We can just call file_tell() before reading the line when doing
sequential reads.
Change-Id: Ide36d0b7d99ef3e76dbe1ddfad6c99972c04739a
Reviewed-on: https://code.wireshark.org/review/25027
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Existence of in_file has been checked in line 908.
Change-Id: Ida6c06362a1f88caec40701be7f3e42133ce404a
Reviewed-on: https://code.wireshark.org/review/24994
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reads pcapng blocks from a pipe. Section header blocks are parsed for
endianess. All other blocks only have the general block header parsed
for type and length, and then endianess converted if necessary.
Outputs all blocks using the original endianess format so none of the
other block types or options require parsing.
Change-Id: I2f4f0175013d8fc2cda42a63e7deacad537951e3
Bug: 11370
Reviewed-on: https://code.wireshark.org/review/24536
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This sets the scope of the static build option to Wireshark support
libraries only.
Before the patch:
Static plugins don't work with CMake and autotools.
autotools static build is broken, and most likely will always be, as
building Wireshark all-static is difficult and time-consuming.
After the patch:
For CMake Wireshark will be built with static or shared libraries and
dynamic plugins. Everything just works. CMake apparently doesn't want
you building static and shared libraries at the same time.
For autotools Wireshark will be built with shared libraries by default.
--disable-shared and --enable-static options work as usual. Dlopened
plugins are not built if --disable-shared is given to configure (to
disable shared libraries). This is a limitations imposed by libtool.
Tested on Linux. This removes broken support for building plugins
statically.
Change-Id: Ib8e8176976f136eea93a2ce8f9857b6cf9bec64c
Reviewed-on: https://code.wireshark.org/review/24241
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Bug: 14195
Change-Id: Ic6be8e1f8169968c48376984c0d1a1a69c67f32a
Reviewed-on: https://code.wireshark.org/review/24415
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "internal" port type has been serialized by export PDU functionality
and nettrace_3gpp_32_423 wiretap. To better support "endpoint" functionality
the port types will be removed/updated and that changes the implicit values
from the port_type enum.
Take a snapshot of the current port_type values and use those specific values
when reading/writing export PDU data and provide conversion functions that can
be modified when port_types are removed. Do the same for nettrace_3gpp_32_423
wiretap.
Change-Id: I770bd0cab22e84f3cf49032fc86c5927bf85263f
Reviewed-on: https://code.wireshark.org/review/24169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.
Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's been broken for over a year, needs to be modernized and as
implemented it's a maintenance nightmare. Get rid of it.
Ping-Bug: 13036
Change-Id: I34a6e4c28b6d3b96dd6550dd21e9cbeaf050d58f
Reviewed-on: https://code.wireshark.org/review/23967
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Autotools has the very useful feature by design of allowing the user
to override the default build flags (you break it you keep it).
Apparently CMake applies COMPILE_OPTIONS target property after
CMAKE_{C,CXX}_FLAGS so that doesn't work here. Prepend our flags to those
variables instead to make it work then.
Specific target flag overrides can still be added with COMPILER_OPTIONS
(e.g: generated files with -Wno-warning) but this is less effective and
then we're back at the point where this overrides user flags. It's less
of a concern though.
Change-Id: I44761a79be4289238e02d4e781fef0099628817b
Reviewed-on: https://code.wireshark.org/review/23675
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Add a CMake target that dumps the help output for our command line tools
to individual files. Include those files in the tools appendix instead
of pasting them in manually.
Fixup the output of some tools so that they pass the pre-commit checks.
Change-Id: I925f24818422a190927a96531c21f4d16d3fe5b5
Reviewed-on: https://code.wireshark.org/review/23737
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
NetMon apparently didn't zero out the file header, so those fields have
random values in pre-2.2.
Change-Id: I3aeede6ab273d57ca937a5e18e67223fb4ed18da
Reviewed-on: https://code.wireshark.org/review/23666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
IXIA^WKeysight Technologies's vitual IxNetwork version 8.30 will
create capture files in a modified format: It uses a different magic
and adds the total size of all records, i.e. the filesize minus the
headersize. Add support for this.
v2: Different file types use different magic numbers.
Not yet tested/supported: The default fileending is .lcap
Bug: 14073
Change-Id: Ida90b188ca66a78ff22dca237e4fd6b22e02dc14
Reviewed-on: https://code.wireshark.org/review/23614
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we're not going to subtract 4 from actual_octets, there's no reason
to treat actual_octets < 4 as an error.
This makes the "subtract 4 octets of crap" code similar in all cases,
hopefully further reducing the opacity of the code.
Change-Id: I41cda101b321422ce5fd4474fb6903bfe471cb63
Reviewed-on: https://code.wireshark.org/review/23534
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(In the hope of making the code slightly less opaque.)
Change-Id: Ic635eedac4eb9fb764b3633c9003608b9b4ae3df
Reviewed-on: https://code.wireshark.org/review/23533
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Be consistent in the treatment of those 4 octets.
Change-Id: If35c94bd299c3e7ec76306daf325d5aa5e3a19b9
Reviewed-on: https://code.wireshark.org/review/23530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There may be some amount of bogosity involved but initialize the
variables and add a default case to prevent the noise and the build
from breaking with -Werror.
Change-Id: I20432ea74a1e5edc28be75a97077c9aa7bc87a35
Reviewed-on: https://code.wireshark.org/review/23426
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It's just a WTAP_ENCAP_IEEE_802_11
Change-Id: I7369fac06a7d63812bb7ce7b3c16b9fe606f544c
Reviewed-on: https://code.wireshark.org/review/23418
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For a sane plugin build environment. Include config.h as the first
header in the .c file instead.
Fix by moving required compiler attribute macros to a new
"ws_attributes.h" API header.
Change-Id: I34f58a927f68c1a0e59686c14d214825149749e1
Reviewed-on: https://code.wireshark.org/review/23400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Normally a .cap file contains a network type that when masked with 0xFFF
will convert to a pcap LINKTYPE_ value. However, Microsoft Analyzer
used 0xE080-0xE08A for their own purposes within a .cap file.
Add support for the WPFCapture formats and give a "not supported" error
message to the few left unsupported.
Bug: 10556
Change-Id: I321a75ce769fdec75bdc6b595936c25932950a97
Reviewed-on: https://code.wireshark.org/review/23386
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4221
Change-Id: I59aff777c364af1a064e1e99ea9ac6692a4cedfa
Reviewed-on: https://code.wireshark.org/review/23333
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There isn't a place at the moment that uses it, but prepare
that use by parsing out the process info table and placing
it the netmon private data.
Bug: 4224
Ping-Bug: 1184
Change-Id: I6186b3dce0333042357089d8517c8b47b5ff7f70
Reviewed-on: https://code.wireshark.org/review/23316
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The NetMon wiretap reads the title and description comment fields from a
NetMon file and saves it in the wiretap private structure. Then when
it's time to make a frame, the comment fields are added to a NetMon
pseudoheader with a new WTAP ENCAP type, with the potential for netmon
pseudoheader to contain pseudoheader data from "base" wiretap. Then the
netmon_header dissector displays the comment fields and passes any "base"
wiretap pseudoheader data when calling the wtap_encap dissector table
that the frame dissector normally calls.
Bug: 4225
Change-Id: I8f772bc9494364c98434c78b61eb5a64012ff3b9
Reviewed-on: https://code.wireshark.org/review/23210
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Assigned a WTAP_ENCAP value (WTAP_ENCAP_NETMON_NET_NETEVENT) for the
dissection of Event Tracing records inside a NetworkMonitor file.
Ping-Bug: 6520
Ping-Bug: 6694
Change-Id: Ib100f3779095842e78f9b7741e80258aa866d818
Reviewed-on: https://code.wireshark.org/review/23278
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use this for nordic_ble dissection.
Change-Id: I5323cbd8c244c4e3b645825c60d040e1ae8f3b81
Reviewed-on: https://code.wireshark.org/review/23219
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Undo most of the changes, but turn the return at the end of the default
case into a break.
Change-Id: I022b62a85254ff188f19fd3d7c3fe40b0789b3d2
Reviewed-on: https://code.wireshark.org/review/22695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 74a2ae4aba.
No, that's just Coverity not understanding macros *again*, and thinking a particular expanded instance of a macro is the result of some human being silly rather than of the arguments being such that some computations can be elided at compile time.
Change-Id: I40f2ad8bf018b0df02d90ed0e272505be68dae7e
Reviewed-on: https://code.wireshark.org/review/22693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CIDs 1415436.
Change-Id: I21ada7a308d888b4cbb8557197a2e30bda118f44
Reviewed-on: https://code.wireshark.org/review/22691
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert it to a 4-byte value and byte-swap *that*.
Fixes CID 1415438.
Change-Id: I5cf0b5905f5dd2086c5d8ed6b13b1921bdb69a84
Reviewed-on: https://code.wireshark.org/review/22689
Reviewed-by: Guy Harris <guy@alum.mit.edu>