time_t suffices in that case.
Change-Id: Ica7a79fb6f8c7cc7fb6decd5fcd391dccfdb3fc6
Reviewed-on: https://code.wireshark.org/review/7440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use nstime_t rather than struct timeval when we want
seconds-and-fractions, so that, when writing the file, we can handle
nanosecond-resolution time stamps. Calculate the relative time stamp as
a 64-bit integer rather than using floating-point.
Use time_t rather than struct timeval if we only want seconds.
Have the routines that write out 16-bit and 32-bit numbers convert them
to little-endian themselves, rather than having to be passed a
little-endian number.
Have a routine that writes out 48-bit values in little-endian order, and
use that to write out packet time stamps.
Change-Id: Ia6e047079e48915647502178e0a1c61177010c62
Reviewed-on: https://code.wireshark.org/review/7438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Provide {FULL,PART}SIZEDEFV10 macros, similar to what's provided for the
other versions, containing the code to set the packet length and
captured data length, and use the TRACE_V10_REC_LEN_OFF() macro directly
after that to set the various length and offset values in the
pseudo-header.
Change-Id: I3513371057601b44821d89ebaa7565ab370a67f5
Reviewed-on: https://code.wireshark.org/review/7393
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need to export them outside this file, and making them constants
might convince the compiler not to bother fetching their values from
memory when referring to them.
Change-Id: Ib8605bf0bb9091721a51827c45fe75d19a15ba26
Reviewed-on: https://code.wireshark.org/review/7378
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way it'll set the captured length and reported length the same way
it's done in the read routine.
Change-Id: I8b1f2d0d8fa688f44b6f61f16dc2e21b5648fc12
Reviewed-on: https://code.wireshark.org/review/7376
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename the V10 PACKET_DESCRIBE()'s "fpp" argument to "type", and have it
declare the pointer variable.
Change-Id: I3ac52ebdef0aec7bc95052277537185132886b57
Reviewed-on: https://code.wireshark.org/review/7374
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move it in the argument list, and use it instead of a hard-coded 10
(even though it's always passed as 10), to match the other
PACKET_DESCRIBE() macros.
Change-Id: Idd0a23a58cc6bb0d2de799b039db776d279cc03e
Reviewed-on: https://code.wireshark.org/review/7372
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The name "type" is thrown around to mean both a version number and a
part of a structure member, and some other macros use "ver" for the
version number; try to make things a little less inconsistent.
Change-Id: I61405cf41cca43fe607154af7498944c5ec0ef11
Reviewed-on: https://code.wireshark.org/review/7370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Makes the various flavors of that macro more similar.
Change-Id: Ie95ee8db0b226458146b055b54b7d61835f1e508
Reviewed-on: https://code.wireshark.org/review/7368
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A bit of regularization.
Change-Id: I60e0bd50891e1ba3e9c40f8d1d14d63534e08138
Reviewed-on: https://code.wireshark.org/review/7364
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use that rather than TYPE or acttype (to indicate that it's a header
version number to use as the "xxx" in NSPR_HEADER_VERSIONxxx, and to use
the same name throughout).
Change-Id: I14cfc819e44ce4388c27d521a1256dec8d80df2e
Reviewed-on: https://code.wireshark.org/review/7361
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like the read routine.
Change-Id: If6bd98bea15f1c8dc7454a5dac0ea57920bddc8c
Reviewed-on: https://code.wireshark.org/review/7355
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it even more like V2x and V3x and slightly less unclear.
Change-Id: I798ead123ba6418be0252067773a951390e26ce8
Reviewed-on: https://code.wireshark.org/review/7353
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have it set the record type and initialize the presence bits.
That makes it a bit more like V2x and V3x, and makes the code slightly
less unclear.
Change-Id: Ibfbe2143b24a68c3fa3f576616fde81918b01feb
Reviewed-on: https://code.wireshark.org/review/7351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes the code slightly less unclear. (You are in a maze of twisty
little C macros, all different.)
Change-Id: I9f1bcc7a9a1a7afe87ede8b1ba513e3d8e53845c
Reviewed-on: https://code.wireshark.org/review/7349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
gcc5 complains about the issue below, so add a trivial fixup.
CC libwiretap_la-pcap-common.lo
pcap-common.c: In function 'pcap_byteswap_nflog_pseudoheader':
pcap-common.c:1290:30: error: logical not is only applied to the left hand side of comparison [-Werror=logical-not-parentheses]
if (!(nfhdr->nflog_version) == 0) {
^
cc1: all warnings being treated as errors
Change-Id: I9f5b090ffd564f203cc3fb4ff302f2e4752865f0
Reviewed-on: https://code.wireshark.org/review/7336
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If a file type has a list of "typical" extensions, and a file has an
extension that is *not* one of those extensions, the file is unlikely to
be of that type.
For files that have extensions, after we try the heuristics that have a
list of "typical" extensions that includes the file's extension, try the
heuristics that have no such list, and after that try the heuristics
that have such a list but where the list *doesn't* include the file's
extension.
This fixes, for example, some cases where non-PacketLogger files were
getting identified as PacketLogger files.
Change-Id: I2d8c3b983ed6ccd692beb888668f77eb9b5f437b
Reviewed-on: https://code.wireshark.org/review/7315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't want to encourage people to add to those lists, we want to
encourage people to subtract *from* those lists (either by fixing
warnings or, if an infelicitous API, or an infelicitous declaration of
an API on some platforms, or a program generator that doesn't take
sufficient care to avoid warnings - I'm looking at *you*, Flex - makes
it impossible to fix without introducing other problems, using the
DIAG_OFF()/DIAG_ON() macros if possible). Eliminate the empty lists, to
make it harder to fill them up again.
Change-Id: I298d07952c0cb1842a4ea71ba7e07c68e94a04e9
Reviewed-on: https://code.wireshark.org/review/7229
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libjsmn has also been moved from epan/ to wsutil/ to make it visible from wiretap.
Change-Id: I59abb3419acb1baa83194b38152d3651ed5c123c
Bug: 10878
Reviewed-on: https://code.wireshark.org/review/6716
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
That's a little cleaner, and lets us preserve the LINKTYPE_ value for
DLT_LOOP captures. ("Preserve" here doesn't mean "write files with a
link-layer header type of 12", as that's ambiguous; we write it with a
link-layer header type of LINKTYPE_LOOP, i.e. 108. If programs on
OpenBSD don't recognize that as DLT_LOOP, that's a bug in OpenBSD's
libpcap or in the program.)
Change-Id: I48a2e04aed41c013823ffb5c588d2a8e8b376e15
Reviewed-on: https://code.wireshark.org/review/7143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, explicitly check for particular build platforms. This means
that the interpretation of the link-layer type values with different
meanings on different platforms won't be dependent on the particular
version of libpcap with which Wireshark happens to be built, and also
means that we don't have to fix pcap-common.c to include pcap.h or
net/bpf.h.
Fix some comments while we're at it.
Bug: 10956
Change-Id: If331d9b92081fb0bdf416620fb2ad8dce57dea6b
Reviewed-on: https://code.wireshark.org/review/7140
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: If7a6f2697be732ae4f94ed8b845fd293c32510f7
Also: tabs-stops should be 8
Reviewed-on: https://code.wireshark.org/review/7100
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Due to an off-by-one error an invalid ISB interface ID could make us
fetch past the end of a GArray. Found using American Fuzzy Lop.
Bug: 10895
Change-Id: I7d4049ad7a386ae7e8013b8e741d54a31f353f1f
Reviewed-on: https://code.wireshark.org/review/6798
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Fix errors found by American Fuzzy Lop's afl-gcc
(http://lcamtuf.coredump.cx/afl/):
peektagged.c:
error: 'fileVersion' may be used uninitialized in this function
packet-h223.c:
error: variable 'circuit_id' might be clobbered by 'longjmp' or 'vfork'
wslua_proto.c:
error: variable 'd' might be clobbered by 'longjmp' or 'vfork'
wslua_proto.c:
error: variable 'dt' might be clobbered by 'longjmp' or 'vfork'
Change-Id: Idd74a3ad7b236d3a8756c1e7e917b1c74143f381
Reviewed-on: https://code.wireshark.org/review/6767
Reviewed-by: Gerald Combs <gerald@wireshark.org>
CMake now generates local copies of .rc files for all the Windows
components and uses the files in the build of the components.
The .rc.in files that include an icon were modified to allow the icon
path to be set by CMake. The path is removed for nmake builds.
Updated build architecture detection, required for wireshark.manifest.in
Change-Id: I7b1ff43050e9b0efb861d1041636fb4aef49a4f8
Reviewed-on: https://code.wireshark.org/review/6482
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Instead, have a special macro using the size of the header structure to
find the offset of the packet data.
This means that:
1) you don't have to throw "-{size of data member}" into the
macros that calculate the sizes of the header structures;
2) you don't have a bunch of randomly-chosen data field sizes;
3) you don't have sizes of 0, which cause problems with
compilers that don't support zero-length arrays;
4) you don't have some apparently-incorrect "-{size of data
member}" values (if they're correct, please fix the structure
definitions).
Change-Id: Iea368b83fa2d184bd6df453d51756e4749714e2c
Reviewed-on: https://code.wireshark.org/review/6082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bluetooth dissector is used to add ability to filter all bluetooth
payload from capture files (there are many transport like:
hci_h4, hci_h1, hci_usb, hci_mon, btle). Also it is used to placeholder for
all data tree used to store additional informations like bd_addrs, names, etc.
Finally it is used to be one point for Bluetooth
Endpoints/Conversation filtering what is enabled now.
Also add Master/Slave Role and Connection Mode tracking.
Change-Id: I67048080fb8ee16fa0f4ec429c1257de81ddd737
Reviewed-on: https://code.wireshark.org/review/5771
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
That indicates that it's a problem specific to *writing* capture files;
we've already converted some errors to that style, and added a new one
in that style.
Change-Id: I8268316fd8b1a9e301bf09ae970b4b1fbcb35c9d
Reviewed-on: https://code.wireshark.org/review/5826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
WTAP_ERR_UNSUPPORTED_ENCAP means "I can't *write* that particular
encapsulation type to a file of this format", which mainly means "that
file format simply can't handle packets of that type";
WTAP_ERR_UNSUPPORTED means "this file can't currently be supported by
Wireshark, as there's some feature in the file - such as a file or
per-packet encapsulation type - that we don't (yet) handle".
Change-Id: I53cadf9913d20efb2bccb29f61877b71d53807be
Reviewed-on: https://code.wireshark.org/review/5794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fail with an "unsupported encapsulation" error for MTP2 and SSCOP,
rather than just returning "unknown encapsulation", and fail with that
if the encapsulation isn't filled in as well, although that might be a
deeper problem.
(Not that people should be handing text output files from K12 analyzers
anyway - they should hand us RF5 files and, if we can't handle their
file, file a bug and give us the file so we can further reverse-engineer
the format.)
Change-Id: I6bbd5f81787d69bd3b41eaedf2893d179f11ad6a
Reviewed-on: https://code.wireshark.org/review/5792
Reviewed-by: Guy Harris <guy@alum.mit.edu>
pcapng_read_block() never sets *err_info if it returns
PCAPNG_BLOCK_NOT_SHB - that happens on an EOF, a short read, or on a
successful read of something that doesn't look like an SHB.
Change-Id: I23ad6aa1c95d800b068a798a4aad1d70d07ac281
Reviewed-on: https://code.wireshark.org/review/5686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We only create hash tables if somebody puts a handler in one, so we need
to check whether the hash table exists first, to avoid run-time warnings.
Change-Id: I739d2d808935e651b11bd44b258f168a42ca4b7c
Reviewed-on: https://code.wireshark.org/review/5683
Reviewed-by: Guy Harris <guy@alum.mit.edu>