If the first byte of the file is 31, and we advance to the next byte but
find it's not 139, back up to the first byte before falling through and
treating the file as uncompressed.
Add/expand some comments while we're at it.
Bug: 16252
Change-Id: I292b51f9cc04173482a43b26b0ce73c9e7aee570
Reviewed-on: https://code.wireshark.org/review/35315
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fall back on the Wayback Machine for some links.
Change-Id: I6a44a2caaeb4fa521c2f08196e7c36069e3bb842
Reviewed-on: https://code.wireshark.org/review/34103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We're defining it now based on whether there's an st_blksize member of
struct stat. We're currently testing _STATBUF_ST_BLKSIZE, but that's
not guaranteed to be defined on platforms that have an st_blksize member
of struct stat (it's not defined on macOS, for example).
Change-Id: I4e6011a7668da94cf1ca6328e29c50924dd1d8b0
Reviewed-on: https://code.wireshark.org/review/32381
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move all the compressed-file type stuff to wiretap/file_wrappers.c.
Rename wtap_compressed_file_extension() to
wtap_compression_type_extension() for consistency with the other
compression-type-extension routine names.
Move the declarations of the compression-type-extension routines in the
header file.
wtap_compression_type_extension() now returns NULL for
WTAP_UNCOMPRESSED; there's no need to special-case it.
Get rid of the now-unused wtap_compression_type_supported() and
WTAP_NUM_COMPRESSION_TYPES.
Change-Id: Ib93874079bea669a0c87104513dba0d21390455a
Reviewed-on: https://code.wireshark.org/review/30729
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add wtap_compressed_file_extension(), which returns NULL for
WTAP_UNCOMPRESSED and the appropriate file extension for other
compression types.
Add wtap_compression_type_supported(), which returns TRUE for
WTAP_UNCOMPRESSED and all supported compression types and FALSE
otherwise. ("Supported" means "the code can decompmress files in that
compression format and can write files in that compression format", so
WTAP_GAIP_COMPRESSED is supported iff libwiretap is built with zlib.)
In MainWindow::fileAddExtension, instead of checking for
WTAP_GZIP_COMPRESSED and using ".gz" as the extension, use the extension
returned by wtap_compressed_file_extension() for the compression type.
Change-Id: I47cb0eca8c887ada3562df30b54e76509008180f
Reviewed-on: https://code.wireshark.org/review/30707
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When using file_gets it's very difficult to determine how many characters
were read, because you can't distinguish between an embedded NUL and
a short line (note that the last line in a file may not have an LF at the
end). While it's still possible to do it via prefilling the buffer with
non-zero values, doing that is cumbersome, inefficient and error-prone.
This new function makes the task much easier.
The "p" in the name is meant to be reminiscent of the "p" in stpcpy.
Change-Id: I468d5ee71e3b6289925860651ba61b369301b3c9
Reviewed-on: https://code.wireshark.org/review/27333
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
out.next is initialized to point to the beginning of the buffer when a
FILE_T is created, so it won't be null.
Change-Id: Ib29f713ab3c524c9c7d83e8d9f3bef89fde1d5b5
Reviewed-on: https://code.wireshark.org/review/25380
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't loop trying to read a full buffer from the input file.
If you're reading from a file, on UN*X or Windows, you should get the
entire read count unless you're fewer than buffer-size bytes from the
end of the file, in which case you should get what remains in the file.
If you're reading from a pipe, however, that could cause you to block
longer than necessary waiting for a full buffer rather than just for the
next chunk of data from the pipe - which might not be a bufferful, if
the program writing to the file is itself writing less-than-bufferful
chunks, as may be the case in, for example, a pipeline coming from a
live capture and with the intent that TShark display the packets as they
arrive.
While we're at it, if we're trying to do a seek and the seek takes place
within the buffer of uncompressed data, just adjust the position within
that buffer for forward seeks as well as backward seeks; this
substantially reduces the number of ws_lseek64() calls when making a
sequential pass through the file in Wireshark (e.g., running a tap or
filtering the display) and, as we purge the buffer after the
ws_lseek64(), substantically reduces the number of ws_read() calls in
that situation as well.
Have a data structure for a file data buffer, and use it for both the
"input" (compressed data) and "output" (uncompressed data) buffers.
Rename raw_read() to buf_read(), as it reads into a buffer.
Change-Id: I7982b3499a7613a993913a6db887054730764160
Ping-Bug: 14345
Reviewed-on: https://code.wireshark.org/review/25358
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what's being tested, and makes the tests more
consistent, so we're always, not just sometimes, testing that way.
Change-Id: Ifac4a86d16d0652d04db3dec572c11e1335c945d
Reviewed-on: https://code.wireshark.org/review/25318
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we aren't built with libz, report a new "decompression not supported"
error if the file is gzipped; the problem isn't that it's a new capture
file format we don't support, it's that a *compressed* capture file, in
some format, but we don't support the *compression* format used.
This can be extended if we add support for other compression formats.
Change-Id: I19239525d4e02357e3ca7189996556839af8fce2
Reviewed-on: https://code.wireshark.org/review/25315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It warns that a 32-bit value is being shifted left and then converted to
a 64-bit type; presumably it means "this might overflow and not give you
the result you expect". That's unlikely to be the case here, as few
UN*X file systems have a recommended I/O block size > 2^30, but we might
as well throw in a cast so the convert-to-a-64-bit-type is done first.
Change-Id: Id6ab11d750d5cf4cc03d060d63edc01b66cd179d
Reviewed-on: https://code.wireshark.org/review/20352
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, we can close the resulting wtap_dumper the same way we close
any other wtap_dumper, including closing the FD, rather than trying to
do everything *except* closing the FD (which is tricky for a FILE *).
Change-Id: I8cb66e32784d73e598b2e8720a12f9bdab1c6205
Reviewed-on: https://code.wireshark.org/review/19054
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow file_read() to take a null pointer as a buffer argument; a null
argument means "do everything except copy the bytes from the file to the
user buffer". That means that wtap_read_bytes() and
wtap_read_bytes_or_eof() also support a null pointer as a buffer
argument.
Use wtap_read_bytes() with a null buffer argument rather than
file_skip() to skip forward over data.
This fixes some places where files were mis-identified as ERF files, as
the ERF open heuristics now get a short "read" error if they try to skip
over more bytes than exist in the file.
Change-Id: I4f73499d877c1f582e2bcf9b045034880cb09622
Reviewed-on: https://code.wireshark.org/review/17974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
git/epan/dissectors/packet-a21.c:478:25: error: 'item' was marked unused but was used
[-Werror,-Wused-but-marked-unused]
proto_item_append_text(item, "%s", val_to_str_const(event_id, a21_event_vals, "Unknown"));
^
Added manual change id because file-jpeg.c forced the use of commit -n
Change-Id: Iffff53d6253758c8454d9583f0a11f317c8390cb
Reviewed-on: https://code.wireshark.org/review/14666
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Just use the table - or an empty table if we're not including the
compressed file extensions.
Change-Id: I0b3ef3987e1986953f2957c27c84b2ee59b90bc0
Reviewed-on: https://code.wireshark.org/review/13611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ZLIB_CONST must be defined before including zlib.h to expose z_const,
*AND* z_const shouldn't be used unless it's defined, because older
versions of zlib don't define it even if you define ZLIB_CONST.
While we're at it, throw in some DIAG_OFF(cast-qual)/DIAG_ON(cast-qual)
pairs to suppress unavoidable "cast throws away const qualification"
warnings.
The original "make zlib constness-aware" change also removed an
unnecessary include of <zlib.h> from wiretap/wtap.c, so we do that as
well.
Change-Id: I3c5269a8fbc54bbbb4d316544cc7b8fa30614c19
Reviewed-on: https://code.wireshark.org/review/12675
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit fb0246c6fd. That commit assumes that if you define Z_CONST, z_const will be defined; that is *not* the case with older versions of zlib, which don't define z_const under any circumstances.
Change-Id: I6f9b7ea18922799b1aaf94dc2c63120128f2550a
Reviewed-on: https://code.wireshark.org/review/12671
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ZLIB_CONST must be defined before including zlib.h to expose 'z_const'.
Change-Id: Ic0dbd59ed3c760dd84ef4546f6ff4d5d3db91519
Reviewed-on: https://code.wireshark.org/review/12547
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have a "this is stdout" flag for a wtap_dumper, and have "open the
standard output for dumping" routines that set that flag. When closing
a wtap_dumper, do most of the work regardless of whether we're writing
to the standard output or not (so that everything gets written out) and
only skip the closing of the underlying file descriptor.
Change-Id: I9f7e4d142b3bd598055d806b7ded1cb4c378de8e
Reviewed-on: https://code.wireshark.org/review/11673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libwiretap no longer uses standard I/O routines to read files; those
includes are left over from when it did.
Change-Id: Ia46c5e24ed25c6bd254cd271746ace539a37e590
Reviewed-on: https://code.wireshark.org/review/11634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The LHS of the & operation is unsigned; make the RHS unsigned as well.
That squelches a Sun/Oracle C warning.
Change-Id: I6983cc89603a512020b8e8b560c00632de6b2fb3
Reviewed-on: https://code.wireshark.org/review/8363
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is needed for Lua File:seek("end").
Change-Id: I28fb23f2f29ca8083c77bf065db8816e039ae5a1
Reviewed-on: https://code.wireshark.org/review/4722
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Most interesting are:
warning: cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
warning: ISO C forbids zero-size array [-Wpedantic]
warning: ISO C90 doesn't support unnamed structs/unions [-Wpedantic]
warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual
warning: initializer element is not computable at load time [enabled by default]
Change-Id: I5573c6bdca856a304877d9bef643f8c0fa93cdaf
Reviewed-on: https://code.wireshark.org/review/3174
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
lseek returns an off_t type which is system-dependent. Use ws_lseek64 in
favor of lseek as that supports 64-bit quanities.
Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows.
For the majority of the changes, this makes no difference as they do not
apply to Windows ("ifndef _WIN32"; availability of st_blksize).
There are no other users of "struct stat" besides the portability code
in wsutil. Forbid the use of fstat and lseek in checkAPIs.
Change-Id: I17b930ab9543f21a9d3100f3795d250c9b9ae459
Reviewed-on: https://code.wireshark.org/review/3198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This enables a Lua script to implement a brand new capture file format reader/writer, so that for example one could write a script to read from vendor-specific "logs" of packets, and show them as normal packets in wireshark.
Change-Id: Id394edfffa94529f39789844c382b7ab6cc2d814
Reviewed-on: https://code.wireshark.org/review/431
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
seek offset is after calling it, they can use file_tell(). (Some
routines were already assuming it returned a gboolean.)
svn path=/trunk/; revision=49733