Have programs that use libwiretap call that routine rather than
separately calling some or all of init_open_routines(),
wtap_register_plugin_types(), and wtap_opttypes_initialize().
Also don't have routines internal to libwiretap call those. Yes, this
means doing some initialization work when it isn't necessary, but
scattering on-demand calls throughout the code is a great way to forget
to make those calls.
Change-Id: I5828e1c5591c9d94fbb3eb0a0e54591e8fc61710
Reviewed-on: https://code.wireshark.org/review/19069
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is similar to what we have for opening a dump file - one API that
uses the file name as specified, one that creates a temporary file and
provides the file name, and one that uses the standard output.
All of those APIs handle closing the output file.
Change-Id: I56beea7be347402773460b9148ab31a8f8bc51e1
Reviewed-on: https://code.wireshark.org/review/19059
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, we can close the resulting wtap_dumper the same way we close
any other wtap_dumper, including closing the FD, rather than trying to
do everything *except* closing the FD (which is tricky for a FILE *).
Change-Id: I8cb66e32784d73e598b2e8720a12f9bdab1c6205
Reviewed-on: https://code.wireshark.org/review/19054
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, if we #define anything for large file support, that's done
before we include any system header files that either depend on that
definition or that define it themselves if it's not already defined.
Change-Id: I9b07344151103be337899dead44d6960715d6813
Reviewed-on: https://code.wireshark.org/review/19035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-erf: Fix Host ID/Source ID showing for all extension header types.
Only show generated Host ID/Source ID when there is a Host ID extension header
or there was not one on the record.
Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely)
and that it matches the one in the Host ID header. This is consistent with other tools.
Does support multiple Host ID extension headers though.
Fix dag_version tag short name. Was clashing with another tag due to typo.
ERF wiretap: Don't conflate Host ID 0 with implicit Host ID.
While the implicit Host ID defaults to 0, it is not the same thing as seeing
a packet with Host ID explicitly 0 in the extension header which means
explicitly unknown source.
Store the initial (unknown) implicit Host ID interface mapping in it's own
special mapping table entry rather than 0.
Noticed we can currently get duplicate interfaces in the unusual event of mixed
implicit and explicit Host ID packet extension headers for the same ID before
we discover that mapping.
Consistently abandon the implicit version for consistency with the dissector
linking behaviour and mark the interface as unmatched in the description. In
2 pass mode (including normal Wireshark file open) the abandoned interface ends
up with no packets. In the common cases (all Host ID or no Host ID on packet
records) this duplicate interface will not be created in the first place.
Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/18704
Reviewed-by: Stephen Donnelly
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And some comments in the case where we're converting the result of
time() - if your machine's idea of time predates January 1, 1970,
00:00:00 UTC, it'll crash on Windows, but that's not a case where a
*file* can cause the problem due either to a bad file time stamp or bad
time stamps in the file.
Change-Id: I837a438e4b875dd8c4f3ec2137df7a16ee4e9498
Reviewed-on: https://code.wireshark.org/review/18369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They break the check by not including header files for custom types
and they are not part of the API anyway.
Bug: 13018
Change-Id: Ia0f81f861251b5659af723b9da795daeb7454eb3
Reviewed-on: https://code.wireshark.org/review/18297
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure the paths we pass to "cat" and "abi-compliance-checker
-log-path" match.
Change-Id: Ie68b445b9d92d85c0ed1eb508a78c0bcc960d061
Reviewed-on: https://code.wireshark.org/review/18156
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The libjsmn was imported into the tree and enhanced with a new
function. This change splits it into the "original" libjsmn and
an addictional module wsjsmn that contains the new function.
This will make easier to port within the tree future versions
of the library.
Change-Id: I3f1caa91bee462e0767e5e18d0b6a10f0b1cad32
Reviewed-on: https://code.wireshark.org/review/17963
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Instead of checking for the boolean "FALSE", just set an empty string.
This avoids the need to check for WERROR_COMMON_FLAGS before using it.
The transformation is the same for all files, remove
"if (WERROR_COMMON_FLAGS)" and "endif()", reindent and add quotes (since
we have a string here and not a list).
Modelines have been added where missing.
Change-Id: I0ab05ae507c51fa77336d49a99a226399cc81b92
Reviewed-on: https://code.wireshark.org/review/17997
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
If the seek forward is just skipping record content that's not
(currently) interesting, use wtap_read_bytes() with a null buffer
pointer; it catches short "reads" and requires less seeking, so it may
work better when reading from a pipe.
Change-Id: Ifb07d20e0391a8ed97da85149d971b4e9ef093a8
Reviewed-on: https://code.wireshark.org/review/17976
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow file_read() to take a null pointer as a buffer argument; a null
argument means "do everything except copy the bytes from the file to the
user buffer". That means that wtap_read_bytes() and
wtap_read_bytes_or_eof() also support a null pointer as a buffer
argument.
Use wtap_read_bytes() with a null buffer argument rather than
file_skip() to skip forward over data.
This fixes some places where files were mis-identified as ERF files, as
the ERF open heuristics now get a short "read" error if they try to skip
over more bytes than exist in the file.
Change-Id: I4f73499d877c1f582e2bcf9b045034880cb09622
Reviewed-on: https://code.wireshark.org/review/17974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Keep the actual error code and pointer-to-error-string in the scanner
state, rather than pointers to the variables passed in to us.
Initialize them to 0 and NULL, respectively.
That way, when the actual scanner routine returns, we don't check for an
error by looking at the error variable pointed to by our argument, which
might not have been set by the scanner and might have stack junk in it,
we look at a structure member we set to 0 before the scan.
Change-Id: I81a4fd6d5cf5e56f5638fae1253c48dc50c9c36d
Reviewed-on: https://code.wireshark.org/review/17721
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Keep the actual error code and pointer-to-error-string in the scanner
state, rather than pointers to the variables passed in to us.
Initialize them to 0 and NULL, respectively.
That way, when the actual scanner routine returns, we don't check for an
error by looking at the error variable pointed to by our argument, which
might not have been set by the scanner and might have stack junk in it,
we look at a structure member we set to 0 before the scan.
Bug: 12903
Change-Id: I5a382da569a226e60c3c2a47f3a1515b0490c31d
Reviewed-on: https://code.wireshark.org/review/17716
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change the way a line is read in iseries. Instead of reading a string
then convert it with atoi, parse it as an integer and convert it to
nsecs.
Change-Id: Id8e8e9866dbcef3b1612a608f9647bc490263dae
Reviewed-on: https://code.wireshark.org/review/17558
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Mirrors the behavior of wtap_close.
Change-Id: I1a04878fdd0409fa74931737332f9b8a1ae77fb1
Reviewed-on: https://code.wireshark.org/review/17620
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We support reading some types of files that aren't capture files, in
case we have a dissector for that file format (because, for example,
it's often transported over HTTP). Don't include them in the set of
files "All Capture Files" matches; you can still look for them as they
have individual entries in the drop-down menu of file type patterns.
Ultimately, there should be Fileshark/TFileshark programs to read those
files - and other file types, and even capture files if the goal is to
look at the file structure rather than at the packets - and *that's* the
program that should offer the ability to load JPEGs and so on.
(No, this does not reduce the "All Capture Files" list down to a level
that makes the problem in bug 12837 go away. The right way to fix
*that* is to arrange, somehow, that the "All Capture Files" entry not
actually list all the suffixes it matches.)
Change-Id: I705bff5fcd0694c6c6a11892621a195aa7cd0264
Reviewed-on: https://code.wireshark.org/review/17619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have xml_get_int() handle the setting of the two error reporting values
and give a better error message. Have it check to make sure that there
isn't cruft after the digits.
Change-Id: Id590430eb52668ef76de8aa7096a27d8fc094208
Reviewed-on: https://code.wireshark.org/review/17601
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not all uses of atoi() or various strto* routines in Wireshark expect
the string to contain *only* a number, so not all uses should require
that the byte after the number be a '\0'. Have the ws_strto* routines
take a "pointer a pointer set to point to the character after the
number" argument, and have the callers do the appropriate checks of the
character after that.
This fixes the VMS trace reading code so that it can read those files
again.
The get_ routines are handed command-line arguments, so they *do* expect
the string to contain only a number; have them check to make sure the
byte after the number is a '\0'.
Change-Id: I46fc1bea7912b9278e385fe38491a0a2ad60d697
Reviewed-on: https://code.wireshark.org/review/17560
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make pkt_len unsigned.
Improve the error message for ws_strtou32() failure.
Change-Id: I080b4fc132c8e405bc1dbd87fc717c2b337517bc
Reviewed-on: https://code.wireshark.org/review/17547
Reviewed-by: Guy Harris <guy@alum.mit.edu>
pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.
pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).
Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Both of them need to have the CAN ID/flags field of the header
byte-swapped as necessary to make sure it's in the *reading* host's byte
order, not the *writing* host's byte order, if the two are different.
Change-Id: Iac1589fdd9fe4d9ee6fbac8d821b48694d68919b
Reviewed-on: https://code.wireshark.org/review/17333
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Setting our compiler warning flags in CMAKE_C_FLAGS does not allow
using different flags per target.
Allow for that possibility by setting the internal WS_WARNINGS_{C,CXX}_FLAGS
and using the COMPILE_OPTIONS property to set them.
This change is just setting mechanism and there should be no difference
in generated warnings.
The check_X_compiler_flag cmake test is changed to test each flag individually.
We need a list, not a space separated string, and the aggregate test is not
significant.
Change-Id: I59fc5cd7e130c7a5e001c598e3df3e13f83a6a25
Reviewed-on: https://code.wireshark.org/review/17150
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Unfortunately, only one libpcap code path puts the CAN ID in the
SocketCAN header in network byte order; the others leave it in host byte
order. Therefore, a new LINKTYPE_/DLT_ value was introduced, and
libpcap was changed to use that for the cases where the CAN ID is in
host byte order. Support them both.
This means we need to, when reading pcap and pcapng files, fix up the
CAN ID if the host that wrote the file has a different byte order from
ours (as libpcap also now does). This includes Linux "cooked" captures,
which can include CAN packets.
Change-Id: I75ff2d68d1fbdb42753ce85d18f04166f21736dd
Reviewed-on: https://code.wireshark.org/review/17155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we got no bytes of data from a putative packet, the file isn't a
valid Ascend file, regardless of whether the parser failed or not. Just
have parse_ascend() return a Boolean, TRUE if we got a packet and FALSE
if not, and, in the case where we got no data but the parser didn't
fail, provide "no data returned by parse" as the error string.
(We weren't actually distinguishing between them when we called
parse_ascend() - we were treating all non-PARSED_RECORD returns as an
error.)
Change-Id: I85a3e318015258f6a62c8d23ac2f906e28789982
Reviewed-on: https://code.wireshark.org/review/17130
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Expand comments, and merge two separate if checks.
Change-Id: If339ce632ccc91c425ba6db4a32296c3038253ac
Reviewed-on: https://code.wireshark.org/review/17128
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's what we're doing already, but get rid of the variable to which we
assigned the return value.
Change-Id: I55e31664bc26bbfffe4a4ca764c917eefbb9a8f1
Reviewed-on: https://code.wireshark.org/review/17126
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set wirelen to the length from the header, but don't set caplen; start
caplen out as 0 and count it up whenever we add a byte.
Bug: 12754
Change-Id: Ib4e45e947df6077f97a423157c152dac9f57734a
Reviewed-on: https://code.wireshark.org/review/17120
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Adds various clock configuration related tags.
Uses ptp_v2 value strings exported from packet-ptp.
Refactor out common ERF_TYPE_META bitfield code.
Also clean up field registration a bit.
Add flow_hash_mode enum, other minor wording cleanup.
Manually display relative timestamps as nanoseconds for <1ms.
Fix ns_host_* tag subtree summary field name duplication.
Ping-Bug: 12303
Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93
Reviewed-on: https://code.wireshark.org/review/16782
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The old information is copied over from one of the input files; if we
don't have information about the OS on the machine writing the *output*
file, just throw the old information away.
(We need a better way to preserve information from the input files;
perhaps this:
http://www.winpcap.org/pipermail/pcap-ng-format/2016-June/000362.html
might work.)
Change-Id: Ia25771736d267173f2b6949a91e81e217ee7d16f
Reviewed-on: https://code.wireshark.org/review/16730
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1. Create ws_g_warning for legitimate uses of g_warning
2. Use proto_tree_add_debug_text
3. Comment some out
Change-Id: Ida044bf40286b955fdd529c4f9907c8e09b3d7c5
Reviewed-on: https://code.wireshark.org/review/16678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1e6bd722b3f04f171b462fc680ca080bb7ec03c7
Reviewed-on: https://code.wireshark.org/review/16625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
To remove OPT_SHB_HARDWARE, use wtap_block_remove_option().
To get the string value from a GString, use g_string_free(string,
FALSE), not g_string_free(string, TRUE) - the latter will free the
string value and return NULL.
Change-Id: I0c5a9f818543f6752f455f04fb3c024208e23954
Reviewed-on: https://code.wireshark.org/review/16567
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also, rename routines that write out an option write_wtap_XXb_option()
from write_wtap_XXb_block().
Change-Id: I4884a2f5275a5e2e32137b47255fac6995f311ef
Reviewed-on: https://code.wireshark.org/review/16566
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris