Have programs that use libwiretap call that routine rather than
separately calling some or all of init_open_routines(),
wtap_register_plugin_types(), and wtap_opttypes_initialize().
Also don't have routines internal to libwiretap call those. Yes, this
means doing some initialization work when it isn't necessary, but
scattering on-demand calls throughout the code is a great way to forget
to make those calls.
Change-Id: I5828e1c5591c9d94fbb3eb0a0e54591e8fc61710
Reviewed-on: https://code.wireshark.org/review/19069
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, we can close the resulting wtap_dumper the same way we close
any other wtap_dumper, including closing the FD, rather than trying to
do everything *except* closing the FD (which is tricky for a FILE *).
Change-Id: I8cb66e32784d73e598b2e8720a12f9bdab1c6205
Reviewed-on: https://code.wireshark.org/review/19054
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Mirrors the behavior of wtap_close.
Change-Id: I1a04878fdd0409fa74931737332f9b8a1ae77fb1
Reviewed-on: https://code.wireshark.org/review/17620
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We support reading some types of files that aren't capture files, in
case we have a dissector for that file format (because, for example,
it's often transported over HTTP). Don't include them in the set of
files "All Capture Files" matches; you can still look for them as they
have individual entries in the drop-down menu of file type patterns.
Ultimately, there should be Fileshark/TFileshark programs to read those
files - and other file types, and even capture files if the goal is to
look at the file structure rather than at the packets - and *that's* the
program that should offer the ability to load JPEGs and so on.
(No, this does not reduce the "All Capture Files" list down to a level
that makes the problem in bug 12837 go away. The right way to fix
*that* is to arrange, somehow, that the "All Capture Files" entry not
actually list all the suffixes it matches.)
Change-Id: I705bff5fcd0694c6c6a11892621a195aa7cd0264
Reviewed-on: https://code.wireshark.org/review/17619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A block can have zero or more instances of a given option. We
distinguish between "one instance only" options, where a block can have
zero or one instance, and "multiple instances allowed" options, where a
block can have zero or more instances.
For "one instance only" options:
"add" routines add an instance if there isn't one already
and fail if there is;
"set" routines add an instance if there isn't one already
and change the value of the existing instance if there is one;
"set nth" routines fail;
"get" routines return the value of the instance if there is one
and fail if there isn't;
"get nth" routines fail.
For "multiple instances allowed" options:
"add" routines add an instance;
"set" routines fail;
"set nth" routines set the value of the nth instance if there is
one and fail otherwise;
"get" routines fail;
"get nth" routines get the value if the nth instance if there is
one and fail otherwise.
Rename "optionblock" to just "block"; it describes the contents of a
block, including both mandatory items and options.
Add some support for NRB options, including IPv4 and IPv6 option types.
Change-Id: Iad184f668626c3d1498b2ed00c7f1672e4abf52e
Reviewed-on: https://code.wireshark.org/review/16444
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This doesn't try to use any data from multiple Name Resolution blocks, it
just converts single Name Resolution block usage into a GArray, so the
potential is there to then use/support multiple Name Resolution blocks
within a file format (like pcapng)
Change-Id: Ib0b584af0bd263f183bd6d31ba18275ab0577d0c
Reviewed-on: https://code.wireshark.org/review/15684
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This doesn't try to use any data from multiple Section Header blocks, it
just converts single Section Header block usage into a GArray, so the
potential is there to then use/support multiple Section Header blocks
within a file format (like pcapng)
Change-Id: I6ad1f7b8daf4b1ad7ba0eb1ecf2e170421505486
Reviewed-on: https://code.wireshark.org/review/15636
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 10203
Change-Id: Ifa24870d711449b87e9839dd46af614e4aa28fde
Reviewed-on: https://code.wireshark.org/review/15608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Register Wireshark for PacketLogger, ERF, IPFIX, and VWR files on
freedesktop.org, OS X, and Windows (we were already registered for ERF and VWR
files on Windows).
Change-Id: I8105997cb15ea06e1c078489fd88763d4ce9e40c
Reviewed-on: https://code.wireshark.org/review/15635
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also add a length parameter to wtap_optionblock_set_option_string
Change-Id: I8c7bbc48aa96b5c2a91ab9a17980928d6894f1ee
Reviewed-on: https://code.wireshark.org/review/15505
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Chances are they want to include the file extension in wiretap's list of
file extensions (for the File->Open dialog) as well as the various files
needed for integration with the various desktop environments that
Wireshark supports.
(I should have put this advice there years ago when creating the
freedesktop.org mime-package file.)
Add a comment to the mime-package file explaining its purpose, giving
a link to the specification, and talking about MIME types and the registration
thereof.
Change-Id: I60540bf88062b7a90653888534405f6aef4f657c
Reviewed-on: https://code.wireshark.org/review/15011
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
By putting it in this list the File->Open dialog will include an option for
*.mplog files.
Change-Id: Icf6480f7be1023650262fc1f3996a390e137cb88
Reviewed-on: https://code.wireshark.org/review/15048
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
the mplog format is used by some commercial logging tools that capture
ISO 14443 traffic between a card reader and a contactless smartcard
Change-Id: If359b8f0f671eb2a7c6315e2b8960a5bd581a9e9
Reviewed-on: https://code.wireshark.org/review/14950
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.
Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.
Note that we could probably improve startup performance by using wmem
in diam_dict.*.
Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise, they get treated as generic XML files. No, a standard XML
tag, followed by <dump>, isn't a *perfect* magic number, but if you
*really* want to read it as a generic XML file, you can do so from the
UI.
(This is just like TNEF files.)
Change-Id: I7624023ecf87a21ef339222c89b3c9abd7acc727
Reviewed-on: https://code.wireshark.org/review/14656
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Just use the table - or an empty table if we're not including the
compressed file extensions.
Change-Id: I0b3ef3987e1986953f2957c27c84b2ee59b90bc0
Reviewed-on: https://code.wireshark.org/review/13611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Thanks and a tip of the Hatlo hat to Coverity for finding this.
Change-Id: Ie9d4089443e52ef427e0cc8ae6e90a9d9787134e
Reviewed-on: https://code.wireshark.org/review/12123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It includes the temporary-file generation, so you don't have to do it
yourself.
Change-Id: I0798df95a5c5646224ec49612f50b423ed78547a
Reviewed-on: https://code.wireshark.org/review/11751
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That matches what we do with the other two pairs of dump opening
routines.
Change-Id: I0e6e475573c3a8d4ab6cf991d0aadc14150af233
Reviewed-on: https://code.wireshark.org/review/11744
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The callers of wtap_dump_init_dumper() always call
wtap_dump_open_check() first, with the same arguments in all cases; pull
the latter call into wtap_dump_init_dumper() itself.
Change-Id: I2b44dc3a018745e175b5c74ff1a346749fec2b71
Reviewed-on: https://code.wireshark.org/review/11681
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a "this is stdout" flag for a wtap_dumper, and have "open the
standard output for dumping" routines that set that flag. When closing
a wtap_dumper, do most of the work regardless of whether we're writing
to the standard output or not (so that everything gets written out) and
only skip the closing of the underlying file descriptor.
Change-Id: I9f7e4d142b3bd598055d806b7ded1cb4c378de8e
Reviewed-on: https://code.wireshark.org/review/11673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's a UI convention, and the GUI shouldn't honor that convention - a
user might get confused if they try to save to "-" and end up with
nothing (and with a ton of crap in a log file if programs launched from
the GUI end up with their standard output and error logged).
While we're at it, make randcap report write and close errors.
Change-Id: I9c450f0ca0320ce4c36d13d209b56d72edb43012
Reviewed-on: https://code.wireshark.org/review/11666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Like bug 11447, when wiretap reads a legacy PCAP file it needs to
set the interface description's tsprecision member. And like bug
11447, I'm wondering why we have the field to begin with. But I'm
fixing this so that the Windows buildbots can get going again.
Change-Id: I71d0fe2e999ee7d11f1f5cc424681a99e17b1b1b
Reviewed-on: https://code.wireshark.org/review/10139
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
As the comment says, "Entries must be sorted by
WTAP_FILE_TYPE_SUBTYPE_xxx values in ascending order." If they're not,
the file type to file type string routines don't give the right answer.
Change-Id: I06afe7bb98cb36c54ddc831113bb632598ab2eb0
Reviewed-on: https://code.wireshark.org/review/9975
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Right now the output encapsulation type is ignored if the output (default) format is set to pcapng.
Change-Id: Ibffaaed5979bf63ed4e3fa3b1f859a82b401d80b
Reviewed-on: https://code.wireshark.org/review/9911
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make pcapng decode options in an NRB during read, and store the comment
option, and write it back out as well. Also make it handle plugin handlers
for unknown options in received NRB(s).
Change-Id: I81863ef8d85cb1c8b5ba6673ba0e562efe77714f
Reviewed-on: https://code.wireshark.org/review/9723
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use "3gpp32423" instead of "nettrace3gpp324423":
- There were too many "4"s in the previous name ("324423" vs "32423").
- "nettrace" isn't an official name, per 3GPP TS 32 423
- It's shorter.
Change-Id: Ic981d0351a3014fb79702955ebef7b13f6ce4a2e
Reviewed-on: https://code.wireshark.org/review/9863
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Improve consistency when referring to 3GPP TS 32.423:
- The standard name is "3GPP TS 32.423" (with "TS", and "." separator).
- Fix typo in number series ("32" not "34").
- The standard refers to "Trace", not "Nettrace".
Change-Id: If9994b9c6de69b6e1bdfc6679fbaabe698971949
Reviewed-on: https://code.wireshark.org/review/9795
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ica74f3f9239a96486967cf248feb4313bc390734
Reviewed-on: https://code.wireshark.org/review/7751
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If a file type has a list of "typical" extensions, and a file has an
extension that is *not* one of those extensions, the file is unlikely to
be of that type.
For files that have extensions, after we try the heuristics that have a
list of "typical" extensions that includes the file's extension, try the
heuristics that have no such list, and after that try the heuristics
that have such a list but where the list *doesn't* include the file's
extension.
This fixes, for example, some cases where non-PacketLogger files were
getting identified as PacketLogger files.
Change-Id: I2d8c3b983ed6ccd692beb888668f77eb9b5f437b
Reviewed-on: https://code.wireshark.org/review/7315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libjsmn has also been moved from epan/ to wsutil/ to make it visible from wiretap.
Change-Id: I59abb3419acb1baa83194b38152d3651ed5c123c
Bug: 10878
Reviewed-on: https://code.wireshark.org/review/6716
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>