| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Have them just return the information needed for the caller to produce
an error message, and have the callers use the new cfile_ routines for
reporting errors.
This requires that the "write failure alert box" routine take the
*input* file name as an argument, so that, on a merge, if the problem is
that a record from a given input file can't be written out to the type
of output file we're generating, the input file name can be given, along
with the record number in that file.
Change-Id: If5a5e00539e7e652008a523dec92c0b359a48e71
Reviewed-on: https://code.wireshark.org/review/21257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Addresses CID 1398217.
Change-Id: I387c4a9f1df739724b80ccaad173de2d9095b101
Reviewed-on: https://code.wireshark.org/review/21179
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Addresses CIDs 1398222 and 1398221.
Fix the previous fix while we're at it.
Change-Id: I6fe54e6ad115ac05154291b76de316426db72139
Reviewed-on: https://code.wireshark.org/review/21176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That's more consistent.
Handle the "libpcap" names for backwards compatibility.
Change-Id: I819404d69bddd733b7ee38e23d3ddc71110c0faf
Reviewed-on: https://code.wireshark.org/review/21172
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The only place the time stamp precision is used is in the libpcap code,
where it determines whether to write out microsecond-precision or
nanosecond-precision time stamps; we can determine that by looking at
the type/subtype field, which is also part of that structure, so do
that.
We weren't setting it consistently - we were only setting it in libpcap
and a few other capture file writers, and not in other capture file
writers - and none of the writers other than libpcap used it.
Change-Id: If53779cf4823ca936b8bf3e8a7dbcfea5850e652
Reviewed-on: https://code.wireshark.org/review/21171
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The chances that they won't, in this case, are slim to none, as the time
is after the Epoch, but this squelches CID 1398223.
We'll change the master branch to require an err_info string for
WTAP_ERR_INTERNAL and to display it in a future commit.
Change-Id: Ifb51076b25117efc53ba3ad8b434e36c71f7600f
Reviewed-on: https://code.wireshark.org/review/21169
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iec9e4ac2362cf8e88a3cf6ae3483cefe938967e5
Reviewed-on: https://code.wireshark.org/review/20814
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The loop was using bytes_read, but wasn't setting it. Go back to
something similar to the previous loop condition, but don't lose the
error tests.
Fixes Coverity CID 1403388.
Change-Id: I557cbfa6e9ad81491af4fc90e85ce87c71fec8aa
Reviewed-on: https://code.wireshark.org/review/20776
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ic291dbd5930978bbd0adc8b58d09b423de83b65b
Reviewed-on: https://code.wireshark.org/review/20754
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3a391079a28aae7e41d926268f9f60152871bfa5
Reviewed-on: https://code.wireshark.org/review/20753
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I6920b7ab5862db46c56a85198f97dced842f14d5
Reviewed-on: https://code.wireshark.org/review/20723
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Makes Windows vscodeanalysis a little happier.
Change-Id: Ie744e91ab3f2a9744ae21c932ab6ea25467ad2fa
Reviewed-on: https://code.wireshark.org/review/20724
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Changed to use correct option_id when reading IDB.
Change-Id: Id3a3b3cd95f9d7bcf51de001cfe246beb98590ad
Reviewed-on: https://code.wireshark.org/review/20663
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I16a67f2d459cd6ebdbc7bdefd481fd95607af22a
Reviewed-on: https://code.wireshark.org/review/20662
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Also, if we return WTAP_OPEN_ERROR from an open routine after we've set
our close routine, that routine is called, which frees up our private
data structures; don't free them ourselves before returning
WTAP_OPEN_ERROR.
Change-Id: I03eebe1a1677e2161fdacec8de14668093cf03a3
Reviewed-on: https://code.wireshark.org/review/20522
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 13478
Change-Id: I6be2972979ff7cabf27e70d236c581d539d6ddac
Reviewed-on: https://code.wireshark.org/review/20515
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The maximum record length is 255*128 + 127 = 32767; that fits in a
guint32, which is large enough to support the biggest packet we'd ever
support without stretching several size values to 64 bits.
It's not a size of an object in memory, so it doesn't have to be a
size_t, and a size_t could be too large to fit in the record sizes we're
using.
Just cast to guint32.
Change-Id: Ie664fda3ce9945893fd992bbb9a81a5d632a3fcb
Reviewed-on: https://code.wireshark.org/review/20479
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
When vmnames are included in the header of a netscaler packet trace,
number of bytes equal to the size of vmnames is omitted from the packet,
by the dissector.
Bug: 13459
Change-Id: I0f907e9c2e08c1cbebd47f7e50d8284a6aaade59
Reviewed-on: https://code.wireshark.org/review/20446
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It warns that a 32-bit value is being shifted left and then converted to
a 64-bit type; presumably it means "this might overflow and not give you
the result you expect". That's unlikely to be the case here, as few
UN*X file systems have a recommended I/O block size > 2^30, but we might
as well throw in a cast so the convert-to-a-64-bit-type is done first.
Change-Id: Id6ab11d750d5cf4cc03d060d63edc01b66cd179d
Reviewed-on: https://code.wireshark.org/review/20352
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We're now comparing an unsigned with an expression made mostly of
unsigned, so there's no need to cast the expression to long to squelch
signed vs. unsigned warnings.
Change-Id: I3b8c6f6faf26a9c252eb55d9e69fb298a3ad4c3b
Reviewed-on: https://code.wireshark.org/review/20347
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The record size fields are guint8, but NSPR_V20RECORDSIZE_2BYTES was
0x80, which has type int, promoting the result to int. Make it 0x80U,
which means everything is unsigned.
This squelches a compiler warning.
Change-Id: I1c63e485352a90c7f675ab0dacaaeba794235b35
Reviewed-on: https://code.wireshark.org/review/20344
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 13431
Change-Id: I330cb087c6e89277120057019cb5155f005ed269
Reviewed-on: https://code.wireshark.org/review/20337
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Do the check early in the process of processing the record, and do it
for all record types.
Bug: 13429
Change-Id: Id7f4d12415c6740241850d8f873cff52909e7110
Reviewed-on: https://code.wireshark.org/review/20330
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Records in a properly formatted NetScaler file shouldn't go past the end
of a page, but nothing guarantees that a NetScaler file will be properly
formatted.
NetScaler 3.x files allow record bodies to go past the end of a page,
but 1.x and 2.x files don't, so treat record headers that go past the
end of a page, and record bodies in 1.x and 2.x files that go past the
end of a page, as errors.
Clean up some stuff while we're at it.
Bug: 13430
Change-Id: I3b1d56086e3bb14b246406f306e3d730df337561
Reviewed-on: https://code.wireshark.org/review/20326
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
[-Werror=implicit-fallthrough=] found by gcc7
Change-Id: I8c339e7484d410460d499dd2923641630b482ebe
Reviewed-on: https://code.wireshark.org/review/20303
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
If plugin_list was NULL, plugin_types didn't get cleaned.
Add test and set of open_info_arr.
Change-Id: I7669e3ba86039fb2b26ff2da64f51896053c5e68
Reviewed-on: https://code.wireshark.org/review/20195
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
extension [-Wc++11-extensions]
Change-Id: Ie7f67510ea948fb72b57fe08d9f95d135c5855a5
Reviewed-on: https://code.wireshark.org/review/20194
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I76ea675625ef2812f51bad0c37f6c58060897f55
Reviewed-on: https://code.wireshark.org/review/20172
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id88fe84189b8baa597eaa69159395cdc4bc56195
Reviewed-on: https://code.wireshark.org/review/19951
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib25ab0ba5b9d613d55fc54c0f3ef84cb7698754f
Reviewed-on: https://code.wireshark.org/review/20136
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The packet length field gives the length of the *entire* packet, so, by
definition, it must not be zero. Make sure it's at least big enough for
the packet header itself plus one segment header.
Bug: 13416
Change-Id: I625bd5c0ce75ab1200b3becf12fc1c819fefcd63
Reviewed-on: https://code.wireshark.org/review/20133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's a non-null pointer to a character string with the value "NULL".
You want just NULL, with no quotes.
Change-Id: I51bfb73a3002f46f13a8f513d07b1ddc009a14cb
Reviewed-on: https://code.wireshark.org/review/20123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I475e2bc54af470e380e23e5dd98198885e189d6f
Reviewed-on: https://code.wireshark.org/review/20106
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
The cleanup routine has been added to exit section of the applications.
Those which required a exit restyle have been patched as well.
Change-Id: I3a8787f0718ac7fef00dc58176869c7510fda7b1
Reviewed-on: https://code.wireshark.org/review/19949
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Change-Id: I46be1220c8e789e1006cfbf7cff60e9556ff2caf
Reviewed-on: https://code.wireshark.org/review/19685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
V6.0 only has one space after "ETHERWATCH", not two so heuristics fail.
"ETHERWATCH " (one space) still seems like enough of a distinction.
Bug: 13093
Change-Id: Ib8786f6e2f5f595a4cab710b91cf78d175a6ab88
Reviewed-on: https://code.wireshark.org/review/19673
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
The current mechanism that reads the first 20 blocks looking for a headerd
oesn't work in all cases. I was given sample files that consist of
data blocks only and have no header.
Use a new approach to detect a .camins file by searching for pairs of
size high + size low blocks, either read or write. Go through the
entire file. If we have significantly more pairs than single, non-matching
blocks, this is a camins file.
Change-Id: Ic91e7db7149b105e26896d1a89cad4a2a73d0f13
Reviewed-on: https://code.wireshark.org/review/19603
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Bug: 13246
Change-Id: I9df35596aa8dcb937f6a03cf60b5d0fbe9dce1ec
Reviewed-on: https://code.wireshark.org/review/19276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Check the length of the line first.
Bug: 13246
Change-Id: I906bb652594898061afb4b2cd4edb916af354161
Reviewed-on: https://code.wireshark.org/review/19273
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have programs that use libwiretap call that routine rather than
separately calling some or all of init_open_routines(),
wtap_register_plugin_types(), and wtap_opttypes_initialize().
Also don't have routines internal to libwiretap call those. Yes, this
means doing some initialization work when it isn't necessary, but
scattering on-demand calls throughout the code is a great way to forget
to make those calls.
Change-Id: I5828e1c5591c9d94fbb3eb0a0e54591e8fc61710
Reviewed-on: https://code.wireshark.org/review/19069
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is similar to what we have for opening a dump file - one API that
uses the file name as specified, one that creates a temporary file and
provides the file name, and one that uses the standard output.
All of those APIs handle closing the output file.
Change-Id: I56beea7be347402773460b9148ab31a8f8bc51e1
Reviewed-on: https://code.wireshark.org/review/19059
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3924c2b4a525c0ae5ab57b7f9867296586d78509
Reviewed-on: https://code.wireshark.org/review/19061
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iae29db90273191c10455e172bdd2aac00b12143c
Reviewed-on: https://code.wireshark.org/review/19058
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I0db268b0f7010d23c938ae56674cc5cd6c0bd998
Reviewed-on: https://code.wireshark.org/review/19057
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That way, we can close the resulting wtap_dumper the same way we close
any other wtap_dumper, including closing the FD, rather than trying to
do everything *except* closing the FD (which is tricky for a FILE *).
Change-Id: I8cb66e32784d73e598b2e8720a12f9bdab1c6205
Reviewed-on: https://code.wireshark.org/review/19054
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That way, if we #define anything for large file support, that's done
before we include any system header files that either depend on that
definition or that define it themselves if it's not already defined.
Change-Id: I9b07344151103be337899dead44d6960715d6813
Reviewed-on: https://code.wireshark.org/review/19035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
packet-erf: Fix Host ID/Source ID showing for all extension header types.
Only show generated Host ID/Source ID when there is a Host ID extension header
or there was not one on the record.
Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely)
and that it matches the one in the Host ID header. This is consistent with other tools.
Does support multiple Host ID extension headers though.
Fix dag_version tag short name. Was clashing with another tag due to typo.
ERF wiretap: Don't conflate Host ID 0 with implicit Host ID.
While the implicit Host ID defaults to 0, it is not the same thing as seeing
a packet with Host ID explicitly 0 in the extension header which means
explicitly unknown source.
Store the initial (unknown) implicit Host ID interface mapping in it's own
special mapping table entry rather than 0.
Noticed we can currently get duplicate interfaces in the unusual event of mixed
implicit and explicit Host ID packet extension headers for the same ID before
we discover that mapping.
Consistently abandon the implicit version for consistency with the dissector
linking behaviour and mark the interface as unmatched in the description. In
2 pass mode (including normal Wireshark file open) the abandoned interface ends
up with no packets. In the common cases (all Host ID or no Host ID on packet
records) this duplicate interface will not be created in the first place.
Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/18704
Reviewed-by: Stephen Donnelly
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13060
Change-Id: Ib3dd019f73305e4006b312d324502e4a138c6a16
Reviewed-on: https://code.wireshark.org/review/18514
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
And some comments in the case where we're converting the result of
time() - if your machine's idea of time predates January 1, 1970,
00:00:00 UTC, it'll crash on Windows, but that's not a case where a
*file* can cause the problem due either to a bad file time stamp or bad
time stamps in the file.
Change-Id: I837a438e4b875dd8c4f3ec2137df7a16ee4e9498
Reviewed-on: https://code.wireshark.org/review/18369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
