mode 100644 docbook/wsug_src/images/ws-capture-interfaces-main-win32.png create mode 100644 docbook/wsug_src/images/ws-capture-menu.png create mode 100644 docbook/wsug_src/images/ws-capture-options-compile-selected-bpfs.png create mode 100644 docbook/wsug_src/images/ws-capture-options-options.png create mode 100644 docbook/wsug_src/images/ws-capture-options-output.png create mode 100644 docbook/wsug_src/images/ws-capture-options.png create mode 100644 docbook/wsug_src/images/ws-choose-color-rule.png create mode 100644 docbook/wsug_src/images/ws-coloring-fields.png create mode 100644 docbook/wsug_src/images/ws-coloring-rules-dialog.png create mode 100644 docbook/wsug_src/images/ws-column-header-popup-menu.png create mode 100644 docbook/wsug_src/images/ws-csp-statistics.png create mode 100644 docbook/wsug_src/images/ws-decode-as.png create mode 100644 docbook/wsug_src/images/ws-details-pane-popup-menu.png create mode 100644 docbook/wsug_src/images/ws-details-pane.png create mode 100644 docbook/wsug_src/images/ws-diagram-pane-popup-menu.png create mode 100644 docbook/wsug_src/images/ws-diagram-pane.png create mode 100644 docbook/wsug_src/images/ws-display-filter-tcp.png create mode 100644 docbook/wsug_src/images/ws-dns.png create mode 100644 docbook/wsug_src/images/ws-edit-menu.png create mode 100644 docbook/wsug_src/images/ws-enabled-protocols.png create mode 100644 docbook/wsug_src/images/ws-enrp-statistics.png create mode 100644 docbook/wsug_src/images/ws-expert-colored-tree.png create mode 100644 docbook/wsug_src/images/ws-expert-column.png create mode 100644 docbook/wsug_src/images/ws-expert-information.png create mode 100644 docbook/wsug_src/images/ws-export-objects.png create mode 100644 docbook/wsug_src/images/ws-export-packet-dissections.png create mode 100644 docbook/wsug_src/images/ws-export-pdus-to-file.png create mode 100644 docbook/wsug_src/images/ws-export-selected.png create mode 100644 docbook/wsug_src/images/ws-export-specified-packets.png create mode 100644 docbook/wsug_src/images/ws-fgp-statistics.png create mode 100644 docbook/wsug_src/images/ws-file-import-regex.png create mode 100644 docbook/wsug_src/images/ws-file-import.png create mode 100644 docbook/wsug_src/images/ws-file-menu.png create mode 100644 docbook/wsug_src/images/ws-file-set-dialog.png create mode 100644 docbook/wsug_src/images/ws-filter-add-expression.png create mode 100644 docbook/wsug_src/images/ws-filter-macros.png create mode 100644 docbook/wsug_src/images/ws-filter-toolbar.png create mode 100644 docbook/wsug_src/images/ws-filters.png create mode 100644 docbook/wsug_src/images/ws-find-packet.png create mode 100644 docbook/wsug_src/images/ws-flow-graph.png create mode 100644 docbook/wsug_src/images/ws-follow-http2-stream.png create mode 100644 docbook/wsug_src/images/ws-follow-sip-stream.png create mode 100644 docbook/wsug_src/images/ws-follow-stream.png create mode 100644 docbook/wsug_src/images/ws-go-menu.png create mode 100644 docbook/wsug_src/images/ws-goto-packet.png create mode 100644 docbook/wsug_src/images/ws-gui-config-profiles.png create mode 100644 docbook/wsug_src/images/ws-help-menu.png create mode 100644 docbook/wsug_src/images/ws-list-pane.png create mode 100644 docbook/wsug_src/images/ws-main-toolbar.png create mode 100644 docbook/wsug_src/images/ws-main.png create mode 100644 docbook/wsug_src/images/ws-manage-interfaces.png create mode 100644 docbook/wsug_src/images/ws-mate-analysis.png create mode 100644 docbook/wsug_src/images/ws-mate-dns_pane.png create mode 100644 docbook/wsug_src/images/ws-mate-dns_pdu.png create mode 100644 docbook/wsug_src/images/ws-mate-ftp_over_gre.png create mode 100644 docbook/wsug_src/images/ws-mate-gop_analysis.png create mode 100644 docbook/wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png create mode 100644 docbook/wsug_src/images/ws-mate-mmse_over_http.png create mode 100644 docbook/wsug_src/images/ws-mate-pdu_analysis.png create mode 100644 docbook/wsug_src/images/ws-mate-tcp-output.png create mode 100644 docbook/wsug_src/images/ws-mate-transform.png create mode 100644 docbook/wsug_src/images/ws-menu.png create mode 100644 docbook/wsug_src/images/ws-merge-qt5.png create mode 100644 docbook/wsug_src/images/ws-merge-win32.png create mode 100644 docbook/wsug_src/images/ws-netperfmeter-statistics.png create mode 100644 docbook/wsug_src/images/ws-open-qt5.png create mode 100644 docbook/wsug_src/images/ws-open-win32.png create mode 100644 docbook/wsug_src/images/ws-packet-format.png create mode 100644 docbook/wsug_src/images/ws-packet-pane-popup-menu.png create mode 100644 docbook/wsug_src/images/ws-packet-range.png create mode 100644 docbook/wsug_src/images/ws-packet-selected.png create mode 100644 docbook/wsug_src/images/ws-packet-sep-win.png create mode 100644 docbook/wsug_src/images/ws-pingpongprotocol-statistics.png create mode 100644 docbook/wsug_src/images/ws-pref-advanced.png create mode 100644 docbook/wsug_src/images/ws-pref-appearance-columns.png create mode 100644 docbook/wsug_src/images/ws-pref-appearance-fonts-and-colors.png create mode 100644 docbook/wsug_src/images/ws-pref-appearance-layout.png create mode 100644 docbook/wsug_src/images/ws-pref-appearance.png create mode 100644 docbook/wsug_src/images/ws-pref-capture.png create mode 100644 docbook/wsug_src/images/ws-pref-expert.png create mode 100644 docbook/wsug_src/images/ws-pref-filter-buttons.png create mode 100644 docbook/wsug_src/images/ws-pref-name-resolution.png create mode 100644 docbook/wsug_src/images/ws-pref-protocols.png create mode 100644 docbook/wsug_src/images/ws-pref-rsa-keys.png create mode 100644 docbook/wsug_src/images/ws-pref-statistics.png create mode 100644 docbook/wsug_src/images/ws-print.png create mode 100644 docbook/wsug_src/images/ws-resolved-addr.png create mode 100644 docbook/wsug_src/images/ws-rlc-graph.png create mode 100644 docbook/wsug_src/images/ws-save-as-qt5.png create mode 100644 docbook/wsug_src/images/ws-save-as-win32.png create mode 100644 docbook/wsug_src/images/ws-sctp-1-association.png create mode 100644 docbook/wsug_src/images/ws-sctp.png create mode 100644 docbook/wsug_src/images/ws-ssp-statistics.png create mode 100644 docbook/wsug_src/images/ws-statistics-menu.png create mode 100644 docbook/wsug_src/images/ws-stats-conversations.png create mode 100644 docbook/wsug_src/images/ws-stats-endpoints.png create mode 100644 docbook/wsug_src/images/ws-stats-hierarchy.png create mode 100644 docbook/wsug_src/images/ws-stats-http-requestsequences.png create mode 100644 docbook/wsug_src/images/ws-stats-iographs.png create mode 100644 docbook/wsug_src/images/ws-stats-lte-mac-traffic.png create mode 100644 docbook/wsug_src/images/ws-stats-lte-rlc-traffic.png create mode 100644 docbook/wsug_src/images/ws-stats-packet-lengths.png create mode 100644 docbook/wsug_src/images/ws-stats-srt-smb2.png create mode 100644 docbook/wsug_src/images/ws-stats-wlan-traffic.png create mode 100644 docbook/wsug_src/images/ws-statusbar-empty.png create mode 100644 docbook/wsug_src/images/ws-statusbar-filter.png create mode 100644 docbook/wsug_src/images/ws-statusbar-loaded.png create mode 100644 docbook/wsug_src/images/ws-statusbar-profile.png create mode 100644 docbook/wsug_src/images/ws-statusbar-selected.png create mode 100644 docbook/wsug_src/images/ws-tcp-analysis.png create mode 100644 docbook/wsug_src/images/ws-tel-playlist.dia create mode 100644 docbook/wsug_src/images/ws-tel-playlist.png create mode 100644 docbook/wsug_src/images/ws-tel-rtp-player_1.png create mode 100644 docbook/wsug_src/images/ws-tel-rtp-player_1.xcf create mode 100644 docbook/wsug_src/images/ws-tel-rtp-player_2.png create mode 100644 docbook/wsug_src/images/ws-tel-rtp-player_2.xcf create mode 100644 docbook/wsug_src/images/ws-tel-rtp-player_3.png create mode 100644 docbook/wsug_src/images/ws-tel-rtp-player_button.png create mode 100644 docbook/wsug_src/images/ws-tel-rtp-streams.png create mode 100644 docbook/wsug_src/images/ws-tel-rtpstream-analysis_1.png create mode 100644 docbook/wsug_src/images/ws-tel-rtpstream-analysis_2.png create mode 100644 docbook/wsug_src/images/ws-tel-rtpstream-analysis_3.png create mode 100644 docbook/wsug_src/images/ws-tel-seq-dialog.png create mode 100644 docbook/wsug_src/images/ws-tel-voip-calls.png create mode 100644 docbook/wsug_src/images/ws-telephony-menu.png create mode 100644 docbook/wsug_src/images/ws-time-reference.png create mode 100644 docbook/wsug_src/images/ws-time-shift-details.png create mode 100644 docbook/wsug_src/images/ws-time-shift.png create mode 100644 docbook/wsug_src/images/ws-tls-session-keys.png create mode 100644 docbook/wsug_src/images/ws-tools-menu.png create mode 100644 docbook/wsug_src/images/ws-udp-multicast-stream.png create mode 100644 docbook/wsug_src/images/ws-user-guide-cover.png create mode 100644 docbook/wsug_src/images/ws-view-menu.png create mode 100644 docbook/wsug_src/images/ws-wireless-menu.png create mode 100644 docbook/wsug_src/mergecap-h.txt create mode 100644 docbook/wsug_src/rawshark-h.txt create mode 100644 docbook/wsug_src/reordercap-h.txt create mode 100644 docbook/wsug_src/text2pcap-h.txt create mode 100644 docbook/wsug_src/tshark-h.txt create mode 100644 docbook/wsug_src/user-guide-docinfo.xml create mode 100644 docbook/wsug_src/user-guide.adoc create mode 100644 docbook/wsug_src/wireshark-h.txt create mode 100644 docbook/wsug_src/wsug_advanced.adoc create mode 100644 docbook/wsug_src/wsug_build_install.adoc create mode 100644 docbook/wsug_src/wsug_capture.adoc create mode 100644 docbook/wsug_src/wsug_customize.adoc create mode 100644 docbook/wsug_src/wsug_files.adoc create mode 100644 docbook/wsug_src/wsug_howitworks.adoc create mode 100644 docbook/wsug_src/wsug_introduction.adoc create mode 100644 docbook/wsug_src/wsug_io.adoc create mode 100644 docbook/wsug_src/wsug_mate.adoc create mode 100644 docbook/wsug_src/wsug_messages.adoc create mode 100644 docbook/wsug_src/wsug_preface.adoc create mode 100644 docbook/wsug_src/wsug_protocols.adoc create mode 100644 docbook/wsug_src/wsug_statistics.adoc create mode 100644 docbook/wsug_src/wsug_telephony.adoc create mode 100644 docbook/wsug_src/wsug_tools.adoc create mode 100644 docbook/wsug_src/wsug_troubleshoot.adoc create mode 100644 docbook/wsug_src/wsug_use.adoc create mode 100644 docbook/wsug_src/wsug_wireless.adoc create mode 100644 docbook/wsug_src/wsug_work.adoc (limited to 'docbook') diff --git a/docbook/CMakeLists.txt b/docbook/CMakeLists.txt new file mode 100644 index 00000000..29cc73f7 --- /dev/null +++ b/docbook/CMakeLists.txt @@ -0,0 +1,490 @@ +# CMakeLists.txt +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# Copyright 1998 Gerald Combs +# +# SPDX-License-Identifier: GPL-2.0-or-later +# + +# To do: +# - Make the build targets top-level on Windows, similar to the NSIS, +# WiX, and PortableApps targets? + +function(set_docbook_target_properties _target) + set_target_properties(${_target} PROPERTIES + FOLDER "Documentation" + EXCLUDE_FROM_DEFAULT_BUILD True + ) +endfunction(set_docbook_target_properties) + +set(COMMON_FILES + common_src/gpl_appendix.adoc + common_src/typographic_conventions.adoc +) + +set(WSUG_TITLE "Wireshark User's Guide") + +set(WSUG_FILES + wsug_src/wsug_advanced.adoc + wsug_src/wsug_build_install.adoc + wsug_src/wsug_capture.adoc + wsug_src/wsug_customize.adoc + wsug_src/wsug_files.adoc + wsug_src/wsug_howitworks.adoc + wsug_src/wsug_introduction.adoc + wsug_src/wsug_io.adoc + wsug_src/wsug_mate.adoc + wsug_src/wsug_messages.adoc + wsug_src/wsug_preface.adoc + wsug_src/wsug_protocols.adoc + wsug_src/wsug_statistics.adoc + wsug_src/wsug_telephony.adoc + wsug_src/wsug_tools.adoc + wsug_src/wsug_troubleshoot.adoc + wsug_src/wsug_use.adoc + wsug_src/wsug_work.adoc + wsug_src/capinfos-h.txt + wsug_src/dumpcap-h.txt + wsug_src/editcap-F.txt + wsug_src/editcap-T.txt + wsug_src/editcap-h.txt + wsug_src/mergecap-h.txt + wsug_src/rawshark-h.txt + wsug_src/reordercap-h.txt + wsug_src/text2pcap-h.txt + wsug_src/tshark-h.txt + wsug_src/wireshark-h.txt + ${COMMON_FILES} +) + +# Note: Images should be minimized using tools/compress-pngs.py. +set(WSUG_GRAPHICS + wsug_src/images/caution.svg + wsug_src/images/important.svg + wsug_src/images/note.svg + wsug_src/images/related-ack.png + wsug_src/images/related-current.png + wsug_src/images/related-dup-ack.png + wsug_src/images/related-first.png + wsug_src/images/related-last.png + wsug_src/images/related-other.png + wsug_src/images/related-request.png + wsug_src/images/related-response.png + wsug_src/images/related-segment.png + wsug_src/images/tip.svg + wsug_src/images/toolbar/document-open.png + wsug_src/images/toolbar/edit-find.png + wsug_src/images/toolbar/filter-toolbar-add.png + wsug_src/images/toolbar/filter-toolbar-apply.png + wsug_src/images/toolbar/filter-toolbar-bookmark.png + wsug_src/images/toolbar/filter-toolbar-clear.png + wsug_src/images/toolbar/filter-toolbar-input.png + wsug_src/images/toolbar/filter-toolbar-recent.png + wsug_src/images/toolbar/go-first.png + wsug_src/images/toolbar/go-jump.png + wsug_src/images/toolbar/go-last.png + wsug_src/images/toolbar/go-next.png + wsug_src/images/toolbar/go-previous.png + wsug_src/images/toolbar/x-capture-file-close.png + wsug_src/images/toolbar/x-capture-file-reload.png + wsug_src/images/toolbar/x-capture-file-save.png + wsug_src/images/toolbar/x-capture-options.png + wsug_src/images/toolbar/x-capture-restart.png + wsug_src/images/toolbar/x-capture-start.png + wsug_src/images/toolbar/x-capture-stop.png + wsug_src/images/toolbar/x-colorize-packets.png + wsug_src/images/toolbar/x-resize-columns.png + wsug_src/images/toolbar/x-stay-last.png + wsug_src/images/toolbar/zoom-in.png + wsug_src/images/toolbar/zoom-original.png + wsug_src/images/toolbar/zoom-out.png + wsug_src/images/warning.svg + wsug_src/images/ws-about-codecs.png + wsug_src/images/ws-analyze-menu.png + wsug_src/images/ws-bytes-pane-popup-menu.png + wsug_src/images/ws-bytes-pane-tabs.png + wsug_src/images/ws-bytes-pane.png + wsug_src/images/ws-capture-file-properties.png + wsug_src/images/ws-capture-info.png + wsug_src/images/ws-capture-interfaces-main-macos.png + wsug_src/images/ws-capture-interfaces-main-win32.png + wsug_src/images/ws-capture-menu.png + wsug_src/images/ws-capture-options-compile-selected-bpfs.png + wsug_src/images/ws-capture-options-options.png + wsug_src/images/ws-capture-options-output.png + wsug_src/images/ws-capture-options-output.png + wsug_src/images/ws-capture-options.png + wsug_src/images/ws-choose-color-rule.png + wsug_src/images/ws-coloring-fields.png + wsug_src/images/ws-coloring-rules-dialog.png + wsug_src/images/ws-column-header-popup-menu.png + wsug_src/images/ws-decode-as.png + wsug_src/images/ws-details-pane-popup-menu.png + wsug_src/images/ws-details-pane.png + wsug_src/images/ws-diagram-pane-popup-menu.png + wsug_src/images/ws-diagram-pane.png + wsug_src/images/ws-display-filter-tcp.png # GTK+ + wsug_src/images/ws-edit-menu.png + wsug_src/images/ws-enabled-protocols.png + wsug_src/images/ws-expert-colored-tree.png + wsug_src/images/ws-expert-column.png + wsug_src/images/ws-expert-information.png + wsug_src/images/ws-export-objects.png + wsug_src/images/ws-export-packet-dissections.png + wsug_src/images/ws-export-selected.png + wsug_src/images/ws-export-specified-packets.png + wsug_src/images/ws-file-import.png + wsug_src/images/ws-file-menu.png + wsug_src/images/ws-file-set-dialog.png # GTK+ + wsug_src/images/ws-filter-add-expression.png # GTK+ + wsug_src/images/ws-filter-toolbar.png + wsug_src/images/ws-filters.png # GTK+ + wsug_src/images/ws-find-packet.png + wsug_src/images/ws-follow-http2-stream.png + wsug_src/images/ws-follow-sip-stream.png + wsug_src/images/ws-follow-stream.png + wsug_src/images/ws-go-menu.png + wsug_src/images/ws-goto-packet.png + wsug_src/images/ws-help-menu.png + wsug_src/images/ws-list-pane.png # Outdated + wsug_src/images/ws-main-toolbar.png + wsug_src/images/ws-main.png + wsug_src/images/ws-manage-interfaces.png + wsug_src/images/ws-mate-analysis.png + wsug_src/images/ws-mate-dns_pane.png + wsug_src/images/ws-mate-dns_pdu.png + wsug_src/images/ws-mate-ftp_over_gre.png + wsug_src/images/ws-mate-gop_analysis.png + wsug_src/images/ws-mate-isup_over_mtp3_over_ip.png + wsug_src/images/ws-mate-mmse_over_http.png + wsug_src/images/ws-mate-pdu_analysis.png + wsug_src/images/ws-mate-tcp-output.png + wsug_src/images/ws-mate-transform.png + wsug_src/images/ws-menu.png + wsug_src/images/ws-merge-qt5.png + wsug_src/images/ws-merge-win32.png + wsug_src/images/ws-open-qt5.png + wsug_src/images/ws-open-win32.png + wsug_src/images/ws-packet-format.png + wsug_src/images/ws-packet-pane-popup-menu.png + wsug_src/images/ws-packet-range.png + wsug_src/images/ws-packet-selected.png + wsug_src/images/ws-packet-sep-win.png + wsug_src/images/ws-pref-advanced.png + wsug_src/images/ws-pref-appearance-columns.png + wsug_src/images/ws-pref-appearance-fonts-and-colors.png + wsug_src/images/ws-pref-appearance-layout.png + wsug_src/images/ws-pref-appearance.png + wsug_src/images/ws-pref-capture.png + wsug_src/images/ws-pref-expert.png + wsug_src/images/ws-pref-filter-buttons.png + wsug_src/images/ws-pref-name-resolution.png + wsug_src/images/ws-pref-protocols.png + wsug_src/images/ws-pref-rsa-keys.png + wsug_src/images/ws-pref-statistics.png + wsug_src/images/ws-print.png + wsug_src/images/ws-save-as-qt5.png + wsug_src/images/ws-save-as-win32.png + wsug_src/images/ws-statistics-menu.png + wsug_src/images/ws-stats-conversations.png + wsug_src/images/ws-stats-endpoints.png + wsug_src/images/ws-stats-hierarchy.png + wsug_src/images/ws-stats-iographs.png + wsug_src/images/ws-stats-lte-mac-traffic.png + wsug_src/images/ws-stats-lte-rlc-traffic.png + wsug_src/images/ws-stats-packet-lengths.png + wsug_src/images/ws-stats-srt-smb2.png + wsug_src/images/ws-stats-wlan-traffic.png # GTK+ + wsug_src/images/ws-statusbar-empty.png + wsug_src/images/ws-statusbar-filter.png + wsug_src/images/ws-statusbar-loaded.png + wsug_src/images/ws-statusbar-profile.png + wsug_src/images/ws-statusbar-selected.png + wsug_src/images/ws-tcp-analysis.png + wsug_src/images/ws-tel-playlist.png + wsug_src/images/ws-tel-rtp-player_1.png + wsug_src/images/ws-tel-rtp-player_2.png + wsug_src/images/ws-tel-rtp-player_3.png + wsug_src/images/ws-tel-rtp-player_button.png + wsug_src/images/ws-tel-rtp-streams.png + wsug_src/images/ws-tel-rtpstream-analysis_1.png + wsug_src/images/ws-tel-rtpstream-analysis_2.png + wsug_src/images/ws-tel-rtpstream-analysis_3.png + wsug_src/images/ws-tel-seq-dialog.png + wsug_src/images/ws-tel-voip-calls.png + wsug_src/images/ws-telephony-menu.png + wsug_src/images/ws-time-reference.png # GTK+ + wsug_src/images/ws-tools-menu.png + wsug_src/images/ws-view-menu.png +) + +set(WSDG_TITLE "Wireshark Developer's Guide") + +set(WSDG_FILES + wsdg_src/wsdg_asn2wrs.adoc + wsdg_src/wsdg_build_intro.adoc + wsdg_src/wsdg_capture.adoc + wsdg_src/wsdg_dissection.adoc + wsdg_src/wsdg_env_intro.adoc + wsdg_src/wsdg_libraries.adoc + wsdg_src/wsdg_lua_support.adoc + wsdg_src/wsdg_preface.adoc + wsdg_src/wsdg_quick_setup.adoc + wsdg_src/wsdg_sources.adoc + wsdg_src/wsdg_tests.adoc + wsdg_src/wsdg_tools.adoc + wsdg_src/wsdg_userinterface.adoc + wsdg_src/wsdg_works.adoc + ${COMMON_FILES} +) + +set(WSDG_GRAPHICS + wsdg_src/images/caution.svg + wsdg_src/images/git-triangular-workflow.gv + wsdg_src/images/git-triangular-workflow.svg + wsdg_src/images/important.svg + wsdg_src/images/note.svg + wsdg_src/images/tip.svg + wsdg_src/images/warning.svg + wsdg_src/images/ws-capture_internals.dia + wsdg_src/images/ws-capture_internals.png + wsdg_src/images/ws-capture-sync.dia + wsdg_src/images/ws-capture-sync.png + wsdg_src/images/ws-capture-sync.png + wsdg_src/images/ws-function-blocks.dia + wsdg_src/images/ws-function-blocks.png + wsdg_src/images/ws-logo.png +) + +set(WSUG_SOURCE + ${WSUG_FILES} + ${WSUG_GRAPHICS} +) + +# Ensure ws.css is available when the user tries to open generated .html files. +if(NOT CMAKE_SOURCE_DIR STREQUAL CMAKE_BINARY_DIR) + add_custom_command( + OUTPUT ws.css + COMMAND ${CMAKE_COMMAND} -E copy_if_different + ${CMAKE_CURRENT_SOURCE_DIR}/ws.css + ${CMAKE_CURRENT_BINARY_DIR}/ws.css + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/ws.css + ) + add_custom_target(copy_ws.css DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/ws.css) +else() + add_custom_target(copy_ws.css) +endif() + +set( WSUG_BUILT_DEPS copy_ws.css) + +set(WSDG_SOURCE + ${WSDG_FILES} + ${WSDG_GRAPHICS} +) + +# Note: file order here MATTERS! +# new WSLUA_MODULE files must come right before any WSLUA_CONTINUE_MODULE +# files for the same module +set(WSLUA_MODULES + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dumper.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_field.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_gui.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_int64.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_listener.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_pinfo.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_address.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_column.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_nstime.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dissector.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_pref.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto_expert.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_proto_field.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_tree.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_tvb.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_byte_array.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_file.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_file_handler.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_frame_info.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_capture_info.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_dir.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_wtap.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_utility.c + ${CMAKE_SOURCE_DIR}/epan/wslua/wslua_struct.c +) + +# Empty file to trigger wsluarm generation. +ADD_CUSTOM_COMMAND( + OUTPUT + wsluarm + COMMAND ${CMAKE_COMMAND} -E make_directory wsluarm_src + COMMAND ${Python3_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/make-wsluarm.py + --output-directory wsluarm_src + ${WSLUA_MODULES} + COMMAND ${CMAKE_COMMAND} -E touch + wsluarm + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/make-wsluarm.py + ${WSLUA_MODULES} +) + +set( WSDG_BUILT_DEPS copy_ws.css wsluarm ) + +set( ASCIIDOC_CONF_FILES + attributes.adoc + # XXX Add macros +) + +if(ASCIIDOCTOR_FOUND) + # Generate the DocBook sources of user and developer guides + + ASCIIDOCTOR2DOCBOOK(wsug_src/user-guide.adoc ${ASCIIDOC_CONF_FILES} ${WSUG_SOURCE} ${WSUG_BUILT_DEPS}) + add_custom_target(user_guide_docbook DEPENDS generate_user-guide.xml) + set_docbook_target_properties(user_guide_docbook) + + ASCIIDOCTOR2DOCBOOK(wsdg_src/developer-guide.adoc ${ASCIIDOC_CONF_FILES} ${WSDG_SOURCE} ${WSDG_BUILT_DEPS}) + add_custom_target(developer_guide_docbook DEPENDS generate_developer-guide.xml) + set_docbook_target_properties(developer_guide_docbook) + + # Top-level guide targets. + + add_custom_target(user_guides DEPENDS user_guide_docbook) + set_docbook_target_properties(user_guides) + + add_custom_target(developer_guides DEPENDS developer_guide_docbook) + set_docbook_target_properties(developer_guides) + + add_custom_target(all_guides DEPENDS user_guides developer_guides ) + set_docbook_target_properties(all_guides) +endif() + +# User's Guide chain. +if(ASCIIDOCTOR_FOUND AND XSLTPROC_EXECUTABLE) + XML2HTML( + user_guide + wsug + single-page + user-guide.xml + WSUG_GRAPHICS + ) + + XML2HTML( + user_guide + wsug + chunked + user-guide.xml + WSUG_GRAPHICS + ) + add_custom_target( + user_guide_html + DEPENDS + wsug_html/index.html + wsug_html_chunked/index.html + ) + set_docbook_target_properties(user_guide_html) + add_dependencies(user_guides user_guide_html) +endif() + +if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_PDF_EXECUTABLE) + ASCIIDOCTOR2PDF(${WSUG_TITLE} wsug_src/user-guide.adoc ${WSUG_SOURCE} ${WSUG_BUILT_DEPS}) + + add_custom_target( + user_guide_pdf + DEPENDS + "${WSUG_TITLE}.pdf" + ) + set_docbook_target_properties(user_guide_pdf) + add_dependencies(user_guides user_guide_pdf) +endif() + +if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_EPUB_EXECUTABLE) + ASCIIDOCTOR2EPUB(${WSUG_TITLE} wsug_src/user-guide.adoc ${WSUG_SOURCE} ${WSUG_BUILT_DEPS}) + + add_custom_target( + user_guide_epub + DEPENDS + "${WSUG_TITLE}.epub" + ) + set_docbook_target_properties(user_guide_epub) + add_dependencies(user_guides user_guide_epub) +endif() + +# Developer's Guide chain. +if(ASCIIDOCTOR_FOUND AND XSLTPROC_EXECUTABLE) + XML2HTML( + developer_guide + wsdg + single-page + developer-guide.xml + WSDG_GRAPHICS + ) + + XML2HTML( + developer_guide + wsdg + chunked + developer-guide.xml + WSDG_GRAPHICS + ) + add_custom_target( + developer_guide_html + DEPENDS + wsdg_html/index.html + wsdg_html_chunked/index.html + ) + set_docbook_target_properties(developer_guide_html) + add_dependencies(developer_guides developer_guide_html) +endif() + +if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_PDF_EXECUTABLE) + ASCIIDOCTOR2PDF(${WSDG_TITLE} wsdg_src/developer-guide.adoc ${WSDG_SOURCE} ${WSDG_BUILT_DEPS}) + + add_custom_target( + developer_guide_pdf + DEPENDS + "${WSDG_TITLE}.pdf" + ) + set_docbook_target_properties(developer_guide_pdf) + add_dependencies(developer_guides developer_guide_pdf) +endif() + +if(ASCIIDOCTOR_FOUND AND ASCIIDOCTOR_EPUB_EXECUTABLE) + ASCIIDOCTOR2EPUB(${WSDG_TITLE} wsdg_src/developer-guide.adoc ${WSDG_SOURCE} ${WSDG_BUILT_DEPS}) + + add_custom_target( + developer_guide_epub + DEPENDS + "${WSDG_TITLE}.epub" + ) + set_docbook_target_properties(developer_guide_epub) + add_dependencies(developer_guides developer_guide_epub) +endif() + +# FAQ + +add_custom_target( faq_html DEPENDS faq.html ) +set_docbook_target_properties(faq_html) + +add_custom_target( faq ) +set_docbook_target_properties(faq) +add_dependencies ( faq faq_html ) + +if( ASCIIDOCTOR_FOUND ) + ASCIIDOCTOR2HTML( faq.adoc ) +endif() + +# +# Editor modelines - https://www.wireshark.org/tools/modelines.html +# +# Local variables: +# c-basic-offset: 8 +# tab-width: 8 +# indent-tabs-mode: t +# End: +# +# vi: set shiftwidth=8 tabstop=8 noexpandtab: +# :indentSize=8:tabSize=8:noTabs=false: +# diff --git a/docbook/README.adoc b/docbook/README.adoc new file mode 100644 index 00000000..58d08edf --- /dev/null +++ b/docbook/README.adoc @@ -0,0 +1,136 @@ + +:experimental: += Introduction + +This directory contains the source files needed to build the: + +- Wireshark User’s Guide +- Wireshark Developer’s Guide +- Release notes (NEWS) +- Lua Reference + +To build everything, build the `all_guides` target, e.g. `ninja +all_guides` or `msbuild all_guides.vcxproj`. Requirements are listed +below. + +The guides and release notes are written in +https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/[Asciidoctor syntax]. +For more information see https://asciidoctor.org. + +== Requirements + +Ultimately we'd like to reduce the toolchain requirements to AsciidoctorJ alone, but that's not yet possible. +Additional tooling is required for the HTML and HTMLHelp targets. +See the https://www.wireshark.org/docs/wsdg_html_chunked/ChToolsDocumentationToolchain.html[Developer's Guide] for instructions on installing required packages for your platform. + +== Asciidoctor Markup + +The User’s and Developer’s Guides were originally written in DocBook and +were later converted to https://asciidoc.org/[AsciiDoc]. We subsequently +switched from AsciiDoc to Asciidoctor. As a result we currently use +https://asciidoctor.org/docs/migration/[compat mode], but may switch +to Asciidoctor’s modern markup at a later date. + +Please use the following conventions when writing documentation: + +- Window and dialog box names should be in “curly quotes”. + +- Use Asciidoctor macros for buttons, keys, and menus. Note that these + are currently experimental: + +** The btn:[Start] button +** Press kbd:[Shift+Ctrl+P] to open the preferences dialog. +** Select menu:File[Open] from the main menu. + +This ensures that UI elements are shown consistently and lets us apply styles +to each type of element. + +- Command line examples should reflect the OS: ++ +---- +$ echo Linux and UNIX +---- ++ +---- +C:\> echo Windows +---- + +Admonitions ([NOTE], [TIP], [IMPORTANT], [CAUTION] and [WARNING]) can be used to highlight important +information. Keep in mind that they interrupt the flow of text by design. Too +many (especially in a row) are distracting and annoying. + +== Custom Asciidoctor Macros + +The following custom macros are available in `docbook/asciidoctor-macros`: + +commaize-block:: +Sorts a list of items and separates them with commas with an "and" preceding the last item. + +cveidlink-inline-macro:: +Links a CVE ID to cve.mitre.org. + +manarg-block:: +Ensures that individual arguments don't wrap in order to improve readability. + +wsbuglink-inline-macro:: +Links an issue number to gitlab.org/wireshark/wireshark/-/issues. + +wssalink-inline-macro:: +Links a security advisory to www.wireshark.org. + +== Asciidoctor Live Preview + +The Asciidoctor project provides a JavaScript version of Asciidoctor +(asciidoctor.js), which enables live previews in many web browsers and +text editors. See the +https://asciidoctor.org/docs/editing-asciidoc-with-live-preview/[Live +Preview] documentation for more information. + +Note that our documentation depends on attributes defined in +_attributes.adoc_. The User’s Guide and Developer’s Guide are split +across several files, and only the top-level _user-guide.adoc_ and +_developer-guide.adoc_ include _attributes.adoc_. As a result, +some markup will be incomplete. You can work around this somewhat by +adding some attributes such as `compat-mode experimental` to your Live +Preview settings. + += HTML Help Alternatives + +Ideally we would ship documentation with Wireshark that is pleasant to +read, browsable, and searchable. Unfortunately we don't have an easy way +to do this. The closest we've been able to come is by shipping an HTML +Help (.chm) file on Windows. However, HTML Help a) is limited to Windows, +b) crusty on normal displays, and c) really crusty on HiDPI displays. + +The following alternative formats are available, each with advantages +and disadvantages: + +== WebHelp + +https://en.wikipedia.org/wiki/Web_help[WebHelp] has three main +dependencies: + +- DocBook XSL, including... +- webhelpindexer.jar +- The user's local web browser + +This format generates both HTML pages and JavaScript, which might not run +reliably on end user machines. + +== PDF + +PDF output is page oriented, with static page sizes. This _usually_ isn't +a problem with modern reader software. However it doesn't look like we +can reliably load a PDF file and jump to specific section on some +platforms. For example, loading +++file:///path/to/user_guide.pdf#location+++ +works in Firefox & Chrome, but not in Safari, Preview, or Internet Explorer. + +== Qt Help + +Qt provides an extensive https://doc.qt.io/qt-5/qthelp-framework.html[help system]. +However, to use it we need to generate a Qt Help Project (.qhp) file, +which isn't currently supported by Asciidoctor or via DocBook XSL. + +The default help application (Qt Assistant) is ugly. We'd probably want +to write our own help viewer app or integrate help directly via +QHelpEngine. diff --git a/docbook/asciidoctor-macros/README.adoc b/docbook/asciidoctor-macros/README.adoc new file mode 100644 index 00000000..cc5d64e5 --- /dev/null +++ b/docbook/asciidoctor-macros/README.adoc @@ -0,0 +1,5 @@ +Asciidoctor macros. + +These files are available under the MIT license to match the +https://github.com/asciidoctor/asciidoctor-extensions-lab[Asciidoctor Extensions Lab] +and Asciidoctor itself. diff --git a/docbook/asciidoctor-macros/commaize-block.rb b/docbook/asciidoctor-macros/commaize-block.rb new file mode 100644 index 00000000..aff6a3c1 --- /dev/null +++ b/docbook/asciidoctor-macros/commaize-block.rb @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: MIT +RUBY_ENGINE == 'opal' ? (require 'commaize-block/extension') : (require_relative 'commaize-block/extension') + +Extensions.register do + block CommaizeBlock +end diff --git a/docbook/asciidoctor-macros/commaize-block/extension.rb b/docbook/asciidoctor-macros/commaize-block/extension.rb new file mode 100644 index 00000000..710f1a7e --- /dev/null +++ b/docbook/asciidoctor-macros/commaize-block/extension.rb @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: MIT +require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal' + +include Asciidoctor + +# An extension that converts a list of lines to an inline Oxford comma-separated list. +# +# Usage +# +# [commaize] +# -- +# item1 +# item2 +# item3 +# -- +# +class CommaizeBlock < Extensions::BlockProcessor + include WsUtils + use_dsl + + named :commaize + on_contexts :paragraph, :open + # XXX What's the difference between text, raw, simple, verbatim, etc? + parse_content_as :simple + + def process(parent, reader, attrs) + lines = reader.lines + sort = attrs.fetch('sort', 'true') == 'true' + + lines = lines.reject(&:empty?) + lines = lines.map(&:strip) + lines = lines.sort_by(&:downcase) if sort + + if lines.length < 2 + create_paragraph parent, lines, attrs + elsif lines.length == 2 + create_paragraph parent, lines.join(" and "), attrs + else + commaized = lines[0..-2].join(", ") + commaized << ", and " + lines[-1] + create_paragraph parent, commaized, attrs + end + end +end diff --git a/docbook/asciidoctor-macros/commaize-block/sample.adoc b/docbook/asciidoctor-macros/commaize-block/sample.adoc new file mode 100644 index 00000000..9cb2e1ec --- /dev/null +++ b/docbook/asciidoctor-macros/commaize-block/sample.adoc @@ -0,0 +1,31 @@ += Sorted, delimited, empty lines + +[commaize] +-- +One +two + +red + +blue +Fish +-- + += Unsorted + +[commaize, sort=false] +One +two +red +blue +Fish + += Two elements + +[commaize] +One +Two + += One element +[commaize] +Just the one diff --git a/docbook/asciidoctor-macros/cveidlink-inline-macro.rb b/docbook/asciidoctor-macros/cveidlink-inline-macro.rb new file mode 100644 index 00000000..beb19a3b --- /dev/null +++ b/docbook/asciidoctor-macros/cveidlink-inline-macro.rb @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: MIT +# Copied from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb + +RUBY_ENGINE == 'opal' ? (require 'cveidlink-inline-macro/extension') : (require_relative 'cveidlink-inline-macro/extension') + +Extensions.register do + inline_macro CVEIdLinkInlineMacro +end diff --git a/docbook/asciidoctor-macros/cveidlink-inline-macro/extension.rb b/docbook/asciidoctor-macros/cveidlink-inline-macro/extension.rb new file mode 100644 index 00000000..2dec88da --- /dev/null +++ b/docbook/asciidoctor-macros/cveidlink-inline-macro/extension.rb @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: MIT +require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal' + +include ::Asciidoctor + +# An inline macro that generates a link to a CVE Record identified by its CVE +# Number. +# +# Usage +# +# cveidlink:[] +# +class CVEIdLinkInlineMacro < Extensions::InlineMacroProcessor + include WsUtils + use_dsl + + named :cveidlink + + def process(parent, cvenum, _attrs) + cvename = "CVE-#{cvenum}" + target = %(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cvenum}) + create_doc_links(parent, target, cvename) + end +end diff --git a/docbook/asciidoctor-macros/manarg-block.rb b/docbook/asciidoctor-macros/manarg-block.rb new file mode 100644 index 00000000..07a9bf26 --- /dev/null +++ b/docbook/asciidoctor-macros/manarg-block.rb @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: MIT +# Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb + +RUBY_ENGINE == 'opal' ? (require 'manarg-block/extension') : (require_relative 'manarg-block/extension') + +Extensions.register do + block ManArgBlock +end diff --git a/docbook/asciidoctor-macros/manarg-block/extension.rb b/docbook/asciidoctor-macros/manarg-block/extension.rb new file mode 100644 index 00000000..2461e723 --- /dev/null +++ b/docbook/asciidoctor-macros/manarg-block/extension.rb @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: MIT +require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal' + +include Asciidoctor + +# An inline macro that generates markup for man page arguments. +# Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb +# +# Usage: +# +# [manarg] +# *command* +# [ *--help* ] +# [ *--flash-lights* ] +# +class ManArgBlock < Extensions::BlockProcessor + use_dsl + + named :manarg + parse_content_as :simple + + def process parent, reader, attrs + nowrap_lines = reader.readlines.map {|line| + if parent.document.basebackend? 'html' + # Apply the custom style "[.nowrap]## ... ##" to each line. + # This generates " ... ". Pass + # each '#' through for extra paranoia. + %([.nowrap]###{line.gsub('#', '+++#+++')}##) + elsif parent.document.backend == 'manpage' + # Replace spaces with non-breaking spaces (' '), then make + # bold markup unconstrained ('*' -> '**'). For now we naively + # assume that bolds are always constrained (that is, we only + # have single '*'s). We *should* be able to do this properly + # with a regex, but for some reason + # gsub(/([^*])\*([^*])/, '\1**\2') + # doesn't match the first asterisk in "*--extcap-interface*=" + %(#{line.gsub(' ', ' ').gsub('*', '**')}) + else + line + end + } + # STDERR.puts(nowrap_lines) + create_paragraph parent, nowrap_lines, attrs + end +end diff --git a/docbook/asciidoctor-macros/manarg-block/sample.adoc b/docbook/asciidoctor-macros/manarg-block/sample.adoc new file mode 100644 index 00000000..5b4a4019 --- /dev/null +++ b/docbook/asciidoctor-macros/manarg-block/sample.adoc @@ -0,0 +1,19 @@ += androiddump(1) +:doctype: manpage + +== NAME + +sample - Sample man page + +== SYNOPSIS + +[manarg] +*androiddump* +*--mandatory-argument +[ *--optional-argument* ] +*--complex-mandatory*= +[ *--complex-optional*= ] + +== DESCRIPTION + +Sample man page. diff --git a/docbook/asciidoctor-macros/ws_utils.rb b/docbook/asciidoctor-macros/ws_utils.rb new file mode 100644 index 00000000..9a4551a0 --- /dev/null +++ b/docbook/asciidoctor-macros/ws_utils.rb @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: MIT +module WsUtils + def create_doc_links(parent, target, text) + if (parent.document.basebackend? 'docbook') || (parent.document.basebackend? 'html') + parent.document.register :links, target + create_anchor(parent, text, type: :link, target: target).render.to_s + elsif parent.document.backend == 'manpage' + "\\fB#{text}" + else + text + end + end +end diff --git a/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb b/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb new file mode 100644 index 00000000..3f192aab --- /dev/null +++ b/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: MIT +# Copied from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb + +RUBY_ENGINE == 'opal' ? (require 'wsbuglink-inline-macro/extension') : (require_relative 'wsbuglink-inline-macro/extension') + +Extensions.register do + inline_macro WSBugLinkInlineMacro +end diff --git a/docbook/asciidoctor-macros/wsbuglink-inline-macro/extension.rb b/docbook/asciidoctor-macros/wsbuglink-inline-macro/extension.rb new file mode 100644 index 00000000..6cdb665b --- /dev/null +++ b/docbook/asciidoctor-macros/wsbuglink-inline-macro/extension.rb @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: MIT +require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal' + +include ::Asciidoctor + +# An inline macro that generates a link to a Wireshark bug report. +# +# Usage +# +# wsbuglink:[] +# Default bug text is "Issue ". +# +class WSBugLinkInlineMacro < Extensions::InlineMacroProcessor + include WsUtils + use_dsl + + named :wsbuglink + parse_content_as :text + name_positional_attributes 'bugtext' + + def process(parent, issueid, attrs) + bugtext = attrs['bugtext'] || %(Issue #{issueid}) + target = %(https://gitlab.com/wireshark/wireshark/-/issues/#{issueid}) + create_doc_links(parent, target, bugtext) + end +end diff --git a/docbook/asciidoctor-macros/wssalink-inline-macro.rb b/docbook/asciidoctor-macros/wssalink-inline-macro.rb new file mode 100644 index 00000000..3172ea50 --- /dev/null +++ b/docbook/asciidoctor-macros/wssalink-inline-macro.rb @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: MIT +# Copied from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb + +RUBY_ENGINE == 'opal' ? (require 'wssalink-inline-macro/extension') : (require_relative 'wssalink-inline-macro/extension') + +Extensions.register do + inline_macro WSSALinkInlineMacro +end diff --git a/docbook/asciidoctor-macros/wssalink-inline-macro/extension.rb b/docbook/asciidoctor-macros/wssalink-inline-macro/extension.rb new file mode 100644 index 00000000..3af9c8f3 --- /dev/null +++ b/docbook/asciidoctor-macros/wssalink-inline-macro/extension.rb @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: MIT +require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal' + +include ::Asciidoctor + +# An inline macro that generates a link to a Wireshark Security Advisory. +# +# Usage +# +# wssalink:[] +# +class WSSALinkInlineMacro < Extensions::InlineMacroProcessor + include WsUtils + use_dsl + + named :'wssalink' + + def process(parent, sanum, attrs) + satext = "wnpa-sec-#{sanum}" + target = %(https://www.wireshark.org/security/wnpa-sec-#{sanum}) + create_doc_links(parent, target, satext) + end +end diff --git a/docbook/attributes.adoc b/docbook/attributes.adoc new file mode 100644 index 00000000..3076ab11 --- /dev/null +++ b/docbook/attributes.adoc @@ -0,0 +1,107 @@ +// Common attributes + +:wireshark-version: 4.2.2 +:logray-version: 0.9.0 + +// Required for btn, kbd:, and menu: macros. +:experimental: + +// We want footers (which include page numbers) in our PDF output but +// not elsewhere, particularly in our man pages. +// We could use the "reproducible" attribute here, but it generates an +// empty black box. +ifndef::backend-pdf[] +:nofooter: +endif::[] + +// Create PA4 (210 × 280mm) pages: https://en.wikipedia.org/wiki/Paper_size#PA4_or_L4 +// This is the approximate intersection of A4 (210 × 297mm) and U.S. Letter +// (216 × 279mm). +:pdf-page-size: 210mm x 280mm + +// Include glyphs for up/down arrows +:pdf-theme: default-with-fallback-font + +// +// URLs +// + +// Wireshark top level URLs (sites) +:wireshark-main-url: https://www.wireshark.org/ +:wireshark-gitlab-project-url: https://gitlab.com/wireshark/wireshark +:wireshark-qa-url: https://ask.wireshark.org/ +:wireshark-foundation-url: https://wiresharkfoundation.org/ +:sharkfest-url: https://sharkfest.wireshark.org/ + +// Wireshark secondary URLs (pages) +:wireshark-bugs-url: {wireshark-gitlab-project-url}/-/issues +:wireshark-code-review-url: {wireshark-gitlab-project-url}/-/merge_requests +:wireshark-wiki-url: {wireshark-gitlab-project-url}/-/wikis/ +:wireshark-authors-url: {wireshark-main-url}about.html#authors +:wireshark-code-browse-url: {wireshark-gitlab-project-url}/-/tree/master +:wireshark-code-file-url: {wireshark-gitlab-project-url}/-/blob/master/ +:wireshark-commits-url: {wireshark-gitlab-project-url}/-/commits/master +:wireshark-merge-request-url: {wireshark-gitlab-project-url}/-/merge_requests +:wireshark-developers-guide-url: {wireshark-main-url}docs/wsdg_html_chunked/ +:wireshark-display-filter-reference-url: {wireshark-main-url}docs/dfref/ +:wireshark-download-url: {wireshark-main-url}download.html +:wireshark-faq-url: {wireshark-main-url}faq.html +:wireshark-git-anonhttp-url: https://gitlab.com/wireshark/wireshark.git +:wireshark-git-ssh-url: \git@gitlab.com:wireshark/wireshark.git +:wireshark-mailing-lists-url: {wireshark-main-url}lists/ +:wireshark-man-page-url: {wireshark-main-url}docs/man-pages/ +:wireshark-snapshots-url: {wireshark-main-url}download/automated/src/ +:wireshark-users-guide-url: {wireshark-main-url}docs/wsug_html_chunked/ +:wireshark-wiki-moin-import-url: {wireshark-wiki-url}uploads/__moin_import__/attachments/ + +// External URLs +:tcpdump-main-url: https://www.tcpdump.org/ +:pcap-filter-man-page-url: {tcpdump-main-url}manpages/pcap-filter.7.html +:tcpdump-man-page-url: {tcpdump-main-url}manpages/tcpdump.1.html + +:npcap-main-url: https://npcap.com/ +:npcap-development-url: https://github.com/nmap/npcap +:npcap-license-url: https://raw.githubusercontent.com/nmap/npcap/master/LICENSE +:vcpkg-main-url: https://github.com/Microsoft/vcpkg/ + +:sysfs-main-url: http://linux-diag.sourceforge.net/Sysfsutils.html +:wikipedia-main-url: https://en.wikipedia.org/wiki/ +:pcre2pattern-url: https://www.pcre.org/current/doc/html/pcre2pattern.html + +:greenwichmeantime-main-url: https://wwp.greenwichmeantime.com/ +:timeanddate-main-url: https://www.timeanddate.com/worldclock/ +:ntp-main-url: http://www.ntp.org/ + +:gplv2-url: https://www.gnu.org/licenses/gpl-2.0.html +:spdx-license-url: https://spdx.org/licenses/ + +// Email addresses +:at-separator: [AT] +:wireshark-dev-list-email: wireshark-dev{at-separator}wireshark.org +:wsdg-author-email: ulf.lamping{at-separator}web.de +:wsdg-author-email2: graham.bloice{at-separator}trihedral.com + +:wsug-author-email: ulf.lamping{at-separator}web.de +:wsug-author-email2: rsharpe{at-separator}ns.aus.com +:wsug-author-email3: hagbard{at-separator}physics.rutgers.edu +:wsug-author-email4: luis{at-separator}ontanon.org + +// +// Image formatting +// + +// "scaledwidth" only applies to PDF output +:pdf-scaledwidth: scaledwidth="85%" +:screenshot-attrs: scaledwidth="85%" +:medium-screenshot-attrs: scaledwidth="60%" +:small-screenshot-attrs: scaledwidth="35%" +:related-attrs: height=18 +// XXX height=22 results in content-height="22px" in the .fo file. Not sure +// how to make scaledwidth take precedence. +:statusbar-attrs: scaledwidth="85%",height=22 + +:multiplication: × +:underscore: _ +:cmd: ⌘ + +:missing: Not yet written. If you would like to fix this, see https://gitlab.com/wireshark/wireshark/-/wikis/Development/SubmittingPatches. diff --git a/docbook/common_src/gpl_appendix.adoc b/docbook/common_src/gpl_appendix.adoc new file mode 100644 index 00000000..83744d3f --- /dev/null +++ b/docbook/common_src/gpl_appendix.adoc @@ -0,0 +1,355 @@ +// Wireshark GPL Appendix + +[[AppGPL]] +== This Document’s License (GPL) + +As with the original license and documentation distributed +with Wireshark, this document is covered by the GNU General Public +License (GNU GPL). + +If you haven't read the GPL before, please do so. It +explains all the things that you are allowed to do with this +code and documentation. + +---- + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. +---- diff --git a/docbook/common_src/typographic_conventions.adoc b/docbook/common_src/typographic_conventions.adoc new file mode 100644 index 00000000..a098feef --- /dev/null +++ b/docbook/common_src/typographic_conventions.adoc @@ -0,0 +1,99 @@ +[[PrefaceTypographicConventions]] + +=== Typographic Conventions + +The following table shows the typographic conventions that are used in this guide. + +// https://github.com/oreillymedia/orm_book_samples/blob/master/asciidoc_only/preface.adoc + +// AsciiDoc allows alternative markup for some styles, specifically +// 'single quotes' and _underlines_ for italics and +plus signs+ and +// `backticks` for monospaces. +// Asciidoctor’s modern mode is more strict, and only allows _underline_ +// italics and `backtick` monospaces. +// https://asciidoctor.org/docs/migration/ + +.Typographic Conventions +[options="header",cols="1,3,3"] +|=== +|Style|Description|Example +|_Italic_ |File names, folder names, and extensions |_C:\Development\wireshark_. +|`Monospace` |Commands, flags, and environment variables|CMake’s `-G` option. +|**`Bold Monospace`** |Commands that should be run by the user|Run **`cmake -G Ninja ..`**. +|btn:[Button] |Dialog and window buttons |Press btn:[Launch] to go to the Moon. +|kbd:[Key] |Keyboard shortcut |Press kbd:[Ctrl+Down] to move to the next packet. +|menu:Menu[] |Menu item |Select menu:Go[Next Packet] to move to the next packet. +|=== + +==== Admonitions + +Important and notable items are marked as follows: + +[WARNING] +.This is a warning +==== +You should pay attention to a warning, otherwise data loss might occur. +==== + +[CAUTION] +.This is a caution +==== +Act carefully (i.e., exercise care). +==== + +[IMPORTANT] +.This is important information +==== +RTFM - Read The Fine Manual +==== + +[TIP] +.This is a tip +==== +Tips are helpful for your everyday work using Wireshark. +==== + +[NOTE] +.This is a note +==== +A note will point you to common mistakes and things that might not be obvious. +==== + +==== Shell Prompt and Source Code Examples + +.Bourne shell, normal user +---- +$ # This is a comment +$ git config --global log.abbrevcommit true +---- + +.Bourne shell, root user +---- +# # This is a comment +# ninja install +---- + +.Command Prompt (cmd.exe) +---- +>rem This is a comment +>cd C:\Development +---- + +.PowerShell +---- +PS$># This is a comment +PS$> choco list -l +---- + +.C Source Code +---- +#include "config.h" + +/* This method dissects foos */ +static int +dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) +{ + /* TODO: implement your dissecting code */ + return tvb_captured_length(tvb); +} +---- diff --git a/docbook/custom_layer_single_html.xsl b/docbook/custom_layer_single_html.xsl new file mode 100644 index 00000000..bdd136d8 --- /dev/null +++ b/docbook/custom_layer_single_html.xsl @@ -0,0 +1,16 @@ + + + + + + + + + + + diff --git a/docbook/faq.adoc b/docbook/faq.adoc new file mode 100644 index 00000000..43cfa207 --- /dev/null +++ b/docbook/faq.adoc @@ -0,0 +1,1087 @@ +include::attributes.adoc[] +:stylesheet: ws.css +:linkcss: +:copycss: {stylesheet} +:toc: + += Wireshark Frequently Asked Questions + +== General Questions + +=== What is Wireshark? + +Wireshark® is a network protocol analyzer. It lets you capture and +interactively browse the traffic running on a computer network. It has a +rich and powerful feature set and is world's most popular tool of its +kind. It runs on most computing platforms including Windows, macOS, +Linux, and UNIX. Network professionals, security experts, developers, +and educators around the world use it regularly. It is freely available +as open source, and is released under the GNU General Public License +version 2. + +It is developed and maintained by a global team of protocol experts, +and it is an example of a +https://en.wikipedia.org/wiki/Disruptive_technology[disruptive +technology]. + +Wireshark used to be known as Ethereal®. See the next question for +details about the name change. If you're still using Ethereal, it is +strongly recommended that you upgrade to Wireshark as Ethereal is +unsupported and has known security vulnerabilities. + +For more information, please see the +https://www.wireshark.org/about.html[About Wireshark] page. + +[#wheretogethelp] +=== Where can I get help? + +Community support is available on the +https://ask.wireshark.org/[Q&A site] +and on the wireshark-users mailing list. +Subscription information and archives for all of Wireshark's mailing lists can be found at +https://www.wireshark.org/mailman/listinfo[https://www.wireshark.org/mailman/listinfo]. +// An IRC channel dedicated to Wireshark can be found at +// irc://irc.freenode.net/wireshark[irc://irc.freenode.net/wireshark]. + +=== What kind of shark is Wireshark? + +_carcharodon photoshopia_. + +=== How is Wireshark pronounced, spelled and capitalized? + +Wireshark is pronounced as the word _wire_ followed immediately by +the word _shark_. Exact pronunciation and emphasis may vary depending on +your locale (e.g. Arkansas). + +It's spelled with a capital _W_, followed by a lower-case _ireshark_. +It is not a CamelCase word, i.e., _WireShark_ is incorrect. + +=== How much does Wireshark cost? + +Wireshark is "free software"; you can download it without paying any +license fee. The version of Wireshark you download isn't a "demo" +version, with limitations not present in a "full" version; it _is_ the +full version. + +The license under which Wireshark is issued is +https://www.gnu.org/licenses/gpl-2.0.html[the GNU General Public License +version 2]. See +https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html[the GNU GPL +FAQ] for some more information. + +=== But I just paid someone on eBay for a copy of Wireshark! Did I get ripped off? + +That depends. Did they provide any sort of value-added product or +service, such as installation support, installation media, training, +trace file analysis, or funky-colored shark-themed socks? Probably not. + +Wireshark is https://www.wireshark.org/download.html[available for +anyone to download, absolutely free, at any time]. Paying for a copy +implies that you should get something for your money. + +=== Can I use Wireshark commercially? + +Yes, if, for example, you mean "I work for a commercial organization; +can I use Wireshark to capture and analyze network traffic in our +company's networks or in our customer's networks?" + +If you mean "Can I use Wireshark as part of my commercial product?", +see link:#derived_work_gpl[the next entry in the FAQ]. + +=== Can I use Wireshark as part of my commercial product? + +As noted, Wireshark is licensed under +https://www.gnu.org/licenses/gpl-2.0.html[the GNU General Public +License, version 2]. The GPL imposes conditions on your use of GPL'ed +code in your own products; you cannot, for example, make a "derived +work" from Wireshark, by making modifications to it, and then sell the +resulting derived work and not allow recipients to give away the +resulting work. You must also make the changes you've made to the +Wireshark source available to all recipients of your modified version; +those changes must also be licensed under the terms of the GPL. See the +https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html[GPL FAQ] for +more details; in particular, note the answer to +https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#GPLCommercially[the +question about modifying a GPLed program and selling it commercially], +and +https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#LinkingWithGPL[the +question about linking GPLed code with other code to make a proprietary +program]. + +You can combine a GPLed program such as Wireshark and a commercial +program as long as they communicate "at arm's length", as per +https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#GPLInProprietarySystem[this +item in the GPL FAQ]. + +We recommend keeping Wireshark and your product completely separate, +communicating over sockets or pipes. If you're loading any part of +Wireshark as a DLL, you're probably doing it wrong. + +=== Can you help me fill out this compliance form so that I can use Wireshark? + +// While we try to make sure that Wireshark is as easy as possible to obtain and use, please keep in mind that it’s developed by a team of volunteers and that filling out compliance forms is pretty far beyond the scope of what those volunteers do. + +Please contact the https://sharkfestfoundation.org[Wireshark Foundation] and they will be able to help you for a nominal fee. + +=== Can you sign this legal agreement so that I can use Wireshark? + +// As with the previous question, Wireshark is developed by a team of volunteers. +// Even if they were inclined to do so, they aren’t authorized to sign agreements on behalf of the project. + +Please contact the https://sharkfestfoundation.org[Wireshark Foundation] and they will be able to help you for a somewhat less nominal fee. + +=== What protocols are currently supported? + +There are currently hundreds of supported protocols and media. +Details can be found in the +https://www.wireshark.org/docs/man-pages/wireshark.html[wireshark(1)] +man page. + +=== Are there any plans to support {your favorite protocol}? + +Support for particular protocols is added to Wireshark as a result of +people contributing that support; no formal plans for adding support for +particular protocols in particular future releases exist. + +=== Can Wireshark read capture files from {your favorite network analyzer}? + +Support for particular capture file formats is added to Wireshark as +a result of people contributing that support; no formal plans for adding +support for particular capture file formats in particular future +releases exist. + +If a network analyzer writes out files in a format already supported by +Wireshark (e.g., in libpcap format), Wireshark may already be able to +read them, unless the analyzer has added its own proprietary extensions +to that format. + +If a network analyzer writes out files in its own format, or has added +proprietary extensions to another format, in order to make Wireshark +read captures from that network analyzer, we would either have to have a +specification for the file format, or the extensions, sufficient to give +us enough information to read the parts of the file relevant to +Wireshark, or would need at least one capture file in that format *AND* +a detailed textual analysis of the packets in that capture file (showing +packet time stamps, packet lengths, and the top-level packet header) in +order to reverse-engineer the file format. + +Note that there is no guarantee that we will be able to +reverse-engineer a capture file format. + +=== What devices can Wireshark use to capture packets? + +Wireshark can read live data from Ethernet, Token-Ring, FDDI, serial +(PPP and SLIP) (if the OS on which it's running allows Wireshark to do +so), 802.11 wireless LAN (if the OS on which it's running allows +Wireshark to do so), ATM connections (if the OS on which it's running +allows Wireshark to do so), and the "any" device supported on Linux by +recent versions of libpcap. + +See https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/NetworkMedia[the list of +supported capture media on various OSes] for details (several items in +there say "Unknown", which doesn't mean "Wireshark can't capture on +them", it means "we don't know whether it can capture on them"; we +expect that it will be able to capture on many of them, but we haven't +tried it ourselves - if you try one of those types and it works, please +update the wiki page accordingly. + +It can also read a variety of capture file formats, including: + +* pcap, used by libpcap, tcpdump and various other tools +* Oracle (previously Sun) snoop and atmsnoop captures +* Finisar (previously Shomiti) Surveyor captures +* Microsoft Network Monitor captures +* Novell LANalyzer captures +* AIX's iptrace captures +* Cinco Networks NetXRay captures +* NETSCOUT (previously Network Associates/Network General) Windows-based +Sniffer captures +* Network General/Network Associates DOS-based Sniffer captures +(compressed or uncompressed) +* LiveAction (previously WildPackets/Savvius) *Peek/EtherHelp/Packet Grabber +captures +* RADCOM's WAN/LAN analyzer captures +* Viavi (previously Network Instruments) Observer captures +* Lucent/Ascend router debug output +* Toshiba's ISDN routers dump output +* captures from HP-UX nettl +* the output from i4btrace from the ISDN4BSD project +* traces from the EyeSDN USB S0 +* the IPLog format output from the Cisco Secure Intrusion Detection System +* pppd logs (pppdump format) +* the text output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities +* the text output from the DBS Etherwatch VMS utility +* Visual Networks' Visual UpTime traffic capture +* the output from CoSine L2 debug +* the output from InfoVista (formerly Accellent) 5Views LAN agents +* Endace Measurement Systems' ERF format captures +* Linux Bluez Bluetooth stack hcidump -w traces +* Catapult DCT2000 .out files +* Gammu generated text output from Nokia DCT3 phones in Netmonitor mode +* IBM Series (OS/400) Comm traces (ASCII & UNICODE) +* Juniper Netscreen snoop files +* Symbian OS btsnoop files +* TamoSoft CommView files +* Tektronix K12xx 32bit .rf5 format files +* Tektronix K12 text file format captures +* Apple PacketLogger files +* Files from Aethra Telecommunications' PC108 software for their test +instruments +* Citrix NetScaler Trace files +* Android Logcat binary and text format logs +* Colasoft Capsa and Packet Builder captures +* Micropross mplog files +* Unigraf DPA-400 DisplayPort AUX channel monitor traces +* 802.15.4 traces from Daintree's Sensor Network Analyzer +* MPEG-2 Transport Streams as defined in ISO/IEC 13818-1 +* Log files from the _candump_ utility +* Logs from the BUSMASTER tool +* Ixia IxVeriWave raw captures +* Rabbit Labs CAM Inspector files +* systemd journal files +* 3GPP TS 32.423 trace files + +so that it can read traces from various network types, as captured by +other applications or equipment, even if it cannot itself capture on +those network types. + +=== Does Wireshark work on older versions of Windows such as Windows 7? + +Each major release branch of Wireshark supports the versions of Windows that are within their product lifecycle at the time of the “.0” release for that branch. +For example, Wireshark 3.2.0 was released in December 2019, shortly before Windows 7 reached the end of its extended support in January 2020. As a result, each of the Wireshark 3.2._x_ releases supports Windows 7, even after January 2020. +See the +link:https://www.wireshark.org/docs/wsug_html_chunked/ChIntroPlatforms.html[Microsoft Windows section of the User’s Guide] +and the +link:https://gitlab.com/wireshark/wireshark/-/wikis/Development/LifeCycle[End Of Life Planning section of the Release Life Cycle wiki page] +for more details. + +Npcap might not work well on Windows 8 and earlier, so you might want to install WinPcap instead. + +== Installing Wireshark + +=== I installed the Wireshark RPM (or other package); why did it install TShark but not Wireshark? + +Many distributions have separate Wireshark packages, one for non-GUI +components such as TShark, editcap, dumpcap, etc. and one for the GUI. +If this is the case on your system, there's probably a separate package +named “wireshark-qt”. Find it and install it. + +== Building Wireshark + +=== Why does building Wireshark fail due to missing headers (.h files)? + +If this is happening on Linux, it's likely due to missing development library packages. +For example, Debian and Ubuntu ship the GLib library in the libglib2.0-0 package, but ship its header files and other development assets in the libglib2.0-dev package. + +We maintain setup scripts (_*-setup.sh_) for many major distributions in the _tools_ directory of the Wireshark sources that can install the required development packages for you. + +== Crashes and other fatal errors + +=== I have an _XXX_ network card on my machine; if I try to capture on it, why does my machine crash or reset itself? + +This is almost certainly a problem with one or more of: + +* the operating system you're using; +* the device driver for the interface you're using; +* the libpcap/Npcap library and, if this is Windows, the Npcap device +driver; + +so: + +* if you are using Windows, see {npcap-main-url}[the Npcap support page] - check the "Patches, Bug Reports, Questions, Suggestions, +etc" section; +* if you are using some Linux distribution, some version of BSD, or some +other UNIX-flavored OS, you should report the problem to the company or +organization that produces the OS (in the case of a Linux distribution, +report the problem to whoever produces the distribution). + +=== Why does my machine crash or reset itself when I select "Start" from the "Capture" menu or select "Preferences" from the "Edit" menu? + +Both of those operations cause Wireshark to try to build a list of +the interfaces that it can open; it does so by getting a list of +interfaces and trying to open them. There is probably an OS, driver, or, +for Windows, Npcap bug that causes the system to crash when this +happens; see the previous question. + +== Capturing packets + +[#promiscsniff] +=== When I use Wireshark to capture packets, why do I see only packets to and from my machine, or not see all the traffic I'm expecting to see from or to the machine I'm trying to monitor? + +This might be because the interface on which you're capturing is +plugged into an Ethernet or Token Ring switch; on a switched network, +unicast traffic between two ports will not necessarily appear on other +ports - only broadcast and multicast traffic will be sent to all ports. + +Note that even if your machine is plugged into a hub, the "hub" may be +a switched hub, in which case you're still on a switched network. + +Note also that on the Linksys Web site, they say that their +auto-sensing hubs "broadcast the 10Mb packets to the port that operate +at 10Mb only and broadcast the 100Mb packets to the ports that operate +at 100Mb only", which would indicate that if you sniff on a 10Mb port, +you will not see traffic coming sent to a 100Mb port, and _vice versa_. +This problem has also been reported for Netgear dual-speed hubs, and may +exist for other "auto-sensing" or "dual-speed" hubs. + +Some switches have the ability to replicate all traffic on all ports to +a single port so that you can plug your analyzer into that single port +to sniff all traffic. You would have to check the documentation for the +switch to see if this is possible and, if so, to see how to do this. See +https://gitlab.com/wireshark/wireshark/-/wikis/SwitchReference[the switch reference page] on +https://gitlab.com/wireshark/wireshark/-/wikis[the Wireshark Wiki] for information on some +switches. (Note that it's a Wiki, so you can update or fix that +information, or add additional information on those switches or +information on new switches, yourself.) + +Note also that many firewall/NAT boxes have a switch built into them; +this includes many of the "cable/DSL router" boxes. If you have a box of +that sort, that has a switch with some number of Ethernet ports into +which you plug machines on your network, and another Ethernet port used +to connect to a cable or DSL modem, you can, at least, sniff traffic +between the machines on your network and the Internet by plugging the +Ethernet port on the router going to the modem, the Ethernet port on the +modem, and the machine on which you're running Wireshark into a hub +(make sure it's not a switching hub, and that, if it's a dual-speed hub, +all three of those ports are running at the same speed. + +If your machine is _not_ plugged into a switched network or a +dual-speed hub, or it is plugged into a switched network but the port is +set up to have all traffic replicated to it, the problem might be that +the network interface on which you're capturing doesn't support +"promiscuous" mode, or because your OS can't put the interface into +promiscuous mode. Normally, network interfaces supply to the host only: + +* packets sent to one of that host's link-layer addresses; +* broadcast packets; +* multicast packets sent to a multicast address that the host has +configured the interface to accept. + +Most network interfaces can also be put in "promiscuous" mode, in which +they supply to the host all network packets they see. Wireshark will try +to put the interface on which it's capturing into promiscuous mode +unless the "Capture packets in promiscuous mode" option is turned off in +the "Capture Options" dialog box, and TShark will try to put the +interface on which it's capturing into promiscuous mode unless the `-p` +option was specified. However, some network interfaces don't support +promiscuous mode, and some OSes might not allow interfaces to be put +into promiscuous mode. + +If the interface is not running in promiscuous mode, it won't see any +traffic that isn't intended to be seen by your machine. It *will* see +broadcast packets, and multicast packets sent to a multicast MAC address +the interface is set up to receive. + +You should ask the vendor of your network interface whether it supports +promiscuous mode. If it does, you should ask whoever supplied the driver +for the interface (the vendor, or the supplier of the OS you're running +on your machine) whether it supports promiscuous mode with that network +interface. + +In the case of wireless LAN interfaces, it appears that, when those +interfaces are promiscuously sniffing, they're running in a +significantly different mode from the mode that they run in when they're +just acting as network interfaces (to the extent that it would be a +significant effort for those drivers to support for promiscuously +sniffing _and_ acting as regular network interfaces at the same time), +so it may be that Windows drivers for those interfaces don't support +promiscuous mode. + +=== When I capture with Wireshark, why can't I see any TCP packets other than packets to and from my machine, even though another analyzer on the network sees those packets? + +You're probably not seeing _any_ packets other than unicast packets +to or from your machine, and broadcast and multicast packets; a switch +will normally send to a port only unicast traffic sent to the MAC +address for the interface on that port, and broadcast and multicast +traffic - it won't send to that port unicast traffic sent to a MAC +address for some other interface - and a network interface not in +promiscuous mode will receive only unicast traffic sent to the MAC +address for that interface, broadcast traffic, and multicast traffic +sent to a multicast MAC address the interface is set up to receive. + +TCP doesn't use broadcast or multicast, so you will only see your own +TCP traffic, but UDP services may use broadcast or multicast so you'll +see some UDP traffic - however, this is not a problem with TCP traffic, +it's a problem with unicast traffic, as you also won't see all UDP +traffic between other machines. + +I.e., this is probably link:#promiscsniff[the same question as this +earlier one]; see the response to that question. + +=== Why am I only seeing ARP packets when I try to capture traffic? + +You're probably on a switched network, and running Wireshark on a +machine that's not sending traffic to the switch and not being sent any +traffic from other machines on the switch. ARP packets are often +broadcast packets, which are sent to all switch ports. + +I.e., this is probably link:#promiscsniff[the same question as this +earlier one]; see the response to that question. + +=== Why am I not seeing any traffic when I try to capture traffic? + +Is the machine running Wireshark sending out any traffic on the +network interface on which you're capturing, or receiving any traffic on +that network, or is there any broadcast traffic on the network or +multicast traffic to a multicast group to which the machine running +Wireshark belongs? + +If not, this may just be a problem with promiscuous sniffing, either +due to running on a switched network or a dual-speed hub, or due to +problems with the interface not supporting promiscuous mode; see the +response to link:#promiscsniff[this earlier question]. + +Otherwise, on Windows, see the response to link:#capprobwin[this +question] and, on a UNIX-flavored OS, see the response to +link:#capprobunix[this question]. + +=== How do I put an interface into promiscuous mode? + +By not disabling promiscuous mode when running Wireshark or TShark. + +Note, however, that: + +* the form of promiscuous mode that libpcap (the library that programs +such as tcpdump, Wireshark, etc. use to do packet capture) turns on will +*not* necessarily be shown if you run `ifconfig` on the interface on a +UNIX system; +* some network interfaces might not support promiscuous mode, and some +drivers might not allow promiscuous mode to be turned on - see +link:#promiscsniff[this earlier question] for more information on that; +* the fact that you're not seeing any traffic, or are only seeing +broadcast traffic, or aren't seeing any non-broadcast traffic other than +traffic to or from the machine running Wireshark, does not mean that +promiscuous mode isn't on - see link:#promiscsniff[this earlier +question] for more information on that. + +I.e., this is probably link:#promiscsniff[the same question as this +earlier one]; see the response to that question. + +=== I can set a display filter just fine; why don't capture filters work? + +Capture filters currently use a different syntax than display +filters. Here's the corresponding section from the +https://www.wireshark.org/docs/man-pages/wireshark.html[wireshark(1)] +man page: + +"Display filters in Wireshark are very powerful; more fields are +filterable in Wireshark than in other protocol analyzers, and the syntax +you can use to create your filters is richer. As Wireshark progresses, +expect more and more protocol fields to be allowed in display filters. + +Packet capturing is performed with the pcap library. The capture filter +syntax follows the rules of the pcap library. This syntax is different +from the display filter syntax." + +The capture filter syntax used by libpcap can be found in the +http://www.tcpdump.org/tcpdump_man.html[tcpdump(8)] man page. + +=== How can I capture packets with CRC errors? + +Wireshark can capture only the packets that the packet capture +library - libpcap on UNIX-flavored OSes, and the Npcap port to Windows +of libpcap on Windows - can capture, and libpcap/Npcap can capture only +the packets that the OS's raw packet capture mechanism (or the Npcap +driver, and the underlying OS networking code and network interface +drivers, on Windows) will allow it to capture. + +Unless the OS always supplies packets with errors such as invalid CRCs +to the raw packet capture mechanism, or can be configured to do so, +invalid CRCs to the raw packet capture mechanism, Wireshark - and other +programs that capture raw packets, such as tcpdump - cannot capture +those packets. You will have to determine whether your OS needs to be so +configured and, if so, can be so configured, configure it if necessary +and possible, and make whatever changes to libpcap and the packet +capture program you're using are necessary, if any, to support capturing +those packets. + +Most OSes probably do *not* support capturing packets with invalid CRCs +on Ethernet, and probably do not support it on most other link-layer +types. Some drivers on some OSes do support it, such as some Ethernet +drivers on FreeBSD; in those OSes, you might always get those packets, +or you might only get them if you capture in promiscuous mode (you'd +have to determine which is the case). + +Note that libpcap does not currently supply to programs that use it an +indication of whether the packet's CRC was invalid (because the drivers +themselves do not supply that information to the raw packet capture +mechanism); therefore, Wireshark will not indicate which packets had CRC +errors unless the FCS was captured (see the next question) and you're +using Wireshark 0.9.15 and later, in which case Wireshark will check the +CRC and indicate whether it's correct or not. + +=== How can I capture entire frames, including the FCS? + +Wireshark can only capture data that the packet capture library - +libpcap on UNIX-flavored OSes, and the Npcap port to Windows of libpcap +on Windows - can capture, and libpcap/Npcap can capture only the data +that the OS's raw packet capture mechanism (or the Npcap driver, and the +underlying OS networking code and network interface drivers, on Windows) +will allow it to capture. + +For any particular link-layer network type, unless the OS supplies the +FCS of a frame as part of the frame, or can be configured to do so, +Wireshark - and other programs that capture raw packets, such as tcpdump +- cannot capture the FCS of a frame. You will have to determine whether +your OS needs to be so configured and, if so, can be so configured, +configure it if necessary and possible, and make whatever changes to +libpcap and the packet capture program you're using are necessary, if +any, to support capturing the FCS of a frame. + +Most OSes do *not* support capturing the FCS of a frame on Ethernet, +and probably do not support it on most other link-layer types. Some +drivers on some OSes do support it, such as some (all?) Ethernet drivers +on NetBSD and possibly the driver for Apple's gigabit Ethernet interface +in macOS; in those OSes, you might always get the FCS, or you might only +get the FCS if you capture in promiscuous mode (you'd have to determine +which is the case). + +Versions of Wireshark prior to 0.9.15 will not treat an Ethernet FCS in +a captured packet as an FCS. 0.9.15 and later will attempt to determine +whether there's an FCS at the end of the frame and, if it thinks there +is, will display it as such, and will check whether it's the correct +CRC-32 value or not. + +=== I'm capturing packets on a machine on a VLAN; why don't the packets I'm capturing have VLAN tags? + +You might be capturing on what might be called a "VLAN interface" - +the way a particular OS makes VLANs plug into the networking stack +might, for example, be to have a network device object for the physical +interface, which takes VLAN packets, strips off the VLAN header and +constructs an Ethernet header, and passes that packet to an internal +network device object for the VLAN, which then passes the packets onto +various higher-level protocol implementations. + +In order to see the raw Ethernet packets, rather than "de-VLANized" +packets, you would have to capture not on the virtual interface for the +VLAN, but on the interface corresponding to the physical network device, +if possible. See https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/VLAN[the +Wireshark Wiki item on VLAN capturing] for details. + +=== Why does Wireshark hang after I stop a capture? + +The most likely reason for this is that Wireshark is trying to look +up an IP address in the capture to convert it to a name (so that, for +example, it can display the name in the source address or destination +address columns), and that lookup process is taking a very long time. + +Wireshark calls a routine in the OS of the machine on which it's +running to convert of IP addresses to the corresponding names. That +routine probably does one or more of: + +* a search of a system file listing IP addresses and names; +* a lookup using DNS; +* on UNIX systems, a lookup using NIS; +* on Windows systems, a NetBIOS-over-TCP query. + +If a DNS server that's used in an address lookup is not responding, the +lookup will fail, but will only fail after a timeout while the system +routine waits for a reply. + +In addition, on Windows systems, if the DNS lookup of the address +fails, either because the server isn't responding or because there are +no records in the DNS that could be used to map the address to a name, a +NetBIOS-over-TCP query will be made. That query involves sending a +message to the NetBIOS-over-TCP name service on that machine, asking for +the name and other information about the machine. If the machine isn't +running software that responds to those queries - for example, many +non-Windows machines wouldn't be running that software - the lookup will +only fail after a timeout. Those timeouts can cause the lookup to take a +long time. + +If you disable network address-to-name translation - for example, by +turning off the "Enable network name resolution" option in the "Capture +Options" dialog box for starting a network capture - the lookups of the +address won't be done, which may speed up the process of reading the +capture file after the capture is stopped. You can make that setting the +default by selecting "Preferences" from the "Edit" menu, turning off the +"Enable network name resolution" option in the "Name resolution" options +in the preferences dialog box, and using the "Save" button in that +dialog box; note that this will save _all_ your current preference +settings. + +If Wireshark hangs when reading a capture even with network name +resolution turned off, there might, for example, be a bug in one of +Wireshark's dissectors for a protocol causing it to loop infinitely. If +you're not running the most recent release of Wireshark, you should +first upgrade to that release, as, if there's a bug of that sort, it +might've been fixed in a release after the one you're running. If the +hang occurs in the most recent release of Wireshark, the bug should be +reported to mailto:wireshark-dev@wireshark.org[the Wireshark developers' +mailing list] at `wireshark-dev@wireshark.org`. + +On UNIX-flavored OSes, please try to force Wireshark to dump core, by +sending it a `SIGABRT` signal (usually signal 6) with the `kill` +command, and then get a stack trace if you have a debugger installed. A +stack trace can be obtained by using your debugger (`gdb` in this +example), the Wireshark binary, and the resulting core file. Here's an +example of how to use the gdb command `backtrace` to do so. + +---- +$ gdb wireshark core +(gdb) backtrace +..... prints the stack trace +(gdb) quit +$ +---- + +The core dump file may be named "wireshark.core" rather than "core" on +some platforms (e.g., BSD systems). + +Also, if at all possible, please send a copy of the capture file that +caused the problem. When capturing packets, Wireshark normally writes +captured packets to a temporary file, which will probably be in `/tmp` +or `/var/tmp` on UNIX-flavored OSes, `\TEMP` on the main system disk +(normally `\Documents and Settings\\Local Settings\Temp` on the main system disk on Windows XP and +Server 2003, and `\Users\\AppData\Local\Temp` on the main +system disk on Windows Vista and later, so the capture file will +probably be there. If you are capturing on a single interface, it will +have a name of the form, +`wireshark__YYYYmmddHHMMSS_XXXXXX.`, where is the +capture file format (pcap or pcapng), and is the actual name of +the interface you are capturing on; otherwise, if you are capturing on +multiple interfaces, it will have a name of the form, +`wireshark__interfaces_YYYYmmddHHMMSS_XXXXXX.`, where is the +number of simultaneous interfaces you are capturing on. Please don't +send a trace file greater than 1 MB when compressed; instead, make it +available via FTP or HTTP, or say it's available but leave it up to a +developer to ask for it. If the trace file contains sensitive +information (e.g., passwords), then please do not send it. + +== Capturing packets on Windows + +[#capprobwin] +=== I'm running Wireshark on Windows; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Wireshark give me an error if I try to capture on that interface? + +Wireshark relies on the Npcap library, the Npcap device driver, +and the facilities that come with the OS on which it's running in +order to do captures. + +Therefore, if the OS, the Npcap library, or the Npcap driver don't +support capturing on a particular network interface device, Wireshark +won't be able to capture on that device. + +If an interface doesn't show up in the list of interfaces in the +"Interface:" field, and you know the name of the interface, try entering +that name in the "Interface:" field and capturing on that device. + +If the attempt to capture on it succeeds, the interface is somehow not +being reported by the mechanism Wireshark uses to get a list of +interfaces. Try listing the interfaces with WinDump; see +https://www.windump.org/[the WinDump Web site] for information on using +WinDump. + +You would run WinDump with the `-D` flag; if it lists the interface, +please report this to +mailto:wireshark-dev@wireshark.org[wireshark-dev@wireshark.org] giving +full details of the problem, including + +* the operating system you're using, and the version of that operating +system; +* the type of network device you're using; +* the output of WinDump. + +If WinDump does _not_ list the interface, this is almost certainly a +problem with one or more of: + +* the operating system you're using; +* the device driver for the interface you're using; +* the Npcap library and/or the Npcap device driver; + +so first check {npcap-main-url}guide/npcap-users-guide.html[the Npcap User's Guide] to see if your problem is mentioned there. +If not, then see {npcap-main-url}[the main Npcap page] - check the "Patches, Bug Reports, Questions, Suggestions, etc" section. + +If you are having trouble capturing on a particular network interface, +first try capturing on that device with WinDump; see +https://www.windump.org/[the WinDump Web site] for information on using +WinDump. + +If you can capture on the interface with WinDump, send mail to +mailto:wireshark-users@wireshark.org[wireshark-users@wireshark.org] +giving full details of the problem, including + +* the operating system you're using, and the version of that operating +system; +* the type of network device you're using; +* the error message you get from Wireshark. + +If you _cannot_ capture on the interface with WinDump, this is almost +certainly a problem with one or more of: + +* the operating system you're using; +* the device driver for the interface you're using; +* the Npcap library and/or the Npcap device driver; + +so first check {npcap-main-url}guide/npcap-users-guide.html[the Npcap User's Guide] to see if your problem is mentioned there. +If not, then see {npcap-main-url}[the main Npcap page] - check the "Patches, Bug Reports, Questions, Suggestions, etc" section. + +You may also want to ask the +mailto:wireshark-users@wireshark.org[wireshark-users@wireshark.org] and +the mailto:dev@nmap.org[dev@nmap.org] mailing +lists to see if anybody happens to know about the problem and know a +workaround or fix for the problem. (Note that you will have to subscribe +to that list in order to be allowed to mail to it; see +{npcap-main-url}[the Npcap support page] for information on the +mailing list.) In your mail, please give full details of the problem, as +described above, and also indicate that the problem occurs with WinDump, +not just with Wireshark. + +=== I'm running Wireshark on Windows; why do no network interfaces show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? + +This is really link:#capprobwin[the same question as a previous one]; +see the response to that question. + +=== I'm running Wireshark on Windows; why am I not seeing any traffic being sent by the machine running Wireshark? + +If you are running some form of VPN client software, it might be +causing this problem; people have seen this problem when they have Check +Point's VPN software installed on their machine. If that's the cause of +the problem, you will have to remove the VPN software in order to have +Wireshark (or any other application using Npcap) see outgoing packets; +unfortunately, neither we nor the Npcap developers know any way to make +Npcap and the VPN software work well together. + +Also, some drivers for Windows (especially some wireless network +interface drivers) apparently do not, when running in promiscuous mode, +arrange that outgoing packets are delivered to the software that +requested that the interface run promiscuously; try turning promiscuous +mode off. + +=== When I capture on Windows in promiscuous mode, I can see packets other than those sent to or from my machine; however, those packets show up with a "Short Frame" indication, unlike packets to or from my machine. What should I do to arrange that I see those packets in their entirety? + +In at least some cases, this appears to be the result of PGPnet +running on the network interface on which you're capturing; turn it off +on that interface. + +=== I'm trying to capture 802.11 traffic on Windows; why am I not seeing any packets? + +You should first ensure that Npcap was installed with {npcap-main-url}/guide/npcap-devguide.html#npcap-feature-dot11[raw 802.11 support] and that monitor mode is enabled. + +At least some 802.11 card drivers on Windows appear not to see any +packets if they're running in promiscuous mode. Try turning promiscuous +mode off; you'll only be able to see packets sent by and received by +your machine, not third-party traffic, and it'll look like Ethernet +traffic and won't include any management or control frames, but that's a +limitation of the card drivers. + +// XXX Is this still relevant? +// See the archived +// https://web.archive.org/web/20090226193157/http://www.micro-logix.com/winpcap/Supported.asp[MicroLogix's +// list of cards supported with WinPcap] for information on support of +// various adapters and drivers with WinPcap. + +=== I'm trying to capture 802.11 traffic on Windows; why am I seeing packets received by the machine on which I'm capturing traffic, but not packets sent by that machine? + +This appears to be another problem with promiscuous mode; try turning +it off. + +=== I'm trying to capture Ethernet VLAN traffic on Windows, and I'm capturing on a "raw" Ethernet device rather than a "VLAN interface", so that I can see the VLAN headers; why am I seeing packets received by the machine on which I'm capturing traffic, but not packets sent by that machine? + +The way the Windows networking code works probably means that packets +are sent on a "VLAN interface" rather than the "raw" device, so packets +sent by the machine will only be seen when you capture on the "VLAN +interface". If so, you will be unable to see outgoing packets when +capturing on the "raw" device, so you are stuck with a choice between +seeing VLAN headers and seeing outgoing packets. + +== Capturing packets on UN*Xes + +[#capprobunix] +=== I'm running Wireshark on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Wireshark give me an error if I try to capture on that interface? + +You may need to run Wireshark from an account with sufficient +privileges to capture packets, such as the super-user account, or may +need to give your account sufficient privileges to capture packets. Only +those interfaces that Wireshark can open for capturing show up in that +list; if you don't have sufficient privileges to capture on any +interfaces, no interfaces will show up in the list. See +https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CapturePrivileges[the Wireshark +Wiki item on capture privileges] for details on how to give a particular +account or account group capture privileges on platforms where that can +be done. + +If you are running Wireshark from an account with sufficient +privileges, then note that Wireshark relies on the libpcap library, and +on the facilities that come with the OS on which it's running in order +to do captures. On some OSes, those facilities aren't present by +default; see https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/CaptureSupport[the +Wireshark Wiki item on adding capture support] for details. + +And, even if you're running with an account that has sufficient +privileges to capture, and capture support is present in your OS, if the +OS or the libpcap library don't support capturing on a particular +network interface device or particular types of devices, Wireshark won't +be able to capture on that device. + +On Solaris, note that libpcap 0.6.2 and earlier didn't support Token +Ring interfaces; the current version, 0.7.2, does support Token Ring, +and the current version of Wireshark works with libpcap 0.7.2 and later. + +If an interface doesn't show up in the list of interfaces in the +"Interface:" field, and you know the name of the interface, try entering +that name in the "Interface:" field and capturing on that device. + +If the attempt to capture on it succeeds, the interface is somehow not +being reported by the mechanism Wireshark uses to get a list of +interfaces; please report this to +mailto:wireshark-dev@wireshark.org[wireshark-dev@wireshark.org] giving +full details of the problem, including + +* the operating system you're using, and the version of that operating +system (for Linux, give both the version number of the kernel and the +name and version number of the distribution you're using); +* the type of network device you're using. + +If you are having trouble capturing on a particular network interface, +and you've made sure that (on platforms that require it) you've arranged +that packet capture support is present, as per the above, first try +capturing on that device with `tcpdump`. + +If you can capture on the interface with `tcpdump`, send mail to +mailto:wireshark-users@wireshark.org[wireshark-users@wireshark.org] +giving full details of the problem, including + +* the operating system you're using, and the version of that operating +system (for Linux, give both the version number of the kernel and the +name and version number of the distribution you're using); +* the type of network device you're using; +* the error message you get from Wireshark. + +If you _cannot_ capture on the interface with `tcpdump`, this is almost +certainly a problem with one or more of: + +* the operating system you're using; +* the device driver for the interface you're using; +* the libpcap library; + +so you should report the problem to the company or organization that +produces the OS (in the case of a Linux distribution, report the problem +to whoever produces the distribution). + +You may also want to ask the +mailto:wireshark-users@wireshark.org[wireshark-users@wireshark.org] and +the +mailto:tcpdump-workers@lists.tcpdump.org[tcpdump-workers@lists.tcpdump.org] +mailing lists to see if anybody happens to know about the problem and +know a workaround or fix for the problem. In your mail, please give full +details of the problem, as described above, and also indicate that the +problem occurs with `tcpdump` not just with Wireshark. + +=== I'm running Wireshark on a UNIX-flavored OS; why do no network interfaces show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? + +This is really link:#capprobunix[the same question as the previous +one]; see the response to that question. + +=== I'm capturing packets on Linux; why do the time stamps have only 100ms resolution, rather than 1us resolution? + +Wireshark gets time stamps from libpcap/Npcap, and libpcap/Npcap get +them from the OS kernel, so Wireshark - and any other program using +libpcap, such as tcpdump - is at the mercy of the time stamping code in +the OS for time stamps. + +At least on x86-based machines, Linux can get high-resolution time +stamps on newer processors with the Time Stamp Counter (TSC) register; +for example, Intel x86 processors, starting with the Pentium Pro, and +including all x86 processors since then, have had a TSC, and other +vendors probably added the TSC at some point to their families of x86 +processors. The Linux kernel must be configured with the CONFIG_X86_TSC +option enabled in order to use the TSC. Make sure this option is enabled +in your kernel. + +In addition, some Linux distributions may have bugs in their versions +of the kernel that cause packets not to be given high-resolution time +stamps even if the TSC is enabled. See, for example, bug 61111 for Red +Hat Linux 7.2. If your distribution has a bug such as this, you may have +to run a standard kernel from kernel.org in order to get high-resolution +time stamps. + +== Capturing packets on wireless LANs + +=== How can I capture raw 802.11 frames, including non-data (management, beacon) frames? + +That depends on the operating system on which you're running, and on +the 802.11 interface on which you're capturing. + +This would probably require that you capture in promiscuous mode or in +the mode called "monitor mode" or "RFMON mode". On some platforms, or +with some cards, this might require that you capture in monitor mode - +promiscuous mode might not be sufficient. If you want to capture traffic +on networks other than the one with which you're associated, you will +have to capture in monitor mode. + +Not all operating systems support capturing non-data packets and, even +on operating systems that do support it, not all drivers, and thus not +all interfaces, support it. Even on those that do, monitor mode might +not be supported by the operating system or by the drivers for all +interfaces. + +*NOTE:* an interface running in monitor mode will, on most if not all +platforms, not be able to act as a regular network interface; putting it +into monitor mode will, in effect, take your machine off of whatever +network it's on as long as the interface is in monitor mode, allowing it +only to passively capture packets. + +This means that you should disable name resolution when capturing in +monitor mode; otherwise, when Wireshark (or TShark, or tcpdump) tries to +display IP addresses as host names, it will probably block for a long +time trying to resolve the name because it will not be able to +communicate with any DNS or NIS servers. + +See https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/WLAN[the Wireshark Wiki +item on 802.11 capturing] for details. + +=== How do I capture on an 802.11 device in monitor mode? + +Whether you will be able to capture in monitor mode depends on the +operating system, adapter, and driver you're using. See +link:#raw_80211_sniff[the previous question] for information on monitor +mode, including a link to the Wireshark Wiki page that gives details on +802.11 capturing. + +== Viewing traffic + +=== Why am I seeing lots of packets with incorrect TCP checksums? + +If the packets that have incorrect TCP checksums are all being sent +by the machine on which Wireshark is running, this is probably because +the network interface on which you're capturing does TCP checksum +offloading. That means that the TCP checksum is added to the packet by +the network interface, not by the OS's TCP/IP stack; when capturing on +an interface, packets being sent by the host on which you're capturing +are directly handed to the capture interface by the OS, which means that +they are handed to the capture interface without a TCP checksum being +added to them. + +The only way to prevent this from happening would be to disable TCP +checksum offloading, but + +1. that might not even be possible on some OSes; +2. that could reduce networking performance significantly. + +However, you can disable the check that Wireshark does of the TCP +checksum, so that it won't report any packets as having TCP checksum +errors, and so that it won't refuse to do TCP reassembly due to a packet +having an incorrect TCP checksum. That can be set as an Wireshark +preference by selecting "Preferences" from the "Edit" menu, opening up +the "Protocols" list in the left-hand pane of the "Preferences" dialog +box, selecting "TCP", from that list, turning off the "Check the +validity of the TCP checksum when possible" option, clicking "Save" if +you want to save that setting in your preference file, and clicking +"OK". + +It can also be set on the Wireshark or TShark command line with a +`-o tcp.check_checksum:false` command-line flag, or manually set in your +preferences file by adding a `tcp.check_checksum:false` line. + +=== I've just installed Wireshark, and the traffic on my local LAN is boring. Where can I find more interesting captures? + +We have a collection of strange and exotic sample capture files at +https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures[https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures] + +=== Why doesn't Wireshark correctly identify RTP packets? It shows them only as UDP. + +Wireshark can identify a UDP datagram as containing a packet of a +particular protocol running atop UDP only if + +1. The protocol in question has a particular standard port number, and +the UDP source or destination port number is that port +2. Packets of that protocol can be identified by looking for a +"signature" of some type in the packet - i.e., some data that, if +Wireshark finds it in some particular part of a packet, means that the +packet is almost certainly a packet of that type. +3. Some _other_ traffic earlier in the capture indicated that, for +example, UDP traffic between two particular addresses and ports will be +RTP traffic. + +RTP doesn't have a standard port number, so 1) doesn't work; it doesn't, +as far as I know, have any "signature", so 2) doesn't work. + +That leaves 3). If there's RTSP traffic that sets up an RTP session, +then, at least in some cases, the RTSP dissector will set things up so +that subsequent RTP traffic will be identified. Currently, that's the +only place we do that; there may be other places. + +However, there will always be places where Wireshark is simply +*incapable* of deducing that a given UDP flow is RTP; a mechanism would +be needed to allow the user to specify that a given conversation should +be treated as RTP. As of Wireshark 0.8.16, such a mechanism exists; if +you select a UDP or TCP packet, the right mouse button menu will have a +"Decode As..." menu item, which will pop up a dialog box letting you +specify that the source port, the destination port, or both the source +and destination ports of the packet should be dissected as some +particular protocol. + +=== Why doesn't Wireshark show Yahoo Messenger packets in captures that contain Yahoo Messenger traffic? + +Wireshark only recognizes as Yahoo Messenger traffic packets to or +from TCP port 3050 that begin with "YPNS", "YHOO", or "YMSG". TCP +segments that start with the middle of a Yahoo Messenger packet that +takes more than one TCP segment will not be recognized as Yahoo +Messenger packets (even if the TCP segment also contains the beginning +of another Yahoo Messenger packet). + +== Filtering traffic + +=== I saved a filter and tried to use its name to filter the display; why do I get an "Unexpected end of filter string" error? + +You cannot use the name of a saved display filter as a filter. To +filter the display, you can enter a display filter expression - *not* +the name of a saved display filter - in the "Filter:" box at the bottom +of the display, and type the key or press the "Apply" button +(that does not require you to have a saved filter), or, if you want to +use a saved filter, you can press the "Filter:" button, select the +filter in the dialog box that pops up, and press the "OK" button. + +=== How can I search for, or filter, packets that have a particular string anywhere in them? + +If you want to do this when capturing, you can't. That's a feature +that would be hard to implement in capture filters without changes to +the capture filter code, which, on many platforms, is in the OS kernel +and, on other platforms, is in the libpcap library. + +After capture, you can search for text by selecting _Edit→Find +Packet..._ and making sure _String_ is selected. Alternately, you can +use the "contains" display filter operator or "matches" operator if it's +supported on your system. + +=== How do I filter a capture to see traffic for virus XXX? + +For some viruses/worms there might be a capture filter to recognize +the virus traffic. Check the +https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters[CaptureFilters] page on the +https://gitlab.com/wireshark/wireshark/-/wikis[Wireshark Wiki] to see if anybody's added +such a filter. + +Note that Wireshark was not designed to be an intrusion detection +system; you might be able to use it as an IDS, but in most cases +software designed to be an IDS, such as https://www.snort.org/[Snort] or +https://www.prelude-siem.org/[Prelude], will probably work better. + +== Questions Which Are Still Notable Even Though They Aren’t Asked Much Any More + +=== What's up with the name change? Is Wireshark a fork? + +In May of 2006, Gerald Combs (the original author of Ethereal) went +to work for CACE Technologies (best known for WinPcap). Unfortunately, +he had to leave the Ethereal trademarks behind. + +This left the project in an awkward position. The only reasonable way +to ensure the continued success of the project was to change the name. +This is how Wireshark was born. + +Wireshark is almost (but not quite) a fork. Normally a "fork" of an +open source project results in two names, web sites, development teams, +support infrastructures, etc. This is the case with Wireshark except for +one notable exception -- every member of the core development team is +now working on Wireshark. There has been no active development on +Ethereal since the name change. Several parts of the Ethereal web site` +(such as the mailing lists, source code repository, and build farm) have +gone offline. + +More information on the name change can be found here: + +* https://www.prweb.com/releases/2006/6/prweb396098.htm[Original press +release] +* https://www.linux.com/news/ethereal-changes-name-wireshark[NewsForge article] +* Many other articles in https://www.wireshark.org/bibliography.html[our +bibliography] diff --git a/docbook/logray-quick-start.adoc b/docbook/logray-quick-start.adoc new file mode 100644 index 00000000..2e053c64 --- /dev/null +++ b/docbook/logray-quick-start.adoc @@ -0,0 +1,57 @@ += Logray Quick Start + +Logray is a sibling application for Wireshark which focuses on log messages. +It helps people understand, troubleshoot, and secure their systems via log messages similar to the way Wireshark helps people understand, troubleshoot, and secure their networks via packets. + +This document provides brief instructions for building Logray until more complete documentation comparable to the Wireshark Developer’s and User’s Guides can be written. + +== Building Logray + +Logray requires the same build environment as Wireshark. +See the https://www.wireshark.org/docs/wsdg_html_chunked/[Wireshark Developer’s Guide] for instructions on setting that up. + +It additionally requires libsinsp and libscap from https://github.com/falcosecurity/libs/[falcosecurity/libs] and any desired plugins from https://github.com/falcosecurity/plugins/[falcosecurity/plugins]. + +In order to build Logray, do the following: + +1. https://falco.org/docs/getting-started/source/[Build falcosecurity/libs]. + +2. Build falcosecurity/plugins. + +3. Build the Wireshark sources with the following CMake options: ++ +-- +[horizontal] +BUILD_logray:: Must be enabled, e.g. set to ON +SINSP_INCLUDEDIR:: The path to your local falcosecurity/libs directory +SINSP_LIBDIR:: The path to your falcosecurity/libs build directory +-- + +4. Create a directory named `falco` in your Logray plugins directory, and either copy in or symlink any desired Falco plugins. + +.Example 1: Building on macOS using Ninja +[sh] +---- +cmake -G Ninja \ + -DBUILD_logray=ON \ + -DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \ + -DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \ + .. +ninja +mkdir run/Logray.app/Contents/PlugIns/logray/3-7/falco +(cd run/Logray.app/Contents/PlugIns/logray/3-7/falco ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so ) +---- + +.Example 2: Building on Linux using Make +[sh] +---- +cmake \ + -DBUILD_logray=ON \ + -DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \ + -DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \ + .. +make -j $(getconf _NPROCESSORS_ONLN) +mkdir run/plugins/3.7/falco +(cd run/plugins/3.7/falco ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so ) +---- + diff --git a/docbook/make-wsluarm.py b/docbook/make-wsluarm.py new file mode 100755 index 00000000..52330756 --- /dev/null +++ b/docbook/make-wsluarm.py @@ -0,0 +1,458 @@ +#!/usr/bin/env python3 +# +# make-wsluarm.py +# +# By Gerald Combs +# Based on make-wsluarm.pl by Luis E. Garcia Onatnon and Hadriel Kaplan +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# Copyright 1998 Gerald Combs +# +# SPDX-License-Identifier: GPL-2.0-or-later +'''\ +WSLUA's Reference Manual Generator + +This reads Doxygen-style comments in C code and generates wslua API documentation +formatted as AsciiDoc. + +Behavior as documented by Hadriel: +- Allows modules (i.e., WSLUA_MODULE) to have detailed descriptions +- Two (or more) line breaks in comments result in separate paragraphs +- Any indent with a single leading star '*' followed by space is a bulleted list item + reducing indent or having an extra linebreak stops the list +- Any indent with a leading digits-dot followed by space, i.e. "1. ", is a numbered list item + reducing indent or having an extra linebreak stops the list +''' + +import argparse +import logging +import os +import re +import sys + +from enum import Enum +from string import Template + +def parse_desc(description): + '''\ +Break up descriptions based on newlines and keywords. Some processing +is done for code blocks and lists, but the output is otherwise left +intact. Assumes the input has been stripped. +''' + + c_lines = description.strip().splitlines() + + if len(c_lines) < 1: + return '' + + adoc_lines = [] + cli = iter(c_lines) + for line in cli: + raw_len = len(line) + line = line.lstrip() + indent = raw_len - len(line) + + # If we find "[source,...]" then treat it as a block + if re.search(r'\[source.*\]', line): + # The next line *should* be a delimiter... + block_delim = next(cli).strip() + line += f'\n{block_delim}\n' + block_line = next(cli) + # XXX try except StopIteration + while block_line.strip() != block_delim: + # Keep eating lines until the closing delimiter. + # XXX Strip indent spaces? + line += block_line + '\n' + block_line = next(cli) + line += block_delim + '\n' + + adoc_lines.append(line) + elif re.match(r'^\s*$', line): + # line is either empty or just whitespace, and we're not in a @code block + # so it's the end of a previous paragraph, beginning of new one + adoc_lines.append('') + else: + # We have a regular line, not in a @code block. + # Add it as-is. + + # if line starts with "@version" or "@since", make it a "Since:" + if re.match(r'^@(version|since)\s+', line): + line = re.sub(r'^@(version|since)\s+', 'Since: ', line) + adoc_lines.append(line) + + # If line starts with single "*" and space, leave it mostly intact. + elif re.match(r'^\*\s', line): + adoc_lines += ['', line] + # keep eating until we find a blank line or end + line = next(cli) + try: + while not re.match(r'^\s*$', line): + raw_len = len(line) + line = line.lstrip() + # if this is less indented than before, break out + if raw_len - len(line) < indent: + break + adoc_lines += [line] + line = next(cli) + except StopIteration: + pass + adoc_lines.append('') + + # if line starts with "1." and space, leave it mostly intact. + elif re.match(r'^1\.\s', line): + adoc_lines += ['', line] + # keep eating until we find a blank line or end + line = next(cli) + try: + while not re.match(r'^\s*$', line): + raw_len = len(line) + line = line.lstrip() + # if this is less indented than before, break out + if raw_len - len(line) < indent: + break + adoc_lines += [line] + line = next(cli) + except StopIteration: + pass + adoc_lines.append('') + + # Just a normal line, add it to array + else: + # Nested Lua arrays + line = re.sub(r'\[\[(.*)\]\]', r'$$\1$$', line) + adoc_lines += [line] + + # Strip out consecutive empty lines. + # This isn't strictly necessary but makes the AsciiDoc output prettier. + adoc_lines = '\n'.join(adoc_lines).splitlines() + adoc_lines = [val for idx, val in enumerate(adoc_lines) if idx == 0 or not (val == '' and val == adoc_lines[idx - 1])] + + return '\n'.join(adoc_lines) + + +class LuaFunction: + def __init__(self, c_file, id, start, name, raw_description): + self.c_file = c_file + self.id = id + self.start = start + self.name = name + if not raw_description: + raw_description = '' + self.description = parse_desc(raw_description) + self.arguments = [] # (name, description, optional) + self.returns = [] # description + self.errors = [] # description + logging.info(f'Created function {id} ({name}) at {start}') + + def add_argument(self, id, raw_name, raw_description, raw_optional): + if id != self.id: + logging.critical(f'Invalid argument ID {id} in function {self.id}') + sys.exit(1) + if not raw_description: + raw_description = '' + optional = False + if raw_optional == 'OPT': + optional = True + self.arguments.append((raw_name.lower(), parse_desc(raw_description), optional)) + + def extract_buf(self, buf): + "Extract arguments, errors, and return values from a function's buffer." + + # Splits "WSLUA_OPTARG_ProtoField_int8_NAME /* food */" into + # "OPT" (1), "ProtoField_int8" (2), "NAME" (3), ..., ..., " food " (6) + # Handles functions like "loadfile(filename)" too. + for m in re.finditer(r'#define WSLUA_(OPT)?ARG_((?:[A-Za-z0-9]+_)?[a-z0-9_]+)_([A-Z0-9_]+)\s+\d+' + TRAILING_COMMENT_RE, buf, re.MULTILINE|re.DOTALL): + self.add_argument(m.group(2), m.group(3), m.group(6), m.group(1)) + logging.info(f'Created arg {m.group(3)} for {self.id} at {m.start()}') + + # Same as above, except that there is no macro but a (multi-line) comment. + for m in re.finditer(r'/\*\s*WSLUA_(OPT)?ARG_((?:[A-Za-z0-9]+_)?[a-z0-9_]+)_([A-Z0-9_]+)\s*(.*?)\*/', buf, re.MULTILINE|re.DOTALL): + self.add_argument(m.group(2), m.group(3), m.group(4), m.group(1)) + logging.info(f'Created arg {m.group(3)} for {self.id} at {m.start()}') + + for m in re.finditer(r'/\*\s+WSLUA_MOREARGS\s+([A-Za-z_]+)\s+(.*?)\*/', buf, re.MULTILINE|re.DOTALL): + self.add_argument(m.group(1), '...', m.group(2), False) + logging.info(f'Created morearg for {self.id}') + + for m in re.finditer(r'WSLUA_(FINAL_)?RETURN\(\s*.*?\s*\)\s*;' + TRAILING_COMMENT_RE, buf, re.MULTILINE|re.DOTALL): + if m.group(4) and len(m.group(4)) > 0: + self.returns.append(m.group(4).strip()) + logging.info(f'Created return for {self.id} at {m.start()}') + + for m in re.finditer(r'/\*\s*_WSLUA_RETURNS_\s*(.*?)\*/', buf, re.MULTILINE|re.DOTALL): + if m.group(1) and len(m.group(1)) > 0: + self.returns.append(m.group(1).strip()) + logging.info(f'Created return for {self.id} at {m.start()}') + + for m in re.finditer(r'WSLUA_ERROR\s*\(\s*(([A-Z][A-Za-z]+)_)?([a-z_]+),' + QUOTED_RE, buf, re.MULTILINE|re.DOTALL): + self.errors.append(m.group(4).strip()) + logging.info(f'Created error {m.group(4)[:10]} for {self.id} at {m.start()}') + + def to_adoc(self): + # The Perl script wrapped optional args in '[]', joined them with ', ', and + # converted non-alphabetic characters to underscores. + mangled_names = [f'_{a}_' if optional else a for a, _, optional in self.arguments] + section_name = re.sub('[^A-Za-z0-9]', '_', f'{self.name}_{"__".join(mangled_names)}_') + opt_names = [f'[{a}]' if optional else a for a, _, optional in self.arguments] + adoc_buf = f''' +// {self.c_file} +[#lua_fn_{section_name}] +===== {self.name}({', '.join(opt_names)}) + +{self.description} +''' + if len(self.arguments) > 0: + adoc_buf += ''' +[float] +===== Arguments +''' + for (name, description, optional) in self.arguments: + if optional: + name += ' (optional)' + adoc_buf += f'\n{name}::\n' + + if len(description) > 0: + adoc_buf += f'\n{description}\n' + + adoc_buf += f'\n// function_arg_footer: {name}' + + if len(self.arguments) > 0: + adoc_buf += '\n// end of function_args\n' + + if len(self.returns) > 0: + adoc_buf += ''' +[float] +===== Returns +''' + for description in self.returns: + adoc_buf += f'\n{description}\n' + + if len(self.returns) > 0: + adoc_buf += f'\n// function_returns_footer: {self.name}' + + if len(self.errors) > 0: + adoc_buf += ''' +[float] +===== Errors +''' + for description in self.errors: + adoc_buf += f'\n* {description}\n' + + if len(self.errors) > 0: + adoc_buf += f'\n// function_errors_footer: {self.name}' + + adoc_buf += f'\n// function_footer: {section_name}\n' + + return adoc_buf + + +# group 1: whole trailing comment (possibly empty), e.g. " /* foo */" +# group 2: any leading whitespace. XXX why is this not removed using (?:...) +# group 3: actual comment text, e.g. " foo ". +TRAILING_COMMENT_RE = r'((\s*|[\n\r]*)/\*(.*?)\*/)?' +IN_COMMENT_RE = r'[\s\r\n]*((.*?)\s*\*/)?' +QUOTED_RE = r'"([^"]*)"' + +# XXX We might want to create a "LuaClass" class similar to LuaFunction +# and move these there. +def extract_class_definitions(c_file, c_buf, module, classes, functions): + for m in re.finditer(r'WSLUA_CLASS_DEFINE(?:_BASE)?\(\s*([A-Z][a-zA-Z0-9]+).*?\);' + TRAILING_COMMENT_RE, c_buf, re.MULTILINE|re.DOTALL): + raw_desc = m.group(4) + if raw_desc is None: + raw_desc = '' + name = m.group(1) + mod_class = { + 'description': parse_desc(raw_desc), + 'constructors': [], + 'methods': [], + 'attributes': [], + } + classes[name] = mod_class + logging.info(f'Created class {name}') + return 0 + +def extract_function_definitions(c_file, c_buf, module, classes, functions): + for m in re.finditer(r'WSLUA_FUNCTION\s+wslua_([a-z_0-9]+)[^\{]*\{' + TRAILING_COMMENT_RE, c_buf, re.MULTILINE|re.DOTALL): + id = m.group(1) + functions[id] = LuaFunction(c_file, id, m.start(), id, m.group(4)) + +def extract_constructor_definitions(c_file, c_buf, module, classes, functions): + for m in re.finditer(r'WSLUA_CONSTRUCTOR\s+([A-Za-z0-9]+)_([a-z0-9_]+).*?\{' + TRAILING_COMMENT_RE, c_buf, re.MULTILINE|re.DOTALL): + class_name = m.group(1) + id = f'{class_name}_{m.group(2)}' + name = f'{class_name}.{m.group(2)}' + functions[id] = LuaFunction(c_file, id, m.start(), name, m.group(5)) + classes[class_name]['constructors'].append(id) + +def extract_constructor_markups(c_file, c_buf, module, classes, functions): + for m in re.finditer(r'_WSLUA_CONSTRUCTOR_\s+([A-Za-z0-9]+)_([a-z0-9_]+)\s*(.*?)\*/', c_buf, re.MULTILINE|re.DOTALL): + class_name = m.group(1) + id = f'{class_name}_{m.group(2)}' + name = f'{class_name}.{m.group(2)}' + functions[id] = LuaFunction(c_file, id, m.start(), name, m.group(3)) + classes[class_name]['constructors'].append(id) + +def extract_method_definitions(c_file, c_buf, module, classes, functions): + for m in re.finditer(r'WSLUA_METHOD\s+([A-Za-z0-9]+)_([a-z0-9_]+)[^\{]*\{' + TRAILING_COMMENT_RE, c_buf, re.MULTILINE|re.DOTALL): + class_name = m.group(1) + id = f'{class_name}_{m.group(2)}' + name = f'{class_name.lower()}:{m.group(2)}' + functions[id] = LuaFunction(c_file, id, m.start(), name, m.group(5)) + classes[class_name]['methods'].append(id) + +def extract_metamethod_definitions(c_file, c_buf, module, classes, functions): + for m in re.finditer(r'WSLUA_METAMETHOD\s+([A-Za-z0-9]+)(__[a-z0-9]+)[^\{]*\{' + TRAILING_COMMENT_RE, c_buf, re.MULTILINE|re.DOTALL): + class_name = m.group(1) + id = f'{class_name}{m.group(2)}' + name = f'{class_name.lower()}:{m.group(2)}' + functions[id] = LuaFunction(c_file, id, m.start(), name, m.group(5)) + classes[class_name]['methods'].append(id) + +def extract_attribute_markups(c_file, c_buf, module, classes, functions): + for m in re.finditer(r'/\*\s+WSLUA_ATTRIBUTE\s+([A-Za-z0-9]+)_([a-z0-9_]+)\s+([A-Z]*)\s*(.*?)\*/', c_buf, re.MULTILINE|re.DOTALL): + class_name = m.group(1) + name = f'{m.group(1).lower()}.{m.group(2)}' + mode = m.group(3) + mode_desc = 'Mode: ' + if 'RO' in mode: + mode_desc += 'Retrieve only.\n' + elif 'WO' in mode: + mode_desc += 'Assign only.\n' + elif 'RW' in mode or 'WR' in mode: + mode_desc += 'Retrieve or assign.\n' + else: + sys.stderr.write(f'Attribute does not have a RO/WO/RW mode {mode}\n') + sys.exit(1) + + attribute = { + 'name': name, + 'description': parse_desc(f'{mode_desc}\n{m.group(4)}'), + } + classes[class_name]['attributes'].append(attribute) + logging.info(f'Created attribute {name} for class {class_name}') + +def main(): + parser = argparse.ArgumentParser(description="WSLUA's Reference Manual Generator") + parser.add_argument("c_files", nargs='+', metavar='C file', help="C file") + parser.add_argument('--output-directory', help='Output directory') + parser.add_argument('--verbose', action='store_true', help='Show more output') + args = parser.parse_args() + + logging.basicConfig(format='%(levelname)s: %(message)s', level=logging.DEBUG if args.verbose else logging.WARNING) + + modules = {} + + for c_file in args.c_files: + with open(c_file, encoding='utf-8') as c_f: + c_buf = c_f.read() + + # Peek for modules vs continuations. + m = re.search(r'WSLUA_(|CONTINUE_)MODULE\s*(\w+)', c_buf) + if m: + module_name = m.group(2) + c_pair = (os.path.basename(c_file), c_buf) + try: + if m.group(1) == 'CONTINUE_': + modules[module_name]['c'].append(c_pair) + else: + modules[module_name]['c'].insert(0, c_pair) + except KeyError: + modules[module_name] = {} + modules[module_name]['c'] = [c_pair] + modules[module_name]['file_base'] = os.path.splitext(c_pair[0])[0] + else: + logging.warning(f'No module found in {c_file}') + + extractors = [ + extract_class_definitions, + extract_function_definitions, + extract_constructor_definitions, + extract_constructor_markups, + extract_method_definitions, + extract_metamethod_definitions, + extract_attribute_markups, + ] + + for module_name in sorted(modules): + adoc_file = f'{modules[module_name]["file_base"]}.adoc' + logging.info(f'Writing module {module_name} to {adoc_file} from {len(modules[module_name]["c"])} input(s)') + functions = {} + classes = {} + + # Extract our module's description. + m = re.search(r'WSLUA_MODULE\s*[A-Z][a-zA-Z0-9]+' + IN_COMMENT_RE, modules[module_name]['c'][0][1], re.MULTILINE|re.DOTALL) + if not m: + return + modules[module_name]['description'] = parse_desc(f'{m.group(2)}') + + # Extract module-level information from each file. + for (c_file, c_buf) in modules[module_name]['c']: + for extractor in extractors: + extractor(c_file, c_buf, modules[module_name], classes, functions) + + # Extract function-level information from each file. + for (c_file, c_buf) in modules[module_name]['c']: + c_file_ids = filter(lambda k: functions[k].c_file == c_file, functions.keys()) + func_ids = sorted(c_file_ids, key=lambda k: functions[k].start) + id = func_ids.pop(0) + for next_id in func_ids: + functions[id].extract_buf(c_buf[functions[id].start:functions[next_id].start]) + id = next_id + functions[id].extract_buf(c_buf[functions[id].start:]) + + with open(os.path.join(args.output_directory, adoc_file), 'w', encoding='utf-8') as adoc_f: + adoc_f.write(f'''\ +// {c_file} +[#lua_module_{module_name}] +=== {modules[module_name]["description"]} +''') + for class_name in sorted(classes.keys()): + lua_class = classes[class_name] + adoc_f.write(f''' +// {c_file} +[#lua_class_{class_name}] +==== {class_name} +''') + + if not lua_class["description"] == '': + adoc_f.write(f'\n{lua_class["description"]}\n') + + for constructor_id in sorted(lua_class['constructors'], key=lambda id: functions[id].start): + adoc_f.write(functions[constructor_id].to_adoc()) + del functions[constructor_id] + + for method_id in sorted(lua_class['methods'], key=lambda id: functions[id].start): + adoc_f.write(functions[method_id].to_adoc()) + del functions[method_id] + + for attribute in lua_class['attributes']: + attribute_id = re.sub('[^A-Za-z0-9]', '_', f'{attribute["name"]}') + adoc_f.write(f''' +[#lua_class_attrib_{attribute_id}] +===== {attribute["name"]} + +{attribute["description"]} + +// End {attribute["name"]} +''') + + + adoc_f.write(f'\n// class_footer: {class_name}\n') + + if len(functions.keys()) > 0: + adoc_f.write(f'''\ +[#global_functions_{module_name}] +==== Global Functions +''') + + for global_id in sorted(functions.keys(), key=lambda id: functions[id].start): + adoc_f.write(functions[global_id].to_adoc()) + + if len(functions.keys()) > 0: + adoc_f.write(f'// Global function\n') + + adoc_f.write('// end of module\n') + +if __name__ == '__main__': + main() diff --git a/docbook/ws.css b/docbook/ws.css new file mode 100644 index 00000000..ee79141b --- /dev/null +++ b/docbook/ws.css @@ -0,0 +1,770 @@ +/*! normalize.css v2.1.2 | MIT License | git.io/normalize */ +/* ========================================================================== HTML5 display definitions ========================================================================== */ +/** Correct `block` display not defined in IE 8/9. */ +article, aside, details, figcaption, figure, footer, header, hgroup, main, nav, section, summary { display: block; } + +/** Correct `inline-block` display not defined in IE 8/9. */ +audio, canvas, video { display: inline-block; } + +/** Prevent modern browsers from displaying `audio` without controls. Remove excess height in iOS 5 devices. */ +audio:not([controls]) { display: none; height: 0; } + +/** Address `[hidden]` styling not present in IE 8/9. Hide the `template` element in IE, Safari, and Firefox < 22. */ +[hidden], template { display: none; } + +script { display: none !important; } + +/* ========================================================================== Base ========================================================================== */ +/** 1. Set default font family to sans-serif. 2. Prevent iOS text size adjust after orientation change, without disabling user zoom. */ +html { font-family: sans-serif; /* 1 */ -ms-text-size-adjust: 100%; /* 2 */ -webkit-text-size-adjust: 100%; /* 2 */ } + +/** Remove default margin. */ +body { margin: 0; } + +/* ========================================================================== Links ========================================================================== */ +/** Remove the gray background color from active links in IE 10. */ +a { background: transparent; } + +/** Address `outline` inconsistency between Chrome and other browsers. */ +a:focus { outline: thin dotted; } + +/** Improve readability when focused and also mouse hovered in all browsers. */ +a:active, a:hover { outline: 0; } + +/* ========================================================================== Typography ========================================================================== */ +/** Address variable `h1` font-size and margin within `section` and `article` contexts in Firefox 4+, Safari 5, and Chrome. */ +h1 { font-size: 2em; margin: 0.67em 0; } + +/** Address styling not present in IE 8/9, Safari 5, and Chrome. */ +abbr[title] { border-bottom: 1px dotted; } + +/** Address style set to `bolder` in Firefox 4+, Safari 5, and Chrome. */ +b, strong { font-weight: bold; } + +/** Address styling not present in Safari 5 and Chrome. */ +dfn { font-style: italic; } + +/** Address differences between Firefox and other browsers. */ +hr { -moz-box-sizing: content-box; box-sizing: content-box; height: 0; } + +/** Address styling not present in IE 8/9. */ +mark { background: #ff0; color: #000; } + +/** Correct font family set oddly in Safari 5 and Chrome. */ +code, kbd, pre, samp { font-family: monospace, serif; font-size: 1em; } + +/** Improve readability of pre-formatted text in all browsers. */ +pre { white-space: pre-wrap; } + +/** Set consistent quote types. */ +q { quotes: "\201C" "\201D" "\2018" "\2019"; } + +/** Address inconsistent and variable font size in all browsers. */ +small { font-size: 80%; } + +/** Prevent `sub` and `sup` affecting `line-height` in all browsers. */ +sub, sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; } + +sup { top: -0.5em; } + +sub { bottom: -0.25em; } + +/* ========================================================================== Embedded content ========================================================================== */ +/** Remove border when inside `a` element in IE 8/9. */ +img { border: 0; } + +/** Correct overflow displayed oddly in IE 9. */ +svg:not(:root) { overflow: hidden; } + +/* ========================================================================== Figures ========================================================================== */ +/** Address margin not present in IE 8/9 and Safari 5. */ +figure { margin: 0; } + +/* ========================================================================== Forms ========================================================================== */ +/** Define consistent border, margin, and padding. */ +fieldset { border: 1px solid #c0c0c0; margin: 0 2px; padding: 0.35em 0.625em 0.75em; } + +/** 1. Correct `color` not being inherited in IE 8/9. 2. Remove padding so people aren't caught out if they zero out fieldsets. */ +legend { border: 0; /* 1 */ padding: 0; /* 2 */ } + +/** 1. Correct font family not being inherited in all browsers. 2. Correct font size not being inherited in all browsers. 3. Address margins set differently in Firefox 4+, Safari 5, and Chrome. */ +button, input, select, textarea { font-family: inherit; /* 1 */ font-size: 100%; /* 2 */ margin: 0; /* 3 */ } + +/** Address Firefox 4+ setting `line-height` on `input` using `!important` in the UA stylesheet. */ +button, input { line-height: normal; } + +/** Address inconsistent `text-transform` inheritance for `button` and `select`. All other form control elements do not inherit `text-transform` values. Correct `button` style inheritance in Chrome, Safari 5+, and IE 8+. Correct `select` style inheritance in Firefox 4+ and Opera. */ +button, select { text-transform: none; } + +/** 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio` and `video` controls. 2. Correct inability to style clickable `input` types in iOS. 3. Improve usability and consistency of cursor style between image-type `input` and others. */ +button, html input[type="button"], input[type="reset"], input[type="submit"] { -webkit-appearance: button; /* 2 */ cursor: pointer; /* 3 */ } + +/** Re-set default cursor for disabled elements. */ +button[disabled], html input[disabled] { cursor: default; } + +/** 1. Address box sizing set to `content-box` in IE 8/9. 2. Remove excess padding in IE 8/9. */ +input[type="checkbox"], input[type="radio"] { box-sizing: border-box; /* 1 */ padding: 0; /* 2 */ } + +/** 1. Address `appearance` set to `searchfield` in Safari 5 and Chrome. 2. Address `box-sizing` set to `border-box` in Safari 5 and Chrome (include `-moz` to future-proof). */ +input[type="search"] { -webkit-appearance: textfield; /* 1 */ -moz-box-sizing: content-box; -webkit-box-sizing: content-box; /* 2 */ box-sizing: content-box; } + +/** Remove inner padding and search cancel button in Safari 5 and Chrome on OS X. */ +input[type="search"]::-webkit-search-cancel-button, input[type="search"]::-webkit-search-decoration { -webkit-appearance: none; } + +/** Remove inner padding and border in Firefox 4+. */ +button::-moz-focus-inner, input::-moz-focus-inner { border: 0; padding: 0; } + +/** 1. Remove default vertical scrollbar in IE 8/9. 2. Improve readability and alignment in all browsers. */ +textarea { overflow: auto; /* 1 */ vertical-align: top; /* 2 */ } + +/* ========================================================================== Tables ========================================================================== */ +/** Remove most spacing between table cells. */ +table { border-collapse: collapse; border-spacing: 0; } + +meta.foundation-mq-small { font-family: "only screen and (min-width: 768px)"; width: 768px; } + +meta.foundation-mq-medium { font-family: "only screen and (min-width:1280px)"; width: 1280px; } + +meta.foundation-mq-large { font-family: "only screen and (min-width:1440px)"; width: 1440px; } + +*, *:before, *:after { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; } + +html, body { font-size: 100%; } + +body { background: white; color: rgba(0, 0, 0, 0.8); padding: 0; margin: 0; font-family: Georgia, "Times New Roman", Times, serif; font-weight: normal; font-style: normal; line-height: 1; position: relative; cursor: auto; } + +a:hover { cursor: pointer; } + +img, object, embed { max-width: 100%; height: auto; } + +object, embed { height: 100%; } + +img { -ms-interpolation-mode: bicubic; } + +#map_canvas img, #map_canvas embed, #map_canvas object, .map_canvas img, .map_canvas embed, .map_canvas object { max-width: none !important; } + +.left { float: left !important; } + +.right { float: right !important; } + +.text-left { text-align: left !important; } + +.text-right { text-align: right !important; } + +.text-center { text-align: center !important; } + +.text-justify { text-align: justify !important; } + +.hide { display: none; } + +.antialiased { -webkit-font-smoothing: antialiased; } + +img { display: inline-block; vertical-align: middle; } + +textarea { height: auto; min-height: 50px; } + +select { width: 100%; } + +p.lead { font-size: 1.21875em; line-height: 1.6; } + +.subheader, .admonitionblock td.content > .title, .audioblock > .title, .exampleblock > .title, .imageblock > .title, .listingblock > .title, .literalblock > .title, .stemblock > .title, .openblock > .title, .paragraph > .title, .quoteblock > .title, table.tableblock > .title, .verseblock > .title, .videoblock > .title, .dlist > .title, .olist > .title, .ulist > .title, .qlist > .title, .hdlist > .title { line-height: 1.45; color: #00234c; font-weight: normal; margin-top: 0; margin-bottom: 0.25em; } + +/* Typography resets */ +div, dl, dt, dd, ul, ol, li, h1, h2, h3, #toctitle, .sidebarblock > .content > .title, h4, h5, h6, pre, form, p, blockquote, th, td { margin: 0; padding: 0; direction: ltr; } + +/* Default Link Styles */ +a { color: #2156a5; text-decoration: underline; line-height: inherit; } +a:hover, a:focus { color: #1d4b8f; } +a img { border: none; } + +/* Default paragraph styles */ +p { font-family: inherit; font-weight: normal; font-size: 1em; line-height: 1.6; margin-bottom: 1.25em; text-rendering: optimizeLegibility; } +p aside { font-size: 0.875em; line-height: 1.35; font-style: italic; } + +/* Default header styles */ +h1, h2, h3, #toctitle, .sidebarblock > .content > .title, h4, h5, h6 { font-family: "Lucida Sans Unicode", "Lucida Grande", Helvetica, sans-serif; font-weight: 300; font-style: normal; color: #004698; text-rendering: optimizeLegibility; margin-top: 1em; margin-bottom: 0.5em; line-height: 1.0125em; } +h1 small, h2 small, h3 small, #toctitle small, .sidebarblock > .content > .title small, h4 small, h5 small, h6 small { font-size: 60%; color: #3290ff; line-height: 0; } + +h1 { font-size: 2.125em; } + +h2 { font-size: 1.6875em; } + +h3, #toctitle, .sidebarblock > .content > .title { font-size: 1.375em; } + +h4 { font-size: 1.125em; } + +h5 { font-size: 1.125em; } + +h6 { font-size: 1em; } + +hr { border: solid #ddddd8; border-width: 1px 0 0; clear: both; margin: 1.25em 0 1.1875em; height: 0; } + +/* Helpful Typography Defaults */ +em, i { font-style: italic; line-height: inherit; } + +strong, b { font-weight: bold; line-height: inherit; } + +small { font-size: 60%; line-height: inherit; } + +code { font-family: "Lucida Console", Menlo, Consolas, monospace; font-weight: normal; color: rgba(0, 0, 0, 0.9); } + +/* Lists */ +ul, ol, dl { font-size: 1em; line-height: 1.6; margin-bottom: 1.25em; list-style-position: outside; font-family: inherit; } + +ul, ol { margin-left: 1.5em; } +ul.no-bullet, ol.no-bullet { margin-left: 1.5em; } + +/* Unordered Lists */ +ul li ul, ul li ol { margin-left: 1.25em; margin-bottom: 0; font-size: 1em; /* Override nested font-size change */ } +ul.square li ul, ul.circle li ul, ul.disc li ul { list-style: inherit; } +ul.square { list-style-type: square; } +ul.circle { list-style-type: circle; } +ul.disc { list-style-type: disc; } +ul.no-bullet { list-style: none; } + +/* Ordered Lists */ +ol li ul, ol li ol { margin-left: 1.25em; margin-bottom: 0; } + +/* Definition Lists */ +dl dt { margin-bottom: 0.3125em; font-weight: bold; } +dl dd { margin-bottom: 1.25em; } + +/* Abbreviations */ +abbr, acronym { text-transform: uppercase; font-size: 90%; color: rgba(0, 0, 0, 0.8); border-bottom: 1px dotted #dddddd; cursor: help; } + +abbr { text-transform: none; } + +/* Blockquotes */ +blockquote { margin: 0 0 1.25em; padding: 0.5625em 1.25em 0 1.1875em; border-left: 1px solid #dddddd; } +blockquote cite { display: block; font-size: 0.9375em; color: rgba(0, 0, 0, 0.6); } +blockquote cite:before { content: "\2014 \0020"; } +blockquote cite a, blockquote cite a:visited { color: rgba(0, 0, 0, 0.6); } + +blockquote, blockquote p { line-height: 1.6; color: rgba(0, 0, 0, 0.85); } + +/* Microformats */ +.vcard { display: inline-block; margin: 0 0 1.25em 0; border: 1px solid #dddddd; padding: 0.625em 0.75em; } +.vcard li { margin: 0; display: block; } +.vcard .fn { font-weight: bold; font-size: 0.9375em; } + +.vevent .summary { font-weight: bold; } +.vevent abbr { cursor: auto; text-decoration: none; font-weight: bold; border: none; padding: 0 0.0625em; } + +@media only screen and (min-width: 768px) { h1, h2, h3, #toctitle, .sidebarblock > .content > .title, h4, h5, h6 { line-height: 1.2; } + h1 { font-size: 2.75em; } + h2 { font-size: 2.3125em; } + h3, #toctitle, .sidebarblock > .content > .title { font-size: 1.6875em; } + h4 { font-size: 1.4375em; } } +/* Tables */ +table { background: white; margin-bottom: 1.25em; border: solid 1px #dedede; } +table thead, table tfoot { background: #f7f8f7; font-weight: bold; } +table thead tr th, table thead tr td, table tfoot tr th, table tfoot tr td { padding: 0.5em 0.625em 0.625em; font-size: inherit; color: rgba(0, 0, 0, 0.8); text-align: left; } +table tr th, table tr td { padding: 0.5625em 0.625em; font-size: inherit; color: rgba(0, 0, 0, 0.8); } +table tr.even, table tr.alt, table tr:nth-of-type(even) { background: #f8f8f7; } +table thead tr th, table tfoot tr th, table tbody tr td, table tr td, table tfoot tr td { display: table-cell; line-height: 1.6; } + +body { tab-size: 4; word-wrap: anywhere; -moz-osx-font-smoothing: grayscale; -webkit-font-smoothing: antialiased; } + +table { word-wrap: normal; } + +h1, h2, h3, #toctitle, .sidebarblock > .content > .title, h4, h5, h6 { line-height: 1.2; word-spacing: -0.05em; } +h1 strong, h2 strong, h3 strong, #toctitle strong, .sidebarblock > .content > .title strong, h4 strong, h5 strong, h6 strong { font-weight: 400; } + +object, svg { display: inline-block; vertical-align: middle; } + +.center { margin-left: auto; margin-right: auto; } + +.stretch { width: 100%; } + +.clearfix:before, .clearfix:after, .float-group:before, .float-group:after { content: " "; display: table; } +.clearfix:after, .float-group:after { clear: both; } + +:not(pre).nobreak { word-wrap: normal; } +:not(pre).nowrap { white-space: nowrap; } +:not(pre).pre-wrap { white-space: pre-wrap; } + +:not(pre):not([class^=L]) > code { font-size: 0.9375em; font-style: normal !important; letter-spacing: 0; padding: 0.1em 0.5ex; word-spacing: -0.15em; background-color: #f7f7f8; -webkit-border-radius: 4px; border-radius: 4px; line-height: 1.45; text-rendering: optimizeSpeed; } + +pre { color: rgba(0, 0, 0, 0.9); font-family: "Lucida Console", Menlo, Consolas, monospace; line-height: 1.45; text-rendering: optimizeSpeed; } +pre code, pre pre { color: inherit; font-size: inherit; line-height: inherit; } +pre > code { display: block; } + +pre.nowrap, pre.nowrap pre { white-space: pre; word-wrap: normal; } + +em em { font-style: normal; } + +strong strong { font-weight: normal; } + +.keyseq { color: rgba(51, 51, 51, 0.8); } + +kbd { font-family: "Lucida Console", Menlo, Consolas, monospace; display: inline-block; color: rgba(0, 0, 0, 0.8); font-size: 0.65em; line-height: 1.45; background-color: #f7f7f7; border: 1px solid #ccc; -webkit-border-radius: 3px; border-radius: 3px; -webkit-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.2), 0 0 0 0.1em white inset; box-shadow: 0 1px 0 rgba(0, 0, 0, 0.2), 0 0 0 0.1em white inset; margin: 0 0.15em; padding: 0.2em 0.5em; vertical-align: middle; position: relative; top: -0.1em; white-space: nowrap; } + +.keyseq kbd:first-child { margin-left: 0; } + +.keyseq kbd:last-child { margin-right: 0; } + +.menuseq, .menuref { color: #000; } + +.menuseq b:not(.caret), .menuref { font-weight: inherit; } + +.menuseq { word-spacing: -0.02em; } +.menuseq b.caret { font-size: 1.25em; line-height: 0.8; } +.menuseq i.caret { font-weight: bold; text-align: center; width: 0.45em; } + +b.button:before, b.button:after { position: relative; top: -1px; font-weight: normal; } + +b.button:before { content: "["; padding: 0 3px 0 2px; } + +b.button:after { content: "]"; padding: 0 2px 0 3px; } + +p a > code:hover { color: rgba(0, 0, 0, 0.9); } + +#header, #content, #footnotes, #footer { width: 100%; margin-left: auto; margin-right: auto; margin-top: 0; margin-bottom: 0; max-width: 62.5em; *zoom: 1; position: relative; padding-left: 0.9375em; padding-right: 0.9375em; } +#header:before, #header:after, #content:before, #content:after, #footnotes:before, #footnotes:after, #footer:before, #footer:after { content: " "; display: table; } +#header:after, #content:after, #footnotes:after, #footer:after { clear: both; } + +#content { margin-top: 1.25em; } + +#content:before { content: none; } + +#header > h1:first-child { color: rgba(0, 0, 0, 0.85); margin-top: 2.25rem; margin-bottom: 0; } +#header > h1:first-child + #toc { margin-top: 8px; border-top: 1px solid #ddddd8; } +#header > h1:only-child, body.toc2 #header > h1:nth-last-child(2) { border-bottom: 1px solid #ddddd8; padding-bottom: 8px; } +#header .details { border-bottom: 1px solid #ddddd8; line-height: 1.45; padding-top: 0.25em; padding-bottom: 0.25em; padding-left: 0.25em; color: rgba(0, 0, 0, 0.6); display: -ms-flexbox; display: -webkit-flex; display: flex; -ms-flex-flow: row wrap; -webkit-flex-flow: row wrap; flex-flow: row wrap; } +#header .details span:first-child { margin-left: -0.125em; } +#header .details span.email a { color: rgba(0, 0, 0, 0.85); } +#header .details br { display: none; } +#header .details br + span:before { content: "\00a0\2013\00a0"; } +#header .details br + span.author:before { content: "\00a0\22c5\00a0"; color: rgba(0, 0, 0, 0.85); } +#header .details br + span#revremark:before { content: "\00a0|\00a0"; } +#header #revnumber { text-transform: capitalize; } +#header #revnumber:after { content: "\00a0"; } + +#content > h1:first-child:not([class]) { color: rgba(0, 0, 0, 0.85); border-bottom: 1px solid #ddddd8; padding-bottom: 8px; margin-top: 0; padding-top: 1rem; margin-bottom: 1.25rem; } + +#toc { border-bottom: 1px solid #efefed; padding-bottom: 0.5em; } +#toc > ul { margin-left: 0.125em; } +#toc ul.sectlevel0 > li > a { font-style: italic; } +#toc ul.sectlevel0 ul.sectlevel1 { margin: 0.5em 0; } +#toc ul { font-family: "Lucida Sans Unicode", "Lucida Grande", Helvetica, sans-serif; list-style-type: none; } +#toc li { line-height: 1.3334; margin-top: 0.3334em; } +#toc a { text-decoration: none; } +#toc a:active { text-decoration: underline; } + +#toctitle { color: #00234c; font-size: 1.2em; } + +@media only screen and (min-width: 768px) { #toctitle { font-size: 1.375em; } + body.toc2 { padding-left: 15em; padding-right: 0; } + #toc.toc2 { margin-top: 0 !important; background: #f8f8f7; position: fixed; width: 15em; left: 0; top: 0; border-right: 1px solid #efefed; border-top-width: 0 !important; border-bottom-width: 0 !important; z-index: 1000; padding: 1.25em 1em; height: 100%; overflow: auto; } + #toc.toc2 #toctitle { margin-top: 0; margin-bottom: 0.8rem; font-size: 1.2em; } + #toc.toc2 > ul { font-size: 0.9em; margin-bottom: 0; } + #toc.toc2 ul ul { margin-left: 0; padding-left: 1em; } + #toc.toc2 ul.sectlevel0 ul.sectlevel1 { padding-left: 0; margin-top: 0.5em; margin-bottom: 0.5em; } + body.toc2.toc-right { padding-left: 0; padding-right: 15em; } + body.toc2.toc-right #toc.toc2 { border-right-width: 0; border-left: 1px solid #efefed; left: auto; right: 0; } } +@media only screen and (min-width: 1280px) { body.toc2 { padding-left: 20em; padding-right: 0; } + #toc.toc2 { width: 20em; } + #toc.toc2 #toctitle { font-size: 1.375em; } + #toc.toc2 > ul { font-size: 0.95em; } + #toc.toc2 ul ul { padding-left: 1.25em; } + body.toc2.toc-right { padding-left: 0; padding-right: 20em; } } +#content #toc { border-style: solid; border-width: 1px; border-color: #e0e0dc; margin-bottom: 1.25em; padding: 1.25em; background: #f8f8f7; -webkit-border-radius: 4px; border-radius: 4px; } +#content #toc > :first-child { margin-top: 0; } +#content #toc > :last-child { margin-bottom: 0; } + +#footer { max-width: none; background: rgba(0, 0, 0, 0.8); padding: 1.25em; } + +#footer-text { color: rgba(255, 255, 255, 0.8); line-height: 1.44; } + +#content { margin-bottom: 0.625em; } + +.sect1 { padding-bottom: 0.625em; } + +@media only screen and (min-width: 768px) { #content { margin-bottom: 1.25em; } + .sect1 { padding-bottom: 1.25em; } } +.sect1:last-child { padding-bottom: 0; } + +.sect1 + .sect1 { border-top: 1px solid #efefed; } + +#content h1 > a.anchor, h2 > a.anchor, h3 > a.anchor, #toctitle > a.anchor, .sidebarblock > .content > .title > a.anchor, h4 > a.anchor, h5 > a.anchor, h6 > a.anchor { position: absolute; z-index: 1001; width: 1.5ex; margin-left: -1.5ex; display: block; text-decoration: none !important; visibility: hidden; text-align: center; font-weight: normal; } +#content h1 > a.anchor:before, h2 > a.anchor:before, h3 > a.anchor:before, #toctitle > a.anchor:before, .sidebarblock > .content > .title > a.anchor:before, h4 > a.anchor:before, h5 > a.anchor:before, h6 > a.anchor:before { content: "\00A7"; font-size: 0.85em; display: block; padding-top: 0.1em; } +#content h1:hover > a.anchor, #content h1 > a.anchor:hover, h2:hover > a.anchor, h2 > a.anchor:hover, h3:hover > a.anchor, #toctitle:hover > a.anchor, .sidebarblock > .content > .title:hover > a.anchor, h3 > a.anchor:hover, #toctitle > a.anchor:hover, .sidebarblock > .content > .title > a.anchor:hover, h4:hover > a.anchor, h4 > a.anchor:hover, h5:hover > a.anchor, h5 > a.anchor:hover, h6:hover > a.anchor, h6 > a.anchor:hover { visibility: visible; } +#content h1 > a.link, h2 > a.link, h3 > a.link, #toctitle > a.link, .sidebarblock > .content > .title > a.link, h4 > a.link, h5 > a.link, h6 > a.link { color: #004698; text-decoration: none; } +#content h1 > a.link:hover, h2 > a.link:hover, h3 > a.link:hover, #toctitle > a.link:hover, .sidebarblock > .content > .title > a.link:hover, h4 > a.link:hover, h5 > a.link:hover, h6 > a.link:hover { color: #003a7f; } + +details, .audioblock, .imageblock, .literalblock, .listingblock, .stemblock, .videoblock { margin-bottom: 1.25em; } + +details > summary:first-of-type { cursor: pointer; display: list-item; outline: none; margin-bottom: 0.75em; } + +.admonitionblock td.content > .title, .audioblock > .title, .exampleblock > .title, .imageblock > .title, .listingblock > .title, .literalblock > .title, .stemblock > .title, .openblock > .title, .paragraph > .title, .quoteblock > .title, table.tableblock > .title, .verseblock > .title, .videoblock > .title, .dlist > .title, .olist > .title, .ulist > .title, .qlist > .title, .hdlist > .title { text-rendering: optimizeLegibility; text-align: left; font-family: Georgia, "Times New Roman", Times, serif; font-size: 1rem; font-style: italic; } + +table.tableblock.fit-content > caption.title { white-space: nowrap; width: 0; } + +.paragraph.lead > p, #preamble > .sectionbody > [class="paragraph"]:first-of-type p { font-size: 1.21875em; line-height: 1.6; color: rgba(0, 0, 0, 0.85); } + +.admonitionblock > table { border-collapse: separate; border: 0; background: none; width: 100%; } +.admonitionblock > table td.icon { text-align: center; width: 80px; } +.admonitionblock > table td.icon img { max-width: none; } +.admonitionblock > table td.icon .title { font-weight: bold; font-family: "Lucida Sans Unicode", "Lucida Grande", Helvetica, sans-serif; text-transform: uppercase; } +.admonitionblock > table td.content { padding-left: 1.125em; padding-right: 1.25em; border-left: 1px solid #ddddd8; color: rgba(0, 0, 0, 0.6); word-wrap: anywhere; } +.admonitionblock > table td.content > :last-child > :last-child { margin-bottom: 0; } + +.exampleblock > .content { border-style: solid; border-width: 1px; border-color: #e6e6e6; margin-bottom: 1.25em; padding: 1.25em; background: white; -webkit-border-radius: 4px; border-radius: 4px; } +.exampleblock > .content > :first-child { margin-top: 0; } +.exampleblock > .content > :last-child { margin-bottom: 0; } + +.sidebarblock { border-style: solid; border-width: 1px; border-color: #dbdbd6; margin-bottom: 1.25em; padding: 1.25em; background: #f3f3f2; -webkit-border-radius: 4px; border-radius: 4px; } +.sidebarblock > :first-child { margin-top: 0; } +.sidebarblock > :last-child { margin-bottom: 0; } +.sidebarblock > .content > .title { color: #00234c; margin-top: 0; text-align: center; } + +.exampleblock > .content > :last-child > :last-child, .exampleblock > .content .olist > ol > li:last-child > :last-child, .exampleblock > .content .ulist > ul > li:last-child > :last-child, .exampleblock > .content .qlist > ol > li:last-child > :last-child, .sidebarblock > .content > :last-child > :last-child, .sidebarblock > .content .olist > ol > li:last-child > :last-child, .sidebarblock > .content .ulist > ul > li:last-child > :last-child, .sidebarblock > .content .qlist > ol > li:last-child > :last-child { margin-bottom: 0; } + +.literalblock pre, .listingblock > .content > pre { -webkit-border-radius: 4px; border-radius: 4px; overflow-x: auto; padding: 1em; font-size: 0.8125em; } +@media only screen and (min-width: 768px) { .literalblock pre, .listingblock > .content > pre { font-size: 0.90625em; } } +@media only screen and (min-width: 1280px) { .literalblock pre, .listingblock > .content > pre { font-size: 1em; } } + +.literalblock pre, .listingblock > .content > pre:not(.highlight), .listingblock > .content > pre[class="highlight"], .listingblock > .content > pre[class^="highlight "] { background: #f7f7f8; } + +.literalblock.output pre { color: #f7f7f8; background-color: rgba(0, 0, 0, 0.9); } + +.listingblock > .content { position: relative; } + +.listingblock code[data-lang]:before { display: none; content: attr(data-lang); position: absolute; font-size: 0.75em; top: 0.425rem; right: 0.5rem; line-height: 1; text-transform: uppercase; color: inherit; opacity: 0.5; } + +.listingblock:hover code[data-lang]:before { display: block; } + +.listingblock.terminal pre .command:before { content: attr(data-prompt); padding-right: 0.5em; color: inherit; opacity: 0.5; } + +.listingblock.terminal pre .command:not([data-prompt]):before { content: "$"; } + +.listingblock pre.highlightjs { padding: 0; } +.listingblock pre.highlightjs > code { padding: 1em; -webkit-border-radius: 4px; border-radius: 4px; } + +.listingblock pre.prettyprint { border-width: 0; } + +.prettyprint { background: #f7f7f8; } + +pre.prettyprint .linenums { line-height: 1.45; margin-left: 2em; } + +pre.prettyprint li { background: none; list-style-type: inherit; padding-left: 0; } + +pre.prettyprint li code[data-lang]:before { opacity: 1; } + +pre.prettyprint li:not(:first-child) code[data-lang]:before { display: none; } + +table.linenotable { border-collapse: separate; border: 0; margin-bottom: 0; background: none; } +table.linenotable td[class] { color: inherit; vertical-align: top; padding: 0; line-height: inherit; white-space: normal; } +table.linenotable td.code { padding-left: 0.75em; } +table.linenotable td.linenos { border-right: 1px solid currentColor; opacity: 0.35; padding-right: 0.5em; } + +pre.pygments .lineno { border-right: 1px solid currentColor; opacity: 0.35; display: inline-block; margin-right: 0.75em; } +pre.pygments .lineno:before { content: ""; margin-right: -0.125em; } + +.quoteblock { margin: 0 1em 1.25em 1.5em; display: table; } +.quoteblock:not(.excerpt) > .title { margin-left: -1.5em; margin-bottom: 0.75em; } +.quoteblock blockquote, .quoteblock p { color: rgba(0, 0, 0, 0.85); font-size: 1.15rem; line-height: 1.75; word-spacing: 0.1em; letter-spacing: 0; font-style: italic; text-align: justify; } +.quoteblock blockquote { margin: 0; padding: 0; border: 0; } +.quoteblock blockquote:before { content: "\201c"; float: left; font-size: 2.75em; font-weight: bold; line-height: 0.6em; margin-left: -0.6em; color: #00234c; text-shadow: 0 1px 2px rgba(0, 0, 0, 0.1); } +.quoteblock blockquote > .paragraph:last-child p { margin-bottom: 0; } +.quoteblock .attribution { margin-top: 0.75em; margin-right: 0.5ex; text-align: right; } + +.verseblock { margin: 0 1em 1.25em 1em; } +.verseblock pre { font-family: "Open Sans", "DejaVu Sans", sans-serif; font-size: 1.15rem; color: rgba(0, 0, 0, 0.85); font-weight: 300; text-rendering: optimizeLegibility; } +.verseblock pre strong { font-weight: 400; } +.verseblock .attribution { margin-top: 1.25rem; margin-left: 0.5ex; } + +.quoteblock .attribution, .verseblock .attribution { font-size: 0.9375em; line-height: 1.45; font-style: italic; } +.quoteblock .attribution br, .verseblock .attribution br { display: none; } +.quoteblock .attribution cite, .verseblock .attribution cite { display: block; letter-spacing: -0.025em; color: rgba(0, 0, 0, 0.6); } + +.quoteblock.abstract blockquote:before, .quoteblock.excerpt blockquote:before, .quoteblock .quoteblock blockquote:before { display: none; } +.quoteblock.abstract blockquote, .quoteblock.abstract p, .quoteblock.excerpt blockquote, .quoteblock.excerpt p, .quoteblock .quoteblock blockquote, .quoteblock .quoteblock p { line-height: 1.6; word-spacing: 0; } +.quoteblock.abstract { margin: 0 1em 1.25em 1em; display: block; } +.quoteblock.abstract > .title { margin: 0 0 0.375em 0; font-size: 1.15em; text-align: center; } +.quoteblock.excerpt > blockquote, .quoteblock .quoteblock { padding: 0 0 0.25em 1em; border-left: 0.25em solid #ddddd8; } +.quoteblock.excerpt, .quoteblock .quoteblock { margin-left: 0; } +.quoteblock.excerpt blockquote, .quoteblock.excerpt p, .quoteblock .quoteblock blockquote, .quoteblock .quoteblock p { color: inherit; font-size: 1.0625rem; } +.quoteblock.excerpt .attribution, .quoteblock .quoteblock .attribution { color: inherit; font-size: 0.85rem; text-align: left; margin-right: 0; } + +p.tableblock:last-child { margin-bottom: 0; } + +td.tableblock > .content { margin-bottom: 1.25em; word-wrap: anywhere; } +td.tableblock > .content > :last-child { margin-bottom: -1.25em; } + +table.tableblock, th.tableblock, td.tableblock { border: 0 solid #dedede; } + +table.grid-all > * > tr > * { border-width: 1px; } + +table.grid-cols > * > tr > * { border-width: 0 1px; } + +table.grid-rows > * > tr > * { border-width: 1px 0; } + +table.frame-all { border-width: 1px; } + +table.frame-ends { border-width: 1px 0; } + +table.frame-sides { border-width: 0 1px; } + +table.frame-none > colgroup + * > :first-child > *, table.frame-sides > colgroup + * > :first-child > * { border-top-width: 0; } + +table.frame-none > :last-child > :last-child > *, table.frame-sides > :last-child > :last-child > * { border-bottom-width: 0; } + +table.frame-none > * > tr > :first-child, table.frame-ends > * > tr > :first-child { border-left-width: 0; } + +table.frame-none > * > tr > :last-child, table.frame-ends > * > tr > :last-child { border-right-width: 0; } + +table.stripe-all tr, table.stripe-odd tr:nth-of-type(odd) { background: #f8f8f7; } + +table.stripe-none tr, table.stripe-odd tr:nth-of-type(even) { background: none; } + +th.halign-left, td.halign-left { text-align: left; } + +th.halign-right, td.halign-right { text-align: right; } + +th.halign-center, td.halign-center { text-align: center; } + +th.valign-top, td.valign-top { vertical-align: top; } + +th.valign-bottom, td.valign-bottom { vertical-align: bottom; } + +th.valign-middle, td.valign-middle { vertical-align: middle; } + +table thead th, table tfoot th { font-weight: bold; } + +tbody tr th { display: table-cell; line-height: 1.6; background: #f7f8f7; } + +tbody tr th, tbody tr th p, tfoot tr th, tfoot tr th p { color: rgba(0, 0, 0, 0.8); font-weight: bold; } + +p.tableblock > code:only-child { background: none; padding: 0; } + +p.tableblock { font-size: 1em; } + +ol { margin-left: 1.75em; } + +ul li ol { margin-left: 1.5em; } + +dl dd { margin-left: 1.125em; } + +dl dd:last-child, dl dd:last-child > :last-child { margin-bottom: 0; } + +ol > li p, ul > li p, ul dd, ol dd, .olist .olist, .ulist .ulist, .ulist .olist, .olist .ulist { margin-bottom: 0.625em; } + +ul.checklist, ul.none, ol.none, ul.no-bullet, ol.no-bullet, ol.unnumbered, ul.unstyled, ol.unstyled { list-style-type: none; } + +ul.no-bullet, ol.no-bullet, ol.unnumbered { margin-left: 0.625em; } + +ul.unstyled, ol.unstyled { margin-left: 0; } + +ul.checklist > li > p:first-child { margin-left: -1em; } +ul.checklist > li > p:first-child > .fa-square-o:first-child, ul.checklist > li > p:first-child > .fa-check-square-o:first-child { width: 1.25em; font-size: 0.8em; position: relative; bottom: 0.125em; } +ul.checklist > li > p:first-child > input[type="checkbox"]:first-child { margin-right: 0.25em; } + +ul.inline { display: -ms-flexbox; display: -webkit-box; display: flex; -ms-flex-flow: row wrap; -webkit-flex-flow: row wrap; flex-flow: row wrap; list-style: none; margin: 0 0 0.625em -1.25em; } + +ul.inline > li { margin-left: 1.25em; } + +.unstyled dl dt { font-weight: normal; font-style: normal; } + +ol.arabic { list-style-type: decimal; } + +ol.decimal { list-style-type: decimal-leading-zero; } + +ol.loweralpha { list-style-type: lower-alpha; } + +ol.upperalpha { list-style-type: upper-alpha; } + +ol.lowerroman { list-style-type: lower-roman; } + +ol.upperroman { list-style-type: upper-roman; } + +ol.lowergreek { list-style-type: lower-greek; } + +.hdlist > table, .colist > table { border: 0; background: none; } +.hdlist > table > tbody > tr, .colist > table > tbody > tr { background: none; } + +td.hdlist1, td.hdlist2 { vertical-align: top; padding: 0 0.625em; } + +td.hdlist1 { font-weight: bold; padding-bottom: 1.25em; } + +td.hdlist2 { word-wrap: anywhere; } + +.literalblock + .colist, .listingblock + .colist { margin-top: -0.5em; } + +.colist td:not([class]):first-child { padding: 0.4em 0.75em 0 0.75em; line-height: 1; vertical-align: top; } +.colist td:not([class]):first-child img { max-width: none; } +.colist td:not([class]):last-child { padding: 0.25em 0; } + +.thumb, .th { line-height: 0; display: inline-block; border: solid 4px white; -webkit-box-shadow: 0 0 0 1px #dddddd; box-shadow: 0 0 0 1px #dddddd; } + +.imageblock.left { margin: 0.25em 0.625em 1.25em 0; } +.imageblock.right { margin: 0.25em 0 1.25em 0.625em; } +.imageblock > .title { margin-bottom: 0; } +.imageblock.thumb, .imageblock.th { border-width: 6px; } +.imageblock.thumb > .title, .imageblock.th > .title { padding: 0 0.125em; } + +.image.left, .image.right { margin-top: 0.25em; margin-bottom: 0.25em; display: inline-block; line-height: 0; } +.image.left { margin-right: 0.625em; } +.image.right { margin-left: 0.625em; } + +a.image { text-decoration: none; display: inline-block; } +a.image object { pointer-events: none; } + +sup.footnote, sup.footnoteref { font-size: 0.875em; position: static; vertical-align: super; } +sup.footnote a, sup.footnoteref a { text-decoration: none; } +sup.footnote a:active, sup.footnoteref a:active { text-decoration: underline; } + +#footnotes { padding-top: 0.75em; padding-bottom: 0.75em; margin-bottom: 0.625em; } +#footnotes hr { width: 20%; min-width: 6.25em; margin: -0.25em 0 0.75em 0; border-width: 1px 0 0 0; } +#footnotes .footnote { padding: 0 0.375em 0 0.225em; line-height: 1.3334; font-size: 0.875em; margin-left: 1.2em; margin-bottom: 0.2em; } +#footnotes .footnote a:first-of-type { font-weight: bold; text-decoration: none; margin-left: -1.05em; } +#footnotes .footnote:last-of-type { margin-bottom: 0; } +#content #footnotes { margin-top: -0.625em; margin-bottom: 0; padding: 0.75em 0; } + +.gist .file-data > table { border: 0; background: #fff; width: 100%; margin-bottom: 0; } +.gist .file-data > table td.line-data { width: 99%; } + +div.unbreakable { page-break-inside: avoid; } + +.big { font-size: larger; } + +.small { font-size: smaller; } + +.underline { text-decoration: underline; } + +.overline { text-decoration: overline; } + +.line-through { text-decoration: line-through; } + +.aqua { color: #00bfbf; } + +.aqua-background { background-color: #00fafa; } + +.black { color: black; } + +.black-background { background-color: black; } + +.blue { color: #0000bf; } + +.blue-background { background-color: #0000fa; } + +.fuchsia { color: #bf00bf; } + +.fuchsia-background { background-color: #fa00fa; } + +.gray { color: #606060; } + +.gray-background { background-color: #7d7d7d; } + +.green { color: #006000; } + +.green-background { background-color: #007d00; } + +.lime { color: #00bf00; } + +.lime-background { background-color: #00fa00; } + +.maroon { color: #600000; } + +.maroon-background { background-color: #7d0000; } + +.navy { color: #000060; } + +.navy-background { background-color: #00007d; } + +.olive { color: #606000; } + +.olive-background { background-color: #7d7d00; } + +.purple { color: #600060; } + +.purple-background { background-color: #7d007d; } + +.red { color: #bf0000; } + +.red-background { background-color: #fa0000; } + +.silver { color: #909090; } + +.silver-background { background-color: #bcbcbc; } + +.teal { color: #006060; } + +.teal-background { background-color: #007d7d; } + +.white { color: #bfbfbf; } + +.white-background { background-color: #fafafa; } + +.yellow { color: #bfbf00; } + +.yellow-background { background-color: #fafa00; } + +body { max-width: 250mm; margin-left: auto; margin-right: auto; } + +@media only screen and (min-width: 768px) { h1 { font-size: 2em; } + h2 { font-size: 1.8em; } + h3, #toctitle, .sidebarblock > .content > .title, #toctitle, .sidebarblock > .content > .title { font-size: 1.6em; } + h4 { font-size: 1.2em; } + h5 { font-size: 1.1em; } } +dt, th.tableblock, td.content, div.footnote { text-rendering: optimizeLegibility; } + +h1, h2, p, td.content, span.alt { letter-spacing: -0.01em; } + +p strong, td.content strong, div.footnote strong { letter-spacing: -0.005em; } + +p, blockquote, dt, td.content, span.alt { font-size: 1.0625rem; } + +p, pre { margin-bottom: 1.25rem; } + +.note td img, .tip td img, .important td img, .caution td img, .warning td img { max-width: none; min-width: 2em; } + +.sidebarblock p, .sidebarblock dt, .sidebarblock td.content, p.tableblock { font-size: 1em; } + +.exampleblock > .content { background-color: #fffef7; border-color: #e0e0dc; -webkit-box-shadow: 0 1px 4px #e0e0dc; box-shadow: 0 1px 4px #e0e0dc; } + +.guimenu, .guisubmenu, .guimenuitem { padding: .1em .3em .1em .3em; border: 0.5px rgba(0, 0, 0, 0.5) solid; } + +.guibutton { padding: .1em .3em .1em .3em; border: 0.5px rgba(0, 0, 0, 0.5) solid; border-radius: 4px; } + +.keycap { padding: .1em .3em .1em .3em; border: 0.5px rgba(0, 0, 0, 0.5) solid; box-shadow: 1px 1px rgba(0, 0, 0, 0.2); border-radius: 4px; display: inline-block; min-width: 1.5em; text-align: center; } + +.print-only { display: none !important; } + +@page { margin: 1.25cm 0.75cm; } + +@media print { * { -webkit-box-shadow: none !important; box-shadow: none !important; text-shadow: none !important; } + body { max-width: default; } + html { font-size: 80%; } + a { color: inherit !important; text-decoration: underline !important; } + a.bare, a[href^="#"], a[href^="mailto:"] { text-decoration: none !important; } + a[href^="http:"]:not(.bare):after, a[href^="https:"]:not(.bare):after { content: "(" attr(href) ")"; display: inline-block; font-size: 0.875em; padding-left: 0.25em; } + abbr[title]:after { content: " (" attr(title) ")"; } + pre, blockquote, tr, img, object, svg { page-break-inside: avoid; } + thead { display: table-header-group; } + svg { max-width: 100%; } + p, blockquote, dt, td.content { font-size: 1em; orphans: 3; widows: 3; } + h2, h3, #toctitle, .sidebarblock > .content > .title, #toctitle, .sidebarblock > .content > .title { page-break-after: avoid; } + #header, #content, #footnotes, #footer { max-width: none; } + #toc, .sidebarblock, .exampleblock > .content { background: none !important; } + #toc { border-bottom: 1px solid #ddddd8 !important; padding-bottom: 0 !important; } + body.book #header { text-align: center; } + body.book #header > h1:first-child { border: 0 !important; margin: 2.5em 0 1em 0; } + body.book #header .details { border: 0 !important; display: block; padding: 0 !important; } + body.book #header .details span:first-child { margin-left: 0 !important; } + body.book #header .details br { display: block; } + body.book #header .details br + span:before { content: none !important; } + body.book #toc { border: 0 !important; text-align: left !important; padding: 0 !important; margin: 0 !important; } + body.book #toc, body.book #preamble, body.book h1.sect0, body.book .sect1 > h2 { page-break-before: always; } + .listingblock code[data-lang]:before { display: block; } + #footer { padding: 0 0.9375em; } + .hide-on-print { display: none !important; } + .print-only { display: block !important; } + .hide-for-print { display: none !important; } + .show-for-print { display: inherit !important; } } +@media print, amzn-kf8 { #header > h1:first-child { margin-top: 1.25rem; } + .sect1 { padding: 0 !important; } + .sect1 + .sect1 { border: 0; } + #footer { background: none; } + #footer-text { color: rgba(0, 0, 0, 0.6); font-size: 0.9em; } } +@media amzn-kf8 { #header, #content, #footnotes, #footer { padding: 0; } } diff --git a/docbook/wsdg_src/developer-guide-docinfo.xml b/docbook/wsdg_src/developer-guide-docinfo.xml new file mode 100644 index 00000000..90f36d11 --- /dev/null +++ b/docbook/wsdg_src/developer-guide-docinfo.xml @@ -0,0 +1,85 @@ + + + +For Wireshark 4.2 + + + + + + UlfLamping + + ulf.lamping[AT]web.de + + + LuisE.GarciaOntanon + + luis[AT]ontanon.org + + + GrahamBloice + + graham.bloice[AT]trihedral.com + + + + + +2004-2014 + Ulf Lamping + Luis E. Garcia Ontanon + Graham Bloice + + + + + + 1.1 + 28 Dec 2014 + gb + Updated for 1.99.x and 2.0, move to VS2013. + + + + 1.0 + 2 Nov 2014 + gcc + Moved Lua reference from User's Guide to Developer's Guide. + + + + 0.9 + 9 Feb 2014 + gcc + Converted from DocBook to AsciiDoc. + + + + 0.5 + 21 Jan 2007 + ul + Major redesign. + + + + 0.1 + 17 Aug 2004 + ul + Initial version. + + + + + + + Permission is granted to copy, distribute + and/or modify this document under the terms of the GNU General Public + License, Version 2 or any later version published by the Free Software + Foundation. + + + All logos and trademarks in this document are property of their + respective owners. + + diff --git a/docbook/wsdg_src/developer-guide.adoc b/docbook/wsdg_src/developer-guide.adoc new file mode 100644 index 00000000..cc1c0bd5 --- /dev/null +++ b/docbook/wsdg_src/developer-guide.adoc @@ -0,0 +1,72 @@ +:doctype: book +include::../attributes.adoc[] + +// Electronic book attributes +:author: Ulf Lamping, Graham Bloice +:description: Wireshark Developer’s Guide +:keywords: Wireshark Developer Guide +ifdef::ebook-format-epub3[] +:front-cover-image: images/ws-dev-guide-cover.png +:toc: +endif::[] + += Wireshark Developer’s Guide: Version {wireshark-version} + +// Attributes +// XXX This should be surrounded by single quotes in the text. It’s +// currently surrounded by plus signs for AsciiDoc compatibility. +:dlt-glob: DLT_* +:qt6-lts-version: 6.2.4 +:source-highlighter: coderay + +include::wsdg_preface.adoc[] + +include::../common_src/typographic_conventions.adoc[] + +[#PartEnvironment] += Wireshark Build Environment + +[partintro] +.Wireshark Build Environment +-- +The first part describes how to set up the tools, libraries and sources needed to +generate Wireshark and how to do some typical development tasks. +-- + +include::wsdg_env_intro.adoc[] + +include::wsdg_quick_setup.adoc[] + +include::wsdg_sources.adoc[] + +include::wsdg_tools.adoc[] + +include::wsdg_libraries.adoc[] + +[#PartDevelopment] += Wireshark Development + +[partintro] +.Wireshark Development +-- +The second part describes how the Wireshark sources are structured and how to +change the sources such as adding a new dissector. +-- + +include::wsdg_build_intro.adoc[] + +include::wsdg_works.adoc[] + +include::wsdg_capture.adoc[] + +include::wsdg_dissection.adoc[] + +include::wsdg_lua_support.adoc[] + +include::wsdg_userinterface.adoc[] + +include::wsdg_tests.adoc[] + +include::wsdg_asn2wrs.adoc[] + +include::../common_src/gpl_appendix.adoc[] diff --git a/docbook/wsdg_src/images/caution.svg b/docbook/wsdg_src/images/caution.svg new file mode 100644 index 00000000..793c6020 --- /dev/null +++ b/docbook/wsdg_src/images/caution.svg @@ -0,0 +1,3 @@ + + + diff --git a/docbook/wsdg_src/images/git-triangular-workflow.gv b/docbook/wsdg_src/images/git-triangular-workflow.gv new file mode 100644 index 00000000..809877a8 --- /dev/null +++ b/docbook/wsdg_src/images/git-triangular-workflow.gv @@ -0,0 +1,59 @@ +// dot -Tsvg -o docbook/wsdg_graphics/git-triangular-workflow.svg docbook/wsdg_graphics/git-triangular-workflow.gv + +digraph G { + // XXX Integrate ws.css. Match it manually for now. + graph [ + fontname = "Georgia", + fontsize = 12 + ]; + + node [ + fontname = "Georgia", + fontsize = 12, + shape=box, + style=rounded + ]; + + edge [ + fontname = "Georgia", + fontsize = 12 + ]; + + rankdir = TB; + ranksep = 1.0; + nodesep = 1.0; + // margin = "0.5,0.5"; + + main_repo [ + label=
gitlab.com/wireshark/wireshark> + ] + + your_fork [ + label=gitlab.com/you/wireshark> + ] + + your_repo [ + label=Somewhere on your machine> + ] + + { rank = same; main_repo; your_fork; } + + // :nw adds needed space + main_repo -> your_fork:nw [ + label = "Fork (once)", + style = dashed + ] + + main_repo -> your_repo [ + label = "Pull" + ] + + your_repo -> your_fork [ + label = "Push" + ] + + your_fork -> main_repo [ + label = "Merge Request" + ] + +} diff --git a/docbook/wsdg_src/images/git-triangular-workflow.svg b/docbook/wsdg_src/images/git-triangular-workflow.svg new file mode 100644 index 00000000..1f8ae3ac --- /dev/null +++ b/docbook/wsdg_src/images/git-triangular-workflow.svg @@ -0,0 +1,62 @@ + + + + + + +G + + + +main_repo + +Main Repository +gitlab.com/wireshark/wireshark + + + +your_fork + +Your Fork +gitlab.com/you/wireshark + + + +main_repo->your_fork:nw + + +Fork (once) + + + +your_repo + +Your Local Repository +Somewhere on your machine + + + +main_repo->your_repo + + +Pull + + + +your_fork->main_repo + + +Merge Request + + + +your_repo->your_fork + + +Push + + + diff --git a/docbook/wsdg_src/images/important.svg b/docbook/wsdg_src/images/important.svg new file mode 100644 index 00000000..a2ee7012 --- /dev/null +++ b/docbook/wsdg_src/images/important.svg @@ -0,0 +1,4 @@ + + + + diff --git a/docbook/wsdg_src/images/note.svg b/docbook/wsdg_src/images/note.svg new file mode 100644 index 00000000..803dc13e --- /dev/null +++ b/docbook/wsdg_src/images/note.svg @@ -0,0 +1,3 @@ + + + diff --git a/docbook/wsdg_src/images/tip.svg b/docbook/wsdg_src/images/tip.svg new file mode 100644 index 00000000..1a60b74a --- /dev/null +++ b/docbook/wsdg_src/images/tip.svg @@ -0,0 +1,3 @@ + + + diff --git a/docbook/wsdg_src/images/warning.svg b/docbook/wsdg_src/images/warning.svg new file mode 100644 index 00000000..80c0ba5c --- /dev/null +++ b/docbook/wsdg_src/images/warning.svg @@ -0,0 +1,4 @@ + + + + diff --git a/docbook/wsdg_src/images/ws-capture-sync.dia b/docbook/wsdg_src/images/ws-capture-sync.dia new file mode 100644 index 00000000..00ba9cf8 Binary files /dev/null and b/docbook/wsdg_src/images/ws-capture-sync.dia differ diff --git a/docbook/wsdg_src/images/ws-capture-sync.png b/docbook/wsdg_src/images/ws-capture-sync.png new file mode 100644 index 00000000..d46e1e94 Binary files /dev/null and b/docbook/wsdg_src/images/ws-capture-sync.png differ diff --git a/docbook/wsdg_src/images/ws-capture_internals.dia b/docbook/wsdg_src/images/ws-capture_internals.dia new file mode 100644 index 00000000..0eae20e5 Binary files /dev/null and b/docbook/wsdg_src/images/ws-capture_internals.dia differ diff --git a/docbook/wsdg_src/images/ws-capture_internals.png b/docbook/wsdg_src/images/ws-capture_internals.png new file mode 100644 index 00000000..6d110af3 Binary files /dev/null and b/docbook/wsdg_src/images/ws-capture_internals.png differ diff --git a/docbook/wsdg_src/images/ws-dev-guide-cover.png b/docbook/wsdg_src/images/ws-dev-guide-cover.png new file mode 100644 index 00000000..8134d2d0 Binary files /dev/null and b/docbook/wsdg_src/images/ws-dev-guide-cover.png differ diff --git a/docbook/wsdg_src/images/ws-function-blocks.dia b/docbook/wsdg_src/images/ws-function-blocks.dia new file mode 100644 index 00000000..cc857810 Binary files /dev/null and b/docbook/wsdg_src/images/ws-function-blocks.dia differ diff --git a/docbook/wsdg_src/images/ws-function-blocks.png b/docbook/wsdg_src/images/ws-function-blocks.png new file mode 100644 index 00000000..169e19e5 Binary files /dev/null and b/docbook/wsdg_src/images/ws-function-blocks.png differ diff --git a/docbook/wsdg_src/images/ws-logo.png b/docbook/wsdg_src/images/ws-logo.png new file mode 100644 index 00000000..04226f39 Binary files /dev/null and b/docbook/wsdg_src/images/ws-logo.png differ diff --git a/docbook/wsdg_src/images/wslua-new-dialog.png b/docbook/wsdg_src/images/wslua-new-dialog.png new file mode 100644 index 00000000..9de7e4a9 Binary files /dev/null and b/docbook/wsdg_src/images/wslua-new-dialog.png differ diff --git a/docbook/wsdg_src/images/wslua-progdlg.png b/docbook/wsdg_src/images/wslua-progdlg.png new file mode 100644 index 00000000..d8d95101 Binary files /dev/null and b/docbook/wsdg_src/images/wslua-progdlg.png differ diff --git a/docbook/wsdg_src/images/wslua-textwindow.png b/docbook/wsdg_src/images/wslua-textwindow.png new file mode 100644 index 00000000..7defd0fa Binary files /dev/null and b/docbook/wsdg_src/images/wslua-textwindow.png differ diff --git a/docbook/wsdg_src/wsdg_asn2wrs.adoc b/docbook/wsdg_src/wsdg_asn2wrs.adoc new file mode 100644 index 00000000..e7e021ee --- /dev/null +++ b/docbook/wsdg_src/wsdg_asn2wrs.adoc @@ -0,0 +1,1256 @@ +[#CreatingAsn1Dissectors] + +== Creating ASN.1 Dissectors + +The `asn2wrs` compiler can be used to create a dissector from an ASN.1 specification of a protocol. +It is a work in progress but has been used to create a number of dissectors. + +It supports: + +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.680/en[X.680] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Specification of basic notation +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.681/en[X.681] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Information object specification +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.682/en[X.682] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Constraint specification +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.683/en[X.683] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Parameterization of ASN.1 specifications + +// Limitations: Add text here + +It has inbuilt support for: + +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.880/en[X.880] +(07/1994), Information technology - Remote Operations: Concepts, model +and notation + +[#AboutASN1] + +=== About ASN.1 + +The most useful first step in writing an ASN.1-based dissector is to +learn about ASN.1. There are a number of free resources available to +help with this. One collection of such resources is maintained on +https://www.itu.int/en/ITU-T/asn1/Pages/asn1_project.aspx[the ASN.1 Consortium's web site]. + +[#Asn1DissectorRequirements] +=== ASN.1 Dissector Requirements + +The compiler needs 4 input files: an ASN.1 description of a protocol, a .cnf file, and two template files. +The ASN.1 specification may have to be edited to work, however work is in progress to at least read all ASN1 specifications. +Changing the ASN1 file is being deprecated as this creates problems when updating protocols. +The H.248 Binary encoding dissector is a good example of a dissector with relatively small changes. + +A complete <> is also available. + +[#BuildingAnASN1BasedPlugin] +==== Building An ASN.1-Based Plugin + +The usual way to build an ASN.1-based dissector is to put it into the +_epan/dissectors/asn1_ subtree. This works well and is somewhat simpler than building as a +plugin, but there are two reasons one might want to build as a plugin: + +* To speed development, since only the plugin needs to be recompiled. +* To allow flexibility in deploying an updated plugin, since only the +plugin needs to be distributed. + +Reasons one might _not_ want to build as a plugin: + +* The code is somewhat more complex. +* The CMakeFile is quite a bit more complex. +* Building under the asn1 subtree keeps all such dissectors together. + +If you still think you'd like to build your module as a plugin, see https://gitlab.com/wireshark/wireshark/-/wikis/ASN1_plugin[Building ASN1 Plugins]. + +[#UnderstandingErrorMessages] +=== Understanding Error Messages + +When running asn2wrs, you could get the following errors: + +* A LexToken error (`__main__.ParseError: LexToken(DOT,'.',71)`) +means that something is not understood in the ASN1 file, line 71, +around the dot (.) - can be the dot itself. + +* A ParseError (`__main__.ParseError: LexToken(SEMICOLON,';',88)`) means that the ';' (SEMICOLON) is not understood. Maybe removing it will work? + +[#HandMassagingTheASN1File] +=== Hand-Massaging The ASN.1 File + +If a portion of your ASN.1 file is unsupported you can modify it by hand as needed. +However, the preferred way to resolve the issue is to report it on the link:{wireshark-mailing-lists-url}wireshark-dev[wireshark-dev] mailing list or in the issue tracker so that asn2wrs can be improved. + +[#CommandLineSyntax] +=== Command Line Syntax + +---- +ASN.1 to Wireshark dissector compiler + + asn2wrs [-h|?] [-d dbg] [-b] [-p proto] [-c cnf_file] [-e] input_file(s) ... + -h|? : Usage + -b : BER (default is PER) + -u : Unaligned (default is aligned) + -p proto : Protocol name (implies -S). Default is module-name + from input_file (renamed by #.MODULE if present) + -o name : Output files name core (default is ) + -O dir : Output directory for dissector + -c cnf_file : Conformance file + -I path : Path for conformance file includes + -e : Create conformance file for exported types + -E : Just create conformance file for exported types + -S : Single output for multiple modules + -s template : Single file output (template is input file + without .c/.h extension) + -k : Keep intermediate files though single file output is used + -L : Suppress #line directive from .cnf file + -D dir : Directory for input_file(s) (default: '.') + -C : Add check for SIZE constraints + -r prefix : Remove the prefix from type names + + input_file(s) : Input ASN.1 file(s) + + -d dbg : Debug output, dbg = [l][y][p][s][a][t][c][m][o] + l - lex + y - yacc + p - parsing + s - internal ASN.1 structure + a - list of assignments + t - tables + c - conformance values + m - list of compiled modules with dependency + o - list of output files +---- + +[#GeneratedFiles] +=== Generated Files + +Asn2wrs creates the following intermediate files: + +* packet-proto-ett.c +* packet-proto-ettarr.c +* packet-proto-fn.c +* packet-proto-hf.c +* packet-proto-hfarr.c +* packet-proto-val.h +* packet-proto-exp.h +* packet-proto-table.c +* packet-proto-syn-reg.c + +These files should be included in the template file as described in the <>. +Some are optional. + +[#ASN1StepByStepInstructions] +=== Step By Step Instructions + +. Create a directory for your protocol in the _epan/dissectors/asn1_ directory and put +your ASN.1 file there. +. Copy _CMakeLists.txt_ from another ASN.1 dissector and edit it to suit your needs. +. Create a .cnf file either by copying an existing one and editing it or +using the empty example above. +. Create template files either by copying suitable existing ones and +editing them or use the examples above, putting your protocol name in the +appropriate places. +. Add your dissector to _epan/dissectors/asn1/CMakeLists.txt_ +. Test generating your dissector by building the _generate_dissector-*proto*_ target. +. Depending on the outcome you may have to edit your .cnf file, ASN.1 file +etc... +. Build Wireshark. + +[#HintsForUsingAsn2wrs] +=== Hints For Using Asn2wrs + +Asn2wrs does not support all of ASN.1 yet. +This means you might need to modify the ASN.1 definition before it will compile. +This page lists some tips and tricks that might make your life easier. + +[#COMPONENTS_OF] +[discrete] +==== COMPONENTS OF + +Asn2wrs does not support the COMPONENTS OF directive. +This means that you will have to modify the asn definition to manually +remove all COMPONENTS OF directives. Fortunately this is pretty easy. +COMPONENTS OF is a directive in ASN.1 which include +all specified fields in the referenced SEQUENCE by those fields as if +they had been explicitly specified. + +[#ASN1ComponentsOfExample] +[discrete] +==== Example + +Assume you have some definition that looks like this: + +---- +Foo ::= SEQUENCE { + field_1 INTEGER, + field_2 INTEGER +} + +Bar ::= SEQUENCE { + COMPONENTS OF Foo, + field_3 INTEGER +} +---- + +Since Asn2wrs can not handle COMPONENTS OF you will have to modify the ASN.1 file so that instead Bar +will look like this : + +---- +Bar ::= SEQUENCE { + field_1 INTEGER, + field_2 INTEGER, + field_3 INTEGER +} +---- + +That was pretty easy wasn't it? + +[#SemicolonCharacters] +[discrete] +==== Semicolon Characters + +In some ASN1 you may have semicolon characters like this: + +---- +PBAddressString ::= SEQUENCE { + extension INTEGER(1), natureOfAddressIndicator INTEGER, numberingPlanInd INTEGER, digits OCTET STRING (SIZE(0..19)) +}; +---- + +You will have to remove the last semicolon character. + +[#ASN1Parameters] +[discrete] +==== Parameters + +Parameters will have to be replaced too. +Something like this: + +---- +AChBillingChargingCharacteristics + {PARAMETERS-BOUND : bound} ::= OCTET STRING (SIZE (minAChBillingChargingLength .. +maxAChBillingChargingLength)) +---- + +Will have to be replaced with the real values of the parameters: + +---- +AChBillingChargingCharacteristics ::= OCTET STRING (SIZE (5 .. 177)) +---- + +[#ASN1ANYAndParameterizedTypes] +==== ANY And Parameterized Types + +Asn2wrs can handle the type ANY but not parameterized types. +Fortunately this is easy to work around with small changes to the ASN file and some conformance file magic. +Assuming you have a construct that looks something like this: + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm ALGORITHM.&id({SupportedAlgorithms}), + parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL +} +---- + +Which is essentially a structure that takes two fields, one field being an object identifier and the second field that can be just about anything, depending on what object identifier was used. +Here we just have to rewrite this SEQUENCE slightly so that it looks like this: + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY OPTIONAL +} +---- + +The only thing remaining now is to add the actual code to manage the dissection of this structure. +We do this by using the <>, which will replace the function body of a dissector with the contents that you specify in the conformance file. +For this one we need a string where we store the OID from AlgorithmIdentifier/algorithm so that we can pick it up and act on later from inside the dissector for AlgorithmIdentifier/parameters. +So we have to add something like this: + +[source,c] +---- +static char algorithm_id[64]; /* 64 chars should be enough? */ +---- + +to the template file. +Then we add the following to the conformance file: + +---- +#.FN_BODY AlgorithmIdentifier/algorithmId + +offset = dissect_ber_object_identifier(false, pinfo, tree, tvb, offset, + hf_x509af_algorithm_id, algorithm_id); + +#.FN_BODY AlgorithmIdentifier/parameters + +offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree); +---- + +This example comes from the X509AF dissector. Please see the code there +for more examples on how to do this. + +[#TaggedAssignments] +==== Tagged Assignments + +There is currently a bug in Asn2wrs that makes it +generate incorrect code for the case when tagged assignments are used. +The bug is two-fold, first the generated code "forgets" to strip of the +actual tag and length, second it fails to specify 'implicit_tag' +properly. + +A tagged assignment is something that looks like this example from the +FTAM asn specification: + +---- +Degree-Of-Overlap ::= +[APPLICATION 30] IMPLICIT INTEGER { + normal(0), consecutive(1), concurrent(2) +} +---- + +I.e. an assignment that also specifies a tag value. + +Until Asn2wrs is enhanced to handle these constructs you MUST add a workaround for it to the conformance file: + +---- +#.FN_BODY Degree-Of-Overlap + +int8_t class; +bool pc, ind_field; +int32_t tag; +int32_t len1; + +/* + * XXX asn2wrs can not yet handle tagged assignment yes so this + * is some conformance file magic to work around that bug + */ + +offset = get_ber_identifier(tvb, offset, &class, &pc, &tag); +offset = get_ber_length(tree, tvb, offset, &len1, &ind_field); +offset = dissect_ber_integer(true, pinfo, tree, tvb, offset, hf_index, NULL); +---- + +This tells Asn2wrs to not +autogenerate any code at all for the Degree-Of-Overlap object instead it +should use the code specified here. Note that we +do have to specify the implicit_tag value explicitly and we can NOT use +the parameter passed to the function from the caller (also due to the +bug in Asn2wrs) this is the true parameter in the call to +dissect_ber_integer(). We specify true here since +the definition of Degree-Of-Overlap was using IMPLICIT tags and would +have specified false if it was not. + +The code above can be easily cut-n-pasted into the conformance file with +the exception of the last line that actually calls the next dissector +helper (...dissect_ber_integer... in this case). +The easiest way to find out exactly what this +final line should look like in the conformance file; just generate the +dissector first without this workaround and look at what call was +generated. Then put that line in the conformance directive and replace +`implicit_tag` with either true or false depending on whether IMPLICIT +is used or not. + +[#UntaggedCHOICEs] +==== Untagged CHOICEs + +Asn2wrs cannot handle untagged CHOICEs within either a SET or a SEQUENCE. For example: + +---- +MessageTransferEnvelope ::= SET { + ... + content-type ContentType, + ... +} + +ContentType ::= CHOICE { + built-in BuiltInContentType, + extended ExtendedContentType +} + +BuiltInContentType ::= [APPLICATION 6] INTEGER { + unidentified(0), external(1), interpersonal-messaging-1984(2), interpersonal-messaging-1988(22), + edi-messaging(35), voice-messaging(40)} + +ExtendedContentType ::= OBJECT IDENTIFIER +---- + +The Asn2wrs SET/SEQUENCE parsing only looks one level +deep into the dissection tree and does not have access to class/tags of +the elements in the CHOICE. + +As with COMPONENTS OF, the solution is to expand the CHOICE in-line +within the SET or SEQUENCE, but *make sure* that each element of the +CHOICE is marked as OPTIONAL. For example, + +---- +MessageTransferEnvelope ::= SET { + ... + built-in BuiltInContentType OPTIONAL, + extended ExtendedContentType OPTIONAL + ... +} +---- + +This isn't an entirely correct ASN.1 definition, but should allow +successful parsing. + +[#ImportedModuleNameConflicts] +==== Imported Module Name Conflicts + +When importing a module using <> in the conformance file, this +may introduce a definition from the module which contradicts the +definition used in the current ASN.1 file. For example, the X.509 +Authentication Framework defines Time as + +---- +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} +---- + +whereas X.411 defines Time as + +---- +Time ::= UTCTime +---- + +This can lead to failure to decode the ASN.1 as, in the example, +Asn2wrs will be passed the wrong attributes when trying +to decode an X.411 time. In order to solve this +problem, (if you don't want to globally change the conflicting name +within the ASN.1 module), then you must add an appropriate #.TYPE_ATTR +into the conformance file *before* the <> line. For example + +---- +#.TYPE_ATTR +Time TYPE = FT_STRING DISPLAY = BASE_NONE STRING = NULL BITMASK = 0 +---- + +[#SimpleASN1BasedDissector] +=== Simple ASN.1-Based Dissector + +// https://gitlab.com/wireshark/wireshark/-/wikis/uploads/__moin_import__/attachments/ASN1_sample/foo.tar.gz +// all seven files as gzipped foo directory (suitable for unzipping in +// wireshark/asn1 directory) + +The following snippets show the different files that make up a dissector for a “FOO” protocol dissector. + +.README.txt +---- + + FOO protocol dissector + ---------------------- + +This trivial dissector is an example for the struggling dissector developer (me included) +of how to create a dissector for a protocol that is encapsulated in UDP packets +for a specific port, and the packet data is ASN1 PER encoded. + +The thing that took me a while to figure out was that in order to see my packet +dissected on the detail pane, I had to: +1. Tell the compiler which block in the ASN1 definition is a PDU definition by adding + FOO-MESSAGE under the #.PDU directive in the foo.cnf file +2. Add a call to dissect_FOO_MESSAGE_PDU() function in the dissect_foo() function in the + packet-foo-template.c file. + +To build and test it: +1. in foo directory, run make +2. run make copy_files +3. add packet-foo.c and packet-foo.h to epan/dissectors/Makefile.common +4. run top level make + +CAVEAT: Makefile.nmake was not tested . + +You can take it from here :-) + + --00-- +---- + +.foo.asn +---- +-- FOO PROTOCOL +-- + +FOO-PROTOCOL DEFINITIONS AUTOMATIC TAGS ::= +BEGIN + +-- General definitions + +MessageId ::= INTEGER (0..65535) +FlowId ::= INTEGER (0..65535) + +MessageData ::= SEQUENCE { + name OCTET STRING(SIZE(10)), + value OCTET STRING(SIZE(10)) +} + +FOO-MESSAGE ::= SEQUENCE { + messageId MessageId, + flowId FlowId, + messageData MessageData +} + +END +---- + +.foo.cnf +---- +# foo.cnf +# FOO conformation file + +# $Id$ + +#.MODULE_IMPORT + +#.EXPORTS + +#.PDU +FOO-MESSAGE + +#.NO_EMIT + +#.TYPE_RENAME + +#.FIELD_RENAME + +#.END +---- + +.packet-foo-template.h +[source,c] +---- +/* packet-foo.h + * Routines for foo packet dissection + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef PACKET_FOO_H +#define PACKET_FOO_H + +#endif /* PACKET_FOO_H */ +---- + +.packet-foo-template.c +[source,c] +---- +/* packet-foo.c + * Routines for FOO packet dissection + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include +#include +#include + +#include +#include + +#include "packet-per.h" +#include "packet-foo.h" + +#define PNAME "FOO Protocol" +#define PSNAME "FOO" +#define PFNAME "foo" +#define FOO_PORT 5001 /* UDP port */ +static dissector_handle_t foo_handle=NULL; + +void proto_reg_handoff_foo(void); +void proto_register_foo(void); + +/* Initialize the protocol and registered fields */ +static int proto_foo = -1; +static int global_foo_port = FOO_PORT; + +#include "packet-foo-hf.c" + +/* Initialize the subtree pointers */ +static int ett_foo = -1; + +#include "packet-foo-ett.c" + +#include "packet-foo-fn.c" + +static void +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_item *foo_item = NULL; + proto_tree *foo_tree = NULL; + int offset = 0; + + /* make entry in the Protocol column on summary display */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, PNAME); + + /* create the foo protocol tree */ + if (tree) { + foo_item = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + foo_tree = proto_item_add_subtree(foo_item, ett_foo); + + dissect_FOO_MESSAGE_PDU(tvb, pinfo, foo_tree); + } +} +/*--- proto_register_foo -------------------------------------------*/ +void proto_register_foo(void) { + + /* List of fields */ + static hf_register_info hf[] = { + +#include "packet-foo-hfarr.c" + }; + + /* List of subtrees */ + static int *ett[] = { + &ett_foo, +#include "packet-foo-ettarr.c" + }; + + /* Register protocol */ + proto_foo = proto_register_protocol(PNAME, PSNAME, PFNAME); + /* Register fields and subtrees */ + proto_register_field_array(proto_foo, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + + +} + +/*--- proto_reg_handoff_foo ---------------------------------------*/ +void +proto_reg_handoff_foo(void) +{ + static bool inited = false; + + if( !inited ) { + + foo_handle = create_dissector_handle(dissect_foo, + proto_foo); + dissector_add("udp.port", global_foo_port, foo_handle); + + inited = true; + } + +} +---- + +.CMakeLists.txt +---- +set( PROTOCOL_NAME foo ) + +set( PROTO_OPT ) + +set( EXT_ASN_FILE_LIST +) + +set( ASN_FILE_LIST + Foo.asn +) + +set( EXTRA_DIST + ${ASN_FILE_LIST} + packet-${PROTOCOL_NAME}-template.c + ${PROTOCOL_NAME}.cnf +) + +set( SRC_FILES + ${EXTRA_DIST} + ${EXT_ASN_FILE_LIST} +) + +set( A2W_FLAGS ) + +ASN2WRS() +---- + +[#ConformanceFiles] +=== Conformance (.cnf) Files + +The .cnf file tells the compiler what to do with certain things, such as skipping auto generation for some ASN.1 entries. +They can contain the following directives: + +#.OPT:: +Compiler options. + +#.MODULE and <>:: +Assign Wireshark protocol name to ASN.1 module name. + +<>:: +Include another conformance file. + +<>:: +Export type or information object class. + +<>, <>, <>, <>, and #.SYNTAX:: +Create PDU functions and register them optionally to dissector table. + + +#.CLASS:: +Declare or define information object class. + +#.ASSIGNED_OBJECT_IDENTIFIER:: +Declare assigned object identifier. + +#.TABLE_HDR, #.TABLE_BODY, and #.TABLE_FTR:: +User tables. + +#.OMIT_ASSIGNMENT, #.NO_OMIT_ASSGN, #.OMIT_ALL_ASSIGNMENTS, #.OMIT_ASSIGNMENTS_EXCEPT, #.OMIT_ALL_TYPE_ASSIGNMENTS, #.OMIT_TYPE_ASSIGNMENTS_EXCEPT, #.OMIT_ALL_VALUE_ASSIGNMENTS, and #.OMIT_VALUE_ASSIGNMENTS_EXCEPT:: +Ignore assignments from ASN.1 source. + +<> and <>:: +See linked text for info. + +#.VIRTUAL_ASSGN, #.SET_TYPE, #.MAKE_ENUM, #.MAKE_DEFINES, and #.ASSIGN_VALUE_TO_TYPE:: +Unknown. + +#.TYPE_RENAME, #.FIELD_RENAME, and #.TF_RENAME:: +Type/field renaming + +#.IMPORT_TAG, #.TYPE_ATTR, #.FIELD_ATTR:: +Type attributes + + +#.FN_HDR, <>, #.FN_FTR, and #.FN_PARS:: +Type function modification + +<>:: +End of directive + +#.END_OF_CNF:: +End of conformance file + +[#ExampleCnfFile] +==== Example .cnf File + +---- +#.MODULE IMPORT +InformationFramework x509if + +#.INCLUDE ../x509if/x509if_exp.cnf + +#.EXPORTS + +ObjectName + +#.PDU +ObjectName + +#.REGISTER +Certificate B "2.5.4.36" "id-at-userCertificate" + +#.SYNTAX +ObjectName [FriendlyName] + +#.NO_EMIT ONLY_VALS +# this can be used with: [WITH_VALS|WITHOUT_VALS|ONLY_VALS] +# using NO_EMIT NO_VALS means it won't generate value_string array for it +Type1 + +#.USER DEFINED +Type1 [WITH_VALS|WITHOUT_VALS|ONLY_VALS] + +#.TYPE_RENAME + +#.FIELD_RENAME + +#.TYPE_ATTR Ss-Code TYPE = FT_UINT16 DISPLAY = BASE_HEX STRINGS = VALS(ssCode_vals) + +# This entry will change the hf definition from the auto-generated one for Ss-Code ::= OCTET STRING(SIZE(1)) + + { &hf_gsm_map_ss_Code, + { "ss-Code", "gsm_map.ss_Code", + FT_BYTES, BASE_HEX, NULL, 0, "", HFILL }}, + +# to: + + { &hf_gsm_map_ss_Code, + { "ss-Code", "gsm_map.ss_Code", + FT_UINT16, BASE_HEX, VALS(ssCode_vals), 0, "", HFILL }}, +---- + +In the proto_abbr-template.c file the corresponding value string must be +inserted. As an example the following would be included in +proto_abbr-template.c to define ssCode_vals: + +---- +static const value_string ssCode_vals[] = { + { 0, "ssCodeString 1" }, /* The string for value 0 */ + { 1, "String 2" }, /* String for value 1 */ + { 5, "String for value 5" }, /* Value String 5 */ + { 0, NULL } /* Null terminated array */ +} +---- + +Note that the NULL value must be the final entry and that the index values need not be consecutive. + +Foo is expressed in different ways depending on where you want to insert your code and the ASN.1 code in question. + +* Foo +* Foo/foo +* Foo/_item/foo + +For Tagged type use: + +---- +Foo/_untag + +#.FN_HDR Foo +/* This is code to be inserted into the dissector for Foo BEFORE the BER/PER helper is called. */ +tvbuff_t *out_tvb; +fragment_data *fd_head; +tvbuff_t *next_tvb = NULL; + +#.FN_BODY Foo +/* This here is code to replace the actual call to the helper completely. */ +offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index, &out_tvb); + +/* Putting %(DEFAULT_BODY)s inside #.FN_BODY will insert the original code there. */ + +#.FN_FTR Foo +/* This is code to be inserted into the dissector for Foo AFTER the ber/per helper has returned called. */ +if (foo_reassemble) { +... +} + +#.FN_PARS + +#.END +---- + +[#ExamplePacketProtocolTemplateHFile] +==== Example packet-protocol-template.h File + +Example template.h file. +Replace all PROTOCOL/protocol references with the name of your protocol. + +[source,c] +---- +/* packet-protocol.h + * Routines for Protocol packet dissection + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef PACKET_PROTOCOL_H +#define PACKET_PROTOCOL_H + +#include "packet-protocol-exp.h" + +#endif /* PACKET_PROTOCOL_H */ +---- + +[#ExamplePacketProtocolTemplateCFile] +==== Example packet-protocol-template.c File + +Example template.c file. +Replace all PROTOCOL/protocol references with the name of your protocol. + +[source,c] +---- +/* packet-protocol.c + * Routines for PROTOCOL packet dissection + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include +#include +#include + +#include +#include + +#include "packet-ber.h" +#include "packet-protocol.h" + +#define PNAME "This Is The Protocol Name" +#define PSNAME "PROTOCOL" +#define PFNAME "protocol" + +/* Initialize the protocol and registered fields */ +int proto_protocol = -1; +#include "packet-protocol-hf.c" + +/* Initialize the subtree pointers */ +#include "packet-protocol-ett.c" + +#include "packet-protocol-fn.c" + +/*--- proto_register_protocol ----------------------------------------------*/ +void proto_register_protocol(void) { + + /* List of fields */ + static hf_register_info hf[] = { +#include "packet-protocol-hfarr.c" + }; + + /* List of subtrees */ + static int *ett[] = { +#include "packet-protocol-ettarr.c" + }; + + /* Register protocol */ + proto_protocol = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_protocol, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +} + +/*--- proto_reg_handoff_protocol -------------------------------------------*/ +void proto_reg_handoff_protocol(void) { +#include "packet-protocol-dis-tab.c" +} +---- + +[#ASN1ConformanceFileDirectiveReference] +=== Conformance File Directive Reference + +The following directives can be used in conformance (.cnf) files: + +[#ASN1CnfDirectiveEND] +==== #.END + +Some of the other directives in the Asn2wrs conformance file consists of multiple lines. +The #.END directive is used to terminate such a directive. +All other “#.” directives (except #.INCLUDE) automatically act as an implicit #.END directive which is why you will not see many #.END directives in the conformance files for the dissectors shipped with Wireshark. + +[#ASN1CnfDirectiveEXPORTS] +==== #.EXPORTS + +This directive in the Asn2wrs conformation file is used to export functions for type decoding from the dissector. + +[#ASN1CnfDirectiveEXPORTSSyntax] +===== Syntax + +---- +#.EXPORTS + +TypeName [WITH_VALS|WITHOUT_VALS|ONLY_VALS] [WS_VAR] [NO_PROT_PREFIX] +... +#.END +---- + +Options: + +* WITH_VALS (default): Exports dissection function and value string table if present. +* WITHOUT_VALS: Exports only the dissection function. +* ONLY_VALS: Exports only the value string table. +* WS_VAR and WS_VAR_IMPORT: Used for value string table so as it can be exported from libwireshark.dll. +* NO_PROT_PREFIX: - value string table name does not have protocol prefix + +[#ASN1CnfDirectiveEXPORTSExample] +===== Example + +---- +#.EXPORTS +NonStandardParameter +RasMessage WITH_VALS WS_VAR +H323-UU-PDU/h323-message-body ONLY_VALS WS_VAR +#.END +---- + +[#ASN1CnfDirectiveFN_BODY] +==== #.FN_BODY + +Sometimes, like when we have ANY types, we might want to replace +whatever function body that Asn2wrs generates with code +of our own. This is what this directive allows us to do. + +[#ASN1CnfDirectiveFN_BODYExample] +===== Example: ANY + +Asn2wrs can handle the type ANY but we have to help it by adding some small changes to the conformance file. +Assuming you have a construct that looks something like this: + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY OPTIONAL +} +---- + +To handle this we need to specify our own function bodies to both the +algorithm and the parameters fields, which we do using the #.FN_BODY +directive. + +This particular example also requires us to keep some state between the +two field dissectors, namely the OBJECT IDENTIFIER from algorithm which +specifies what the content of parameters is. For +this one we need a string where we store the oid from +AlgorithmIdentifier/algorithm so that we can pick it up and act on +later from inside the dissector for AlgorithmIdentifier/parameters. +So we have to add: + +---- +static char algorithm_id[64]; /* 64 chars should be enough? */ +---- + +to the template file as a placeholder to remember which OID we picked +up. Then we add to the conformance file: + +---- +#.FN_BODY AlgorithmIdentifier/algorithmId + offset = dissect_ber_object_identifier(false, pinfo, tree, tvb, offset, + hf_x509af_algorithm_id, algorithm_id); + +#.FN_BODY AlgorithmIdentifier/parameters + offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree); +---- + +The dissector body we specified for AlgorithmIdentifier/algorithmId +here stores the retrieved OID inside the variable algorithm_id we +specified. + +When we later come to the dissector for +AlgorithmIdentifier/parameters we pick this OID up from the static +variable and just pass it on to the ber/oid dissector helper. + + + + +This example comes from the X509AF dissector. Please see the code there +for more examples on how to do this. + + + +[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDE] +==== #.MODULE_IMPORT And #.INCLUDE + +These directive in the Asn2wrs conformation file are used to manage references to external type definitions, i.e. IMPORTS. +The examples below are all from the X.509 Authentication Framework (x509af) dissector source code in Wireshark. + +[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDEExample] +===== Example ASN + +This is an example from the X509AF dissector which amongst other things +imports definitions from X.509 InformationFramework: + +---- +IMPORTS + Name, ATTRIBUTE, AttributeType, MATCHING-RULE, Attribute + FROM InformationFramework informationFramework +---- + +Which tells the Asn2wrs compiler that the types 'Name', +'ATTRIBUTE', 'AttributeType', 'MATCHING-RULE' and 'Attribute' are +declared inside the external InformationFramework ASN module and +that they are referenced from this module. +In order for Asn2wrs to generate correct code for the +dissection it is necessary to give it some help by telling what kind of +types these are, i.e. are they INTEGERs or SEQUENCEs or something +else. + +In order to be able to access these functions from this module it is +important that these types have been declared as #.EXPORTS in the X509 +InformationFramework dissector so that they are exported and that we +can link to them. + +[#ASN1CnfDirectiveMODULE_IMPORT] +==== #.MODULE_IMPORT + +First we need to tell Asn2wrs which protocol name +Wireshark uses for the functions in this external import, so that +Asn2wrs can generate suitable function call signatures to +these external functions. + +We do this by adding a directive to the conformation file : + +---- +#.MODULE_IMPORT +InformationFramework x509if +---- + +Where InformationFramework is the ASN name for the module used in +the asn IMPORTS declaration and that x509if is the name we use inside +Wireshark for this protocol. + +This tells Asn2wrs that the function name to call to +dissect Name would be dissect_x509if_Name(...). Without this knowledge +Asn2wrs would not know which function name to generate. + + +[#ASN1CnfDirectiveINCLUDE] +==== #.INCLUDE + +Second, in order for Asn2wrs to generate correct code it +also needs to know the BER type and class of these types that are +imported, since that would affect how they are to be encoded on the +wire. + +This information about what kind of BER attributes these imported types +have are done using the #.INCLUDE directive in the conformance file: + +---- +#.INCLUDE ../x509if/x509if_exp.cnf +---- + +See #.EXPORTS for a description and examples of these types of include +files. + +[#ASN1CnfDirectiveNO_EMITAndUSER_DEFINED] +==== #.NO_EMIT And #.USER_DEFINED + +These two directives in the conformance file for Asn2wrs +can be used to suppress generation of dissectors +and/or value_strings and similar for a protocol. This is useful when +there are types in the asn definition that either Asn2wrs +can not handle or if we want to handle the dissection ourself inside the +template file to do additional state keeping or things that +Asn2wrs does not know how to manage. + +These two directives are very similar. The only +difference between is that #.NO_EMIT will suppress emitting the +dissector for that function and also any value_strings while +#.USER_DEFINED will emit declarations instead of definitions. + +I.e. #.USER_DEFINED will emit declarations such +as +`extern const value_string Type_vals[];` +and +`[static] int dissect_Proto_Type(...);` + +Use #.NO_EMIT if you dont need to call this function at all from anywhere (except from the template itself) and use #.USER_DEFINED is better if you implement the function inside the template but still want to allow it to be called from other places. +// (need much better explanation here) + +[#ASN1CnfDirectiveNO_EMITSyntax] +===== Syntax + +---- +#.USER_DEFINED +TypeName [WITH_VALS|WITHOUT_VALS|ONLY_VALS] +... +#.END +---- + +---- +#.NO_EMIT +TypeName [WITH_VALS|WITHOUT_VALS|ONLY_VALS] +... +#.END +---- + +Options: + +* WITH_VALS (default): Both dissection function and value string table are user defined and not emitted. +* WITHOUT_VALS: Only dissection function is user defined and not emitted. +* ONLY_VALS: Only value string table is user defined and not emitted. + +[#ASN1CnfDirectivePDUAndPDU_NEW] +==== #.PDU and #.PDU_NEW + +This directive in the Asn2wrs conformation file will +generate a wrapper function around an object dissector. +This is useful if there is an object inside the +ASN.1 definition that we really want to register as a protocol dissector +or if we want it to have a well known signature. + +[#ASN1CnfDirectivePDUFunctionNames] +===== Function Names + +The wrapper functions that are created will all be named and have the +following signature: + +---- +static void dissect_ProtocolName_ObjectName(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); +---- + +Notice that this is exactly the same signature as `dissector_t` which is used by all dissector entry points. + +[#ASN1CnfDirectivePDUUsage] +===== Usage + +To get Asn2wrs to generate such wrapper functions you +just have to list all objects one by one on the lines following the +#.PDU declaration. + +[#ASN1CnfDirectivePDUExample] +===== Example + +---- +#.PDU +SomeObject +---- + +This will result in Asn2wrs creating this wrapper function in the packet-foo.c dissector file: + +[source,c] +---- +static void dissect_SomeObject_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + dissect_foo_SomeObject(false, ... +} +---- + +This function can then later be called or referenced from the template file or even exported. + +[#ASN1CnfDirectiveREGISTERAndREGISTER_NEW] +==== #.REGISTER and #.REGISTER_NEW + +This directive in the Asn2wrs conformation file can be used to register a dissector for an object to an OID. +This is very useful for X.509 and similar protocols where structures and objects are frequently associated with an OID. +In particular, some of the structures here encode an OID in a field and then the content in a different field later, and how that field is to be dissected depends on the previously seen OID. + +One such example can be seen in the ASN.1 description for X.509/AuthenticationFramework which has a structure defined such as + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm ALGORITHM.&id({SupportedAlgorithms}), + parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL +} +---- + +Which means that the parameters field in this structure, what this field contains and how it is to be dissected depends entirely upon what OID is stored inside algorithm. +A whole bunch of protocols use similar types of constructs. +While dissection of this particular structure itself currently has to be hand implemented inside the template (see x509af for examples of how this very structure is handled there). +The #.REGISTER option in the conformance file will at least make it easy and painless to attach the actual OID to dissector mappings. + +[#ASN1CnfDirectiveREGISTERUsage] +===== Usage + +To get Asn2wrs to generate such automatic registration of +OID to dissector mappings just use the #.REGISTER directive in the +conformation file. + +[#ASN1CnfDirectiveREGISTERExample] +===== Example + +---- +#.REGISTER +Certificate B "2.5.4.36" "id-at-userCertificate" +---- + +Which will generate the extra code to make sure that anytime Wireshark needs to dissect the blob associated to the OID "2.5.4.36" it now knows that that is done by calling the subroutine to dissect a Certificate in the current protocol file. +The "id-at-userCertificate" is just a free form text string to make Wireshark print a nice name together with the OID when it presents it in the decode pane. While this can be just about anything you want I would STRONGLY use the name used to this object/oid in the actual ASN.1 definition file. + +[#ASN1CnfDirectiveREGISTERIncludeFile] +===== Include File + +During the compilation phase Asn2wrs will put all the extra registration code for this in the include file +packet-protocol-dis-tab.c. +Make sure that you include this file from the template file or the registration to an OID will never occur. `#include "packet-protocol-dis-tab.c"` should be included from the proto_reg_handoff_protocol function in the template file. + +[#ASN1CnfDirectiveREGISTERSeeAlso] +===== See Also + +The various dissectors we have for X.509 such as the X.509AF which contains several examples of how to use this option. +That dissector can also serve as an example on how one would handle structures of the type AlgorithmIdentifier above. +Asn2wrs can NOT handle these types of structures so we need to implement them by hand inside the template. diff --git a/docbook/wsdg_src/wsdg_build_intro.adoc b/docbook/wsdg_src/wsdg_build_intro.adoc new file mode 100644 index 00000000..d4ededb1 --- /dev/null +++ b/docbook/wsdg_src/wsdg_build_intro.adoc @@ -0,0 +1,52 @@ +// WSDG Chapter Build Introduction + +[#ChapterBuildIntro] + +== Introduction + +[#ChCodeOverview] + +=== Source overview + +Wireshark consists of the following major parts: + +* Packet dissection - in the _/epan/dissectors_ and +_/plugins/epan/{asterisk}_ directories + +* Capture file I/O - using Wireshark’s own wiretap library + +* Capture - using the libpcap and Npcap libraries, in _dumpcap.c_ and +the _/capture_ directory + +* User interface - using Qt and associated libraries + +* Utilities - miscellaneous helper code + +* Help - using an external web browser and text output + +[#ChCodeStyle] + +=== Coding Style + +The coding style guides for Wireshark can be found in the “Portability” +section of the file _doc/README.developer_. + +[#ChCodeGLib] + +=== The GLib library + +GLib is used as a basic platform abstraction library. It doesn't provide +any direct GUI functionality. + +To quote the GLib Reference Manual: +____ +GLib provides the core application building blocks for libraries and +applications written in C. It provides the core object system used in GNOME, the +main loop implementation, and a large set of utility functions for strings and +common data structures. +____ + +GLib contains lots of useful things for platform independent development. +See https://developer.gnome.org/glib/ and https://docs.gtk.org/glib/ for details about GLib. + +// End of WSDG Chapter Build Introduction diff --git a/docbook/wsdg_src/wsdg_capture.adoc b/docbook/wsdg_src/wsdg_capture.adoc new file mode 100644 index 00000000..868f2a0f --- /dev/null +++ b/docbook/wsdg_src/wsdg_capture.adoc @@ -0,0 +1,505 @@ +// WSDG Chapter Capture + +[#ChapterCapture] + +== Packet Capture + +**** +This chapter needs to be reviewed and extended. +**** + +[#ChCaptureAddLibpcap] + +=== Adding A New Capture Type To Libpcap + +For this discussion, let's assume you're working with libpcap 1.0 or +later. You probably don't want to work with a version older than 1.0, +even if whatever OS you're using happens to include libpcap - older +versions are not as friendly towards adding support for devices other +than standard network interfaces. + +First, read +link:https://www.tcpdump.org/libpcap-module-HOWTO.html[the +libpcap documentation on writing a new libpcap module] + +(It's currently incomplete, but I'll be finishing it up over time. If +you have contributions, feel free to submit pull requests for it.) + +If you had to introduce one or more new `{dlt-glob}` values, you will +also have to add support in Wireshark for those `{dlt-glob}` values to +_wiretap/pcap-common.c_, which might mean adding one or more +_WTAP_ENCAP_ types to _wtap.h_ and to the `encap_table[]` table in +_wiretap/wtap.c_. You'd then have to write a dissector or dissectors for +the link-layer protocols or protocols and have them register themselves +with the `wtap_encap` dissector table, with the appropriate _WTAP_ENCAP_ +values by calling `dissector_add_uint()`. + +[#ChCaptureExtcap] + +=== Adding Capture Interfaces And Log Sources Using Extcap + +The extcap interface is a versatile plugin interface that allows external binaries +to act as capture interfaces directly in Wireshark. It is used in scenarios, where +the source of the capture is not a traditional capture model (live capture from an +interface, from a pipe, from a file, etc). The typical example is connecting esoteric +hardware of some kind to the main Wireshark app. + +Without extcap, a capture can always be achieved by directly writing to a capture file: + +.Bash example for traditional capture with a capture file. +[source,bash] +---- +$ the-esoteric-binary --the-strange-flag --interface=stream1 --file dumpfile.pcap & +$ wireshark dumpfile.pcap +---- + +but the extcap interface allows for such a connection to be easily established and +configured using the Wireshark GUI. + +The extcap subsystem is made of multiple extcap binaries that are automatically +called by the GUI in a row. In the following chapters we will refer to them as +“the extcaps”. + +Extcaps may be any binary or script within the extcap directory. Please note, that +scripts need to be executable without prefacing a script interpreter before the call. + +IMPORTANT: *Windows Users* Because of restrictions directly calling the script may not always work. +In such a case, a batch file may be provided, which then in turn executes the script. +Please refer to <> for more information. + +When Wireshark launches an extcap, it automatically adds its installation path +(normally _C:\Program Files\Wireshark\_) to the DLL search path so that the extcap library dependencies +can be found (it is not designed to be launched by hand). This is done on purpose. There should +only be extcap programs (executables, Python scripts, etc.) in the extcap folder to reduce the startup +time and not have Wireshark trying to execute other file types. + +[#ChCaptureExtcapProcess] + +==== Extcap Command Line Interface + +The actual capture is run after a setup process that can be done manually by the +user or automatically by the GUI. All the steps performed are done for every extcap. + +Let's go through those steps. + +===== Query For Available Interfaces + +In the first step the extcap is queried for its interfaces. + +[source,bash] +---- +$ extcapbin --extcap-interfaces +---- + +This call must print the existing interfaces for this extcap and must return 0. +The output must conform to the grammar specified for extcap, and it is specified +in the doc/extcap.4 generated man page (in the build dir). + +Wireshark 2.9 and later also pass `--extcap-version=x.x`, which provides the calling Wireshark's major and minor version. +This can be used to change behavior depending on the Wireshark version in question. + +.Example call for interface query +[source,bash] +---- +$ extcap_example.py --extcap-interfaces --extcap-version=4.0 +extcap {version=1.0}{help=Some help url} +interface {value=example1}{display=Example interface 1 for extcap} +interface {value=example2}{display=Example interface 2 for extcap} +---- + +The *version* for the extcap sentence (which may exist as many times as is needed, but only +the last one will be used) will be used for displaying the version information of +the extcap interface in the about dialog of Wireshark. + +The value for each interface will be used in subsequent calls as the interface name . + +Using the help argument, an interface may provide a generic help URL for the extcap +utility. + +===== Ask For DLTs For Each Interface + +Next, the extcap binary is queried for all valid DLTs for all the interfaces returned by step 1. + +[source,bash] +---- +$ extcap_example.py --extcap-dlts --extcap-interface +---- + +This call must print the valid DLTs for the interface specified. This call is +made for all the interfaces and must return 0. + +.Example for the DLT query +[source,bash] +---- +$ extcap_example.py --extcap-interface IFACE --extcap-dlts +dlt {number=147}{name=USER1}{display=Demo Implementation for Extcap} +---- + +A binary or script which neither provides an interface list or a DLT list will not show up in the extcap interfaces list. + +===== The Extcap Configuration Interface + +The extcap binary is next asked for the configuration of each specific interface + +[source,bash] +---- +$ extcap_example.py --extcap-interface --extcap-config +---- + +Each interface can have custom options that are valid for this interface only. +Those config options are specified on the command line when running the actual +capture. To allow an end-user to specify certain options, such options may be +provided using the extcap config argument. + +To share which options are available for an interface, the extcap responds to the command `--extcap-config`, which shows all the available options (aka additional command line options). + +Those options are used to build a configuration dialog for the interface. + +.Example for interface options +[source,bash] +---- +$ extcap_example.py --extcap-interface --extcap-config +arg {number=0}{call=--delay}{display=Time delay}{tooltip=Time delay between packages}{type=integer}{range=1,15}{required=true} +arg {number=1}{call=--message}{display=Message}{tooltip=Package message content}{placeholder=Please enter a message here ...}{type=string} +arg {number=2}{call=--verify}{display=Verify}{tooltip=Verify package content}{type=boolflag} +arg {number=3}{call=--remote}{display=Remote Channel}{tooltip=Remote Channel Selector}{type=selector} +arg {number=4}{call=--server}{display=IP address for log server}{type=string}{validation=\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b} +value {arg=3}{value=if1}{display=Remote1}{default=true} +value {arg=3}{value=if2}{display=Remote2}{default=false} +---- + +Now the user can click on the options and change them. They are sent to the +extcap when the capture is launched. + +There are several kind of options available: + +[horizontal] +File:: +A path to a file displayed as a text entry and file selector. + +Flag:: +A boolean value displayed as a checkbox. +_boolflag_ for instance expects the option to be present resulting in the corresponding entry set to true or false. + +Selection:: +A set of fixed values displayed as a combobox, radio group, or selection list. +Selections can be presented multiple times in the command line. +Subsequent _value_ items must be provided in the config list. + +Timestamp:: +A time value displayed as a date/time editor. + +Value:: +A text or numeric value displayed as an entry box. +Values are passed as a single value via the command-line call. + +===== The Extcap Capture Process + +Once the interfaces are listed and configuration is customized by the user the capture can be started. + +[source,bash] +---- +$ extcap_example.py --extcap-interface [params] --capture [--extcap-capture-filter ] + --fifo FIFO +---- + +To run the capture, the extcap must implement the `--capture`, `--extcap-capture-filter` +and `--fifo` options. + +They are automatically added by Wireshark, which opens the fifo for reading. +All the other options are automatically added to run the capture. +The extcap interface is used like all other interfaces (meaning that capture on multiple interfaces, as well as stopping and restarting the capture is supported). + +[#ChCaptureExtcapWindowsShell] + +====== Execute A Script-based Extcap On Windows + +Although Windows will run batch and PowerShell scripts directly, other scripting languages require extra effort. +In most cases this involves creating a wrapper script which runs the appropriate interpreter. +For example, in order to run a Python-based extcap, you can create _scriptname.bat_ inside your extcap folder with the following content: + +[source,batch] +---- +@echo off +C:\Windows\py.exe C:\Path\to\my\extcap.py %* +---- + +==== Extcap Arguments + +The extcap interface provides the possibility for generating a GUI dialog to +set and adapt settings for the extcap binary. + +All options must provide a number, by which they are identified. +No number may be provided twice. +All options must present the elements _call_ and _display_, with _call_ specifying the argument’s name on the command line and _display_ specifying the name in the GUI. + +Additionally _tooltip_ and _placeholder_ may be provided, which will give the user information about what to enter into this field. + +These options do have types, for which the following types are being supported: + +[horizontal] +_integer_, _unsigned_, _long_, _double_:: +This provides a field for entering a numeric value of the given data type. +A _default_ value may be provided, as well as a _range_. ++ +[source,python] +---- +arg {number=0}{call=--delay}{display=Time delay}{tooltip=Time delay between packages}{type=integer}{range=1,15}{default=0} +---- + +_string_:: +This provides a field for entering a text value. ++ +[source,python] +---- +arg {number=1}{call=--server}{display=IP Address}{tooltip=IP Address for log server}{type=string}{validation=\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b} +---- ++ +`validation` allows to provide a regular expression string, which is used to check the user input for validity beyond normal data type or range checks. Back-slashes must be escaped (as in \\b for \b) + +_password_:: +Lets the user provide a masked string to the capture. +Password strings are not saved with other capture settings. ++ +[source,python] +---- +arg {number=0}{call=--password}{display=The user password}{tooltip=The password for the connection}{type=password} +---- + +_boolean_, _boolflag_:: +This provides the possibility to set a true/false value. +_boolflag_ values will only appear in the command line if set to true, otherwise they will not be added to the command-line call for the extcap interface. ++ +[source,python] +---- +arg {number=2}{call=--verify}{display=Verify}{tooltip=Verify package content}{type=boolflag} +---- + +_fileselect_:: +Lets the user provide a file path. +If _mustexist=true_ is provided, the GUI shows the user a dialog for selecting a file. +When _mustexist=false_ is used, the GUI shows the user a file dialog for saving a file. ++ +[source,python] +---- +arg {number=3}{call=--logfile}{display=Logfile}{tooltip=A file for log messages}{type=fileselect}{mustexist=false} +---- + +_selector_, __editselector__, _radio_, _multicheck_:: +Option fields where the user may choose from one or more options. +If _parent_ is provided for the value items, the option fields for _multicheck_ and _selector_ are presented in a tree-like structure. +_selector_ and _radio_ values must present a default value, which will be the value provided to the extcap binary for this argument. +_editselector_ option fields let the user select from a list of items or enter a custom value. ++ +[source,python] +---- +arg {number=3}{call=--remote}{display=Remote Channel}{tooltip=Remote Channel Selector}{type=selector} +value {arg=3}{value=if1}{display=Remote1}{default=true} +value {arg=3}{value=if2}{display=Remote2}{default=false} +---- + +===== Reload A Selector + +A selector may be reloaded from the configuration dialog of the extcap application within Wireshark. With the reload argument (defaults to false), the entry can be marked as reloadable. + +[source,python] +---- +arg {number=3}{call=--remote}{display=Remote Channel}{tooltip=Remote Channel Selector}{type=selector}{reload=true}{placeholder=Load interfaces...} +---- + +After this has been defined, the user will get a button displayed in the configuration dialog for this extcap application, with the text "Load interfaces..." in this case, and a generic "Reload" text if no text has been provided. + +The extcap utility is then called again with all filled out arguments and the additional parameter `--extcap-reload-option `. It is expected to return a value section for this option, as it would during normal configuration. The provided option list is then presented as the selection, a previous selected option will be reselected if applicable. + +===== Validation Of Arguments + +Arguments may be set with `{required=true}` which enforces a value being provided, before +a capture can be started using the extcap options dialog. This is not being checked, if +the extcap is started via a simple double-click. The necessary fields are marked for the +customer, to ensure a visibility for the end customer of the required argument. + +Additionally text and number arguments may also be checked using a regular expression, +which is provided using the validation attribute (see example above). The syntax for +such a check is the same as for Qt RegExp classes. This feature is only active in the +Qt version of Wireshark. + + +==== Toolbar Controls + +An extcap utility can provide configuration for controls to use in an interface toolbar. +These controls are bidirectional and can be used to control the extcap utility while +capturing. + +This is useful in scenarios where configuration can be done based on findings in the +capture process, setting temporary values or give other inputs without restarting the +current capture. + +.Example of interface definition with toolbar controls +[source,bash] +---- +$ extcap_example.py --extcap-interfaces +extcap {version=1.0}{display=Example extcap interface} +interface {value=example1}{display=Example interface 1 for extcap} +interface {value=example2}{display=Example interface 2 for extcap} +control {number=0}{type=string}{display=Message}{tooltip=Package message content. Must start with a capital letter.}{validation=[A-Z]+}{required=true} +control {number=1}{type=selector}{display=Time delay}{tooltip=Time delay between packages} +control {number=2}{type=boolean}{display=Verify}{default=true}{tooltip=Verify package content} +control {number=3}{type=button}{display=Turn on}{tooltip=Turn on or off} +control {number=4}{type=button}{role=logger}{display=Log}{tooltip=Show capture log} +value {control=1}{value=1}{display=1 sec} +value {control=1}{value=2}{display=2 sec}{default=true} +---- + +All controls will be presented as GUI elements in a toolbar specific to the extcap +utility. The extcap must not rely on using those controls (they are optional) because +of other capturing tools not using GUI (e.g. tshark, tfshark). + + +===== Controls + +The controls are similar to the _arguments_, but without the _call_ element. +All controls may be given a default value at startup and most can be changed during capture, both by the extcap and the user (depending on the type of control). + +All controls must provide a _number_, by which they are identified. +No _number_ may be provided twice. +All options must present the elements _type_ and _display_, where _type_ provides the type of control to add to the toolbar and _display_ providing the name in the GUI. + +Additionally _tooltip_ and _placeholder_ may be provided, which will give the user information about what to enter into this field. + +All controls, except from the logger, help and restore buttons, may be disabled +(and enabled) in GUI by the extcap during capture. This can be because of set-once +operations, or operations which takes some time to complete. + +All control values which are changed by the user (not equal to the default value) will +be sent to the extcap utility when starting a capture. The extcap utility may choose +to discard initial values and set new values, depending on implementation. + +These __type__s are defined as controls: + +[horizontal] +_boolean_:: +This provides a checkbox which lets the user set a true/false value. ++ +The extcap utility can set a default value at startup, and can change (set) and receive value changes while capturing. When starting a capture the GUI will send the value if different from the default value. ++ +The payload is one byte with binary value 0 or 1. ++ +Valid Commands: Set value, Enable, Disable. + +_button_:: This provides a button with different __role__s: + +_control_:::: +This button will send a signal when pressed. This is the default if no role is configured. +The button is only enabled when capturing. ++ +The extcap utility can set the button text at startup, and can change (set) the button text and receive button press signals while capturing. The button is disabled and the button text is restored to the default text when not capturing. ++ +The payload is either the button text or empty (signal). ++ +Valid Commands: Set value, Enable, Disable. + +_logger_:::: +This provides a logger mechanism where the extcap utility can send log entries to be presented in a log window. +This communication is unidirectional. ++ +The payload is the log entry, and should be ended with a newline. Maximum length is 65535 bytes. ++ +Valid Commands: Set log entry, Add log entry. ++ +The Set command will clear the log before adding the entry. + +_help_:::: +This button opens the help page, if configured. +This role has no controls and will not be used in communication. ++ +Valid Commands: None. + +_restore_:::: +This button will restore all control values to default. +This role has no controls and will not be used in communication. The button is only enabled when not capturing. ++ +Valid Commands: None. + +_selector_:: +This provides a combo box with fixed values which can be selected. ++ +The extcap utility can set default values at startup, and add and remove values and receive change in value selection while capturing. When starting a capture the GUI will send the value if different from the default value. ++ +The payload is a string with the value, and optionally a string with a display value if this is different from the value. This two string values are separated by a null character. ++ +Valid Commands: Set selected value, Add value, Remove value, Enable, Disable. ++ +If value is empty the Remove command will remove all entries. + +_string_:: +This provides a text edit line with the possibility to set a string or any value which can be represented in a string (integer, float, date, etc.). ++ +The extcap utility can set a default string value at startup, and can change (set) and receive value changes while capturing. When starting a capture the GUI will send the value if different from the default value. ++ +The payload is a string with the value. Maximum length is 32767 bytes. ++ +Valid Commands for control: Set value, Enable, Disable. ++ +The element VALIDATION allows to provide a regular expression string, which is used to check the user input for validity beyond normal data type or range checks. Back-slashes must be escaped (as in \\b for \b). + +===== Messages + +In addition to the controls it’s possible to send a single message from the extcap +utility to the user. This message can be put in the status bar or displayed in a +information, warning or error dialog which must be accepted by the user. This message +does not use the NUMBER argument so this can have any value. + +====== Control Protocol + +The protocol used to communicate over the control pipes has a fixed size header of +6 bytes and a payload with 0 - 65535 bytes. + +.Control packet: +[cols="^m", width="50%"] +|=== +|Sync Pipe Indication (1 byte) +|Message Length + + (3 bytes network order) +|Control Number (1 byte) +|Command (1 byte) +|Payload + + (0 - 65535 bytes) +|=== + +.Sync Pipe Indication +The common sync pipe indication. This protocol uses the value “T”. + +.Message Length +Payload length + 2 bytes for control number and command. + +.Control Number +Unique number to identify the control. This number also gives the order of the controls in the interface toolbar. + +.Commands and application for controls +[cols="1,2,3"] +|=== +|Command Byte|Command Name|Control type + +|0 |Initialized |none +|1 |Set |boolean / button / logger / selector / string +|2 |Add |logger / selector +|3 |Remove |selector +|4 |Enable |boolean / button / selector / string +|5 |Disable |boolean / button / selector / string +|6 |Statusbar message |none +|7 |Information message |none +|8 |Warning message |none +|9 |Error message |none +|=== + +The `Initialized` command will be sent from the GUI to the extcap utility when all +user changed control values are sent after starting a capture. This is an indication +that the GUI is ready to receive control values. + +The GUI will only send `Initialized` and `Set` commands. The extcap utility shall not +send the `Initialized` command. + +Messages with unknown control number or command will be silently ignored. + + +// End of WSDG Chapter Capture diff --git a/docbook/wsdg_src/wsdg_dissection.adoc b/docbook/wsdg_src/wsdg_dissection.adoc new file mode 100644 index 00000000..efc0a71a --- /dev/null +++ b/docbook/wsdg_src/wsdg_dissection.adoc @@ -0,0 +1,1498 @@ +// WSDG Chapter Dissection + +[#ChapterDissection] + +== Packet Dissection + +[#ChDissectWorks] + +=== How packet dissection works + +Each dissector decodes its part of the protocol and then hands off +decoding to subsequent dissectors for an encapsulated protocol. + +Every dissection starts with the Frame dissector which dissects the +details of the capture file itself (e.g. timestamps). From there it passes the +data on to the lowest-level data dissector, e.g. the Ethernet dissector for +the Ethernet header. The payload is then passed on to the next dissector (e.g. +IP) and so on. At each stage, details of the packet are decoded and +displayed. + +Dissectors can either be built-in to Wireshark or written as a self-registering +plugin (a shared library or DLL). +There is little difference in having your dissector as either a plugin +or built-in. You have limited function access through the ABI exposed +by functions declared as WS_DLL_PUBLIC. + +The big benefit of writing a dissector as a plugin is that rebuilding +a plugin is much faster than rebuilding wireshark after editing a built-in +dissector. +As such, starting with a plugin often makes initial development quicker, while +the finished code may make more sense as a built-in dissector. + +[NOTE] +.Read README.dissector +==== +The file _doc/README.dissector_ contains detailed information about writing +a dissector. In many cases it is more up to date than this document. +==== + +[#ChDissectAdd] + +=== Adding a basic dissector + +Let’s step through adding a basic dissector. We'll start with the made up "foo" +protocol. It consists of the following basic items. + +* A packet type - 8 bits. Possible values: 1 - initialisation, 2 - terminate, 3 - data. + +* A set of flags stored in 8 bits. 0x01 - start packet, 0x02 - end packet, 0x04 - priority packet. + +* A sequence number - 16 bits. + +* An IPv4 address. + +[#ChDissectSetup] + +==== Setting up the dissector + +The first decision you need to make is if this dissector will be a +built-in dissector and included in the main program, or a plugin. + +Plugins are easier to write initially, so let’s start with that. +With a little care, the plugin can be converted into a built-in dissector. + +.Dissector Initialisation. +[source,c] +---- +#include "config.h" +#include + +#define FOO_PORT 1234 + +static int proto_foo = -1; + +void +proto_register_foo(void) +{ + proto_foo = proto_register_protocol ( + "FOO Protocol", /* name */ + "FOO", /* short name */ + "foo" /* filter_name */ + ); +} +---- + +Let’s go through this a bit at a time. First we have some boilerplate +include files. These will be pretty constant to start with. + +Then a `#define` for the UDP port that carries _foo_ traffic. + +Next we have `proto_foo`, an int that stores our protocol handle and is +initialised to `-1`. +This handle will be set when the dissector is registered within the main program. +It’s good practice to make all variables and functions that aren't exported +static to minimize name space pollution. This normally isn't a problem unless your +dissector gets so big that it spans multiple files. + +Now that we have the basics in place to interact with the main program, we'll +start with two protocol dissector setup functions: `proto_register_XXX` and +`proto_reg_handoff_XXX`. + +Each protocol must have a register function with the form "proto_register_XXX". +This function is used to register the protocol in Wireshark. +The code to call the register routines is generated automatically and is +called when Wireshark starts. In this example, the function is named +`proto_register_foo`. + +`proto_register_foo` calls `proto_register_protocol()`, which takes a `name`, +`short name`, and `filter_name`. The +name and short name are used in the "Preferences" and "Enabled protocols" +dialogs and the documentation's generated field name list. The +`filter_name` is used as the display filter name. `proto_register_protocol()` +returns a protocol handle, which can be used to refer to the protocol and +obtain a handle to the protocol's dissector. + + +Next we need a handoff routine. + +.Dissector Handoff. +[source,c] +---- +void +proto_reg_handoff_foo(void) +{ + static dissector_handle_t foo_handle; + + foo_handle = create_dissector_handle(dissect_foo, proto_foo); + dissector_add_uint("udp.port", FOO_PORT, foo_handle); +} +---- + +A handoff routine associates a protocol handler with the protocol's +traffic. It consists of two major steps: The first step is to create a +dissector handle, which is a handle associated with the protocol and the +function called to do the actual dissecting. +The second step is to register the dissector handle so that traffic +associated with the protocol calls the dissector. + +In this example, `proto_reg_handoff_foo()` calls `create_dissector_handle()` +to obtain a dissector handle for the foo protocol. It then uses +`dissector_add_uint()` to associate traffic on UDP port FOO_PORT (1234) +with the foo protocol, so that Wireshark will call `dissect_foo()` when +it receives UDP traffic on port 1234. + +Wireshark's dissector convention is to put `proto_register_foo()` and +`proto_reg_handoff_foo()` as the last two functions in the dissector source. + +The next step is to write the dissecting function, `dissect_foo()`. +We'll start with a basic placeholder. + +.Dissection. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_) +{ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear the info column */ + col_clear(pinfo->cinfo,COL_INFO); + + return tvb_captured_length(tvb); +} +---- + +`dissect_foo()` is called to dissect the packets presented to it. The packet data +is held in a special buffer referenced here as `tvb`. The packet_info structure +contains general data about the protocol and we can update +information here. The tree parameter is where the detail dissection takes place. +Note that the `\_U_` following `tree` and `data` signals to the compiler that the +parameters are unused, so that the compiler does not print a warning. + +For now we'll do the minimum we can get away with. `col_set_str()` is used to set +Wireshark's Protocol column to "FOO" so everyone can see it’s being +recognised. The +only other thing we do is to clear out any data in the INFO column if it’s being +displayed. + +At this point we have a basic dissector ready to compile and install. +The dissector doesn't do anything other than identify the protocol and label it. +Here is the dissector's complete code: + +.Complete _packet-foo.c_:. +[source,c] +---- +#include "config.h" +#include + +#define FOO_PORT 1234 + +static int proto_foo = -1; + +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_) +{ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear the info column */ + col_clear(pinfo->cinfo,COL_INFO); + + return tvb_captured_length(tvb); +} + +void +proto_register_foo(void) +{ + proto_foo = proto_register_protocol ( + "FOO Protocol", /* name */ + "FOO", /* short_name */ + "foo" /* filter_name */ + ); +} + +void +proto_reg_handoff_foo(void) +{ + static dissector_handle_t foo_handle; + + foo_handle = create_dissector_handle(dissect_foo, proto_foo); + dissector_add_uint("udp.port", FOO_PORT, foo_handle); +} + +---- + +To compile this dissector and create a plugin a few support files +are required, besides the dissector source in _packet-foo.c_: + +* _CMakeLists.txt_ - Contains the CMake file and version info for this plugin. + +* _packet-foo.c_ - Your dissector source. + +* _plugin.rc.in_ - Contains the DLL resource template for Windows. (optional) + +Samples of these files are available in the gryphon plugin directory +(plugins/epan/gryphon). +If you copy the files from the gryphon plugin, _CMakeLists.txt_ will need +to be updated with the correct plugin name, version +info, and the relevant files to compile. + +In the main top-level source directory, copy _CMakeListsCustom.txt.example_ to +_CMakeListsCustom.txt_ and add the path of your plugin to the list in +`CUSTOM_PLUGIN_SRC_DIR`. + +Compile the dissector to a DLL or shared library and either run Wireshark from +the build directory as detailed in <> or copy the plugin +binary into the plugin directory of your Wireshark installation and run that. + +[#ChDissectDetails] + +==== Dissecting the protocol's details + +Now that we have our basic dissector up and running, let’s do something with it. +The simplest thing to start with is labeling the payload. We can label the +payload by building a subtree to decode our results into. +This subtree will hold all the protocol's details and +helps keep things looking nice in the detailed display. + +We add the new subtree with `proto_tree_add_item()`, as is depicted below: + +.Plugin Packet Dissection. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear out stuff in the info column */ + col_clear(pinfo->cinfo,COL_INFO); + + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + + return tvb_captured_length(tvb); +} +---- + +As the `FOO` protocol does not encapsulate another protocol, we +consume all of the tvb's data, from `0` to the end (`-1`). + +The final parameter specifies the "encoding" and is set to +`ENC_NA` ("not applicable"), as the protocol doesn't specifically +use big endian (`ENC_BIG_ENDIAN`) or little endian (`ENC_LITTLE_ENDIAN`). + +After adding the call to +`proto_tree_add_item()` +, there should be a label `FOO` in the protocol's detailed display. +Selecting this label will highlight the remaining contents of the packet. + +Now let’s go to the next step and add some protocol dissection. To do this +we'll need to construct tables to define which fields will be present in the +packet and to store the opened/closed state of the subtree. We'll +add these statically allocated arrays to the beginning of the file +and name them +`hf_register_info` ('hf' is short for 'header field') and `ett`. +The arrays wil then registered after the call to +`proto_register_protocol()` by calling `proto_register_field_array()` +and `proto_register_subtree_array()`: + +.Registering data structures. +[source,c] +---- +static int hf_foo_pdu_type = -1; +static int ett_foo = -1; + +/* ... */ + +void +proto_register_foo(void) +{ + static hf_register_info hf[] = { + { &hf_foo_pdu_type, + { "FOO PDU Type", "foo.type", + FT_UINT8, BASE_DEC, + NULL, 0x0, + NULL, HFILL } + } + }; + + /* Setup protocol subtree array */ + static int *ett[] = { + &ett_foo + }; + + proto_foo = proto_register_protocol ( + "FOO Protocol", /* name */ + "FOO", /* short_name */ + "foo" /* filter_name*/ + ); + + proto_register_field_array(proto_foo, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} +---- + +As you can see, a field `foo.type` was defined inside the array of +header fields. + +Now we can dissect the `FOO PDU Type` (referenced as `foo.type`) +field in `dissect_foo()` by adding +the FOO Protocol's subtree with `proto_item_add_subtree()` and +then calling `proto_tree_add_item()` to add the field: + +.Dissector starting to dissect the packets. +[source,c] +---- + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + proto_tree *foo_tree = proto_item_add_subtree(ti, ett_foo); + proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, 0, 1, ENC_BIG_ENDIAN); +---- + +As mentioned earlier, the foo protocol begins with an 8-bit `packet type` +which can have three possible values: 1 - initialisation, 2 - terminate, 3 - data. +Here's how we can add the packet details: + +The `proto_item_add_subtree()` call has added a child node +to the protocol tree which is where we will do our detail dissection. +The expansion of this node is controlled by the `ett_foo` +variable. This remembers if the node should be expanded or not as you move +between packets. All subsequent dissection will be added to this tree, +as you can see from the next call. +A call to `proto_tree_add_item()` in the foo_tree, +this time using the `hf_foo_pdu_type` to control the formatting +of the item. The pdu type is one byte of data, starting at 0. We assume it is +in network order (also called big endian), so that is why we use `ENC_BIG_ENDIAN`. +For a 1-byte quantity, there is no order issue, but it is good practice to +make this the same as any multibyte fields that may be present, and as we will +see in the next section, this particular protocol uses network order. + +If we look in detail at the `hf_foo_pdu_type` declaration in +the static array we can see the details of the definition. + +---- +static hf_register_info hf[] = { + { &hf_foo_pdu_type, + { "FOO PDU Type", "foo.type", + FT_UINT8, BASE_DEC, + NULL, 0x0, + NULL, HFILL } + } +}; +---- + +* _hf_foo_pdu_type_ - The node's index. + +* _FOO PDU Type_ - The item's label. + +* _foo.type_ - The item's abbreviated name, for use in the display filter +(e.g., `foo.type=1`). + +* _FT_UINT8_ - The item's type: An 8bit unsigned integer. +This tallies with our call above where we tell it to only look at one byte. + +* _BASE_DEC_ - For an integer type, this tells it to be printed as a decimal +number. It could be hexadecimal (BASE_HEX) or octal (BASE_OCT) if that made more sense. + +We'll ignore the rest of the structure for now. + +If you install this plugin and try it out, you'll see something that begins to look +useful. + +Now let’s finish off dissecting the simple protocol. We need to add a few +more variables to the hfarray, and a couple more procedure calls. + +.Wrapping up the packet dissection. +[source,c] +---- +... +static int hf_foo_flags = -1; +static int hf_foo_sequenceno = -1; +static int hf_foo_initialip = -1; +... + +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + int offset = 0; + + ... + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + proto_tree *foo_tree = proto_item_add_subtree(ti, ett_foo); + proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + proto_tree_add_item(foo_tree, hf_foo_flags, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + proto_tree_add_item(foo_tree, hf_foo_sequenceno, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + proto_tree_add_item(foo_tree, hf_foo_initialip, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + ... + + return tvb_captured_length(tvb); +} + +void +proto_register_foo(void) { + ... + ... + { &hf_foo_flags, + { "FOO PDU Flags", "foo.flags", + FT_UINT8, BASE_HEX, + NULL, 0x0, + NULL, HFILL } + }, + { &hf_foo_sequenceno, + { "FOO PDU Sequence Number", "foo.seqn", + FT_UINT16, BASE_DEC, + NULL, 0x0, + NULL, HFILL } + }, + { &hf_foo_initialip, + { "FOO PDU Initial IP", "foo.initialip", + FT_IPv4, BASE_NONE, + NULL, 0x0, + NULL, HFILL } + }, + ... + ... +} +... +---- + +This dissects all the bits of this simple hypothetical protocol. We've +introduced a new variable offsetinto the mix to help keep track of where we are +in the packet dissection. With these extra bits in place, the whole protocol is +now dissected. + +==== Improving the dissection information + +We can certainly improve the display of the protocol with a bit of extra data. +The first step is to add some text labels. Let’s start by labeling the packet +types. There is some useful support for this sort of thing by adding a couple of +extra things. First we add a simple table of type to name. + + +.Naming the packet types. +[source,c] +---- +static const value_string packettypenames[] = { + { 1, "Initialise" }, + { 2, "Terminate" }, + { 3, "Data" }, + { 0, NULL } +}; +---- + +This is a handy data structure that can be used to look up a name for a value. +There are routines to directly access this lookup table, but we don't need to +do that, as the support code already has that added in. We just have to give +these details to the appropriate part of the data, using the `VALS` macro. + +.Adding Names to the protocol. +[source,c] +---- + { &hf_foo_pdu_type, + { "FOO PDU Type", "foo.type", + FT_UINT8, BASE_DEC, + VALS(packettypenames), 0x0, + NULL, HFILL } + } +---- + +This helps in deciphering the packets, and we can do a similar thing for the +flags structure. For this we need to add some more data to the table though. + +.Adding Flags to the protocol. +[source,c] +---- +#define FOO_START_FLAG 0x01 +#define FOO_END_FLAG 0x02 +#define FOO_PRIORITY_FLAG 0x04 + +static int hf_foo_startflag = -1; +static int hf_foo_endflag = -1; +static int hf_foo_priorityflag = -1; + +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + ... + ... + static int* const bits[] = { + &hf_foo_startflag, + &hf_foo_endflag, + &hf_foo_priorityflag, + NULL + }; + + proto_tree_add_bitmask(foo_tree, tvb, offset, hf_foo_flags, ett_foo, bits, ENC_BIG_ENDIAN); + offset += 1; + ... + ... + return tvb_captured_length(tvb); +} + +void +proto_register_foo(void) { + ... + ... + { &hf_foo_startflag, + { "FOO PDU Start Flags", "foo.flags.start", + FT_BOOLEAN, 8, + NULL, FOO_START_FLAG, + NULL, HFILL } + }, + { &hf_foo_endflag, + { "FOO PDU End Flags", "foo.flags.end", + FT_BOOLEAN, 8, + NULL, FOO_END_FLAG, + NULL, HFILL } + }, + { &hf_foo_priorityflag, + { "FOO PDU Priority Flags", "foo.flags.priority", + FT_BOOLEAN, 8, + NULL, FOO_PRIORITY_FLAG, + NULL, HFILL } + }, + ... + ... +} +... +---- + +Some things to note here. For the flags, as each bit is a different flag, we use +the type `FT_BOOLEAN`, as the flag is either on or off. Second, we include the flag +mask in the 7th field of the data, which allows the system to mask the relevant bit. +We've also changed the 5th field to 8, to indicate that we are looking at an 8 bit +quantity when the flags are extracted. Then finally we add the extra constructs +to the dissection routine. + +This is starting to look fairly full featured now, but there are a couple of +other things we can do to make things look even more pretty. At the moment our +dissection shows the packets as "Foo Protocol" which whilst correct is a little +uninformative. We can enhance this by adding a little more detail. First, let’s +get hold of the actual value of the protocol type. We can use the handy function +`tvb_get_guint8()` to do this. With this value in hand, there are a couple of +things we can do. First we can set the INFO column of the non-detailed view to +show what sort of PDU it is - which is extremely helpful when looking at +protocol traces. Second, we can also display this information in the dissection +window. + +.Enhancing the display. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + int offset = 0; + uint8_t packet_type = tvb_get_guint8(tvb, 0); + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear out stuff in the info column */ + col_clear(pinfo->cinfo,COL_INFO); + col_add_fstr(pinfo->cinfo, COL_INFO, "Type %s", + val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); + + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + proto_item_append_text(ti, ", Type %s", + val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); + proto_tree *foo_tree = proto_item_add_subtree(ti, ett_foo); + proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + + return tvb_captured_length(tvb); +} +---- + +So here, after grabbing the value of the first 8 bits, we use it with one of the +built-in utility routines `val_to_str()`, to lookup the value. If the value +isn't found we provide a fallback which just prints the value in hex. We use +this twice, once in the INFO field of the columns -- if it’s displayed, and +similarly we append this data to the base of our dissecting tree. + +[#ChDissectExpertInfo] + +=== How to add an expert item + +A dissector showing the protocol fields and interpretation of their values is +very informative. It can be even more helpful if the dissector can draw your +attention to fields where something noteworthy can be seen. This can be something +as simple as the start flag of a session, or something more severe as an invalid +value. + +Here we take our dissector for `FOO` and add an expert item for the sequence +number being zero (assuming that's a noteworthy thing for this protocol). + +.Expert item setup. +[source,c] +---- +#include + +static expert_field ei_foo_seqn_zero = EI_INIT; + +/* ... */ + +void +proto_register_foo(void) +{ + /* ... */ + expert_module_t* expert_foo; + + /* ... */ + static ei_register_info ei[] = { + { + &ei_foo_seqn_zero, + { "foo.seqn_zero", PI_SEQUENCE, PI_CHAT, + "Sequence number is zero", EXPFILL } + } + }; + + /* ... */ + expert_foo = expert_register_protocol(proto_foo); + expert_register_field_array(expert_foo, ei, array_length(ei)); +} +---- + +Let's go through this step by step. The data structures and functions needed for +expert items are found in epan/expert.h, so we have to include that file. + +Next we have to allocate an `expert_field` structure for every type of expert item +we would like to add to the dissection. This structure is initialised with `EI_INIT`. + +Now we have to register with the protocol we are providing expert info for. Since +we already have a function to register our protocol, we add the expert info +registration there too. This is done by calling `expert_register_protocol()` with +the handle for the protocol we received earlier in this function. + +Next we need to register an array of definitions of expert items that we would +like to add to the dissection. This array, not unlike the array of header fields +before, contains all the data the dissection engine needs to create and handle +the expert items. + +The expert item definition consists of a pointer to the `expert_field` structure +we defined before and a structure with data elements of the expert item itself. + +* _"foo.seqn_zero"_ - The expert items display filter + +* _PI_SEQUENCE_ - The group to which the expert item belongs + +* _PI_CHAT_ - The severity of the expert item + +* _"Sequence number is zero"_ - The text string added to the dissection + +We'll ignore the rest of the structure for now. + +To keep an overview of lots of expert items it helps to categorize them into groups. +Currently there are several types of groups defined, e.g. `checksum`, `sequence`, +`protocol`, etc. All these are defined in the epan/proto.h header file. + +Not every noteworthy field value is of equal severity. The start of a session +is nice to know, while an invalid value may be significant error in the protocol. +To differentiate between these severties the expert item is assigned one of them: +`comment`, `chat`, `note`, `warn` or `error`. Try to choose the lowest one which +is suitable. The topic you're currently working on seems probably more important +than it will look like in a few weeks. + +With the expert item array setup, we add this to the dissection engine with a +call to `expert_register_field_array()`. + +Now that all information of the expert item is defined and registered it's time +to actually add the expert item to the dissection. + +.Expert item use. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + uint32_t sequenceno = 0xFFFF; + + /* ... */ + + ti = proto_tree_add_item_ret_uint(foo_tree, hf_foo_sequenceno, + tvb, offset, 2, ENC_BIG_ENDIAN, &sequenceno); + if (sequenceno == 0) { + expert_add_info(pinfo, ti, &ei_foo_seqn_zero); + } + + /* ... */ +} +---- + +There's been a slight alteration to the function used to add the sequence number +dissection. First the proto_item created by the function is saved in previously +defined variable `ti`, and the actual value of the field is stored in the variable +`sequenceno`. We can now use the value of this field to determine wether to add +the expert item. + +Adding the expert item is simply done by calling `expert_add_info()` with reference +to the `packet_info` structure, the proto item `ti` to add the expert item to and +the previously defined and registered expert item information. + +[#ChDissectTransformed] + +=== How to handle transformed data + +Some protocols do clever things with data. They might possibly +encrypt the data, or compress data, or part of it. If you know +how these steps are taken it is possible to reverse them within the +dissector. + +As encryption can be tricky, let’s consider the case of compression. +These techniques can also work for other transformations of data, +where some step is required before the data can be examined. + +What basically needs to happen here, is to identify the data that needs +conversion, take that data and transform it into a new stream, and then call a +dissector on it. Often this needs to be done "on-the-fly" based on clues in the +packet. Sometimes this needs to be used in conjunction with other techniques, +such as packet reassembly. The following shows a technique to achieve this +effect. + +.Decompressing data packets for dissection. +[source,c] +---- + uint8_t flags = tvb_get_guint8(tvb, offset); + offset ++; + if (flags & FLAG_COMPRESSED) { /* the remainder of the packet is compressed */ + uint16_t orig_size = tvb_get_ntohs(tvb, offset); + unsigned char *decompressed_buffer = (unsigned char*)wmem_alloc(pinfo->pool, orig_size); + offset += 2; + decompress_packet(tvb_get_ptr(tvb, offset, -1), + tvb_captured_length_remaining(tvb, offset), + decompressed_buffer, orig_size); + /* Now re-setup the tvb buffer to have the new data */ + next_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, orig_size, orig_size); + add_new_data_source(pinfo, next_tvb, "Decompressed Data"); + } else { + next_tvb = tvb_new_subset_remaining(tvb, offset); + } + offset = 0; + /* process next_tvb from here on */ +---- + +The first steps here are to recognise the compression. In this case a flag byte +alerts us to the fact the remainder of the packet is compressed. Next we +retrieve the original size of the packet, which in this case is conveniently +within the protocol. If it’s not, it may be part of the compression routine to +work it out for you, in which case the logic would be different. + +So armed with the size, a buffer is allocated to receive the uncompressed data +using `wmem_alloc()` in pinfo->pool memory, and the packet is decompressed into +it. The `tvb_get_ptr()` function is useful to get a pointer to the raw data of +the packet from the offset onwards. In this case the decompression routine also +needs to know the length, which is given by the +`tvb_captured_length_remaining()` function. + +Next we build a new tvb buffer from this data, using the +`tvb_new_child_real_data()` call. This data is a child of our original data, so +calling this function also acknowledges that. No need to call +`tvb_set_free_cb()` as the pinfo->pool was used (the memory block will be +automatically freed when the pinfo pool lifetime expires). Finally we add this +tvb as a new data source, so that the detailed display can show the +decompressed bytes as well as the original. + +After this has been set up the remainder of the dissector can dissect the buffer +next_tvb, as it’s a new buffer the offset needs to be 0 as we start again from +the beginning of this buffer. To make the rest of the dissector work regardless +of whether compression was involved or not, in the case that compression was not +signaled, we use `tvb_new_subset_remaining()` to deliver us a new buffer based +on the old one but starting at the current offset, and extending to the end. +This makes dissecting the packet from this point on exactly the same regardless +of compression. + +[#ChDissectReassemble] + +=== How to reassemble split packets + +Some protocols have times when they have to split a large packet across +multiple other packets. In this case the dissection can't be carried out correctly +until you have all the data. The first packet doesn't have enough data, +and the subsequent packets don't have the expect format. +To dissect these packets you need to wait until all the parts have +arrived and then start the dissection. + +The following sections will guide you through two common cases. For a +description of all possible functions, structures and parameters, see +_epan/reassemble.h_. + +[#ChDissectReassembleUdp] + +==== How to reassemble split UDP packets + +As an example, let’s examine a protocol that is layered on top of UDP that +splits up its own data stream. If a packet is bigger than some given size, it +will be split into chunks, and somehow signaled within its protocol. + +To deal with such streams, we need several things to trigger from. We need to +know that this packet is part of a multi-packet sequence. We need to know how +many packets are in the sequence. We also need to know when we have all the +packets. + +For this example we'll assume there is a simple in-protocol signaling mechanism +to give details. A flag byte that signals the presence of a multi-packet +sequence and also the last packet, followed by an ID of the sequence and a +packet sequence number. + +---- +msg_pkt ::= SEQUENCE { + ..... + flags ::= SEQUENCE { + fragment BOOLEAN, + last_fragment BOOLEAN, + ..... + } + msg_id INTEGER(0..65535), + frag_id INTEGER(0..65535), + ..... +} +---- + +.Reassembling fragments - Part 1 +[source,c] +---- +#include + ... +save_fragmented = pinfo->fragmented; +flags = tvb_get_guint8(tvb, offset); offset++; +if (flags & FL_FRAGMENT) { /* fragmented */ + tvbuff_t* new_tvb = NULL; + fragment_data *frag_msg = NULL; + uint16_t msg_seqid = tvb_get_ntohs(tvb, offset); offset += 2; + uint16_t msg_num = tvb_get_ntohs(tvb, offset); offset += 2; + + pinfo->fragmented = true; + frag_msg = fragment_add_seq_check(msg_reassembly_table, + tvb, offset, pinfo, + msg_seqid, NULL, /* ID for fragments belonging together */ + msg_num, /* fragment sequence number */ + tvb_captured_length_remaining(tvb, offset), /* fragment length - to the end */ + flags & FL_FRAG_LAST); /* More fragments? */ +---- + +We start by saving the fragmented state of this packet, so we can restore it +later. Next comes some protocol specific stuff, to dig the fragment data out of +the stream if it’s present. Having decided it is present, we let the function +`fragment_add_seq_check()` do its work. We need to provide this with a certain +amount of parameters: + +* The `msg_reassembly_table` table is for bookkeeping and is described later. + +* The tvb buffer we are dissecting. + +* The offset where the partial packet starts. + +* The provided packet info. + +* The sequence number of the fragment stream. There may be several streams of + fragments in flight, and this is used to key the relevant one to be used for + reassembly. + +* Optional additional data for identifying the fragment. Can be set to `NULL` + (as is done in the example) for most dissectors. + +* msg_num is the packet number within the sequence. + +* The length here is specified as the rest of the tvb as we want the rest of the packet data. + +* Finally a parameter that signals if this is the last fragment or not. This + might be a flag as in this case, or there may be a counter in the protocol. + +.Reassembling fragments part 2 +[source,c] +---- + new_tvb = process_reassembled_data(tvb, offset, pinfo, + "Reassembled Message", frag_msg, &msg_frag_items, + NULL, msg_tree); + + if (frag_msg) { /* Reassembled */ + col_append_str(pinfo->cinfo, COL_INFO, + " (Message Reassembled)"); + } else { /* Not last packet of reassembled Short Message */ + col_append_fstr(pinfo->cinfo, COL_INFO, + " (Message fragment %u)", msg_num); + } + + if (new_tvb) { /* take it all */ + next_tvb = new_tvb; + } else { /* make a new subset */ + next_tvb = tvb_new_subset_remaining(tvb, offset); + } +} +else { /* Not fragmented */ + next_tvb = tvb_new_subset_remaining(tvb, offset); +} + +..... +pinfo->fragmented = save_fragmented; +---- + +Having passed the fragment data to the reassembly handler, we can now check if +we have the whole message. If there is enough information, this routine will +return the newly reassembled data buffer. + +After that, we add a couple of informative messages to the display to show that +this is part of a sequence. Then a bit of manipulation of the buffers and the +dissection can proceed. Normally you will probably not bother dissecting further +unless the fragments have been reassembled as there won't be much to find. +Sometimes the first packet in the sequence can be partially decoded though if +you wish. + +Now the mysterious data we passed into the `fragment_add_seq_check()`. + +.Reassembling fragments - Initialisation +[source,c] +---- +static reassembly_table reassembly_table; + +static void +proto_register_msg(void) +{ + reassembly_table_register(&msg_reassemble_table, + &addresses_ports_reassembly_table_functions); +} +---- + +First a `reassembly_table` structure is declared and initialised in the protocol +initialisation routine. The second parameter specifies the functions that should +be used for identifying fragments. We will use +`addresses_ports_reassembly_table_functions` in order to identify fragments by +the given sequence number (`msg_seqid`), the source and destination addresses +and ports from the packet. + +Following that, a `fragment_items` structure is allocated and filled in with a +series of ett items, hf data items, and a string tag. The ett and hf values +should be included in the relevant tables like all the other variables your +protocol may use. The hf variables need to be placed in the structure something +like the following. Of course the names may need to be adjusted. + +.Reassembling fragments - Data +[source,c] +---- +... +static int hf_msg_fragments = -1; +static int hf_msg_fragment = -1; +static int hf_msg_fragment_overlap = -1; +static int hf_msg_fragment_overlap_conflicts = -1; +static int hf_msg_fragment_multiple_tails = -1; +static int hf_msg_fragment_too_long_fragment = -1; +static int hf_msg_fragment_error = -1; +static int hf_msg_fragment_count = -1; +static int hf_msg_reassembled_in = -1; +static int hf_msg_reassembled_length = -1; +... +static int ett_msg_fragment = -1; +static int ett_msg_fragments = -1; +... +static const fragment_items msg_frag_items = { + /* Fragment subtrees */ + &ett_msg_fragment, + &ett_msg_fragments, + /* Fragment fields */ + &hf_msg_fragments, + &hf_msg_fragment, + &hf_msg_fragment_overlap, + &hf_msg_fragment_overlap_conflicts, + &hf_msg_fragment_multiple_tails, + &hf_msg_fragment_too_long_fragment, + &hf_msg_fragment_error, + &hf_msg_fragment_count, + /* Reassembled in field */ + &hf_msg_reassembled_in, + /* Reassembled length field */ + &hf_msg_reassembled_length, + /* Tag */ + "Message fragments" +}; +... +static hf_register_info hf[] = +{ +... +{&hf_msg_fragments, + {"Message fragments", "msg.fragments", + FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment, + {"Message fragment", "msg.fragment", + FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_overlap, + {"Message fragment overlap", "msg.fragment.overlap", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_overlap_conflicts, + {"Message fragment overlapping with conflicting data", + "msg.fragment.overlap.conflicts", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_multiple_tails, + {"Message has multiple tail fragments", + "msg.fragment.multiple_tails", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_too_long_fragment, + {"Message fragment too long", "msg.fragment.too_long_fragment", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_error, + {"Message defragmentation error", "msg.fragment.error", + FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_count, + {"Message fragment count", "msg.fragment.count", + FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_reassembled_in, + {"Reassembled in", "msg.reassembled.in", + FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_reassembled_length, + {"Reassembled length", "msg.reassembled.length", + FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, +... +static int *ett[] = +{ +... +&ett_msg_fragment, +&ett_msg_fragments +... +---- + +These hf variables are used internally within the reassembly routines to make +useful links, and to add data to the dissection. It produces links from one +packet to another, such as a partial packet having a link to the fully +reassembled packet. Likewise there are back pointers to the individual packets +from the reassembled one. The other variables are used for flagging up errors. + +[#TcpDissectPdus] + +==== How to reassemble split TCP Packets + +A dissector gets a `tvbuff_t` pointer which holds the payload +of a TCP packet. This payload contains the header and data +of your application layer protocol. + +When dissecting an application layer protocol you cannot assume +that each TCP packet contains exactly one application layer message. +One application layer message can be split into several TCP packets. + +You also cannot assume that a TCP packet contains only one application layer message +and that the message header is at the start of your TCP payload. +More than one messages can be transmitted in one TCP packet, +so that a message can start at an arbitrary position. + +This sounds complicated, but there is a simple solution. +`tcp_dissect_pdus()` does all this tcp packet reassembling for you. +This function is implemented in _epan/dissectors/packet-tcp.h_. + +.Reassembling TCP fragments +[source,c] +---- +#include "config.h" + +#include +#include +#include "packet-tcp.h" + +... + +#define FRAME_HEADER_LEN 8 + +/* This method dissects fully reassembled messages */ +static int +dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) +{ + /* TODO: implement your dissecting code */ + return tvb_captured_length(tvb); +} + +/* determine PDU length of protocol foo */ +static unsigned +get_foo_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) +{ + /* TODO: change this to your needs */ + return (unsigned)tvb_get_ntohl(tvb, offset+4); /* e.g. length is at offset 4 */ +} + +/* The main dissecting routine */ +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + tcp_dissect_pdus(tvb, pinfo, tree, true, FRAME_HEADER_LEN, + get_foo_message_len, dissect_foo_message, data); + return tvb_captured_length(tvb); +} + +... +---- + +As you can see this is really simple. Just call `tcp_dissect_pdus()` in your +main dissection routine and move you message parsing code into another function. +This function gets called whenever a message has been reassembled. + +The parameters tvb, pinfo, tree and data are just handed over to +`tcp_dissect_pdus()`. The 4th parameter is a flag to indicate if the data should +be reassembled or not. This could be set according to a dissector preference as +well. Parameter 5 indicates how much data has at least to be available to be +able to determine the length of the foo message. Parameter 6 is a function +pointer to a method that returns this length. It gets called when at least the +number of bytes given in the previous parameter is available. Parameter 7 is a +function pointer to your real message dissector. Parameter 8 is the data +passed in from parent dissector. + +Protocols which need more data before the message length can be determined can +return zero. Other values smaller than the fixed length will result in an +exception. + +[#ChDissectTap] + +=== How to tap protocols + +Adding a Tap interface to a protocol allows it to do some useful things. +In particular you can produce protocol statistics from the tap interface. + +A tap is basically a way of allowing other items to see what’s happening as +a protocol is dissected. A tap is registered with the main program, and +then called on each dissection. Some arbitrary protocol specific data +is provided with the routine that can be used. + +To create a tap, you first need to register a tap. A tap is registered with an +integer handle, and registered with the routine `register_tap()`. This takes a +string name with which to find it again. + +.Initialising a tap +[source,c] +---- +#include +#include + +static int foo_tap = -1; + +struct FooTap { + int packet_type; + int priority; + ... +}; + +void proto_register_foo(void) +{ + ... + foo_tap = register_tap("foo"); +---- + +Whilst you can program a tap without protocol specific data, it is generally not +very useful. Therefore it’s a good idea to declare a structure that can be +passed through the tap. This needs to be a static structure as it will be used +after the dissection routine has returned. It’s generally best to pick out some +generic parts of the protocol you are dissecting into the tap data. A packet +type, a priority or a status code maybe. The structure really needs to be +included in a header file so that it can be included by other components that +want to listen in to the tap. + +Once you have these defined, it’s simply a case of populating the protocol +specific structure and then calling `tap_queue_packet`, probably as the last part +of the dissector. + +.Calling a protocol tap +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + ... + fooinfo = wmem_alloc(pinfo->pool, sizeof(struct FooTap)); + fooinfo->packet_type = tvb_get_guint8(tvb, 0); + fooinfo->priority = tvb_get_ntohs(tvb, 8); + ... + tap_queue_packet(foo_tap, pinfo, fooinfo); + + return tvb_captured_length(tvb); +} +---- + +This now enables those interested parties to listen in on the details +of this protocol conversation. + +[#ChDissectStats] + +=== How to produce protocol stats + +Given that you have a tap interface for the protocol, you can use this +to produce some interesting statistics (well presumably interesting!) from +protocol traces. + +This can be done in a separate plugin, or in the same plugin that is +doing the dissection. The latter scheme is better, as the tap and stats +module typically rely on sharing protocol specific data, which might get out +of step between two different plugins. + +Here is a mechanism to produce statistics from the above TAP interface. + +.Initialising a stats interface +[source,c] +---- +#include + +/* register all http trees */ +static void register_foo_stat_trees(void) { + stats_tree_register_plugin("foo", "foo", "Foo/Packet Types", 0, + foo_stats_tree_packet, foo_stats_tree_init, NULL); +} + +WS_DLL_PUBLIC_DEF void plugin_register_tap_listener(void) +{ + register_foo_stat_trees(); +} +---- + +Working from the bottom up, first the plugin interface entry point is defined, +`plugin_register_tap_listener()`. This simply calls the initialisation function +`register_foo_stat_trees()`. + +This in turn calls the `stats_tree_register_plugin()` function, which takes three +strings, an integer, and three callback functions. + +. This is the tap name that is registered. + +. An abbreviation of the stats name. + +. The name of the stats module. A “/” character can be used to make sub menus. + +. Flags for per-packet callback + +. The function that will called to generate the stats. + +. A function that can be called to initialise the stats data. + +. A function that will be called to clean up the stats data. + +In this case we only need the first two functions, as there is nothing specific to clean up. + +.Initialising a stats session +[source,c] +---- +static const uint8_t* st_str_packets = "Total Packets"; +static const uint8_t* st_str_packet_types = "FOO Packet Types"; +static int st_node_packets = -1; +static int st_node_packet_types = -1; + +static void foo_stats_tree_init(stats_tree* st) +{ + st_node_packets = stats_tree_create_node(st, st_str_packets, 0, STAT_DT_INT, true); + st_node_packet_types = stats_tree_create_pivot(st, st_str_packet_types, st_node_packets); +} +---- + +In this case we create a new tree node, to handle the total packets, +and as a child of that we create a pivot table to handle the stats about +different packet types. + + +.Generating the stats +[source,c] +---- +static tap_packet_status foo_stats_tree_packet(stats_tree* st, packet_info* pinfo, epan_dissect_t* edt, const void* p, tap_flags_t flags) +{ + struct FooTap *pi = (struct FooTap *)p; + tick_stat_node(st, st_str_packets, 0, false); + stats_tree_tick_pivot(st, st_node_packet_types, + val_to_str(pi->packet_type, packettypenames, "Unknown packet type (%d)")); + return TAP_PACKET_REDRAW; +} +---- + +In this case the processing of the stats is quite simple. First we call the +`tick_stat_node` for the `st_str_packets` packet node, to count packets. Then a +call to `stats_tree_tick_pivot()` on the `st_node_packet_types` subtree allows +us to record statistics by packet type. + +[#ChDissectConversation] + +=== How to use conversations + +Some info about how to use conversations in a dissector can be found in the file +_doc/README.dissector_, chapter 2.2. + +[#ChDissectIdl2wrs] + +=== __idl2wrs__: Creating dissectors from CORBA IDL files + +Many of Wireshark’s dissectors are automatically generated. This section shows +how to generate one from a CORBA IDL file. + +==== What is it? + +As you have probably guessed from the name, `idl2wrs` takes a user specified IDL +file and attempts to build a dissector that can decode the IDL traffic over +GIOP. The resulting file is “C” code, that should compile okay as a Wireshark +dissector. + +`idl2wrs` parses the data struct given to it by the `omniidl` compiler, +and using the GIOP API available in packet-giop.[ch], generates get_CDR_xxx +calls to decode the CORBA traffic on the wire. + +It consists of 4 main files. + +README.idl2wrs:: +This document + +wireshark_be.py:: +The main compiler backend + +wireshark_gen.py:: +A helper class, that generates the C code. + +idl2wrs:: +A simple shell script wrapper that the end user should use to generate the +dissector from the IDL file(s). + +==== Why do this? + +It is important to understand what CORBA traffic looks like over GIOP/IIOP, and +to help build a tool that can assist in troubleshooting CORBA interworking. This +was especially the case after seeing a lot of discussions about how particular +IDL types are represented inside an octet stream. + +I have also had comments/feedback that this tool would be good for say a CORBA +class when teaching students what CORBA traffic looks like “on the wire”. + +It is also COOL to work on a great Open Source project such as the case with +“Wireshark” ({wireshark-main-url}). + + +==== How to use idl2wrs + +To use the idl2wrs to generate Wireshark dissectors, you need the following: + +* Python must be installed. See link:https://python.org/[] + +* `omniidl` from the omniORB package must be available. See link:http://omniorb.sourceforge.net/[] + +* Of course you need Wireshark installed to compile the code and tweak it if +required. idl2wrs is part of the standard Wireshark distribution + +To use idl2wrs to generate an Wireshark dissector from an idl file use the following procedure: + +* To write the C code to stdout. ++ +-- +---- +$ idl2wrs +---- + +e.g.: + +---- +$ idl2wrs echo.idl +---- +-- + +* To write to a file, just redirect the output. ++ +-- +---- +$ idl2wrs echo.idl > packet-test-idl.c +---- + +You may wish to comment out the register_giop_user_module() code and that will +leave you with heuristic dissection. + +If you don't want to use the shell script wrapper, then try steps 3 or 4 instead. +-- + +* To write the C code to stdout. ++ +-- +---- +$ omniidl -p ./ -b wireshark_be +---- + +e.g.: + +---- +$ omniidl -p ./ -b wireshark_be echo.idl +---- +-- + +* To write to a file, just redirect the output. ++ +-- +---- +$ omniidl -p ./ -b wireshark_be echo.idl > packet-test-idl.c +---- + +You may wish to comment out the register_giop_user_module() code and that will +leave you with heuristic dissection. +-- + +* Copy the resulting C code to subdirectory epan/dissectors/ inside your +Wireshark source directory. ++ +-- +---- +$ cp packet-test-idl.c /dir/where/wireshark/lives/epan/dissectors/ +---- + +The new dissector has to be added to CMakeLists.txt in the same directory. Look +for the declaration DISSECTOR_SRC and add the new dissector there. For +example, + +---- +DISSECTOR_SRC = \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-2dparityfec.c + ${CMAKE_CURRENT_SOURCE_DIR}/packet-3com-njack.c + ... +---- + +becomes + +---- +DISSECTOR_SRC = \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-test-idl.c \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-2dparityfec.c \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-3com-njack.c \ + ... +---- +-- + +For the next steps, go up to the top of your Wireshark source directory. + +* Create a build dir ++ +-- +---- +$ mkdir build && cd build +---- +-- + +* Run cmake ++ +-- +---- +$ cmake .. +---- +-- + +* Build the code ++ +-- +---- +$ make +---- +-- + +* Good Luck !! + +==== TODO + +* Exception code not generated (yet), but can be added manually. + +* Enums not converted to symbolic values (yet), but can be added manually. + +* Add command line options etc + +* More I am sure :-) + +==== Limitations + +See the TODO list inside _packet-giop.c_ + +==== Notes + +The `-p ./` option passed to omniidl indicates that the wireshark_be.py and +wireshark_gen.py are residing in the current directory. This may need tweaking +if you place these files somewhere else. + +If it complains about being unable to find some modules (e.g. tempfile.py), you +may want to check if PYTHONPATH is set correctly. + + +// End of WSDG Chapter Dissection diff --git a/docbook/wsdg_src/wsdg_env_intro.adoc b/docbook/wsdg_src/wsdg_env_intro.adoc new file mode 100644 index 00000000..91d51eaf --- /dev/null +++ b/docbook/wsdg_src/wsdg_env_intro.adoc @@ -0,0 +1,524 @@ +// WSDG Chapter Introduction + +[#ChapterIntroduction] + +== Introduction + +[#ChIntroIntro] + +=== Introduction + +This chapter will provide a general overview of Wireshark development. + +[#ChIntroWhatIs] + +=== What Is Wireshark? + +Well, if you want to start Wireshark development, you might already +know what Wireshark is doing. If not, please have a look at the +link:{wireshark-users-guide-url}[Wireshark User’s Guide], +which will provide a lot of general information about it. + +[#ChIntroPlatforms] + +=== Supported Platforms + +Wireshark currently runs on most UNIX-like platforms and various Windows +platforms. It requires Qt, GLib, libpcap and some other libraries in +order to run. + +As Wireshark is developed in a platform independent way and uses libraries (such +as the Qt GUI library) which are available for many different platforms, +it’s thus available on a wide variety of platforms. + +If a binary package is not available for your platform, you should +download the source and try to build it. Please report your experiences +to mailto:{wireshark-dev-list-email}[]. + +Binary packages are available for the following platforms along with many +others: + +==== Unix And Unix-like Platforms + +* Apple macOS + +* FreeBSD + +* HP-UX + +* IBM AIX + +* NetBSD + +* OpenBSD + +* Oracle Solaris + +===== Linux + +* Arch Linux + +* Debian GNU/Linux + +* Ubuntu + +* Fedora + +* Gentoo Linux + +* IBM S/390 Linux (Red Hat) + +* Mandriva Linux + +* PLD Linux + +* Red Hat Linux + +* Slackware Linux + +* Suse Linux + +==== Microsoft Windows + +Wireshark supports Windows natively via the https://en.wikipedia.org/wiki/Windows_API[Windows API]. +Note that in this documentation and elsewhere we tend to use the terms “Win32”, “Win”, and “Windows” interchangeably to refer to the Windows API. +“Win64” refers to the Windows API on 64-bit platforms. +Wireshark runs on and can be compiled on the following Windows versions: + +* Windows 11 / Windows Server 2022 + +* Windows 10 / Windows Server 2016 / Windows Server 2019 + +* Windows 8.1 / Windows Server 2012 R2 + +* Windows 8 / Windows Server 2012 + +Development on Windows 7, Server 2008 R2, Vista, Server 2008, and older versions may be possible but is not supported. + +Some versions of Windows support https://devblogs.microsoft.com/commandline/per-directory-case-sensitivity-and-wsl/[case sensitive directories]. +We don’t officially support building or running Wireshark in this environment, but we will accept patches to fix any issues that might arise. + +[#ChIntroDevelopment] + +=== Development And Maintenance Of Wireshark + +Wireshark was initially developed by Gerald Combs. Ongoing development +and maintenance of Wireshark is handled by the Wireshark core developers, +a loose group of individuals who fix bugs and provide new functionality. + +There have also been a large number of people who have contributed +protocol dissectors and other improvements to Wireshark, and it is +expected that this will continue. You can find a list of the people who +have contributed code to Wireshark by checking the About dialog box of +Wireshark, or have a look at the {wireshark-authors-url} page on the +Wireshark web site. + +The communication between the developers is usually done through the developer +mailing list, which can be joined by anyone interested in the development +activities. At the time this document was written, more than 500 persons were +subscribed to this mailing list! + +It is strongly recommended to join the developer mailing list, if you are going +to do any Wireshark development. See <> about the different +Wireshark mailing lists available. + +==== Programming Languages Used + +Most of Wireshark is implemented in C. +A notable exception is the code in _ui/qt_, which is written in {cpp}. + +The typical task for a new Wireshark developer is to extend an existing dissector, or write a new dissector for a specific network protocol. +Most dissectors are written in C11, so a good knowledge of C will be sufficient for Wireshark development in almost any case. +Dissectors can also be written in Lua, which might be more suitable for your specific needs. +As noted above, if you’re going to modify Wireshark’s user interface you will need a knowledge of {cpp}. + +Modifying the build system and support tooling might requires knowledge of CMake, Python, PowerShell, Bash, or Perl. +Note that these are required to build Wireshark, but not to run it. +If Wireshark is installed from a binary package, none of these helper tools are needed on the target system. + +==== Open Source Software + +Wireshark is an https://opensource.org/[open source] software (OSS) project, and is released under +the link:{gplv2-url}[GNU General Public License] (GPL). +You can freely use Wireshark on any number of computers you like, without +worrying about license keys or fees or such. In addition, all source +code is freely available under the GPL. Because of that, it is very easy +for people to add new protocols to Wireshark, either as plugins, or built +into the source, and they often do! + +You are welcome to modify Wireshark to suit your own needs, and it would be +appreciated if you contribute your improvements back to the Wireshark community. + +You gain three benefits by contributing your improvements back to the +community: + +* Other people who find your contributions useful will appreciate them, and you + will know that you have helped people in the same way that the developers of + Wireshark have helped you and other people. + +* The developers of Wireshark might improve your changes even more, as there’s + always room for improvement. Or they may implement some advanced things on top + of your code, which can be useful for yourself too. + +* The maintainers and developers of Wireshark will maintain your code as well, + fixing it when API changes or other changes are made, and generally keeping it + in tune with what is happening with Wireshark. So if Wireshark is updated + (which is done often), you can get a new Wireshark version from the website + and your changes will already be included without any effort for you. + + +The Wireshark source code and binary packages for some platforms are all +available on the download page of the Wireshark website: +{wireshark-download-url}. + + +[#ChIntroReleases] + +=== Releases And Distributions + +Official Wireshark releases can be found at {wireshark-download-url}. +Minor releases typically happen every six weeks and typically include bug fixes and security updates. +Major releases happen about once a year and include new features and new protocol support. +Official releases include binary packages for Windows and macOS along with source code. + +[#ChIntroReleaseBinary] + +==== Binary Distributions + +The Wireshark development team would like to make it as easy as possible for people to obtain and use Wireshark. +This means that we need to support the software installation systems that different operating systems provide. +We currently offer the following types of precompiled packages as part of each official release: + +* Windows .exe installer. + This is an executable file that installs Wireshark, and optionally Npcap and USBPcap, created using https://nsis.sourceforge.io/Main_Page[NSIS]. + It is the most popular installation method on Windows. + +* Windows https://portableapps.com/[PortableApps] .paf.exe file. + This is a self-contained package that can be run from anywere, either standalone or under the PortableApps.com Platform. + +* Windows .msi installer. + This installs Wireshark using Microsoft’s https://docs.microsoft.com/en-us/windows/win32/msi/installer-database[Installer Database], created using the https://wixtoolset.org/[WiX toolset]. + It does not yet include Npcap or USBPcap and is somewhat https://gitlab.com/wireshark/wireshark/-/issues/8814[experimental]. + +* macOS .dmg. + This is a disk image which includes a drag-installable Wireshark application bundle along with utility packages for installing ChmodBPF and adding Wireshark to your PATH environment variable. + +Most Linux and UNIX distributions have their own packaging systems which usually include Wireshark. +The Wireshark sources include support for creating the following types of packages: + +* Debian .deb files. + Packaging assets can be found in the _debian_ directory in the Wireshark sources. + +* Red Hat .rpm files. + Packaging assets can be found in the _packaging/rpm_ directory in the Wireshark sources. + +You can also create your own binary packages. See <> for details. + +[#ChIntroReleaseSource] + +==== The Source Code Distribution + +Wireshark is and will always be https://opensource.org/[open source]. +You’re welcome to download a source tarball, build it, and modify it under the terms of the {gplv2-url}[GPLv2]. +However, it’s usually much easier to use a binary package if you want to get up and running quickly in a production environment. + +Source tarballs are commonly used for building the binary packages for UNIX and UNIX-like platforms. +However, if you are going to modify the Wireshark sources, e.g. to contribute changes back or to develop an in-house version of Wireshark we recommend that you use the latest Git sources. +For details about the different ways to get the Wireshark source code see <>. + +Before building Wireshark from a source distribution, make sure you have all the tools and libraries required to build. +Later chapters describe the required tools and libraries in detail. + +[#ChIntroAutomated] + +=== Automated Builds (GitLab CI) + +The Wireshark development team uses GitLab’s continuous integration (CI) system to automatically build Wireshark for each Git merge request and commit. +Automated builds provide several useful services: + +* Cross-platform testing. + Inbound merge requests and commits can be tested on each of our supported plaforms, which ensures that a developer on one platform doesn’t break the build on other platforms. + +* A health indicator for the source code. + The CI badges at {wireshark-gitlab-project-url} can quickly tell you how healthy the latest code is. + Green is good, red is bad. + +* Fast code delivery. + After a change is committed to the repository, an installer is usually available within an hour at https://www.wireshark.org/download/automated/. + This can be quite helpful for resolving issues, e.g. a bug reporter can easily verify a bugfix by installing a recent build. + +* Automated regression tests. + We run a comprehensive test suite as part of each build and continuously run fuzz tests that try to crash the dissection engine. + +==== What Do The Automated Builds Do? + +GitLab’s CI operates by running a series of steps and reporting success or failure. +A typical CI job might do the following: + +. Check out Wireshark from the source repository. + +. Build Wireshark. + +. Create a source tarball, binary package, or installer. + +. Run regression tests. + +GitLab’s CI marks successful jobs with a green checkmark and failed jobs with a red “X”. +Jobs provide a link to the corresponding console logfile which provides additional information. + +Release packages are built on the following platforms: + +* Windows Server 2019 x86-64 (Win64, little endian, Visual Studio 2022) + +* Ubuntu 18.04 x86-64 (Linux, little endian, gcc, Clang) + +* macOS 10.14 x86-64 (BSD, little endian, Clang) + +Static code analysis and fuzz tests are run on the following platforms: + +* Visual Studio Code Analysis (Win64, little endian, VS 2022) + +* Clang Code Analysis, Coverity Scan, and fuzz tests (Linux, little endian, Clang) + +Each platform is represented at the status page by a single column, the most recent entries are at the top. + +[#ChIntroHelp] + + +=== Reporting problems and getting help + +If you have problems, or need help with Wireshark, there are several +places that may be of interest to you (well, beside this guide of +course). + +[#ChIntroHomepage] + +==== Website + +You will find lots of useful information on the Wireshark homepage at +{wireshark-main-url}. + +[#ChIntroWiki] + +==== Wiki + +The Wireshark Wiki at {wireshark-wiki-url} provides a wide range +of information related to Wireshark and packet capturing in general. +You will find a lot of information not part of this developer’s guide. For +example, there is an explanation how to capture on a switched network, +an ongoing effort to build a protocol reference and a lot more. + +And best of all, if you would like to contribute your knowledge on a +specific topic (maybe a network protocol you know well), you can edit the +Wiki pages by simply using your webbrowser. + +[#ChIntroFAQ] + + +==== FAQ + +The "Frequently Asked Questions" will list often asked questions and +the corresponding answers. + +Before sending any mail to the mailing lists below, be sure to read the +FAQ, as it will often answer any questions you might have. This will save +yourself and others a lot of time. Keep in mind that a lot of people are +subscribed to the mailing lists. + +You will find the FAQ inside Wireshark by clicking the menu item +Help/Contents and selecting the FAQ page in the upcoming dialog. + +An online version is available at the Wireshark website: +{wireshark-faq-url}. You might prefer this online version as it’s +typically more up to date and the HTML format is easier to use. + +[#ChIntroOtherSources] + +==== Other sources + +If you don't find the information you need inside this book, there are +various other sources of information: + +* The file _doc/README.developer_ and all the other README.xxx files in the + source code. These are various documentation files on different topics + +[NOTE] +.Read the README +==== +_README.developer_ is packed full with all kinds of details relevant +to the developer of Wireshark source code. Its companion file +_README.dissector_ advises you around common +pitfalls, shows you basic layout of dissector code, shows details of the +APIs available to the dissector developer, etc. +==== + +* The Wireshark source code + +* Tool documentation of the various tools used +(e.g. manpages of sed, gcc, etc.) + +* The different mailing lists. See <> + +[#ChIntroQA] + +==== Q&A Site + +The Wireshark Q&A site at {wireshark-qa-url} offers a resource where +questions and answers come together. You have the option to search what +questions were asked before and what answers were given by people who +knew about the issue. Answers are graded, so you can pick out the best +ones easily. If your issue isn't discussed before you can post one +yourself. + +[#ChIntroMailingLists] + +==== Mailing Lists + +There are several mailing lists available on specific Wireshark topics: + +wireshark-announce:: This mailing list will inform you about new program +releases, which usually appear about every 4-8 weeks. + +wireshark-users:: This list is for users of Wireshark. People post +questions about building and using Wireshark, others (hopefully) +provide answers. + +wireshark-dev:: This list is for Wireshark developers. People post questions about +the development of Wireshark, others (hopefully) provide answers. +If you want to start developing a protocol dissector, join this list. + +wireshark-bugs:: This list is for Wireshark developers. Every time a change to the bug +database occurs, a mail to this mailing list is generated. +If you want to be notified about all the changes to the bug +database, join this list. Details about the bug database can be +found in <>. + +wireshark-commits:: This list is for Wireshark developers. Every time a change to the Git +repository is checked in, a mail to this mailing list is generated. +If you want to be notified about all the changes to the Git +repository, join this list. Details about the Git repository can be +found in <>. + +You can subscribe to each of these lists from the Wireshark web site: +{wireshark-mailing-lists-url}. From there, you can choose which mailing +list you want to subscribe to by clicking on the +Subscribe/Unsubscribe/Options button under the title of the relevant +list. The links to the archives are included on that page as well. + +[TIP] +.The archives are searchable +==== +You can search in the list archives to see if someone previously asked the same +question and maybe already got an answer. That way you don't have to wait until +someone answers your question. +==== + +[#ChIntroBugDatabase] + +==== Bug Database (GitLab Issues) + +The Wireshark community collects bug reports in an issues database at {wireshark-bugs-url}. +This database is filled with manually filed bug reports, usually after some discussion on wireshark-dev, and automatic bug reports from continuous integration jobs. + +[#ChIntroReportProblems] + +==== Reporting Problems + +[NOTE] +.Test with the latest version +==== +Before reporting any problems, please make sure you have installed the +latest version of Wireshark. Reports on older maintenance releases are +usually met with an upgrade request. +==== + +If you report problems, provide as much information as possible. In general, +just think about what you would need to find that problem, if someone else sends +you such a problem report. Also keep in mind that people compile/run Wireshark +on a lot of different platforms. + +When reporting problems with Wireshark, it is helpful if you supply the +following information: + +. The version number of Wireshark and the dependent libraries linked with +it, e.g. Qt, GLib, etc. You can obtain this with the command +`wireshark -v`. + +. Information about the platform you run Wireshark on. + +. A detailed description of your problem. + +. If you get an error/warning message, copy the text of that message (and +also a few lines before and after it, if there are some), so others may +find the build step where things go wrong. +Please don't give something like: "I get a warning when compiling x" +as this won't give any direction to look at. + +[NOTE] +.Don't send large files +==== +Do not send large files (>100KB) to the mailing lists, just place a note +that further data is available on request. Large files will only annoy a +lot of people on the list who are not interested in your specific problem. +If required, you will be asked for further data by the persons who really +can help you. +==== + +[WARNING] +.Don't send confidential information +==== +If you send captured data to the mailing lists, or add it to your bug report, +be sure it doesn't contain any sensitive or confidential information, +such as passwords. Visibility of such files can be limited to certain +groups in the GitLab Issues database by marking the issue confidential. +==== + +==== Reporting Crashes on UNIX-like platforms + +When reporting crashes with Wireshark, it is helpful if you supply the +traceback information (besides the information mentioned in +<>). + +You can obtain this traceback information with the following commands: + +---- +$ gdb `whereis wireshark | cut -f2 -d: | cut -d' ' -f2` core >& bt.txt +backtrace +^D +$ +---- + +[NOTE] +.Using GDB +==== +Type the characters in the first line verbatim. Those are +back-tics there. + +`backtrace` is a `gdb` command. You should +enter it verbatim after the first line shown above, but it will not be +echoed. The ^D +(Control-D, that is, press the Control key and the D key +together) will cause `gdb` to exit. This will +leave you with a file called +_bt.txt_ in the current directory. +Include the file with your bug report. + +If you do not have `gdb` available, you +will have to check out your operating system’s debugger. +==== + +You should mail the traceback to mailto:{wireshark-dev-list-email}[] or attach it +to your bug report. + +==== Reporting Crashes on Windows platforms + +You can download Windows debugging symbol files (.pdb) from the following locations: + +* 64-bit Windows: https://www.wireshark.org/download/win64/all-versions/ + +Files are named "Wireshark-pdb-win__bits__-_x_._y_._z_.zip" to match their +corresponding "Wireshark-win__bits__-_x_._y_._z_.exe" installer packages. + +// XXX Show how to use the Visual Studio debugger + +// End of WSDG Chapter Introduction diff --git a/docbook/wsdg_src/wsdg_libraries.adoc b/docbook/wsdg_src/wsdg_libraries.adoc new file mode 100644 index 00000000..d0f5f1d0 --- /dev/null +++ b/docbook/wsdg_src/wsdg_libraries.adoc @@ -0,0 +1,349 @@ +// WSDG Chapter Libraries + +[#ChapterLibraries] + +== Library Reference + +[#ChLibIntro] + +=== Introduction + +Like most applications, Wireshark depends on libraries provided by your operating system and by third parties, including the C runtime library, GLib, libpcap, and Qt. +While running Wireshark only requires the libraries themselves, building it requires header files, import libraries, and related resources. + +Binary libraries are available in different formats and are specific to the target operating system, platform, and compiler. +They can be compiled by hand, but are most often installed as pre-built packages. + +On most Linux systems, the required binary and development libraries can be installed using your package manager. +We provide setup scripts that will install the required packages for most distributions. +See <> for details. + +On macOS, you can install pre-built packages using a third party package manager such as Homebrew or MacPorts. +As with Linux, we provide `tools/macos-setup-brew.sh`, which will install the required Homebrew packages. +We also provide `tools/macos-setup.sh`, which will download, build, and install required packages. + +Windows doesn't have a good library package manager at the present time, so we provide our own pre-built libraries. +They can be installed using `tools/win-setup.ps1` and are automatically installed when you run CMake. +With the exception of Qt, all libraries required to build Wireshark on Windows are available for download at +https://dev-libs.wireshark.org/windows/[]. +See <> for details. + +[#ChLibsSetup] + +=== Windows Automated Library Download + +The required libraries (apart from Qt) are automatically downloaded as part of +the CMake generation step, and subsequently as required when libraries are updated. + +The libraries are downloaded into the directory indicated by the environment +variable WIRESHARK_BASE_DIR, this must be set appropriately for your environment. +The libraries are downloaded and extracted into WIRESHARK_BASE_DIR\wireshark-x64-libs or WIRESHARK_BASE_DIR\wireshark-arm64-libs depending on your target platform. + +You may also set the library directory to a custom value with the environment variable WIRESHARK_LIB_DIR, but you may run into problems if you switch between major versions or target platforms. + +[#ChLibsQt] + +=== Qt + +The Qt library is used to build the UI for Wireshark and is used to provide a platform independent UI. +Wireshark can be built with Qt 5.12 or later, but looks for Qt 6 as the default version. + +To enable builds with Qt 5.x, the command-line option `-DUSE_qt6=OFF` has to be set for cmake. + +For more information on the Qt libraries, see <>. + +[#ChLibsUnixQt] + +[discrete] +==== Unix + +Most Linux distributions provide Qt and its development libraries as standard packages. +The required libraries and tools will likely be split across several packages. For example, +building on Ubuntu requires _qt6-tools-dev_, _qt6-tools-dev-tools_, _libqt6svg6-dev_, +_qt6-multimedia-dev_, and possibly others. + +The Qt Project provides an installation tool for macOS, similar to Windows. +It is available at https://www.qt.io/download-open-source/#section-2[]. + +[#ChLibsWindowsQt] + +[discrete] +==== Windows + +Qt 6 must be installed manually from the Qt installers page https://www.qt.io/download-open-source/#section-2[] using the version of Qt appropriate for your compiler. + +The CMake variable CMAKE_PREFIX_PATH (see `https://doc.qt.io/qt-6/cmake-get-started.html`) should be set to your Qt installation directory, e.g. _C:\Qt{backslash}{qt6-lts-version}\msvc2019_64_. +Alternatively you can also use the environment variable WIRESHARK_QT6_PREFIX_PATH. + +[#ChLibsGLib] + +=== GLib And Supporting Libraries + +The GLib library is used as a basic platform abstraction library and can +be used in both CLI and GUI applications. For a detailed description +about GLib see <>. + +GLib depends on GNU libiconv, GNU gettext, and other libraries. You will +typically not come into contact with these while doing Wireshark +development. Wireshark's build system check for and require both GLib +and its dependencies. + +[#ChLibsUnixGLib] + +[discrete] +==== Unix + +The GLib library is available for most Linux distributions and UNIX +flavors. If it isn't already installed and isn't available as a package +for your platform, you can get it at https://wiki.gnome.org/Projects/GLib[]. + +[#ChLibsWindowsGLib] + +[discrete] +==== Windows + +GLib is part of our vcpkg-export bundles and is available at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsCares] + +=== c-ares + +C-Ares is used for asynchronous DNS resolution and lets us resolve names with a minimal performance impact. + +[#ChLibsUnixCares] + +[discrete] +==== Unix + +If this library isn't already installed or available as a package for your +platform, you can get it at https://c-ares.org/[]. + +[#ChLibsWindowsCares] + +[discrete] +==== Windows + +C-Ares is built using {vcpkg-main-url}[vcpkg] and is available at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsSMI] + +=== SMI (Optional) + +LibSMI is used for MIB and PIB parsing and for OID resolution. + +[#ChLibsUnixSMI] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://www.ibr.cs.tu-bs.de/projects/libsmi/[]. + +[#ChLibsWindowsSMI] + +[discrete] +==== Windows + +Wireshark uses the source libSMI distribution at +https://www.ibr.cs.tu-bs.de/projects/libsmi/[]. +LibSMI is cross-compiled using MinGW32. +It’s stored in the libsmi zip archives at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsZlib] + +=== zlib (Optional) + +[quote, The zlib web site, https://www.zlib.net/] +____ +zlib is designed to be a +https://www.zlib.net/zlib_license.html[free], +general-purpose, legally unencumbered -- that is, not covered by any +patents -- lossless data-compression library for use on virtually any computer +hardware and operating system. +____ + +[#ChLibsUnixZlib] + +[discrete] +==== Unix + +This library is almost certain to be installed on your system. If it isn't or +you don't want to use the default library you can download it from +https://www.zlib.net/[]. + +[#ChLibsWindowsZlib] + +[discrete] +==== Windows + +zlib is part of our vcpkg-export bundles and is available at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsPcap] + +=== libpcap or Npcap (Optional, But Strongly Recommended) + +Libpcap and Npcap provide the packet capture capabilities that are central +to Wireshark’s core functionality. + +[#ChLibsLibpcap] + +[discrete] +==== Unix: libpcap + +If this library isn't already installed or available as a package for your +platform, you can get it at {tcpdump-main-url}. + +[#ChLibsWinpPcap] + +[discrete] +==== Windows: Npcap + +The Windows build environment compiles and links against a libpcap SDK built using {vcpkg-main-url}[vcpkg] and includes the {npcap-main-url}[Npcap packet capture driver] with the .exe installer. +Both are <>. + +You can download the Npcap Windows packet capture library manually from +{npcap-main-url}. + +[WARNING] +.Npcap has its own license with its own restrictions +==== +Insecure.Com LLC, aka “The Nmap Project” has granted the Wireshark +Foundation the right to include Npcap with the installers that we +distribute from wireshark.org. If you wish to distribute your own +Wireshark installer or any other package that includes Npcap you must +comply with the {npcap-license-url}[Npcap license] and may be required +to purchase a redistribution license. Please see {npcap-main-url} for +more details. +==== + +[#ChLibsGNUTLS] + +=== GnuTLS (Optional) + +The GNU Transport Layer Security Library is used to enable TLS decryption +using an RSA private key. + +[#ChLibsUnixGNUTLS] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://gnutls.org/[]. + +[#ChLibsWindowsGNUTLS] + +[discrete] +==== Windows + +We provide packages cross-compiled using MinGW32 at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsGcrypt] + +=== Gcrypt + +The Gcrypt Library is a low-level cryptographic library that provides +support for many ciphers and message authentication codes, such as DES, 3DES, +AES, Blowfish, SHA-1, SHA-256, and others. + +[#ChLibsUnixGcrypt] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://directory.fsf.org/wiki/Libgcrypt[]. + +[#ChLibsWindowsGcrypt] + +[discrete] +==== Windows + +We provide packages for Windows at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsKerberos] + +=== Kerberos (Optional) + +The Kerberos library is used to dissect Kerberos, sealed DCERPC and +secure LDAP protocols. + +[#ChLibsUnixKerberos] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://web.mit.edu/Kerberos/dist/[]. + +[#ChLibsWindowsKerberos] + +[discrete] +==== Windows + +We provide packages for Windows at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsLua] + +=== Lua (Optional) + +The Lua library is used to add scripting support to Wireshark. + +[#ChLibsUnixLua] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://www.lua.org/download.html[]. + +[#ChLibsWindowsLua] + +[discrete] +==== Windows + +We provide copies of the official packages at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsMaxMindDB] + +=== MaxMindDB (Optional) + +MaxMind Inc. publishes a set of IP geolocation databases and related +open source libraries. They can be used to map IP addresses to +geographical locations and other information. + +If libmaxminddb library isn't already installed or available as a +package for your platform, you can get it at +https://github.com/maxmind/libmaxminddb[]. + +We provide packages for Windows at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsSparkle] + +=== WinSparkle (Optional) + +WinSparkle is an easy-to-use software update library for Windows developers. + +[#ChLibsWinSparkle] + +[discrete] +==== Windows + +We provide copies of the WinSparkle package at +https://dev-libs.wireshark.org/windows/packages/[]. + +// End of WSDG Chapter Libraries diff --git a/docbook/wsdg_src/wsdg_lua_support.adoc b/docbook/wsdg_src/wsdg_lua_support.adoc new file mode 100644 index 00000000..8f7314bf --- /dev/null +++ b/docbook/wsdg_src/wsdg_lua_support.adoc @@ -0,0 +1,276 @@ +[#wsluarm] + +// Attributes +:build_dir: .. + +== Lua Support in Wireshark + +[#wsluarm_intro] + +=== Introduction + +Lua is a powerful light-weight programming language designed for extending +applications. Wireshark contains an embedded Lua 5.2 interpreter which +can be used to write dissectors, taps, and capture file readers +and writers. + +If Lua is enabled, Wireshark will first try to load a file named `init.lua` +from the global link:{wireshark-users-guide-url}ChPluginFolders.html[_plugins directory_]. +and then from the user’s +link:{wireshark-users-guide-url}ChAppFilesConfigurationSection.html[_personal plugins directory_]. +Then all files ending with _.lua_ are loaded from the global plugins +directory. Then all files ending with _.lua_ in the personal Lua plugin's +directory. + +Whether or not Lua scripts are enabled can be controlled via the +_$$enable_lua$$_ variable. Lua scripts are enabled by +default. To disable Lua scripts, set the _$$enable_lua$$_ variable to _false_. +Wireshark 2.6 and earlier enabled or disabled Lua scripts using +the variable _$$disable_lua$$_ (deprecated). If both _$$enable_lua$$_ and +_$$disable_lua$$_ are present, _$$disable_lua$$_ is ignored. + +.Example for init.lua +[source,lua] +---- +-- Set enable_lua to false to disable Lua support. +enable_lua = true + +if not enable_lua then + return +end + +-- If false and Wireshark was started as (setuid) root, then the user +-- will not be able to execute custom Lua scripts from the personal +-- configuration directory, the -Xlua_script command line option or +-- the Lua Evaluate menu option in the GUI. +-- Note: Not checked on Windows. running_superuser is always false. +run_user_scripts_when_superuser = true +---- + +The command line option _$$-X lua_script:$$++file.lua++_ can also be used to load +specific Lua scripts. + +The Lua code is executed after all protocol dissectors are +initialized and before reading any file. + +Wireshark for Windows uses a modified Lua runtime +(link:https://github.com/Lekensteyn/lua-unicode[lua-unicode]) to +support Unicode (UTF-8) filesystem paths. This brings consistency with other +platforms (for example, Linux and macOS). + +[#wslua_menu_example] + +=== Example: Creating a Menu with Lua + +The code below adds a menu "Lua Dialog Test" under the Tools menu. +When selected, it opens a dialog prompting the user for input +and then opens a text window with the output. + +[source,lua] +---- + +-- Define the menu entry's callback +local function dialog_menu() + local function dialog_func(person,eyes,hair) + local window = TextWindow.new("Person Info"); + local message = string.format("Person %s with %s eyes and %s hair.", person, eyes, hair); + window:set(message); + end + + new_dialog("Dialog Test",dialog_func,"A Person","Eyes","Hair") +end + +-- Create the menu entry +register_menu("Lua Dialog Test",dialog_menu,MENU_TOOLS_UNSORTED) + +-- Notify the user that the menu was created +if gui_enabled() then + local splash = TextWindow.new("Hello!"); + splash:set("Wireshark has been enhanced with a useless feature.\n") + splash:append("Go to 'Tools->Lua Dialog Test' and check it out!") +end + +---- + +[#wslua_dissector_example] + +=== Example: Dissector written in Lua + +[source,lua] +---- +local p_multi = Proto("multi", "MultiProto"); + +local vs_protos = { + [2] = "mtp2", + [3] = "mtp3", + [4] = "alcap", + [5] = "h248", + [6] = "ranap", + [7] = "rnsap", + [8] = "nbap" +} + +local f_proto = ProtoField.uint8("multi.protocol", "Protocol", base.DEC, vs_protos) +local f_dir = ProtoField.uint8("multi.direction", "Direction", base.DEC, { [1] = "incoming", [0] = "outgoing"}) +local f_text = ProtoField.string("multi.text", "Text") + +p_multi.fields = { f_proto, f_dir, f_text } + +local data_dis = Dissector.get("data") + +local protos = { + [2] = Dissector.get("mtp2"), + [3] = Dissector.get("mtp3"), + [4] = Dissector.get("alcap"), + [5] = Dissector.get("h248"), + [6] = Dissector.get("ranap"), + [7] = Dissector.get("rnsap"), + [8] = Dissector.get("nbap"), + [9] = Dissector.get("rrc"), + [10] = DissectorTable.get("sctp.ppi"):get_dissector(3), -- m3ua + [11] = DissectorTable.get("ip.proto"):get_dissector(132), -- sctp +} + +function p_multi.dissector(buf, pkt, tree) + + local subtree = tree:add(p_multi, buf(0,2)) + subtree:add(f_proto, buf(0,1)) + subtree:add(f_dir, buf(1,1)) + + local proto_id = buf(0,1):uint() + + local dissector = protos[proto_id] + + if dissector ~= nil then + -- Dissector was found, invoke subdissector with a new Tvb, + -- created from the current buffer (skipping first two bytes). + dissector:call(buf(2):tvb(), pkt, tree) + elseif proto_id < 2 then + subtree:add(f_text, buf(2)) + -- pkt.cols.info:set(buf(2, buf:len() - 3):string()) + else + -- fallback dissector that just shows the raw data. + data_dis:call(buf(2):tvb(), pkt, tree) + end + +end + +local wtap_encap_table = DissectorTable.get("wtap_encap") +local udp_encap_table = DissectorTable.get("udp.port") + +wtap_encap_table:add(wtap.USER15, p_multi) +wtap_encap_table:add(wtap.USER12, p_multi) +udp_encap_table:add(7555, p_multi) +---- + +[#wslua_tap_example] + +=== Example: Listener written in Lua + +[source,lua] +---- +-- This program will register a menu that will open a window with a count of occurrences +-- of every address in the capture + +local function menuable_tap() + -- Declare the window we will use + local tw = TextWindow.new("Address Counter") + + -- This will contain a hash of counters of appearances of a certain address + local ips = {} + + -- this is our tap + local tap = Listener.new(); + + local function remove() + -- this way we remove the listener that otherwise will remain running indefinitely + tap:remove(); + end + + -- we tell the window to call the remove() function when closed + tw:set_atclose(remove) + + -- this function will be called once for each packet + function tap.packet(pinfo,tvb) + local src = ips[tostring(pinfo.src)] or 0 + local dst = ips[tostring(pinfo.dst)] or 0 + + ips[tostring(pinfo.src)] = src + 1 + ips[tostring(pinfo.dst)] = dst + 1 + end + + -- this function will be called once every few seconds to update our window + function tap.draw(t) + tw:clear() + for ip,num in pairs(ips) do + tw:append(ip .. "\t" .. num .. "\n"); + end + end + + -- this function will be called whenever a reset is needed + -- e.g. when reloading the capture file + function tap.reset() + tw:clear() + ips = {} + end + + -- Ensure that all existing packets are processed. + retap_packets() +end + +-- using this function we register our function +-- to be called when the user selects the Tools->Test->Packets menu +register_menu("Test/Packets", menuable_tap, MENU_TOOLS_UNSORTED) +---- + +[#wsluarm_modules] + +== Wireshark’s Lua API Reference Manual + +This Part of the User Guide describes the Wireshark specific functions in the embedded Lua. + +Classes group certain functionality, the following notational conventions are +used: + +* _Class.function()_ represents a class method (named _function_) on class + _Class_, taking no arguments. + +* _Class.function(a)_ represents a class method taking one argument. + +* _Class.function(...)_ represents a class method taking a variable number of + arguments. + +* _class:method()_ represents an instance method (named _method_) on an instance + of class _Class_, taking no arguments. Note the lowercase notation in the + documentation to clarify an instance. + +* _class.prop_ represents a property _prop_ on the instance of class _Class_. + +Trying to access a non-existing property, function or method currently gives an +error, but do not rely on it as the behavior may change in the future. + + +include::{build_dir}/wsluarm_src/wslua_utility.adoc[] +include::{build_dir}/wsluarm_src/wslua_gui.adoc[] +include::{build_dir}/wsluarm_src/wslua_proto.adoc[] +include::{build_dir}/wsluarm_src/wslua_field.adoc[] +include::{build_dir}/wsluarm_src/wslua_pinfo.adoc[] +include::{build_dir}/wsluarm_src/wslua_tvb.adoc[] +include::{build_dir}/wsluarm_src/wslua_tree.adoc[] +include::{build_dir}/wsluarm_src/wslua_listener.adoc[] +include::{build_dir}/wsluarm_src/wslua_dumper.adoc[] +include::{build_dir}/wsluarm_src/wslua_wtap.adoc[] +include::{build_dir}/wsluarm_src/wslua_file.adoc[] +include::{build_dir}/wsluarm_src/wslua_dir.adoc[] +include::{build_dir}/wsluarm_src/wslua_int64.adoc[] +include::{build_dir}/wsluarm_src/wslua_struct.adoc[] + +[#lua_module_PCRE2] + +=== PCRE2 Regular Expressions + +Lua has its own native _pattern_ syntax in the string library, but sometimes a +real regex engine is more useful. Wireshark comes with Perl Compatible Regular +Expressions version 2 (PCRE2). This engine is exposed into Wireshark’s Lua engine through the +well-known Lrexlib library. The module is loaded in the global environment using +the "rex_pcre2" table. The manual is available at https://rrthomas.github.io/lrexlib/manual.html. diff --git a/docbook/wsdg_src/wsdg_preface.adoc b/docbook/wsdg_src/wsdg_preface.adoc new file mode 100644 index 00000000..6b20969c --- /dev/null +++ b/docbook/wsdg_src/wsdg_preface.adoc @@ -0,0 +1,84 @@ +[#Preface] +["preface",id="Preface"] +== Preface + +[#PreForeword] + +=== Foreword + +This book tries to give you a guide to start your own experiments into +the wonderful world of Wireshark development. + +Developers who are new to Wireshark often have a hard time getting their development environment up and running. +This is especially true for Windows developers, as a lot of the tools and methods used when building Wireshark are much more common in the UNIX world than on Windows. + +The first part of this book will describe how to set up the environment +needed to develop Wireshark. + +The second part of this book will describe how to change the Wireshark +source code. + +We hope that you find this book useful, and look forward to your comments. + +[#PreAudience] + +=== Who should read this document? + +The intended audience of this book is anyone going into the development of +Wireshark. + +This book is not intended to explain the usage of Wireshark in general. +Please refer the +{wireshark-users-guide-url}[Wireshark User’s Guide] about Wireshark usage. + +By reading this book, you will learn how to develop Wireshark. It will +hopefully guide you around some common problems that frequently appear for +new (and sometimes even advanced) developers of Wireshark. + +[#PreAck] + +=== Acknowledgements + +The authors would like to thank the whole Wireshark team for their +assistance. In particular, the authors would like to thank: + +* Gerald Combs, for initiating the Wireshark project. + +* Guy Harris, for many helpful hints and his effort in maintaining +the various contributions on the mailing lists. + +* Frank Singleton from whose `README.idl2wrs` <> is derived. + +The authors would also like to thank the following people for their +helpful feedback on this document: + +* XXX - Please give feedback :-) + +And of course a big thank you to the many, many contributors of the +Wireshark development community! + +[#PreAbout] + +=== About this document + +This book was developed by mailto:{wsdg-author-email}[Ulf Lamping], +updated for VS2013 by mailto:{wsdg-author-email2}[Graham Bloice], +and updated for later versions of Visual Studio by various contributors. + +It is written in AsciiDoc. + +[#PreDownload] + +=== Where to get the latest copy of this document? + +The latest copy of this documentation can always be found at +{wireshark-developers-guide-url}. + +[#PreFeedback] + +=== Providing feedback about this document + +Should you have any feedback about this document, please send it to the +authors through mailto:{wireshark-dev-list-email}[]. + + diff --git a/docbook/wsdg_src/wsdg_quick_setup.adoc b/docbook/wsdg_src/wsdg_quick_setup.adoc new file mode 100644 index 00000000..15458bea --- /dev/null +++ b/docbook/wsdg_src/wsdg_quick_setup.adoc @@ -0,0 +1,965 @@ +// WSDG Chapter Setup + +[#ChapterSetup] + +== Setup and Build Instructions + +[#ChSetupUNIX] + +=== UN*X + +[#ChSetupUNIXBuildEnvironmentSetup] + +==== Build environment setup + +The following must be installed in order to build Wireshark: + +* a C compiler and a C++ compiler; +* the Flex lexical analyzer; +* Python 3; +* CMake; +* several required libraries. + +Either make or Ninja can be used to build Wireshark; at least one of +those must be installed. + +To build the manual pages, Developer's Guide and User's Guide, Asciidoctor, Xsltproc, and DocBook must be installed. + +Perl is required to generate some code and run some code analysis checks. + +Some features of Wireshark require additional libraries to be installed. +The processes for doing so on various UN*X families is shown here. + +There are shell scripts in the `tools` directory to install the packages +and libraries required to build Wireshark. Usage is available with the +`--help` option. `root` permission is required to run the scripts. +The available scripts and their options for a given family of UN*Xes are +shown in the section for that family. + +[discrete] +==== Alpine Linux + +The setup script is `tools/alpine-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-all` install everything +* `[other]` other options are passed as-is to apk + +[discrete] +==== Arch Linux and pacman-based systems + +The setup script is `tools/arch-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-test-deps` install packages required to run all tests +* `--install-all` install everything +* `[other]` other options are passed as-is to pacman + +[discrete] +==== BSD systems such as FreeBSD, NetBSD, OpenBSD, and DragonFly BSD + +The setup script is `tools/bsd-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `[other]` other options are passed as-is to pkg manager + +[discrete] +==== Debian, and Linux distributions based on Debian, such as Ubuntu + +The setup script is `tools/debian-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-deb-deps` install packages required to build the .deb file +* `--install-test-deps` install packages required to run all tests +* `--install-qt5-deps` force installation of packages required to use Qt5 +* `--install-qt6-deps` force installation of packages required to use Qt6 +* `--install-all` install everything +* `[other]` other options are passed as-is to apt + +[discrete] +==== RPM-based Linux distributions such as Red Hat, Centos, Fedora, and openSUSE + + +The setup script is `tools/rpm-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-rpm-deps` install packages required to build the .rpm file +* `--install-qt5-deps` force installation of packages required to use Qt5 +* `--install-qt6-deps` force installation of packages required to use Qt6 +* `--install-all` install everything +* `[other]` other options are passed as-is to the packet manager + +[discrete] +==== macOS + +You must first install Xcode. + +After installing Xcode, the setup script `tools/macos-setup.sh` will +install the rest of the tools and libraries required to build Wireshark, +except for Qt 6, as well as the additional tools required to build the +documentation and the libraries required for all Wireshark features. If +you're using Homebrew, the script `tools/macos-setup-brew.sh` will +install the same tools and libraries from Homebrew. + +If you will be building Wireshark with Qt 6, which is the default for +Wireshark 4.0 and later, you will also have to install Qt; the +`tools/macos-setup.sh` script will not install Qt 6. To install +Qt, go to the https://www.qt.io/download-qt-installer-oss[Download Qt +for open source use page], select “macOS” if it's not already selected, +and then select “Qt online installer for macOS“. This will download a +.dmg for the installer; launch the installer. It will require that you +log into your Qt account; if you don't have an account, select “Sign up“ +to create one. The next page will require you to accept the LGPL (Lesser +GNU Public License); do so. Continue to the “Installation Folder“ page +of the installer screen, and select the “Custom installation“ option. +On the “Select Components“ screen of the installer, select, for the +desired Qt version, the “macOS” component. For example, at the time of +this writing the Qt {qt6-lts-version} “macOS” component is used to build +the official packages. The “Qt Debug Information Files” component +contains dSYM files which can be used for debugging. You can deselect +all of the other the components such as “Qt Charts” or “Android xxxx” +as they aren’t required. + +Qt 6 needs the "Qt 5 Compatibility Module" to be installed as well. Additionally, the module +"Qt Multimedia" may be installed, to support advanced controls for playing back streams in the +RTP Player dialog. + +[#ChSetupUNIXBuild] + +==== Building + +Before building: + +On macOS, you will need to set the Qt installation directory in the +environment: + +[subs="attributes+"] +---- +WIRESHARK_QT6_PREFIX_PATH=~/Qt/{qt6-lts-version}/macos +export WIRESHARK_QT6_PREFIX_PATH +---- + +If you want to append a custom string to the package version, run the +command + +[subs="attributes+"] +---- +WIRESHARK_VERSION_EXTRA=-YourExtraVersionInfo +export WIRESHARK_VERSION_EXTRA +---- + +The recommended (and fastest) way to build Wireshark is with CMake +and Ninja. Building with make took nearly 2x time as Ninja in one +experiment. + +CMake builds are best done in a separate build directory, such as a +`build` subdirectory of the top-level source directory. + +If that directory is a subdirectory of the top-level source directory, +to generate the build files, change to the build directory and enter the +following command: + +---- +cmake .. +---- + +to use make as the build tool or + +---- +cmake -G Ninja .. +---- + +to use Ninja as the build tool. + +If you created the build directory in the +same directory that contains the top-level Wireshark source directory, +to generate the build files, change to the build directory and enter the +following command: + +---- +cmake ../{source directory} +---- + +to use make as the build tool or + +---- +cmake -G Ninja ../{source directory} +---- + +to use Ninja as the build tool. + +`{source directory}` is the name of the +top-level Wireshark source directory. + +If you need to build with a non-standard configuration, you can run + +[source,sh] +---- +cmake -LH ../{source directory} +---- + +to see what options you have. + +You can then run Ninja or make to build Wireshark. + +---- +ninja +# or +make +---- + +Once you have build Wireshark with `ninja` or `make` above, you should be able to test it +by entering `run/wireshark`. + +==== Optional: Install + +Install Wireshark in its final destination: + +---- +make install +---- + +Once you have installed Wireshark with `make install` above, you should be able +to run it by entering `wireshark`. + +==== Optional: Create User’s and Developer’s Guide + +To build the Wireshark User's Guide and the Wireshark Developer's Guide, +build the `all_guides` target, e.g. `make all_guides` or `ninja +all_guides`. Detailed information to build these guides can be found in +the file _docbook/README.adoc_ in the Wireshark sources. + +==== Optional: Create an installable or source code package + +You can create packages using the following build targets and commands: + +Source code tarball:: + Build the `dist` target. + +deb (Debian) package:: + Create a symlink in the top-level source directory to _packaging/debian_, then run `dpkg-buildpackage`. + +RPM package:: + Build the `wireshark_rpm` target. + +https://appimage.org[AppImage] package:: + Build the `wireshark_appimage` target. + +macOS .dmg package containing an application bundle:: + Build the `wireshark_dmg` or `logray_dmg` targets. + +Installable packages typically require building Wireshark first. + +==== Troubleshooting during the build and install on Unix + +A number of errors can occur during the build and installation process. +Some hints on solving these are provided here. + +If the `cmake` stage fails you will need to find out why. You can check the +file `CMakeOutput.log` and `CMakeError.log` in the build directory to find +out what failed. The last few lines of this file should help in determining the +problem. + +The standard problems are that you do not have a required development package on +your system or that the development package isn’t new enough. Note that +installing a library package isn’t enough. You need to install its development +package as well. + +If you cannot determine what the problems are, send an email to the +_wireshark-dev_ mailing list explaining your problem. Include the output from +`cmake` and anything else you think is relevant such as a trace of the +`make` stage. + + +// Retain ChSetupWin32 for backward compatibility +[#ChSetupWindows] +=== Windows: Using Microsoft Visual Studio[[ChSetupWin32]] + +A quick setup guide for Windows development with recommended configurations. + +[WARNING] +==== +Unless you know exactly what you are doing, you +should strictly follow the recommendations below. They are known to work +and if the build breaks, please re-read this guide carefully. + +Known traps are: + +. Not using the correct (x64 or x86) version of the Visual Studio command prompt. + +. Not using a supported version of Windows. Please check + https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet[here] + that your installed version is supported and updated. + +==== + +[#ChSetupChocolatey] + +==== Recommended: Install Chocolatey + +https://chocolatey.org/[Chocolatey] is a native package manager for +Windows. There are https://chocolatey.org/packages[packages] for most of +the software listed below. Along with traditional Windows packages it +supports the Python Package Index. + +Chocolatey tends to install packages into its own path (%ChocolateyInstall%), although packages are free to use their own preferences. +You can install Chocolatey packages using the command `choco install` (or its shorthand, `cinst`), e.g. + +[source,cmd] +---- +rem Flex is required. +choco install -y winflexbison3 +rem Git, CMake, Python, etc are also required, but can be installed +rem via their respective installation packages. +choco install -y git cmake python3 +---- + + +[#ChSetupMSVC] + +==== Install Microsoft Visual Studio + +Download and install https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=17[“Microsoft Visual Studio 2022 Community Edition”]. +If you prefer you can instead download and install https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16[“Microsoft Visual Studio 2019 Community Edition”]. +The examples below are for Visual Studio 2022 but can be adapted for Visual Studio 2019. +These are small utilities that download all the other required parts (which are quite large). + +Check the checkbox for “Desktop development with {cpp}” and then uncheck +all the optional components other than + +* “MSVC ... VS 2022 {cpp}” item with the “... build tools (Latest)” +* “Windows 11 SDK” +* “{cpp} CMake tools for Windows" + +(unless you want to use them for purposes other than Wireshark). + +You can alternatively use Chocolatey to install Visual Studio, using the Visual Studio Community and Native Desktop workload packages. +Note that this includes Visual Studio’s CMake component. + +---- +choco install -y visualstudio2022community visualstudio2022-workload-nativedesktop +---- + +// winget has basic VS 2022 and 2019 packages, but no native desktop workload packages. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/m/Microsoft/VisualStudio + +You can use other Microsoft C compiler variants, but VS2022 is used to +build the development releases and is the preferred option. It’s +possible to compile Wireshark with a wide range of Microsoft C compiler +variants. For details see <>. + +You may have to do this as Administrator. + +Compiling with gcc or Clang is not recommended and will +certainly not work (at least not without a lot of advanced +tweaking). For further details on this topic, see +<>. This may change in future as releases +of Visual Studio add more cross-platform support. + +// XXX - mention the compiler and PSDK web installers - +// which significantly reduce download size - and find out the +// required components + +Why is this recommended? +While this is a huge download, the Community Editions of Visual Studio are free (as in beer) and include the Visual Studio integrated debugger. +Visual Studio 2022 is also used to create official Wireshark builds, so it will likely have fewer development-related problems. + +[#ChSetupQt] + +==== Install Qt + +The main Wireshark application uses the Qt windowing toolkit. To install +Qt, go to the https://www.qt.io/download[“Download Qt” page], select +"Download open source", then "Download Qt Online Installer", and download +"*Qt Online Installer for Windows*". When executing it, sign up or log in, +and use Next button to proceed. When asked, select "*Custom installation*". + +In the "Select Components" page, select your desired Qt version. We recommend +the latest LTS version, and the stable Windows installers currently ship with Qt {qt6-lts-version}. +Select the following components: + +* MSVC 2019 64-bit +* Qt 5 Compatibility Module +* Qt Debug Information Files (contains PDB files which can be used for debugging) +* Under "Additional Libraries" select "Qt Multimedia" to support advanced +controls for playing back streams in the RTP Player dialog +* You can deselect all of the other the components +such as “Qt Charts” or “Android xxxx” as they aren’t required. + +The CMake variable CMAKE_PREFIX_PATH (see `https://doc.qt.io/qt-6/cmake-get-started.html`) should be set as appropriate for your environment and should point to the Qt installation directory, e.g. _C:\Qt{backslash}{qt6-lts-version}\msvc2019_64_ +Alternatively you can also use the environment variable WIRESHARK_QT6_PREFIX_PATH. + +Qt 6 is the default option for building Wireshark, but Wireshark has support for Qt 5.12 and later. To enable Wireshark to build with Qt 5 pass `-DUSE_qt6=OFF` +to cmake. + +[#ChSetupPython] + +==== Install Python + +Get a Python 3 installer from https://python.org/download/[] and install Python. +Its installation location varies depending on the options selected in the installer and on the version of Python that you are installing. +At the time of this writing the latest version of Python is 3.10, and common installation directories are +_C:\Users{backslash}**username**\AppData\Local\Programs\Python\Python310_, _C:\Program Files\Python310_, and _C:\Python310_. + +Alternatively you can install Python using Chocolatey: + +---- +choco install -y python3 +---- + +// Not sure how to document Chocolatey's installation location other than "could be anywhere, LOL" +// https://community.chocolatey.org/packages/python3/#discussion +Chocolatey will likely install Python in one of the locations above, or possibly in _C:\Tools\Python3_. + +// winget has Python 3 packages. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/p/Python/Python/3 + +[#ChSetupGit] + +==== Install Git + +Please note that the following is not required to build Wireshark but can be +quite helpful when working with the sources. + +Working with the Git source repositories is highly recommended, as described in +<>. It is much easier to update a personal source tree (local repository) with Git +rather than downloading a zip file and merging new sources into a personal +source tree by hand. It also makes first-time setup easy and enables the +Wireshark build process to determine your current source code revision. + +There are several ways in which Git can be installed. Most packages are +available at the URLs below or via https://chocolatey.org/[Chocolatey]. +Note that many of the GUI interfaces depend on the command line version. + +If installing the Windows version of git select the +_Use Git from the Windows Command Prompt_ (in chocolatey the _/GitOnlyOnPath_ +option). Do *not* select the _Use Git and optional Unix tools from the Windows Command Prompt_ +option (in chocolatey the _/GitAndUnixToolsOnPath_ option). + +===== The Official Windows Installer + +The official command-line installer is available at https://git-scm.com/download/win. + +===== Git Extensions + +Git Extensions is a native Windows graphical Git client for +Windows. You can download the installer from +https://github.com/gitextensions/gitextensions/releases/latest. + +===== TortoiseGit + +TortoiseGit is a native Windows graphical Git +similar to TortoiseSVN. You can download the installer from +https://tortoisegit.org/download/. + +===== Command Line client via Chocolatey + +The command line client can be installed (and updated) using Chocolatey: +---- +choco install -y git +---- + +// winget has git. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/g/Git/Git + +===== Others + +A list of other GUI interfaces for Git can be found at +https://git-scm.com/downloads/guis + + +[#ChSetupCMake] + +==== Install CMake + +While CMake is required to build Wireshark, it might have been installed as a component of either Visual Studio or Qt. +If that’s the case you can skip this step. +If you do want or need to install CMake, you can get it from https://cmake.org/download/[]. +Installing CMake into the default location is recommended. +Ensure the directory containing cmake.exe is added to your path. + +Alternatively you can install it using Chocolatey: + +---- +choco install -y cmake +---- + +// winget has CMake. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/k/Kitware/CMake + +Chocolatey ensures cmake.exe is on your path. + +[#ChSetupAsciidoctor] + +==== Install Asciidoctor, Xsltproc, And DocBook + +https://asciidoctor.org/[Asciidoctor] can be run directly as a Ruby script or via a Java wrapper (AsciidoctorJ). +The JavaScript flavor (Asciidoctor.js) isn’t yet supported. +It is used in conjunction with Xsltproc and DocBook to generate the documentation you're reading and the User’s Guide. + +You can install AsciidoctorJ, Xsltproc, and DocBook using Chocolatey. +AsciidoctorJ requires a Java runtime and there are https://en.wikipedia.org/wiki/List_of_Java_virtual_machines[many to choose from]. +Chocolatey doesn't support alternative package dependencies at the present time, including dependencies on Java. +As a result, installing the asciidoctorj package won't automatically install a Java runtime -- you must install one separately. + +---- +choco install -y +choco install -y asciidoctorj xsltproc docbook-bundle +---- + +Chocolatey ensures that asciidoctorj.exe and xsltproc.exe is on your +path and that xsltproc uses the DocBook catalog. + +// winget has no Asciidoctor, xsltproc, or DocBook packages. + +==== Install winflexbison + +Get the winFlexBison installer from +https://sourceforge.net/projects/winflexbison/ +and install into the default location. +Ensure the directory containing win_flex.exe is on your path. + +Alternatively you can install Winflexbison using Chocolatey: + +---- +choco install -y winflexbison3 +---- + +Chocolatey ensures win_flex.exe is on your path. + +// winget has no bison package. + +==== Optional: Install Perl + +If needed you can get a Perl installer from +http://strawberryperl.com/ +or +https://www.activestate.com/ +and install Perl into the default location. + +Alternatively you can install Perl using Chocolatey: + +---- +choco install -y strawberryperl +# ...or... +choco install -y activeperl +---- + +// winget has StrawberryPerl. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/StrawberryPerl/StrawberryPerl + +==== Install and Prepare Sources + +[TIP] +.Make sure everything works +==== +It’s a good idea to make sure Wireshark compiles and runs at least once before +you start hacking the Wireshark sources for your own project. This example uses +Git Extensions but any other Git client should work as well. +==== + +*Download sources* Download Wireshark sources into +_C:\Development\wireshark_ using either the command line or Git Extensions: + +Using the command line: + +---- +cd C:\Development +git clone https://gitlab.com/wireshark/wireshark.git +---- + +Using Git extensions: + +. Open the Git Extensions application. By default Git Extensions + will show a validation checklist at startup. If anything needs to + be fixed do so now. You can bring up the checklist at any time + via menu:Tools[Settings]. + +. In the main screen select _Clone repository_. Fill in the following: ++ +Repository to clone: *`https://gitlab.com/wireshark/wireshark.git`* ++ +Destination: Your top-level development directory, e.g. _C:\Development_. ++ +Subdirectory to create: Anything you’d like. Usually _wireshark_. ++ +[TIP] +.Check your paths +==== +Make sure your repository path doesn't contain spaces. +==== + +. Click the btn:[Clone] button. Git Extensions should start cloning the + Wireshark repository. + +[#ChSetupPrepareCommandCom] + +==== Open a Visual Studio Command Prompt + +From the Start Menu (or Start Screen), navigate to the “Visual Studio 2022” folder and choose the https://docs.microsoft.com/en-us/cpp/build/building-on-the-command-line?view=msvc-170#developer_command_prompt_shortcuts[Command Prompt] appropriate for the build you wish to make, e.g. “x64 Native Tools Command Prompt for VS 2022” for a 64-bit version. +Depending on your version of Windows the Command Prompt list might be directly under “Visual Studio 2022” or you might have to dig for it under multiple folders, e.g. menu:Visual Studio 2022[Visual Studio Tools,Windows Desktop Command Prompts]. + +You can set up a build environment in your own command prompt by running the appropriate `vcvars__ARCHITECTURE__.bat` command. +See https://docs.microsoft.com/en-us/cpp/build/building-on-the-command-line?view=msvc-170#use-the-developer-tools-in-an-existing-command-window[Use the Microsoft C++ toolset from the command line] for details. + +[TIP] +.Pin the items to the Task Bar +==== +Pin the Command Prompt you use to the Task Bar for easy access. +==== + +All subsequent operations take place in this Command Prompt window. + +. Set environment variables to control the build. ++ +-- +Set the following environment variables, using paths and values suitable for your installation: + +[subs="attributes+"] +---- +rem Let CMake determine the library download directory name under +rem WIRESHARK_BASE_DIR or set it explicitly by using WIRESHARK_LIB_DIR. +rem Set *one* of these. +set WIRESHARK_BASE_DIR=C:\Development +rem set WIRESHARK_LIB_DIR=c:\wireshark-x64-libs +rem Set the Qt installation directory +set WIRESHARK_QT6_PREFIX_PATH=C:\Qt{backslash}{qt6-lts-version}\msvc2019_64 +rem Append a custom string to the package version. Optional. +set WIRESHARK_VERSION_EXTRA=-YourExtraVersionInfo +---- + +Setting these variables could be added to a batch file to be run after you open +the Visual Studio Tools Command Prompt. + +[TIP] +.Use of Qt’s LTS branch +==== +It is generally recommended to use a LTS ("long term support") version for Qt. The current LTS version for Qt 6 is +{qt6-lts-version}. +==== + +-- + +. Create and change to the correct build directory. +CMake is best used in an out-of-tree build configuration where the build is done in a separate directory from the source tree, leaving the source tree in a pristine state. +64 and 32 bit builds require a separate build directory. +Create (if required) and change to the appropriate build directory. ++ +-- +// XXX Our CI builds are in-tree in /build. +---- +mkdir C:\Development\wsbuild64 +cd C:\Development\wsbuild64 +---- +to create and jump into the build directory. + +The build directory can be deleted at any time and the build files regenerated as detailed in <>. +-- + +[#ChWindowsGenerate] + +==== Generate the build files + +CMake is used to process the CMakeLists.txt files in the source tree and produce build files appropriate +for your system. + +You can generate Visual Studio solution files to build either from within Visual Studio, or from the command +line with MSBuild. CMake can also generate other build types but they aren't supported. + +The initial generation step is only required the first time a build directory is created. Subsequent +builds will regenerate the build files as required. + +If you've closed the Visual Studio Command Prompt <> it again. + +To generate the build files enter the following at the Visual Studio command prompt: +---- +cmake -G "Visual Studio 17 2022" -A x64 ..\wireshark +---- + +Adjusting the path to the Wireshark source tree as required. +To use a different generator modify the `-G` parameter. +`cmake -G` lists all the CMake supported generators, but only Visual Studio is supported for Wireshark builds. +32-bit builds are no longer supported. + +The CMake generation process will download the required 3rd party libraries (apart from Qt) +as required, then test each library for usability before generating the build files. + +At the end of the CMake generation process the following should be displayed: +---- +-- Configuring done +-- Generating done +-- Build files have been written to: C:/Development/wsbuild64 +---- + +If you get any other output, there is an issue in your environment that must be rectified before building. +Check the parameters passed to CMake, especially the `-G` option and the path to the Wireshark sources and +the environment variables `WIRESHARK_BASE_DIR` and `CMAKE_PREFIX_PATH`. + +[#ChWindowsBuild] + +==== Build Wireshark + +Now it’s time to build Wireshark! + +. If you've closed the Visual Studio Command Prompt <> it again. + +. Run ++ +-- +---- +msbuild /m /p:Configuration=RelWithDebInfo Wireshark.sln +---- +to build Wireshark. +-- + +. Wait for Wireshark to compile. This will take a while, and there will be a lot of text output in the command prompt window + +. Run _C:\Development\wsbuild64\run\RelWithDebInfo\Wireshark.exe_ and make sure it starts. + +. Open menu:Help[About]. If it shows your "private" program +version, e.g.: Version {wireshark-version}-myprotocol123 +congratulations! You have compiled your own version of Wireshark! + +You may also open the Wireshark solution file (_Wireshark.sln_) in the Visual Studio IDE and build there. + +TIP: If compilation fails for suspicious reasons after you changed some source +files try to clean the build files by running `msbuild /m /p:Configuration=RelWithDebInfo Wireshark.sln /t:Clean` +and then building the solution again. + +The build files produced by CMake will regenerate themselves if required by changes in the source tree. + +==== Debug Environment Setup + +You can debug using the Visual Studio Debugger or WinDbg. See the section +on using the <>. + +==== Optional: Create User’s and Developer’s Guide + +To build the Wireshark User's Guide and the Wireshark Developer's Guide, +build the `all_guides` target, e.g. `msbuild all_guides.vcxproj`. +Detailed information to build these guides can be found in the file +_docbook\README.adoc_ in the Wireshark sources. + +==== Optional: Create a Wireshark Installer + +Note: You should have successfully built Wireshark +before doing the following. + +If you want to build your own +_Wireshark-{wireshark-version}-myprotocol123-x64.exe_, you'll need +NSIS. You can download it from http://nsis.sourceforge.net[]. + +Note that the 32-bit version of NSIS will work for both 64-bit and 32-bit versions of Wireshark. +NSIS version 3 is required. + +If you've closed the Visual Studio Command Prompt <> it again. Run + +---- +msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj +msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis.vcxproj +---- + +to build a Wireshark installer. +If you sign your executables you should do so between the “wireshark_nsis_prep” and “wireshark_nsis” steps. +To sign your installer you should place the signing batch script on the path. It must be named "sign-wireshark.bat". +It should be autodetected by CMake, to always require signing set the -DENABLE_SIGNED_NSIS=On CMake option. + +Run + +---- +packaging\nsis\wireshark-{wireshark-version}-myprotocol123-x64.exe +---- + +to test your new installer. +It’s a good idea to test on a different machine than the developer machine. + +[#ChSetupMSYS2] + +=== Windows: Using MinGW-w64 with MSYS2 + +MSYS2 comes with different environments/subsystems and the first thing you +have to decide is which one to use. The differences among the environments +are mainly environment variables, default compilers/linkers, architecture, +system libraries used etc. If you are unsure, go with UCRT64. + +==== Building from source + +. Open the shell for the selected 64-bit environment. + +. Download the Wireshark source code using Git, if you haven't done so already, + and cd into that directory. + +. Install needed dependencies: + + tools/msys2-setup.sh --install-all + +. Build using CMake + Ninja: + + mkdir build && cd build + # Ninja generator is the default + cmake -DENABLE_CCACHE=On -DFETCH_lua=Yes .. + ninja + ninja test # optional, to run the test suite + ninja install # optional, install to the MSYS2 shell path + +The application should be launched using the same shell. + +==== Building an .exe installer + +. Follow the instructions above to compile Wireshark from source. + +. Build the NSIS installer target. + + ninja wireshark_nsis_prep + ninja wireshark_nsis + +If successful the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`. + +Alternatively you can also use the PKGBUILD included in the Wireshark +source distribution to compile Wireshark into a binary package that can be +https://www.msys2.org/wiki/Creating-Packages/[installed using pacman]. + +==== Comparison with MSVC toolchain + +The official Wireshark Windows installer is compiled using Microsoft Visual +Studio (MSVC). Currently the MSYS2 build has the following limitations compared to +the build using MSVC: + +* Lua does not have https://github.com/Lekensteyn/lua-unicode[custom UTF-8 patches]. + +* The Event Tracing for Windows (ETW) extcap cannot be compiled using MinGW-w64. + +* Enhanced Kerberos dissection with decryption is not available. + +* AirPcap is not supported. + +[#ChSetupCross] + +=== Windows: Cross-compilation using Linux + +It is possible to compile Wireshark for Microsoft Windows using Linux and MinGW. +This way developers can deploy Wireshark on Windows systems without requiring +a Windows host machine. Building for Windows using a Linux host is also +easier for devs already familiar with Linux, the build itself is faster and it +uses a very mature C/C++ compiler (GCC) and debugger (GDB). + +==== Using Fedora Linux + +https://fedoraproject.org/[Fedora Linux] provides the best out-of-the-box +support for MinGW cross-compilation. Fedora is what the project uses to test +the build and it's what we recommend. While any other reasonably modern Linux +distribution can be used, that will make the process more time consuming and +involve some trial and error to setup. + +The build instructions on Fedora follow the familiar recipe for building Wireshark +using Linux. + +===== Building from source + +. Install needed dependencies: + + tools/mingw-rpm-setup.sh --install-all + +. Build using CMake + Ninja: + + mkdir build && cd build + mingw64-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes .. + ninja ++ +Note that currently it is not possible to run the test-suite when cross-compiling. + +. Build the NSIS installer + + ninja wireshark_nsis_prep + ninja wireshark_nsis + +If successful the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`. + +===== Notes and comparison with MSVC builds + +* Only the MSVCRT C library for Microsoft Windows can be used. Support for the + UCRT (Universal C Runtime) library on Fedora Linux is in the initial stages of + deployment and not ready for prime-time (at the time of this writing). + +* Some optional dependencies are missing from Fedora repositories and must be + compiled from source if desired. An up-to-date complete list can be found in + the bug tracker (https://gitlab.com/wireshark/wireshark/-/issues/19108[issue 19108]). + +* Lua does not have https://github.com/Lekensteyn/lua-unicode[custom UTF-8 patches]. + +* The Event Tracing for Windows (ETW) extcap cannot be compiled using MinGW-w64. + +* Enhanced Kerberos dissection with decryption is not available. + +* AirPcap is not supported. + +==== Using Arch Linux + +https://archlinux.org/[Arch Linux] has good support for MinGW using packages +from the https://aur.archlinux.org/[AUR]. Note that the mingw-w64 AUR packages +sometimes break. If that happens you may be required to fix it or skip the +package until it is fixed by the maintainer, if it's an optional dependency. +You may also want to consider using an +https://wiki.archlinux.org/title/unofficial_user_repositories[unofficial user repository] +(such as the https://martchus.no-ip.biz/repo/arch/ownstuff/[ownstuff] repository) +to provide pre-compiled packages. This will greatly simplify the initial setup +and subsequent upgrades. + +CAUTION: AUR packages and unofficial user repositories are user-produced +content. These packages are completely unofficial and have not been thoroughly +vetted. It is your decision whether to trust their maintainers and you take +full responsibility for choosing to use them. + +You will need to install an https://wiki.archlinux.org/title/AUR_helpers[AUR helper]. +This guide assumes `paru` is being used. + +. Install required dependencies from official repositories: + + pacman -S mingw-w64 nsis lemon qt6-tools ccache + +. Install required dependencies from the AUR: + + paru -S mingw-w64-cmake + paru -S mingw-w64-glib2 + paru -S mingw-w64-libgcrypt + paru -S mingw-w64-c-ares + paru -S mingw-w64-speexdsp + paru -S mingw-w64-libpcap + +. Install Qt6: + + paru -S mingw-w64-qt6-base mingw-w64-qt6-5compat mingw-w64-qt6-multimedia + +. Install optional dependencies: + + paru -S mingw-w64-gnutls + paru -S mingw-w64-lz4 + paru -S mingw-w64-snappy + paru -S mingw-w64-opus + paru -S mingw-w64-opencore-amr + paru -S mingw-w64-libxml2 + paru -S mingw-w64-libnghttp2 + paru -S mingw-w64-libssh + paru -S mingw-w64-minizip ++ +Search the AUR for other dependencies not listed above. + +. Build Wireshark using CMake + Ninja. From the directory containing the + Wireshark source tree run: + + mkdir build && cd build + x86_64-w64-mingw32-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes \ + -DMINGW_SYSROOT=/usr/x86_64-w64-mingw32 .. + ninja ++ +This will automatically download and build Lua as a static library. ++ +To reconfigure the CMake build you may to do it explicitly by running +`x86_64-w64-mingw32-cmake .` in the build directory, +instead of letting `ninja` do it for you automatically. + +. Build the NSIS installer + + ninja wireshark_nsis_prep + ninja wireshark_nsis + +If everything goes well the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`. + +The same notes as the build using Fedora apply. diff --git a/docbook/wsdg_src/wsdg_sources.adoc b/docbook/wsdg_src/wsdg_sources.adoc new file mode 100644 index 00000000..9e2a3c10 --- /dev/null +++ b/docbook/wsdg_src/wsdg_sources.adoc @@ -0,0 +1,1412 @@ +[#ChapterSources] + +== Work with the Wireshark sources + +[#ChSrcIntro] + +=== Introduction + +This chapter will explain how to work with the Wireshark source code. +It will show you how to: + +* Get the source + +* Compile it on your machine + +* Submit changes for inclusion in the official release + +This chapter will not explain the source file contents in detail, +such as where to find specific functionality. This is done in +<>. + +[#ChSrcGitRepository] + +=== The Wireshark Git repository + +https://git-scm.com/[Git] is used to keep track of the changes made to the Wireshark source code. +The official repository is hosted at {wireshark-gitlab-project-url}[GitLab], and incoming changes are evaluated and reviewed there. +For more information on GitLab see https://docs.gitlab.com/ce/gitlab-basics/[their documentation]. + +.Why Git? + +Git is a fast, flexible way of managing source code. +It allows large scale distributed development and ensures data integrity. + +.Why GitLab? + +GitLab makes it easy to contribute. +You can make changes locally and push them to your own work area at gitlab.com, or if your change is minor you can make changes entirely within your web browser. + +.Historical trivia: GitLab is the *fourth* iteration of our source code repository and code review system. + +Wireshark originally used https://www.nongnu.org/cvs/[Concurrent Versions System] (CVS) and migrated to https://subversion.apache.org/[Subversion] in July 2004. +We migrated from Subversion to Git and https://www.gerritcodereview.com/[Gerrit] in January 2014, and from Gerrit to GitLab in August 2020. + +Using Wireshark’s GitLab project you can: + +* Keep your private sources up to date with very little effort. +* Receive notifications about code reviews and issues. +* Get the source files from any previous release (or any other point in time). +* Browse and search the source code using a web interface. +* See which person changed a specific piece of code. + +[#ChSrcWebInterface] + +==== Git Naming Conventions + +Like most revision control systems, Git uses +https://en.wikipedia.org/wiki/Branching_%28revision_control%29[branching] +to manage different copies of the source code and allow parallel development. +Wireshark uses the following branch naming conventions: + +.master. +Main feature development and odd-numbered development releases. + +.release-x.y, master-x.y. +Stable release maintenance. For example, release-3.4 is used to manage the 3.4.x official releases. + +Tags for major releases and release candidates consist of a “v” followed by a version number such as “v3.2.1” or “v3.2.3rc0”. +Major releases additionally have a tag prefixed with “wireshark-” followed by a version number, such as “wireshark-3.2.0”. + + +[#ChSrcGitWeb] +=== Browsing And Searching The Source Code + +If you need a quick look at the Wireshark source code you can browse the repository files in GitLab at + +{wireshark-code-browse-url} + +You can view commit logs, branches, and tags, find files and search the repository contents. +You can also download individual files. + +[#ChSrcObtain] +=== Obtaining The Wireshark Sources + +There are two primary ways to obtain Wireshark’s source code: Git and compressed .tar archives. +Each is described in more detail below. +We recommend using Git for day to day development, particularly if you wish to contribute changes back to the project. +The age mentioned in the following sections indicates the age of the most recent change in that set of the sources. + + +[#ChSrcGit] +==== Git Over SSH Or HTTPS + +This method is strongly recommended for day to day development. + +You can use a Git client to download the source code from Wireshark’s code review system. +Anyone can clone from the anonymous HTTP git URL: + +{wireshark-git-anonhttp-url} + +If you have a GitLab account you can also clone using SSH: + +{wireshark-git-ssh-url} + +If wish to make changes to Wireshark you must create a GitLab account, create a fork of the official Wireshark repository, update your fork, and create a merge request. +See <> for details. + +The following example shows how to get up and running on the command line. +See <> for information on installing and configuring graphical Git clients. + +. Now on to the command line. +First, make sure `git` works: ++ +-- +[source,sh] +---- +$ git --version +---- +-- + +. If this is your first time using Git, make sure your username and email address are configured. +This is particularly important if you plan on uploading changes: ++ +-- +[source,sh] +---- +$ git config --global user.name "Henry Perry" +$ git config --global user.email henry.perry@example.com +---- +-- + +. Next, clone the Wireshark repository: ++ +-- +[source,sh] +---- +# If you have a GitLab account, you can use the SSH URL: +$ git clone -o upstream git@gitlab.com:wireshark/wireshark.git +# If you don't you can use the HTTPS URL: +$ git clone -o upstream https://gitlab.com/wireshark/wireshark.git +# You can speed up cloning in either case by adding --shallow-since=1year or --depth=5000. +---- +The clone only has to be done once. +This will copy all the sources (including directories) from the server to your machine and check out the latest version. + +The `-o upstream` flag uses the origin name “upstream” for the repository instead of the default “origin” as described in the https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html[GitLab documentation]. + +Cloning may take some time depending on the speed of your internet connection. + +The `--shallow-since=1year` option limits cloned commits to the last 1 year. + +The `--depth=5000` option limits cloned commits to the last 5000. +-- + +[#ChSrcDevelopmentSnapshots] +==== Development Snapshots + +This method is useful for one-off builds or if Git is inaccessible (e.g. because of a restrictive firewall). + +Our GitLab CI configuration automatically generates development packages, including source packages. +They can be found at {wireshark-snapshots-url}. +Packages are available for recent commits in the master branch and each release branch. + +[#ChSrcReleased] +==== Official Source Releases + +This method is recommended for building downstream release packages. + +The official source releases can be found at {wireshark-download-url}. +You should use these sources if you want to build Wireshark on your platform based on an official release with minimal or no changes, such as Linux distribution packages. + +[#ChSrcUpdating] +=== Update Your Wireshark Sources + +After you've obtained the Wireshark sources for the first time, +you might want to keep them in sync with the sources at the upstream +Git repository. + +[TIP] +.Take a look at the recent commits first +==== +As development evolves, the Wireshark sources are compilable most of the time -- but not always. +You should take a look at {wireshark-commits-url} before fetching or pulling to make sure the builds are in good shape. +==== + +[#ChSrcGitUpdate] +==== Update Using Git + +From time to time you will likely want to synchronize your master branch with the upstream repository. +You can do so by running: + +[source,sh] +---- +$ git pull --rebase upstream master +---- + +[#ChSrcBuildFirstTime] +=== Build Wireshark + +The sources contain several documentation files. It’s a good idea to read these +files first. After obtaining the sources, tools and libraries, the first place +to look at is _doc/README.developer_. Inside you will find the latest +information for Wireshark development for all supported platforms. + +.Build Wireshark before changing anything +[TIP] +==== +It is a very good idea to first test your complete build environment +(including running and debugging Wireshark) before making any changes +to the source code (unless otherwise noted). +==== + +Building Wireshark for the first time depends on your platform. + +==== Building on Unix + +Follow the build procedure in <> to build Wireshark. + +==== Windows Native + +Follow the build procedure in <> to build Wireshark. + +After the build process has successfully finished, you should find a +`Wireshark.exe` and some other files in the `run\RelWithDebInfo` directory. + +[#ChSrcBuildType] +==== Build Type + +CMake can compile Wireshark for several different build types: + +.Build Types +|=== +|Type |Compiler Flags |Description + +|`RelWithDebInfo` +|`-O2 -g` +|Default, build with default optimizations and generate debug symbols. +Enables assertions and disables debug level logs + +|`Debug` +|`-O0 -g -DWS_DEBUG -DWS_DEBUG_UTF_8` +|For development, no optimization. Enables assertions +and debug level logs + +|`Release` +|`-O3 -DNDEBUG` +|Optimized for speed, no debug symbols or debug level logs or assertions + +|`MinSizeRel` +|`-Os -DNDEBUG` +|Optimized for size, no debug symbols or debug level logs or assertions +|=== + +The default is `RelWithDebInfo`, which provides a good compromise of +some optimization (`-O2`) along with including debug symbols (`-g`) +for release builds. For normal development coding you probably want to be +using `Debug` build type or set -DENABLE_DEBUG=On, to enable full +<> and debug code. + +CMake will automatically add the -DNDEBUG option to certain build +types. This macro is used to disable assertions but it can be overruled +using ENABLE_ASSERT, which can be used to unconditionally enable assertions +if defined. + +To change the build type, set the CMake variable `CMAKE_BUILD_TYPE`, e.g.: + +[source,sh] +---- +$ cmake .. -DCMAKE_BUILD_TYPE=Debug +---- + +or on Windows, + +[source,cmd] +---- +> msbuild /m /p:Configuration=Debug Wireshark.sln +---- + +[#ChSrcRunFirstTime] +=== Run Your Version Of Wireshark + + +[TIP] +.Beware of multiple Wiresharks +==== +An already installed Wireshark may interfere with your newly generated +version in various ways. If you have any problems getting your Wireshark +running the first time, it might be a good idea to remove the previously +installed version first. +==== + +[#ChSrcRunFirstTimeUnix] +==== Unix-Like Platforms + +After a successful build you can run Wireshark right from the `run` directory. +There's no need to install it first. + +[source,sh] +---- +$ ./run/wireshark +---- + +There’s no need to run Wireshark as root user, but depending on your platform you might not be able to capture. +Running Wireshark this way can be helpful since debugging output will be displayed in your terminal. +You can also change Wireshark’s behavior by setting various environment variables. +See the {wireshark-man-page-url}wireshark.html#ENVIRONMENT-VARIABLES[ENVIRONMENT VARIABLES] section of the Wireshark man page for more details. + +On macOS, Wireshark is built as an application bundle (_run/Wireshark.app_) by default, and _run/wireshark_ will be a wrapper script that runs _Wireshark.app/Contents/MacOS/Wireshark_. +Along with running `./run/wireshark` as shown above you can also run it on the command line with `open run/Wireshark.app`. + +[#ChSrcRunFirstTimeWindows] +==== Windows Native + +By default the CMake-generated Visual {cpp} project places all of the files necessary to run Wireshark in the subdirectory `run\RelWithDebInfo`. +As with the Unix-like build described above, you can run Wireshark from the build directory without installing it first. + +[source,cmd] +---- +> .\run\RelWithDebInfo\Wireshark +---- + + +[#ChSrcDebug] +=== Debug Your Version Of Wireshark + +Optimization can make debugging a bit more difficult, e.g. by changing the +execution order of statements. To disable optimization, set the +<> to `Debug`. + +Full debug logs can be invaluable to investigate any issues with the code. +By default debug level logs are only enabled with `Debug` build type. You +can enable full debug logs and extra debugging code by configuring the +ENABLE_DEBUG CMake option. This in turn will define the macro symbol +`WS_DEBUG` and enable the full range of debugging code in Wireshark. + +There is an additional CMake knob called ENABLE_DEBUG_UTF_8 that can be used to +control specifically the extra validation Wireshark performs internally +for invalid UTF-8 encodings in internal strings, which should never happen +and can be somewhat expensive to check during normal usage. + +Conversely, the `Release` or `MinSizeRel` build types can be used to optimize +further for speed or size, but do not include debug symbols for use with +debuggers, and completely disable <> +and asserts, optimizing away the code path. Ensure that you have not built with +one of those types before attempting debugging. + +[#ChSrcLogging] +==== Wireshark Logging + +Wireshark has a flexible logging system to assist in development and troubleshooting. +Logging configuration takes into account what, when and where to output diagnostic messages. + +* The 'what generates log messages' is defined through logging domain(s). +* The 'when it generates log messages' is defined through the logging level. +* The 'where it outputs log messages' is defined through the output channel(s). + +The details to configure and use the logging system are explained in the following sections. + +[#ChSrcLoggingDomains] +===== Logging Domains + +Any part of Wireshark can be assigned a logging domain. This is already done for most of the internals of Wireshark, +e.g., "Main", "Capture", "Epan", "GUI". The domains are defined in the `ws_log_defs.h` header but dissectors should +define their own logging domain. Any string can be used as ID for a logging domain. + +[#ChSrcLoggingLevels] +===== Logging Levels + +The following logging levels are defined from highest to lowest: + +* error +* critical +* warning +* message +* info +* debug +* noisy + +By default logging output is generated for logging level "message" and above. If the logging level is lowered or raised +all log output generated at or above this level is sent to the log output. +Note that if the <> is not set to `Debug` +then by default all log output for the logging levels "debug" and +"noisy" will be optimized away by the compiler and cannot be emitted to the log +output, regardless of the logging setings. To enable debug logging for all build +types, set the CMake variable `-DENABLE_DEBUG=ON`. + +There is also a special "echo" logging level used exclusively for temporary debugging print outs (usually +via the `WS_DEBUG_HERE` macro). + +[#ChSrcLoggingOutput] +===== Logging Output + +By default logging output is sent to stderr. In addition to that it is possible to configure a log file. This collects all log output to the +file, besides the normal output streams. The output can then be read in a text editor or used with other text processing tools. + +A program can also register its own log writer when the standard facilities are insufficient or special handling is required. + +[#ChSrcConfigureLogging] +===== Configure Logging + +Logging can be configured through either environment variables or command line parameters. + +The following environment variables and command line parameters are used by the logging system: + +WIRESHARK_LOG_DOMAIN, WIRESHARK_LOG_DOMAINS, or --log-domain, --log-domains:: +This is a filter for the domain(s) which are to generate log messages. +WIRESHARK_LOG_LEVEL, or --log-level:: +This is the level (below critical) for which log messages are to be generated. This is used for all configured domains. +WIRESHARK_LOG_DEBUG, or --log-debug:: +These domain(s) will generate debug level log messages regardless of the log level and log domains configured. +WIRESHARK_LOG_NOISY, or --log_noisy:: +These domain(s) will generate noisy level log messages regardless of the log level and log domains configured. + +Multiple domains can be concatenated using commas or semicolons. The match can be inverted by prefixing the domain(s) list with an exclamation mark. + +[#ChSrcTrapsLogging] +==== Traps Set By Logging + +Sometimes it can be helpful to abort the program right after a log message of a certain level or a certain domain is output. + +The following environment variables are used to configure a trap by the logging system: + +WIRESHARK_LOG_FATAL, or --log_fatal:: +This is the level for which log messages are fatal. This can either be "critical" or "warning" level. + +WIRESHARK_LOG_FATAL_DOMAIN, WIRESHARK_LOG_FATAL_DOMAINS, or --log-fatal-domain, --log-fatal-domains:: +These are the domain(s) where output of a log message is fatal. This is less commonly used than the fatal log level setting above. + +[#ChSrcLoggingApi] +==== Logging APIs + +The logging API can be found in `wsutil/wslog.h`. + +To use the logging API for your code add the definition of the ID of your logging domain right after including `config.h`. For example: + +[source,c] +---- +/* My code doing something awesome */ +#include "config.h" +#define WS_LOG_DOMAIN "MyCode" + +#include + +... +---- + +Populate your code with the applicable function calls to generate log messages when enabled. The following convenience macros are provided: + +* `ws_error()` +* `ws_critical()` +* `ws_warning()` +* `ws_message()` +* `ws_info()` +* `ws_debug()` +* `ws_noisy()` + +All these take `printf()` style parameters. There is also a `WS_DEBUG_HERE` macro that is always active and outputs to a special "echo" +domain for temporary debug print outs. `WS_DEBUG_HERE` should be used for development purposes only and not appear in final delivery of the code. + +[#ChSrcUnixDebug] +==== Unix-Like Platforms + +You can debug using command-line debuggers such as gdb, dbx, or lldb. +If you prefer a graphic debugger, you can use an IDE or debugging frontend +such as Qt Creator, CLion, or Eclipse. + +Additional traps can be set on Wireshark, see <> + +[#ChSrcMemorySafety] +===== Memory Safety and Leaks + +Wireshark's wmem memory management framework makes it easy to allocate +memory in pools with a certain scope that is freed automatically at +a certain point (such as the end of dissecting a packet or when closing +a file), even if a dissector raises an exception after allocating the +memory. Memory in a pool is also freed collectively, which can be +considerably faster than calling `free()` individually on each individual +allocation. Proper use of wmem makes a dissector faster and less prone +to memory leaks with unexpected data, which happens frequently with +capture files. + +However, wmem's block allocation can obscure issues that memory checkers +might otherwise catch. Fortunately, the `WIRESHARK_DEBUG_WMEM_OVERRIDE` +environment variable can be set at runtime to instruct wmem to use a specific +memory allocator for all allocations, some of which are more compatible with +memory checkers: + +* `simple` - Uses `malloc()` only, no block allocation, compatible with Valgrind +* `strict` - Finds invalid memory via canaries and scrubbing freed memory +* `block` - Standard block allocator for file and epan scopes +* `block_fast` - Block allocator for short-lived scope, e.g. packet, (`free()` is a no-op) + +The `simple` allocator produces the most accurate results with tools like +https://valgrind.org[Valgrind] and can be enabled as follows: + +[source,sh] +---- +$ export WIRESHARK_DEBUG_WMEM_OVERRIDE=simple +---- + +Wireshark uses GLib's GSlice memory allocator, either indirectly via wmem or via various GLib API calls. +GLib provides a `G_SLICE` environment variable that can be set to `always-malloc` (similar to `simple`) or `debug-blocks` (similar to `strict`). +See https://developer-old.gnome.org/glib/stable/glib-running.html for details. +The C libraries on FreeBSD, Linux, and macOS also support memory allocation debugging via various environment variables. +You can enable many of them by running `source tools/debug-alloc.env` in a POSIX shell. + +If you're encountering memory safety bugs, you might want to build with +https://github.com/google/sanitizers/wiki/AddressSanitizer[Address Sanitizer] +(ASAN) so that Wireshark will immediately alert you to any detected issues. +It works with GCC or Clang, provided that the appropriate libraries are installed. + +[source,sh] +---- +$ cmake .. -G Ninja -DENABLE_ASAN=1 +$ source ../tools/debug-alloc.env +$ ./run/tshark ... +---- + +TIP: ASAN slows things down by a factor of 2 (or more), so having a different +build directory for an ASAN build can be useful. + +ASAN will catch more errors when run with either the `simple` or `strict` +wmem allocator than with the defaults. (It is more compatible with the +`strict` allocator and the analogous GSlice `debug-blocks` option than +Valgrind is.) + +For additional instrumentation, ASAN supports a number of +https://github.com/google/sanitizers/wiki/AddressSanitizerFlags[options]. + +For further investigating memory leaks, the following can be useful: + +[source,sh] +---- +# This slows things down a lot more but results in more precise backtraces, +# especially when calling third party libraries (such as the C++ standard +# library): +$ export ASAN_OPTIONS=fast_unwind_on_malloc=0 +# This causes LeakSanitizer to print the addresses of leaked objects for +# inspection in a debugger: +$ export LSAN_OPTIONS=report_objects=1 +---- + +LeakSanitizer and AddressSanitizer can detect issues in third-party libraries +that you cannot do anything about. For example, internal Qt library calls to +the fontconfig library can produce leaks. To ignore them, create a +https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer#suppressions[suppressions file] with an appropriate entry, e.g. `leak:libfontconfig`. + +If you are just interested in memory safety checking, but not memory +leak debugging, disable the included https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer[LeakSanitizer] with: + +[source,sh] +---- +$ export ASAN_OPTIONS=detect_leaks=0 +---- + +[#ChSrcWindowsDebug] +==== Windows Native + +You can debug using the Visual Studio Debugger or WinDbg. See the section +on using the <>. + +[#ChSrcChange] +=== Make Changes To The Wireshark Sources + +There are several reasons why you might want to change Wireshark’s sources: + +* Add support for a new protocol (i.e., add a new dissector) + +* Change or extend an existing dissector + +* Fix a bug + +* Implement a glorious new feature + +Wireshark’s developers work on a variety of different platforms and use a variety of different development environments. +Although we don't enforce or recommend a particular environment, your editor should support https://editorconfig.org/[EditorConfig] in order to make sure you pick up the correct indentation style for any files that you might edit. + +The internal structure of the Wireshark sources are described in <>. + +.Ask the {wireshark-dev-list-email} mailing list before you start a new development task. +[TIP] +==== +If you have an idea what you want to add or change it’s a good idea to +contact the developer mailing list +(see <>) +and explain your idea. Someone else might already be working on the same +topic, so a duplicated effort can be reduced. Someone might also give you tips that +should be thought about (like side effects that are sometimes very +hard to see). +==== + +// XXX - Add a section on branching. + +[#ChSrcContribute] +=== Contribute Your Changes + +If you have finished changing the Wireshark sources to suit your needs, you might want to contribute your changes back to the Wireshark community. +You gain the following benefits by contributing your improvements: + +.It’s the right thing to do. +Other people who find your contributions useful will appreciate them, and you will know that you have helped people in the same way that the developers of Wireshark have helped you. + +.You get free enhancements. +By making your code public, other developers have a chance to make improvements, as there’s always room for improvements. +In addition someone may implement advanced features on top of your code, which can be useful for yourself too. + +You save time and effort. +The maintainers and developers of Wireshark will maintain your code as well, updating it when API changes or other changes are made, and generally keeping it in tune with what is happening with Wireshark. +So if Wireshark is updated (which is done often), you can get a new Wireshark version from the website and your changes will already be included without any effort for you. + +There’s no direct way to push changes to the {wireshark-gitlab-project-url}[main repository]. +Only a few people are authorised to actually make changes to the source code (check-in changed files). +If you want to submit your changes, you should upload them to the code review system at {wireshark-code-review-url}. +This requires you to set up git as described at <>. + +[#ChSrcCreatingMergeRequests] +==== Creating Merge Requests + +// To do: +// - Note that you can mirror your fork: https://about.gitlab.com/blog/2016/12/01/how-to-keep-your-fork-up-to-date-with-its-origin/ +// - Mention CLI utilities. + +GitLab uses a https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html[forking workflow], which looks like this: + +.GitLab Workflow +image::images/git-triangular-workflow.svg[] + +In the diagram above, your fork can created by pressing the “Fork” button at {wireshark-gitlab-project-url}. +Your local repository can be created as described in <>. +You only need to do this once. +You should pull from the main repository on a regular basis in order to ensure that your sources are current. +You should push any time you want to make a merge request or otherwise make your code public. +The “Pull”, “Push”, and “Merge Request” parts of the workflow are important, so let’s look at them in more detail. + +First, you need to set up your environment. +For the steps below we’ll pretend that your username is “henry.perry”. + +. Sign in to {wireshark-gitlab-project-url} by clicking “Sign in / Register” in the upper right corner of the web page and following the login instructions. + +. https://docs.gitlab.com/ce/ssh/[Add an SSH key to your account] as described in the GitLab documentation. + +. Make sure you have a clone of the main repository as described in <>. + +. Create your own personal fork of the Wireshark project by https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html[pressing the “Fork” button] at {wireshark-gitlab-project-url}. ++ +-- +WARNING: If you want to make merge requests you must keep your fork public. +Making it private will disassociate it from the main Wireshark repository. +-- + +. Add a remote for your personal repository. +The main repository remote is named “upstream”, so we'll name this one “downstream”. ++ +-- +[source,sh] +---- +$ git remote add downstream git@gitlab.com:henry.perry/wireshark.git +---- +-- + +. Double-check your remotes: ++ +-- +[source,sh] +---- +$ git remote -v +$ downstream git@gitlab.com:henry.perry/wireshark.git (fetch) +$ downstream git@gitlab.com:henry.perry/wireshark.git (push) +$ upstream git@gitlab.com:wireshark/wireshark.git (fetch) +$ upstream git@gitlab.com:wireshark/wireshark.git (push) +---- +-- + +Before you begin it’s a good idea to synchronize your local repository with the main repository. +This is the *Pull* part of the workflow. +You should do this periodically in order to stay up to date and avoid merge conflicts later on. + +. Fetch and optionally apply the latest changes. ++ +-- +[source,sh] +---- +# Fetch changes from upstream and apply them to the current branch... +$ git pull --rebase upstream master +# ...or fetch changes and leave the current branch alone +$ git fetch upstream +---- +-- + +Now you’re ready to create a merge request (the *Push* and *Merge Request* parts of the workflow above). + +. First, create a branch for your change: ++ +-- +[source,sh] +---- +$ git checkout -b my-glorious-new-feature upstream/master +---- +-- + +. Write some code! +See <> and <> for details. + +. Commit your changes. +See <> for details. ++ +-- +[source,sh] +---- +$ git commit -a +---- +-- + +. Push your changes to your personal repository. ++ +-- +[source,sh] +---- +$ git push downstream HEAD +---- +-- + +. Go to {wireshark-merge-request-url}. +You should see a https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html#create-merge-request-button[“Create merge request”] button. +Press it. + +. In the merge request page, make sure “Allow commits from members who can merge to the target branch” is selected so that core developers can rebase your change. You might want to select “Delete source branch when merge request is accepted” as well. Click the “Submit merge request” button. + +// XXX Add command line instructions for one or more of the following: +// https://docs.gitlab.com/ee/user/project/push_options.html +// https://github.com/zaquestion/lab - Go (single binary). +// https://invent.kde.org/sdk/git-lab - Developed by the KDE team. +// https://github.com/vishwanatharondekar/gitlab-cli - Might work well for people who don't mind using NPM. + + +[#ChSrcUpdatingMergeRequests] +==== Updating Merge Requests + +At this point various automated tests will be run and someone will review your change. +If you need to make changes you can do so by force-pushing it to the same branch in your personal repository. + +. Push your changes to your personal repository. ++ +-- +[source,sh] +---- +# First, make sure you're on the right branch. +$ git status +On branch my-glorious-new-feature +---- +-- + +. Update your code. + +. Push your changes to your personal repository. ++ +-- +[source,sh] +---- +# Modify the current commit and force-push... +$ git commit --amend ... +$ git push downstream +HEAD +# ...or keep the current commit as-is add another commit on top of it +$ git commit ... +$ git push downstream HEAD +---- +The `+` sign is shorthand for forcing the push (`-f`). +-- + +[#ChSrcGoodPatch] +==== Some Tips For A Good Patch + +Some tips that will make the merging of your changes into Git much more likely +(and you want exactly that, don't you?): + +.Use the latest Git sources. +It’s a good idea to work with the same sources that are used by the other developers. +This usually makes it much easier to apply your patch. +For information about the different ways to get the sources, see <>. + +.Update your sources just before making a patch. +For the same reasons as the previous point. + +.Inspect your patch carefully. +Run `git diff` or `git show` as appropriate and make sure you aren't adding, removing, or omitting anything you shouldn't. + +.Give your branch a brief but descriptive name. +Short, specific names such as _snowcone-machine-protocol_ are preferred. + +.Don't put unrelated things into one large change. +Merge requests should be limited in scope. +For example, updates to the Snowcone Machine Protocol dissector and the Coloring Rules dialog box should be in separate merge requests. + +In general, making it easier to understand and apply your patch by one of the maintainers will make it much more likely (and faster) that it will actually be applied. + +.Thank you in advance for your patience. +Wireshark is a volunteer effort. +As a result, we can’t guarantee a quick turnaround time. + +.Preview the final product. +Wireshark’s GitLab CI jobs are disabled by default for forks, but if you need to test any CI jobs you can do so under the “Pipelines” section in your repository. +For example, if your change might affect Debian (apt) packaging you can run the “build:debian-stable” job. + +[#ChSrcGoodCommitMessage] +==== Writing a Good Commit Message + +When running `git commit`, you will be prompted to describe your change. +Here are some guidelines on how to make that message more useful to other people (and to scripts that may try to parse it): + +.Provide a brief description (under 60 characters or so) of the change in the first line. +If the change is specific to a single protocol, start this line with the abbreviated name of the protocol and a colon. +If the change is not yet complete prefix the line with “WIP:” to inform this change not to be submitted yet. +This be removed when the change is ready to be merged. + +.Insert a single blank line after the first line. +This is required by various formatting tools and helpful to humans. + +.Provide a detailed description of the change in the lines that follow. +Break paragraphs where needed. +Limit each line to 80 characters. + +You can also reference and close issues in a commit message by prefixing the issue number with a https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically[number sign]. +For example, “closes #5” will close issue number 5. + +Putting all that together, we get the following example: + +[source] +---- +MIPv6: Fix dissection of Service Selection Identifier + +APN field is not encoded as a dotted string so the first character is not a +length. Closes #10323. +---- + +[#ChSrcCodeRequirements] + +==== Code Requirements + +To ensure Wireshark’s code quality and to reduce friction in the code review process, there are some things you should consider before submitting a patch: + +.Follow the Wireshark source code style guide. +Wireshark runs on many platforms, and can be compiled with a number of different compilers. +It’s easy to write code that compiles on your machine, but doesn’t compile elsewhere. +The guidelines at <> describe the techniques and APIs that you can use to write high-quality, portable, and maintainable code in our environment. + +.Submit dissectors as built-in whenever possible. +Developing a new dissector as a plugin can make compiling and testing quicker, but it’s usually best to convert it to built-in before submitting for review. +This reduces the number of files that must be installed with Wireshark and ensures your dissector will be available on all platforms. + +Dissectors vary, so this is not a hard-and-fast rule. +Most dissectors are single C modules that can easily be put into “the big pile.” +Some (most notably ASN.1 dissectors) are generated using templates and configuration files. +Others are split across multiple source files and are often more suitable to be placed in a separate plugin directory. + +.Ensure that the Wireshark Git Pre-Commit Hook is in the repository. +In your local repository directory, there will be a __.git/hooks/__ directory, with sample git hooks for running automatic actions before and after git commands. +You can also optionally install other hooks that you find useful. + +In particular, the _pre-commit_ hook will run every time you commit a change and can be used to automatically check for various errors in your code. +The sample git pre-commit hook simply detects whitespace errors such as mixed tabs and spaces. +To install it just remove the .sample suffix from the existing _pre-commit.sample_ file. + +Wireshark provides a custom pre-commit hook which does additional Wireshark-specific API and formatting checks, but it might return false positives. +If you want to install it, copy the pre-commit file from the tools directory (`cp ./tools/pre-commit .git/hooks/`) and make sure it is executable or it will not be run. + +If the pre-commit hook is preventing you from committing what you believe is a valid change, you can run `git commit --no-verify` to skip running the hooks. +Warning: using --no-verify avoids the commit-msg hook, and thus if you have setup this hook it will not run. + +Additionally, if your system supports symbolic links, as all UNIX-like platforms do, you can use them instead of copying files. +Running `ln -s ../../tools/pre-commit .git/hooks` creates a symbolic link that will make the hook to be up-to-date with the current master. + +.Choose a compatible license. +Wireshark is released under the {spdx-license-url}GPL-2.0-or-later.html[GPL version 2 or later], and it is strongly recommended that incoming code use that license. +If that is not possible, it *must* use a compatible license. +The following licenses are currently allowed: + +* BSD {spdx-license-url}BSD-1-Clause.html[1], {spdx-license-url}BSD-2-Clause.html[2], {spdx-license-url}BSD-3-Clause.html[3] clause +* {spdx-license-url}GPL-3.0-or-later.html[GPL version 3 or later] *with* the https://www.gnu.org/software/bison/manual/html_node/Conditions.html[Bison parser exception] +* {spdx-license-url}ISC.html[ISC] +* {spdx-license-url}LGPL-2.0-or-later.html[LGPL v2 or later], including {spdx-license-url}LGPL-2.1-or-later.html[v2.1] +* {spdx-license-url}MIT.html[MIT] / {spdx-license-url}X11.html[X11] +* {wikipedia-main-url}Public_domain[Public domain] +* {spdx-license-url}Zlib.html[zlib/libpng] + +Notable incompatible licenses include {spdx-license-url}Apache-2.0.html[Apache 2.0], {spdx-license-url}GPL-3.0-or-later.html[GPL 3.0], and {spdx-license-url}LGPL-3.0-or-later.html[LGPL 3.0]. + +.Fuzz test your changes. +Fuzz testing is a very effective way of finding dissector related bugs. +In our case fuzzing involves making random changes to capture files and feeding them to TShark in order to try to make it crash or hang. +There are tools available to automatically do this on any number of input files. +See {wireshark-wiki-url}FuzzTesting for details. + +[#ChSrcUpload] + +//// +==== Uploading your changes + +When you're satisfied with your changes (and obtained any necessary +approval from your organization) you can upload them for review at +{wireshark-code-review-url}. This requires a GitLab account +as described at <>. + +You need to fork your repository which will became yours, and you will have write access to it. Once +you are done with your changes, push them to a branch of your choice (as snowcone-machine). Now in the +GitLab's UI a message will tell you that you created a new branch and a button to create a merge request. + + +[source,sh] +---- +$ git push https://gitlab.com/wireshark/.git HEAD: +---- + +The username `my.username` is the one which was given during registration with +the review system. + +You can push using any Git client. + +You might get one of the following responses to your patch request: + +* Your patch is checked into the repository. Congratulations! + +* You are asked to provide additional information, capture files, or other + material. If you haven't fuzzed your code, you may be asked to do so. + +* Your patch is rejected. You should get a response with the reason for + rejection. Common reasons include not following the style guide, buggy or + insecure code, and code that won't compile on other platforms. In each case + you'll have to fix each problem and upload another patch. + +* You don't get any response to your patch. Possible reason: All + the core developers are busy (e.g., with their day jobs or family or other commitments) and + haven't had time to look at your patch. Don't worry, if + your patch is in the review system it won't get lost. + +If you're concerned, feel free to add a comment to the patch or send an email +to the developer’s list asking for status. But please be patient: most if not +all of us do this in our spare time. +//// + +[#ChSrcBackport] +==== Backporting A Change + +:example-branch: master-3.2 +When a bug is fixed in the master branch it’s sometimes desirable or necessary to backport the fix to a release branch. +You can do this in Git by cherry-picking the change from one branch to another. +Suppose you want to backport change 1ab2c3d4 from the master branch to {example-branch}. +You can do so as follows: + +[source,sh,subs="attributes+"] +---- +# Create a new topic branch for the backport. +$ git checkout -b backport-1ab2c3d4 upstream/{example-branch} + +# Cherry-pick the change. Include a "cherry picked from..." line. +$ git cherry-pick -x 1ab2c3d4 + +# If there are conflicts, fix them. + +# Compile and test the change. +$ ninja +$ ... + +# OPTIONAL: Add entries to docbook/release-notes.adoc. +$EDITOR docbook/release-notes.adoc + +# If you made any changes, update your commit. +git commit --amend -a + +# Push the change to your working repository. +git push downstream HEAD +---- + +You can also cherry-pick changes in the https://docs.gitlab.com/ee/user/project/merge_requests/cherry_pick_changes.html[GitLab web UI]. + +//// +// XXX Is this relevant any more? +[#ChSrcPatchApply] +=== Apply a patch from someone else + +Sometimes you need to apply a patch to your private source tree. Maybe +because you want to try a patch from someone on the developer mailing +list, or you want to check your own patch before submitting. + + +.Beware line endings +[WARNING] +==== +If you have problems applying a patch, make sure the line endings (CR/LF) +of the patch and your source files match. +==== + +[#ChSrcPatchUse] +==== Using patch + +Given the file _new.diff_ containing a unified diff, +the right way to call the patch tool depends on what the pathnames in +_new.diff_ look like. +If they're relative to the top-level source directory (for example, if a +patch to _prefs.c_ just has _prefs.c_ as the file name) you’d run it as: + +[source,sh] +---- +$ patch -p0 < new.diff +---- + +If they're relative to a higher-level directory, you’d replace 0 with the +number of higher-level directories in the path, e.g. if the names are +_wireshark.orig/prefs.c_ and +_wireshark.mine/prefs.c_, you’d run it with: + +[source,sh] +---- +$ patch -p1 < new.diff +---- + +If they're relative to a _subdirectory_ of the top-level +directory, you’d run `patch` in _that_ directory and run it with `-p0`. + +If you run it without `-pat` all, the patch tool +flattens path names, so that if you +have a patch file with patches to _CMakeLists.txt_ and +_wiretap/CMakeLists.txt_, +it'll try to apply the first patch to the top-level +_CMakeLists.txt_ and then apply the +_wiretap/CMakeLists.txt_ patch to the top-level +_CMakeLists.txt_ as well. + +At which position in the filesystem should the patch tool be called? + +If the pathnames are relative to the top-level source directory, or to a +directory above that directory, you’d run it in the top-level source +directory. + +If they're relative to a *subdirectory* -- for example, +if somebody did a patch to _packet-ip.c_ and ran `diff` or `git diff` in +the _epan/dissectors_ directory -- you’d run it in that subdirectory. +It is preferred that people *not* submit patches like +that, especially if they're only patching files that exist in multiple +directories such as _CMakeLists.txt_. +//// + +[#ChSrcBinary] + +=== Binary Packaging + +Delivering binary packages makes it much easier for the end-users to +install Wireshark on their target system. This section will explain how +the binary packages are made. + +[#ChSrcVersioning] + +==== Packaging Guidelines + +The following guidelines should be followed by anyone creating and +distributing third-party Wireshark packages or redistributing official +Wireshark packages. + +[discrete] +===== Spelling And Capitalization + +Wireshark is spelled with a capital “W”, and with everything else lower +case. “WireShark” in particular is incorrect. + +[discrete] +===== Main URL + +The official Wireshark project URL is https://www.wireshark.org/. + +[discrete] +===== Download URLs + +Official packages are distributed on the main web server +(www.wireshark.org) and a +https://www.wireshark.org/download.html#spelunking[number of download +mirrors]. The canonical locations for packages are in the _all_versions_ +subdirectories on each server. + +For example, if your packaging system links to or downloads the +source tarball and you want to download from 1.na.dl.wireshark.org, +use + +https://1.na.dl.wireshark.org/download/src/all-versions/wireshark-{wireshark-version}.tar.xz + +instead of + +https://1.na.dl.wireshark.org/download/src/wireshark-{wireshark-version}.tar.xz + +[discrete] +===== Artwork + +Logo and icon artwork can be found in the _image_ directory in the +distribution. This is available online at + +{wireshark-code-browse-url}/image + +[discrete] +===== Licensing + +Wireshark is released under the GNU General Public License version 2 or +later. Make sure you and your package comply with this license. + +[discrete] +===== Trademarks + +Wireshark and the “fin” logo are registered trademarks of the Wireshark +Foundation. Make sure you and your package comply with trademark law. + +[discrete] +===== Privileges + +All function calls that require elevated privileges are in dumpcap. + +WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT RUN +THEM AS ROOT. + +Warnings are displayed when Wireshark and TShark are run as root. + +There are two <> on non-Windows +systems that affect the privileges a normal user needs to capture +traffic and list interfaces: + +-DDUMPCAP_INSTALL_OPTION=capabilities:: +Install dumpcap with cap_net_admin and cap_net_raw capabilities. Linux +only. + +-DDUMPCAP_INSTALL_OPTION=suid:: +Install dumpcap setuid root. + +These are necessary for non-root users to be able to capture on most +systems, e.g. on Linux or FreeBSD if the user doesn't have permissions +to access /dev/bpf*. Setcap installation is preferred over setuid on +Linux. If `-DDUMPCAP_INSTALL_OPTION=capabilities` is used it will +override any setuid settings. + +The `-DENABLE_CAP` option is only useful when dumpcap is installed +setuid. If it is enabled dumpcap will try to drop any setuid privileges +it may have while retaining the `CAP_NET_ADMIN` and `CAP_NET_RAW` +capabilities. It is enabled by default, if the Linux capabilities +library (on which it depends) is found. + +Note that enabling setcap or setuid installation allows packet capture +for ALL users on your system. If this is not desired, you can restrict +dumpcap execution to a specific group or user. The following two examples +show how to restrict access using setcap and setuid respectively: + +[source,sh] +---- +# groupadd -g packetcapture +# chmod 750 /usr/bin/dumpcap +# chgrp packetcapture /usr/bin/dumpcap +# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap + +# groupadd -g packetcapture +# chgrp packetcapture /usr/bin/dumpcap +# chmod 4750 /usr/bin/dumpcap +---- + +[discrete] +===== Customization + +Custom version information can be added by running +`tools/make-version.py`. If your package contains significant changes we +recommend that you use this to differentiate it from official Wireshark +releases. + +[source, sh] +---- +tools/make-version.py --set-release --untagged-version-extra=-{vcsinfo}-FooCorp --tagged-version-extra=-FooCorp . +---- + +See `tools/make-version.py` for details. + +The Git version corresponding to each release is in _version.h_. It's +defined as a string. If you need a numeric definition, let us know. + +If you have a question not addressed here, please contact +{wireshark-dev-list-email}. + + +[#ChSrcDeb] + +==== Debian: .deb Packages + +The Debian Package is built using dpkg-buildpackage, based on information found in the source tree under _packaging/debian_. +You must create a top-level symbolic link to _packaging/debian_ before building. +See https://www.debian.org/doc/manuals/maint-guide/build.en.html for a more in-depth discussion of the build process. + + +In the wireshark directory, type: + +[source,sh] +---- +ln -snf packaging/debian +export DEB_BUILD_OPTIONS="nocheck" +dpkg-buildpackage -b -us -uc -jauto +---- + +to build the Debian Package. + +[#ChSrcRpm] + +==== Red Hat: .rpm Packages + +You can build an RPM package using the `wireshark_rpm` target. If you +are building from a git checkout, the package version is derived from +the current git HEAD. If you are building from source extracted from a +tarball created with `git archive` (such as those downloaded from +http://www.wireshark.org/download.html), you must place the original +tarball into your build directory. + +The package is built using https://rpm.org/[rpmbuild], which comes as +standard on many flavours of Linux, including Red Hat, Fedora, and +openSUSE. The process creates a clean build environment in +_$\{CMAKE_BINARY_DIR}/packaging/rpm/BUILD_ each time the RPM is built. +The settings that control the build are in +_$\{CMAKE_SOURCE_DIR}/packaging/rpm/wireshark.spec.in_. The generated +SPEC file contains CMake flags and other settings for the RPM build +environment. Many of these come from the parent CMake environment. +Notable ones are: + +* _prefix_ is set to _CMAKE_INSTALL_PREFIX_. By default this is + _/usr/local_. Pass `-DCMAKE_INSTALL_PREFIX=/usr` to create a package + that installs into _/usr_. + +* Whether or not to create the “wireshark-qt” package + (`-DBUILD_wireshark`). + +* Lua, c-ares, nghttp2, and other library support (`-DENABLE_...`). + +* Building with Ninja (`-G Ninja`). + +In your build directory, type: + +[source,sh] +---- +ninja wireshark_rpm +# ...or, if you're using GNU make... +make wireshark_rpm +---- + +to build the binary and source RPMs. When it is finished there will be a +message stating where the built RPM can be found. + +.This might take a while +[TIP] +==== +This creates a tarball, extracts it, compiles Wireshark, and constructs +a package. This can take quite a long time. You can speed up the process +by using Ninja. If you're using GNU make you can add the following to +your `~/.rpmmacros` file to enable parallel builds: + +---- +%_smp_mflags -j %(grep -c processor /proc/cpuinfo) +---- +==== + +Building the RPM package requires quite a few packages and libraries +including GLib, `gcc`, `flex`, Asciidoctor, and Qt development +tools such as `uic` and `moc`. The required Qt packages can usually be +obtained by installing the _qt5-devel_ package. For a complete list of +build requirements, look for the “BuildRequires” lines in +_packaging/rpm/wireshark.spec.in_. + +[#ChSrcOSX] + +==== macOS: .dmg Packages + +The macOS Package is built using macOS packaging tools, based on information found in the source tree under _packaging/macosx_. +It requires https://asciidoctor.org/[Asciidoctor] and https://pypi.org/project/dmgbuild/[dmgbuild]. + +In your build directory, type: + +[source,sh] +---- +ninja wireshark_dmg logray_dmg # (Modify as needed) +# ...or, if you're using GNU make... +make wireshark_dmg logray_dmg # (Modify as needed) +---- + +to build the macOS Packages. + +[#ChSrcNSIS] + +==== Windows: NSIS .exe Installer + +The _Nullsoft Install System_ is a free installer generator for Windows systems. +Instructions on installing it can be found in <>. +NSIS is script based. You can find the main Wireshark installer generation script at _packaging/nsis/wireshark.nsi_. + +When building with CMake you must first build the _wireshark_nsis_prep_ target, followed by the _wireshark_nsis_ target, e.g. + +[source,cmd] +---- +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis.vcxproj +---- + +Splitting the packaging projects in this way allows for code signing. + +[TIP] +.This might take a while +==== +Please be patient while the package is compressed. +It might take some time, even on fast machines. +==== + +If everything went well, you will now find something like: +_wireshark-setup-{wireshark-version}.exe_ in +the _packaging/nsis_ directory in your build directory. + +[#ChSrcPortableApps] + +==== Windows: PortableApps .paf.exe Package + +_PortableApps.com_ is an environment that lets users run popular applications +from portable media such as flash drives and cloud drive services. + +* Install the _PortableApps.com Platform_. Install for “all users”, which +will place it in `C:\PortableApps`. + + +* Add the following apps: + +** PortableApps.com Installer +** PortableApps.com Launcher + +When building with CMake you must first build the _wireshark_nsis_prep_ target +(which takes care of general packaging dependencies), followed by the +_wireshark_portableapps_ target, e.g. + +[source,cmd] +---- +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_portableapps.vcxproj +---- + +[TIP] +.This might take a while +==== +Please be patient while the package is compressed. +It might take some time, even on fast machines. +==== + +If everything went well, you will now find something like: +_WiresharkPortable64{underscore}{wireshark-version}.paf.exe_ in +the _packaging/portableapps_ directory. + +[#ChSrcMimeTypes] + +=== Mime Types + +Wireshark uses various mime-types for dragging dropping as well as file formats. +This chapter gives an overview over all the mimetypes being used, as well as the +data format in which data has to be provided for each individual mimetype. + +If not otherwise stated, the data is encoded as a JSON Object. + +==== Display Filter + +**MimeType**: application/vnd.wireshark.displayfilter + +Display filters are being dragged and dropped by utilizing this mime type. + +[source,json] +---- +{ + "filter": "udp.port == 8080", + "field": "udp.port", + "description": "UDP Port" +} +---- + +==== Coloring Rules + +**MimeType**: application/vnd.wireshark.coloringrules + +Coloring Rules are being used for dragging and dropping color rules inside the +coloring rules dialog. + +[source,json] +---- +{ + "coloringrules" : + [ + { + "disabled": false, + "name": "UDP Ports for 8080", + "filter": "udp.port == 8080", + "foreground": "[0x0000, 0x0000, 0x0000]", + "background": "[0xFFFF, 0xFFFF, 0xFFFF]" + } + ] +} +---- + +==== Filter List + +**MimeType**: application/vnd.wireshark.filterlist + +*_Internal Use only_* - used on the filter list for moving entries within the +list + +==== Column List + +**MimeType**: application/vnd.wireshark.columnlist + +*_Internal Use only_* - used on the column list for moving entries within the +list + + +// End of WSDG Chapter Sources + +// vim: set syntax=asciidoc: diff --git a/docbook/wsdg_src/wsdg_tests.adoc b/docbook/wsdg_src/wsdg_tests.adoc new file mode 100644 index 00000000..a9435ca7 --- /dev/null +++ b/docbook/wsdg_src/wsdg_tests.adoc @@ -0,0 +1,298 @@ +// WSDG Chapter Tests + +[#ChapterTests] +== Wireshark Tests + +The Wireshark sources include a collection of Python scripts that test +the features of Wireshark, TShark, Dumpcap, and other programs that +accompany Wireshark. These are located in the `test` directory of the +Wireshark source tree. + +The command line options of Wireshark and its companion command line +tools are numerous. These tests help to ensure that we don't introduce +bugs as Wireshark grows and evolves. + +[#TestsQuickStart] +=== Quick Start + +The recommended steps to prepare for and run tests with a UN*X toolchain: + +* Install two Python packages, pytest: `pip install pytest pytest-xdist` +* Build programs (“wireshark”, “tshark”, etc.): `ninja` +* Build additional programs for the “unittests” suite: `ninja test-programs` +* Run tests in the build directory: `pytest` + +Replace `ninja` by `make` as needed. + +If building with <<#ChWindowsBuild,Microsoft Visual Studio>> the analogous steps are: + +* Install pytest Python packages: `python -m pip install pytest pytest-xdist` +* Build programs: `msbuild /m /p:Configuration=RelWithDebInfo Wireshark.sln` +* Build test-programs: `msbuild /m /p:Configuration=RelWithDebInfo test-programs.vcxproj` +* Run tests: `python -m pytest` + +TIP: Depending on your PATH, you may need to run the pytest module as a +script from your Python interpreter, e.g, `python -m pytest` or +`python3 -m pytest` instead of `pytest`. + +The test suite will attempt to test as much as possible and skip tests +when its dependencies are not satisfied. For example, packet capture +tests require a Loopback interface and capture privileges. To avoid +capture tests, pass the `--disable-capture` option. + +List available tests with `pytest --collectonly`. Enable verbose output +with `pytest --verbose`. For more details, see <>. + +You can also run the "ninja test" target instead of invoking pytest +directly. This will automatically build the test programs dependency, +so it may be preferred for that reason. + +[#ChTestsStructure] +=== Test suite structure + +The following sections describes how the test suite is organized. + +[#TestCoverage] +==== Test Coverage And Availability + +The testing framework can run programs and check their stdout, stderr, +and exit codes. It cannot interact with the Wireshark UI. Tests cover +capture, command line options, decryption, file format support and +conversion, Lua scripting, and other functionality. + +Available tests depend on the libraries with which Wireshark was built. +For example, some decryption tests depend on a minimum version of +Libgcrypt and Lua tests depend on Lua. + +Capture tests depend on the permissions of the user running the test +script. We assume that the test user has capture permissions on Windows +and macOS and capture tests are enabled by default on those platforms. + +TIP: Build the "test-capture" target on Linux (using sudo) to set dumpcap +permissions and enable capture tests. + +If a feature is unavailable, the test will be skipped. For example, if +an old version of Libgcrypt is in use, then some decryption tests will +be skipped while other tests can still run to completion. + +[#TestsLayout] +==== Suites, Cases, and Tests + +The test suite uses pytest as a test runner. Tests are organized according to +suites, cases, and individual tests. Suites correspond to Python modules +that match the pattern “suite_*.py”. Cases correspond to one or more +classes in each module, and case class methods matching the pattern +”test_*” correspond to individual tests. For example, the invalid +capture filter test in the TShark capture command line options test case +in the command line options suite has the ID +“suite_clopts.py::TestTsharkCaptureClopts::test_tshark_invalid_capfilter”. + +[#TestsPytest] +==== pytest fixtures + +A test has typically additional dependencies, like the path to an +executable, the path to a capture file, a configuration directory, the +availability of an optional library, and so on. + +https://pytest.org/[pytest] is a test framework which has full +parallelization support (test-level instead of just suite-level), +provides nice test reports, and allows +https://docs.pytest.org/en/latest/fixture.html[modular fixtures]. + +A fixture is a function decorated with `@pytest.fixture` and can +either call `pytest.skip("reason")` to skip tests that depend on the +fixture, or return/yield a value. +Test functions (and other fixture functions) can receive the fixture +value by using the name of the fixture function as function parameters. +Common fixtures are available in `fixtures_ws.py` and includes +`cmd_tshark` for the path to the `tshark` executable and `capture_file` +for a factory function that produces the path to a capture file. + +[#ChTestsRun] +=== Listing And Running Tests + +Tests are run with https://pytest.org/[pytest]. Pytest features versus the +"unittest" standard library module include finer +test selection, full parallelism, nicer test execution summaries, better output +in case of failures (containing the contents of variables) and the ability to +open the PDB debugger on failing tests. + +To get started, install pytest 3.0 or newer and +https://pypi.org/project/pytest-xdist/[pytest-xdist]: + +[source,sh] +---- +# Install required packages on Ubuntu 18.04 or Debian jessie-backports +$ sudo apt install python3-pytest python3-pytest-xdist + +# Install required packages on other systems +$ pip install pytest pytest-xdist +---- + +Run `pytest` in the Wireshark build directory, Wireshark binaries are assumed to +be present in the `run` subdirectory (or `run\RelWithDebInfo` on Windows). + +[source,sh] +---- +# Run all tests +$ cd /path/to/wireshark/build +$ pytest + +# Run all except capture tests +$ pytest --disable-capture + +# Run all tests with "decryption" in its name +$ pytest -k decryption + +# Run all tests with an explicit path to the Wireshark executables +$ pytest --program-path /path/to/wireshark/build/run +---- + +To list tests without actually executing them, use the `--collect-only` option: + +[source,sh] +---- +# List all tests +$ pytest --collect-only + +# List only tests containing both "dfilter" and "tvb" +$ pytest --collect-only -k "dfilter and tvb" +---- + +The test suite will fail tests when programs are missing. When only a +subset of programs are built or when some programs are disabled, then +the test suite can be instructed to skip instead of fail tests: + +[source,sh] +---- +# Run tests when libpcap support is disabled (-DENABLE_PCAP=OFF) +$ pytest --skip-missing-programs dumpcap,rawshark + +# Run tests and ignore all tests with missing program dependencies +$ pytest --skip-missing-programs all +---- + +To open a Python debugger (PDB) on failing tests, use the `--pdb` option and +disable parallelism with the `-n0` option: + +[source,sh] +---- +# Run decryption tests sequentially and open a debugger on failing tests +$ pytest -n0 --pdb -k decryption +---- + +[#ChTestsDevelop] +=== Adding Or Modifying Tests + +Tests must be in a Python module whose name matches “suite_*.py”. The +module must contain one or more subclasses with a name starting with +"Test" something, for example "class TestDissectionHttp2:". Each test case +method whose name starts with “test_” constitutes an individual test. + +Success or failure conditions are signalled using regular assertions +with the "assert" Python keyword. + +Test dependencies (such as programs, directories, or the environment +variables) are injected through method parameters. Commonly used +fixtures include `cmd_tshark` and `capture_file`. + +Processes (tshark, capinfos, etc.) are run using the "subprocess" Python module, +or the Wireshark `subprocesstest` module with some convenience functions. +Possible functions include `subprocesstest.run()`, `subprocesstest.check_run()` +or creating `subprocess.Popen` object if the utility functions are not sufficient for some reason. +Usually this is only required if two-way communication is performed with +the child process. `subprocesstest.check_run()` is exactly the same as +calling `subprocesstest.run()` with `check=True` as an argument, only +a bit more expressive. + +Check the documentation for the Python subprocess module for a full description +of the arguments available to the `subprocesstest.run()` convenience wrapper +and the `subprocess.Popen` object. + +All of the current tests run one or more of Wireshark's suite of +executables and either check their return code or their output. A +simple example is “suite_clopts.py::TestBasicClopts::test_existing_file”, +which reads a capture file using TShark and checks its exit code. + +[source,python] +---- +import subprocesstest +import pytest + +class TestBasicClopts: + def test_existing_file(self, cmd_tshark, capture_file, test_env): + subprocess.check_run((cmd_tshark, '-r', capture_file('dhcp.pcap')), env=test_env) +---- + +Output can be checked using `assert subprocesstest.grep_output()`, +`assert subprocesstest.count_output()` or any other `assert` statement. +`subprocesstest.check_run()` also asserts that the child process returns +the value 0 as exit code. + +[source,python] +---- +import subprocesstest +import pytest + +class TestDecrypt80211: + def test_80211_wpa_psk(self, cmd_tshark, capture_file, test_env): + tshark_proc = subprocesstest.run((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-Tfields', + '-e', 'http.request.uri', + '-r', capture_file('wpa-Induction.pcap.gz'), + '-Y', 'http', + ), capture_output=True, env=test_env) + assert 'favicon.ico' in tshark_proc.stdout +---- + +Tests can be run in parallel. This means that any files you create must +be unique for each test. Filenames based on the current test name are +generated using fixtures such as "capture_file" and "result_file". By default +pytest generates paths in the system's temporary directory and the last three +pytest runs are kept. Temporary files from older runs are automatically deleted. + +[#ChTestsExternal] +=== External Tests + +You can create your own Python test files outside of the Wireshark source tree. +To include your tests when running the Wireshark test suite, simply add the +directory containing your test files to the `pytest` command line. Note that +filenames must match the same conventions as discussed above. + +In order for your tests to have access to the Wireshark test fixtures, you will +need this line in each test file: + +[source,python] +---- +from fixtures_ws import * +---- + +[#ChTestsExtFixtures] +==== Custom Fixtures + +You may wish to define your own test fixtures -- for example, a fixture similar +to `capture_file` but which gives the path to a file in your external test +directory. Here is an example Python file containing such a fixture. It presumes +a subdirectory named `extra_captures` which exists in the same directory, and +which contains your extra capture files. + +[source,python] +---- +# my_fixtures.py +# To use in your own tests, import like so: +# from my_fixtures import * + +from pathlib import Path +import pytest + +@pytest.fixture(scope='session') +def extra_file(): + def resolver(filename): + return Path(__file__).parent.joinpath("extra_captures", filename) + return resolver +---- + +NOTE: If you give your fixture the same name as an existing Wireshark fixture, +any tests using your fixture library will lose access to the Wireshark fixture +of the same name. This can lead to confusing behavior and is not recommended. diff --git a/docbook/wsdg_src/wsdg_tools.adoc b/docbook/wsdg_src/wsdg_tools.adoc new file mode 100644 index 00000000..f1d99e94 --- /dev/null +++ b/docbook/wsdg_src/wsdg_tools.adoc @@ -0,0 +1,1043 @@ +// WSDG Chapter Tools + +[#ChapterTools] + +== Tool Reference + +[#ChToolsIntro] + +=== Introduction + +This chapter will provide you with information about the various tools +needed for Wireshark development. None of the tools mentioned in this +chapter are needed to run Wireshark. They are only needed to build it. + +Most of these tools have their roots on UNIX or UNIX-like platforms such +as Linux, but Windows ports are also available. Therefore the tools are +available in different "flavours": + +* UNIX and UNIX-like platforms: The tools should be commonly available + on the supported UNIX and UNIX-like platforms. Cygwin is unsupported. +* Windows native: Some tools are available as native Windows tools, no + special emulation is required. Many of these tools can be installed + (and updated) using https://chocolatey.org[Chocolatey], a Windows + package manager similar to the Linux package managers apt-get or yum. + +[WARNING] +.Follow the directions +==== +Unless you know exactly what you are doing, you should strictly follow the recommendations given in <>. +==== + +The following sections give a very brief description of +what a particular tool is doing, how it is used in the +Wireshark project and how it can be installed and +tested. + +Documentation for these tools is outside the scope of this document. If you need +further information on using a specific tool you should find lots of useful +information on the web, as these tools are commonly used. You can also get help +for the UNIX based tools with `**toolname** --help` or the man page via `man +**toolname**`. + +You will find explanations of the tool usage for some of the specific +development tasks in <>. + +[#ChToolsChocolatey] +=== Chocolatey + +Chocolatey is a Windows package manager that can be used to install (and update) +many of the packages required for Wireshark development. Chocolatey can be +obtained from the https://chocolatey.org[website] or from a Command Prompt: + +[source,cmd] +---- +C:\>@powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString(_https://chocolatey.org/install.ps1_))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin +---- + +or a Powershell prompt: + +[source,cmd] +---- +PS:\>iex ((new-object net.webclient).DownloadString(_https://chocolatey.org/install.ps1_)) +---- + +Chocolatey sometimes installs packages in unexpected locations. Python +is a notable example. While it's typically installed in a top-level +directory, e.g. _C:\Python37_ or in %PROGRAMFILES%, e.g. _C:\Program +Files\Python37_, Chocolatey tends to install it under +_C:\ProgramData\chocolatey_ or _C:\Tools_. If you want to avoid this +behavior you'll probably want to install Python using the packages from +python.org. + +Other package managers for Windows include the https://docs.microsoft.com/en-us/windows/package-manager/[Windows Package Manager (winget)] and https://scoop.sh/[Scoop]. +As of January 2022 neither option provides all of the packages we require, but that might change in the future. + +[#ChToolsCMake] + +=== CMake + +Wireshark’s build environment can be configured using CMake on various UNIX-like platforms, including Linux, macOS, and *BSD, and on Windows. +CMake is designed to support out-of-tree builds - so much so that in-tree builds do not work properly in all cases. +Along with being cross-platform, CMake supports many build tools and environments including traditional make, Ninja, and MSBuild. + +Building with CMake typically includes creating a build directory and +specifying a *generator*, aka a build tool. For example, to build +Wireshark using Ninja in the directory _wireshark-ninja_ you might +run the following commands: + +[source,sh] +---- +# Starting from your Wireshark source directory, create a build directory +# alongside it. +$ cd .. +$ mkdir wireshark-ninja +$ cd wireshark-ninja +# Assumes your source directory is named "wireshark". +$ cmake -G Ninja ../wireshark +$ ninja (or cmake --build .) +---- + +Using CMake on Windows is described further in <>. + +Along with specifying a generator with the `-G` flag you can set variables +using the `-D` flag. Useful variables and generators include the following: + +-DBUILD_wireshark=OFF:: Don't build the Wireshark GUI application. +Each command line utility has its own BUILD_xxx flag as well. For +example, you can use -DBUILD_mmdbresolve=OFF to disable mmdbresolve. + +-DENABLE_CCACHE=ON:: Build using the ccache compiler cache. + +-DENABLE_CAP=OFF:: Disable the POSIX capabilities check + +-DCMAKE_BUILD_TYPE=Debug:: Enable debugging symbols + +-DCARES_INCLUDE_DIR=/your/custom/cares/include, -DCARES_LIBRARY=/your/custom/cares/lib/libcares.so:: +Let you set the path to a locally-compiled version of c-ares. Most +optional libraries have xxx_INCLUDE_DIR and xxx_LIB flags that let you +control their discovery. + +-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12:: +Specify the minimum macOS version for Wireshark and each command line utility. +Note that this doesn’t affect the minimum target for third-party libraries. +For example, if you’re building for macOS 10.12 you’ll need to install https://doc.qt.io/archives/qt-5.13/supported-platforms.html[Qt 5.14 or earlier] and ensure that other libraries support macOS 10.12, for example by running `tools/macos-setup.sh -t 10.12`. + +-DENABLE_APPLICATION_BUNDLE=OFF:: Disable building an application bundle (Wireshark.app) on macOS + +You can list all build variables (with help) by running `cmake -LH [options] +../`. This lists the cache of build variables +after the cmake run. To only view the current cache, add option `-N`. + +Depending on your needs, it might be useful to save your CMake configuration options in a file outside your build directory. +CMake supports this via its https://cmake.org/cmake/help/v3.23/manual/cmake-presets.7.html[presets] option. +For example, adding the follwing to `CMakeUserPresets.json` would let you build using Ninja in the `build` directory, enable ccache, and set a custom Qt directory by running `cmake --preset mydev`: + +[source,json] +---- +{ + "version": 4, + "configurePresets": [ + { + "name": "mydev", + "displayName": "Local development", + "generator": "Ninja", + "binaryDir": "${sourceDir}/build", + "cacheVariables": { + "ENABLE_CCACHE": "ON" + }, + "environment": { + "CMAKE_PREFIX_PATH": "/usr/local/Qt6" + } + } + ] +} +---- + +After running cmake, you can always run `make help` to see a list of all possible make targets. + +Note that CMake honors user umask for creating directories as of now. You should set +the umask explicitly before running the `install` target. + +CMake links: + +The home page of the CMake project: https://cmake.org/ + +Official documentation: https://cmake.org/documentation/ + +About CMake in general and why KDE4 uses it: https://lwn.net/Articles/188693/ + +Useful variables: https://gitlab.kitware.com/cmake/community/wikis/doc/cmake/Useful-Variables + +Frequently Asked Questions: https://gitlab.kitware.com/cmake/community/wikis/FAQ + +[#ChToolsGNUChain] + +=== GNU Compiler Toolchain (UNIX And UNIX-like Platforms) + +[#ChToolsGCC] + +==== gcc (GNU Compiler Collection) + +The GCC C compiler is available for most UNIX and UNIX-like operating +systems. + +If GCC isn't already installed or available +as a package for your platform, you can get it at: +https://gcc.gnu.org/[]. + +After correct installation, typing at the +bash command line prompt: + +[source,sh] +---- +$ gcc --version +---- + +should result in something like + +---- +gcc (Ubuntu 4.9.1-16ubuntu6) 4.9.1 +Copyright (C) 2014 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +---- + +Your version string may vary, of course. + +[#ChToolsGDB] + +==== gdb (GNU Project Debugger) + +GDB is the debugger for the GCC compiler. It is +available for many (if not all) UNIX-like platforms. + +If you don't like debugging using the command line, many +https://sourceware.org/gdb/wiki/GDB%20Front%20Ends[GUI frontends for it +available], including Qt Creator, CLion, and Eclipse. + +If gdb isn't already installed or available +as a package for your platform, you can get it at: +https://www.gnu.org/software/gdb/gdb.html[]. + +After correct installation: + +[source,sh] +---- +$ gdb --version +---- + +should result in something like: + +---- +GNU gdb (GDB) 8.3 +Copyright (C) 2019 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +---- + +Your version string may vary, of course. + +[#ChToolsGNUmake] + +==== make (GNU Make) + +[NOTE] +.GNU make isn't supported either for Windows + +GNU Make is available for most of the UNIX-like +platforms. + +If GNU Make isn't already installed or +available as a package for your platform, you can get it at: +https://www.gnu.org/software/make/[]. + +After correct installation: + +[source,sh] +---- +$ make --version +---- + +should result in something like: + +---- +GNU Make 4.0 +Built for x86_64-pc-linux-gnu +Copyright (C) 1988-2013 Free Software Foundation, Inc. +Licence GPLv3+: GNU GPL version 3 or later +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +---- + +Your version string may vary, of course. + +==== Ninja + +Ninja is an alternative to make, and is available for many of the +UNIX-like platforms. It runs builds faster than make does. + +It is designed to have its build files generated by tools such as CMake; +to generate build files for Ninja, run CMake with the `-G Ninja` flag. + +If Ninja isn't already installed, see the list of suggestions for Ninja +packages at: +https://github.com/ninja-build/ninja/wiki/Pre-built-Ninja-packages. + +If Ninja isn't already installed and isn't +available as a package for your platform, you can get it from: +https://ninja-build.org. You can download the source code or binaries +for Linux, macOS, and Windows (we have not tested Ninja on Windows). + +[#ChToolsMSChain] + +=== Microsoft compiler toolchain (Windows native) + +To compile Wireshark on Windows using the Microsoft C/{cpp} +compiler (MSVC), you'll need: + +. C compiler (_cl.exe_) + +. Assembler (_ml.exe_ for 32-bit targets and _ml64.exe_ for 64-bit targets) + +. Linker (_link.exe_) + +. Resource Compiler (_rc.exe_) + +. C runtime headers and libraries (e.g. _stdio.h_, _vcruntime140.lib_) + +. Windows platform headers and libraries (e.g. +_windows.h_, _WS2_32.lib_) + +==== Official Toolchain Packages And Alternatives + +Official releases are or were built with the following Visual {cpp} versions: + +* Wireshark 4.2.x: Microsoft Visual {cpp} 2022. +* Wireshark 4.0.x: Microsoft Visual {cpp} 2022. +* Wireshark 3.6.x: Microsoft Visual {cpp} 2019. +* Wireshark 3.4.x: Microsoft Visual {cpp} 2019. +* Wireshark 3.2.x: Microsoft Visual {cpp} 2019. +* Wireshark 3.0.x: Microsoft Visual {cpp} 2017. +* Wireshark 2.6.x: Microsoft Visual {cpp} 2017. +* Wireshark 2.4.x: Microsoft Visual {cpp} 2015. +* Wireshark 2.2.x: Microsoft Visual {cpp} 2013. +* Wireshark 2.0.x: Microsoft Visual {cpp} 2013. +* Wireshark 1.12.x: Microsoft Visual {cpp} 2010 SP1. +* Wireshark 1.10.x: Microsoft Visual {cpp} 2010 SP1. +* Wireshark 1.8.x: Microsoft Visual {cpp} 2010 SP1. +* Wireshark 1.6.x: Microsoft Visual {cpp} 2008 SP1. +* Wireshark 1.4.x: Microsoft Visual {cpp} 2008 SP1. +* Wireshark 1.2.x: Microsoft Visual {cpp} 2008 SP1. +* Wireshark 1.0.x and earlier: Microsoft Visual {cpp} 6.0. + +Using the release compilers is recommended for Wireshark development work. + +“Community” editions of Visual Studio such as “Visual Studio Community +2022” can be used to compile Wireshark but any PortableApps packages you +create with them might require the installation of a separate Visual +{cpp} Redistributable package on any machine on which the PortableApps +package is to be used. See <> below for +more details. + +However, you might already have a different Microsoft {cpp} compiler +installed. It should be possible to use any of the following with the +considerations listed. You will need to sign up for a +https://visualstudio.microsoft.com/dev-essentials/[Visual Studio Dev +Essentials] account if you don't have a Visual Studio (MSDN) +subscription. The older versions can be downloaded from +https://visualstudio.microsoft.com/vs/older-downloads/[]. + +==== Visual {cpp} 2022 Community Edition + +IDE + Debugger?:: Yes + +SDK required for 64-bit builds?:: No + +CMake Generator: *`Visual Studio 17`* + +You can use Chocolatey to install Visual Studio, e.g: + +[source,cmd] +---- +PS:\> choco install visualstudiocommunity2022 visualstudio2022-workload-nativedesktop +---- + +If you wish to build Arm64 executables you must install the following components: + +Microsoft.VisualStudio.Component.VC.Tools.ARM64:: MSVC v143 - VS 2022 C++ ARM64/ARM64EC build tools (Latest) + +Microsoft.VisualStudio.Component.VC.Runtimes.ARM64.Spectre:: MSVC v143 - VS 2022 C++ ARM64/ARM64EC Spectre-mitigated libs (Latest) + +==== cl.exe (C Compiler) + +The following table gives an overview of the possible +Microsoft toolchain variants and their specific C compiler +versions ordered by release date. + +|=== +| Compiler Package | V{cpp} | _MSC_VER +| Visual Studio 2022 (17.4.2) | 14.34 | 1934 +|=== + +A description of `_MSC_VER` and `_MSC_FULL_VER`, and their relation to Visual Studio and compiler versions, +can be found at +https://learn.microsoft.com/en-us/cpp/preprocessor/predefined-macros?view=msvc-170[Microsoft-specific predefined macros]. + +Information on the V{cpp} version can be found in the file _wsutil/version_info.c_. + +After correct installation of the toolchain, typing +at the Visual Studio Command line prompt (cmd.exe): + +[source,cmd] +---- +> cl +---- + +should result in something like: + +---- +Microsoft (R) C/C++ Optimizing Compiler Version 19.23.28106.4 for x64 +Copyright (C) Microsoft Corporation. All rights reserved. + +usage: cl [ option... ] filename... [ /link linkoption... ] +---- + +However, the version string may vary. + +Documentation on recent versions of the compiler can be found at +https://docs.microsoft.com/en-us/cpp/build/reference/compiling-a-c-cpp-program[Microsoft Docs] + +==== link.exe (Linker) + +After correct installation, typing at the Visual Studio Command line prompt (cmd.exe): + +[source,cmd] +---- +> link +---- + +should result in something like: + +---- +Microsoft (R) Incremental Linker Version 14.23.28106.4 +Copyright (C) Microsoft Corporation. All rights reserved. + + usage: LINK [options] [files] [@commandfile] + ... +---- + +However, the version string may vary. + +Documentation on recent versions of the linker can be found at +https://docs.microsoft.com/en-us/cpp/build/reference/linking[Microsoft Docs] + +[#msvc-runtime-redistributable] + +==== Visual {cpp} Runtime “Redistributable” Files + +Please note: The following is not legal advice. Ask your preferred +lawyer instead. It’s the authors view and this view might be wrong. + +Wireshark and its libraries depend on POSIX functions such as fopen() +and malloc(). On Windows, these functions are provided by the Microsoft +Visual {cpp} C Runtime (CRT). There are many different versions of the CRT and +Visual {cpp} 2015 and later use the _Universal CRT_ (UCRT). + +The Universal CRT comes standard with Windows 10 and is installed as part +of Windows Update on earlier versions of Windows. The Wireshark .exe +installers include redistributables (_vc_redist.x64.exe_ or +_vc_redist.x86.exe_) which ensure that the Universal CRT is installed and +up to date. + +[NOTE] +.Make sure you're allowed to distribute this file +==== +The files to redistribute must be mentioned in the +redist.txt file of the compiler package. Otherwise it +can't be legally redistributed by third parties like +us. +==== + +The following Microsoft Docs link is recommended for the +interested reader: + +https://docs.microsoft.com/en-us/cpp/windows/redistributing-visual-cpp-files[Redistributing Visual {cpp} Files] + +In all cases where _vc_redist.x64.exe_ or _vc_redist.x86.exe_ is +downloaded it should be downloaded to the directory into which the +support libraries for Wireshark have been downloaded and installed. This +directory is specified by the `WIRESHARK_BASE_DIR` or +`WIRESHARK_LIB_DIR` environment variables. It need not, and should not, +be run after being downloaded. + +==== Windows Platform SDK + +The Windows Platform SDK (PSDK) or Windows SDK is a free +(as in beer) download and contains platform specific headers and +libraries (e.g. _windows.h_, _WSock32.lib_, etc.). As new Windows +features evolve in time, updated SDKs become available that +include new and updated APIs. + +When you purchase a commercial Visual Studio or use the Community +Edition, it will include an SDK. + +[#ChToolsDocumentationToolchain] +=== Documentation Toolchain + +Wireshark’s documentation is split across two directories. +The `doc` directory contains man pages written in Asciidoctor markup. +The `docbook` directory contains the User’s Guide, Developer’s Guide, and the release notes, which are also written in Asciidoctor markup. +The split is for historical reasons (described below), and the documentation will likely be consolidated into one directory in the future. + +Our various output formats are generated using the following tools. +Intermediate formats are in _italics_. + +Man page roff:: Asciidoctor +Man page HTML:: Asciidoctor + +Guide HTML:: Asciidoctor → _DocBook XML_ → xsltproc + DocBook XSL +Guide PDF:: Asciidoctor + +Release notes HTML:: Asciidoctor +Release notes text:: Asciidoctor → _HTML_ → html2text.py + +==== Asciidoctor + +https://asciidoctor.org/[Asciidoctor] comes in several flavors: a Ruby gem (Asciidoctor), a Java bundle (AsciidoctorJ), and transpiled JavaScript (Asciidoctor.js). +The Ruby and Java flavors can be used to build Wireshark’s documentation, but the JavaScript flavor doesn’t support all of the features that we require. +// We need docbook5, PDF & EPUB output and macros + +The guides and release notes were originally written in DocBook (hence the directory name). +They were later converted to AsciiDoc and then migrated to Asciidoctor. +The man pages were originally in Perl’s POD (Plain Old Documentation) format and were later converted to Asciidoctor. +We use Asciidoctor’s modern (>= 1.5.0) syntax. + +PDF output requires Asciidoctor’s PDF backend. +It is included with AsciidoctorJ but _not_ with Asciidoctor. + +==== DocBook XML and XSL + +Converting from DocBook to HTML requires the DocBook DTD +(http://www.sagehill.net/docbookxsl/ToolsSetup.html) +and DocBook stylesheets +(http://www.sagehill.net/docbookxsl/InstallStylesheets.html). +These are available via installable packages on most Linux distributions, Chocolatey, and Homebrew. + +==== xsltproc + +http://xmlsoft.org/xslt/[xsltproc] converts DocBook XML to various formats based on XSL stylesheets. +It either ships as part of the operating system or is available via an installable package on most Linux distributions, Chocolatey, and Homebrew. + +[#ChToolsDebugger] + +=== Debugger + +Using a good debugger can save you a lot of development time. + +The debugger you use must match the C compiler Wireshark was compiled with, +otherwise the debugger will simply fail or you will only see a lot of garbage. + +[#ChToolsMSVCDebugger] + +==== Visual Studio Integrated Debugger + +You can use the integrated debugger of Visual Studio if your toolchain includes +it. Open the solution in your build directory and build and debug as normal +with a Visual Studio solution. + +To set the correct paths for Visual Studio when running Wireshark under the +debugger, add the build output directory to the path before opening Visual +Studio from the same command prompt, e.g. + +[source,cmd] +---- +C:\Development\wsbuild64>set PATH="%PATH%;C:\Development\wsbuild64\run\RelwithDebInfo" +C:\Development\wsbuild64>wireshark.sln +---- + +for PowerShell use + +[source,cmd] +---- +PS C:\Development\wsbuild64>$env:PATH += ";$(Convert-Path run\RelWithDebInfo)" +PS C:\Development\wsbuild64>wireshark.sln +---- + +When Visual Studio has finished loading the solution, set the executable to +be run in the debugger, e.g. Executables\Wireshark, by right clicking it in +the Solution Explorer window and selecting "Set as StartUp Project". Also +set the Solution Configuration (usually RelWithDebInfo) from the droplist on +the toolbar. + +NOTE: Currently Visual Studio regards a command line build as incomplete, so +will report that some items need to be built when starting the debugger. These +can either be rebuilt or ignored as you wish. + + +The normal build is an optimised release version so debugging can be a bit +difficult as variables are optimised out into registers and the execution +order of statements can jump around. + +If you require a non-optimised version, then build using a debug configuration. + +[#ChToolsMSDebuggingTools] + +==== Debugging Tools For Windows + +You can also use the Microsoft Debugging Tools for Windows toolkit, which is a +standalone GUI debugger. Although it’s not that comfortable compared to +debugging with the Visual Studio integrated debugger it can be helpful if you +have to debug on a machine where an integrated debugger is not available. + +You can get it free of charge from Microsoft in several ways, see the +https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/[Debugging tools for Windows] page. + +You can also use Chocolatey to install WinDbg: + +[source,cmd] +---- +PS:\> choco install windbg +---- + +To debug Wireshark using WinDbg, open the built copy of Wireshark using +the File -> Open Executable... menu, +i.e. C:\Development\wsbuild64\run\RelWithDebInfo\Wireshark.exe. To set a +breakpoint open the required source file using the File -> Open Source File... +menu and then click on the required line and press F9. To run the program, +press F5. + +If you require a non-optimised version, then build using a debug configuration, e.g. +*`msbuild /m /p:Configuration=Debug Wireshark.sln`*. The build products will be found +in C:\Development\wsbuild64\run\Debug\. + +[#ChToolsBash] + +=== bash + +The bash shell is needed to run several shell scripts. + +[#ChToolsGNUBash] + +[discrete] +==== Unix + +Bash (the GNU Bourne-Again SHell) is available for most UNIX and +UNIX-like platforms. If it isn't already installed or available as a +package for your platform, you can get it at +https://www.gnu.org/software/bash/bash.html[]. + +After correct installation, typing at the bash command line prompt: + +[source,sh] +---- +$ bash --version +---- + +should result in something like: + +---- +GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu) +Copyright (C) 2016 Free Software Foundation, Inc. +---- + +Your version string will likely vary. + +[#ChToolsPython] + +=== Python + +https://python.org/[Python] is an interpreted programming language. +It is used to generate some source files, documentation, testing and other tasks. +Python 3.6 and later is required. +Python 2 is no longer supported. + +Python is either included or available as a package on most UNIX-like platforms. +Windows packages and source are available at https://python.org/download/[]. + +You can also use Chocolatey to install Python: + +[source,cmd] +---- +PS:\> choco install python3 +---- + +Chocolatey installs Python into _C:\Python37_ by +default. You can verify your Python version by running + +[source,sh] +---- +$ python3 --version +---- + +on UNIX-like platforms and + +[source,cmd] +---- +rem Official package +C:> cd python35 +C:Python35> python --version + +rem Chocolatey +C:> cd \tools\python3 +C:\tools\python3> python --version +---- + +on Windows. You should see something like + +---- +Python 3.5.1 +---- + +Your version string may vary of course. + +[#ChToolsFlex] + +=== Flex + +Flex is a lexical analyzer generator used for Wireshark’s display filters, some +file formats, and other features. + +[#ChToolsUnixFlex] + +[discrete] +==== Unix + +Flex is available for most UNIX and UNIX-like platforms. See the next +section for native Windows options. + +If GNU flex isn't already installed or available as a package for your platform +you can get it at https://www.gnu.org/software/flex/[]. + +After correct installation running the following + +[source,sh] +---- +$ flex --version +---- + +should result in something like: + +---- +flex version 2.5.4 +---- + +Your version string may vary. + +[#ChToolsWindowsFlex] + +[discrete] +==== Windows + +A native Windows version of flex is available in the _winflexbison3_ +https://chocolatey.org/[Chocolatey] package. Note that the executable is named +_win_flex_. + +[source,cmd] +---- +PS:\> choco install winflexbison3 +---- + +Native packages are available from other sources such as +http://gnuwin32.sourceforge.net/packages/flex.htm[GnuWin]. They aren't +officially supported but _should_ work. + +[#ChToolsGit] + +=== Git client + +The Wireshark project uses its own Git repository to keep track of all +the changes done to the source code. Details about the usage of Git in +the Wireshark project can be found in <>. + +If you want to work with the source code and are planning to commit your +changes back to the Wireshark community, it is recommended to use a Git +client to get the latest source files. For detailed information about +the different ways to obtain the Wireshark sources, see <>. + +You will find more instructions in <> on how to use the Git +client. + +[#ChToolsUnixGit] + +[discrete] +==== Unix + +Git is available for most UNIX and UNIX-like platforms. If Git isn't +already installed or available as a package for your platform, you can +get it at: https://git-scm.com/[]. + +After correct installation, typing at the bash command line prompt: + +[source,sh] +---- +$ git --version +---- + +should result in something like: + +---- +git version 2.14.1 +---- + +Your version will likely be different. + +[#ChToolsWindowsGit] + +[discrete] +==== Windows + +The Git command line tools for Windows can be found at +https://git-scm.com/download/win[] and can also be installed using Chocolatey: + +[source,cmd] +---- +PS:\> choco install git +---- + +After correct installation, typing at the command +line prompt (cmd.exe): + +[source,cmd] +---- +> git --version +---- + +should result in something like: + +---- +git version 2.16.1.windows.1 +---- + +However, the version string may vary. + +[#ChToolsGitPowerShellExtensions] + +=== Git Powershell Extensions (Optional) + +A useful tool for command line git on Windows is https://github.com/dahlbyk/posh-git[PoshGit]. +Poshgit provides git command completion and alters the prompt to indicate the local working +copy status. You can install it using Chocolatey: + +[source,cmd] +---- +PS:\> choco install poshgit +---- + +[#ChToolsGitGUI] + +=== Git GUI Client (Optional) + +Along with the traditional command-line client, several +GUI clients are available for a number of platforms. See +https://git-scm.com/downloads/guis[] for details. + +// [[ChToolsUnixGitGUI]] +// XXX Add Gui client section + +[#ChToolsPerl] + +=== Perl (Optional) + +https://www.perl.org[Perl] is an interpreted programming language. +Perl is used to convert various text files into usable source code and for various source code checks. +Perl version 5.6 and above should work fine. + +[#ChToolsUnixPerl] + +[discrete] +==== Unix + +Perl is available for most UNIX and UNIX-like platforms. If it isn't +already installed or available as a package for your platform, you can +get it at https://www.perl.org/[]. + +After correct installation, typing at the +bash command line prompt: + +[source,sh] +---- +$ perl --version +---- + +should result in something like: + +---- +This is perl 5, version 26, subversion 0 (v5.26.0) built for x86_64-linux-gnu-thread-multi +(with 62 registered patches, see perl -V for more detail) + +Copyright 1987-2017, Larry Wall + +Perl may be copied only under the terms of either the Artistic License or the +GNU General Public License, which may be found in the Perl 5 source kit. + +Complete documentation for Perl, including FAQ lists, should be found on +this system using "man perl" or "perldoc perl". If you have access to the +Internet, point your browser at http://www.perl.org/, the Perl Home Page. +---- + +However, the version string may vary. + +[#ChToolsWindowsPerl] + +[discrete] +==== Windows + +A native Windows Perl package can be obtained from +http://strawberryperl.com/[Strawberry Perl] or +https://www.activestate.com[Active State]. The installation should be +straightforward. + +You may also use Chocolatey to install either package: + +---- +PS:\> choco install strawberryperl +---- + +or + +---- +PS:\> choco install activeperl +---- + +After correct installation, typing at the command +line prompt (cmd.exe): + +---- +> perl -v +---- + +should result in something like: + +---- +This is perl, v5.8.0 built for MSWin32-x86-multi-thread +(with 1 registered patch, see perl -V for more detail) + +Copyright 1987-2002, Larry Wall + +Binary build 805 provided by ActiveState Corp. http://www.ActiveState.com +Built 18:08:02 Feb 4 2003 +... +---- + +However, the version string may vary. + +[#ChToolsPatch] + +=== patch (Optional) + +The patch utility is used to merge a diff file into your own source tree. This +tool is only needed, if you want to apply a patch (diff file) from someone else +(probably from the developer mailing list) to try out in your own private source +tree. + +It most cases you may not need the patch tool installed. Git should +handle patches for you. + +// You will find more instructions in <>on how to use the patch tool. + +[#ChToolsUnixPatch] + +[discrete] +==== Unix + +Patch is available for most UNIX and UNIX-like platforms. If GNU patch +isn't already installed or available as a package for your platform, you +can get it at https://www.gnu.org/software/patch/patch.html[]. + +After correct installation, typing at the +bash command line prompt: + +[source,sh] +---- +$ patch --version +---- + +should result in something like: + +---- +patch 2.5.8 +Copyright (C) 1988 Larry Wall +Copyright (C) 2002 Free Software Foundation, Inc. + +This program comes with NO WARRANTY, to the extent permitted by law. +You may redistribute copies of this program +under the terms of the GNU General Public License. +For more information about these matters, see the file named COPYING. + +written by Larry Wall and Paul Eggert +---- + +However, the version string may vary. + +[#ChToolsWindowsPatch] + +[discrete] +==== Windows + +The Windows native Git tools provide patch. A native Windows patch package can be obtained from +http://gnuwin32.sourceforge.net/[]. The +installation should be straightforward. + +[#ChToolsNSIS] + +=== Windows: NSIS (Optional) + +The NSIS (Nullsoft Scriptable Install System) is used to generate +_Wireshark-{wireshark-version}-x64.exe_ from all the files +needed to be installed, including all required DLLs, plugins, and supporting +files. + +To install it, download the latest released version from +https://nsis.sourceforge.net[]. NSIS v3 is required. You can also install +it using Chocolatey: + +[source,cmd] +---- +PS$> choco install nsis +---- + +You can find more instructions on using NSIS in <>. + +[#ChToolsWiX] + +=== Windows: WiX Toolset (Optional) + +The Wix Toolset can be used to generate Windows Installer (_.msi_) packages. +You can download it from the link:https://wixtoolset.org/[WiX web site] or install it using Chocolatey: + +[source,cmd] +---- +PS$> choco install wixtoolset +---- + +This also requires the Visual C++ redistributable merge modules, which can be installed by selecting “Individual Components -> {cpp} 2022 Redistributable MSMs” or “...2019 Redistributable MSMs” as appropriate for your compiler in the Visual Studio installer. + +Wireshark’s .msi packaging is currently experimental and the generated packages may be incomplete. + +[#ChToolsPortableApps] +=== Windows: PortableApps (Optional) + +The PortableApps.com Installer is used to generate +_WiresharkPortable64{underscore}{wireshark-version}.paf.exe_ from all the files +needed to be installed, including all required DLLs, plugins, and supporting +files. + +To install it, do the following: + +* Download the latest PortableApps.com Platform release from + https://portableapps.com/[]. + +* Install the following applications in the PortableApps.com environment: + +** PortableApps.com Installer + +** PortableApps.com Launcher + +You can find more instructions on using the PortableApps.com Installer in +<>. + +// End of WSDG Chapter Tools + +// vim: set syntax=asciidoc: diff --git a/docbook/wsdg_src/wsdg_userinterface.adoc b/docbook/wsdg_src/wsdg_userinterface.adoc new file mode 100644 index 00000000..a4fe17a3 --- /dev/null +++ b/docbook/wsdg_src/wsdg_userinterface.adoc @@ -0,0 +1,318 @@ +// WSDG Chapter User Interface + +[#ChapterUserInterface] + +== User Interface + +[#ChUIIntro] + +=== Introduction + +Wireshark can be logically separated into the backend (dissecting protocols, +file loading and saving, capturing, etc.) and the frontend (the user interface). + +The following frontends are currently maintained by the Wireshark +development team: + +* Wireshark, Qt based + +* TShark, console based + +This chapter is focused on the Wireshark frontend, and especially on +the Qt interface. + +[#ChUIQt] + +=== The Qt Application Framework + +Qt is a cross-platform application development framework. While we mainly use +the core (QtCore) and user interface (QtWidgets) modules, it also supports a +number of other modules for specialized application development, such as +networking (QtNetwork) and web browsing (QtWebKit). + +At the time of this writing (September 2016) most of the main Wireshark +application has been ported to Qt. The sections below provide an +overview of the application and tips for Qt development in our +environment. + +==== User Experience Considerations + +When creating or modifying Wireshark try to make sure that it will work +well on Windows, macOS, and Linux. See <> for details. +Additionally, try to keep the following in mind: + +*Workflow*. Excessive navigation and gratuitous dialogs should be +avoided or reduced. For example, compared to the legacy UI many alert +dialogs have been replaced with status bar messages. Statistics dialogs +are displayed immediately instead of requiring that options be +specified. + +*Discoverability and feedback*. Most users don't like to read +documentation and instead prefer to learn an application as they use it. +Providing feedback increases your sense of control and awareness, and +makes the application more enjoyable to use. Most of the Qt dialogs +provide a “hint” area near the bottom which shows useful information. +For example, the “Follow Stream” dialog shows the packet corresponding +to the text under the mouse. The profile management dialog shows a +clickable path to the current profile. The main welcome screen shows +live interface traffic. Most dialogs have a context menu that shows +keyboard shortcuts. + +==== Qt Creator + +Qt Creator is a full-featured IDE and user interface editor. It makes +adding new UI features much easier. It doesn't work well on Windows at +the present time, so it’s recommended that you use it on macOS or Linux. + +To edit and build Wireshark using Qt Creator, open the top-level +_CMakeLists.txt_ within Qt Creator. It should ask you to choose a build +location. Do so. It should then ask you to run CMake. Fill in any +desired build arguments (e.g. <> or +`-D ENABLE_CCACHE=ON`) and click the btn:[Run CMake] button. When that +completes select menu:Build[Open Build and Run Kit Selector...] and make +sure _wireshark_ is selected. + +Note that Qt Creator uses output created by CMake’s “CodeBlocks” +generator. If you run CMake outside of Qt Creator you should use the +“CodeBlocks - Unix Makefiles” generator, otherwise Qt Creator will +prompt you to re-run CMake. + +==== Source Code Overview + +Wireshark’s `main` entry point is in _ui/qt/main.cpp_. Command-line arguments +are processed there and the main application class (`WiresharkApplication`) +instance is created there along with the main window. + +The main window along with the rest of the application resides in _ui/qt_. Due +to its size the main window code is split into several modules, _main_window.cpp_, +_wireshark_main_window.cpp_ and _wireshark_main_window_slots.cpp_. + +Most of the modules in _ui/qt_ are dialogs. Although we follow Qt naming +conventions for class names, we follow our own conventions by separating file +name components with underscores. For example, ColoringRulesDialog is defined in +_coloring_rules_dialog.cpp_, _coloring_rules_dialog.h_, and +_coloring_rules_dialog.ui_. + +General-purpose dialogs are subclasses of `QDialog`. Dialogs that rely on the +current capture file can subclass `WiresharkDialog`, which provides methods and +members that make it easier to access the capture file and to keep the dialog +open when the capture file closes. + +==== Coding Practices and Naming Conventions + +===== Names + +The code in _ui/qt_ directory uses three APIs: Qt (which uses upper camel case), GLib (which uses snake_case), and the Wireshark +API (which also uses snake_case). + +As a general rule, for names, Wireshark’s Qt code: + +- uses upper camel case, in which words in the name are not separated by underscores, and the first letter of each word is capitalized, for classes, for example, `PacketList`; +- uses lower camel case, in which words in the name are not separated by underscores, and the first letter of each word other than the first word is capitalized, for methods, for example, `resetColumns`; +- uses snake case, in which words in the name are separated by underscores, and the first letter of the word is not capitalized, for variables, with a trailing underscore used for member variables, for example, `packet_list_model_`. + +===== Dialogs + +Dialogs that work with capture file information shouldn't close just because the +capture file closes. Subclassing `WiresharkDialog` as described above can make +it easier to persist across capture files. + +When you create a window with a row of standard “OK” and “Close” buttons at +the bottom using Qt Creator you will end up with a subclass of QDialog. This is +fine for traditional modal dialogs, but many times the “dialog” needs to behave +like a QWindow instead. + +Modal dialogs should be constructed with `QDialog(parent)`. Modeless dialogs +(windows) should be constructed with `QDialog(NULL, Qt::Window)`. Other +combinations (particularly `QDialog(parent, Qt::Window)`) can lead to odd and +inconsistent behavior. Again, subclassing `WiresharkDialog` will take care of +this for you. + +Most of the dialogs in ui/qt share many similarities, including method names, +widget names, and behavior. Most dialogs should have the following, although +it’s not strictly required: + +- An `updateWidgets()` method, which enables and disables widgets depending on + the current state and constraints of the dialog. For example, the Coloring + Rules dialog disables the *Save* button if the user has entered an + invalid display filter. +- A `hintLabel()` widget subclassed from `QLabel` or `ElidedLabel`, placed just + above the dialog button box. The hint label provides guidance and feedback to + the user. +- A context menu (`ctx_menu_`) for additional actions not present in the + button box. +- If the dialog box contains a `QTreeWidget` you might want to add your own + `QTreeWidgetItem` subclass with the following methods: + `drawData()`:: Draws column data with any needed formatting. + `colData()`:: Returns the data for each column as a `QVariant`. Used for + copying as CSV, YAML, etc. + `operator<()`:: Allows sorting columns based on their raw data. + +===== Strings + +Wireshark’s C code and GLib use UTF-8 encoded character arrays. Qt +(specifically QString) uses UTF-16. You can convert a `char *` to a +`QString` using simple assignment. You can convert a `QString` to a +`const char *` using `qUtf8Printable`. + +If you're using GLib string functions or plain old C character array +idioms in Qt-only code you're probably doing something wrong, +particularly if you're manually allocating and releasing memory. +QStrings are generally *much* safer and easier to use. They also make +translations easier. + +If you need to pass strings between Qt and GLib you can use a number +of convenience routines which are defined in _ui/qt/utils/qt_ui_utils.h_. + +If you're calling a function that returns wmem-allocated memory it might make +more sense to add a wrapper function to _qt_ui_utils_ than to call wmem_free in +your code. + +===== Mixing C and {cpp} + +Sometimes we have to call {cpp} functions from one of +Wireshark’s C callbacks and pass {cpp} objects to or from C. Tap +listeners are a common example. The {cpp} FAQ +https://www.parashift.com/c++-faq/mixing-c-and-cpp.html[describes how to do +this safely]. + +Tapping usually involves declaring static methods for callbacks, passing `this` +as the tap data. + +[#ChUII18N] +===== Internationalization and Translation + +Qt provides a convenient method for translating text: `Qobject::tr()`, +usually available as `tr()`. + +However, please avoid using `tr()` for static strings and define them in _*.ui_ +files instead. `tr()` on manually created objects like `QMenu` are not +automatically retranslated and must instead be manually translated using +`changeEvent()` and `retranslateUi()`. See _ui/qt/wireshark_main_window.cpp_ for an example +of this. + +NOTE: If your object life is short and your components are (re)created +dynamically then it is ok to use `tr()`. + +In most cases you should handle the changeEvent in order to catch +`QEvent::LanguageChange`. + +Qt makes translating the Wireshark UI into different languages easy. To add a new +translation, do the following: + +- Add your translation (_ui/qt/wireshark_XX.ts_) to _ui/qt/CMakeLists.txt_ +- (Recommended) Add a flag image for your language in _resources/languages/XX.svg_. Update _resources/languages/languages.qrc_ accordingly. +- Run `lupdate ui/qt -ts ui/qt/wireshark_XX.ts` to generate/update your translation file. +- Add ui/qt/wireshark_XX.ts to `.tx/config`. +- Translate with Qt Linguist: `linguist ui/qt/wireshark_XX.ts`. +- Do a test build and make sure the generated _wireshark_XX.qm_ binary file is included. +- Push your translation to GitLab for review. See <> for details. + +Alternatively you can put your QM and flag files in the _languages_ +directory in the Wireshark user configuration directory +(_$XDG_CONFIG_HOME/wireshark/languages/_ or _$HOME/.wireshark/languages/_ on +UNIX). + +For more information about Qt Linguist see +https://doc.qt.io/qt-5/qtlinguist-index.html[its manual]. + +You can also manage translations online with +https://www.transifex.com/wireshark/wireshark/[Transifex]. +Translation resources are organized by type of translation and development branch: + +master:: +Qt Linguist resources in the _ui/qt_ in the master branch. + +debian:: +GNU gettext resources in the _debian_ directory in the master branch. + +qt-_XY_, master-_XY_:: +Qt Linguist resources in the _ui/qt_ in the _X.Y_ release branch. +For example, qt-34 matches the Wireshark 3.2 release branch. + +po-_XY_, debian-_XY_:: +GNU gettext (.po) resources in the _debian_ directory in the _X.Y_ release branch. +For example, po-34 matches the Wireshark 3.4 release branch. + +Each week translations are automatically synchronized with the source code through the following steps: + +- Pull changes from Transifex by running `tx pull -f`. +- Run `lupdate` on the ts files. +- Push and commit on GitLab. +- Push changes to Transifex by running `tx push`. + +===== Colors And Themes + +Qt provides a number of colors via the https://doc.qt.io/qt-5/qpalette.html[QPalette] +class. Use this class when you need a standard color provided by the +underlying operating system. + +Wireshark uses an extended version of the +https://en.wikipedia.org/wiki/Tango_Desktop_Project[Tango Color Palette] +for many interface elements that require custom colors. This includes the +I/O graphs, sequence diagrams, and RTP streams. Please use this palette +(defined in `tango_colors.h` and the *ColorUtils* class) if *QPalette* +doesn't meet your needs. + +Wireshark supports dark themes (aka “dark mode”) on some platforms. We +leverage Qt's dark theme support when possible, but have implemented our +own support and workarounds in some cases. You can ensure that your code +includes proper dark theme support by doing the following: + +* You can use a macOS-style template icon by creating a monochrome SVG +document with “.template” appended to the name, e.g. +`resources/stock_icons/24x24/edit-find.template.svg`. +* Qt draws unvisited links *Qt::blue* no matter what. You can work +around this by using `ColorUtils::themeLinkBrush()` and +`ColorUtils::themeLinkStyle()`. +* You can catch dark and light mode changes by handling +`QEvent::ApplicationPaletteChange`. + +==== Other Issues and Information + +The main window has many QActions which are shared with child widgets. See +_ui/qt/proto_tree.cpp_ for an example of this. + +To demonstrate the functionality of the plugin interface options, a +demonstration plugin exists (pluginifdemo). See _doc/README.plugins_ and +_plugins/epan/pluginifdemo_. + +https://www.kdab.com/development-resources/qt-tools/gammaray/[GammaRay] lets you inspect +the internals of a running Qt application similar to $$Spy++$$ on Windows. + +[#ChUIGUIDocs] + +=== Human Interface Reference Documents + +Wireshark runs on a number of platforms, primarily Windows, macOS, and +Linux. It should conform to the Windows, macOS, GNOME, and KDE human +interface guidelines as much as possible. Unfortunately, creating a +feature that works well across these platforms can sometimes be a +juggling act since the human interface guidelines for each platform +often contradict one another. If you run into trouble you can ask the +_wireshark-dev_ mailing list as well as the User Experience Stack +Exchange listed below. + +For further reference, see the following: + +* Android Design: +https://developer.android.com/design/[]. Wireshark doesn't have +a mobile frontend (not yet, at least) but there is still useful +information here. + +* GNOME Human Interface Guidelines: +https://developer.gnome.org/hig/[] + +* KDE Human Interface Guidelines: +https://hig.kde.org[] + +* macOS Human Interface Guidelines: +https://developer.apple.com/design/human-interface-guidelines/macos/overview/themes/[] + +* Design guidelines for the Windows desktop: +https://docs.microsoft.com/en-us/windows/desktop/uxguide/guidelines[] + +* User Experience Stack Exchange: +https://ux.stackexchange.com/[] + +// End of WSDG Chapter User Interface diff --git a/docbook/wsdg_src/wsdg_works.adoc b/docbook/wsdg_src/wsdg_works.adoc new file mode 100644 index 00000000..baa75403 --- /dev/null +++ b/docbook/wsdg_src/wsdg_works.adoc @@ -0,0 +1,119 @@ +// WSDG Chapter Works + +[#ChapterWorks] + +== How Wireshark Works + +[#ChWorksIntro] + +=== Introduction + +This chapter will give you a short overview of how Wireshark works. + +[#ChWorksOverview] + +=== Overview + +The following will give you a simplified overview of Wireshark’s function blocks: + +[#ChWorksFigOverview] + +.Wireshark function blocks +image::images/ws-function-blocks.png[{pdf-scaledwidth}] + +The function blocks in more detail: + +GUI:: Handling of all user input/output (all windows, dialogs and such). +Source code can be found in the _ui/qt_ directory. + +Core:: Main "glue code" that holds the other blocks together. Source +code can be found in the root directory. + +Epan:: Enhanced Packet ANalyzer -- the packet analyzing engine. +Source code can be found in the _epan_ directory. Epan provides +the following APIs: + +* Protocol Tree. Dissection information for an individual packet. + +* Dissectors. The various protocol dissectors in +_epan/dissectors_. + +* Dissector Plugins - Support for implementing dissectors as separate modules. +Source code can be found in _plugins_. + +* Display Filters - The display filter engine at +_epan/dfilter_. + +Wiretap:: The wiretap library is used to read and write capture files in libpcap, +pcapng, and many other file formats. Source code is in the +_wiretap_ directory. + +Capture:: The interface to the capture engine. Source code is in the +root directory. + +Dumpcap:: The capture engine itself. This is the only part that executes with +elevated privileges. Source code is in the root directory. + +Npcap and libpcap:: These are external libraries that provide packet capture +and filtering support on different platforms. The filtering in Npcap and libpcap +works at a much lower level than Wireshark’s display filters and uses a +significantly different mechanism. That’s why there are different display and +capture filter syntaxes. + + +[#ChWorksCapturePackets] + +=== Capturing packets + +Capturing takes packets from a network adapter and saves them to a file +on your hard disk. + +Since raw network adapter access requires elevated privileges, these functions +are isolated to the `dumpcap` program. Placing the capture functionality +into `dumpcap` allows the rest of the code (dissectors, user interface, +etc.) to run with normal user privileges. + +To hide all the low-level machine dependent details from Wireshark, the libpcap +and Npcap (see <>) libraries are used. These libraries provide a +general purpose interface to capture packets and are used by a wide variety of +applications. + +[#ChWorksCaptureFiles] + +=== Capture Files + +Wireshark can read and write capture files in its natural file formats, pcapng +and pcap, which are used by many other network capturing tools, such as tcpdump. +Additionally, Wireshark supports reading and writing packet capture files +in formats used by other network capture tools. This support is implemented in +Wireshark's wiretap library, which provides a general purpose interface for +reading and writing packet capture formats and supports more than twenty +packet capture formats. + +[#ChWorksDissectPackets] + +=== Dissect packets + +Wireshark dissects packets in what it calls 'two-pass' dissection. + +Wireshark performs a first pass of dissecting all packets as they are loaded +from the file. All packets are dissected sequentially and this information +is used to populate Wireshark's packet list pane and to build state and +other information needed when displaying the packet. + +Wireshark later performs 'second pass' ad-hoc dissections on the +packets that it needs data from. This enables Wireshark to fill in fields that +require future knowledge, like the 'response in frame #' fields, +and correctly calculate reassembly frame dependencies. + +For example, Wireshark will perform an ad-hoc dissection when a user selects +a packet (to display the packet details), +calculates a statistic (so all values are computed), +or performs another action that requires packet data. +However, because Wireshark may only dissect +the packets that are needed, there is no guarantee that +Wireshark will dissect all packets again, nor is there any guarantee as to the +order that the packets will be dissected after the first pass. + +// End of WSDG Chapter Works + diff --git a/docbook/wsug_src/capinfos-h.txt b/docbook/wsug_src/capinfos-h.txt new file mode 100644 index 00000000..fa422fce --- /dev/null +++ b/docbook/wsug_src/capinfos-h.txt @@ -0,0 +1,68 @@ +Capinfos (Wireshark) 4.2.1 (v4.2.1rc0-11-gae025b2614ce) +Print various information (infos) about capture files. +See https://www.wireshark.org for more information. + +Usage: capinfos [options] ... + +General infos: + -t display the capture file type + -E display the capture file encapsulation + -I display the capture file interface information + -F display additional capture file information + -H display the SHA256 and SHA1 hashes of the file + -k display the capture comment + -p display individual packet comments + +Size infos: + -c display the number of packets + -s display the size of the file (in bytes) + -d display the total length of all packets (in bytes) + -l display the packet size limit (snapshot length) + +Time infos: + -u display the capture duration (in seconds) + -a display the capture start time + -e display the capture end time + -o display the capture file chronological status (True/False) + -S display start and end times as seconds + +Statistic infos: + -y display average data rate (in bytes/sec) + -i display average data rate (in bits/sec) + -z display average packet size (in bytes) + -x display average packet rate (in packets/sec) + +Metadata infos: + -n display number of resolved IPv4 and IPv6 addresses + -D display number of decryption secrets + +Output format: + -L generate long report (default) + -T generate table report + -M display machine-readable values in long reports + +Table report options: + -R generate header record (default) + -r do not generate header record + + -B separate infos with TAB character (default) + -m separate infos with comma (,) character + -b separate infos with SPACE character + + -N do not quote infos (default) + -q quote infos with single quotes (') + -Q quote infos with double quotes (") + +Miscellaneous: + -h, --help display this help and exit + -v, --version display version info and exit + -C cancel processing if file open fails (default is to continue) + -A generate all infos (default) + -K disable displaying the capture comment + -P disable displaying individual packet comments + +Options are processed from left to right order with later options superseding +or adding to earlier options. + +If no options are given the default is to display all infos in long report +output format. diff --git a/docbook/wsug_src/dumpcap-h.txt b/docbook/wsug_src/dumpcap-h.txt new file mode 100644 index 00000000..23441e8e --- /dev/null +++ b/docbook/wsug_src/dumpcap-h.txt @@ -0,0 +1,94 @@ +Dumpcap (Wireshark) 4.2.1 (v4.2.1rc0-11-gae025b2614ce) +Capture network packets and dump them into a pcapng or pcap file. +See https://www.wireshark.org for more information. + +Usage: dumpcap [options] ... + +Capture interface: + -i , --interface + name or idx of interface (def: first non-loopback), + or for remote capturing, use one of these formats: + rpcap:/// + TCP@: + --ifname name to use in the capture file for a pipe from which + we're capturing + --ifdescr + description to use in the capture file for a pipe + from which we're capturing + -f packet filter in libpcap filter syntax + -s , --snapshot-length + packet snapshot length (def: appropriate maximum) + -p, --no-promiscuous-mode + don't capture in promiscuous mode + -I, --monitor-mode capture in monitor mode, if available + -B , --buffer-size + size of kernel buffer in MiB (def: 2MiB) + -y , --linktype + link layer type (def: first appropriate) + --time-stamp-type timestamp method for interface + -D, --list-interfaces print list of interfaces and exit + -L, --list-data-link-types + print list of link-layer types of iface and exit + --list-time-stamp-types print list of timestamp types for iface and exit + --update-interval interval between updates with new packets (def: 100ms) + -d print generated BPF code for capture filter + -k ,[],[],[] + set channel on wifi interface + -S print statistics for each interface once per second + -M for -D, -L, and -S, produce machine-readable output + +Stop conditions: + -c stop after n packets (def: infinite) + -a ..., --autostop ... + duration:NUM - stop after NUM seconds + filesize:NUM - stop this file after NUM kB + files:NUM - stop after NUM files + packets:NUM - stop after NUM packets +Output (files): + -w name of file to save (def: tempfile) + -g enable group read access on the output file(s) + -b ..., --ring-buffer + duration:NUM - switch to next file after NUM secs + filesize:NUM - switch to next file after NUM kB + files:NUM - ringbuffer: replace after NUM files + packets:NUM - ringbuffer: replace after NUM packets + interval:NUM - switch to next file when the time is + an exact multiple of NUM secs + printname:FILE - print filename to FILE when written + (can use 'stdout' or 'stderr') + -n use pcapng format instead of pcap (default) + -P use libpcap format instead of pcapng + --capture-comment + add a capture comment to the output file + (only for pcapng) + --temp-dir write temporary files to this directory + (default: /tmp) + +Diagnostic output: + --log-level sets the active log level ("critical", "warning", etc.) + --log-fatal sets level to abort the program ("critical" or "warning") + --log-domains <[!]list> comma-separated list of the active log domains + --log-fatal-domains + list of domains that cause the program to abort + --log-debug <[!]list> list of domains with "debug" level + --log-noisy <[!]list> list of domains with "noisy" level + --log-file file to output messages to (in addition to stderr) + +Miscellaneous: + -N maximum number of packets buffered within dumpcap + -C maximum number of bytes used for buffering packets + within dumpcap + -t use a separate thread per interface + -q don't report packet capture counts + -v, --version print version information and exit + -h, --help display this help and exit + +Dumpcap can benefit from an enabled BPF JIT compiler if available. +You might want to enable it by executing: + "echo 1 > /proc/sys/net/core/bpf_jit_enable" +Note that this can make your system less secure! + +Example: dumpcap -i eth0 -a duration:60 -w output.pcapng +"Capture packets from interface eth0 until 60s passed into output.pcapng" + +Use Ctrl-C to stop capturing at any time. diff --git a/docbook/wsug_src/editcap-F.txt b/docbook/wsug_src/editcap-F.txt new file mode 100644 index 00000000..c566bd2c --- /dev/null +++ b/docbook/wsug_src/editcap-F.txt @@ -0,0 +1,39 @@ +editcap: The available capture file types for the "-F" flag are: + pcap - Wireshark/tcpdump/... - pcap + pcapng - Wireshark/... - pcapng + 5views - InfoVista 5View capture + btsnoop - Symbian OS btsnoop + commview-ncf - TamoSoft CommView NCF + commview-ncfx - TamoSoft CommView NCFX + dct2000 - Catapult DCT2000 trace (.out format) + erf - Endace ERF capture + eyesdn - EyeSDN USB S0/E1 ISDN trace format + k12text - K12 text file + lanalyzer - Novell LANalyzer + logcat - Android Logcat Binary format + logcat-brief - Android Logcat Brief text format + logcat-long - Android Logcat Long text format + logcat-process - Android Logcat Process text format + logcat-tag - Android Logcat Tag text format + logcat-thread - Android Logcat Thread text format + logcat-threadtime - Android Logcat Threadtime text format + logcat-time - Android Logcat Time text format + modpcap - Modified tcpdump - pcap + netmon1 - Microsoft NetMon 1.x + netmon2 - Microsoft NetMon 2.x + nettl - HP-UX nettl trace + ngsniffer - Sniffer (DOS) + ngwsniffer_1_1 - NetXray, Sniffer (Windows) 1.1 + ngwsniffer_2_0 - Sniffer (Windows) 2.00x + nokiapcap - Nokia tcpdump - pcap + nsecpcap - Wireshark/tcpdump/... - nanosecond pcap + nstrace10 - NetScaler Trace (Version 1.0) + nstrace20 - NetScaler Trace (Version 2.0) + nstrace30 - NetScaler Trace (Version 3.0) + nstrace35 - NetScaler Trace (Version 3.5) + observer - Viavi Observer + rf5 - Tektronix K12xx 32-bit .rf5 format + rh6_1pcap - RedHat 6.1 tcpdump - pcap + snoop - Sun snoop + suse6_3pcap - SuSE 6.3 tcpdump - pcap + visual - Visual Networks traffic capture diff --git a/docbook/wsug_src/editcap-T.txt b/docbook/wsug_src/editcap-T.txt new file mode 100644 index 00000000..e975dcec --- /dev/null +++ b/docbook/wsug_src/editcap-T.txt @@ -0,0 +1,225 @@ +editcap: The available encapsulation types for the "-T" flag are: + alp - ATSC Link-Layer Protocol (A/330) packets + ap1394 - Apple IP-over-IEEE 1394 + arcnet - ARCNET + arcnet_linux - Linux ARCNET + ascend - Lucent/Ascend access equipment + atm-pdus - ATM PDUs + atm-pdus-untruncated - ATM PDUs - untruncated + atm-rfc1483 - RFC 1483 ATM + auerlog - Auerswald Log + autosardlt - AUTOSAR DLT + ax25 - Amateur Radio AX.25 + ax25-kiss - AX.25 with KISS header + bacnet-ms-tp - BACnet MS/TP + bacnet-ms-tp-with-direction - BACnet MS/TP with Directional Info + ber - ASN.1 Basic Encoding Rules + bluetooth-bredr-bb-rf - Bluetooth BR/EDR Baseband RF + bluetooth-h4 - Bluetooth H4 + bluetooth-h4-linux - Bluetooth H4 with linux header + bluetooth-hci - Bluetooth without transport layer + bluetooth-le-ll - Bluetooth Low Energy Link Layer + bluetooth-le-ll-rf - Bluetooth Low Energy Link Layer RF + bluetooth-linux-monitor - Bluetooth Linux Monitor + can20b - Controller Area Network 2.0B + chdlc - Cisco HDLC + chdlc-with-direction - Cisco HDLC with Directional Info + cosine - CoSine L2 debug log + dbus - D-Bus + dct2000 - Catapult DCT2000 + docsis - Data Over Cable Service Interface Specification + docsis31_xra31 - DOCSIS with Excentis XRA pseudo-header + dpauxmon - DisplayPort AUX channel with Unigraf pseudo-header + dpnss_link - Digital Private Signalling System No 1 Link Layer + dvbci - DVB-CI (Common Interface) + ebhscr - Elektrobit High Speed Capture and Replay + enc - OpenBSD enc(4) encapsulating interface + epon - Ethernet Passive Optical Network + erf - Extensible Record Format + eri_enb_log - Ericsson eNode-B raw log + ether - Ethernet + ether-mpacket - IEEE 802.3br mPackets + ether-nettl - Ethernet with nettl headers + etw - Event Tracing for Windows messages + fc2 - Fibre Channel FC-2 + fc2sof - Fibre Channel FC-2 With Frame Delimiter + fddi - FDDI + fddi-nettl - FDDI with nettl headers + fddi-swapped - FDDI with bit-swapped MAC addresses + fira-uci - FiRa UWB Controller Interface (UCI) protocol. + flexray - FlexRay + frelay - Frame Relay + frelay-with-direction - Frame Relay with Directional Info + gcom-serial - GCOM Serial + gcom-tie1 - GCOM TIE1 + gfp-f - ITU-T G.7041/Y.1303 Generic Framing Procedure Frame-mapped mode + gfp-t - ITU-T G.7041/Y.1303 Generic Framing Procedure Transparent mode + gprs-llc - GPRS LLC + gsm_um - GSM Um Interface + hhdlc - HiPath HDLC + i2c-linux - I2C with Linux-specific pseudo-header + ieee-802-11 - IEEE 802.11 Wireless LAN + ieee-802-11-avs - IEEE 802.11 plus AVS radio header + ieee-802-11-netmon - IEEE 802.11 plus Network Monitor radio header + ieee-802-11-prism - IEEE 802.11 plus Prism II monitor mode radio header + ieee-802-11-radio - IEEE 802.11 Wireless LAN with radio information + ieee-802-11-radiotap - IEEE 802.11 plus radiotap radio header + ieee-802-16-mac-cps - IEEE 802.16 MAC Common Part Sublayer + infiniband - InfiniBand + ios - Cisco IOS internal + ip-ib - IP over IB + ip-over-fc - RFC 2625 IP-over-Fibre Channel + ip-over-ib - IP over InfiniBand + ipfix - RFC 5655/RFC 5101 IPFIX + ipmb-kontron - Intelligent Platform Management Bus with Kontron pseudo-header + ipmi-trace - IPMI Trace Data Collection + ipnet - Solaris IPNET + irda - IrDA + isdn - ISDN + iso14443 - ISO 14443 contactless smartcard standards + ixveriwave - IxVeriWave header and stats block + jfif - JPEG/JFIF + json - JavaScript Object Notation + juniper-atm1 - Juniper ATM1 + juniper-atm2 - Juniper ATM2 + juniper-chdlc - Juniper C-HDLC + juniper-ether - Juniper Ethernet + juniper-frelay - Juniper Frame-Relay + juniper-ggsn - Juniper GGSN + juniper-mlfr - Juniper MLFR + juniper-mlppp - Juniper MLPPP + juniper-ppp - Juniper PPP + juniper-pppoe - Juniper PPPoE + juniper-st - Juniper Secure Tunnel Information + juniper-svcs - Juniper Services + juniper-vn - Juniper VN + juniper-vp - Juniper Voice PIC + k12 - K12 protocol analyzer + lapb - LAPB + lapd - LAPD + layer1-event - EyeSDN Layer 1 event + lin - Local Interconnect Network + linux-atm-clip - Linux ATM CLIP + linux-lapd - LAPD with Linux pseudo-header + linux-sll - Linux cooked-mode capture v1 + linux-sll2 - Linux cooked-mode capture v2 + log_3GPP - 3GPP Phone Log + logcat - Android Logcat Binary format + logcat_brief - Android Logcat Brief text format + logcat_long - Android Logcat Long text format + logcat_process - Android Logcat Process text format + logcat_tag - Android Logcat Tag text format + logcat_thread - Android Logcat Thread text format + logcat_threadtime - Android Logcat Threadtime text format + logcat_time - Android Logcat Time text format + loop - OpenBSD loopback + loratap - LoRaTap + ltalk - Localtalk + mdb - MDB (Multi-Drop Bus) + message_analyzer_wfp_capture2_v4 - Message Analyzer WFP Capture2 v4 + message_analyzer_wfp_capture2_v6 - Message Analyzer WFP Capture2 v6 + message_analyzer_wfp_capture_auth_v4 - Message Analyzer WFP Capture Auth v4 + message_analyzer_wfp_capture_auth_v6 - Message Analyzer WFP Capture Auth v6 + message_analyzer_wfp_capture_v4 - Message Analyzer WFP Capture v4 + message_analyzer_wfp_capture_v6 - Message Analyzer WFP Capture v6 + mime - MIME + most - Media Oriented Systems Transport + mp2ts - ISO/IEC 13818-1 MPEG2-TS + mp4 - MP4 files + mpeg - MPEG + mtp2 - SS7 MTP2 + mtp2-with-phdr - MTP2 with pseudoheader + mtp3 - SS7 MTP3 + mux27010 - MUX27010 + netanalyzer - Hilscher netANALYZER + netanalyzer-transparent - Hilscher netANALYZER-Transparent + netlink - Linux Netlink + netmon_event - Network Monitor Network Event + netmon_filter - Network Monitor Filter + netmon_header - Network Monitor Header + netmon_network_info - Network Monitor Network Info + nfc-llcp - NFC LLCP + nflog - NFLOG + nordic_ble - nRF Sniffer for Bluetooth LE + nstrace10 - NetScaler Encapsulation 1.0 of Ethernet + nstrace20 - NetScaler Encapsulation 2.0 of Ethernet + nstrace30 - NetScaler Encapsulation 3.0 of Ethernet + nstrace35 - NetScaler Encapsulation 3.5 of Ethernet + null - NULL/Loopback + packetlogger - Apple Bluetooth PacketLogger + pflog - OpenBSD PF Firewall logs + pflog-old - OpenBSD PF Firewall logs, pre-3.4 + pktap - Apple PKTAP + ppi - Per-Packet Information header + ppp - PPP + ppp-with-direction - PPP with Directional Info + pppoes - PPP-over-Ethernet session + raw-icmp-nettl - Raw ICMP with nettl headers + raw-icmpv6-nettl - Raw ICMPv6 with nettl headers + raw-telnet-nettl - Raw telnet with nettl headers + rawip - Raw IP + rawip-nettl - Raw IP with nettl headers + rawip4 - Raw IPv4 + rawip6 - Raw IPv6 + redback - Redback SmartEdge + rfc7468 - RFC 7468 file + rtac-serial - RTAC serial-line + ruby_marshal - Ruby marshal object + s4607 - STANAG 4607 + s5066-dpdu - STANAG 5066 Data Transfer Sublayer PDUs(D_PDU) + sccp - SS7 SCCP + sctp - SCTP + sdh - SDH + sdjournal - systemd journal + sdlc - SDLC + silabs-dch - Silabs Debug Channel + sita-wan - SITA WAN packets + slip - SLIP + socketcan - SocketCAN + symantec - Symantec Enterprise Firewall + tnef - Transport-Neutral Encapsulation Format + tr - Token Ring + tr-nettl - Token Ring with nettl headers + tzsp - Tazmen sniffer protocol + unknown - Unknown + unknown-nettl - Unknown link-layer type with nettl headers + usb-20 - USB 2.0/1.1/1.0 packets + usb-20-full - Full-Speed USB 2.0/1.1/1.0 packets + usb-20-high - High-Speed USB 2.0 packets + usb-20-low - Low-Speed USB 2.0/1.1/1.0 packets + usb-darwin - USB packets with Darwin (macOS, etc.) headers + usb-freebsd - USB packets with FreeBSD header + usb-linux - USB packets with Linux header + usb-linux-mmap - USB packets with Linux header and padding + usb-usbpcap - USB packets with USBPcap header + user0 - USER 0 + user1 - USER 1 + user2 - USER 2 + user3 - USER 3 + user4 - USER 4 + user5 - USER 5 + user6 - USER 6 + user7 - USER 7 + user8 - USER 8 + user9 - USER 9 + user10 - USER 10 + user11 - USER 11 + user12 - USER 12 + user13 - USER 13 + user14 - USER 14 + user15 - USER 15 + v5-ef - V5 Envelope Function + vpp - Vector Packet Processing graph dispatch trace + vsock - Linux vsock + whdlc - Wellfleet HDLC + wireshark-upper-pdu - Wireshark Upper PDU export + wpan - IEEE 802.15.4 Wireless PAN + wpan-nofcs - IEEE 802.15.4 Wireless PAN with FCS not present + wpan-nonask-phy - IEEE 802.15.4 Wireless PAN non-ASK PHY + wpan-tap - IEEE 802.15.4 Wireless with TAP pseudo-header + x2e-serial - X2E serial line capture + x2e-xoraya - X2E Xoraya + x25-nettl - X.25 with nettl headers + xeth - Xerox 3MB Ethernet + zbncp - ZBOSS NCP + zwave-serial - Z-Wave Serial API packets diff --git a/docbook/wsug_src/editcap-h.txt b/docbook/wsug_src/editcap-h.txt new file mode 100644 index 00000000..0b8a5b53 --- /dev/null +++ b/docbook/wsug_src/editcap-h.txt @@ -0,0 +1,117 @@ +Editcap (Wireshark) 4.2.1 (v4.2.1rc0-11-gae025b2614ce) +Edit and/or translate the format of capture files. +See https://www.wireshark.org for more information. + +Usage: editcap [options] ... [ [-] ... ] + + and must both be present; use '-' for stdin or stdout. +A single packet or a range of packets can be selected. + +Packet selection: + -r keep the selected packets; default is to delete them. + -A only read packets whose timestamp is after (or equal + to) the given time. + -B only read packets whose timestamp is before the + given time. + Time format for -A/-B options is + YYYY-MM-DDThh:mm:ss[.nnnnnnnnn][Z|+-hh:mm] + Unix epoch timestamps are also supported. + +Duplicate packet removal: + --novlan remove vlan info from packets before checking for duplicates. + -d remove packet if duplicate (window == 5). + -D remove packet if duplicate; configurable . + Valid values are 0 to 1000000. + NOTE: A of 0 with -V (verbose option) is + useful to print MD5 hashes. + -w remove packet if duplicate packet is found EQUAL TO OR + LESS THAN prior to current packet. + A is specified in relative seconds + (e.g. 0.000001). + NOTE: The use of the 'Duplicate packet removal' options with + other editcap options except -V may not always work as expected. + Specifically the -r, -t or -S options will very likely NOT have the + desired effect if combined with the -d, -D or -w. + --skip-radiotap-header skip radiotap header when checking for packet duplicates. + Useful when processing packets captured by multiple radios + on the same channel in the vicinity of each other. + --set-unused set unused byts to zero in sll link addr. + +Packet manipulation: + -s truncate each packet to max. bytes of data. + -C [offset:] chop each packet by bytes. Positive values + chop at the packet beginning, negative values at the + packet end. If an optional offset precedes the length, + then the bytes chopped will be offset from that value. + Positive offsets are from the packet beginning, + negative offsets are from the packet end. You can use + this option more than once, allowing up to 2 chopping + regions within a packet provided that at least 1 + choplen is positive and at least 1 is negative. + -L adjust the frame (i.e. reported) length when chopping + and/or snapping. + -t