forked from osmocom/wireshark
Systemd journal: Fix timestamp conversions.
Use ws_strtou64 to convert __REALTIME_TIMESTAMP= and other timestamps, which should work across platforms. Bug: 16664 Change-Id: I371f2b60e1957e57dbbdbbc3ded5ad49e8eb79d1 Reviewed-on: https://code.wireshark.org/review/37849 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
73f24f5ad8
commit
4a4c8bdfea
|
@ -30,6 +30,8 @@
|
||||||
#include <epan/packet.h>
|
#include <epan/packet.h>
|
||||||
#include <epan/expert.h>
|
#include <epan/expert.h>
|
||||||
|
|
||||||
|
#include <wsutil/strtoi.h>
|
||||||
|
|
||||||
#include "packet-syslog.h"
|
#include "packet-syslog.h"
|
||||||
|
|
||||||
#define PNAME "systemd Journal Entry"
|
#define PNAME "systemd Journal Entry"
|
||||||
|
@ -157,6 +159,7 @@ static int hf_sj_unhandled_field_type = -1;
|
||||||
|
|
||||||
static expert_field ei_unhandled_field_type = EI_INIT;
|
static expert_field ei_unhandled_field_type = EI_INIT;
|
||||||
static expert_field ei_nonbinary_field = EI_INIT;
|
static expert_field ei_nonbinary_field = EI_INIT;
|
||||||
|
static expert_field ei_undecoded_field = EI_INIT;
|
||||||
|
|
||||||
#define MAX_DATA_SIZE 262144 // WTAP_MAX_PACKET_SIZE_STANDARD. Increase if needed.
|
#define MAX_DATA_SIZE 262144 // WTAP_MAX_PACKET_SIZE_STANDARD. Increase if needed.
|
||||||
|
|
||||||
|
@ -287,12 +290,17 @@ static void init_jf_to_hf_map(void) {
|
||||||
|
|
||||||
static void
|
static void
|
||||||
dissect_sjle_time_usecs(proto_tree *tree, int hf_idx, tvbuff_t *tvb, int offset, int len) {
|
dissect_sjle_time_usecs(proto_tree *tree, int hf_idx, tvbuff_t *tvb, int offset, int len) {
|
||||||
unsigned long rt_ts = strtoul(tvb_format_text(tvb, offset, len), NULL, 10);
|
guint64 rt_ts = 0;
|
||||||
// XXX Check errno?
|
char *time_str = tvb_format_text(tvb, offset, len);
|
||||||
nstime_t ts;
|
gboolean ok = ws_strtou64(time_str, NULL, &rt_ts);
|
||||||
ts.secs = (time_t) rt_ts / 1000000;
|
if (ok) {
|
||||||
ts.nsecs = (rt_ts % 1000000) * 1000;
|
nstime_t ts;
|
||||||
proto_tree_add_time(tree, hf_idx, tvb, offset, len, &ts);
|
ts.secs = (time_t) (rt_ts / 1000000);
|
||||||
|
ts.nsecs = (rt_ts % 1000000) * 1000;
|
||||||
|
proto_tree_add_time(tree, hf_idx, tvb, offset, len, &ts);
|
||||||
|
} else {
|
||||||
|
proto_tree_add_expert_format(tree, NULL, &ei_undecoded_field, tvb, offset, len, "Invalid time value %s", time_str);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -851,6 +859,10 @@ proto_register_systemd_journal(void)
|
||||||
{ &ei_nonbinary_field,
|
{ &ei_nonbinary_field,
|
||||||
{ "systemd_journal.nonbinary_field", PI_UNDECODED, PI_WARN,
|
{ "systemd_journal.nonbinary_field", PI_UNDECODED, PI_WARN,
|
||||||
"Field shouldn't be binary", EXPFILL }
|
"Field shouldn't be binary", EXPFILL }
|
||||||
|
},
|
||||||
|
{ &ei_undecoded_field,
|
||||||
|
{ "systemd_journal.undecoded_field", PI_UNDECODED, PI_WARN,
|
||||||
|
"Unable to decode field", EXPFILL }
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
|
||||||
#include <wsutil/ws_printf.h>
|
#include <wsutil/ws_printf.h>
|
||||||
|
#include <wsutil/strtoi.h>
|
||||||
|
|
||||||
#include "wtap-int.h"
|
#include "wtap-int.h"
|
||||||
#include "file_wrappers.h"
|
#include "file_wrappers.h"
|
||||||
|
@ -2509,8 +2510,10 @@ pcapng_read_systemd_journal_export_block(wtap *wth, FILE_T fh, pcapng_block_head
|
||||||
}
|
}
|
||||||
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
rt_ts = strtoul(ts_pos+rt_ts_len, NULL, 10);
|
const char *ts_end;
|
||||||
if (errno) {
|
gboolean ok = ws_strtou64(ts_pos+rt_ts_len, &ts_end, &rt_ts);
|
||||||
|
|
||||||
|
if (!ok) {
|
||||||
*err = WTAP_ERR_BAD_FILE;
|
*err = WTAP_ERR_BAD_FILE;
|
||||||
*err_info = g_strdup_printf("%s: invalid timestamp", G_STRFUNC);
|
*err_info = g_strdup_printf("%s: invalid timestamp", G_STRFUNC);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -2522,7 +2525,7 @@ pcapng_read_systemd_journal_export_block(wtap *wth, FILE_T fh, pcapng_block_head
|
||||||
wblock->rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
|
wblock->rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN;
|
||||||
wblock->rec->tsprec = WTAP_TSPREC_USEC;
|
wblock->rec->tsprec = WTAP_TSPREC_USEC;
|
||||||
|
|
||||||
wblock->rec->ts.secs = (time_t) rt_ts / 1000000;
|
wblock->rec->ts.secs = (time_t) (rt_ts / 1000000);
|
||||||
wblock->rec->ts.nsecs = (rt_ts % 1000000) * 1000;
|
wblock->rec->ts.nsecs = (rt_ts % 1000000) * 1000;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in New Issue