| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: I4f707bc714b2643d0f6c568f3367e712ee635d8e
Reviewed-on: https://code.wireshark.org/review/4612
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Fetch the count of records from one of the locations where it appears to
be, and, currently, require that it be equal to the count at the other
location where it appears to be; if they ever differ, we'll need the
file in order to reverse-engineer some more.
Fix the way we *write* .rf5 files - it turns out that we were
1) not writing the full file size;
2) not writing the packet count in the right location.
Detect files written by the old code, and get the packet count from the
right location for those files.
Change-Id: I7ce83afbc9dbbd300c81c96ef8f7785a0aeefa7a
Reviewed-on: https://code.wireshark.org/review/4608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
For open_info, use names based on the names in other lists.
Also, in comments, indicate what the three count 'em three tables are
used for, and clean up the type/subtype table.
Change-Id: I7a763119e790d5970f87dff05284f465eebfb7e7
Reviewed-on: https://code.wireshark.org/review/4599
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Version 3's time stamps are all absolute, so we can directly use the
value in the file; we don't need to keep track of the time in the
private data structure, and some compilers issue warnings due to setting
it and then not using the value to which we set it.
Change some names and indentation to match other file versions while
we're at it.
Change-Id: I97698d933b87a8ad58d9e88ceedd75004797df69
Reviewed-on: https://code.wireshark.org/review/4596
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It returns the length of the string it read, so only treat 0 and -1 as
errors. (0 either means "EOF" or "string is zero length", but this is
only in the code that reads numbers, and a number needs at least 1
digit, so both EOF and "zero-length string" mean "this isn't a valid
Peek tagged file".)
Change-Id: Ib83eb2f1e53d912a2138be01480e2b464cf936db
Reviewed-on: https://code.wireshark.org/review/4591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5df4d794602f7e53c2f4f496597f8eaf7c7b6eaa
Reviewed-on: https://code.wireshark.org/review/4588
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I0847846d50d6979f0f50a00438a834c7c7c2acc0
Reviewed-on: https://code.wireshark.org/review/4586
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
They happen to be, at least now, but that's not valid in C++, and it's
probably unwise in any case.
Change-Id: Ifd49920cfaa376e5e7788329ee83db3956a7cdff
Reviewed-on: https://code.wireshark.org/review/4585
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Sadly, the GTK+ folks decided not to use size_t for the size argument,
so it doesn't do the right thing on LLP64 platforms such as Windows.
Change-Id: I2aa9096215c488b48f1cf68d2a285a48abb6f07f
Reviewed-on: https://code.wireshark.org/review/4584
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ifa38dfec31ec5b03f00d6e077902184a9ae2ee0e
Reviewed-on: https://code.wireshark.org/review/4583
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Clean up some things we ran across while making those changes.
Change-Id: Ic0d8943d36e6e120d7af0a6148fad98015d1e83e
Reviewed-on: https://code.wireshark.org/review/4581
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I93dbd14f81492764bf5854ee40eebcd1e04f3e01
Reviewed-on: https://code.wireshark.org/review/4570
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Distringuish "the compression data has a problem" from "the capture file
(not compressed, or after decompression) data has a problem", with
WTAP_ERR_DECOMPRESS used for the former (whether it's the gzipping
decoded by our gunzip code or the Sniffer compression) and
WTAP_ERR_BAD_FILE used for the latter.
Change-Id: I8e6bff7edb480deba00c52a9e5afff607492e085
Reviewed-on: https://code.wireshark.org/review/4568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I98ae9ec50e079d48b6247bb208528b7c5ad16027
Reviewed-on: https://code.wireshark.org/review/4564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Get rid of WTAP_ERR_UNC_TRUNCATED and WTAP_ERR_UNC_BAD_OFFSET, and lump
them under WTAP_ERR_BAD_FILE, with an error string; they're just another
form of "this file isn't a valid file of the type in question".
Change-Id: I0e9ac7c2ee66c8d789234a301c1dc2173aef1312
Reviewed-on: https://code.wireshark.org/review/4562
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I033c60cdc5b78f4db31903277c659661e0dc5123
Reviewed-on: https://code.wireshark.org/review/4561
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Ibbcf3496ebfb20c53b953db84b2ddb69083dcb86
Reviewed-on: https://code.wireshark.org/review/4556
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iffc762ba60ac523148310ea2a432d4953bc64a94
Reviewed-on: https://code.wireshark.org/review/4541
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Unlike the standard I/O routines, the code we introduced that supports
fast random seeking on gzipped files will always supply some specific
error code for read errors, so we don't need WTAP_ERR_CANT_READ.
Add WTAP_ERR_CANT_WRITE for writing, as we're still using the standard
I/O routines for that. Set errno to WTAP_ERR_CANT_WRITE before calling
fwrite() in wtap_dump_file_write(), so that it's used if fwrite() fails
without setting errno.
Change-Id: I6bf066a6838284a532737aa65fd0c9bb3639ad63
Reviewed-on: https://code.wireshark.org/review/4540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I7b5e82c3a2fc4b4c16bf466508546558c584c150
Reviewed-on: https://code.wireshark.org/review/4539
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ic4272a5637463fdb4d23f80d81341a0e6ea33de3
Reviewed-on: https://code.wireshark.org/review/4538
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I40282d8825936d24480c9b77e2e7d9374b1de6b5
Reviewed-on: https://code.wireshark.org/review/4534
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I9a8bd2c7ce97993c1b72caf63254d024950f8b94
Reviewed-on: https://code.wireshark.org/review/4520
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I73f2406483c13c7917faed46db6fc1f5e2bc8fcd
Reviewed-on: https://code.wireshark.org/review/4517
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5d3d518eee2d61dd896b44c2a61d66057f3c2f7f
Reviewed-on: https://code.wireshark.org/review/4516
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I92f983b2e04defab30eb31c14c484b9f0f582413
Reviewed-on: https://code.wireshark.org/review/4513
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Instead of reading the 16-byte blob and record length at the same time,
just read the 16-byte blob, and then fall through to the record-length
reading code.
Change-Id: Ib2819a2d654e2670233821882bac79d7cd656b12
Reviewed-on: https://code.wireshark.org/review/4480
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I875888753859488ed810cedb5656bd870bee7122
Reviewed-on: https://code.wireshark.org/review/4471
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I2cd8973bdce171053664cf4ed06a37bdd9b30353
Reviewed-on: https://code.wireshark.org/review/4470
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
For code that's used in more than one place, use macros. This combines
a bunch of checks into the output macros.
Change-Id: Ic32dce75e1c531fd28bfed180856e230277bfe58
Reviewed-on: https://code.wireshark.org/review/4451
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The dump of the address info list must be differed to the end of the processing so as to know which host name was actually used in the capture
Bug: 10507
Change-Id: I44dbfae918d4ae92f9740c309804c7ff21bb4e1b
Reviewed-on: https://code.wireshark.org/review/4327
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I790d99cefdd58f01ec4a792d66144634862e7427
Reviewed-on: https://code.wireshark.org/review/4331
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
warning: cast from 'const guint8 *' (aka 'const unsigned char *') to
'const guint16 *' (aka 'const unsigned short *') increases required
alignment from 1 to 2 [-Wcast-align]
warning: cast from 'const guint8 *' (aka 'const unsigned char *') to
'const struct logger_entry *' increases required alignment
from 1 to 4 [-Wcast-align]
Change-Id: I1ef8bfedb31c3f633166405689d8d788d45365db
Reviewed-on: https://code.wireshark.org/review/4236
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
It was being checked against the wrong value, so some invalid records
passed the check.
Also, change one comparison (rec_size is in the range [0, 65535], even
though it's in an int, so we can safely cast it to guint) and fix the
metadata length value when reading Ethernet packets.
Bug: 10495
Change-Id: I2ce5c93fe50d836ec0accfcdef31654ba6b5b7c7
Reviewed-on: https://code.wireshark.org/review/4278
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's called both from the read and seek-read routines, so it shouldn't
always read from the sequential handle.
Change-Id: I8cb33b9f5b7219f335b0aeeef29c479916276f89
Reviewed-on: https://code.wireshark.org/review/4276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Make sure to zero the *entire* thing, and only access it as a given type when
that's the type indicated by the (non-union) type field.
Bug: 10498
Change-Id: I3e94a9c5d399d3ee4aedcd49f1aa2d7678ecf7ce
Reviewed-on: https://code.wireshark.org/review/4273
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
On errors *other* than a short read, we were driving on and processing
the non-data that we didn't read.
Change-Id: I6289ddf31ff7896918a030af9d1261bdc194e7d3
Reviewed-on: https://code.wireshark.org/review/4270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Should fix the remaining test suite failures.
Change-Id: I50a6cb1bf57bd6a973d4777349708b75aeb41620
Reviewed-on: https://code.wireshark.org/review/4264
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
We can't use wtap_file_read_expected_bytes() in the _v7 version, as that
version returns an int, not a Boolean; just expand
wtap_file_read_expected_bytes() in the _v56 version, to make it look
similar to the _v7 version.
Change-Id: Id907bac265c123ad5821591c1cf081b5747724d8
Reviewed-on: https://code.wireshark.org/review/4262
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
wtap_file_read_expected_bytes() is a macro that can return a Boolean
FALSE; it should not be used in routines that don't return a Boolean.
In addition, both EOF *and* a short read, in that routine, should be
treated as a "not an IPFIX file" indication.
While we're at it, a seek failure should be treated as an error.
Change-Id: I97815bc9e78169ded567b60835cc7bcf6a0e6f0c
Reviewed-on: https://code.wireshark.org/review/4261
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If86327a02e4fac7d3ed2d02b2a0c95906209dea0
Reviewed-on: https://code.wireshark.org/review/4260
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
I *think* I got all the cases; I got most of them, at any rate, and enough to
shut up valgrind in all the test cases I ran.
Change-Id: I393bac0756f577b65e400b792f6719fa6ec4056a
Reviewed-on: https://code.wireshark.org/review/4244
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I4ba40504d8cc308f7c13b465fcfaa9ff5eeebcf2
Reviewed-on: https://code.wireshark.org/review/4252
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(If somebody wants to convert the entire file to 4-space indentation, go
ahead.)
Change-Id: I1e3829289ac67db79eea2eb16e6a4ba40c449a8d
Reviewed-on: https://code.wireshark.org/review/4250
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Most interesting are:
warning: cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
warning: ISO C forbids zero-size array [-Wpedantic]
warning: ISO C90 doesn't support unnamed structs/unions [-Wpedantic]
warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual
warning: initializer element is not computable at load time [enabled by default]
Change-Id: I5573c6bdca856a304877d9bef643f8c0fa93cdaf
Reviewed-on: https://code.wireshark.org/review/3174
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
|
|
The only place where a short read should be treated as an EOF is if the
read of the block header reads 0 bytes. All other short reads,
including reads of the block header returning at least 1 byte but not
enough for a complete block header, and any reads of the stuff
*following* the block header even if they return 0 bytes, should be
treated as "short read" errors.
If the option length is bigger than the option buffer size, treat that
as a bad file (I'm not sure that can happen, so maybe it should be
treated as an internal error instead).
Use file_skip() rather than file_seek() when skipping forward N bytes.
If it fails, treat that as an error under all circumstances.
When reading the first section header block in the open routine, have
pcap_read_block() return -2 if it doesn't look like an SHB (too short,
wrong block type, bad block length, unknown byte-order magic number), as
that means the file isn't a pcap-ng file and the open should return 0.
Return -1, not 0, for all errors in various block-reading routines.
file_seek() returning 0 is *not* an error. file_seek() returning -1 (or
any other negative number *is* an error; its return value is signed, so
don't assign it to an unsigned variable.
This might fix the test errors for the Lua file format handler tests.
Change-Id: Ifa7d9834c38bf238461c9cc9625a2aa761cb6ff2
Reviewed-on: https://code.wireshark.org/review/4238
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I054f3ec13fd5907c8f1e0546292777a5596fc029
Reviewed-on: https://code.wireshark.org/review/4232
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
pcap_read_block() takes err and err_info arguments, and sets them on
error; no need to call file_error() if pcap_read_block() fails.
Change-Id: I33b96d31395bf7d66abdecbebd5cf775e8662004
Reviewed-on: https://code.wireshark.org/review/4209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
