This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Found by valgrind:
==14298== at 0x4C2CE8E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14298== by 0xA66C6AE: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA63BB32: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA63BEB7: g_array_append_vals (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA193252: wtap_optionblock_add_option (wtap_opttypes.c:352)
==14298== by 0xA19361C: shb_create (wtap_opttypes.c:607)
==14298== by 0xA192F96: wtap_optionblock_create (wtap_opttypes.c:126)
==14298== by 0xA168784: wtap_open_offline (file_access.c:824)
==14298== by 0x11D47C: cf_open (tshark.c:4194)
==14298== by 0x117852: main (tshark.c:2183)
et al.
Change-Id: Ic16595ed3c12b9ed6c2813852ceb594c29ece929
Reviewed-on: https://code.wireshark.org/review/15004
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's not guaranteed to be a C string, so don't call it "str".
Change-Id: I614ccf4f87b9f6f58d9b72596827224006f1de30
Reviewed-on: https://code.wireshark.org/review/14998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use wtap_read_bytes() which will return WTAP_ERR_SHORT_READ if we don't
get the specified number of bytes. Treat all errors *other* than
WTAP_ERR_SHORT_READ as an I/O error.
Change-Id: If38b5ad1b142441f2f2dd356be196bf381058da4
Reviewed-on: https://code.wireshark.org/review/14997
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no need for an open routine to seek back to the beginning of the
file - the file open code has done that already.
Change-Id: I4053474e60e7c8e8f59a89503d4bb08499d9399e
Reviewed-on: https://code.wireshark.org/review/14996
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And *any* EOFs in the seek-read routine.
Change-Id: I5742c7bbd782e59e9c64e4821f22c706ddbc5382
Reviewed-on: https://code.wireshark.org/review/14995
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We just care whether the first 6 bytes of the file are "MPCSII";
memcmp() will do that, and we don't have to worry about NULs.
Change-Id: I03872c30e76eedce67577657270e36f0795e74bd
Reviewed-on: https://code.wireshark.org/review/14994
Reviewed-by: Guy Harris <guy@alum.mit.edu>
the mplog format is used by some commercial logging tools that capture
ISO 14443 traffic between a card reader and a contactless smartcard
Change-Id: If359b8f0f671eb2a7c6315e2b8960a5bd581a9e9
Reviewed-on: https://code.wireshark.org/review/14950
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The presence bits field isn't made up of multiple bytes, it's a single
32-bit field, so move the bit values up 8 bits so they don't collide
with the values from the first byte.
Prevents a crash with at least one 32.423 file.
Change-Id: I804e76a5b8844f1f3894a43af7fd8bbe9fa7447c
Reviewed-on: https://code.wireshark.org/review/14943
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.
Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.
Note that we could probably improve startup performance by using wmem
in diam_dict.*.
Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use %option extra_type= rather than #defining YY_EXTRA_TYPE.
Change comments to reflect that the state structure is used both by the
lexical analyzer and the parser.
Change-Id: I19a81de61cbd6e86d71154f376ef0681cc6d42fb
Reviewed-on: https://code.wireshark.org/review/14826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
master-branch libpcap now generates a reentrant Flex scanner and
Bison/Berkeley YACC parser for capture filter expressions, so it
requires versions of Flex and Bison/Berkeley YACC that support that.
We might as well do the same. For libwiretap, it means we could
actually have multiple K12 text or Ascend/Lucent text files open at the
same time. For libwireshark, it might not be as useful, as we only read
configuration files at startup (which should only happen once, in one
thread) or on demand (in which case, if we ever support multiple threads
running libwireshark, we'd need a mutex to ensure that only one file
reads it), but it's still the right thing to do.
We also require a version of Flex that can write out a header file, so
we change the runlex script to generate the header file ourselves. This
means we require a version of Flex new enough to support --header-file.
Clean up some other stuff encountered in the process.
Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16
Reviewed-on: https://code.wireshark.org/review/14719
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is consistent with what the rest of the files do, and doesn't
require that the compiler explicitly be told to treat the current
directory as an include directory.
Change-Id: Iefaedd2acc936f45d5095546f8dea7167d2e88c8
Reviewed-on: https://code.wireshark.org/review/14797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When the state pointer is NULL it's defensively coded against by a
NULL pointer check. Variable initialization before should then not
dereference that pointer.
Change-Id: I0ed09e2f22be5651324f43fc3fd339d2f95684c0
Reviewed-on: https://code.wireshark.org/review/14776
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either use "wtap.h", if it's only for files in the wiretap directory, or
<wiretap/wtap.h>, if it's also a header that stuff outside libwiretap
can include.
Change-Id: If1c71b3dae9a3c0d64661ae1734f925319e447d1
Reviewed-on: https://code.wireshark.org/review/14788
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.
The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.
ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.
Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.
ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.
Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.
Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.
Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.
Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1) Handle the ASCII and Unicode magic numbers the same way - as static
const char arrays. Note that Unicode specifically means little-endian
UCS-2 (or UTF-16, but they probably use few if any characters outside of
ASCII, much less the Basic Multilingual Plane).
2) Treat all seek errors as open errors rather than "not my file type".
3) Fix capitalization of "Unicode".
Change-Id: I47b7e057ccada00347499a6b17f8f8fc44e7c503
Reviewed-on: https://code.wireshark.org/review/14689
Reviewed-by: Guy Harris <guy@alum.mit.edu>
git/epan/dissectors/packet-a21.c:478:25: error: 'item' was marked unused but was used
[-Werror,-Wused-but-marked-unused]
proto_item_append_text(item, "%s", val_to_str_const(event_id, a21_event_vals, "Unknown"));
^
Added manual change id because file-jpeg.c forced the use of commit -n
Change-Id: Iffff53d6253758c8454d9583f0a11f317c8390cb
Reviewed-on: https://code.wireshark.org/review/14666
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Otherwise, they get treated as generic XML files. No, a standard XML
tag, followed by <dump>, isn't a *perfect* magic number, but if you
*really* want to read it as a generic XML file, you can do so from the
UI.
(This is just like TNEF files.)
Change-Id: I7624023ecf87a21ef339222c89b3c9abd7acc727
Reviewed-on: https://code.wireshark.org/review/14656
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This takes away much of the pain (and merge conflicts) of micro-managing every
sub-folder file.
Change-Id: I7d7bb1173511ec9312ca4a97c6a59a26b0b194f4
Reviewed-on: https://code.wireshark.org/review/14595
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Add pkg-config 0.29.1 macros to our distribution. This makes the
aclocal-flags script obsolete, since we are already not using GLib
autoconf macros.
ACLOCAL_AMFLAGS need only be defined on the top-level Makefile.am.
Change-Id: Idd868dcfeb8f279517970d0f96d9d53e3a7e4d5c
Reviewed-on: https://code.wireshark.org/review/14568
Reviewed-by: João Valverde <j@v6e.pt>
Issue found by Clang (Assigned value is garbage or undefined).
Change-Id: I9a3ab41dd01becbd454af02f2567ea3a2beeba40
Reviewed-on: https://code.wireshark.org/review/14399
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make a more formal method for registering options within a block and do it all with a single function (wtap_optionblock_add_block).
Add ability for block to be able to write itself, refactored out of pcapng.c. This was implemented for SHB, ISB, and IDB blocks. Name resolution (NRB), while possible, seemed a little messy for the moment.
Change-Id: Ie855c8550c7c7d96cfc188c0cd90bfbc4d5f0ee8
Reviewed-on: https://code.wireshark.org/review/14357
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also required mergecap to look for plugins to initialize wiretap option blocks.
Change-Id: I4208d1028dd0f94f185393801d72025329266cb7
Reviewed-on: https://code.wireshark.org/review/14300
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't treat it like a GList
Bug: 12220
Change-Id: I057649a26d135516c6e8d4fb028c6cb9dcda2e7c
Reviewed-on: https://code.wireshark.org/review/14326
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use pkg-config if a zlib.pc file is available.
Remove the now redundant AC_TRY_LINK_FUNC test (there are no linker flags
for GTK+ here).
Change-Id: I7de744749eba7231ae0097b975144b76ffcf1bdb
Reviewed-on: https://code.wireshark.org/review/14263
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I52de10a1d96b6ef7294ad8be9ec9195defca4b53
Reviewed-on: https://code.wireshark.org/review/14266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12173
Change-Id: Ifff28491073d50e088b26847830a3bc8835f4282
Reviewed-on: https://code.wireshark.org/review/14180
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12174
Change-Id: I82eb0ac75f2e03f15c2f016e9b7ff72fdc7044f5
Reviewed-on: https://code.wireshark.org/review/14179
Reviewed-by: Michael Mann <mmann78@netscape.net>
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Icf0831717de10fc615971fa1cf75af2f1ea2d03d
Reviewed-on: https://code.wireshark.org/review/14150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If it's 0x1A2B3C4D, that means it has the same byte order as the
instruction set for which Wireshark was built[*]; if it's 0x4D3C2B1A, it
means it has the opposite byte order. (We assume no "middle-endian"
machines here; it's extremely unlikely that any of this code will ever
work on a PDP-11.)
Wireshark *does* work on big-endian machines (if there are any places
where it doesn't, those are bugs that must be fixed), so we can't assume
that "same byte order as our instruction set" means "little-endian".
[*]If, for example, you run a PowerPC binary under Rosetta, it'll act as
if big-endian is the native byte order, even though it's running on a
little-endian machine.
Change-Id: Ic438bd85c034f1fba276408ba30214d7078121d1
Reviewed-on: https://code.wireshark.org/review/14133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't use the byte order from any previously-seen SHB, as it might be
different.
Bug: 12167
Change-Id: I19a81f81f2e8115938387487e2682b8b11a100fe
Reviewed-on: https://code.wireshark.org/review/14131
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to allocate an WTAP_OPTION_BLOCK_IF_DESCR option block;
don't use the value we allocated.
We must not allocate an WTAP_OPTION_BLOCK_IF_STATS option block until we
need it, as we may have to allocate *more than one* of them here! The
old code would reuse the same block, adding it more than once, causing a
"freeing already freed data"/"freeing non-allocated data" error on some
platforms.
Change-Id: I8582627c1f5deecfd4f6490dcdf8c31ee3809d12
Reviewed-on: https://code.wireshark.org/review/14130
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The S1 code works similarly to the S2/S3 code, and has the same issue.
Change-Id: I288e30ccdf67d8a6daec8c8428c0f703e18ecc89
Reviewed-on: https://code.wireshark.org/review/14127
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The 1 is for the byte written with vht_ndp_flag; the 16 is for the PLCP
header. Separate them out; no change to the actual code (as any
compiler worth its salt would do constant folding).
Change-Id: I5e081c67e605203153270ed9a3f9e30b9e9b968c
Reviewed-on: https://code.wireshark.org/review/14125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Commit v1.99.10rc0-316-gf28e23f added some additional room for the 16
byte PLCP header and 1 byte L1P. These are however not part of the
remaining data, only the header.
Bug: 11795
Change-Id: Ia6935d27366a07f818f147c9094a801429b049e2
Reviewed-on: https://code.wireshark.org/review/12240
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
Some only allow buffer overruns (read), others also buffer overflows
(write).
Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).
Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
João Valverde