ERF_TYPE_META write and comment support

Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
author: Anthony Coddington <anthony.coddington@endace.com> 2017-06-01 20:34:25 +1200
committer: Guy Harris <guy@alum.mit.edu> 2017-07-17 02:08:52 +0000
commit: f3181f706b39955a4f4bc26f1d6d75166a67c235 (patch)
tree: 4d1d9d5ab2a17a05219211537ba15693d46cd9b4 /file.c
parent: 32ec45dc92a699e34e23197d2de48a043dfad426 (diff)
1 files changed, 27 insertions, 6 deletions
diff --git a/file.c b/file.c
index a40326b655..628bdef674 100644
--- a/file.c
+++ b/file.c
@@ -4071,6 +4071,7 @@ save_record(capture_file *cf, frame_data *fdata,
   /* options */
   hdr.pack_flags   = phdr->pack_flags;
   hdr.opt_comment  = g_strdup(pkt_comment);
+  hdr.has_comment_changed = fdata->flags.has_user_comment ? TRUE : FALSE;
 
   /* pseudo */
   hdr.pseudo_header = phdr->pseudo_header;
@@ -4376,6 +4377,7 @@ cf_save_records(capture_file *cf, const char *fname, guint save_format,
      SAVE_WITH_WTAP
   }                    how_to_save;
   save_callback_args_t callback_args;
+  gboolean needs_reload = FALSE;
 
   cf_callback_invoke(cf_cb_file_save_started, (gpointer)fname);
 
@@ -4533,6 +4535,8 @@ cf_save_records(capture_file *cf, const char *fname, guint save_format,
       goto fail;
     }
 
+    needs_reload = wtap_dump_get_needs_reload(pdh);
+
     if (!wtap_dump_close(pdh, &err)) {
       cfile_close_failure_alert_box(fname, err);
       goto fail;
@@ -4629,12 +4633,29 @@ cf_save_records(capture_file *cf, const char *fname, guint save_format,
       /* rescan_file will cause us to try all open_routines, so
          reset cfile's open_type */
       cf->open_type = WTAP_TYPE_AUTO;
-      if (rescan_file(cf, fname, FALSE) != CF_READ_OK) {
-        /* The rescan failed; just close the file.  Either
-           a dialog was popped up for the failure, so the
-           user knows what happened, or they stopped the
-           rescan, in which case they know what happened. */
-        cf_close(cf);
+      /* There are cases when SAVE_WITH_WTAP can result in new packets
+         being written to the file, e.g ERF records
+         In that case, we need to reload the whole file */
+      if(needs_reload) {
+        if (cf_open(cf, fname, WTAP_TYPE_AUTO, FALSE, &err) == CF_OK) {
+          if (cf_read(cf, TRUE) != CF_READ_OK) {
+             /* The rescan failed; just close the file.  Either
+               a dialog was popped up for the failure, so the
+               user knows what happened, or they stopped the
+               rescan, in which case they know what happened.  */
+            /* XXX: This is inconsistent with normal open/reload behaviour. */
+            cf_close(cf);
+          }
+        }
+      }
+      else {
+        if (rescan_file(cf, fname, FALSE) != CF_READ_OK) {
+           /* The rescan failed; just close the file.  Either
+             a dialog was popped up for the failure, so the
+             user knows what happened, or they stopped the
+             rescan, in which case they know what happened.  */
+          cf_close(cf);
+        }
       }
       break;
     }
author	Anthony Coddington <anthony.coddington@endace.com>	2017-06-01 20:34:25 +1200
committer	Guy Harris <guy@alum.mit.edu>	2017-07-17 02:08:52 +0000
commit	f3181f706b39955a4f4bc26f1d6d75166a67c235 (patch)
tree	4d1d9d5ab2a17a05219211537ba15693d46cd9b4 /file.c
parent	32ec45dc92a699e34e23197d2de48a043dfad426 (diff)