Bug: 12174
Change-Id: I82eb0ac75f2e03f15c2f016e9b7ff72fdc7044f5
Reviewed-on: https://code.wireshark.org/review/14179
Reviewed-by: Michael Mann <mmann78@netscape.net>
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Icf0831717de10fc615971fa1cf75af2f1ea2d03d
Reviewed-on: https://code.wireshark.org/review/14150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If it's 0x1A2B3C4D, that means it has the same byte order as the
instruction set for which Wireshark was built[*]; if it's 0x4D3C2B1A, it
means it has the opposite byte order. (We assume no "middle-endian"
machines here; it's extremely unlikely that any of this code will ever
work on a PDP-11.)
Wireshark *does* work on big-endian machines (if there are any places
where it doesn't, those are bugs that must be fixed), so we can't assume
that "same byte order as our instruction set" means "little-endian".
[*]If, for example, you run a PowerPC binary under Rosetta, it'll act as
if big-endian is the native byte order, even though it's running on a
little-endian machine.
Change-Id: Ic438bd85c034f1fba276408ba30214d7078121d1
Reviewed-on: https://code.wireshark.org/review/14133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't use the byte order from any previously-seen SHB, as it might be
different.
Bug: 12167
Change-Id: I19a81f81f2e8115938387487e2682b8b11a100fe
Reviewed-on: https://code.wireshark.org/review/14131
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to allocate an WTAP_OPTION_BLOCK_IF_DESCR option block;
don't use the value we allocated.
We must not allocate an WTAP_OPTION_BLOCK_IF_STATS option block until we
need it, as we may have to allocate *more than one* of them here! The
old code would reuse the same block, adding it more than once, causing a
"freeing already freed data"/"freeing non-allocated data" error on some
platforms.
Change-Id: I8582627c1f5deecfd4f6490dcdf8c31ee3809d12
Reviewed-on: https://code.wireshark.org/review/14130
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The S1 code works similarly to the S2/S3 code, and has the same issue.
Change-Id: I288e30ccdf67d8a6daec8c8428c0f703e18ecc89
Reviewed-on: https://code.wireshark.org/review/14127
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The 1 is for the byte written with vht_ndp_flag; the 16 is for the PLCP
header. Separate them out; no change to the actual code (as any
compiler worth its salt would do constant folding).
Change-Id: I5e081c67e605203153270ed9a3f9e30b9e9b968c
Reviewed-on: https://code.wireshark.org/review/14125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Commit v1.99.10rc0-316-gf28e23f added some additional room for the 16
byte PLCP header and 1 byte L1P. These are however not part of the
remaining data, only the header.
Bug: 11795
Change-Id: Ia6935d27366a07f818f147c9094a801429b049e2
Reviewed-on: https://code.wireshark.org/review/12240
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
Some only allow buffer overruns (read), others also buffer overflows
(write).
Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).
Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DO NOT USE THIS FOR ANYTHING NEW.
Change-Id: Iee2ddaa2eeb735b33aef9e81b32bb4a3535e3451
Reviewed-on: https://code.wireshark.org/review/14023
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't correspond to anything we support - and the old Linux USB
LINKTYPE_ value of 186 doesn't give enough information to dissect the
packets (it discards the event type, for example), so we drop the rest
of our support for it as well.
Change-Id: I6f537d9263174aba4320edf5140e1d1540e979c8
Reviewed-on: https://code.wireshark.org/review/14020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wtap_read() and wtap_seek_read() now do so before calling the read or
seek-read routine, so there's no need to do so in those routines.
Rename hcidump_process_packet() to hcidump_read_packet() while we're at
it, as it doesn't just process an already-read packet, it does the
reading as well as the processing.
Change-Id: Ic13da6a2096e68550d80f2eff31f03d0edb58147
Reviewed-on: https://code.wireshark.org/review/13998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If you include something from the wiretap directory, always precede it
with wiretap/.
Fix some includes of files in the top-level directory to use a path
relative to the current directory, not relative to the wiretap
directory.
This makes it a bit clearer what's being included.
Change-Id: Ib99655a13c6006cf6c3112e9d4db6f47df9aff54
Reviewed-on: https://code.wireshark.org/review/13990
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
in size.
Wireshark/Tshark hangs when netscaler trace file smaller than 16KB is opened.
It also hangs when a gzipped trace file is opened. With this fix,
Files with sizes that are not multiple of 16KB and gzipped files can be opened.
Bug: 12083
Change-Id: I26b2fc406edafcb2f1f6161d69064ba5662ddf29
Reviewed-on: https://code.wireshark.org/review/13721
Reviewed-by: Michael Mann <mmann78@netscape.net>
Signed overflow is undefined, so testing for overflow with
"if (i + 1 < i)" is itself undefined. Because this instance is an
increment, we can just test against G_MAXINT.
Change-Id: Ib8b7c23ec362d5637125fcf6457ea9423fedf0e1
Reviewed-on: https://code.wireshark.org/review/13896
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just use the table - or an empty table if we're not including the
compressed file extensions.
Change-Id: I0b3ef3987e1986953f2957c27c84b2ee59b90bc0
Reviewed-on: https://code.wireshark.org/review/13611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
GNU coding standards recommend against it and automake is designed
around it.
This allows overriding the global build flags using AM_CFLAGS, etc.,
or per object flags, something that is difficult or impossible currently
because of automake precedence rules.
Change-Id: I3f1ea12e560af5a46b2f04b342b1882bbf123f12
Reviewed-on: https://code.wireshark.org/review/13455
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
We set them to the file's values in wtap_read(), but we weren't setting
them in wtap_seek_read(); set them in both places.
Change-Id: Id604b1c7d27d4cee6600249e9435c49d02f8dd61
Reviewed-on: https://code.wireshark.org/review/13531
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found building with GCC 5.3.0 and CFLAGS="-g -Og".
Change-Id: I5bc29b6e91cc98332a513c9d03b02d2f6906608d
Reviewed-on: https://code.wireshark.org/review/13362
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
check that we have a line that contains OBJECT PROTOCOL ETHERNET
(at the moment, we fail if there's a line containing OBJECT PROTOCOL but
not ETHERNET and succeed otherwise
-> a file with some random lines will be identified as iseries)
initialize our line buffer with 0s to make sure we don't access uninitialized
data while parsing
don't set wth->priv unless the file is really an iseries file
free the iseries struct if the file is not our type
Bug: 11985
Change-Id: I0ac7003c047f54ca025d02e59b56d1ff4e2a6be7
Reviewed-on: https://code.wireshark.org/review/13360
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
like it's done for the other file types
Change-Id: I8caa360b9c527ea642ee6b5102759ad341ad0030
Reviewed-on: https://code.wireshark.org/review/13359
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Discovered by changing wtap_encap_requires_phdr() to use a switch
statement and comparing the case arms.
Change-Id: I2a23b86ddfbc88c1b3251a0e97f7f00ee93f630e
Reviewed-on: https://code.wireshark.org/review/13341
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Include the pcapng block name in every error message to give user a better hint as to where the error is
Bug: 8798
Change-Id: Idd80a8541ac37a42b9bd2e988fa8da1ce7bc91a0
Reviewed-on: https://code.wireshark.org/review/13310
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I guess the ability to define a structure inside another structure is a
C-ism discarded by C++, so it causes warnings if you disallow stuff that
can't be handled by a C++ compiler, as we do.
Change-Id: I8cf52af0424708eb663ab6dbfecbf317fe3bccdb
Reviewed-on: https://code.wireshark.org/review/13257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When using UPPER_PDU to wrap logcat text data it was not possible
to dump underlying data to logcat textfiles.
Add ability to write it down properly.
Change-Id: Ia20142cc340f34d80de93e213084cf1df83099d6
Reviewed-on: https://code.wireshark.org/review/13230
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix indentation.
Just directly assign values to elements in the packet buffer; no need to
convert them to numbers and note the value as a comment.
Give more detail in the comment for null-terminating buffers. Terminate
packet_buf[] once we're finished reading into it, to make it a bit
clearer what's being done.
Make the magic number buffer 513 bytes, so we have 512 bytes plus a
terminating null.
Change-Id: Ie182d93393cc55835b24075e908393c386c85c24
Reviewed-on: https://code.wireshark.org/review/13250
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11982
Change-Id: Ib704d9128ab6427751edbf3a33f4b8fd14902562
Reviewed-on: https://code.wireshark.org/review/13233
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Stuff in an ERF file is big-endian, except for timestamps, so we want to
convert from big-endian to host format. (The two functions do the same
thing; this just makes it clearer what we're doing.)
Change-Id: I28e27857dcf299085e8a55747ffd45ad8313789b
Reviewed-on: https://code.wireshark.org/review/13248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for Generic Framing Procedure. Generic Framing Procedure (GFP)
is used to map octet-aligned variable length payloads (e.g. Ethernet, MPLS,
octet-aligned PPP, IP) into octet-synchronous signals such as SONET/SDH
(ITU-T G.707) and OTN (ITU-T G.709). GFP is a telecommunications industry
standard defined in ITU-T G.7041/Y.1303.
(https://www.itu.int/rec/T-REC-G.7041/)
Bug: 11961
Change-Id: Idf5b311e82b051b1ee65bde5149b3de405537b02
Reviewed-on: https://code.wireshark.org/review/13043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The use of a flag field here is aesthetically unpleasing when the flags
are referred to frequently. Convert these into bitfield entries.
Change-Id: I6f47e31558439dfd343ec7f856d04480366a1237
Reviewed-on: https://code.wireshark.org/review/12511
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
rec_length_remaining is the amount of data we haven't already read from
the record; it starts out as the record length and gets decreased. It
is not the length of data in the packet.
Change-Id: I46cd78e29aee13a686f1f6c8efbe258277e15686
Reviewed-on: https://code.wireshark.org/review/12759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Before reading the record header of a REC_FRAME{2,4,6} record, make sure
the record length is >= the length of that header.
Whe calling fix_pseudo_header(), pass the actual length of the packet
data, not the remaining length of the record (which may include
padding), so we don't read past the end of the packet data.
Bug: 11827
Change-Id: I1c63a4cb014c4616ffdd202660e68c576f266872
Reviewed-on: https://code.wireshark.org/review/12756
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add the TYPE_COLOR_HASH_POS and TYPE_COLOR_HASH_ETH types, note that
type 26 has no #define, mention that types 28 through 31 are reserved
for future record types.
Change-Id: Ic828254599599c6bd7399d4682f9a3d4bff1f0f7
Reviewed-on: https://code.wireshark.org/review/12728
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Alexis La Goutte