pcap_read_block() takes err and err_info arguments, and sets them on
error; no need to call file_error() if pcap_read_block() fails.
Change-Id: I33b96d31395bf7d66abdecbebd5cf775e8662004
Reviewed-on: https://code.wireshark.org/review/4209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If file_read() doesn't return the exact number of bytes you asked for,
and you really need all those bytes to be there, you have to call
file_error() to find out what the problem is.
Change-Id: I4cc87bc1b6cc5a49bbcbf93b56106f57af290d20
Reviewed-on: https://code.wireshark.org/review/4205
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If it fails due to, for example, the file being gzipped and having a bad
gzip CRC, the error returned is WTAP_ERR_DECOMPRESS and, for that error,
err_info is expected to be set to a string giving details of the
problem, so we need to pass back to our caller the string in question.
Bug: 10484
Change-Id: I3aa2a92d04fcc08946ff073a40efa708079bbb3e
Reviewed-on: https://code.wireshark.org/review/4201
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I don't know why it was unavailable at some point, but it appears to be
available again. Update the comment to reflect that.
Change-Id: I7dc1fcb554e73d3b0fc2bd2fbdf6235e791a4253
Reviewed-on: https://code.wireshark.org/review/4200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ied0778af9d5ff0e49c6efd4ea9411ae1a72cb8e5
Reviewed-on: https://code.wireshark.org/review/4190
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add all logcat format like brief, threadtime, long, etc. when try to save
logcat logs where there is EXPORTED_PDU layer.
Change-Id: I338f0bbd46dd8db984efc1c03980c7e9c7401a44
Reviewed-on: https://code.wireshark.org/review/4164
Reviewed-by: Michal Orynicz <michal.orynicz@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Check the input pointer in the while clause of the loop, so that we
handle an empty input buffer.
When reading a bit mask, check before fetching the bit mask that we have
two bytes of bit mask and the byte after it.
Before putting an uncompressed input byte into the output, make sure we
wouldn't run past the end of the output buffer.
Before copying an earlier string from the output buffer, make sure it
doesn't run past the end of the data we've decompressed so far.
Bug: 10461
Change-Id: I8bb8d0d291368ae8bf0ac26970ff54d3262a7e6e
Reviewed-on: https://code.wireshark.org/review/4083
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We probably won't get files that big, but let's at least be prepared;
that squelches some compiler warnings.
Change-Id: Ia43ff78af7df63c7204c41d8331fea946de63116
Reviewed-on: https://code.wireshark.org/review/4015
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When trying to guess what type of capture a file is, look for as many
bogosities (caplen > len, microseconds >= 10^6/nanoseconds >= 10^9,
too-high caplen, too-high original len, caplen > snapshort length), to
increase the chances of guessing correctly.
(Every time somebody uses 0xa1b2c3d4 as the magic number for a capture
file that isn't standard pcap format, God kills a kitten. Please, think
of the kittens.)
Change-Id: I3f397d598ed61dc82e2832be30452ebe8ace98e8
Reviewed-on: https://code.wireshark.org/review/3808
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's *NOT* an error; it's just a file that isn't a NetScaler file.
Otherwise, we report errors on files that should just be passed on to
other open routines.
Also, NetScaler files are *NOT* text files, and we should *NOT* use
".txt" as the suffix.
Change-Id: If001abbbbc3de3ea27439a44a47ce1d6071d38ae
Reviewed-on: https://code.wireshark.org/review/3678
Reviewed-by: Guy Harris <guy@alum.mit.edu>
-1 means "I got an error reading this file, so there's no point in
trying any more open routines". It doesn't mean "I couldn't find any
matching pattern in the text"; that's 0, for "this isn't my type of
file, but keep trying".
Change-Id: I9d2e8b8fe6720052cacf70f0bacdcbc1175202cc
Reviewed-on: https://code.wireshark.org/review/3674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
* fix exporting "beginning of" frame logs into info field
* add missing "Failure" level to regexp in wiretap part
* remove usage of GDateTime from wiretap part
Change-Id: Ibdea730623241cccbbc1694a34daa308e48c0a89
Reviewed-on: https://code.wireshark.org/review/3493
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Wireshark already supports reading and writing logcat
logs saved in binary files. Binary format, although
better, is used less often than saving those logs to
text files.
This patch extends wireshark's support for android logcat
logs to reading and writing logcat logs in text files.
Features:
* support for tag, brief, process, thread, time, threadtime
and long formats
* saving in original format
* it's generally awesome
Change-Id: I013d6ac2da876d9a2b39b740219eb398d03830f6
Reviewed-on: https://code.wireshark.org/review/1802
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In particular, epan/wslua/lrexlib.c has its own buffer_ routines,
causing some linker warnings on some platforms, as reported in bug
10332.
(Not to be backported to 1.12, as that would change the API and ABI of
libwsutil and libwiretap. We should also make the buffer_ routines in
epan/wslua/lrexlib.c static, which should also address this problem, but
the name change avoids other potential namespace collisions.)
Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28
Reviewed-on: https://code.wireshark.org/review/3351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
lseek returns an off_t type which is system-dependent. Use ws_lseek64 in
favor of lseek as that supports 64-bit quanities.
Use ws_fstat64 instead of stat to support 64-bit file sizes on Windows.
For the majority of the changes, this makes no difference as they do not
apply to Windows ("ifndef _WIN32"; availability of st_blksize).
There are no other users of "struct stat" besides the portability code
in wsutil. Forbid the use of fstat and lseek in checkAPIs.
Change-Id: I17b930ab9543f21a9d3100f3795d250c9b9ae459
Reviewed-on: https://code.wireshark.org/review/3198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I really don't understand why MSVC would make the result of this computation an
int64 then complain about down-casting to an int16 when *all* of the
participating variables are int16 or smaller...
Change-Id: I2d9c27ac22b51b10e4872a6640881c8d0ec566e7
Reviewed-on: https://code.wireshark.org/review/3180
Reviewed-by: Evan Huus <eapache@gmail.com>
Exported PDU may contains (Binary) Logcat, so it is possible to
"export" logcat binary from it.
Change-Id: Ic6607126e739ea3972b46c2bf19f064597d4e970
Reviewed-on: https://code.wireshark.org/review/3001
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Otherwise, if you link with both libwiretap and libfiletap, it's
anybody's guess which one you get. That means you're wasting memory
with two copies of its routines if they're identical, and means
surprising behavior if they're not (which showed up when I was debugging
a double-free crash - fixing libwiretap's buffer_free() didn't fix the
problem, because Wireshark happened to be calling libfiletap' unfixed
buffer_free()).
There's nothing *tap-specific about Buffers, anyway, so it really
belongs in wsutil.
Change-Id: I91537e46917e91277981f8f3365a2c0873152870
Reviewed-on: https://code.wireshark.org/review/3066
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That prevents some double-free issues (I got one when doing non-"Update
list of packets in real time" captures, if I do one such capture and
then another one).
Change-Id: Ia08034d9d1640bad21b74960efade8926dbfc5de
Reviewed-on: https://code.wireshark.org/review/3063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The logcat version detector would crash with ASAN enabled because it did
not validate the payload length and hence a payload length of 0 would
trigger out-of-bounds access. (This happened on non-logcat data.)
This patch tries to get rid of all magic numbers by using a structure,
improves the version detector to validate the payload length and
prevents crashes due to missing nul-terminators in the input. Older
Android kernels would create entries with __pad with random contents, so
that cannot be used to determine version for v1. Instead, use heuristics
on the priority, tag and maybe the msg field.
Furthermore, Android is mostly (if not, always?) Little-Endian, so add
conversions where necessary (just in case WS supports BE arches).
"microseconds" has been renamed to "milliseconds" because that is what
they are, actually. A duplicate logcat_log loop has been refactored
such that one loop is sufficient, instead of separate buffers for each
log part, a single one is now used. get_priority does not really need
a pointer, just make it accept a character.
The output has been validated against v1 and v2 logcat binary formats
with __pad (hdr_size) equal to 0, and on attachment 9906.
Change-Id: I46c8813e76fe705b293ffdee85b4c1bfff7d8362
Reviewed-on: https://code.wireshark.org/review/2803
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Pointed out by the Visual Studio code analyzer.
Change-Id: Idd429b4d0fb3db11ce171c3a5b38bdc55cc53c15
Reviewed-on: https://code.wireshark.org/review/2988
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 28719a4e4e.
Most of the change to remove "lib" seems to work, but the list of libraries to sign appears not to be in the source repository, so I can't make that step work.
Change-Id: I32e400593e8a39f582cc702df34eea7f6e9e722a
Reviewed-on: https://code.wireshark.org/review/2972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That combines more common code from the read and seek-read code
paths.
Also, separate out the individual metadata record types, with a comment
for each, to simplify the process of supporting some or all of them in
the future.
Change-Id: Ic8ded397d9550ec6013c1f5f138333b1ef5c37e5
Reviewed-on: https://code.wireshark.org/review/2869
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Strong typing is for weak minds.
Human minds are weak.
Therefore, strong typing is for human minds.)
Change-Id: I2a973b6168235d5d1c7f2a5f8ac79b97b963d846
Reviewed-on: https://code.wireshark.org/review/2863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This addresses part of, but not all of, the issues in bug ten thousand,
one hundred, and ninety:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10190
(I'm spelling it out to make sure Gerrit doesn't think this change
*does* address all the issues in that bug, and mark it as RESOLVED
FIXED; I feel like I have to treat Gerrit as a dog or small child from
whom I'm trying to keep a secret - "honey, I'm taking the dog to the
vee eee tee".)
Change-Id: Ic234130c1ea84cfaf47901485dca775e168f71d0
Reviewed-on: https://code.wireshark.org/review/2859
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The catapult dissector tripped on this random file I had. A quick look
at other dissectors which use a construct like "-1] *= '*\\[rn]" showed
packet-irda too, so fix that as well.
Change-Id: I4b5fadcacd0b09d0fb29bdefc3dd1f28aef9b593
Reviewed-on: https://code.wireshark.org/review/2802
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"g_strlcpy" guarante that "dest" to be null-terminated.
Also cosmetic change from file_subtype to encap.
Change-Id: If188a08cf34dd9def4203404962571c273740636
Reviewed-on: https://code.wireshark.org/review/2718
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Also, make the block of code containing that comment intended
consistently with spaces.
Change-Id: I8e8eb346833662f15c53ece5869b12cc430bad11
Reviewed-on: https://code.wireshark.org/review/2661
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Libpcap 1.6/tcpdump 4.6 will support up to 131072, as the MTU on the
Linux loopback device is 65536 on at least some versions of the kernel,
and that doesn't count the fake Ethernet header, so the maximum packet
size is 65549; they went to the next power of 2 up.
Change-Id: Ibfc66d01ef8ef7387887a75c2b567159bb78ac0f
Reviewed-on: https://code.wireshark.org/review/2655
Reviewed-by: Guy Harris <guy@alum.mit.edu>
checkapi complains about C++-style comments, as some C compilers (IBM
XLC, for one) reject them by default, and gcc -pedantic might do so as
well.
Change-Id: I1719da03d2fed0fe97574e200dd79434b3d760cd
Reviewed-on: https://code.wireshark.org/review/2556
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some dump formats are not exactly what should be done,
so fix them and try to little improve them (mostly by space padding %-8s)
Change-Id: I8ee38479c848abc0a2eaff30ce733e4b60930ac4
Reviewed-on: https://code.wireshark.org/review/2550
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Guy Harris