Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The loop was using bytes_read, but wasn't setting it. Go back to
something similar to the previous loop condition, but don't lose the
error tests.
Fixes Coverity CID 1403388.
Change-Id: I557cbfa6e9ad81491af4fc90e85ce87c71fec8aa
Reviewed-on: https://code.wireshark.org/review/20776
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Makes Windows vscodeanalysis a little happier.
Change-Id: Ie744e91ab3f2a9744ae21c932ab6ea25467ad2fa
Reviewed-on: https://code.wireshark.org/review/20724
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, if we return WTAP_OPEN_ERROR from an open routine after we've set
our close routine, that routine is called, which frees up our private
data structures; don't free them ourselves before returning
WTAP_OPEN_ERROR.
Change-Id: I03eebe1a1677e2161fdacec8de14668093cf03a3
Reviewed-on: https://code.wireshark.org/review/20522
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 13478
Change-Id: I6be2972979ff7cabf27e70d236c581d539d6ddac
Reviewed-on: https://code.wireshark.org/review/20515
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The maximum record length is 255*128 + 127 = 32767; that fits in a
guint32, which is large enough to support the biggest packet we'd ever
support without stretching several size values to 64 bits.
It's not a size of an object in memory, so it doesn't have to be a
size_t, and a size_t could be too large to fit in the record sizes we're
using.
Just cast to guint32.
Change-Id: Ie664fda3ce9945893fd992bbb9a81a5d632a3fcb
Reviewed-on: https://code.wireshark.org/review/20479
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When vmnames are included in the header of a netscaler packet trace,
number of bytes equal to the size of vmnames is omitted from the packet,
by the dissector.
Bug: 13459
Change-Id: I0f907e9c2e08c1cbebd47f7e50d8284a6aaade59
Reviewed-on: https://code.wireshark.org/review/20446
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The record size fields are guint8, but NSPR_V20RECORDSIZE_2BYTES was
0x80, which has type int, promoting the result to int. Make it 0x80U,
which means everything is unsigned.
This squelches a compiler warning.
Change-Id: I1c63e485352a90c7f675ab0dacaaeba794235b35
Reviewed-on: https://code.wireshark.org/review/20344
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do the check early in the process of processing the record, and do it
for all record types.
Bug: 13429
Change-Id: Id7f4d12415c6740241850d8f873cff52909e7110
Reviewed-on: https://code.wireshark.org/review/20330
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Records in a properly formatted NetScaler file shouldn't go past the end
of a page, but nothing guarantees that a NetScaler file will be properly
formatted.
NetScaler 3.x files allow record bodies to go past the end of a page,
but 1.x and 2.x files don't, so treat record headers that go past the
end of a page, and record bodies in 1.x and 2.x files that go past the
end of a page, as errors.
Clean up some stuff while we're at it.
Bug: 13430
Change-Id: I3b1d56086e3bb14b246406f306e3d730df337561
Reviewed-on: https://code.wireshark.org/review/20326
Reviewed-by: Guy Harris <guy@alum.mit.edu>
These file formats have 16-bit packet lengths, so, even with some extra
metadata added, the packet data length will never be bigger than
WTAP_MAX_PACKET_SIZE. (No, we won't ever reduce WTAP_MAX_PACKET_SIZE.)
Change-Id: I9e1b1d90971f91cc6e5d66d0aa93841445b2bc22
Reviewed-on: https://code.wireshark.org/review/15186
Reviewed-by: Guy Harris <guy@alum.mit.edu>
in size.
Wireshark/Tshark hangs when netscaler trace file smaller than 16KB is opened.
It also hangs when a gzipped trace file is opened. With this fix,
Files with sizes that are not multiple of 16KB and gzipped files can be opened.
Bug: 12083
Change-Id: I26b2fc406edafcb2f1f6161d69064ba5662ddf29
Reviewed-on: https://code.wireshark.org/review/13721
Reviewed-by: Michael Mann <mmann78@netscape.net>
The offsetof() macro is an ANSI C library feature.
Change-Id: I2ac91b0b4c94c6f6baf14133b076fdc5ed2e182b
Reviewed-on: https://code.wireshark.org/review/12707
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only this issue with a netscaler trace file
Bug: 11248
Change-Id: I2bc2cae5c988eeff7bdd08471bf421faafcd4e73
Reviewed-on: https://code.wireshark.org/review/8672
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ica74f3f9239a96486967cf248feb4313bc390734
Reviewed-on: https://code.wireshark.org/review/7751
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Create TIMEDEFV10() and, for it and for V20, V21, and V22, undefine the
ones used for the read routine and define dummy ones for the read-seek
routines (as those record formats have relative, not absolute, times).
Have all of them set presence_flags.
That way:
1) if we *can* set the time stamps in the seek-read routine, we do;
2) we always set presence_flags in read and seek-read routines.
Change-Id: I837507245e8a0cbc68c7c5fd8365f474d085488e
Reviewed-on: https://code.wireshark.org/review/7445
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Provide {FULL,PART}SIZEDEFV10 macros, similar to what's provided for the
other versions, containing the code to set the packet length and
captured data length, and use the TRACE_V10_REC_LEN_OFF() macro directly
after that to set the various length and offset values in the
pseudo-header.
Change-Id: I3513371057601b44821d89ebaa7565ab370a67f5
Reviewed-on: https://code.wireshark.org/review/7393
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need to export them outside this file, and making them constants
might convince the compiler not to bother fetching their values from
memory when referring to them.
Change-Id: Ib8605bf0bb9091721a51827c45fe75d19a15ba26
Reviewed-on: https://code.wireshark.org/review/7378
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way it'll set the captured length and reported length the same way
it's done in the read routine.
Change-Id: I8b1f2d0d8fa688f44b6f61f16dc2e21b5648fc12
Reviewed-on: https://code.wireshark.org/review/7376
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename the V10 PACKET_DESCRIBE()'s "fpp" argument to "type", and have it
declare the pointer variable.
Change-Id: I3ac52ebdef0aec7bc95052277537185132886b57
Reviewed-on: https://code.wireshark.org/review/7374
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move it in the argument list, and use it instead of a hard-coded 10
(even though it's always passed as 10), to match the other
PACKET_DESCRIBE() macros.
Change-Id: Idd0a23a58cc6bb0d2de799b039db776d279cc03e
Reviewed-on: https://code.wireshark.org/review/7372
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The name "type" is thrown around to mean both a version number and a
part of a structure member, and some other macros use "ver" for the
version number; try to make things a little less inconsistent.
Change-Id: I61405cf41cca43fe607154af7498944c5ec0ef11
Reviewed-on: https://code.wireshark.org/review/7370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Makes the various flavors of that macro more similar.
Change-Id: Ie95ee8db0b226458146b055b54b7d61835f1e508
Reviewed-on: https://code.wireshark.org/review/7368
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A bit of regularization.
Change-Id: I60e0bd50891e1ba3e9c40f8d1d14d63534e08138
Reviewed-on: https://code.wireshark.org/review/7364
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use that rather than TYPE or acttype (to indicate that it's a header
version number to use as the "xxx" in NSPR_HEADER_VERSIONxxx, and to use
the same name throughout).
Change-Id: I14cfc819e44ce4388c27d521a1256dec8d80df2e
Reviewed-on: https://code.wireshark.org/review/7361
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like the read routine.
Change-Id: If6bd98bea15f1c8dc7454a5dac0ea57920bddc8c
Reviewed-on: https://code.wireshark.org/review/7355
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it even more like V2x and V3x and slightly less unclear.
Change-Id: I798ead123ba6418be0252067773a951390e26ce8
Reviewed-on: https://code.wireshark.org/review/7353
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have it set the record type and initialize the presence bits.
That makes it a bit more like V2x and V3x, and makes the code slightly
less unclear.
Change-Id: Ibfbe2143b24a68c3fa3f576616fde81918b01feb
Reviewed-on: https://code.wireshark.org/review/7351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes the code slightly less unclear. (You are in a maze of twisty
little C macros, all different.)
Change-Id: I9f1bcc7a9a1a7afe87ede8b1ba513e3d8e53845c
Reviewed-on: https://code.wireshark.org/review/7349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, have a special macro using the size of the header structure to
find the offset of the packet data.
This means that:
1) you don't have to throw "-{size of data member}" into the
macros that calculate the sizes of the header structures;
2) you don't have a bunch of randomly-chosen data field sizes;
3) you don't have sizes of 0, which cause problems with
compilers that don't support zero-length arrays;
4) you don't have some apparently-incorrect "-{size of data
member}" values (if they're correct, please fix the structure
definitions).
Change-Id: Iea368b83fa2d184bd6df453d51756e4749714e2c
Reviewed-on: https://code.wireshark.org/review/6082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That indicates that it's a problem specific to *writing* capture files;
we've already converted some errors to that style, and added a new one
in that style.
Change-Id: I8268316fd8b1a9e301bf09ae970b4b1fbcb35c9d
Reviewed-on: https://code.wireshark.org/review/5826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Version 3's time stamps are all absolute, so we can directly use the
value in the file; we don't need to keep track of the time in the
private data structure, and some compilers issue warnings due to setting
it and then not using the value to which we set it.
Change some names and indentation to match other file versions while
we're at it.
Change-Id: I97698d933b87a8ad58d9e88ceedd75004797df69
Reviewed-on: https://code.wireshark.org/review/4596
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean up some things we ran across while making those changes.
Change-Id: Ic0d8943d36e6e120d7af0a6148fad98015d1e83e
Reviewed-on: https://code.wireshark.org/review/4581
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Unlike the standard I/O routines, the code we introduced that supports
fast random seeking on gzipped files will always supply some specific
error code for read errors, so we don't need WTAP_ERR_CANT_READ.
Add WTAP_ERR_CANT_WRITE for writing, as we're still using the standard
I/O routines for that. Set errno to WTAP_ERR_CANT_WRITE before calling
fwrite() in wtap_dump_file_write(), so that it's used if fwrite() fails
without setting errno.
Change-Id: I6bf066a6838284a532737aa65fd0c9bb3639ad63
Reviewed-on: https://code.wireshark.org/review/4540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris