| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Use g_get_real_time() to get real time because GTimeVal and g_get_current_time()
was deprecated in glib 2.62.
Change-Id: I78fee34e2f5b634c91c6420b01915cfc070f38a4
Reviewed-on: https://code.wireshark.org/review/34468
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fall back on the Wayback Machine for some links.
Change-Id: I6a44a2caaeb4fa521c2f08196e7c36069e3bb842
Reviewed-on: https://code.wireshark.org/review/34103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That's what they are, and that's how other code in erf_open() treats
them; just use assignment to initialize prevts and to set prevts to ts.
Maybe this will keep the Clang static analyzer from calling prevts a
garbage value when compared with ts.
Change-Id: I2ee2376ced5c3efa6beab34276009a3177c94416
Reviewed-on: https://code.wireshark.org/review/32455
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The memory ownership of wtap_rec::opt_comment was not clear. Users of
wtap were leaking memory (editcap.c). wtap readers were not sure about
freeing old comments (erf) or simply ignored memleaks (pcapng).
To fix this, ensure opt_comment is owned by wtap_rec and free it with
wtap_rec_cleanup. The erf issue was already addressed since
cf_get_packet_comment properly duplicates wth.opt_comment memory.
- wtap file formats (readers):
- Should allocate memory for new comments.
- Should free a comment from an earlier read before writing a new one.
- Users of wth:
- Can only assume that opt_comment remains valid until the next read.
- Can assume that wtap_dump does not modify the comment.
- For random access (wtap_seek_read): should call wtap_rec_cleanup
to free the comment.
The test_tshark_z_expert_comment and test_text2pcap_sip_pcapng tests now
pass when built with ASAN.
This change was created by carefully looking at all users opt
"opt_comment" and cf_get_packet_comment. Thanks to Vasil Velichkov for
an initial patch which helped validating this version.
Bug: 7515
Change-Id: If3152d1391e7e0d9860f04f3bc2ec41a1f6cc54b
Reviewed-on: https://code.wireshark.org/review/31713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Allow forward timestamp deltas up to 1 year, up from 7 days.
Surprisingly this was overly restrictive in some real cases.
Change-Id: I8a4bd1ca791b978aa5d2be40f7f8dd8e23db8837
Reviewed-on: https://code.wireshark.org/review/28882
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
erf.c:2562:9: error: this statement may fall through [-Werror=implicit-fallthrough=]
Change-Id: Ib516a689e078a9e1eea96d692ffbbaab398f2bcb
Reviewed-on: https://code.wireshark.org/review/27271
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ia1650bc02511f7bd47fb90be91b623177f05bcbd
Reviewed-on: https://code.wireshark.org/review/26337
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Oh, and change something up with which we have no evidence whether
Winston Churchill would put or not:
http://itre.cis.upenn.edu/~myl/languagelog/archives/001715.html
http://itre.cis.upenn.edu/~myl/languagelog/archives/001702.html
Change-Id: I7a76d564bdd481de2a56d32aa44c9dfe98a270f6
Reviewed-on: https://code.wireshark.org/review/25836
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Was copying 8 byte extension header instead of 2 byte ethernet padding subheader.
Introduced recently by I8ede5c733867ccc98ab2d470181d1e4a29ae5b49.
Change-Id: I95a8604ed6204dff33f1794601342e090f6b7eb3
Reviewed-on: https://code.wireshark.org/review/25410
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This check has been alreay done in line 433: since then packet_size
is only decreased, then the check is redudant.
Change-Id: I8ede5c733867ccc98ab2d470181d1e4a29ae5b49
Reviewed-on: https://code.wireshark.org/review/25023
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Undo most of the changes, but turn the return at the end of the default
case into a break.
Change-Id: I022b62a85254ff188f19fd3d7c3fe40b0789b3d2
Reviewed-on: https://code.wireshark.org/review/22695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit 74a2ae4abac3be78d140d9671fa79977de449ed1.
No, that's just Coverity not understanding macros *again*, and thinking a particular expanded instance of a macro is the result of some human being silly rather than of the arguments being such that some computations can be elided at compile time.
Change-Id: I40f2ad8bf018b0df02d90ed0e272505be68dae7e
Reviewed-on: https://code.wireshark.org/review/22693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CIDs 1415436.
Change-Id: I21ada7a308d888b4cbb8557197a2e30bda118f44
Reviewed-on: https://code.wireshark.org/review/22691
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Convert it to a 4-byte value and byte-swap *that*.
Fixes CID 1415438.
Change-Id: I5cf0b5905f5dd2086c5d8ed6b13b1921bdb69a84
Reviewed-on: https://code.wireshark.org/review/22689
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CID 1415439.
Change-Id: Id2609c0828561c560820f9cb5e6b5a0ae614aead
Reviewed-on: https://code.wireshark.org/review/22686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The array of headers has MAX_ERF_EHDR entries, and the additional
entries are appended after the first entry, so that leaves room for at
most MAX_ERF_EHDR - 1.
Fixes CID 1415440.
Change-Id: Iaa2c3577bbff429bcc1301e4cfdf1961f067be93
Reviewed-on: https://code.wireshark.org/review/22684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
A packet time stamp is an nstime_t, and the seconds part of an nstime_t
is a time_t.
Change-Id: Id2452ceb2f33f43e4a040436d7b3ea1a5c4a0be3
Reviewed-on: https://code.wireshark.org/review/22673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Either 1) it can be determined from the libwiretap encapsulation type,
in which case it's redundant information or 2) there *is* no pcap/pcapng
link-layer header type for that encapsulation type, in which case you
need to check for the attempt to determine it failing and handle that
failure appropriately.
Change-Id: Ie9557b513365c1fc8c6df74b9c8239e29aad46bc
Reviewed-on: https://code.wireshark.org/review/21924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The only place the time stamp precision is used is in the libpcap code,
where it determines whether to write out microsecond-precision or
nanosecond-precision time stamps; we can determine that by looking at
the type/subtype field, which is also part of that structure, so do
that.
We weren't setting it consistently - we were only setting it in libpcap
and a few other capture file writers, and not in other capture file
writers - and none of the writers other than libpcap used it.
Change-Id: If53779cf4823ca936b8bf3e8a7dbcfea5850e652
Reviewed-on: https://code.wireshark.org/review/21171
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
packet-erf: Fix Host ID/Source ID showing for all extension header types.
Only show generated Host ID/Source ID when there is a Host ID extension header
or there was not one on the record.
Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely)
and that it matches the one in the Host ID header. This is consistent with other tools.
Does support multiple Host ID extension headers though.
Fix dag_version tag short name. Was clashing with another tag due to typo.
ERF wiretap: Don't conflate Host ID 0 with implicit Host ID.
While the implicit Host ID defaults to 0, it is not the same thing as seeing
a packet with Host ID explicitly 0 in the extension header which means
explicitly unknown source.
Store the initial (unknown) implicit Host ID interface mapping in it's own
special mapping table entry rather than 0.
Noticed we can currently get duplicate interfaces in the unusual event of mixed
implicit and explicit Host ID packet extension headers for the same ID before
we discover that mapping.
Consistently abandon the implicit version for consistency with the dissector
linking behaviour and mark the interface as unmatched in the description. In
2 pass mode (including normal Wireshark file open) the abandoned interface ends
up with no packets. In the common cases (all Host ID or no Host ID on packet
records) this duplicate interface will not be created in the first place.
Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/18704
Reviewed-by: Stephen Donnelly
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Allow file_read() to take a null pointer as a buffer argument; a null
argument means "do everything except copy the bytes from the file to the
user buffer". That means that wtap_read_bytes() and
wtap_read_bytes_or_eof() also support a null pointer as a buffer
argument.
Use wtap_read_bytes() with a null buffer argument rather than
file_skip() to skip forward over data.
This fixes some places where files were mis-identified as ERF files, as
the ERF open heuristics now get a short "read" error if they try to skip
over more bytes than exist in the file.
Change-Id: I4f73499d877c1f582e2bcf9b045034880cb09622
Reviewed-on: https://code.wireshark.org/review/17974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I1d94deb547bd30076e0c171bf9e6b97aac98a545
Reviewed-on: https://code.wireshark.org/review/17556
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6028253f7c8c30804eaa4b23d2b09827aacb3c9d
Reviewed-on: https://code.wireshark.org/review/16481
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That way, we don't have to worry about multiple instances of an option
pointing to the same data. and having to worry about freeing data that's
pointed to by another instance.
Change-Id: I3470a9eebf346023713fd0d6ff2451d727c25089
Reviewed-on: https://code.wireshark.org/review/16471
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
A block can have zero or more instances of a given option. We
distinguish between "one instance only" options, where a block can have
zero or one instance, and "multiple instances allowed" options, where a
block can have zero or more instances.
For "one instance only" options:
"add" routines add an instance if there isn't one already
and fail if there is;
"set" routines add an instance if there isn't one already
and change the value of the existing instance if there is one;
"set nth" routines fail;
"get" routines return the value of the instance if there is one
and fail if there isn't;
"get nth" routines fail.
For "multiple instances allowed" options:
"add" routines add an instance;
"set" routines fail;
"set nth" routines set the value of the nth instance if there is
one and fail otherwise;
"get" routines fail;
"get nth" routines get the value if the nth instance if there is
one and fail otherwise.
Rename "optionblock" to just "block"; it describes the contents of a
block, including both mandatory items and options.
Add some support for NRB options, including IPv4 and IPv6 option types.
Change-Id: Iad184f668626c3d1498b2ed00c7f1672e4abf52e
Reviewed-on: https://code.wireshark.org/review/16444
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Dissector has always been able to cope with unknown record types so pass them
through (and call the data dissector from the ERF dissector in this case).
Previously was stopping processing on the first unrecognized record which is
very unhelpful for otherwise valid files that have new types mixed in.
Remove ERF type check altogether from open heuristic as ERF type could be past
48 in future and with more extension headers bit any byte value could be valid.
Also allow setting ERF_RECORDS_TO_CHECK to 0 to force skipping the heuristic.
Change-Id: I8331eef30ba2e949564f418b3100bd73b8f58116
Reviewed-on: https://code.wireshark.org/review/15361
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Done for performance improvements.
This could probably be done in checkAPIs.pl, but this was just
a quick manual check with grepping.
Change-Id: I91ff102cb528bb00fa2f65489de53890e7e46f2d
Reviewed-on: https://code.wireshark.org/review/15751
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
This doesn't try to use any data from multiple Section Header blocks, it
just converts single Section Header block usage into a GArray, so the
potential is there to then use/support multiple Section Header blocks
within a file format (like pcapng)
Change-Id: I6ad1f7b8daf4b1ad7ba0eb1ecf2e170421505486
Reviewed-on: https://code.wireshark.org/review/15636
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Also add a length parameter to wtap_optionblock_set_option_string
Change-Id: I8c7bbc48aa96b5c2a91ab9a17980928d6894f1ee
Reviewed-on: https://code.wireshark.org/review/15505
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault.
Fix final tag of exactly 4 bytes not being dissected.
Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour).
Add dissector expertinfo for truncated tags. Dissect type and length on error.
Bug: 12352
Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94
Reviewed-on: https://code.wireshark.org/review/15357
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Added dissectors for OPA Fabric Executive (FE) Header, OPA Snoop and
Capture (SnC) MetaData Header, OPA 9B Packets, and OPA MAD Packets.
Bug: 12114
Change-Id: I6acd3c9e266e4b638167abbdd275ec7c1d472b4f
Reviewed-on: https://code.wireshark.org/review/13473
Reviewed-by: Adam Goldman <adam.goldman@intel.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
change to supported functions.
Change-Id: Ic088b835d05dce4a1b9b7a102cab89be44da46d6
Reviewed-on: https://code.wireshark.org/review/14819
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When the state pointer is NULL it's defensively coded against by a
NULL pointer check. Variable initialization before should then not
dereference that pointer.
Change-Id: I0ed09e2f22be5651324f43fc3fd339d2f95684c0
Reviewed-on: https://code.wireshark.org/review/14776
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.
The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.
ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.
Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.
ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.
Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.
Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.
Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.
Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I78fd79ebf915e9066f9e2548dcceb3c9e6440551
Reviewed-on: https://code.wireshark.org/review/13255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Stuff in an ERF file is big-endian, except for timestamps, so we want to
convert from big-endian to host format. (The two functions do the same
thing; this just makes it clearer what we're doing.)
Change-Id: I28e27857dcf299085e8a55747ffd45ad8313789b
Reviewed-on: https://code.wireshark.org/review/13248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add the TYPE_COLOR_HASH_POS and TYPE_COLOR_HASH_ETH types, note that
type 26 has no #define, mention that types 28 through 31 are reserved
for future record types.
Change-Id: Ic828254599599c6bd7399d4682f9a3d4bff1f0f7
Reviewed-on: https://code.wireshark.org/review/12728
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Update erf_open heuristic to not break when ERF_TYPE_META records are present.
Remove check for maximum non-pad ERF type and add defines for reserved types.
No dissection in this commit beyond record type name, this will come later.
Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85
Reviewed-on: https://code.wireshark.org/review/12708
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I10d3057801673bc1c8ea78f144215869cc4b1851
Reviewed-on: https://code.wireshark.org/review/6217
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: Ic5a5acb0f36d3aa144edbfb1ae71097b18426db4
Reviewed-on: https://code.wireshark.org/review/6216
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
