| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: I78fd79ebf915e9066f9e2548dcceb3c9e6440551
Reviewed-on: https://code.wireshark.org/review/13255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Stuff in an ERF file is big-endian, except for timestamps, so we want to
convert from big-endian to host format. (The two functions do the same
thing; this just makes it clearer what we're doing.)
Change-Id: I28e27857dcf299085e8a55747ffd45ad8313789b
Reviewed-on: https://code.wireshark.org/review/13248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add the TYPE_COLOR_HASH_POS and TYPE_COLOR_HASH_ETH types, note that
type 26 has no #define, mention that types 28 through 31 are reserved
for future record types.
Change-Id: Ic828254599599c6bd7399d4682f9a3d4bff1f0f7
Reviewed-on: https://code.wireshark.org/review/12728
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Update erf_open heuristic to not break when ERF_TYPE_META records are present.
Remove check for maximum non-pad ERF type and add defines for reserved types.
No dissection in this commit beyond record type name, this will come later.
Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85
Reviewed-on: https://code.wireshark.org/review/12708
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I10d3057801673bc1c8ea78f144215869cc4b1851
Reviewed-on: https://code.wireshark.org/review/6217
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: Ic5a5acb0f36d3aa144edbfb1ae71097b18426db4
Reviewed-on: https://code.wireshark.org/review/6216
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
That indicates that it's a problem specific to *writing* capture files;
we've already converted some errors to that style, and added a new one
in that style.
Change-Id: I8268316fd8b1a9e301bf09ae970b4b1fbcb35c9d
Reviewed-on: https://code.wireshark.org/review/5826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
WTAP_ERR_UNSUPPORTED_ENCAP means "I can't *write* that particular
encapsulation type to a file of this format", which mainly means "that
file format simply can't handle packets of that type";
WTAP_ERR_UNSUPPORTED means "this file can't currently be supported by
Wireshark, as there's some feature in the file - such as a file or
per-packet encapsulation type - that we don't (yet) handle".
Change-Id: I53cadf9913d20efb2bccb29f61877b71d53807be
Reviewed-on: https://code.wireshark.org/review/5794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Clean up some things we ran across while making those changes.
Change-Id: Ic0d8943d36e6e120d7af0a6148fad98015d1e83e
Reviewed-on: https://code.wireshark.org/review/4581
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5d3d518eee2d61dd896b44c2a61d66057f3c2f7f
Reviewed-on: https://code.wireshark.org/review/4516
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I92f983b2e04defab30eb31c14c484b9f0f582413
Reviewed-on: https://code.wireshark.org/review/4513
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Otherwise, if you link with both libwiretap and libfiletap, it's
anybody's guess which one you get. That means you're wasting memory
with two copies of its routines if they're identical, and means
surprising behavior if they're not (which showed up when I was debugging
a double-free crash - fixing libwiretap's buffer_free() didn't fix the
problem, because Wireshark happened to be calling libfiletap' unfixed
buffer_free()).
There's nothing *tap-specific about Buffers, anyway, so it really
belongs in wsutil.
Change-Id: I91537e46917e91277981f8f3365a2c0873152870
Reviewed-on: https://code.wireshark.org/review/3066
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit c0c480d08c175eed4524ea9e73ec86298f468cf4.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While investigating an ASAN issue (fixed in
commit dcdd076ab0965c346efe90051678ba790eaf7a02), I got greatly confused
by three different types having the same "interface_data" field name:
* pcapng_t *pn stores an array of interface_data_t objects.
* wtap *wth stores an array of wtapng_if_descr_t objects.
* pcapng_dump_t should store an array of interface_data_t objects.
pcapng_dump_t and friends are unused since
commit c7f1a431d23e17a15777652b1252e139f182b0e6, so drop it.
To fix the confusion, rename the interface_data_t type to
interface_info_t type and use the local variable "iface_info"
everywhere. Rename interface_data of pcapng_t to "interfaces" and
add a comment what this exactly means (interfaces listed in the capture
file).
Drop the number_of_interfaces field for interfaces as the array
length is already available from GArray. Now interface_data is always
initialized for wth (which also gets copied to idb).
s/int/guint/g and replace cast at some places.
There are no regressions for the in-tree test suite.
Change-Id: I2d5985c9f1e43f8230dbb4a73bd1e243c4858170
Reviewed-on: https://code.wireshark.org/review/1656
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This reverts commit 1abeb277f5e6bd27fbaebfecc8184e37ba9d008a.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I7b0fedf0c508404b3f2dea789f50b7b5db4e2eb7
Reviewed-on: https://code.wireshark.org/review/502
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
|
|
wtap_seek_read().
svn path=/trunk/; revision=54570
|
|
svn path=/trunk/; revision=53764
|
|
svn path=/trunk/; revision=53172
|
|
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
|
|
svn path=/trunk/; revision=51382
|
|
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
|
|
ERF wiretap export multiple extension header fix.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8765
svn path=/trunk/; revision=49749
|
|
"ERF record" is very different from, and much simpler than, the case
where it's not; tweak the code to more clearly separate the "we're being
handed ERF records" case from the "we're being handed packets" case.
svn path=/trunk/; revision=46984
|
|
svn path=/trunk/; revision=46980
|
|
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
|
|
svn path=/trunk/; revision=46650
|
|
svn path=/trunk/; revision=45619
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45015
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7266 :
Since we have to 'downconvert' the ERF time stamps to Wireshark's internal
representation anyway, we may as well report the resolution which we convert
to, rather than the original native resolution.
svn path=/trunk/; revision=44800
|
|
svn path=/trunk/; revision=43000
|
|
Add frame.interface_id support for pcap DLT_ERF file format
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7281
svn path=/trunk/; revision=42824
|
|
Add frame.interface_id support for ERF file format
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7266
svn path=/trunk/; revision=42807
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
everyone else...
Also: Do some whitespace and indentation cleanup.
svn path=/trunk/; revision=41281
|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
