diff options
author | Anthony Coddington <anthony.coddington@endace.com> | 2017-06-01 20:34:25 +1200 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2017-07-17 02:08:52 +0000 |
commit | f3181f706b39955a4f4bc26f1d6d75166a67c235 (patch) | |
tree | 4d1d9d5ab2a17a05219211537ba15693d46cd9b4 /file.c | |
parent | 32ec45dc92a699e34e23197d2de48a043dfad426 (diff) |
ERF_TYPE_META write and comment support
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'file.c')
-rw-r--r-- | file.c | 33 |
1 files changed, 27 insertions, 6 deletions
@@ -4071,6 +4071,7 @@ save_record(capture_file *cf, frame_data *fdata, /* options */ hdr.pack_flags = phdr->pack_flags; hdr.opt_comment = g_strdup(pkt_comment); + hdr.has_comment_changed = fdata->flags.has_user_comment ? TRUE : FALSE; /* pseudo */ hdr.pseudo_header = phdr->pseudo_header; @@ -4376,6 +4377,7 @@ cf_save_records(capture_file *cf, const char *fname, guint save_format, SAVE_WITH_WTAP } how_to_save; save_callback_args_t callback_args; + gboolean needs_reload = FALSE; cf_callback_invoke(cf_cb_file_save_started, (gpointer)fname); @@ -4533,6 +4535,8 @@ cf_save_records(capture_file *cf, const char *fname, guint save_format, goto fail; } + needs_reload = wtap_dump_get_needs_reload(pdh); + if (!wtap_dump_close(pdh, &err)) { cfile_close_failure_alert_box(fname, err); goto fail; @@ -4629,12 +4633,29 @@ cf_save_records(capture_file *cf, const char *fname, guint save_format, /* rescan_file will cause us to try all open_routines, so reset cfile's open_type */ cf->open_type = WTAP_TYPE_AUTO; - if (rescan_file(cf, fname, FALSE) != CF_READ_OK) { - /* The rescan failed; just close the file. Either - a dialog was popped up for the failure, so the - user knows what happened, or they stopped the - rescan, in which case they know what happened. */ - cf_close(cf); + /* There are cases when SAVE_WITH_WTAP can result in new packets + being written to the file, e.g ERF records + In that case, we need to reload the whole file */ + if(needs_reload) { + if (cf_open(cf, fname, WTAP_TYPE_AUTO, FALSE, &err) == CF_OK) { + if (cf_read(cf, TRUE) != CF_READ_OK) { + /* The rescan failed; just close the file. Either + a dialog was popped up for the failure, so the + user knows what happened, or they stopped the + rescan, in which case they know what happened. */ + /* XXX: This is inconsistent with normal open/reload behaviour. */ + cf_close(cf); + } + } + } + else { + if (rescan_file(cf, fname, FALSE) != CF_READ_OK) { + /* The rescan failed; just close the file. Either + a dialog was popped up for the failure, so the + user knows what happened, or they stopped the + rescan, in which case they know what happened. */ + cf_close(cf); + } } break; } |