2021-11-26 03:31:05 +00:00
|
|
|
/** @file
|
2000-05-19 23:07:04 +00:00
|
|
|
*
|
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
2018-02-07 11:26:45 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2000-05-19 23:07:04 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef __WTAP_INT_H__
|
|
|
|
|
#define __WTAP_INT_H__
|
|
|
|
|
|
|
|
|
|
#include <glib.h>
|
2000-08-25 21:25:43 +00:00
|
|
|
#include <time.h>
|
2000-05-19 23:07:04 +00:00
|
|
|
|
2017-10-26 00:42:15 +00:00
|
|
|
#ifdef _WIN32
|
2002-10-15 05:38:01 +00:00
|
|
|
#include <winsock2.h>
|
|
|
|
|
#endif
|
2008-10-24 00:42:09 +00:00
|
|
|
|
2011-05-09 08:12:26 +00:00
|
|
|
#include <wsutil/file_util.h>
|
|
|
|
|
|
2000-05-19 23:07:04 +00:00
|
|
|
#include "wtap.h"
|
2016-01-26 01:17:21 +00:00
|
|
|
#include "wtap_opttypes.h"
|
2000-05-19 23:07:04 +00:00
|
|
|
|
wiretap: more work on file type/subtypes.
Provide a wiretap routine to get an array of all savable file
type/subtypes, sorted with pcap and pcapng at the top, followed by the
other types, sorted either by the name or the description.
Use that routine to list options for the -F flag for various commands
Rename wtap_get_savable_file_types_subtypes() to
wtap_get_savable_file_types_subtypes_for_file(), to indicate that it
provides an array of all file type/subtypes in which a given file can be
saved. Have it sort all types, other than the default type/subtype and,
if there is one, the "other" type (both of which are put at the top), by
the name or the description.
Don't allow wtap_register_file_type_subtypes() to override any existing
registrations; have them always register a new type. In that routine,
if there are any emply slots in the table, due to an entry being
unregistered, use it rather than allocating a new slot.
Don't allow unregistration of built-in types.
Rename the "dump open table" to the "file type/subtype table", as it has
entries for all types/subtypes, even if we can't write them.
Initialize that table in a routine that pre-allocates the GArray before
filling it with built-in types/subtypes, so it doesn't keep getting
reallocated.
Get rid of wtap_num_file_types_subtypes - it's just a copy of the size
of the GArray.
Don't have wtap_file_type_subtype_description() crash if handed an
file type/subtype that isn't a valid array index - just return NULL, as
we do with wtap_file_type_subtype_name().
In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_
names for the backwards-compatibility names - map those names to the
current names, and then look them up. This reduces the number of
uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values.
Clean up the type of wtap_module_count - it has no need to be a gulong.
Have built-in wiretap file handlers register names to be used for their
file type/subtypes, rather than building the table in init.lua.
Add a new Lua C function get_wtap_filetypes() to construct the
wtap_filetypes table, based on the registered names, and use it in
init.lua.
Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended
only for internal use in init.lua, so they can be made available from
Lua without being documented.
Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use
it, as it can just request arrays of types, and the space of
type/subtype codes can be sparse due to registration in any case, so
code has to be careful using it.
wtap_get_num_file_types_subtypes() is no longer used, so remove it. It
returns the number of elements in the file type/subtype array, which is
not necessarily the name of known file type/subtypes, as there may have
been some deregistered types, and those types do *not* get removed from
the array, they just get cleared so that they're available for future
allocation (we don't want the indices of any registered types to changes
if another type is deregistered, as those indicates are the type/subtype
values, so we can't shrink the array).
Clean up white space and remove some comments that shouldn't have been
added.
2021-02-17 06:24:47 +00:00
|
|
|
void wtap_init_file_type_subtypes(void);
|
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
int wtap_fstat(wtap *wth, ws_statb64 *statb, int *err);
|
|
|
|
|
|
2019-04-05 01:56:27 +00:00
|
|
|
typedef gboolean (*subtype_read_func)(struct wtap*, wtap_rec *,
|
|
|
|
|
Buffer *, int *, char **, gint64 *);
|
2018-02-09 00:19:12 +00:00
|
|
|
typedef gboolean (*subtype_seek_read_func)(struct wtap*, gint64, wtap_rec *,
|
|
|
|
|
Buffer *, int *, char **);
|
2016-01-26 01:17:21 +00:00
|
|
|
|
2012-02-20 20:15:51 +00:00
|
|
|
/**
|
|
|
|
|
* Struct holding data of the currently read file.
|
|
|
|
|
*/
|
2000-05-19 23:07:04 +00:00
|
|
|
struct wtap {
|
2014-05-09 05:18:49 +00:00
|
|
|
FILE_T fh;
|
|
|
|
|
FILE_T random_fh; /**< Secondary FILE_T for random access */
|
2018-01-19 07:06:24 +00:00
|
|
|
gboolean ispipe; /**< TRUE if the file is a pipe */
|
2014-05-09 05:18:49 +00:00
|
|
|
int file_type_subtype;
|
|
|
|
|
guint snapshot_length;
|
2016-05-31 03:42:41 +00:00
|
|
|
GArray *shb_hdrs;
|
2012-04-18 00:51:18 +00:00
|
|
|
GArray *interface_data; /**< An array holding the interface data from pcapng IDB:s or equivalent(?)*/
|
Add a routine to get the next as-yet-unfetched interface description.
In a wtap, keep track of the first interface description not yet fetched
with wtap_get_next_interface_description() and, when
wtap_get_next_interface_description() is called, have it return that
description, as a wtap_block_t for its IDB. If there are no
as-yet-unfetched interface descriptions, return NULL; there may, in the
future, be more interface descriptions for the file, so this should be
called:
* after the file is opened;
* after wtap_read() returns TRUE, indicating that it's returned a
record (and *before* you process the record that wtap_read()
returns, as it might be the interface description for the
interface on which the packet in that record arrived);
* after wtap_read() returns FALSE, indicating an EOF or an error
return (as there might have been interfaces at the end of the
file or before the error point).
At each of those points, the caller should loop until
wtap_get_next_interface_description() returns NULL.
Not used yet (but tested with capinfos, which found a reason why you
have to wait until the end of the file before processing the interface
information - there's now a comment in the code giving that reason).
This will probably be used in the future.
2020-10-21 09:51:25 +00:00
|
|
|
guint next_interface_data; /**< Next interface data that wtap_get_next_interface_description() will show */
|
2016-06-01 14:11:46 +00:00
|
|
|
GArray *nrb_hdrs; /**< holds the Name Res Block's comment/custom_opts, or NULL */
|
2018-11-17 12:56:12 +00:00
|
|
|
GArray *dsbs; /**< An array of DSBs (of type wtap_block_t), or NULL if not supported. */
|
2012-04-18 00:51:18 +00:00
|
|
|
|
2021-02-20 08:13:37 +00:00
|
|
|
char *pathname; /**< File pathname; might just be "-" */
|
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
void *priv; /* this one holds per-file state and is free'd automatically by wtap_close() */
|
|
|
|
|
void *wslua_data; /* this one holds wslua state info and is not free'd */
|
|
|
|
|
|
|
|
|
|
subtype_read_func subtype_read;
|
|
|
|
|
subtype_seek_read_func subtype_seek_read;
|
|
|
|
|
void (*subtype_sequential_close)(struct wtap*);
|
|
|
|
|
void (*subtype_close)(struct wtap*);
|
|
|
|
|
int file_encap; /* per-file, for those
|
|
|
|
|
* file formats that have
|
|
|
|
|
* per-file encapsulation
|
2014-09-28 18:37:06 +00:00
|
|
|
* types rather than per-packet
|
|
|
|
|
* encapsulation types
|
2014-05-09 05:18:49 +00:00
|
|
|
*/
|
2014-09-28 18:37:06 +00:00
|
|
|
int file_tsprec; /* per-file timestamp precision
|
|
|
|
|
* of the fractional part of
|
|
|
|
|
* the time stamp, for those
|
|
|
|
|
* file formats that have
|
|
|
|
|
* per-file timestamp
|
|
|
|
|
* precision rather than
|
|
|
|
|
* per-packet timestamp
|
|
|
|
|
* precision
|
|
|
|
|
* e.g. WTAP_TSPREC_USEC
|
2014-05-09 05:18:49 +00:00
|
|
|
*/
|
2012-04-18 00:51:18 +00:00
|
|
|
wtap_new_ipv4_callback_t add_new_ipv4;
|
|
|
|
|
wtap_new_ipv6_callback_t add_new_ipv6;
|
2018-11-18 17:11:42 +00:00
|
|
|
wtap_new_secrets_callback_t add_new_secrets;
|
2014-05-09 05:18:49 +00:00
|
|
|
GPtrArray *fast_seek;
|
2000-05-19 23:07:04 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct wtap_dumper;
|
|
|
|
|
|
2011-04-08 17:42:20 +00:00
|
|
|
/*
|
|
|
|
|
* This could either be a FILE * or a gzFile.
|
|
|
|
|
*/
|
|
|
|
|
typedef void *WFILE_T;
|
|
|
|
|
|
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
2020-10-22 08:10:57 +00:00
|
|
|
typedef gboolean (*subtype_add_idb_func)(struct wtap_dumper*, wtap_block_t,
|
|
|
|
|
int *, gchar **);
|
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
typedef gboolean (*subtype_write_func)(struct wtap_dumper*,
|
2018-02-09 00:19:12 +00:00
|
|
|
const wtap_rec *rec,
|
2014-12-18 00:02:50 +00:00
|
|
|
const guint8*, int*, gchar**);
|
2020-10-14 01:48:46 +00:00
|
|
|
typedef gboolean (*subtype_finish_func)(struct wtap_dumper*, int*, gchar**);
|
2000-05-19 23:07:04 +00:00
|
|
|
|
|
|
|
|
struct wtap_dumper {
|
2014-05-09 05:18:49 +00:00
|
|
|
WFILE_T fh;
|
|
|
|
|
int file_type_subtype;
|
|
|
|
|
int snaplen;
|
|
|
|
|
int encap;
|
2018-11-16 04:06:36 +00:00
|
|
|
wtap_compression_type compression_type;
|
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
2020-10-22 08:10:57 +00:00
|
|
|
gboolean needs_reload; /* TRUE if the file requires re-loading after saving with wtap */
|
2014-05-09 05:18:49 +00:00
|
|
|
gint64 bytes_dumped;
|
|
|
|
|
|
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
2020-10-22 08:10:57 +00:00
|
|
|
void *priv; /* this one holds per-file state and is free'd automatically by wtap_dump_close() */
|
|
|
|
|
void *wslua_data; /* this one holds wslua state info and is not free'd */
|
2014-05-09 05:18:49 +00:00
|
|
|
|
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
2020-10-22 08:10:57 +00:00
|
|
|
subtype_add_idb_func subtype_add_idb; /* add an IDB, writing it as necessary */
|
|
|
|
|
subtype_write_func subtype_write; /* write out a record */
|
|
|
|
|
subtype_finish_func subtype_finish; /* write out information to finish writing file */
|
2014-05-09 05:18:49 +00:00
|
|
|
|
2015-11-09 19:54:18 +00:00
|
|
|
addrinfo_lists_t *addrinfo_lists; /**< Struct containing lists of resolved addresses */
|
2016-05-31 03:42:41 +00:00
|
|
|
GArray *shb_hdrs;
|
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
2020-10-22 08:10:57 +00:00
|
|
|
GArray *nrb_hdrs; /**< name resolution comment/custom_opt, or NULL */
|
2015-11-09 19:54:18 +00:00
|
|
|
GArray *interface_data; /**< An array holding the interface data from pcapng IDB:s or equivalent(?) NULL if not present.*/
|
2018-11-17 12:56:12 +00:00
|
|
|
GArray *dsbs_initial; /**< An array of initial DSBs (of type wtap_block_t) */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Additional blocks that might grow as data is being collected.
|
|
|
|
|
* Subtypes should write these blocks before writing new packet blocks.
|
|
|
|
|
*/
|
|
|
|
|
const GArray *dsbs_growing; /**< A reference to an array of DSBs (of type wtap_block_t) */
|
|
|
|
|
guint dsbs_growing_written; /**< Number of already processed DSBs in dsbs_growing. */
|
2000-05-19 23:07:04 +00:00
|
|
|
};
|
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
WS_DLL_PUBLIC gboolean wtap_dump_file_write(wtap_dumper *wdh, const void *buf,
|
|
|
|
|
size_t bufsize, int *err);
|
|
|
|
|
WS_DLL_PUBLIC gint64 wtap_dump_file_seek(wtap_dumper *wdh, gint64 offset, int whence, int *err);
|
|
|
|
|
WS_DLL_PUBLIC gint64 wtap_dump_file_tell(wtap_dumper *wdh, int *err);
|
|
|
|
|
|
2007-05-05 10:47:35 +00:00
|
|
|
extern gint wtap_num_file_types;
|
|
|
|
|
|
2013-12-03 20:35:50 +00:00
|
|
|
#include <wsutil/pint.h>
|
|
|
|
|
|
2010-04-21 20:51:22 +00:00
|
|
|
/* Macros to byte-swap possibly-unaligned 64-bit, 32-bit and 16-bit quantities;
|
2007-05-28 06:47:50 +00:00
|
|
|
* they take a pointer to the quantity, and byte-swap it in place.
|
|
|
|
|
*/
|
2010-04-21 20:51:22 +00:00
|
|
|
#define PBSWAP64(p) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
guint8 tmp; \
|
|
|
|
|
tmp = (p)[7]; \
|
|
|
|
|
(p)[7] = (p)[0]; \
|
|
|
|
|
(p)[0] = tmp; \
|
|
|
|
|
tmp = (p)[6]; \
|
|
|
|
|
(p)[6] = (p)[1]; \
|
|
|
|
|
(p)[1] = tmp; \
|
|
|
|
|
tmp = (p)[5]; \
|
|
|
|
|
(p)[5] = (p)[2]; \
|
|
|
|
|
(p)[2] = tmp; \
|
|
|
|
|
tmp = (p)[4]; \
|
|
|
|
|
(p)[4] = (p)[3]; \
|
|
|
|
|
(p)[3] = tmp; \
|
|
|
|
|
}
|
2007-05-28 06:47:50 +00:00
|
|
|
#define PBSWAP32(p) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
guint8 tmp; \
|
|
|
|
|
tmp = (p)[3]; \
|
|
|
|
|
(p)[3] = (p)[0]; \
|
|
|
|
|
(p)[0] = tmp; \
|
|
|
|
|
tmp = (p)[2]; \
|
|
|
|
|
(p)[2] = (p)[1]; \
|
|
|
|
|
(p)[1] = tmp; \
|
|
|
|
|
}
|
2007-05-28 06:47:50 +00:00
|
|
|
#define PBSWAP16(p) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
guint8 tmp; \
|
|
|
|
|
tmp = (p)[1]; \
|
|
|
|
|
(p)[1] = (p)[0]; \
|
|
|
|
|
(p)[0] = tmp; \
|
|
|
|
|
}
|
2007-05-28 06:47:50 +00:00
|
|
|
|
2001-02-13 00:50:05 +00:00
|
|
|
|
2007-05-28 06:47:50 +00:00
|
|
|
/* Pointer routines to put items out in a particular byte order.
|
|
|
|
|
* These will work regardless of the byte alignment of the pointer.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef phtons
|
|
|
|
|
#define phtons(p, v) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 8); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 0); \
|
|
|
|
|
}
|
2007-05-28 06:47:50 +00:00
|
|
|
#endif
|
|
|
|
|
|
2010-06-06 19:37:49 +00:00
|
|
|
#ifndef phton24
|
|
|
|
|
#define phton24(p, v) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 16); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 8); \
|
|
|
|
|
(p)[2] = (guint8)((v) >> 0); \
|
|
|
|
|
}
|
2010-06-06 19:37:49 +00:00
|
|
|
#endif
|
|
|
|
|
|
2007-05-28 06:47:50 +00:00
|
|
|
#ifndef phtonl
|
|
|
|
|
#define phtonl(p, v) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 24); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 16); \
|
|
|
|
|
(p)[2] = (guint8)((v) >> 8); \
|
|
|
|
|
(p)[3] = (guint8)((v) >> 0); \
|
|
|
|
|
}
|
2007-05-28 06:47:50 +00:00
|
|
|
#endif
|
|
|
|
|
|
2007-10-08 11:41:21 +00:00
|
|
|
#ifndef phtonll
|
|
|
|
|
#define phtonll(p, v) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 56); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 48); \
|
|
|
|
|
(p)[2] = (guint8)((v) >> 40); \
|
|
|
|
|
(p)[3] = (guint8)((v) >> 32); \
|
|
|
|
|
(p)[4] = (guint8)((v) >> 24); \
|
|
|
|
|
(p)[5] = (guint8)((v) >> 16); \
|
|
|
|
|
(p)[6] = (guint8)((v) >> 8); \
|
|
|
|
|
(p)[7] = (guint8)((v) >> 0); \
|
|
|
|
|
}
|
2007-10-08 11:41:21 +00:00
|
|
|
#endif
|
|
|
|
|
|
2017-04-26 03:26:59 +00:00
|
|
|
#ifndef phtole8
|
|
|
|
|
#define phtole8(p, v) \
|
|
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 0); \
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-11-17 09:04:54 +00:00
|
|
|
#ifndef phtoles
|
|
|
|
|
#define phtoles(p, v) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 0); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 8); \
|
|
|
|
|
}
|
2011-11-17 09:04:54 +00:00
|
|
|
#endif
|
|
|
|
|
|
2017-04-26 03:26:59 +00:00
|
|
|
#ifndef phtole24
|
|
|
|
|
#define phtole24(p, v) \
|
|
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 0); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 8); \
|
|
|
|
|
(p)[2] = (guint8)((v) >> 16); \
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-04-26 08:45:48 +00:00
|
|
|
#ifndef phtolel
|
|
|
|
|
#define phtolel(p, v) \
|
|
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 0); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 8); \
|
|
|
|
|
(p)[2] = (guint8)((v) >> 16); \
|
|
|
|
|
(p)[3] = (guint8)((v) >> 24); \
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-11-17 09:24:15 +00:00
|
|
|
#ifndef phtolell
|
|
|
|
|
#define phtolell(p, v) \
|
2012-04-18 00:51:18 +00:00
|
|
|
{ \
|
|
|
|
|
(p)[0] = (guint8)((v) >> 0); \
|
|
|
|
|
(p)[1] = (guint8)((v) >> 8); \
|
|
|
|
|
(p)[2] = (guint8)((v) >> 16); \
|
|
|
|
|
(p)[3] = (guint8)((v) >> 24); \
|
|
|
|
|
(p)[4] = (guint8)((v) >> 32); \
|
|
|
|
|
(p)[5] = (guint8)((v) >> 40); \
|
|
|
|
|
(p)[6] = (guint8)((v) >> 48); \
|
|
|
|
|
(p)[7] = (guint8)((v) >> 56); \
|
|
|
|
|
}
|
2007-10-08 11:41:21 +00:00
|
|
|
#endif
|
|
|
|
|
|
2001-12-13 05:49:13 +00:00
|
|
|
/* glib doesn't have g_ptr_array_len of all things!*/
|
|
|
|
|
#ifndef g_ptr_array_len
|
|
|
|
|
#define g_ptr_array_len(a) ((a)->len)
|
|
|
|
|
#endif
|
|
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
/*
|
2016-09-28 23:45:23 +00:00
|
|
|
* Read a given number of bytes from a file into a buffer or, if
|
|
|
|
|
* buf is NULL, just discard them.
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
*
|
|
|
|
|
* If we succeed, return TRUE.
|
|
|
|
|
*
|
|
|
|
|
* If we get an EOF, return FALSE with *err set to 0, reporting this
|
|
|
|
|
* as an EOF.
|
|
|
|
|
*
|
|
|
|
|
* If we get fewer bytes than the specified number, return FALSE with
|
|
|
|
|
* *err set to WTAP_ERR_SHORT_READ, reporting this as a short read
|
|
|
|
|
* error.
|
|
|
|
|
*
|
|
|
|
|
* If we get a read error, return FALSE with *err and *err_info set
|
|
|
|
|
* appropriately.
|
|
|
|
|
*/
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
gboolean
|
|
|
|
|
wtap_read_bytes_or_eof(FILE_T fh, void *buf, unsigned int count, int *err,
|
|
|
|
|
gchar **err_info);
|
|
|
|
|
|
|
|
|
|
/*
|
2016-09-28 23:45:23 +00:00
|
|
|
* Read a given number of bytes from a file into a buffer or, if
|
|
|
|
|
* buf is NULL, just discard them.
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
*
|
|
|
|
|
* If we succeed, return TRUE.
|
|
|
|
|
*
|
|
|
|
|
* If we get fewer bytes than the specified number, including getting
|
|
|
|
|
* an EOF, return FALSE with *err set to WTAP_ERR_SHORT_READ, reporting
|
|
|
|
|
* this as a short read error.
|
|
|
|
|
*
|
|
|
|
|
* If we get a read error, return FALSE with *err and *err_info set
|
|
|
|
|
* appropriately.
|
|
|
|
|
*/
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
gboolean
|
|
|
|
|
wtap_read_bytes(FILE_T fh, void *buf, unsigned int count, int *err,
|
|
|
|
|
gchar **err_info);
|
|
|
|
|
|
2013-06-16 00:20:00 +00:00
|
|
|
/*
|
|
|
|
|
* Read packet data into a Buffer, growing the buffer as necessary.
|
|
|
|
|
*
|
|
|
|
|
* This returns an error on a short read, even if the short read hit
|
|
|
|
|
* the EOF immediately. (The assumption is that each packet has a
|
|
|
|
|
* header followed by raw packet data, and that we've already read the
|
|
|
|
|
* header, so if we get an EOF trying to read the packet data, the file
|
|
|
|
|
* has been cut short, even if the read didn't read any data at all.)
|
|
|
|
|
*/
|
2014-03-18 17:21:51 +00:00
|
|
|
WS_DLL_PUBLIC
|
2013-06-16 00:20:00 +00:00
|
|
|
gboolean
|
|
|
|
|
wtap_read_packet_bytes(FILE_T fh, Buffer *buf, guint length, int *err,
|
|
|
|
|
gchar **err_info);
|
|
|
|
|
|
2018-11-10 22:03:16 +00:00
|
|
|
/*
|
|
|
|
|
* Implementation of wth->subtype_read that reads the full file contents
|
|
|
|
|
* as a single packet.
|
|
|
|
|
*/
|
|
|
|
|
gboolean
|
2019-04-05 01:56:27 +00:00
|
|
|
wtap_full_file_read(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
|
|
|
int *err, gchar **err_info, gint64 *data_offset);
|
2018-11-10 22:03:16 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Implementation of wth->subtype_seek_read that reads the full file contents
|
|
|
|
|
* as a single packet.
|
|
|
|
|
*/
|
|
|
|
|
gboolean
|
|
|
|
|
wtap_full_file_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
|
2019-01-18 00:54:22 +00:00
|
|
|
|
2020-05-02 01:19:00 +00:00
|
|
|
/**
|
|
|
|
|
* Add an IDB to the interface data for a file.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
wtap_add_idb(wtap *wth, wtap_block_t idb);
|
|
|
|
|
|
2019-01-18 00:54:22 +00:00
|
|
|
/**
|
|
|
|
|
* Invokes the callback with the given decryption secrets block.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
wtapng_process_dsb(wtap *wth, wtap_block_t dsb);
|
wiretap: more work on file type/subtypes.
Provide a wiretap routine to get an array of all savable file
type/subtypes, sorted with pcap and pcapng at the top, followed by the
other types, sorted either by the name or the description.
Use that routine to list options for the -F flag for various commands
Rename wtap_get_savable_file_types_subtypes() to
wtap_get_savable_file_types_subtypes_for_file(), to indicate that it
provides an array of all file type/subtypes in which a given file can be
saved. Have it sort all types, other than the default type/subtype and,
if there is one, the "other" type (both of which are put at the top), by
the name or the description.
Don't allow wtap_register_file_type_subtypes() to override any existing
registrations; have them always register a new type. In that routine,
if there are any emply slots in the table, due to an entry being
unregistered, use it rather than allocating a new slot.
Don't allow unregistration of built-in types.
Rename the "dump open table" to the "file type/subtype table", as it has
entries for all types/subtypes, even if we can't write them.
Initialize that table in a routine that pre-allocates the GArray before
filling it with built-in types/subtypes, so it doesn't keep getting
reallocated.
Get rid of wtap_num_file_types_subtypes - it's just a copy of the size
of the GArray.
Don't have wtap_file_type_subtype_description() crash if handed an
file type/subtype that isn't a valid array index - just return NULL, as
we do with wtap_file_type_subtype_name().
In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_
names for the backwards-compatibility names - map those names to the
current names, and then look them up. This reduces the number of
uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values.
Clean up the type of wtap_module_count - it has no need to be a gulong.
Have built-in wiretap file handlers register names to be used for their
file type/subtypes, rather than building the table in init.lua.
Add a new Lua C function get_wtap_filetypes() to construct the
wtap_filetypes table, based on the registered names, and use it in
init.lua.
Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended
only for internal use in init.lua, so they can be made available from
Lua without being documented.
Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use
it, as it can just request arrays of types, and the space of
type/subtype codes can be sparse due to registration in any case, so
code has to be careful using it.
wtap_get_num_file_types_subtypes() is no longer used, so remove it. It
returns the number of elements in the file type/subtype array, which is
not necessarily the name of known file type/subtypes, as there may have
been some deregistered types, and those types do *not* get removed from
the array, they just get cleared so that they're available for future
allocation (we don't want the indices of any registered types to changes
if another type is deregistered, as those indicates are the type/subtype
values, so we can't shrink the array).
Clean up white space and remove some comments that shouldn't have been
added.
2021-02-17 06:24:47 +00:00
|
|
|
|
2021-03-11 21:56:40 +00:00
|
|
|
void
|
|
|
|
|
wtap_register_compatibility_file_subtype_name(const char *old_name,
|
|
|
|
|
const char *new_name);
|
|
|
|
|
|
wiretap: more work on file type/subtypes.
Provide a wiretap routine to get an array of all savable file
type/subtypes, sorted with pcap and pcapng at the top, followed by the
other types, sorted either by the name or the description.
Use that routine to list options for the -F flag for various commands
Rename wtap_get_savable_file_types_subtypes() to
wtap_get_savable_file_types_subtypes_for_file(), to indicate that it
provides an array of all file type/subtypes in which a given file can be
saved. Have it sort all types, other than the default type/subtype and,
if there is one, the "other" type (both of which are put at the top), by
the name or the description.
Don't allow wtap_register_file_type_subtypes() to override any existing
registrations; have them always register a new type. In that routine,
if there are any emply slots in the table, due to an entry being
unregistered, use it rather than allocating a new slot.
Don't allow unregistration of built-in types.
Rename the "dump open table" to the "file type/subtype table", as it has
entries for all types/subtypes, even if we can't write them.
Initialize that table in a routine that pre-allocates the GArray before
filling it with built-in types/subtypes, so it doesn't keep getting
reallocated.
Get rid of wtap_num_file_types_subtypes - it's just a copy of the size
of the GArray.
Don't have wtap_file_type_subtype_description() crash if handed an
file type/subtype that isn't a valid array index - just return NULL, as
we do with wtap_file_type_subtype_name().
In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_
names for the backwards-compatibility names - map those names to the
current names, and then look them up. This reduces the number of
uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values.
Clean up the type of wtap_module_count - it has no need to be a gulong.
Have built-in wiretap file handlers register names to be used for their
file type/subtypes, rather than building the table in init.lua.
Add a new Lua C function get_wtap_filetypes() to construct the
wtap_filetypes table, based on the registered names, and use it in
init.lua.
Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended
only for internal use in init.lua, so they can be made available from
Lua without being documented.
Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use
it, as it can just request arrays of types, and the space of
type/subtype codes can be sparse due to registration in any case, so
code has to be careful using it.
wtap_get_num_file_types_subtypes() is no longer used, so remove it. It
returns the number of elements in the file type/subtype array, which is
not necessarily the name of known file type/subtypes, as there may have
been some deregistered types, and those types do *not* get removed from
the array, they just get cleared so that they're available for future
allocation (we don't want the indices of any registered types to changes
if another type is deregistered, as those indicates are the type/subtype
values, so we can't shrink the array).
Clean up white space and remove some comments that shouldn't have been
added.
2021-02-17 06:24:47 +00:00
|
|
|
void
|
|
|
|
|
wtap_register_backwards_compatibility_lua_name(const char *name, int ft);
|
|
|
|
|
|
|
|
|
|
struct backwards_compatibiliity_lua_name {
|
|
|
|
|
const char *name;
|
|
|
|
|
int ft;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
const GArray *get_backwards_compatibility_lua_table(void);
|
|
|
|
|
|
2021-05-31 11:39:59 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Gets new section header block for new file, based on existing info.
|
|
|
|
|
* @details Creates a new wtap_block_t section header block and only
|
|
|
|
|
* copies appropriate members of the SHB for a new file. In
|
|
|
|
|
* particular, the comment string is copied, and any custom options
|
|
|
|
|
* which should be copied are copied. The os, hardware, and
|
|
|
|
|
* application strings are *not* copied.
|
|
|
|
|
*
|
|
|
|
|
* @note Use wtap_free_shb() to free the returned section header.
|
|
|
|
|
*
|
|
|
|
|
* @param wth The wiretap session.
|
|
|
|
|
* @return The new section header, which must be wtap_free_shb'd.
|
|
|
|
|
*/
|
|
|
|
|
GArray* wtap_file_get_shb_for_new_file(wtap *wth);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Generate an IDB, given a wiretap handle for the file,
|
|
|
|
|
* using the file's encapsulation type, snapshot length,
|
|
|
|
|
* and time stamp resolution, and add it to the interface
|
|
|
|
|
* data for a file.
|
|
|
|
|
* @note This requires that the encapsulation type and time stamp
|
|
|
|
|
* resolution not be per-packet; it will terminate the process
|
|
|
|
|
* if either of them are.
|
|
|
|
|
*
|
|
|
|
|
* @param wth The wiretap handle for the file.
|
|
|
|
|
*/
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
void wtap_add_generated_idb(wtap *wth);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Gets new name resolution info for new file, based on existing info.
|
|
|
|
|
* @details Creates a new wtap_block_t of name resolution info and only
|
|
|
|
|
* copies appropriate members for a new file.
|
|
|
|
|
*
|
|
|
|
|
* @note Use wtap_free_nrb() to free the returned pointer.
|
|
|
|
|
*
|
|
|
|
|
* @param wth The wiretap session.
|
|
|
|
|
* @return The new name resolution info, which must be freed.
|
|
|
|
|
*/
|
|
|
|
|
GArray* wtap_file_get_nrb_for_new_file(wtap *wth);
|
|
|
|
|
|
2000-05-19 23:07:04 +00:00
|
|
|
#endif /* __WTAP_INT_H__ */
|
2011-03-24 22:47:57 +00:00
|
|
|
|
|
|
|
|
/*
|
2018-11-17 12:56:12 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2011-03-24 22:47:57 +00:00
|
|
|
*
|
2018-11-17 12:56:12 +00:00
|
|
|
* Local variables:
|
|
|
|
|
* c-basic-offset: 4
|
2011-03-24 22:47:57 +00:00
|
|
|
* tab-width: 8
|
2018-11-17 12:56:12 +00:00
|
|
|
* indent-tabs-mode: nil
|
2011-03-24 22:47:57 +00:00
|
|
|
* End:
|
|
|
|
|
*
|
2018-11-17 12:56:12 +00:00
|
|
|
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
|
|
|
|
* :indentSize=4:tabSize=8:noTabs=true:
|
2011-03-24 22:47:57 +00:00
|
|
|
*/
|