Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
Change-Id: I0d27565c382a04ceda9eec65f45a430ceb74cf53
Reviewed-on: https://code.wireshark.org/review/8255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That indicates that it's a problem specific to *writing* capture files;
we've already converted some errors to that style, and added a new one
in that style.
Change-Id: I8268316fd8b1a9e301bf09ae970b4b1fbcb35c9d
Reviewed-on: https://code.wireshark.org/review/5826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Doesn't change the behavior of the code, but makes it more consistent.
Change-Id: I6f07fbbb4c7d14d8a46ecfd1c419d951c356fd77
Reviewed-on: https://code.wireshark.org/review/5672
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "extra data", according to the RF5 API manual I have, is "hardware
parameters", so change some names.
Report an error if the variable parts of the configuration event record
run past the record length.
Report an error if the hardware parameters are too short.
For the purportedly DS0 hardware parameters, don't assume they'll be
long enough for the mask; they might not be.
Change-Id: Ib63d042e4ede32216fb474c4ecdba84db1387abc
Reviewed-on: https://code.wireshark.org/review/5638
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fetch the count of records from one of the locations where it appears to
be, and, currently, require that it be equal to the count at the other
location where it appears to be; if they ever differ, we'll need the
file in order to reverse-engineer some more.
Fix the way we *write* .rf5 files - it turns out that we were
1) not writing the full file size;
2) not writing the packet count in the right location.
Detect files written by the old code, and get the packet count from the
right location for those files.
Change-Id: I7ce83afbc9dbbd300c81c96ef8f7785a0aeefa7a
Reviewed-on: https://code.wireshark.org/review/4608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean up some things we ran across while making those changes.
Change-Id: Ic0d8943d36e6e120d7af0a6148fad98015d1e83e
Reviewed-on: https://code.wireshark.org/review/4581
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of reading the 16-byte blob and record length at the same time,
just read the 16-byte blob, and then fall through to the record-length
reading code.
Change-Id: Ib2819a2d654e2670233821882bac79d7cd656b12
Reviewed-on: https://code.wireshark.org/review/4480
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In particular, epan/wslua/lrexlib.c has its own buffer_ routines,
causing some linker warnings on some platforms, as reported in bug
10332.
(Not to be backported to 1.12, as that would change the API and ABI of
libwsutil and libwiretap. We should also make the buffer_ routines in
epan/wslua/lrexlib.c static, which should also address this problem, but
the name change avoids other potential namespace collisions.)
Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28
Reviewed-on: https://code.wireshark.org/review/3351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise, if you link with both libwiretap and libfiletap, it's
anybody's guess which one you get. That means you're wasting memory
with two copies of its routines if they're identical, and means
surprising behavior if they're not (which showed up when I was debugging
a double-free crash - fixing libwiretap's buffer_free() didn't fix the
problem, because Wireshark happened to be calling libfiletap' unfixed
buffer_free()).
There's nothing *tap-specific about Buffers, anyway, so it really
belongs in wsutil.
Change-Id: I91537e46917e91277981f8f3365a2c0873152870
Reviewed-on: https://code.wireshark.org/review/3066
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit c0c480d08c.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 1abeb277f5.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
handle that file not ending with a 2-byte 0xffff end-of-file record.
This fixes bug 9455, although it doesn't add support for reading an
"index" file for a capture that's in multiple .rf5 files, which is a
separate issue noted in that bug.
It also doesn't attempt to figure out what the data in the new record
type following the data that appears to be the same as that in the other
data record format but preceding the actual packet data is.
svn path=/trunk/; revision=53452
in a source description record, including the stack. Dump some other
fields in those records as well.
Attach separate sequential and random read buffers to the private data
structure, rather than allocating them in various routines (and not
always freeing them) and, in at least one case, allocating a single
*common* buffer for all wth's to use.
Fix some comments (the DS0 mask is 32 bytes long, but gets turned into a
bitmask).
Put in a description of what a "stack file"'s contents look like. Much
of it may be useless to us (for example, we have the notion that TCP has
protocol number 6 built-in...), but the RELATION entries that map from
"BASE" to a protocol could obviate the need to have the user specify a
map from stack file names to starting protocols, and we might be able to
use, for example, entries that map TCP/UDP/SCTP port numbers to
protocols to obviate the need for the user to explicitly use Decode As
or otherwise configure port-to-protocol mappings themselves.
Add a bunch of record length checks before we fetch data from records.
svn path=/trunk/; revision=53450
Dump the raw contents of records as hex and ASCII, not just hex.
Sort the record types, and add a new one for a type we've seen in a k18
file and about which we know nothing.
For unknown record types, print the type in hex.
svn path=/trunk/; revision=53441
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
implemented wtap_dump_file_seek() and _tell()
implemented the previously declared but unimplemented wtap_dump_file_seek() and wtap_dump_file_tell() functions and used them in the seven files that had previously used a plain ftell or fseek and added error checking as appropriate. I also added a new error WTAP_ERR_CANT_SEEK_COMPRESSED and put it next to WTAP_ERR_CANT_SEEK causing renumbering of two of the existing error codes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48348
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
From me: instead of logging the error with a macro that requires dbg_out
to be set, and giving up, set dbg_out to stderr, log the message (which
now notes that logging will be done to the standard error), and drive
on.
Part of fix for bug 7824.
svn path=/trunk/; revision=45454