REC_TYPE_PACKET is 0, so if it's been initialized to 0, and never gets
overwritten, this fixes code withotu fixing a visible bug, but it should
be done anyway.
Make the variable into which we put the return value of
wtap_block_get_nth_string_option_value() a wtap_opttype_return_val, as
that's the type of the return value - it's not a boolean, it's a status
code with multiple values.
Explicitly check that value against WTAP_OPTTYPE_SUCCESS. Yes,
WTAP_OPTTYPE_SUCCESS is 0, so
if (xxx)
is equivalent to
if (xxx != WTAP_OPTTYPE_SUCCESS)
but it's better to make it explict, so it's clear that it's checking for
failure.
If the two putative number-of-records values don't match (meaning one of
them is presumably the number of records and the other one isn't - we
don't know which is the case), free up the private data structure we
allocated before returning an error.
Replace most instances of ws_debug_printf() except in
epan/dissectors and dissector plugins.
Some replacements use printf(), some use ws_debug(), and
some were removed because they were dead or judged to be
temporary.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
The secs field is a time_t, which is not necessarily 32 bits. If it's
not, casting away the upper bits, by casting to guint32, introduces a
Y2.038K bug.
Either cast to time_t or, if you're assigning a time_t to it, don't
bother with the cast.
Calling cmake with -DENABLE_VLD=ON when building with Visual Studio,
results in debug configuration being linked to Visual Leak Detector.
By default, Visual Leak Detector outputs the leak summary to Visual
Studio debug window. When ENABLE_VLD is active, VLD is linked to all
wireshark libraries and executables.
Drop in the comment from libpcap about version 1.2 (I wrote that
comment, and generously double-license it under the BSD license and the
GPL :-)).
Redo the version test as
if (!({version is one we handle}))
to match the way it's done in libpcap.
- parse the number of system call arguments in a way that works for both V1 and V2 event blocks
- returned the correct error string when unable to read the nparams entry from a sysdig event block V2
Update the pcap-ng reader and sysdig event dissector to support the second version of the sysdig event block, which was introduced after Wireshark's original implementation
All the NetMon reading code does is initialize the pseudo-header; the
bulk of the work is done in the dissector. Give the dissector its own
pseudo-header structure, and do the initialization there.
That's the way other packet formats in which the 802.11 radio metadata
is a header at the beginning of the packet data, such as radiotap, work.
The '/codecs' dir was removed in g63af1da7e7.
Avoid using include_directories(), prefer target_include_directories().
Remove some unnecessary CMAKE_CURRENT_*_DIR includes and some other
small cleanups while at it.
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
Add comments in various switch statements warning people *not* to add
standardized block types or option codes that aren't in the pcapng spec.
If you want a standardized block or option type, go through the
standards process.
Only a tiny amount of code outside libwiretap needs to know about
pcap/pcapng LINKTYPE_ values, and all that code needs to know is, for a
given LINKTYPE_ value, what the corresponding WTAP_ENCAP_ value is.
Nothing should need to know, for a given WTAP_ENCAP_ value, what its
LINKTYPE_ value is.
Make it the case that nothing *does* need to know, for a given
WTAP_ENCAP_ value, what its LINKTYPE_ value is. Export
wtap_dump_can_write_encap() and use *that*, in the "import hex dump"
code, what formats can be written to a pcap file.
Add missing entries, regularize the descriptions, etc..
Note that pcap and pcapng are the native formats.
Fix various issues.
Update the editcap -F output to match urrent reality.
While we're at it, sort the libwiretap modules, putting observer.c in
the right place.
Name the source to the code to read Observer files after the file
format, not the company that created it, got bought by JDSU, and then
ended up in Viavi when JDSU split.
Refer to the file format as "Viavi Observer" to reflect that.
Let individual file type/subtype modules register their
backwards-compatibility names, rather than having a centralized table
that would need to be updated along with the module.
We don't need to initialize first_section before calling
pcapng_read_section_header_block(); it doesn't depend on it being
initialized, and sets byte_swapped, version_major, and version_minor if
what it reads is a valid SHB, so we don't need to set those in
pcap_open().
We don't need to set shb_off until we've deemed this to be a pcapng
file, so do so at the same point that we initialize
We also don't need to initialize wblock until we call
pcapng_read_section_header_block(), so do so all in one place.
Instead of pcapng_open() calling pcap_block_read() to do all the work of
reading the initial SHB, have it do the read of the initial SHB itself,
by calling the same routines that pcap_block_read() calls.
That way, pcap_block_read() doesn't have to be prepared to be called to
read that block, so it can treat all issues with an SHB that it reads as
errors, rather than possibly reporting them as "not a pcapng file", and
it doesn't have to support being called without a pointer to the
pcapng_t for the file being read, as it no longer ever is. It can now
just return a gboolean success/failure indication.
That makes pcapng_open() a little more complicated but it makes
pcap_block_read() less complicated.
Fix some use of : as ' in comments while we're at it.
Pass a null pointer to pcapng_read_block(), instead. In
pcapng_read_block(), treat that as the indication that we're trying to
read the purported first SHB, rather than treating a null section_info
pointer as that indication.
This addreses one, but not all, of the problems reported in issue #17281.
Use the data rate and channel to determine 11b vs. 11g vs. 11a for:
* Aruba Networks encapsulated remote mirroring;
* Prism headers;
* *Peek remote protocol;
* Network Instruments^W^WViavi Observer;
* *Peek classic format;
* Shomiti Surveyor.
Note why we *don't* need to do that for NetMon captures.
Do more fixups of the "phy" based on the data rate, so that it reflects
the modulation used for the packet.
Note, in comments, why we're doing this, and that there's no reiable
way, in radiotap, to determine the type of channel on which capturing is
being done, as some packet providers use the channel field to indicate
the channel type and others use it to indicate the modulation.
Only provide the "short preamble" for "11b", as that's now being used to
mean "DSSS modulation" - packets on an 11g channel will be marked as
"11g" if they're OFDM or "11b" if they're DSSS.
Make some other cleanups while we're at it.
João Valverde