Support for writing it in live captures will come later; this change,
but not that one, will be backported so older versions of Wireshark
won't remove it when writing a file out.
Change-Id: I9fd4067991acfd2d18c03d0a373ce8337a9f3a76
Reviewed-on: https://code.wireshark.org/review/29064
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't return an error unless we get a read error. If the line could be
read, but isn't a valid text line, that just means it's not an RFC 7468
text file.
Change-Id: I04f48294cac213cf61b8dcb851b99dc6dd776df8
Reviewed-on: https://code.wireshark.org/review/29039
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We call that dissector even for zero-length PSDUs, so the radio
information is shown. We also show the zero-length PSDU type.
We don't call the 802.11 dissector for zero-length PSDU frames.
That way, you don't have to open up the radiotap information to find out
about zero-length PSDU frames, we can support zero-length PSDU
information for other pseudo-headers and file types if they support it,
and taps using the radio information can get zero-length PSDU frame
information.
Change-Id: I7d5da4ea978d8ca4889fc76160f11e3416b4d036
Reviewed-on: https://code.wireshark.org/review/29034
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do some renaming.
Change-Id: If8fa85370014f9618df38d97048dd1c52a4c389f
Reviewed-on: https://code.wireshark.org/review/28918
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the Wiretap code just do a heuristic test to see if the file looks
like a RFC 7468 file and just had the entire blob of raw file data to
the caller, with an encapsulation type of WTAP_ENCAP_RFC7468.
Have a file-rfc7468.c dissector that processes the lines of the file,
displaying all of them. Have it extract the label from the
pre-encapsulation boundary line, and, after it's decoded the
base64-encoded data lines into a blob of data, try handing the tvbuff
with the blob to dissectors that have registered in the
"pem.preeb_label" dissector table with the appropriate label value, and
hand it to the raw BER dissector only if that fails.
This allows some files to have the content dissected as more than just a
raw blob of BER-encoded data.
Change-Id: I98db9f0beb86e5694fb8e886005a2df4fc96ba71
Reviewed-on: https://code.wireshark.org/review/28914
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow forward timestamp deltas up to 1 year, up from 7 days.
Surprisingly this was overly restrictive in some real cases.
Change-Id: I8a4bd1ca791b978aa5d2be40f7f8dd8e23db8837
Reviewed-on: https://code.wireshark.org/review/28882
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Or, at least, use them in the libwiretap file-writing code; we can
change other places to use them as appropriate.
Change-Id: I63af2267a22a158ee23f3359b043913dac0e285b
Reviewed-on: https://code.wireshark.org/review/28783
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Strip off only extensions that correspond to file types we know about;
QFileInfo::baseName() strips off *all* extensions, where "extension" is
"anything preceded by a .", so it turns foo.bar.pcap.gz into foo, not
foo.bar. We don't want that; instead, we strip off only those
extensions that correspond to file types we know how to read, so we'd
strip off .pcap.gz in foo.bar.pcap.gz, and strip off .pcap in
foo.bar.pcap, leaving foo.bar in both cases.
Change-Id: I5385921ad2f0fef815d52e9902fef15735fd9dae
Reviewed-on: https://code.wireshark.org/review/28636
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This should squelch warnings from Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af.
Change-Id: I6803001981c63ddf76a735341ab2cc8dccdb8ab0
Reviewed-on: https://code.wireshark.org/review/28573
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows code to initialize them without having to know the details
of the structure; the initializes should, and will, be changed if the
members of the structure are changed.
Change-Id: I93e6ebfcde9ceca17df696fcba4e8410c5afb175
Reviewed-on: https://code.wireshark.org/review/28501
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it a bit clearer that we don't need to initialize it to zero
before the loop.
This fixes a Dead Store (Dead assignement/Dead increment) Warning found
by Clang.
Change-Id: Iabfc4b47a3c6300814492c37ccfb321afd0c54ea
Reviewed-on: https://code.wireshark.org/review/28374
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Multi-configuration generators (such as Xcode or VS) append the current build configuration to most paths (eg. Debug/Release). Currently this results in inconsistent paths for the application bundle and the included command line tools. This commit sets the correct path information for multi-configuration generators for macOS application bundles. The standard Makefile behaviour is untouched.
One Windows specific configuration was changed, as it was conflicting with these changes. This needs to be checked before merging.
Additionally the wrapper scripts are omitted for Xcode, as the path to the binaries depends on the configuration chosen in Xcode. Therefore it is not viable to create these scripts in the cmake run.
Bug: 11816
Change-Id: Ib43d82eb04600a0e2f2b020afb44b579ffc7a7c9
Reviewed-on: https://code.wireshark.org/review/28291
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extract it into title_length before checking it, and then check the
value of title_length.
Change-Id: I7f2c334dbce5eeaa12cd5d8bb8e289852fd15c4f
Reviewed-on: https://code.wireshark.org/review/28282
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The number being compared against is the amount of data *remaining* in
the comment information, not the *size* of the comment information.
And it's unsigned, so format it with %u.
Change-Id: I5f02302ad4acbc3b27655ff5518e6e56d464020d
Reviewed-on: https://code.wireshark.org/review/28280
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix indentation, and note that the comment "description" (contents) are
RTF (as opposed to plain text).
Change-Id: I668a08c06e39a32318454d2ee73933083c5cb516
Reviewed-on: https://code.wireshark.org/review/28279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
utf_16_to_utf_8() just ignores the extra octet.
Change-Id: I7bf003b674e5d9b0fb0265b0e8c6c142107084e3
Reviewed-on: https://code.wireshark.org/review/28277
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pathnames are not limited to 260 characters in recent versions of
Windows; boost the limit to handle up to 32767 UTF-16 octet pairs worth
of path.
The pathname is in UTF-16-encoded Unicode; convert it to UTF-8 for our
internal use.
Bug: 14876
Change-Id: I4ef19fd47c7dbdd74dcaf31a7a80f432d57dbb0d
Reviewed-on: https://code.wireshark.org/review/28273
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
gd2e0724afc moved our library versions into their own variables named
FULL_SO_VERSION. They're no longer used and interfere with
tools/release-update-debian-soversions.sh so remove them.
Fix some shellcheck warnings in release-update-debian-soversions.sh
while we're here.
Bug: 14778
Change-Id: I0eb0bb4ab4c482bdb8a94f8c18aa04c6c83c781b
Reviewed-on: https://code.wireshark.org/review/28068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The version of Berkeley YACC that comes with NetBSD 7.1 puts a
declaration of ascendlval into ascend.h, even when we're building a
reentrant parser. That causes a shadowing warning.
Suppress some diagnostics before we include ascend.h.
Change-Id: I190f0439c36b48c7dfb19a2fe6cef0eb1e96f198
Reviewed-on: https://code.wireshark.org/review/27917
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A CAM inspector file maintains a global time counter in units of
1us. Set the correct resolution for the packet timestamps.
Keep track of the time counter when the file is loaded and we walk
through the file from start to end. Process timestamp blocks in the
file. Each of those blocks updates a part of the overall time counter.
Change-Id: I138cd8fb287e591b078babc2403a599287df1397
Reviewed-on: https://code.wireshark.org/review/27904
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
g_base64_decode_step will ignore all non-base64 characters, so make sure
we catch such characters ourselves. Otherwise, if we encounter any
non-conforming syntax, we'll parse it as base64 text, and consequently
the BER dissector will receive nonsensical input.
Change-Id: I38294141134626a3d98b5b12837d887492b18102
Reviewed-on: https://code.wireshark.org/review/27653
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We didn't have entries for WTAP_ENCAP_JUNIPER_ST or
WTAP_ENCAP_ETHERNET_MPACKET; add them.
The entry for WTAP_ENCAP_DOCSIS31_XRA31 just called it "DOCSIS31 XRA31",
not "DOCSIS with Excentis XRA pseudo-header", which is a more complete
description. (That field is supposed to be a descriptive word or
phrase, not just a short protocol name.)
Change-Id: Ib2b30fccce2339a12d216466831a1786e14178b7
Reviewed-on: https://code.wireshark.org/review/27671
Reviewed-by: Guy Harris <guy@alum.mit.edu>
sys/stat.h and sys/types.h date back to V7 UNIX, so they should be
present on all UN*Xes, and we're assuming they're available on Windows,
so, unless and until we ever support platforms that are neither UN*Xes
nor Windows, we don't need to check for them.
Remove the CMake checks for them, remove the HAVE_ values from
cmakeconfig.h.in, and remove all tests for the HAVE_ values.
Change-Id: I90bb2aab37958553673b03b52f4931d3b304b9d0
Reviewed-on: https://code.wireshark.org/review/27603
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those should always be reported, as they indicate that a block type
plugin is trying to do something we don't allow.
We should probably have a mechanism by which ws_g_warning() messages are
logged to the standard error for command-line programs, logged to an
error message window for GUI programs, and logged to some form of system
log for daemons. For now, it's a good way to log non-fatal errors that
should always be shown in *some* fashion, as well as to mark messages
that should be handled in the form described in the previous sentence.
Change-Id: Ieedf87fc2dd3184a4466ae69af01f799165c1b70
Reviewed-on: https://code.wireshark.org/review/27519
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissector for the VESA DisplayPort AUX channel protocol.
Bug: 14651
Change-Id: I5c0c7668bda969086d9d6e5069aad87e929f6340
Reviewed-on: https://code.wireshark.org/review/27311
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto_col_str could have been nulled by line 409, but in that case
EXP_PDU_TAG_COL_PROT_BIT is not set, then strlen doesn't get called in
line 432. Coverity raised a false positive and g_assert will pacify it.
Change-Id: Ib22868a549319913c9c2a25ede0b63fed3af6eb0
Reviewed-on: https://code.wireshark.org/review/27424
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Except in rare cases, we want to set it to -1 so that we let mktime()
determine whether DST/Summer Time was in effect at the given date and
time rather than pretending that we know whether it's in effect or not.
Change-Id: I0ea75317dd308a515cedf4d1260b583e1592cc9b
Reviewed-on: https://code.wireshark.org/review/27431
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit dfd6eb5d68.
This change cannot be submitted without change I5c0c7668bda969086d9d6e5069aad87e929f6340.
Change-Id: Ieb22f4e9afa1742db861a291202a2790a4784e1b
Reviewed-on: https://code.wireshark.org/review/27387
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Wiretap support for reading the Unigraf DPA-400 DisplayPort
AUX channel monitor logfiles.
Bug: 14651
Change-Id: I8d3c50575c9806dd04b40053db45564404bad103
Reviewed-on: https://code.wireshark.org/review/27312
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When using file_gets it's very difficult to determine how many characters
were read, because you can't distinguish between an embedded NUL and
a short line (note that the last line in a file may not have an LF at the
end). While it's still possible to do it via prefilling the buffer with
non-zero values, doing that is cumbersome, inefficient and error-prone.
This new function makes the task much easier.
The "p" in the name is meant to be reminiscent of the "p" in stpcpy.
Change-Id: I468d5ee71e3b6289925860651ba61b369301b3c9
Reviewed-on: https://code.wireshark.org/review/27333
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
When protocol="map", but the name attribute value is invalid, a memleak
occurs. Observe also that dissector_table_str is 22 bytes (21 characters
plus nul) and rounding up to a multiple of 4 means that 2 bytes of
uninitialized memory could be copied. Avoid that by copying the actual
length. Memory leak was found by Clang Static Analyzer.
Change-Id: I41f5b104449e108191e505611411a8fb18f1f5db
Fixes: v2.1.0rc0-2545-g4b4c7a76c3 ("[Nettrace] Add parsing of some HSS records.")
Reviewed-on: https://code.wireshark.org/review/27350
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
erf.c:2562:9: error: this statement may fall through [-Werror=implicit-fallthrough=]
Change-Id: Ib516a689e078a9e1eea96d692ffbbaab398f2bcb
Reviewed-on: https://code.wireshark.org/review/27271
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move */ to a separate line below the SPDX identifier.
Change-Id: Id1032215449cfccae0933147b45e04b65e0b727f
Reviewed-on: https://code.wireshark.org/review/27211
Reviewed-by: Anders Broman <a.broman58@gmail.com>