Merge remote-tracking branch 'upstream/master'

doc/man_pages/sshdig.adoc

@@ -58,7 +58,6 @@ sshdig - Provide interfaces to capture system calls from a remote host through S
 *--remote-host=myremotehost*
 *--remote-port=22*
 *--remote-username=user*
-*--remote-interface=eth2*
 *--remote-capture-command='sysdig --unbuffered --write=-'*
 
 == DESCRIPTION
@@ -143,9 +142,6 @@ The passphrase for the private key for authentication.
 --proxycommand=<proxy command>::
 The command to use as proxy for the SSH connection.
 
---remote-interface=<remote interface>::
-The remote network interface to capture from.
-
 --remote-capture-command-select=<capture command-selection>::
 The command to run on the remote system.
 Either *sysdig* for a remote capture command using sysdig, or *other*, where the remote capture command must be provided with the *--remote-capture-command* option.
@@ -226,7 +222,7 @@ To see interface configuration options:
 
 To capture:
 
-    sshdig --extcap-interface=sshdig --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10
+    sshdig --extcap-interface=sshdig --fifo=/tmp/ssh.scap --capture --remote-host 192.168.1.10
     --remote-username user
 
 // To use different capture binaries:
@@ -244,7 +240,7 @@ To capture:
 NOTE: kbd:[CTRL+C] should be used to stop the capture in order to ensure clean termination.
 
 The sshdig binary can be renamed to support multiple instances. For instance if we want sshdig
-to show up twice in stratoshark (for instance to handle multiple profiles), we can copy sshdig to
+to show up twice in Stratoshark (for instance to handle multiple profiles), we can copy sshdig to
 sshdig-host1 and sshdig-host2. Each binary will show up an interface name same as the executable
 name. Those executables not being "sshdig" will show up as "custom version" in the capture source description.
 

epan/.clang-tidy

@@ -1 +1,3 @@
 InheritParentConfig: true
+
+WarningsAsErrors: misc-no-recursion

epan/dissectors/packet-egnos-ems.c

@@ -13,6 +13,7 @@
 
 #include "config.h"
 #include <epan/packet.h>
+#include <errno.h>
 #include <glib.h>
 #include <proto.h>
 #include <strutil.h>

epan/tvbuff_composite.c

@@ -24,6 +24,8 @@ typedef struct {
 	unsigned		*start_offsets;
 	unsigned		*end_offsets;
 
+	unsigned	recursion_depth;
+
 } tvb_comp_t;
 
 struct tvb_composite {
@@ -101,7 +103,9 @@ composite_get_ptr(tvbuff_t *tvb, unsigned abs_offset, unsigned abs_length)
 	DISSECTOR_ASSERT_NOT_REACHED();
 }
 
+#define MAX_RECURSION_DEPTH 500 // Arbitrary; matches prefs.gui_max_tree_depth
 static void *
+// NOLINTNEXTLINE(misc-no-recursion)
 composite_memcpy(tvbuff_t *tvb, void* _target, unsigned abs_offset, unsigned abs_length)
 {
 	struct tvb_composite *composite_tvb = (struct tvb_composite *) tvb;
@@ -148,14 +152,18 @@ composite_memcpy(tvbuff_t *tvb, void* _target, unsigned abs_offset, unsigned abs
 
 		/* composite_memcpy() can't handle a member_length of zero. */
 		DISSECTOR_ASSERT(member_length > 0);
+		/* make sure we don't underflow below */
+		DISSECTOR_ASSERT(member_length <= abs_length);
 
 		tvb_memcpy(member_tvb, target, member_offset, member_length);
 		abs_offset	+= member_length;
 		abs_length	-= member_length;
 
 		/* Recurse */
 		if (abs_length > 0) {
+			DISSECTOR_ASSERT(++composite->recursion_depth < MAX_RECURSION_DEPTH);
 			composite_memcpy(tvb, target + member_length, abs_offset, abs_length);
+			composite->recursion_depth--;
 		}
 
 		return target;
@@ -198,6 +206,7 @@ tvb_new_composite(void)
 	composite->tvbs		 = g_queue_new();
 	composite->start_offsets = NULL;
 	composite->end_offsets	 = NULL;
+	composite->recursion_depth = 0;
 
 	return tvb;
 }

extcap/sshdig.c

@@ -287,8 +287,8 @@ static int list_config(char *interface)
             "{type=string}{tooltip=User name of privileged user to execute the capture command on the remote machine}"
             "{group=Capture}\n", inc++);
     printf("{group=Capture}\n");
-    printf("arg {number=%u}{call=--remote-count}{display=Packets to capture}"
-            "{type=unsigned}{default=0}{tooltip=The number of remote packets to capture. (Default: inf)}"
+    printf("arg {number=%u}{call=--remote-count}{display=Events to capture}"
+            "{type=unsigned}{default=0}{tooltip=The number of remote events to capture. (Default: inf)}"
             "{group=Capture}\n", inc++);
     printf("arg {number=%u}{call=--remote-modern-bpf}{display=Use eBPF}{type=boolflag}{default=true}"
             "{tooltip=Use eBPF for capture. With this no kernel module is required}{group=Capture}\n", inc++);
@@ -380,7 +380,7 @@ int main(int argc, char *argv[])
     extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command");
     extcap_help_add_option(extcap_conf, "--remote-priv <selection>", "none, sudo or doas");
     extcap_help_add_option(extcap_conf, "--remote-priv-user <username>", "privileged user name");
-    extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of packets to capture");
+    extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of events to capture");
     extcap_help_add_option(extcap_conf, "--remote-modern-bpf", "use eBPF");
 
     ws_opterr = 0;

tools/macos-setup.sh

@@ -121,7 +121,7 @@ PCRE2_VERSION=10.44
 #
 # To override the version of Qt call the script with some of the variables
 # set to the new values. Setting the variable to empty will disable building
-# the toolkit and will uninstall # any version previously installed by the
+# the toolkit and will uninstall any version previously installed by the
 # script, e.g.
 # "QT_VERSION=5.10.1 ./macos-setup.sh"
 # will build and install with QT 5.10.1.
@@ -1425,8 +1425,17 @@ install_gmp() {
         else
             LD64_FLAG=""
         fi
+        if [ "$DARWIN_PROCESSOR_ARCH" = "x86_64" ]
+        then
+            # If contemplating darwin20 or newer, refer to the last two paragraphs of
+            # https://gmplib.org/list-archives/gmp-bugs/2024-October/005539.html
+            # and either ensure that GMP is newer than 6.3.0 or run "autoreconf".
+            GMP_BUILD_OPTION="--build=nehalem-apple-darwin18"
+        else
+            GMP_BUILD_OPTION=""
+        fi
         CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS $LD64_FLAG" \
-            ./configure "${CONFIGURE_OPTS[@]}" --enable-fat
+            ./configure "${CONFIGURE_OPTS[@]}" --enable-fat "$GMP_BUILD_OPTION"
         make "${MAKE_BUILD_OPTS[@]}"
         $DO_MAKE_INSTALL
         cd ..
@@ -4112,7 +4121,7 @@ fi
 # You need Xcode or the command-line tools installed to get the compilers (xcrun checks both).
 #
  if [ ! -x /usr/bin/xcrun ]; then
-    echo "Please install Xcode (app or command line) first (should be available on DVD or from the Mac App Store)."
+    echo "Please install Xcode (app or command line) first (should be available from the Mac App Store)."
     exit 1
 fi
 
@@ -4132,7 +4141,7 @@ if [ "$QT_VERSION" ]; then
     elif qmake --version >/dev/null 2>&1; then
         :
     else
-        echo "Please install Xcode first (should be available on DVD or from the Mac App Store)."
+        echo "Please install Xcode first (should be available from the Mac App Store)."
         echo "The command-line build tools are not sufficient to build Qt."
         echo "Alternatively build QT according to: https://gist.github.com/shoogle/750a330c851bd1a924dfe1346b0b4a08#:~:text=MacOS%2FQt%5C%20Creator-,Go%20to%20Qt%20Creator%20%3E%20Preferences%20%3E%20Build%20%26%20Run%20%3E%20Kits,for%20both%20compilers%2C%20not%20gcc%20."
         exit 1

ui/cli/tap-diameter-avp.c

@@ -56,6 +56,7 @@ typedef struct _diameteravp_t {
 
 /* Copied from proto.c */
 static bool
+// NOLINTNEXTLINE(misc-no-recursion)
 tree_traverse_pre_order(proto_tree *tree, proto_tree_traverse_func func, void *data)
 {
 	proto_node *pnode = tree;
@@ -69,6 +70,7 @@ tree_traverse_pre_order(proto_tree *tree, proto_tree_traverse_func func, void *d
 	while (child != NULL) {
 		current = child;
 		child = current->next;
+		// We recurse here, but we're limited by our tree depth checks in proto.c
 		if (tree_traverse_pre_order((proto_tree *)current, func, data))
 			return true;
 	}

ui/cli/tap-protohierstat.c

@@ -48,6 +48,7 @@ new_phs_t(phs_t *parent, const char *filter)
 }
 
 void
+// NOLINTNEXTLINE(misc-no-recursion)
 free_phs(phs_t *rs)
 {
 	if (!rs) {
@@ -59,11 +60,13 @@ free_phs(phs_t *rs)
 	}
 	if (rs->sibling)
 	{
+		// We recurse here, but we're limited by our tree depth checks in proto.c
 		free_phs(rs->sibling);
 		rs->sibling = NULL;
 	}
 	if (rs->child)
 	{
+		// We recurse here, but we're limited by our tree depth checks in proto.c
 		free_phs(rs->child);
 		rs->child = NULL;
 	}
@@ -161,6 +164,7 @@ protohierstat_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt, const v
 }
 
 static void
+// NOLINTNEXTLINE(misc-no-recursion)
 phs_draw(phs_t *rs, int indentation)
 {
 	int i, stroff;
@@ -181,6 +185,7 @@ phs_draw(phs_t *rs, int indentation)
 		}
 		snprintf(str+stroff, MAXPHSLINE-stroff, "%s", rs->proto_name);
 		printf("%-40s frames:%u bytes:%" PRIu64 "\n", str, rs->frames, rs->bytes);
+		// We recurse here, but we're limited by our tree depth checks in proto.c
 		phs_draw(rs->child, indentation+1);
 	}
 }

ui/qt/models/atap_data_model.cpp

@@ -228,9 +228,9 @@ void ATapDataModel::updateData(GArray * newData)
     if (_disableTap)
         return;
 
-    beginResetModel();
+    emit layoutAboutToBeChanged();
     storage_ = newData;
-    endResetModel();
+    emit layoutChanged();
 
     if (_type == ATapDataModel::DATAMODEL_CONVERSATION)
         ((ConversationDataModel *)(this))->doDataUpdate();
@@ -241,16 +241,6 @@ bool ATapDataModel::resolveNames() const
     return _resolveNames;
 }
 
-void ATapDataModel::setResolveNames(bool resolve)
-{
-    if (_resolveNames == resolve)
-        return;
-
-    beginResetModel();
-    _resolveNames = resolve;
-    endResetModel();
-}
-
 bool ATapDataModel::allowsNameResolution() const
 {
     if (_protoId < 0)
@@ -277,26 +267,6 @@ bool ATapDataModel::allowsNameResolution() const
     return false;
 }
 
-void ATapDataModel::useAbsoluteTime(bool absolute)
-{
-    if (absolute == _absoluteTime)
-        return;
-
-    beginResetModel();
-    _absoluteTime = absolute;
-    endResetModel();
-}
-
-void ATapDataModel::useNanosecondTimestamps(bool nanoseconds)
-{
-    if (_nanoseconds == nanoseconds)
-        return;
-
-    beginResetModel();
-    _nanoseconds = nanoseconds;
-    endResetModel();
-}
-
 void ATapDataModel::setFilter(QString filter)
 {
     if (_disableTap)
@@ -570,6 +540,35 @@ QVariant EndpointDataModel::data(const QModelIndex &idx, int role) const
     return QVariant();
 }
 
+void EndpointDataModel::setResolveNames(bool resolve)
+{
+    if (_resolveNames == resolve)
+        return;
+
+    _resolveNames = resolve;
+    if (rowCount() > 0) {
+        dataChanged(index(0, ENDP_COLUMN_ADDR), index(rowCount() - 1, ENDP_COLUMN_PORT));
+    }
+}
+
+void EndpointDataModel::useAbsoluteTime(bool absolute)
+{
+    if (absolute == _absoluteTime)
+        return;
+
+    _absoluteTime = absolute;
+    // No columns that depend on absoluteTime
+}
+
+void EndpointDataModel::useNanosecondTimestamps(bool nanoseconds)
+{
+    if (_nanoseconds == nanoseconds)
+        return;
+
+    _nanoseconds = nanoseconds;
+    // No columns that use time precision
+}
+
 ConversationDataModel::ConversationDataModel(int protoId, QString filter, QObject *parent) :
     ATapDataModel(ATapDataModel::DATAMODEL_CONVERSATION, protoId, filter, parent)
 {}
@@ -891,3 +890,38 @@ bool ConversationDataModel::showConversationId(int row) const
         return true;
     return false;
 }
+
+void ConversationDataModel::setResolveNames(bool resolve)
+{
+    if (_resolveNames == resolve)
+        return;
+
+    _resolveNames = resolve;
+    if (rowCount() > 0) {
+        dataChanged(index(0, CONV_COLUMN_SRC_ADDR), index(rowCount() - 1, CONV_COLUMN_DST_PORT));
+    }
+}
+
+void ConversationDataModel::useAbsoluteTime(bool absolute)
+{
+    if (absolute == _absoluteTime)
+        return;
+
+    _absoluteTime = absolute;
+    headerDataChanged(Qt::Horizontal, CONV_COLUMN_START, CONV_COLUMN_START);
+    if (rowCount() > 0) {
+        dataChanged(index(0, CONV_COLUMN_START), index(rowCount() - 1, CONV_COLUMN_START));
+    }
+}
+
+void ConversationDataModel::useNanosecondTimestamps(bool nanoseconds)
+{
+    if (_nanoseconds == nanoseconds)
+        return;
+
+    _nanoseconds = nanoseconds;
+    if (rowCount() > 0) {
+        dataChanged(index(0, CONV_COLUMN_START), index(rowCount() - 1, CONV_COLUMN_DURATION));
+    }
+}
+