osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

if_filter isn't a string per se,The first byte of the Option Data keeps a code of the filter used 

svn path=/trunk/; revision=41339
This commit is contained in:
Anders Broman 2012-03-04 19:01:14 +00:00
parent d75c3d384e
commit 971cb84877
5 changed files with 83 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pcapio.c
View File

@ -422,7 +422,7 @@ libpcap_write_interface_description_block(FILE *fp,
/* IDB_FILTER */
if ((filter != NULL) && (strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16)) {
block_total_length += sizeof(struct option) +
(guint16)(ADD_PADDING(strlen(filter) + 1));
(guint16)(ADD_PADDING(strlen(filter) + 1)+1);
have_options = TRUE;
}
@ -491,11 +491,16 @@ libpcap_write_interface_description_block(FILE *fp,
}
}
/* write filter string if applicable */
/* write filter string if applicable
* We only write version 1 of the fileter, libpcap string
*/
if ((filter != NULL) && (strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16)) {
option.type = IDB_FILTER;
option.value_length = (guint16)(strlen(filter) + 1);
option.value_length = (guint16)(strlen(filter) + 1 + 1 );
WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
/* The first byte of the Option Data keeps a code of the filter used, 0 = lipbpcap filter string */
WRITE_DATA(fp, &padding, 1, *bytes_written, err);
WRITE_DATA(fp, filter, strlen(filter) + 1, *bytes_written, err);
if ((strlen(filter) + 1) % 4) {
WRITE_DATA(fp, &padding, 4 - (strlen(filter) + 1) % 4 , *bytes_written, err);

2
summary.c
View File

@ -213,7 +213,7 @@ summary_fill_in_capture(capture_file *cf,capture_options *capture_opts, summary_
idb_info = wtap_file_get_idb_info(cf->wth);
for (i = 0; i < idb_info->number_of_interfaces; i++) {
wtapng_if_descr = g_array_index(idb_info->interface_data, wtapng_if_descr_t, i);
iface.cfilter = g_strdup(wtapng_if_descr.if_filter);
iface.cfilter = g_strdup(wtapng_if_descr.if_filter_str);
iface.name = g_strdup(wtapng_if_descr.if_name);
iface.descr = g_strdup(wtapng_if_descr.if_description);
iface.drops_known = FALSE;

4
wiretap/file_access.c
View File

@ -1020,7 +1020,9 @@ wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
descr.if_description = NULL;
descr.if_speed = 0;
descr.if_tsresol = 6;
descr.if_filter= NULL;
descr.if_filter_str= NULL;
descr.bpf_filter_len= 0;
descr.if_filter_bpf_bytes= NULL;
descr.if_os = NULL;
descr.if_fcslen = -1;
wdh->number_of_interfaces= 1;

69
wiretap/pcapng.c
View File

@ -714,7 +714,9 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn,
/* XXX: if_EUIaddr */
wblock->data.if_descr.if_speed = 0; /* "unknown" */
wblock->data.if_descr.if_tsresol = 6; /* default is 6 for microsecond resolution */
wblock->data.if_descr.if_filter = NULL;
wblock->data.if_descr.if_filter_str = NULL;
wblock->data.if_descr.bpf_filter_len = 0;
wblock->data.if_descr.if_filter_bpf_bytes = NULL;
wblock->data.if_descr.if_os = NULL;
wblock->data.if_descr.if_fcslen = -1; /* unknown or changes between packets */
/* XXX: guint64 if_tsoffset; */
@ -827,8 +829,17 @@ pcapng_read_if_descr_block(FILE_T fh, pcapng_block_header_t *bh, pcapng_t *pn,
*/
case(11): /* if_filter */
if (oh.option_length > 0 && oh.option_length < opt_cont_buf_len) {
wblock->data.if_descr.if_filter = g_strndup(option_content, oh.option_length);
pcapng_debug1("pcapng_read_if_descr_block: if_filter %s", wblock->data.if_descr.if_filter);
/* The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string,
* or BPF bytecode.
*/
if (option_content[0] == 0){
wblock->data.if_descr.if_filter_str = g_strndup(option_content+1, oh.option_length-1);
pcapng_debug1("pcapng_read_if_descr_block: if_filter_str %s", wblock->data.if_descr.if_filter_str);
}else if(option_content[0] == 1) {
wblock->data.if_descr.bpf_filter_len = oh.option_length-1;
wblock->data.if_descr.if_filter_bpf_bytes = g_malloc(oh.option_length-1);
memcpy(&wblock->data.if_descr.if_filter_bpf_bytes, option_content+1, oh.option_length-1);
}
} else {
pcapng_debug1("pcapng_read_if_descr_block: if_filter length %u seems strange", oh.option_length);
}
@ -2055,7 +2066,9 @@ pcapng_open(wtap *wth, int *err, gchar **err_info)
int_data.if_speed = wblock.data.if_descr.if_speed;
int_data.if_tsresol = wblock.data.if_descr.if_tsresol;
/* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
int_data.if_filter = wblock.data.if_descr.if_filter;
int_data.if_filter_str = wblock.data.if_descr.if_filter_str;
int_data.bpf_filter_len = wblock.data.if_descr.bpf_filter_len;
int_data.if_filter_bpf_bytes = wblock.data.if_descr.if_filter_bpf_bytes;
int_data.if_os = wblock.data.if_descr.if_os;
int_data.if_fcslen = wblock.data.if_descr.if_fcslen;
/* XXX if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
@ -2451,8 +2464,8 @@ pcapng_write_if_descr_block(wtap_dumper *wdh, wtapng_if_descr_t *int_data, int *
gboolean have_options = FALSE;
struct option option_hdr; /* guint16 type, guint16 value_length; */
guint32 options_total_length = 0;
guint32 comment_len = 0, if_name_len = 0, if_description_len = 0 , if_os_len = 0;
guint32 comment_pad_len = 0, if_name_pad_len = 0, if_description_pad_len = 0, if_os_pad_len = 0;
guint32 comment_len = 0, if_name_len = 0, if_description_len = 0 , if_os_len = 0, if_filter_str_len = 0;
guint32 comment_pad_len = 0, if_name_pad_len = 0, if_description_pad_len = 0, if_os_pad_len = 0, if_filter_str_pad_len;
pcapng_debug3("pcapng_write_if_descr_block: encap = %d (%s), snaplen = %d",
@ -2531,7 +2544,15 @@ pcapng_write_if_descr_block(wtap_dumper *wdh, wtapng_if_descr_t *int_data, int *
* if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
* The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more).
*/
if (int_data->if_filter) {
if (int_data->if_filter_str) {
have_options = TRUE;
if_filter_str_len = (guint32)strlen(int_data->if_filter_str) & 0xffff+1;
if ((if_filter_str_len % 4)) {
if_filter_str_pad_len = 4 - (if_filter_str_len % 4);
} else {
if_filter_str_pad_len = 0;
}
options_total_length = options_total_length + if_filter_str_len + if_filter_str_pad_len + 4 /* comment options tag */ ;
}
/*
* if_os 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed.
@ -2580,7 +2601,7 @@ pcapng_write_if_descr_block(wtap_dumper *wdh, wtapng_if_descr_t *int_data, int *
wdh->bytes_dumped += sizeof idb;
/* XXX - write (optional) block options */
if (comment_len) {
if (comment_len != 0) {
option_hdr.type = OPT_COMMENT;
option_hdr.value_length = comment_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
@ -2603,7 +2624,7 @@ pcapng_write_if_descr_block(wtap_dumper *wdh, wtapng_if_descr_t *int_data, int *
/*
* if_name 2 A UTF-8 string containing the name of the device used to capture data.
*/
if (if_name_len) {
if (if_name_len !=0) {
option_hdr.type = IDB_OPT_IF_NAME;
option_hdr.value_length = if_name_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
@ -2626,7 +2647,7 @@ pcapng_write_if_descr_block(wtap_dumper *wdh, wtapng_if_descr_t *int_data, int *
/*
* if_description 3 A UTF-8 string containing the description of the device used to capture data.
*/
if (if_description_len) {
if (if_description_len != 0) {
option_hdr.type = IDB_OPT_IF_NAME;
option_hdr.value_length = if_description_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
@ -2697,10 +2718,36 @@ pcapng_write_if_descr_block(wtap_dumper *wdh, wtapng_if_descr_t *int_data, int *
/*
* if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
*/
/* Libpcap string variant */
if (if_filter_str_len !=0) {
option_hdr.type = IDB_OPT_IF_FILTER;
option_hdr.value_length = if_filter_str_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
return FALSE;
wdh->bytes_dumped += 4;
/* Write the zero indicaling libpcap filter variant */
if (!wtap_dump_file_write(wdh, &zero_pad, 1, err))
return FALSE;
wdh->bytes_dumped += 1;
/* Write the comments string */
pcapng_debug3("pcapng_write_if_descr_block, if_filter_str:'%s' if_filter_str_len %u if_filter_str_pad_len %u" , int_data->if_filter_str, if_filter_str_len, if_filter_str_len);
if (!wtap_dump_file_write(wdh, int_data->if_filter_str, if_filter_str_len, err))
return FALSE;
wdh->bytes_dumped += comment_len;
/* write padding (if any) */
if (if_filter_str_pad_len != 0) {
if (!wtap_dump_file_write(wdh, &zero_pad, if_filter_str_pad_len, err))
return FALSE;
wdh->bytes_dumped += if_filter_str_pad_len;
}
}
/*
* if_os 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed.
*/
if (if_os_len) {
if (if_os_len != 0) {
option_hdr.type = IDB_OPT_IF_OS;
option_hdr.value_length = if_os_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))

26
wiretap/wtap.h
View File

@ -907,29 +907,29 @@ typedef struct wtapng_iface_descriptions_s {
* Interface description data
*/
typedef struct wtapng_if_descr_s {
int wtap_encap; /**< link_type translated to wtap_encap */
int wtap_encap; /**< link_type translated to wtap_encap */
guint64 time_units_per_second;
/* mandatory */
guint16 link_type;
guint32 snap_len;
/* options */
gchar *opt_comment; /**< NULL if not available */
gchar *if_name; /**< NULL if not available, opt 2 A UTF-8 string containing the name of the device used to capture data. */
gchar *if_description;/**< NULL if not available, opt 3 A UTF-8 string containing the description of the device used to capture data. */
gchar *opt_comment; /**< NULL if not available */
gchar *if_name; /**< NULL if not available, opt 2 A UTF-8 string containing the name of the device used to capture data. */
gchar *if_description; /**< NULL if not available, opt 3 A UTF-8 string containing the description of the device used to capture data. */
/* XXX: if_IPv4addr opt 4 Interface network address and netmask.*/
/* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
/* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits).*/
/* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits)*/
guint64 if_speed; /**< 0xFFFFFFFF if unknown, opt 8 Interface speed (in bps). 100000000 for 100Mbps */
guint8 if_tsresol; /**< default is 6 for microsecond resolution, opt 9 Resolution of timestamps.
* If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10
*/
guint64 if_speed; /**< 0xFFFFFFFF if unknown, opt 8 Interface speed (in bps). 100000000 for 100Mbps */
guint8 if_tsresol; /**< default is 6 for microsecond resolution, opt 9 Resolution of timestamps.
* If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10
*/
/* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
gchar *if_filter; /**< NULL if not available, opt 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
* The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more).
*/
gchar *if_os; /**< NULL if not available, 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. */
gint8 if_fcslen; /**< -1 if unknown or changes between packets, opt 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. */
gchar *if_filter_str; /**< NULL if not available, opt 11 libpcap string. */
guint16 bpf_filter_len; /** Opt 11 variant II BPF filter len 0 if not used*/
gchar *if_filter_bpf_bytes; /** Opt 11 BPF filter or NULL */
gchar *if_os; /**< NULL if not available, 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. */
gint8 if_fcslen; /**< -1 if unknown or changes between packets, opt 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. */
/* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
} wtapng_if_descr_t;