1998-11-12 06:01:27 +00:00
|
|
|
/* wtap.c
|
|
|
|
*
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
2018-02-07 11:26:45 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
1998-11-12 06:01:27 +00:00
|
|
|
*/
|
2002-03-05 05:58:41 +00:00
|
|
|
|
2016-03-14 19:03:11 +00:00
|
|
|
#include <config.h>
|
2004-03-30 19:37:31 +00:00
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <errno.h>
|
|
|
|
|
2005-08-19 19:40:00 +00:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
2000-05-19 23:07:04 +00:00
|
|
|
#include "wtap-int.h"
|
2016-01-26 01:17:21 +00:00
|
|
|
#include "wtap_opttypes.h"
|
2005-08-20 16:19:22 +00:00
|
|
|
|
2000-01-13 07:09:20 +00:00
|
|
|
#include "file_wrappers.h"
|
2008-05-22 15:46:27 +00:00
|
|
|
#include <wsutil/file_util.h>
|
2014-07-15 23:40:46 +00:00
|
|
|
#include <wsutil/buffer.h>
|
2021-05-23 23:46:43 +00:00
|
|
|
#include <wsutil/ws_assert.h>
|
2021-06-22 14:23:00 +00:00
|
|
|
#include <wsutil/wslog.h>
|
2013-12-02 08:30:29 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2021-02-06 16:35:51 +00:00
|
|
|
#include <wsutil/plugins.h>
|
|
|
|
#endif
|
2013-12-02 08:30:29 +00:00
|
|
|
|
2021-02-06 16:35:51 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2018-01-09 08:55:37 +00:00
|
|
|
static plugins_t *libwiretap_plugins = NULL;
|
2021-02-06 16:35:51 +00:00
|
|
|
#endif
|
|
|
|
|
2013-12-02 08:30:29 +00:00
|
|
|
static GSList *wtap_plugins = NULL;
|
|
|
|
|
2021-02-06 16:35:51 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2017-09-30 23:56:03 +00:00
|
|
|
void
|
|
|
|
wtap_register_plugin(const wtap_plugin *plug)
|
2013-12-02 08:30:29 +00:00
|
|
|
{
|
2017-09-30 23:56:03 +00:00
|
|
|
wtap_plugins = g_slist_prepend(wtap_plugins, (wtap_plugin *)plug);
|
2013-12-02 08:30:29 +00:00
|
|
|
}
|
2021-02-06 16:35:51 +00:00
|
|
|
#else /* HAVE_PLUGINS */
|
|
|
|
void
|
|
|
|
wtap_register_plugin(const wtap_plugin *plug _U_)
|
|
|
|
{
|
2021-06-14 23:06:02 +00:00
|
|
|
ws_warning("wtap_register_plugin: built without support for binary plugins");
|
2021-02-06 16:35:51 +00:00
|
|
|
}
|
|
|
|
#endif /* HAVE_PLUGINS */
|
|
|
|
|
|
|
|
int
|
|
|
|
wtap_plugins_supported(void)
|
|
|
|
{
|
|
|
|
#ifdef HAVE_PLUGINS
|
2023-01-30 20:27:06 +00:00
|
|
|
return plugins_supported() ? 0 : 1;
|
2021-02-06 16:35:51 +00:00
|
|
|
#else
|
|
|
|
return -1;
|
|
|
|
#endif
|
|
|
|
}
|
2013-12-02 08:30:29 +00:00
|
|
|
|
|
|
|
static void
|
2017-09-30 23:56:03 +00:00
|
|
|
call_plugin_register_wtap_module(gpointer data, gpointer user_data _U_)
|
2013-12-02 08:30:29 +00:00
|
|
|
{
|
2017-09-30 23:56:03 +00:00
|
|
|
wtap_plugin *plug = (wtap_plugin *)data;
|
2013-12-02 08:30:29 +00:00
|
|
|
|
2017-09-30 23:56:03 +00:00
|
|
|
if (plug->register_wtap_module) {
|
|
|
|
plug->register_wtap_module();
|
|
|
|
}
|
2013-12-02 08:30:29 +00:00
|
|
|
}
|
|
|
|
|
2005-08-19 19:40:00 +00:00
|
|
|
/*
|
|
|
|
* Return the size of the file, as reported by the OS.
|
|
|
|
* (gint64, in case that's 64 bits.)
|
|
|
|
*/
|
|
|
|
gint64
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_file_size(wtap *wth, int *err)
|
1999-09-23 04:39:01 +00:00
|
|
|
{
|
2011-04-10 19:56:06 +00:00
|
|
|
ws_statb64 statb;
|
2005-08-19 19:40:00 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_fstat((wth->fh == NULL) ? wth->random_fh : wth->fh,
|
2011-05-09 08:12:26 +00:00
|
|
|
&statb, err) == -1)
|
2005-08-19 19:40:00 +00:00
|
|
|
return -1;
|
|
|
|
return statb.st_size;
|
1999-09-23 04:39:01 +00:00
|
|
|
}
|
|
|
|
|
2011-05-09 08:12:26 +00:00
|
|
|
/*
|
|
|
|
* Do an fstat on the file.
|
|
|
|
*/
|
|
|
|
int
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_fstat(wtap *wth, ws_statb64 *statb, int *err)
|
2011-05-09 08:12:26 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (file_fstat((wth->fh == NULL) ? wth->random_fh : wth->fh,
|
2011-05-09 08:12:26 +00:00
|
|
|
statb, err) == -1)
|
|
|
|
return -1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2000-09-07 05:34:23 +00:00
|
|
|
int
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_file_type_subtype(wtap *wth)
|
1998-11-12 00:06:47 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
return wth->file_type_subtype;
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
|
|
|
|
2011-05-31 15:27:48 +00:00
|
|
|
guint
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_snapshot_length(wtap *wth)
|
1998-11-12 00:06:47 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
return wth->snapshot_length;
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
|
|
|
|
2000-09-07 05:34:23 +00:00
|
|
|
int
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_file_encap(wtap *wth)
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
return wth->file_encap;
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
}
|
|
|
|
|
2005-08-24 21:31:56 +00:00
|
|
|
int
|
2014-09-28 18:37:06 +00:00
|
|
|
wtap_file_tsprec(wtap *wth)
|
2005-08-24 21:31:56 +00:00
|
|
|
{
|
2014-09-28 18:37:06 +00:00
|
|
|
return wth->file_tsprec;
|
2005-08-24 21:31:56 +00:00
|
|
|
}
|
|
|
|
|
2020-05-01 17:28:04 +00:00
|
|
|
guint
|
|
|
|
wtap_file_get_num_shbs(wtap *wth)
|
|
|
|
{
|
|
|
|
return wth->shb_hdrs->len;
|
|
|
|
}
|
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_t
|
2020-05-01 17:28:04 +00:00
|
|
|
wtap_file_get_shb(wtap *wth, guint shb_num)
|
2015-07-20 15:09:06 +00:00
|
|
|
{
|
2020-05-01 17:28:04 +00:00
|
|
|
if ((wth == NULL) || (wth->shb_hdrs == NULL) || (shb_num >= wth->shb_hdrs->len))
|
2016-05-31 03:42:41 +00:00
|
|
|
return NULL;
|
|
|
|
|
2020-05-01 17:28:04 +00:00
|
|
|
return g_array_index(wth->shb_hdrs, wtap_block_t, shb_num);
|
2015-07-20 15:09:06 +00:00
|
|
|
}
|
|
|
|
|
2016-05-31 03:42:41 +00:00
|
|
|
GArray*
|
2015-07-20 15:09:06 +00:00
|
|
|
wtap_file_get_shb_for_new_file(wtap *wth)
|
2012-02-15 19:44:16 +00:00
|
|
|
{
|
2016-05-31 03:42:41 +00:00
|
|
|
guint shb_count;
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_t shb_hdr_src, shb_hdr_dest;
|
2016-05-31 03:42:41 +00:00
|
|
|
GArray* shb_hdrs;
|
2012-02-15 19:44:16 +00:00
|
|
|
|
2016-05-31 03:42:41 +00:00
|
|
|
if ((wth == NULL) || (wth->shb_hdrs == NULL) || (wth->shb_hdrs->len == 0))
|
2016-01-26 01:17:21 +00:00
|
|
|
return NULL;
|
2012-02-15 19:44:16 +00:00
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
shb_hdrs = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
|
2016-05-31 03:42:41 +00:00
|
|
|
|
|
|
|
for (shb_count = 0; shb_count < wth->shb_hdrs->len; shb_count++) {
|
2016-07-14 23:01:57 +00:00
|
|
|
shb_hdr_src = g_array_index(wth->shb_hdrs, wtap_block_t, shb_count);
|
2020-10-22 02:10:49 +00:00
|
|
|
shb_hdr_dest = wtap_block_make_copy(shb_hdr_src);
|
2016-05-31 03:42:41 +00:00
|
|
|
g_array_append_val(shb_hdrs, shb_hdr_dest);
|
|
|
|
}
|
2015-07-20 15:09:06 +00:00
|
|
|
|
2016-05-31 03:42:41 +00:00
|
|
|
return shb_hdrs;
|
2012-02-15 19:44:16 +00:00
|
|
|
}
|
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
/*
|
|
|
|
* XXX - replace with APIs that let us handle multiple comments.
|
|
|
|
*/
|
2012-03-23 01:41:59 +00:00
|
|
|
void
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_write_shb_comment(wtap *wth, gchar *comment)
|
2012-02-26 17:04:28 +00:00
|
|
|
{
|
2016-05-31 03:42:41 +00:00
|
|
|
if ((wth != NULL) && (wth->shb_hdrs != NULL) && (wth->shb_hdrs->len > 0)) {
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_set_nth_string_option_value(g_array_index(wth->shb_hdrs, wtap_block_t, 0), OPT_COMMENT, 0, comment, (gsize)(comment ? strlen(comment) : 0));
|
2016-05-31 03:42:41 +00:00
|
|
|
}
|
2012-02-26 17:04:28 +00:00
|
|
|
}
|
|
|
|
|
2012-03-23 01:41:59 +00:00
|
|
|
wtapng_iface_descriptions_t *
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_file_get_idb_info(wtap *wth)
|
2012-02-20 20:15:51 +00:00
|
|
|
{
|
2012-02-20 22:40:17 +00:00
|
|
|
wtapng_iface_descriptions_t *idb_info;
|
2012-02-20 20:15:51 +00:00
|
|
|
|
2012-02-20 22:40:17 +00:00
|
|
|
idb_info = g_new(wtapng_iface_descriptions_t,1);
|
2012-02-20 20:15:51 +00:00
|
|
|
|
2012-03-23 01:41:59 +00:00
|
|
|
idb_info->interface_data = wth->interface_data;
|
2012-02-20 20:15:51 +00:00
|
|
|
|
|
|
|
return idb_info;
|
|
|
|
}
|
|
|
|
|
Add a routine to get the next as-yet-unfetched interface description.
In a wtap, keep track of the first interface description not yet fetched
with wtap_get_next_interface_description() and, when
wtap_get_next_interface_description() is called, have it return that
description, as a wtap_block_t for its IDB. If there are no
as-yet-unfetched interface descriptions, return NULL; there may, in the
future, be more interface descriptions for the file, so this should be
called:
* after the file is opened;
* after wtap_read() returns TRUE, indicating that it's returned a
record (and *before* you process the record that wtap_read()
returns, as it might be the interface description for the
interface on which the packet in that record arrived);
* after wtap_read() returns FALSE, indicating an EOF or an error
return (as there might have been interfaces at the end of the
file or before the error point).
At each of those points, the caller should loop until
wtap_get_next_interface_description() returns NULL.
Not used yet (but tested with capinfos, which found a reason why you
have to wait until the end of the file before processing the interface
information - there's now a comment in the code giving that reason).
This will probably be used in the future.
2020-10-21 09:51:25 +00:00
|
|
|
wtap_block_t
|
|
|
|
wtap_get_next_interface_description(wtap *wth)
|
|
|
|
{
|
|
|
|
if (wth->next_interface_data < wth->interface_data->len) {
|
|
|
|
/*
|
|
|
|
* We have an IDB to return. Advance to the next
|
|
|
|
* IDB, and return this one.
|
|
|
|
*/
|
|
|
|
wtap_block_t idb;
|
|
|
|
|
|
|
|
idb = g_array_index(wth->interface_data, wtap_block_t,
|
|
|
|
wth->next_interface_data);
|
|
|
|
wth->next_interface_data++;
|
|
|
|
return idb;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We've returned all the interface descriptions we currently
|
|
|
|
* have. (There may be more in the future, if we read more.)
|
|
|
|
*/
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2020-05-02 01:19:00 +00:00
|
|
|
void
|
|
|
|
wtap_add_idb(wtap *wth, wtap_block_t idb)
|
|
|
|
{
|
|
|
|
g_array_append_val(wth->interface_data, idb);
|
|
|
|
}
|
2015-08-20 18:38:35 +00:00
|
|
|
|
2020-07-29 05:34:24 +00:00
|
|
|
void
|
|
|
|
wtap_add_generated_idb(wtap *wth)
|
|
|
|
{
|
|
|
|
wtap_block_t idb;
|
|
|
|
wtapng_if_descr_mandatory_t *if_descr_mand;
|
|
|
|
int snaplen;
|
|
|
|
|
2021-05-23 23:46:43 +00:00
|
|
|
ws_assert(wth->file_encap != WTAP_ENCAP_UNKNOWN &&
|
wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35e36d9962495c3d4358842ea88aac41, fix #18449.
2023-02-04 18:49:10 +00:00
|
|
|
wth->file_encap != WTAP_ENCAP_PER_PACKET &&
|
|
|
|
wth->file_encap != WTAP_ENCAP_NONE);
|
2021-05-23 23:46:43 +00:00
|
|
|
ws_assert(wth->file_tsprec != WTAP_TSPREC_UNKNOWN &&
|
2020-07-29 05:34:24 +00:00
|
|
|
wth->file_tsprec != WTAP_TSPREC_PER_PACKET);
|
|
|
|
|
wiretap: have file handlers advertise blocks and options supported.
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
2021-02-21 22:18:04 +00:00
|
|
|
idb = wtap_block_create(WTAP_BLOCK_IF_ID_AND_INFO);
|
2020-07-29 05:34:24 +00:00
|
|
|
|
|
|
|
if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(idb);
|
|
|
|
if_descr_mand->wtap_encap = wth->file_encap;
|
|
|
|
if_descr_mand->tsprecision = wth->file_tsprec;
|
|
|
|
switch (wth->file_tsprec) {
|
|
|
|
|
|
|
|
case WTAP_TSPREC_SEC:
|
|
|
|
if_descr_mand->time_units_per_second = 1;
|
|
|
|
wtap_block_add_uint8_option(idb, OPT_IDB_TSRESOL, 0);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_TSPREC_DSEC:
|
|
|
|
if_descr_mand->time_units_per_second = 10;
|
|
|
|
wtap_block_add_uint8_option(idb, OPT_IDB_TSRESOL, 1);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_TSPREC_CSEC:
|
|
|
|
if_descr_mand->time_units_per_second = 100;
|
|
|
|
wtap_block_add_uint8_option(idb, OPT_IDB_TSRESOL, 2);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_TSPREC_MSEC:
|
|
|
|
if_descr_mand->time_units_per_second = 1000;
|
|
|
|
wtap_block_add_uint8_option(idb, OPT_IDB_TSRESOL, 3);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_TSPREC_USEC:
|
|
|
|
if_descr_mand->time_units_per_second = 1000000;
|
|
|
|
/* This is the default, so no need to add an option */
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_TSPREC_NSEC:
|
|
|
|
if_descr_mand->time_units_per_second = 1000000000;
|
|
|
|
wtap_block_add_uint8_option(idb, OPT_IDB_TSRESOL, 9);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case WTAP_TSPREC_PER_PACKET:
|
|
|
|
case WTAP_TSPREC_UNKNOWN:
|
|
|
|
default:
|
|
|
|
/*
|
|
|
|
* Don't do this.
|
|
|
|
*/
|
2021-05-23 23:46:43 +00:00
|
|
|
ws_assert_not_reached();
|
2020-07-29 05:34:24 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
snaplen = wth->snapshot_length;
|
|
|
|
if (snaplen == 0) {
|
|
|
|
/*
|
|
|
|
* No snapshot length was specified. Pick an
|
|
|
|
* appropriate snapshot length for this
|
|
|
|
* link-layer type.
|
|
|
|
*
|
|
|
|
* We use WTAP_MAX_PACKET_SIZE_STANDARD for everything except
|
|
|
|
* D-Bus, which has a maximum packet size of 128MB,
|
|
|
|
* and EBHSCR, which has a maximum packet size of 8MB,
|
|
|
|
* which is more than we want to put into files
|
|
|
|
* with other link-layer header types, as that
|
|
|
|
* might cause some software reading those files
|
|
|
|
* to allocate an unnecessarily huge chunk of
|
|
|
|
* memory for a packet buffer.
|
|
|
|
*/
|
|
|
|
if (wth->file_encap == WTAP_ENCAP_DBUS)
|
|
|
|
snaplen = 128*1024*1024;
|
|
|
|
else if (wth->file_encap == WTAP_ENCAP_EBHSCR)
|
|
|
|
snaplen = 8*1024*1024;
|
|
|
|
else
|
|
|
|
snaplen = WTAP_MAX_PACKET_SIZE_STANDARD;
|
|
|
|
}
|
|
|
|
if_descr_mand->snap_len = snaplen;
|
|
|
|
if_descr_mand->num_stat_entries = 0; /* Number of ISBs */
|
|
|
|
if_descr_mand->interface_statistics = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add this IDB.
|
|
|
|
*/
|
|
|
|
wtap_add_idb(wth, idb);
|
|
|
|
}
|
|
|
|
|
2015-08-20 18:38:35 +00:00
|
|
|
void
|
|
|
|
wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info)
|
|
|
|
{
|
|
|
|
if (idb_info == NULL)
|
2016-01-26 01:17:21 +00:00
|
|
|
return;
|
2015-08-20 18:38:35 +00:00
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_array_free(idb_info->interface_data);
|
2015-08-20 18:38:35 +00:00
|
|
|
g_free(idb_info);
|
|
|
|
}
|
|
|
|
|
2015-08-16 16:37:11 +00:00
|
|
|
gchar *
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_get_debug_if_descr(const wtap_block_t if_descr,
|
2015-08-16 16:37:11 +00:00
|
|
|
const int indent,
|
|
|
|
const char* line_end)
|
2015-08-16 16:37:11 +00:00
|
|
|
{
|
2016-01-26 01:17:21 +00:00
|
|
|
char* tmp_content;
|
|
|
|
wtapng_if_descr_mandatory_t* if_descr_mand;
|
2015-08-16 16:37:11 +00:00
|
|
|
GString *info = g_string_new("");
|
2016-01-26 01:17:21 +00:00
|
|
|
guint64 tmp64;
|
|
|
|
gint8 itmp8;
|
|
|
|
guint8 tmp8;
|
2021-02-01 23:56:47 +00:00
|
|
|
if_filter_opt_t if_filter;
|
2015-08-16 16:37:11 +00:00
|
|
|
|
2021-05-23 23:46:43 +00:00
|
|
|
ws_assert(if_descr);
|
2015-08-16 16:37:11 +00:00
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(if_descr);
|
|
|
|
if (wtap_block_get_string_option_value(if_descr, OPT_IDB_NAME, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
g_string_printf(info,
|
|
|
|
"%*cName = %s%s", indent, ' ',
|
|
|
|
tmp_content ? tmp_content : "UNKNOWN",
|
|
|
|
line_end);
|
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
2021-07-14 06:48:19 +00:00
|
|
|
if (wtap_block_get_string_option_value(if_descr, OPT_IDB_DESCRIPTION, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
|
2016-07-14 23:01:57 +00:00
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cDescription = %s%s", indent, ' ',
|
|
|
|
tmp_content ? tmp_content : "NONE",
|
|
|
|
line_end);
|
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
|
|
|
g_string_append_printf(info,
|
2017-06-03 19:58:36 +00:00
|
|
|
"%*cEncapsulation = %s (%d - %s)%s", indent, ' ',
|
2019-01-09 21:21:10 +00:00
|
|
|
wtap_encap_description(if_descr_mand->wtap_encap),
|
2016-01-26 01:17:21 +00:00
|
|
|
if_descr_mand->wtap_encap,
|
2019-01-09 21:21:10 +00:00
|
|
|
wtap_encap_name(if_descr_mand->wtap_encap),
|
2015-08-16 16:37:11 +00:00
|
|
|
line_end);
|
|
|
|
|
2018-08-11 02:08:40 +00:00
|
|
|
if (wtap_block_get_string_option_value(if_descr, OPT_IDB_HARDWARE, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cHardware = %s%s", indent, ' ',
|
|
|
|
tmp_content ? tmp_content : "NONE",
|
|
|
|
line_end);
|
|
|
|
}
|
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
if (wtap_block_get_uint64_option_value(if_descr, OPT_IDB_SPEED, &tmp64) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
g_string_append_printf(info,
|
2021-12-17 20:05:19 +00:00
|
|
|
"%*cSpeed = %" PRIu64 "%s", indent, ' ',
|
2016-07-14 23:01:57 +00:00
|
|
|
tmp64,
|
|
|
|
line_end);
|
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cCapture length = %u%s", indent, ' ',
|
2016-01-26 01:17:21 +00:00
|
|
|
if_descr_mand->snap_len,
|
2015-08-16 16:37:11 +00:00
|
|
|
line_end);
|
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
if (wtap_block_get_uint8_option_value(if_descr, OPT_IDB_FCSLEN, &itmp8) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cFCS length = %d%s", indent, ' ',
|
|
|
|
itmp8,
|
|
|
|
line_end);
|
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cTime precision = %s (%d)%s", indent, ' ',
|
2016-01-26 01:17:21 +00:00
|
|
|
wtap_tsprec_string(if_descr_mand->tsprecision),
|
|
|
|
if_descr_mand->tsprecision,
|
2015-08-16 16:37:11 +00:00
|
|
|
line_end);
|
|
|
|
|
|
|
|
g_string_append_printf(info,
|
2021-12-17 20:05:19 +00:00
|
|
|
"%*cTime ticks per second = %" PRIu64 "%s", indent, ' ',
|
2016-01-26 01:17:21 +00:00
|
|
|
if_descr_mand->time_units_per_second,
|
2015-08-16 16:37:11 +00:00
|
|
|
line_end);
|
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
if (wtap_block_get_uint8_option_value(if_descr, OPT_IDB_TSRESOL, &tmp8) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cTime resolution = 0x%.2x%s", indent, ' ',
|
|
|
|
tmp8,
|
|
|
|
line_end);
|
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
2021-02-01 23:56:47 +00:00
|
|
|
if (wtap_block_get_if_filter_option_value(if_descr, OPT_IDB_FILTER, &if_filter) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
switch (if_filter.type) {
|
|
|
|
|
|
|
|
case if_filter_pcap:
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cFilter string = %s%s", indent, ' ',
|
|
|
|
if_filter.data.filter_str,
|
|
|
|
line_end);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case if_filter_bpf:
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cBPF filter length = %u%s", indent, ' ',
|
|
|
|
if_filter.data.bpf_prog.bpf_prog_len,
|
|
|
|
line_end);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cUnknown filter type %u%s", indent, ' ',
|
|
|
|
if_filter.type,
|
|
|
|
line_end);
|
|
|
|
break;
|
|
|
|
}
|
2016-07-14 23:01:57 +00:00
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
if (wtap_block_get_string_option_value(if_descr, OPT_IDB_OS, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cOperating system = %s%s", indent, ' ',
|
|
|
|
tmp_content ? tmp_content : "UNKNOWN",
|
|
|
|
line_end);
|
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
/*
|
|
|
|
* XXX - support multiple comments.
|
|
|
|
*/
|
|
|
|
if (wtap_block_get_nth_string_option_value(if_descr, OPT_COMMENT, 0, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cComment = %s%s", indent, ' ',
|
|
|
|
tmp_content ? tmp_content : "NONE",
|
|
|
|
line_end);
|
|
|
|
}
|
2015-08-16 16:37:11 +00:00
|
|
|
|
|
|
|
g_string_append_printf(info,
|
|
|
|
"%*cNumber of stat entries = %u%s", indent, ' ',
|
2016-01-26 01:17:21 +00:00
|
|
|
if_descr_mand->num_stat_entries,
|
2015-08-16 16:37:11 +00:00
|
|
|
line_end);
|
2015-08-16 16:37:11 +00:00
|
|
|
|
|
|
|
return g_string_free(info, FALSE);
|
|
|
|
}
|
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_t
|
|
|
|
wtap_file_get_nrb(wtap *wth)
|
|
|
|
{
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
if ((wth == NULL) || (wth->nrbs == NULL) || (wth->nrbs->len == 0))
|
2016-07-14 23:01:57 +00:00
|
|
|
return NULL;
|
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
return g_array_index(wth->nrbs, wtap_block_t, 0);
|
2016-07-14 23:01:57 +00:00
|
|
|
}
|
|
|
|
|
2016-06-01 14:11:46 +00:00
|
|
|
GArray*
|
2015-07-20 14:35:06 +00:00
|
|
|
wtap_file_get_nrb_for_new_file(wtap *wth)
|
|
|
|
{
|
2016-06-01 14:11:46 +00:00
|
|
|
guint nrb_count;
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
wtap_block_t nrb_src, nrb_dest;
|
|
|
|
GArray* nrbs;
|
2015-07-20 14:35:06 +00:00
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
if ((wth == NULL || wth->nrbs == NULL) || (wth->nrbs->len == 0))
|
2016-01-26 01:17:21 +00:00
|
|
|
return NULL;
|
2015-07-20 14:35:06 +00:00
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
nrbs = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
|
2016-06-01 14:11:46 +00:00
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
for (nrb_count = 0; nrb_count < wth->nrbs->len; nrb_count++) {
|
|
|
|
nrb_src = g_array_index(wth->nrbs, wtap_block_t, nrb_count);
|
|
|
|
nrb_dest = wtap_block_make_copy(nrb_src);
|
|
|
|
g_array_append_val(nrbs, nrb_dest);
|
2016-06-01 14:11:46 +00:00
|
|
|
}
|
2015-07-20 14:35:06 +00:00
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
return nrbs;
|
2015-07-20 14:35:06 +00:00
|
|
|
}
|
|
|
|
|
2018-11-11 14:49:12 +00:00
|
|
|
void
|
2018-11-14 00:10:53 +00:00
|
|
|
wtap_dump_params_init(wtap_dump_params *params, wtap *wth)
|
2018-11-11 14:49:12 +00:00
|
|
|
{
|
|
|
|
memset(params, 0, sizeof(*params));
|
|
|
|
if (wth == NULL)
|
|
|
|
return;
|
|
|
|
|
2018-11-14 00:10:53 +00:00
|
|
|
params->encap = wtap_file_encap(wth);
|
|
|
|
params->snaplen = wtap_snapshot_length(wth);
|
2020-07-28 20:25:38 +00:00
|
|
|
params->tsprec = wtap_file_tsprec(wth);
|
2018-11-11 14:49:12 +00:00
|
|
|
params->shb_hdrs = wtap_file_get_shb_for_new_file(wth);
|
|
|
|
params->idb_inf = wtap_file_get_idb_info(wth);
|
2018-11-17 12:56:12 +00:00
|
|
|
/* Assume that the input handle remains open until the dumper is closed.
|
|
|
|
* Refer to the DSBs from the input file, wtap_dump will then copy DSBs
|
|
|
|
* as they become available. */
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
params->nrbs_growing = wth->nrbs;
|
2019-05-11 15:45:24 +00:00
|
|
|
params->dsbs_growing = wth->dsbs;
|
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
2020-10-22 08:10:57 +00:00
|
|
|
params->dont_copy_idbs = FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - eventually, we should make this wtap_dump_params_init(),
|
|
|
|
* and have everything copy IDBs as they're read.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
wtap_dump_params_init_no_idbs(wtap_dump_params *params, wtap *wth)
|
|
|
|
{
|
|
|
|
memset(params, 0, sizeof(*params));
|
|
|
|
if (wth == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
params->encap = wtap_file_encap(wth);
|
|
|
|
params->snaplen = wtap_snapshot_length(wth);
|
|
|
|
params->tsprec = wtap_file_tsprec(wth);
|
|
|
|
params->shb_hdrs = wtap_file_get_shb_for_new_file(wth);
|
|
|
|
params->idb_inf = wtap_file_get_idb_info(wth);
|
|
|
|
/* Assume that the input handle remains open until the dumper is closed.
|
|
|
|
* Refer to the DSBs from the input file, wtap_dump will then copy DSBs
|
|
|
|
* as they become available. */
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
params->nrbs_growing = wth->nrbs;
|
editcap, tshark: process IDBs in the middle of input files.
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes #15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
2020-10-22 08:10:57 +00:00
|
|
|
params->dsbs_growing = wth->dsbs;
|
|
|
|
params->dont_copy_idbs = TRUE;
|
2018-11-11 14:49:12 +00:00
|
|
|
}
|
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
void
|
|
|
|
wtap_dump_params_discard_name_resolution(wtap_dump_params *params)
|
|
|
|
{
|
|
|
|
params->nrbs_growing = NULL;
|
|
|
|
}
|
|
|
|
|
2019-02-19 09:01:48 +00:00
|
|
|
void
|
|
|
|
wtap_dump_params_discard_decryption_secrets(wtap_dump_params *params)
|
|
|
|
{
|
|
|
|
params->dsbs_initial = NULL;
|
|
|
|
params->dsbs_growing = NULL;
|
|
|
|
}
|
|
|
|
|
2018-11-11 14:49:12 +00:00
|
|
|
void
|
2018-11-14 00:10:53 +00:00
|
|
|
wtap_dump_params_cleanup(wtap_dump_params *params)
|
2018-11-11 14:49:12 +00:00
|
|
|
{
|
|
|
|
wtap_block_array_free(params->shb_hdrs);
|
|
|
|
/* params->idb_inf is currently expected to be freed by the caller. */
|
|
|
|
|
|
|
|
memset(params, 0, sizeof(*params));
|
|
|
|
}
|
|
|
|
|
1999-12-05 01:24:54 +00:00
|
|
|
/* Table of the encapsulation types we know about. */
|
2007-05-04 21:10:55 +00:00
|
|
|
struct encap_type_info {
|
1999-12-05 01:24:54 +00:00
|
|
|
const char *name;
|
2019-01-09 21:21:10 +00:00
|
|
|
const char *description;
|
2007-05-04 21:10:55 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static struct encap_type_info encap_table_base[] = {
|
1999-12-05 01:24:54 +00:00
|
|
|
/* WTAP_ENCAP_UNKNOWN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "unknown", "Unknown" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ETHERNET */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ether", "Ethernet" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
2003-12-03 22:40:39 +00:00
|
|
|
/* WTAP_ENCAP_TOKEN_RING */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "tr", "Token Ring" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SLIP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "slip", "SLIP" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_PPP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ppp", "PPP" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_FDDI */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "fddi", "FDDI" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_FDDI_BITSWAPPED */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "fddi-swapped", "FDDI with bit-swapped MAC addresses" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_RAW_IP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "rawip", "Raw IP" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ARCNET */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "arcnet", "ARCNET" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
2003-01-23 04:04:01 +00:00
|
|
|
/* WTAP_ENCAP_ARCNET_LINUX */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "arcnet_linux", "Linux ARCNET" },
|
2003-01-23 04:04:01 +00:00
|
|
|
|
1999-12-05 01:24:54 +00:00
|
|
|
/* WTAP_ENCAP_ATM_RFC1483 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "atm-rfc1483", "RFC 1483 ATM" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LINUX_ATM_CLIP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "linux-atm-clip", "Linux ATM CLIP" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LAPB */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "lapb", "LAPB" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
/* WTAP_ENCAP_ATM_PDUS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "atm-pdus", "ATM PDUs" },
|
Rename WTAP_ENCAP_ATM_SNIFFER to WTAP_ENCAP_ATM_PDUS, as it's not just
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
2003-01-03 06:45:45 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ATM_PDUS_UNTRUNCATED */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "atm-pdus-untruncated", "ATM PDUs - untruncated" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NULL */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "null", "NULL/Loopback" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ASCEND */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ascend", "Lucent/Ascend access equipment" },
|
1999-12-05 01:24:54 +00:00
|
|
|
|
2002-10-31 07:12:42 +00:00
|
|
|
/* WTAP_ENCAP_ISDN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "isdn", "ISDN" },
|
1999-12-12 22:40:10 +00:00
|
|
|
|
2002-10-31 07:12:42 +00:00
|
|
|
/* WTAP_ENCAP_IP_OVER_FC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ip-over-fc", "RFC 2625 IP-over-Fibre Channel" },
|
2000-09-28 04:19:09 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_PPP_WITH_PHDR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ppp-with-direction", "PPP with Directional Info" },
|
2000-09-28 04:19:09 +00:00
|
|
|
|
2000-11-15 05:42:35 +00:00
|
|
|
/* WTAP_ENCAP_IEEE_802_11 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ieee-802-11", "IEEE 802.11 Wireless LAN" },
|
2000-11-15 05:42:35 +00:00
|
|
|
|
2012-05-02 03:11:00 +00:00
|
|
|
/* WTAP_ENCAP_IEEE_802_11_PRISM */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ieee-802-11-prism", "IEEE 802.11 plus Prism II monitor mode radio header" },
|
2004-01-29 10:58:28 +00:00
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
/* WTAP_ENCAP_IEEE_802_11_WITH_RADIO */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ieee-802-11-radio", "IEEE 802.11 Wireless LAN with radio information" },
|
2002-04-08 09:09:49 +00:00
|
|
|
|
2012-05-02 03:11:00 +00:00
|
|
|
/* WTAP_ENCAP_IEEE_802_11_RADIOTAP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ieee-802-11-radiotap", "IEEE 802.11 plus radiotap radio header" },
|
2004-01-29 10:58:28 +00:00
|
|
|
|
2012-05-02 03:11:00 +00:00
|
|
|
/* WTAP_ENCAP_IEEE_802_11_AVS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ieee-802-11-avs", "IEEE 802.11 plus AVS radio header" },
|
2004-01-29 10:58:28 +00:00
|
|
|
|
2000-12-23 08:06:16 +00:00
|
|
|
/* WTAP_ENCAP_SLL */
|
2020-05-09 01:20:03 +00:00
|
|
|
{ "linux-sll", "Linux cooked-mode capture v1" },
|
2001-01-08 22:18:22 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_FRELAY */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "frelay", "Frame Relay" },
|
Add a new Wiretap encapsulation type for Cisco HDLC. Map the NetBSD
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
2001-03-15 09:11:03 +00:00
|
|
|
|
2003-01-31 01:02:14 +00:00
|
|
|
/* WTAP_ENCAP_FRELAY_WITH_PHDR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "frelay-with-direction", "Frame Relay with Directional Info" },
|
2003-01-31 01:02:14 +00:00
|
|
|
|
Add a new Wiretap encapsulation type for Cisco HDLC. Map the NetBSD
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
2001-03-15 09:11:03 +00:00
|
|
|
/* WTAP_ENCAP_CHDLC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "chdlc", "Cisco HDLC" },
|
2001-11-28 07:11:11 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_CISCO_IOS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ios", "Cisco IOS internal" },
|
2001-11-28 07:11:11 +00:00
|
|
|
|
2001-11-30 07:14:22 +00:00
|
|
|
/* WTAP_ENCAP_LOCALTALK */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ltalk", "Localtalk" },
|
2001-11-30 07:14:22 +00:00
|
|
|
|
2003-12-03 22:40:39 +00:00
|
|
|
/* WTAP_ENCAP_OLD_PFLOG */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "pflog-old", "OpenBSD PF Firewall logs, pre-3.4" },
|
2002-01-29 09:45:58 +00:00
|
|
|
|
2002-02-07 20:41:28 +00:00
|
|
|
/* WTAP_ENCAP_HHDLC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "hhdlc", "HiPath HDLC" },
|
2002-07-31 19:27:57 +00:00
|
|
|
|
2002-08-06 05:40:47 +00:00
|
|
|
/* WTAP_ENCAP_DOCSIS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "docsis", "Data Over Cable Service Interface Specification" },
|
2002-08-06 05:40:47 +00:00
|
|
|
|
2002-07-31 19:27:57 +00:00
|
|
|
/* WTAP_ENCAP_COSINE */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "cosine", "CoSine L2 debug log" },
|
2002-11-06 21:49:34 +00:00
|
|
|
|
2002-12-20 21:59:33 +00:00
|
|
|
/* WTAP_ENCAP_WFLEET_HDLC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "whdlc", "Wellfleet HDLC" },
|
2003-01-03 22:31:26 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SDLC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "sdlc", "SDLC" },
|
2003-01-08 05:03:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_TZSP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "tzsp", "Tazmen sniffer protocol" },
|
2003-05-15 07:14:46 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ENC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "enc", "OpenBSD enc(4) encapsulating interface" },
|
2003-05-15 07:14:46 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_PFLOG */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "pflog", "OpenBSD PF Firewall logs" },
|
2003-10-25 07:17:28 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_CHDLC_WITH_PHDR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "chdlc-with-direction", "Cisco HDLC with Directional Info" },
|
2003-12-03 22:40:39 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_BLUETOOTH_H4 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bluetooth-h4", "Bluetooth H4" },
|
2003-12-03 22:40:39 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MTP2 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "mtp2", "SS7 MTP2" },
|
2003-12-03 22:40:39 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MTP3 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "mtp3", "SS7 MTP3" },
|
2003-12-18 19:07:14 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IRDA */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "irda", "IrDA" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER0 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user0", "USER 0" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER1 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user1", "USER 1" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER2 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user2", "USER 2" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER3 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user3", "USER 3" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER4 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user4", "USER 4" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER5 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user5", "USER 5" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER6 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user6", "USER 6" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER7 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user7", "USER 7" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER8 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user8", "USER 8" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER9 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user9", "USER 9" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER10 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user10", "USER 10" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER11 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user11", "USER 11" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER12 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user12", "USER 12" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER13 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user13", "USER 13" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER14 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user14", "USER 14" },
|
2004-01-28 01:24:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USER15 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "user15", "USER 15" },
|
2004-03-11 09:18:33 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SYMANTEC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "symantec", "Symantec Enterprise Firewall" },
|
2004-03-23 01:02:41 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ap1394", "Apple IP-over-IEEE 1394" },
|
2004-06-07 20:28:51 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_BACNET_MS_TP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bacnet-ms-tp", "BACnet MS/TP" },
|
2004-09-19 07:13:52 +00:00
|
|
|
|
2005-04-03 12:05:05 +00:00
|
|
|
/* WTAP_ENCAP_NETTL_RAW_ICMP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "raw-icmp-nettl", "Raw ICMP with nettl headers" },
|
2004-09-19 07:13:52 +00:00
|
|
|
|
2005-04-03 12:05:05 +00:00
|
|
|
/* WTAP_ENCAP_NETTL_RAW_ICMPV6 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "raw-icmpv6-nettl", "Raw ICMPv6 with nettl headers" },
|
2004-12-07 17:54:08 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_GPRS_LLC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "gprs-llc", "GPRS LLC" },
|
2005-01-20 05:40:56 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_ATM1 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-atm1", "Juniper ATM1" },
|
2005-01-20 05:40:56 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_ATM2 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-atm2", "Juniper ATM2" },
|
2005-01-31 03:03:02 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_REDBACK */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "redback", "Redback SmartEdge" },
|
2005-04-03 12:05:05 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETTL_RAW_IP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "rawip-nettl", "Raw IP with nettl headers" },
|
2005-04-03 12:05:05 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETTL_ETHERNET */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ether-nettl", "Ethernet with nettl headers" },
|
2005-04-03 12:05:05 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETTL_TOKEN_RING */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "tr-nettl", "Token Ring with nettl headers" },
|
2005-04-03 12:05:05 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETTL_FDDI */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "fddi-nettl", "FDDI with nettl headers" },
|
2005-04-03 12:05:05 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETTL_UNKNOWN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "unknown-nettl", "Unknown link-layer type with nettl headers" },
|
2005-05-02 14:07:33 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MTP2_WITH_PHDR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "mtp2-with-phdr", "MTP2 with pseudoheader" },
|
2005-05-11 11:24:17 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_PPPOE */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-pppoe", "Juniper PPPoE" },
|
2005-05-17 19:50:38 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_GCOM_TIE1 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "gcom-tie1", "GCOM TIE1" },
|
2005-05-17 19:50:38 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_GCOM_SERIAL */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "gcom-serial", "GCOM Serial" },
|
2005-05-17 19:50:38 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETTL_X25 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "x25-nettl", "X.25 with nettl headers" },
|
2005-05-17 19:50:38 +00:00
|
|
|
|
2006-03-02 21:28:05 +00:00
|
|
|
/* WTAP_ENCAP_K12 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "k12", "K12 protocol analyzer" },
|
2006-03-02 21:28:05 +00:00
|
|
|
|
2005-07-22 15:55:06 +00:00
|
|
|
/* WTAP_ENCAP_JUNIPER_MLPPP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-mlppp", "Juniper MLPPP" },
|
2005-07-22 15:55:06 +00:00
|
|
|
|
2005-08-12 21:08:02 +00:00
|
|
|
/* WTAP_ENCAP_JUNIPER_MLFR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-mlfr", "Juniper MLFR" },
|
2005-08-12 21:08:02 +00:00
|
|
|
|
2005-09-20 20:25:55 +00:00
|
|
|
/* WTAP_ENCAP_JUNIPER_ETHER */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-ether", "Juniper Ethernet" },
|
2005-09-20 20:25:55 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_PPP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-ppp", "Juniper PPP" },
|
2005-09-20 20:25:55 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_FRELAY */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-frelay", "Juniper Frame-Relay" },
|
2005-09-20 20:25:55 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_CHDLC */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-chdlc", "Juniper C-HDLC" },
|
2007-06-13 22:36:58 +00:00
|
|
|
|
2006-03-30 04:58:06 +00:00
|
|
|
/* WTAP_ENCAP_JUNIPER_GGSN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-ggsn", "Juniper GGSN" },
|
2006-03-02 21:28:05 +00:00
|
|
|
|
2008-11-20 20:16:07 +00:00
|
|
|
/* WTAP_ENCAP_LINUX_LAPD */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "linux-lapd", "LAPD with Linux pseudo-header" },
|
2006-04-14 12:41:06 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_CATAPULT_DCT2000 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "dct2000", "Catapult DCT2000" },
|
2006-05-08 19:56:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_BER */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ber", "ASN.1 Basic Encoding Rules" },
|
2006-08-17 20:24:05 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_VP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-vp", "Juniper Voice PIC" },
|
2006-10-10 21:00:35 +00:00
|
|
|
|
2017-06-14 20:55:02 +00:00
|
|
|
/* WTAP_ENCAP_USB_FREEBSD */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "usb-freebsd", "USB packets with FreeBSD header" },
|
2006-11-27 18:10:12 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IEEE802_16_MAC_CPS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ieee-802-16-mac-cps", "IEEE 802.16 MAC Common Part Sublayer" },
|
2007-01-01 14:48:18 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETTL_RAW_TELNET */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "raw-telnet-nettl", "Raw telnet with nettl headers" },
|
2007-03-22 10:44:33 +00:00
|
|
|
|
2007-07-12 19:55:12 +00:00
|
|
|
/* WTAP_ENCAP_USB_LINUX */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "usb-linux", "USB packets with Linux header" },
|
2007-07-12 19:55:12 +00:00
|
|
|
|
2007-03-22 10:44:33 +00:00
|
|
|
/* WTAP_ENCAP_MPEG */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "mpeg", "MPEG" },
|
2007-06-13 22:36:58 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_PPI */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ppi", "Per-Packet Information header" },
|
2007-10-08 11:41:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ERF */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "erf", "Extensible Record Format" },
|
2007-10-16 17:19:16 +00:00
|
|
|
|
2009-12-03 15:40:15 +00:00
|
|
|
/* WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bluetooth-h4-linux", "Bluetooth H4 with linux header" },
|
2007-12-16 14:21:37 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SITA */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "sita-wan", "SITA WAN packets" },
|
2008-02-25 21:55:41 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SCCP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "sccp", "SS7 SCCP" },
|
2008-02-25 21:55:41 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_BLUETOOTH_HCI */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bluetooth-hci", "Bluetooth without transport layer" },
|
2008-02-25 21:55:41 +00:00
|
|
|
|
2019-03-23 07:35:23 +00:00
|
|
|
/* WTAP_ENCAP_IPMB_KONTRON */
|
|
|
|
{ "ipmb-kontron", "Intelligent Platform Management Bus with Kontron pseudo-header" },
|
2008-03-05 20:30:03 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IEEE802_15_4 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "wpan", "IEEE 802.15.4 Wireless PAN" },
|
2008-04-23 21:35:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_X2E_XORAYA */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "x2e-xoraya", "X2E Xoraya" },
|
2008-04-23 21:35:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_FLEXRAY */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "flexray", "FlexRay" },
|
2008-04-23 21:35:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LIN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "lin", "Local Interconnect Network" },
|
2008-04-23 21:35:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MOST */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "most", "Media Oriented Systems Transport" },
|
2008-04-23 21:35:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_CAN20B */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "can20b", "Controller Area Network 2.0B" },
|
2008-04-23 21:35:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LAYER1_EVENT */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "layer1-event", "EyeSDN Layer 1 event" },
|
2008-04-23 21:35:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_X2E_SERIAL */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "x2e-serial", "X2E serial line capture" },
|
2008-08-12 04:44:35 +00:00
|
|
|
|
2019-03-23 07:35:23 +00:00
|
|
|
/* WTAP_ENCAP_I2C_LINUX */
|
|
|
|
{ "i2c-linux", "I2C with Linux-specific pseudo-header" },
|
2008-11-16 17:15:49 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IEEE802_15_4_NONASK_PHY */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "wpan-nonask-phy", "IEEE 802.15.4 Wireless PAN non-ASK PHY" },
|
2008-11-27 16:40:45 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_TNEF */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "tnef", "Transport-Neutral Encapsulation Format" },
|
2008-12-23 19:50:21 +00:00
|
|
|
|
2009-12-03 15:40:15 +00:00
|
|
|
/* WTAP_ENCAP_USB_LINUX_MMAPPED */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "usb-linux-mmap", "USB packets with Linux header and padding" },
|
2009-01-07 07:21:31 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_GSM_UM */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "gsm_um", "GSM Um Interface" },
|
2009-06-01 17:23:38 +00:00
|
|
|
|
2009-12-03 15:40:15 +00:00
|
|
|
/* WTAP_ENCAP_DPNSS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "dpnss_link", "Digital Private Signalling System No 1 Link Layer" },
|
2009-12-03 15:40:15 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_PACKETLOGGER */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "packetlogger", "Apple Bluetooth PacketLogger" },
|
2009-12-03 15:40:15 +00:00
|
|
|
|
2009-06-01 17:23:38 +00:00
|
|
|
/* WTAP_ENCAP_NSTRACE_1_0 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "nstrace10", "NetScaler Encapsulation 1.0 of Ethernet" },
|
2009-06-01 17:23:38 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NSTRACE_2_0 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "nstrace20", "NetScaler Encapsulation 2.0 of Ethernet" },
|
2009-06-01 17:23:38 +00:00
|
|
|
|
2009-08-23 19:16:35 +00:00
|
|
|
/* WTAP_ENCAP_FIBRE_CHANNEL_FC2 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "fc2", "Fibre Channel FC-2" },
|
2009-08-23 19:16:35 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "fc2sof", "Fibre Channel FC-2 With Frame Delimiter" },
|
2009-10-17 20:56:06 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JPEG_JFIF */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "jfif", "JPEG/JFIF" },
|
2009-12-03 15:27:39 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IPNET */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ipnet", "Solaris IPNET" },
|
2009-07-16 10:45:14 +00:00
|
|
|
|
2016-08-25 21:39:42 +00:00
|
|
|
/* WTAP_ENCAP_SOCKETCAN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "socketcan", "SocketCAN" },
|
2010-07-19 18:00:20 +00:00
|
|
|
|
2012-05-02 03:11:00 +00:00
|
|
|
/* WTAP_ENCAP_IEEE_802_11_NETMON */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ieee-802-11-netmon", "IEEE 802.11 plus Network Monitor radio header" },
|
2010-07-30 02:30:50 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IEEE802_15_4_NOFCS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "wpan-nofcs", "IEEE 802.15.4 Wireless PAN with FCS not present" },
|
2010-10-20 00:36:53 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_RAW_IPFIX */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ipfix", "RFC 5655/RFC 5101 IPFIX" },
|
2010-12-19 18:46:08 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_RAW_IP4 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "rawip4", "Raw IPv4" },
|
2010-12-19 18:46:08 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_RAW_IP6 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "rawip6", "Raw IPv6" },
|
2011-02-02 22:49:40 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LAPD */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "lapd", "LAPD" },
|
2011-03-07 02:22:48 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_DVBCI */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "dvbci", "DVB-CI (Common Interface)" },
|
2011-11-11 22:21:06 +00:00
|
|
|
|
2013-11-30 01:18:22 +00:00
|
|
|
/* WTAP_ENCAP_MUX27010 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "mux27010", "MUX27010" },
|
2011-11-11 22:21:06 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MIME */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "mime", "MIME" },
|
2011-11-12 20:27:32 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETANALYZER */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "netanalyzer", "Hilscher netANALYZER" },
|
2011-11-12 20:27:32 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETANALYZER_TRANSPARENT */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "netanalyzer-transparent", "Hilscher netANALYZER-Transparent" },
|
2011-12-02 22:23:07 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IP_OVER_IB */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ip-over-ib", "IP over InfiniBand" },
|
2012-02-06 19:15:07 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MPEG_2_TS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "mp2ts", "ISO/IEC 13818-1 MPEG2-TS" },
|
2012-03-01 07:39:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_PPP_ETHER */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "pppoes", "PPP-over-Ethernet session" },
|
2012-03-06 09:02:06 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NFC_LLCP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "nfc-llcp", "NFC LLCP" },
|
2012-04-06 03:42:32 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NFLOG */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "nflog", "NFLOG" },
|
2012-04-06 03:42:32 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_V5_EF */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "v5-ef", "V5 Envelope Function" },
|
2012-04-06 03:42:32 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bacnet-ms-tp-with-direction", "BACnet MS/TP with Directional Info" },
|
2013-11-08 17:17:57 +00:00
|
|
|
|
2014-10-07 05:01:12 +00:00
|
|
|
/* WTAP_ENCAP_IXVERIWAVE */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ixveriwave", "IxVeriWave header and stats block" },
|
2012-05-02 03:11:00 +00:00
|
|
|
|
2012-07-30 13:54:28 +00:00
|
|
|
/* WTAP_ENCAP_SDH */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "sdh", "SDH" },
|
2012-07-30 13:54:28 +00:00
|
|
|
|
2012-06-29 15:23:21 +00:00
|
|
|
/* WTAP_ENCAP_DBUS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "dbus", "D-Bus" },
|
2012-08-02 06:45:51 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_AX25_KISS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ax25-kiss", "AX.25 with KISS header" },
|
2012-08-02 16:54:43 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_AX25 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ax25", "Amateur Radio AX.25" },
|
2012-11-28 12:16:12 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SCTP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "sctp", "SCTP" },
|
2013-04-14 16:00:34 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_INFINIBAND */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "infiniband", "InfiniBand" },
|
2013-04-14 16:00:34 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_SVCS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-svcs", "Juniper Services" },
|
2013-04-14 16:00:34 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USBPCAP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "usb-usbpcap", "USB packets with USBPcap header" },
|
2013-05-30 20:51:18 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_RTAC_SERIAL */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "rtac-serial", "RTAC serial-line" },
|
2013-06-28 13:05:12 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_BLUETOOTH_LE_LL */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bluetooth-le-ll", "Bluetooth Low Energy Link Layer" },
|
2013-06-28 13:05:12 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_WIRESHARK_UPPER_PDU */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "wireshark-upper-pdu", "Wireshark Upper PDU export" },
|
2013-12-02 22:38:00 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_STANAG_4607 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "s4607", "STANAG 4607" },
|
2013-12-02 22:38:00 +00:00
|
|
|
|
2014-02-25 20:42:35 +00:00
|
|
|
/* WTAP_ENCAP_STANAG_5066_D_PDU */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "s5066-dpdu", "STANAG 5066 Data Transfer Sublayer PDUs(D_PDU)" },
|
2013-12-07 23:25:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETLINK */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "netlink", "Linux Netlink" },
|
2014-01-12 00:50:41 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bluetooth-linux-monitor", "Bluetooth Linux Monitor" },
|
2014-01-12 00:50:41 +00:00
|
|
|
|
2014-04-01 06:53:39 +00:00
|
|
|
/* WTAP_ENCAP_BLUETOOTH_BREDR_BB */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bluetooth-bredr-bb-rf", "Bluetooth BR/EDR Baseband RF" },
|
2014-02-22 07:39:45 +00:00
|
|
|
|
2014-04-01 06:53:39 +00:00
|
|
|
/* WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "bluetooth-le-ll-rf", "Bluetooth Low Energy Link Layer RF" },
|
2014-03-14 19:38:52 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NSTRACE_3_0 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "nstrace30", "NetScaler Encapsulation 3.0 of Ethernet" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat", "Android Logcat Binary format" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT_BRIEF */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat_brief", "Android Logcat Brief text format" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT_PROCESS */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat_process", "Android Logcat Process text format" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT_TAG */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat_tag", "Android Logcat Tag text format" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT_THREAD */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat_thread", "Android Logcat Thread text format" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT_TIME */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat_time", "Android Logcat Time text format" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT_THREADTIME */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat_threadtime", "Android Logcat Threadtime text format" },
|
2014-04-01 02:48:21 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOGCAT_LONG */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "logcat_long", "Android Logcat Long text format" },
|
2014-04-01 04:04:13 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_PKTAP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "pktap", "Apple PKTAP" },
|
2014-04-22 20:16:40 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_EPON */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "epon", "Ethernet Passive Optical Network" },
|
2014-06-06 03:41:07 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IPMI_TRACE */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ipmi-trace", "IPMI Trace Data Collection" },
|
2015-02-15 22:46:30 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOOP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "loop", "OpenBSD loopback" },
|
2015-01-19 18:54:41 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JSON */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "json", "JavaScript Object Notation" },
|
2015-03-19 05:25:10 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NSTRACE_3_5 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "nstrace35", "NetScaler Encapsulation 3.5 of Ethernet" },
|
2015-11-19 10:53:54 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ISO14443 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "iso14443", "ISO 14443 contactless smartcard standards" },
|
2016-01-04 16:53:41 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_GFP_T */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "gfp-t", "ITU-T G.7041/Y.1303 Generic Framing Procedure Transparent mode" },
|
2016-01-04 16:53:41 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_GFP_F */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "gfp-f", "ITU-T G.7041/Y.1303 Generic Framing Procedure Frame-mapped mode" },
|
2016-01-04 16:53:41 +00:00
|
|
|
|
2016-06-15 22:22:25 +00:00
|
|
|
/* WTAP_ENCAP_IP_OVER_IB_PCAP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ip-ib", "IP over IB" },
|
2016-06-15 18:32:57 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_JUNIPER_VN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-vn", "Juniper VN" },
|
2017-03-30 00:20:06 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_USB_DARWIN */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "usb-darwin", "USB packets with Darwin (macOS, etc.) headers" },
|
2017-06-03 15:22:48 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LORATAP */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "loratap", "LoRaTap" },
|
2017-06-22 02:01:37 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_3MB_ETHERNET */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "xeth", "Xerox 3MB Ethernet" },
|
2017-07-13 12:33:30 +00:00
|
|
|
|
2017-08-29 01:40:31 +00:00
|
|
|
/* WTAP_ENCAP_VSOCK */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "vsock", "Linux vsock" },
|
2017-08-26 09:21:52 +00:00
|
|
|
|
2017-08-29 01:40:31 +00:00
|
|
|
/* WTAP_ENCAP_NORDIC_BLE */
|
2021-06-28 10:11:51 +00:00
|
|
|
{ "nordic_ble", "nRF Sniffer for Bluetooth LE" },
|
2017-08-29 01:40:31 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETMON_NET_NETEVENT */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "netmon_event", "Network Monitor Network Event" },
|
2017-08-25 19:29:17 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETMON_HEADER */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "netmon_header", "Network Monitor Header" },
|
2017-08-31 16:45:46 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETMON_NET_FILTER */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "netmon_filter", "Network Monitor Filter" },
|
2017-08-31 16:45:46 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_NETMON_NETWORK_INFO_EX */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "netmon_network_info", "Network Monitor Network Info" },
|
2017-09-04 14:16:49 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MA_WFP_CAPTURE_V4 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "message_analyzer_wfp_capture_v4", "Message Analyzer WFP Capture v4" },
|
2017-09-04 14:16:49 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MA_WFP_CAPTURE_V6 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "message_analyzer_wfp_capture_v6", "Message Analyzer WFP Capture v6" },
|
2017-09-04 14:16:49 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MA_WFP_CAPTURE_2V4 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "message_analyzer_wfp_capture2_v4", "Message Analyzer WFP Capture2 v4" },
|
2017-09-04 14:16:49 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MA_WFP_CAPTURE_2V6 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "message_analyzer_wfp_capture2_v6", "Message Analyzer WFP Capture2 v6" },
|
2017-09-04 14:16:49 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "message_analyzer_wfp_capture_auth_v4", "Message Analyzer WFP Capture Auth v4" },
|
2017-09-04 14:16:49 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "message_analyzer_wfp_capture_auth_v6", "Message Analyzer WFP Capture Auth v6" },
|
2018-02-13 10:45:41 +00:00
|
|
|
|
2018-05-20 21:30:20 +00:00
|
|
|
/* WTAP_ENCAP_JUNIPER_ST */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "juniper-st", "Juniper Secure Tunnel Information" },
|
2018-05-20 21:30:20 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ETHERNET_MPACKET */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ether-mpacket", "IEEE 802.3br mPackets" },
|
2018-05-20 21:30:20 +00:00
|
|
|
|
2018-02-13 10:45:41 +00:00
|
|
|
/* WTAP_ENCAP_DOCSIS31_XRA31 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "docsis31_xra31", "DOCSIS with Excentis XRA pseudo-header" },
|
2018-02-13 10:45:41 +00:00
|
|
|
|
2018-05-20 21:33:45 +00:00
|
|
|
/* WTAP_ENCAP_DPAUXMON */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "dpauxmon", "DisplayPort AUX channel with Unigraf pseudo-header" },
|
2018-07-30 22:29:10 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_RUBY_MARSHAL */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ruby_marshal", "Ruby marshal object" },
|
2018-08-01 04:57:42 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_RFC7468 */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "rfc7468", "RFC 7468 file" },
|
2018-09-10 23:49:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SYSTEMD_JOURNAL */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "sdjournal", "systemd journal" },
|
2018-12-21 12:37:52 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_EBHSCR */
|
2019-01-09 21:21:10 +00:00
|
|
|
{ "ebhscr", "Elektrobit High Speed Capture and Replay" },
|
2019-01-09 15:39:44 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_VPP */
|
|
|
|
{ "vpp", "Vector Packet Processing graph dispatch trace" },
|
2019-02-01 02:07:43 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_IEEE802_15_4_TAP */
|
|
|
|
{ "wpan-tap", "IEEE 802.15.4 Wireless with TAP pseudo-header" },
|
2019-07-04 10:36:29 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_LOG_3GPP */
|
|
|
|
{ "log_3GPP", "3GPP Phone Log" },
|
|
|
|
|
2019-07-23 13:54:36 +00:00
|
|
|
/* WTAP_ENCAP_USB_2_0 */
|
|
|
|
{ "usb-20", "USB 2.0/1.1/1.0 packets" },
|
2020-05-08 19:47:17 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_MP4 */
|
|
|
|
{ "mp4", "MP4 files" },
|
2020-05-09 01:20:03 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_SLL2 */
|
|
|
|
{ "linux-sll2", "Linux cooked-mode capture v2" },
|
2020-08-24 18:36:35 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ZWAVE_SERIAL */
|
|
|
|
{ "zwave-serial", "Z-Wave Serial API packets" },
|
2021-01-27 23:22:51 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ETW */
|
|
|
|
{ "etw", "Event Tracing for Windows messages" },
|
2021-09-30 05:27:08 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ERI_ENB_LOG */
|
|
|
|
{ "eri_enb_log", "Ericsson eNode-B raw log" },
|
|
|
|
|
2022-01-30 09:34:26 +00:00
|
|
|
/* WTAP_ENCAP_ZBNCP */
|
|
|
|
{ "zbncp", "ZBOSS NCP" },
|
|
|
|
|
2022-05-31 04:24:25 +00:00
|
|
|
/* WTAP_ENCAP_USB_2_0_LOW_SPEED */
|
|
|
|
{ "usb-20-low", "Low-Speed USB 2.0/1.1/1.0 packets" },
|
|
|
|
|
|
|
|
/* WTAP_ENCAP_USB_2_0_FULL_SPEED */
|
|
|
|
{ "usb-20-full", "Full-Speed USB 2.0/1.1/1.0 packets" },
|
|
|
|
|
|
|
|
/* WTAP_ENCAP_USB_2_0_HIGH_SPEED */
|
|
|
|
{ "usb-20-high", "High-Speed USB 2.0 packets" },
|
2022-08-23 18:05:36 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_AUTOSAR_DLT */
|
|
|
|
{ "autosardlt", "AUTOSAR DLT" },
|
2022-09-20 16:38:06 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_AUERSWALD_LOG */
|
|
|
|
{ "auerlog", "Auerswald Log" },
|
2023-01-06 02:54:59 +00:00
|
|
|
|
|
|
|
/* WTAP_ENCAP_ATSC_ALP */
|
|
|
|
{ "alp", "ATSC Link-Layer Protocol (A/330) packets" },
|
1999-12-05 01:24:54 +00:00
|
|
|
};
|
|
|
|
|
2013-02-28 19:35:59 +00:00
|
|
|
WS_DLL_LOCAL
|
2007-05-04 21:10:55 +00:00
|
|
|
gint wtap_num_encap_types = sizeof(encap_table_base) / sizeof(struct encap_type_info);
|
|
|
|
static GArray* encap_table_arr = NULL;
|
2013-05-18 00:41:30 +00:00
|
|
|
|
|
|
|
#define encap_table_entry(encap) \
|
|
|
|
g_array_index(encap_table_arr, struct encap_type_info, encap)
|
2007-05-04 21:10:55 +00:00
|
|
|
|
|
|
|
static void wtap_init_encap_types(void) {
|
2007-06-13 22:36:58 +00:00
|
|
|
|
2007-05-04 21:10:55 +00:00
|
|
|
if (encap_table_arr) return;
|
2007-06-13 22:36:58 +00:00
|
|
|
|
2007-05-04 21:10:55 +00:00
|
|
|
encap_table_arr = g_array_new(FALSE,TRUE,sizeof(struct encap_type_info));
|
2007-06-13 22:36:58 +00:00
|
|
|
|
2007-05-04 21:10:55 +00:00
|
|
|
g_array_append_vals(encap_table_arr,encap_table_base,wtap_num_encap_types);
|
|
|
|
}
|
|
|
|
|
2017-02-04 15:26:34 +00:00
|
|
|
static void wtap_cleanup_encap_types(void) {
|
|
|
|
if (encap_table_arr) {
|
|
|
|
g_array_free(encap_table_arr, TRUE);
|
|
|
|
encap_table_arr = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-05-04 21:10:55 +00:00
|
|
|
int wtap_get_num_encap_types(void) {
|
|
|
|
return wtap_num_encap_types;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-01-09 21:21:10 +00:00
|
|
|
int
|
|
|
|
wtap_register_encap_type(const char *description, const char *name)
|
|
|
|
{
|
2008-11-20 20:16:07 +00:00
|
|
|
struct encap_type_info e;
|
2007-06-13 22:36:58 +00:00
|
|
|
|
2008-11-20 20:16:07 +00:00
|
|
|
e.name = g_strdup(name);
|
2019-01-09 21:21:10 +00:00
|
|
|
e.description = g_strdup(description);
|
2007-06-13 22:36:58 +00:00
|
|
|
|
2007-05-04 21:10:55 +00:00
|
|
|
g_array_append_val(encap_table_arr,e);
|
|
|
|
|
|
|
|
return wtap_num_encap_types++;
|
|
|
|
}
|
|
|
|
|
2019-01-09 21:21:10 +00:00
|
|
|
/* Name to use in, say, a command-line flag specifying the type. */
|
2012-03-23 01:41:59 +00:00
|
|
|
const char *
|
2019-01-09 21:21:10 +00:00
|
|
|
wtap_encap_name(int encap)
|
1999-12-05 01:24:54 +00:00
|
|
|
{
|
wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35e36d9962495c3d4358842ea88aac41, fix #18449.
2023-02-04 18:49:10 +00:00
|
|
|
if (encap < WTAP_ENCAP_NONE || encap >= WTAP_NUM_ENCAP_TYPES)
|
2019-01-09 21:21:10 +00:00
|
|
|
return "illegal";
|
wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35e36d9962495c3d4358842ea88aac41, fix #18449.
2023-02-04 18:49:10 +00:00
|
|
|
else if (encap == WTAP_ENCAP_NONE)
|
|
|
|
return "none";
|
2009-06-16 03:16:55 +00:00
|
|
|
else if (encap == WTAP_ENCAP_PER_PACKET)
|
2019-01-09 21:21:10 +00:00
|
|
|
return "per-packet";
|
1999-12-05 01:24:54 +00:00
|
|
|
else
|
2013-05-18 00:41:30 +00:00
|
|
|
return encap_table_entry(encap).name;
|
1999-12-05 01:24:54 +00:00
|
|
|
}
|
|
|
|
|
2019-01-09 21:21:10 +00:00
|
|
|
/* Description to show to users. */
|
2012-03-23 01:41:59 +00:00
|
|
|
const char *
|
2019-01-09 21:21:10 +00:00
|
|
|
wtap_encap_description(int encap)
|
1999-12-05 01:24:54 +00:00
|
|
|
{
|
wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35e36d9962495c3d4358842ea88aac41, fix #18449.
2023-02-04 18:49:10 +00:00
|
|
|
if (encap < WTAP_ENCAP_NONE || encap >= WTAP_NUM_ENCAP_TYPES)
|
2019-01-09 21:21:10 +00:00
|
|
|
return "Illegal";
|
wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35e36d9962495c3d4358842ea88aac41, fix #18449.
2023-02-04 18:49:10 +00:00
|
|
|
else if (encap == WTAP_ENCAP_NONE)
|
|
|
|
return "None";
|
2009-06-16 03:16:55 +00:00
|
|
|
else if (encap == WTAP_ENCAP_PER_PACKET)
|
2019-01-09 21:21:10 +00:00
|
|
|
return "Per packet";
|
1999-12-05 01:24:54 +00:00
|
|
|
else
|
2019-01-09 21:21:10 +00:00
|
|
|
return encap_table_entry(encap).description;
|
1999-12-05 01:24:54 +00:00
|
|
|
}
|
|
|
|
|
2019-01-09 21:21:10 +00:00
|
|
|
/* Translate a name to a capture file type. */
|
2000-09-07 05:34:23 +00:00
|
|
|
int
|
2019-01-09 21:21:10 +00:00
|
|
|
wtap_name_to_encap(const char *name)
|
1999-12-05 01:24:54 +00:00
|
|
|
{
|
|
|
|
int encap;
|
|
|
|
|
|
|
|
for (encap = 0; encap < WTAP_NUM_ENCAP_TYPES; encap++) {
|
2019-01-09 21:21:10 +00:00
|
|
|
if (encap_table_entry(encap).name != NULL &&
|
|
|
|
strcmp(name, encap_table_entry(encap).name) == 0)
|
1999-12-05 01:24:54 +00:00
|
|
|
return encap;
|
|
|
|
}
|
|
|
|
return -1; /* no such encapsulation type */
|
|
|
|
}
|
|
|
|
|
2015-08-16 16:37:11 +00:00
|
|
|
const char*
|
|
|
|
wtap_tsprec_string(int tsprec)
|
|
|
|
{
|
|
|
|
const char* s;
|
|
|
|
switch (tsprec) {
|
|
|
|
case WTAP_TSPREC_PER_PACKET:
|
|
|
|
s = "per-packet";
|
|
|
|
break;
|
|
|
|
case WTAP_TSPREC_SEC:
|
|
|
|
s = "seconds";
|
|
|
|
break;
|
|
|
|
case WTAP_TSPREC_DSEC:
|
|
|
|
s = "deciseconds";
|
|
|
|
break;
|
|
|
|
case WTAP_TSPREC_CSEC:
|
|
|
|
s = "centiseconds";
|
|
|
|
break;
|
|
|
|
case WTAP_TSPREC_MSEC:
|
|
|
|
s = "milliseconds";
|
|
|
|
break;
|
|
|
|
case WTAP_TSPREC_USEC:
|
|
|
|
s = "microseconds";
|
|
|
|
break;
|
|
|
|
case WTAP_TSPREC_NSEC:
|
|
|
|
s = "nanoseconds";
|
|
|
|
break;
|
|
|
|
case WTAP_TSPREC_UNKNOWN:
|
|
|
|
default:
|
|
|
|
s = "UNKNOWN";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
1999-08-22 02:52:48 +00:00
|
|
|
static const char *wtap_errlist[] = {
|
2014-10-07 23:18:47 +00:00
|
|
|
/* WTAP_ERR_NOT_REGULAR_FILE */
|
2002-07-16 07:15:09 +00:00
|
|
|
"The file isn't a plain file or pipe",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_RANDOM_OPEN_PIPE */
|
2002-06-07 07:47:58 +00:00
|
|
|
"The file is being opened for random access but is a pipe",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_FILE_UNKNOWN_FORMAT */
|
1999-08-22 02:52:48 +00:00
|
|
|
"The file isn't a capture file in a known format",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_UNSUPPORTED */
|
1999-08-22 02:52:48 +00:00
|
|
|
"File contains record data we don't support",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_CANT_WRITE_TO_PIPE */
|
2002-07-16 07:15:09 +00:00
|
|
|
"That file format cannot be written to a pipe",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_CANT_OPEN */
|
1999-08-22 02:52:48 +00:00
|
|
|
NULL,
|
2014-10-07 23:18:47 +00:00
|
|
|
|
2014-12-17 08:29:31 +00:00
|
|
|
/* WTAP_ERR_UNWRITABLE_FILE_TYPE */
|
1999-08-22 02:52:48 +00:00
|
|
|
"Files can't be saved in that format",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
2014-12-17 06:40:45 +00:00
|
|
|
/* WTAP_ERR_UNWRITABLE_ENCAP */
|
2016-01-08 03:21:02 +00:00
|
|
|
"Packets with that network type can't be saved in that format",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED */
|
2002-07-16 07:15:09 +00:00
|
|
|
"That file format doesn't support per-packet encapsulations",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_CANT_WRITE */
|
2014-10-07 23:22:53 +00:00
|
|
|
"A write failed for some unknown reason",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_CANT_CLOSE */
|
1999-08-22 02:52:48 +00:00
|
|
|
NULL,
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_SHORT_READ */
|
1999-08-22 02:52:48 +00:00
|
|
|
"Less data was read than was expected",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_BAD_FILE */
|
2013-12-17 21:51:45 +00:00
|
|
|
"The file appears to be damaged or corrupt",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_SHORT_WRITE */
|
2000-05-25 09:00:24 +00:00
|
|
|
"Less data was written than was requested",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_UNC_OVERFLOW */
|
2000-05-25 09:00:24 +00:00
|
|
|
"Uncompression error: data would overflow buffer",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_RANDOM_OPEN_STDIN */
|
2011-04-21 09:41:52 +00:00
|
|
|
"The standard input cannot be opened for random access",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_COMPRESSION_NOT_SUPPORTED */
|
2011-04-21 09:41:52 +00:00
|
|
|
"That file format doesn't support compression",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_CANT_SEEK */
|
2011-04-21 09:41:52 +00:00
|
|
|
NULL,
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_CANT_SEEK_COMPRESSED */
|
2013-06-10 17:13:49 +00:00
|
|
|
NULL,
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_DECOMPRESS */
|
2011-04-21 17:51:19 +00:00
|
|
|
"Uncompression error",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_INTERNAL */
|
2014-01-22 00:26:36 +00:00
|
|
|
"Internal error",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_PACKET_TOO_LARGE */
|
2014-05-24 18:28:30 +00:00
|
|
|
"The packet being written is too large for that format",
|
2014-10-07 23:18:47 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_CHECK_WSLUA */
|
2014-05-24 18:28:30 +00:00
|
|
|
NULL,
|
2014-10-07 23:18:47 +00:00
|
|
|
|
2014-12-18 00:31:49 +00:00
|
|
|
/* WTAP_ERR_UNWRITABLE_REC_TYPE */
|
2014-12-18 00:02:50 +00:00
|
|
|
"That record type cannot be written in that format",
|
|
|
|
|
|
|
|
/* WTAP_ERR_UNWRITABLE_REC_DATA */
|
2018-01-16 20:06:33 +00:00
|
|
|
"That record can't be written in that format",
|
2018-01-14 21:07:17 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED */
|
|
|
|
"We don't support decompressing that type of compressed file",
|
2022-08-16 21:46:44 +00:00
|
|
|
|
|
|
|
/* WTAP_ERR_TIME_STAMP_NOT_SUPPORTED */
|
|
|
|
"We don't support writing that record's time stamp to that file type",
|
1999-08-22 02:52:48 +00:00
|
|
|
};
|
|
|
|
#define WTAP_ERRLIST_SIZE (sizeof wtap_errlist / sizeof wtap_errlist[0])
|
|
|
|
|
2012-03-23 01:41:59 +00:00
|
|
|
const char *
|
|
|
|
wtap_strerror(int err)
|
1999-08-22 02:52:48 +00:00
|
|
|
{
|
2000-08-19 18:31:23 +00:00
|
|
|
static char errbuf[128];
|
2001-07-13 00:55:58 +00:00
|
|
|
unsigned int wtap_errlist_index;
|
1999-08-22 02:52:48 +00:00
|
|
|
|
|
|
|
if (err < 0) {
|
|
|
|
wtap_errlist_index = -1 - err;
|
|
|
|
if (wtap_errlist_index >= WTAP_ERRLIST_SIZE) {
|
2021-12-17 20:05:19 +00:00
|
|
|
snprintf(errbuf, 128, "Error %d", err);
|
1999-08-22 02:52:48 +00:00
|
|
|
return errbuf;
|
|
|
|
}
|
|
|
|
if (wtap_errlist[wtap_errlist_index] == NULL)
|
|
|
|
return "Unknown reason";
|
|
|
|
return wtap_errlist[wtap_errlist_index];
|
|
|
|
} else
|
2011-06-28 09:00:11 +00:00
|
|
|
return g_strerror(err);
|
1999-08-22 02:52:48 +00:00
|
|
|
}
|
|
|
|
|
2000-05-18 09:09:50 +00:00
|
|
|
/* Close only the sequential side, freeing up memory it uses.
|
2000-05-25 09:00:24 +00:00
|
|
|
|
2000-05-18 09:09:50 +00:00
|
|
|
Note that we do *not* want to call the subtype's close function,
|
|
|
|
as it would free any per-subtype data, and that data may be
|
2000-05-25 09:00:24 +00:00
|
|
|
needed by the random-access side.
|
2002-08-28 20:30:45 +00:00
|
|
|
|
2000-05-25 09:00:24 +00:00
|
|
|
Instead, if the subtype has a "sequential close" function, we call it,
|
2011-04-12 17:37:05 +00:00
|
|
|
to free up stuff used only by the sequential side. */
|
|
|
|
void
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_sequential_close(wtap *wth)
|
1998-11-12 00:06:47 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->subtype_sequential_close != NULL)
|
|
|
|
(*wth->subtype_sequential_close)(wth);
|
2000-05-25 09:00:24 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->fh != NULL) {
|
|
|
|
file_close(wth->fh);
|
|
|
|
wth->fh = NULL;
|
2000-05-18 09:09:50 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-04-12 02:40:14 +00:00
|
|
|
static void
|
|
|
|
g_fast_seek_item_free(gpointer data, gpointer user_data _U_)
|
|
|
|
{
|
|
|
|
g_free(data);
|
|
|
|
}
|
|
|
|
|
2012-06-01 08:05:12 +00:00
|
|
|
/*
|
|
|
|
* Close the file descriptors for the sequential and random streams, but
|
|
|
|
* don't discard any information about those streams. Used on Windows if
|
|
|
|
* we need to rename a file that we have open or if we need to rename on
|
|
|
|
* top of a file we have open.
|
|
|
|
*/
|
|
|
|
void
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_fdclose(wtap *wth)
|
2012-06-01 08:05:12 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->fh != NULL)
|
|
|
|
file_fdclose(wth->fh);
|
|
|
|
if (wth->random_fh != NULL)
|
|
|
|
file_fdclose(wth->random_fh);
|
2012-06-01 08:05:12 +00:00
|
|
|
}
|
|
|
|
|
2011-04-12 17:37:05 +00:00
|
|
|
void
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_close(wtap *wth)
|
2000-05-18 09:09:50 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_sequential_close(wth);
|
2014-05-09 02:59:19 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->subtype_close != NULL)
|
|
|
|
(*wth->subtype_close)(wth);
|
2014-05-09 02:59:19 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->random_fh != NULL)
|
|
|
|
file_close(wth->random_fh);
|
2014-05-09 02:59:19 +00:00
|
|
|
|
2017-08-26 08:30:47 +00:00
|
|
|
g_free(wth->priv);
|
2014-05-09 02:59:19 +00:00
|
|
|
|
2021-02-20 08:13:37 +00:00
|
|
|
g_free(wth->pathname);
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
if (wth->fast_seek != NULL) {
|
|
|
|
g_ptr_array_foreach(wth->fast_seek, g_fast_seek_item_free, NULL);
|
|
|
|
g_ptr_array_free(wth->fast_seek, TRUE);
|
|
|
|
}
|
2014-09-22 11:43:14 +00:00
|
|
|
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_array_free(wth->shb_hdrs);
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
wtap_block_array_free(wth->nrbs);
|
2016-07-14 23:01:57 +00:00
|
|
|
wtap_block_array_free(wth->interface_data);
|
2018-11-17 12:56:12 +00:00
|
|
|
wtap_block_array_free(wth->dsbs);
|
2014-09-22 11:43:14 +00:00
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
g_free(wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
}
|
|
|
|
|
2010-05-07 21:15:24 +00:00
|
|
|
void
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_cleareof(wtap *wth) {
|
2010-05-07 21:15:24 +00:00
|
|
|
/* Reset EOF */
|
2014-05-09 05:18:49 +00:00
|
|
|
file_clearerr(wth->fh);
|
2010-05-07 21:15:24 +00:00
|
|
|
}
|
|
|
|
|
2023-01-20 06:10:27 +00:00
|
|
|
static inline void
|
|
|
|
wtapng_process_nrb_ipv4(wtap *wth, wtap_block_t nrb)
|
|
|
|
{
|
|
|
|
const wtapng_nrb_mandatory_t *nrb_mand = (wtapng_nrb_mandatory_t*)wtap_block_get_mandatory_data(nrb);
|
|
|
|
|
|
|
|
if (wth->add_new_ipv4) {
|
|
|
|
for (GList *elem = nrb_mand->ipv4_addr_list; elem != NULL; elem = elem->next) {
|
|
|
|
hashipv4_t *tp = elem->data;
|
|
|
|
wth->add_new_ipv4(tp->addr, tp->name, FALSE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void
|
|
|
|
wtapng_process_nrb_ipv6(wtap *wth, wtap_block_t nrb)
|
|
|
|
{
|
|
|
|
const wtapng_nrb_mandatory_t *nrb_mand = (wtapng_nrb_mandatory_t*)wtap_block_get_mandatory_data(nrb);
|
|
|
|
|
|
|
|
if (wth->add_new_ipv6) {
|
|
|
|
for (GList *elem = nrb_mand->ipv6_addr_list; elem != NULL; elem = elem->next) {
|
|
|
|
hashipv6_t *tp = elem->data;
|
|
|
|
wth->add_new_ipv6(tp->addr, tp->name, FALSE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4) {
|
2023-01-20 06:10:27 +00:00
|
|
|
if (!wth)
|
|
|
|
return;
|
|
|
|
|
|
|
|
wth->add_new_ipv4 = add_new_ipv4;
|
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
/* Are there any existing NRBs? */
|
|
|
|
if (!wth->nrbs)
|
2023-01-20 06:10:27 +00:00
|
|
|
return;
|
|
|
|
/*
|
|
|
|
* Send all NRBs that were read so far to the new callback. file.c
|
|
|
|
* relies on this to support redissection (during redissection, the
|
|
|
|
* previous name resolutions are lost and has to be resupplied).
|
|
|
|
*/
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
for (guint i = 0; i < wth->nrbs->len; i++) {
|
|
|
|
wtap_block_t nrb = g_array_index(wth->nrbs, wtap_block_t, i);
|
2023-01-20 06:10:27 +00:00
|
|
|
wtapng_process_nrb_ipv4(wth, nrb);
|
|
|
|
}
|
2011-03-24 22:47:57 +00:00
|
|
|
}
|
|
|
|
|
2014-05-09 05:18:49 +00:00
|
|
|
void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6) {
|
2023-01-20 06:10:27 +00:00
|
|
|
if (!wth)
|
|
|
|
return;
|
|
|
|
|
|
|
|
wth->add_new_ipv6 = add_new_ipv6;
|
|
|
|
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
/* Are there any existing NRBs? */
|
|
|
|
if (!wth->nrbs)
|
2023-01-20 06:10:27 +00:00
|
|
|
return;
|
|
|
|
/*
|
|
|
|
* Send all NRBs that were read so far to the new callback. file.c
|
|
|
|
* relies on this to support redissection (during redissection, the
|
|
|
|
* previous name resolutions are lost and has to be resupplied).
|
|
|
|
*/
|
wiretap: Preserve NRBs with editcap, mergecap, and tshark
Use a pointer to the growing array of NRBs from the source
file, as with DSBs, so as to handle reading NRBs in the middle
of a file in one-pass mode.
Write NRBs when reading a file with editcap, or in tshark when
not dissecting packets and writing our own NRB. Continue not
to write the NRB if we're supplying our own list of address info
instead.
If we have already read the entire source file in (such as in
two-pass tshark), move all the NRBs to the beginning of the file
before packets, as done with DSBs.
When merging files with mergecap, write both sets of NRBs. (There
is no attempt to merge the NRBs by looking for common entries.)
Check for name resolution data in the middle of dumping a file,
not just at the end, and check for DSBs at the end of a file,
after all the packets. This means that Wireshark no longer writes
the NRB at the very end of the file after all the packets (which
is worse for future one-pass reads), and DSBs after all packets
are preserved.
Ping #15502
2023-01-26 05:42:10 +00:00
|
|
|
for (guint i = 0; i < wth->nrbs->len; i++) {
|
|
|
|
wtap_block_t nrb = g_array_index(wth->nrbs, wtap_block_t, i);
|
2023-01-20 06:10:27 +00:00
|
|
|
wtapng_process_nrb_ipv6(wth, nrb);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
wtapng_process_nrb(wtap *wth, wtap_block_t nrb)
|
|
|
|
{
|
|
|
|
wtapng_process_nrb_ipv4(wth, nrb);
|
|
|
|
wtapng_process_nrb_ipv6(wth, nrb);
|
2011-03-24 22:47:57 +00:00
|
|
|
}
|
|
|
|
|
2018-11-18 17:11:42 +00:00
|
|
|
void wtap_set_cb_new_secrets(wtap *wth, wtap_new_secrets_callback_t add_new_secrets) {
|
2019-01-18 00:54:22 +00:00
|
|
|
/* Is a valid wth given that supports DSBs? */
|
|
|
|
if (!wth || !wth->dsbs)
|
|
|
|
return;
|
|
|
|
|
|
|
|
wth->add_new_secrets = add_new_secrets;
|
|
|
|
/*
|
|
|
|
* Send all DSBs that were read so far to the new callback. file.c
|
|
|
|
* relies on this to support redissection (during redissection, the
|
|
|
|
* previous secrets are lost and has to be resupplied).
|
|
|
|
*/
|
|
|
|
for (guint i = 0; i < wth->dsbs->len; i++) {
|
|
|
|
wtap_block_t dsb = g_array_index(wth->dsbs, wtap_block_t, i);
|
|
|
|
wtapng_process_dsb(wth, dsb);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
wtapng_process_dsb(wtap *wth, wtap_block_t dsb)
|
|
|
|
{
|
|
|
|
const wtapng_dsb_mandatory_t *dsb_mand = (wtapng_dsb_mandatory_t*)wtap_block_get_mandatory_data(dsb);
|
|
|
|
|
|
|
|
if (wth->add_new_secrets)
|
|
|
|
wth->add_new_secrets(dsb_mand->secrets_type, dsb_mand->secrets_data, dsb_mand->secrets_len);
|
2018-11-18 17:11:42 +00:00
|
|
|
}
|
|
|
|
|
2021-04-29 11:23:21 +00:00
|
|
|
/* Perform per-packet initialization */
|
2020-05-01 21:31:19 +00:00
|
|
|
static void
|
|
|
|
wtap_init_rec(wtap *wth, wtap_rec *rec)
|
2000-04-08 00:33:04 +00:00
|
|
|
{
|
2004-03-03 22:24:53 +00:00
|
|
|
/*
|
|
|
|
* Set the packet encapsulation to the file's encapsulation
|
|
|
|
* value; if that's not WTAP_ENCAP_PER_PACKET, it's the
|
|
|
|
* right answer (and means that the read routine for this
|
|
|
|
* capture file type doesn't have to set it), and if it
|
|
|
|
* *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it
|
|
|
|
* anyway.
|
2014-09-28 18:37:06 +00:00
|
|
|
*
|
|
|
|
* Do the same for the packet time stamp resolution.
|
2004-03-03 22:24:53 +00:00
|
|
|
*/
|
2019-04-05 01:56:27 +00:00
|
|
|
rec->rec_header.packet_header.pkt_encap = wth->file_encap;
|
|
|
|
rec->tsprec = wth->file_tsprec;
|
2021-04-29 11:23:21 +00:00
|
|
|
rec->block = NULL;
|
2021-07-08 05:43:29 +00:00
|
|
|
rec->block_was_modified = FALSE;
|
2022-04-23 01:14:29 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Assume the file has only one section; the module for the
|
|
|
|
* file type needs to indicate the section number if there's
|
|
|
|
* more than one section.
|
|
|
|
*/
|
|
|
|
rec->section_number = 0;
|
2020-05-01 21:31:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
gboolean
|
|
|
|
wtap_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err,
|
|
|
|
gchar **err_info, gint64 *offset)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Initialize the record to default values.
|
|
|
|
*/
|
|
|
|
wtap_init_rec(wth, rec);
|
2004-03-03 22:24:53 +00:00
|
|
|
|
2014-12-18 04:03:47 +00:00
|
|
|
*err = 0;
|
|
|
|
*err_info = NULL;
|
2019-04-05 01:56:27 +00:00
|
|
|
if (!wth->subtype_read(wth, rec, buf, err, err_info, offset)) {
|
2011-04-12 03:27:10 +00:00
|
|
|
/*
|
|
|
|
* If we didn't get an error indication, we read
|
|
|
|
* the last packet. See if there's any deferred
|
|
|
|
* error, as might, for example, occur if we're
|
|
|
|
* reading a compressed file, and we got an error
|
|
|
|
* reading compressed data from the file, but
|
|
|
|
* got enough compressed data to decompress the
|
|
|
|
* last packet of the file.
|
|
|
|
*/
|
|
|
|
if (*err == 0)
|
2014-05-09 05:18:49 +00:00
|
|
|
*err = file_error(wth->fh, err_info);
|
2021-08-30 02:12:13 +00:00
|
|
|
if (rec->block != NULL) {
|
|
|
|
/*
|
|
|
|
* Unreference any block created for this record.
|
|
|
|
*/
|
|
|
|
wtap_block_unref(rec->block);
|
|
|
|
rec->block = NULL;
|
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE; /* failure */
|
2011-04-12 03:27:10 +00:00
|
|
|
}
|
2003-03-04 02:38:02 +00:00
|
|
|
|
|
|
|
/*
|
2018-02-09 00:19:12 +00:00
|
|
|
* Is this a packet record?
|
2003-03-04 02:38:02 +00:00
|
|
|
*/
|
2019-04-05 01:56:27 +00:00
|
|
|
if (rec->rec_type == REC_TYPE_PACKET) {
|
2018-02-09 00:19:12 +00:00
|
|
|
/*
|
|
|
|
* Make sure that it's not WTAP_ENCAP_PER_PACKET, as that
|
|
|
|
* probably means the file has that encapsulation type
|
|
|
|
* but the read routine didn't set this packet's
|
|
|
|
* encapsulation type.
|
|
|
|
*/
|
2021-05-23 23:46:43 +00:00
|
|
|
ws_assert(rec->rec_header.packet_header.pkt_encap != WTAP_ENCAP_PER_PACKET);
|
wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35e36d9962495c3d4358842ea88aac41, fix #18449.
2023-02-04 18:49:10 +00:00
|
|
|
ws_assert(rec->rec_header.packet_header.pkt_encap != WTAP_ENCAP_NONE);
|
2018-02-09 00:19:12 +00:00
|
|
|
}
|
2004-03-03 22:24:53 +00:00
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE; /* success */
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
}
|
|
|
|
|
2013-06-16 00:20:00 +00:00
|
|
|
/*
|
2016-09-28 23:45:23 +00:00
|
|
|
* Read a given number of bytes from a file into a buffer or, if
|
|
|
|
* buf is NULL, just discard them.
|
2013-06-16 00:20:00 +00:00
|
|
|
*
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
* If we succeed, return TRUE.
|
|
|
|
*
|
|
|
|
* If we get an EOF, return FALSE with *err set to 0, reporting this
|
|
|
|
* as an EOF.
|
|
|
|
*
|
|
|
|
* If we get fewer bytes than the specified number, return FALSE with
|
|
|
|
* *err set to WTAP_ERR_SHORT_READ, reporting this as a short read
|
|
|
|
* error.
|
|
|
|
*
|
|
|
|
* If we get a read error, return FALSE with *err and *err_info set
|
|
|
|
* appropriately.
|
2013-06-16 00:20:00 +00:00
|
|
|
*/
|
|
|
|
gboolean
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
wtap_read_bytes_or_eof(FILE_T fh, void *buf, unsigned int count, int *err,
|
2013-06-16 00:20:00 +00:00
|
|
|
gchar **err_info)
|
|
|
|
{
|
|
|
|
int bytes_read;
|
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
bytes_read = file_read(buf, count, fh);
|
|
|
|
if (bytes_read < 0 || (guint)bytes_read != count) {
|
|
|
|
*err = file_error(fh, err_info);
|
|
|
|
if (*err == 0 && bytes_read > 0)
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|
2013-06-16 00:20:00 +00:00
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
/*
|
2016-09-28 23:45:23 +00:00
|
|
|
* Read a given number of bytes from a file into a buffer or, if
|
|
|
|
* buf is NULL, just discard them.
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
*
|
|
|
|
* If we succeed, return TRUE.
|
|
|
|
*
|
|
|
|
* If we get fewer bytes than the specified number, including getting
|
|
|
|
* an EOF, return FALSE with *err set to WTAP_ERR_SHORT_READ, reporting
|
|
|
|
* this as a short read error.
|
|
|
|
*
|
|
|
|
* If we get a read error, return FALSE with *err and *err_info set
|
|
|
|
* appropriately.
|
|
|
|
*/
|
|
|
|
gboolean
|
|
|
|
wtap_read_bytes(FILE_T fh, void *buf, unsigned int count, int *err,
|
|
|
|
gchar **err_info)
|
|
|
|
{
|
|
|
|
int bytes_read;
|
|
|
|
|
|
|
|
bytes_read = file_read(buf, count, fh);
|
|
|
|
if (bytes_read < 0 || (guint)bytes_read != count) {
|
2013-06-16 00:20:00 +00:00
|
|
|
*err = file_error(fh, err_info);
|
|
|
|
if (*err == 0)
|
|
|
|
*err = WTAP_ERR_SHORT_READ;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
/*
|
|
|
|
* Read packet data into a Buffer, growing the buffer as necessary.
|
|
|
|
*
|
|
|
|
* This returns an error on a short read, even if the short read hit
|
|
|
|
* the EOF immediately. (The assumption is that each packet has a
|
|
|
|
* header followed by raw packet data, and that we've already read the
|
|
|
|
* header, so if we get an EOF trying to read the packet data, the file
|
|
|
|
* has been cut short, even if the read didn't read any data at all.)
|
|
|
|
*/
|
|
|
|
gboolean
|
|
|
|
wtap_read_packet_bytes(FILE_T fh, Buffer *buf, guint length, int *err,
|
|
|
|
gchar **err_info)
|
|
|
|
{
|
|
|
|
ws_buffer_assure_space(buf, length);
|
2018-09-29 11:14:18 +00:00
|
|
|
return wtap_read_bytes(fh, ws_buffer_start_ptr(buf), length, err,
|
|
|
|
err_info);
|
Add some higher-level file-read APIs and use them.
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-10-07 01:00:57 +00:00
|
|
|
}
|
|
|
|
|
2005-08-19 19:40:00 +00:00
|
|
|
/*
|
|
|
|
* Return an approximation of the amount of data we've read sequentially
|
|
|
|
* from the file so far. (gint64, in case that's 64 bits.)
|
|
|
|
*/
|
|
|
|
gint64
|
2014-05-09 05:18:49 +00:00
|
|
|
wtap_read_so_far(wtap *wth)
|
2005-08-19 19:40:00 +00:00
|
|
|
{
|
2014-05-09 05:18:49 +00:00
|
|
|
return file_tell_raw(wth->fh);
|
2005-08-19 19:40:00 +00:00
|
|
|
}
|
|
|
|
|
2021-04-29 11:23:21 +00:00
|
|
|
/* Perform global/initial initialization */
|
2014-12-01 00:30:19 +00:00
|
|
|
void
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_rec_init(wtap_rec *rec)
|
2014-12-01 00:30:19 +00:00
|
|
|
{
|
2018-02-09 00:19:12 +00:00
|
|
|
memset(rec, 0, sizeof *rec);
|
2018-02-09 04:29:25 +00:00
|
|
|
ws_buffer_init(&rec->options_buf, 0);
|
2021-04-29 11:23:21 +00:00
|
|
|
/* In the future, see if we can create rec->block here once
|
|
|
|
* and have it be reused like the rest of rec.
|
|
|
|
* Currently it's recreated for each packet.
|
|
|
|
*/
|
2014-12-01 00:30:19 +00:00
|
|
|
}
|
|
|
|
|
2021-08-04 17:18:46 +00:00
|
|
|
/* re-initialize record */
|
2014-12-01 00:30:19 +00:00
|
|
|
void
|
2021-08-04 17:18:46 +00:00
|
|
|
wtap_rec_reset(wtap_rec *rec)
|
2014-12-01 00:30:19 +00:00
|
|
|
{
|
2021-04-29 11:23:21 +00:00
|
|
|
wtap_block_unref(rec->block);
|
|
|
|
rec->block = NULL;
|
2021-07-08 05:43:29 +00:00
|
|
|
rec->block_was_modified = FALSE;
|
2021-08-04 17:18:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* clean up record metadata */
|
|
|
|
void
|
|
|
|
wtap_rec_cleanup(wtap_rec *rec)
|
|
|
|
{
|
|
|
|
wtap_rec_reset(rec);
|
2018-02-09 04:29:25 +00:00
|
|
|
ws_buffer_free(&rec->options_buf);
|
2014-12-01 00:30:19 +00:00
|
|
|
}
|
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
gboolean
|
2018-02-09 00:19:12 +00:00
|
|
|
wtap_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec, Buffer *buf,
|
|
|
|
int *err, gchar **err_info)
|
1999-09-11 06:48:33 +00:00
|
|
|
{
|
2016-01-25 20:20:08 +00:00
|
|
|
/*
|
2020-05-01 21:31:19 +00:00
|
|
|
* Initialize the record to default values.
|
2016-01-25 20:20:08 +00:00
|
|
|
*/
|
2020-05-01 21:31:19 +00:00
|
|
|
wtap_init_rec(wth, rec);
|
2016-01-25 20:20:08 +00:00
|
|
|
|
2017-04-29 11:28:53 +00:00
|
|
|
*err = 0;
|
|
|
|
*err_info = NULL;
|
2021-08-30 02:12:13 +00:00
|
|
|
if (!wth->subtype_seek_read(wth, seek_off, rec, buf, err, err_info)) {
|
|
|
|
if (rec->block != NULL) {
|
|
|
|
/*
|
|
|
|
* Unreference any block created for this record.
|
|
|
|
*/
|
|
|
|
wtap_block_unref(rec->block);
|
|
|
|
rec->block = NULL;
|
|
|
|
}
|
2014-05-23 10:50:02 +00:00
|
|
|
return FALSE;
|
2021-08-30 02:12:13 +00:00
|
|
|
}
|
2014-04-25 17:44:11 +00:00
|
|
|
|
|
|
|
/*
|
2018-02-09 00:19:12 +00:00
|
|
|
* Is this a packet record?
|
2014-04-25 17:44:11 +00:00
|
|
|
*/
|
2018-02-09 00:19:12 +00:00
|
|
|
if (rec->rec_type == REC_TYPE_PACKET) {
|
|
|
|
/*
|
|
|
|
* Make sure that it's not WTAP_ENCAP_PER_PACKET, as that
|
|
|
|
* probably means the file has that encapsulation type
|
|
|
|
* but the read routine didn't set this packet's
|
|
|
|
* encapsulation type.
|
|
|
|
*/
|
2021-05-23 23:46:43 +00:00
|
|
|
ws_assert(rec->rec_header.packet_header.pkt_encap != WTAP_ENCAP_PER_PACKET);
|
wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).
2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.
The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)
Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.
Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.
There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)
Remove the workaround in ef43fd48b4f981392a0c61b5e9a804e8f9c85eb4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)
Along with 8cddc32d35e36d9962495c3d4358842ea88aac41, fix #18449.
2023-02-04 18:49:10 +00:00
|
|
|
ws_assert(rec->rec_header.packet_header.pkt_encap != WTAP_ENCAP_NONE);
|
2018-02-09 00:19:12 +00:00
|
|
|
}
|
2014-04-25 17:44:11 +00:00
|
|
|
|
2014-05-23 10:50:02 +00:00
|
|
|
return TRUE;
|
1999-09-11 04:50:44 +00:00
|
|
|
}
|
2015-01-02 00:45:22 +00:00
|
|
|
|
2018-11-10 22:03:16 +00:00
|
|
|
static gboolean
|
|
|
|
wtap_full_file_read_file(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
|
|
|
|
{
|
|
|
|
gint64 file_size;
|
|
|
|
int packet_size = 0;
|
|
|
|
const int block_size = 1024 * 1024;
|
|
|
|
|
|
|
|
if ((file_size = wtap_file_size(wth, err)) == -1)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (file_size > G_MAXINT) {
|
|
|
|
/*
|
|
|
|
* Avoid allocating space for an immensely-large file.
|
|
|
|
*/
|
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("%s: File has %" PRId64 "-byte packet, bigger than maximum of %u",
|
2019-01-09 21:21:10 +00:00
|
|
|
wtap_encap_name(wth->file_encap), file_size, G_MAXINT);
|
2018-11-10 22:03:16 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Compressed files might expand to a larger size than the actual file
|
|
|
|
* size. Try to read the full size and then read in smaller increments
|
|
|
|
* to avoid frequent memory reallocations.
|
|
|
|
*/
|
|
|
|
int buffer_size = block_size * (1 + (int)file_size / block_size);
|
|
|
|
for (;;) {
|
|
|
|
if (buffer_size <= 0) {
|
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
2021-12-18 18:48:20 +00:00
|
|
|
*err_info = ws_strdup_printf("%s: Uncompressed file is bigger than maximum of %u",
|
2019-01-09 21:21:10 +00:00
|
|
|
wtap_encap_name(wth->file_encap), G_MAXINT);
|
2018-11-10 22:03:16 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
ws_buffer_assure_space(buf, buffer_size);
|
|
|
|
int nread = file_read(ws_buffer_start_ptr(buf) + packet_size, buffer_size - packet_size, fh);
|
|
|
|
if (nread < 0) {
|
|
|
|
*err = file_error(fh, err_info);
|
|
|
|
if (*err == 0)
|
|
|
|
*err = WTAP_ERR_BAD_FILE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
packet_size += nread;
|
|
|
|
if (packet_size != buffer_size) {
|
|
|
|
/* EOF */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
buffer_size += block_size;
|
|
|
|
}
|
|
|
|
|
|
|
|
rec->rec_type = REC_TYPE_PACKET;
|
|
|
|
rec->presence_flags = 0; /* yes, we have no bananas^Wtime stamp */
|
|
|
|
rec->ts.secs = 0;
|
|
|
|
rec->ts.nsecs = 0;
|
|
|
|
rec->rec_header.packet_header.caplen = packet_size;
|
|
|
|
rec->rec_header.packet_header.len = packet_size;
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
gboolean
|
2019-04-05 01:56:27 +00:00
|
|
|
wtap_full_file_read(wtap *wth, wtap_rec *rec, Buffer *buf,
|
|
|
|
int *err, gchar **err_info, gint64 *data_offset)
|
2018-11-10 22:03:16 +00:00
|
|
|
{
|
|
|
|
gint64 offset = file_tell(wth->fh);
|
|
|
|
|
|
|
|
/* There is only one packet with the full file contents. */
|
|
|
|
if (offset != 0) {
|
|
|
|
*err = 0;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
*data_offset = offset;
|
2019-04-05 01:56:27 +00:00
|
|
|
return wtap_full_file_read_file(wth, wth->fh, rec, buf, err, err_info);
|
2018-11-10 22:03:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
gboolean
|
|
|
|
wtap_full_file_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
|
|
|
|
{
|
|
|
|
/* There is only one packet with the full file contents. */
|
|
|
|
if (seek_off > 0) {
|
|
|
|
*err = 0;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return wtap_full_file_read_file(wth, wth->random_fh, rec, buf, err, err_info);
|
|
|
|
}
|
|
|
|
|
2016-12-04 21:42:07 +00:00
|
|
|
/*
|
|
|
|
* Initialize the library.
|
|
|
|
*/
|
|
|
|
void
|
2018-01-09 08:55:37 +00:00
|
|
|
wtap_init(gboolean load_wiretap_plugins)
|
2016-12-04 21:42:07 +00:00
|
|
|
{
|
|
|
|
init_open_routines();
|
|
|
|
wtap_opttypes_initialize();
|
|
|
|
wtap_init_encap_types();
|
wiretap: more work on file type/subtypes.
Provide a wiretap routine to get an array of all savable file
type/subtypes, sorted with pcap and pcapng at the top, followed by the
other types, sorted either by the name or the description.
Use that routine to list options for the -F flag for various commands
Rename wtap_get_savable_file_types_subtypes() to
wtap_get_savable_file_types_subtypes_for_file(), to indicate that it
provides an array of all file type/subtypes in which a given file can be
saved. Have it sort all types, other than the default type/subtype and,
if there is one, the "other" type (both of which are put at the top), by
the name or the description.
Don't allow wtap_register_file_type_subtypes() to override any existing
registrations; have them always register a new type. In that routine,
if there are any emply slots in the table, due to an entry being
unregistered, use it rather than allocating a new slot.
Don't allow unregistration of built-in types.
Rename the "dump open table" to the "file type/subtype table", as it has
entries for all types/subtypes, even if we can't write them.
Initialize that table in a routine that pre-allocates the GArray before
filling it with built-in types/subtypes, so it doesn't keep getting
reallocated.
Get rid of wtap_num_file_types_subtypes - it's just a copy of the size
of the GArray.
Don't have wtap_file_type_subtype_description() crash if handed an
file type/subtype that isn't a valid array index - just return NULL, as
we do with wtap_file_type_subtype_name().
In wtap_name_to_file_type_subtype(), don't use WTAP_FILE_TYPE_SUBTYPE_
names for the backwards-compatibility names - map those names to the
current names, and then look them up. This reduces the number of
uses of hardwired WTAP_FILE_TYPE_SUBTYPE_ values.
Clean up the type of wtap_module_count - it has no need to be a gulong.
Have built-in wiretap file handlers register names to be used for their
file type/subtypes, rather than building the table in init.lua.
Add a new Lua C function get_wtap_filetypes() to construct the
wtap_filetypes table, based on the registered names, and use it in
init.lua.
Add a #define WSLUA_INTERNAL_FUNCTION to register functions intended
only for internal use in init.lua, so they can be made available from
Lua without being documented.
Get rid of WTAP_NUM_FILE_TYPES_SUBTYPES - most code has no need to use
it, as it can just request arrays of types, and the space of
type/subtype codes can be sparse due to registration in any case, so
code has to be careful using it.
wtap_get_num_file_types_subtypes() is no longer used, so remove it. It
returns the number of elements in the file type/subtype array, which is
not necessarily the name of known file type/subtypes, as there may have
been some deregistered types, and those types do *not* get removed from
the array, they just get cleared so that they're available for future
allocation (we don't want the indices of any registered types to changes
if another type is deregistered, as those indicates are the type/subtype
values, so we can't shrink the array).
Clean up white space and remove some comments that shouldn't have been
added.
2021-02-17 06:24:47 +00:00
|
|
|
wtap_init_file_type_subtypes();
|
2018-01-09 08:55:37 +00:00
|
|
|
if (load_wiretap_plugins) {
|
2018-01-28 17:40:52 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2018-01-05 17:09:40 +00:00
|
|
|
libwiretap_plugins = plugins_init(WS_PLUGIN_WIRETAP);
|
2016-12-04 21:42:07 +00:00
|
|
|
#endif
|
2021-02-06 16:35:51 +00:00
|
|
|
g_slist_foreach(wtap_plugins, call_plugin_register_wtap_module, NULL);
|
2018-01-28 17:40:52 +00:00
|
|
|
}
|
2016-12-04 21:42:07 +00:00
|
|
|
}
|
|
|
|
|
2017-02-04 15:26:34 +00:00
|
|
|
/*
|
|
|
|
* Cleanup the library
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
wtap_cleanup(void)
|
|
|
|
{
|
|
|
|
wtap_cleanup_encap_types();
|
|
|
|
wtap_opttypes_cleanup();
|
|
|
|
ws_buffer_cleanup();
|
2017-02-04 16:01:00 +00:00
|
|
|
cleanup_open_routines();
|
2017-09-30 23:56:03 +00:00
|
|
|
g_slist_free(wtap_plugins);
|
|
|
|
wtap_plugins = NULL;
|
2021-02-06 16:35:51 +00:00
|
|
|
#ifdef HAVE_PLUGINS
|
2017-09-30 23:56:03 +00:00
|
|
|
plugins_cleanup(libwiretap_plugins);
|
|
|
|
libwiretap_plugins = NULL;
|
|
|
|
#endif
|
2017-02-04 15:26:34 +00:00
|
|
|
}
|
|
|
|
|
2015-01-02 00:45:22 +00:00
|
|
|
/*
|
2019-07-26 18:43:17 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2015-01-02 00:45:22 +00:00
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|