These file formats have 16-bit packet lengths, so, even with some extra
metadata added, the packet data length will never be bigger than
WTAP_MAX_PACKET_SIZE. (No, we won't ever reduce WTAP_MAX_PACKET_SIZE.)
Change-Id: I9e1b1d90971f91cc6e5d66d0aa93841445b2bc22
Reviewed-on: https://code.wireshark.org/review/15186
Reviewed-by: Guy Harris <guy@alum.mit.edu>
in size.
Wireshark/Tshark hangs when netscaler trace file smaller than 16KB is opened.
It also hangs when a gzipped trace file is opened. With this fix,
Files with sizes that are not multiple of 16KB and gzipped files can be opened.
Bug: 12083
Change-Id: I26b2fc406edafcb2f1f6161d69064ba5662ddf29
Reviewed-on: https://code.wireshark.org/review/13721
Reviewed-by: Michael Mann <mmann78@netscape.net>
The offsetof() macro is an ANSI C library feature.
Change-Id: I2ac91b0b4c94c6f6baf14133b076fdc5ed2e182b
Reviewed-on: https://code.wireshark.org/review/12707
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only this issue with a netscaler trace file
Bug: 11248
Change-Id: I2bc2cae5c988eeff7bdd08471bf421faafcd4e73
Reviewed-on: https://code.wireshark.org/review/8672
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ica74f3f9239a96486967cf248feb4313bc390734
Reviewed-on: https://code.wireshark.org/review/7751
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Create TIMEDEFV10() and, for it and for V20, V21, and V22, undefine the
ones used for the read routine and define dummy ones for the read-seek
routines (as those record formats have relative, not absolute, times).
Have all of them set presence_flags.
That way:
1) if we *can* set the time stamps in the seek-read routine, we do;
2) we always set presence_flags in read and seek-read routines.
Change-Id: I837507245e8a0cbc68c7c5fd8365f474d085488e
Reviewed-on: https://code.wireshark.org/review/7445
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Provide {FULL,PART}SIZEDEFV10 macros, similar to what's provided for the
other versions, containing the code to set the packet length and
captured data length, and use the TRACE_V10_REC_LEN_OFF() macro directly
after that to set the various length and offset values in the
pseudo-header.
Change-Id: I3513371057601b44821d89ebaa7565ab370a67f5
Reviewed-on: https://code.wireshark.org/review/7393
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need to export them outside this file, and making them constants
might convince the compiler not to bother fetching their values from
memory when referring to them.
Change-Id: Ib8605bf0bb9091721a51827c45fe75d19a15ba26
Reviewed-on: https://code.wireshark.org/review/7378
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way it'll set the captured length and reported length the same way
it's done in the read routine.
Change-Id: I8b1f2d0d8fa688f44b6f61f16dc2e21b5648fc12
Reviewed-on: https://code.wireshark.org/review/7376
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename the V10 PACKET_DESCRIBE()'s "fpp" argument to "type", and have it
declare the pointer variable.
Change-Id: I3ac52ebdef0aec7bc95052277537185132886b57
Reviewed-on: https://code.wireshark.org/review/7374
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move it in the argument list, and use it instead of a hard-coded 10
(even though it's always passed as 10), to match the other
PACKET_DESCRIBE() macros.
Change-Id: Idd0a23a58cc6bb0d2de799b039db776d279cc03e
Reviewed-on: https://code.wireshark.org/review/7372
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The name "type" is thrown around to mean both a version number and a
part of a structure member, and some other macros use "ver" for the
version number; try to make things a little less inconsistent.
Change-Id: I61405cf41cca43fe607154af7498944c5ec0ef11
Reviewed-on: https://code.wireshark.org/review/7370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Makes the various flavors of that macro more similar.
Change-Id: Ie95ee8db0b226458146b055b54b7d61835f1e508
Reviewed-on: https://code.wireshark.org/review/7368
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A bit of regularization.
Change-Id: I60e0bd50891e1ba3e9c40f8d1d14d63534e08138
Reviewed-on: https://code.wireshark.org/review/7364
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use that rather than TYPE or acttype (to indicate that it's a header
version number to use as the "xxx" in NSPR_HEADER_VERSIONxxx, and to use
the same name throughout).
Change-Id: I14cfc819e44ce4388c27d521a1256dec8d80df2e
Reviewed-on: https://code.wireshark.org/review/7361
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just like the read routine.
Change-Id: If6bd98bea15f1c8dc7454a5dac0ea57920bddc8c
Reviewed-on: https://code.wireshark.org/review/7355
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it even more like V2x and V3x and slightly less unclear.
Change-Id: I798ead123ba6418be0252067773a951390e26ce8
Reviewed-on: https://code.wireshark.org/review/7353
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have it set the record type and initialize the presence bits.
That makes it a bit more like V2x and V3x, and makes the code slightly
less unclear.
Change-Id: Ibfbe2143b24a68c3fa3f576616fde81918b01feb
Reviewed-on: https://code.wireshark.org/review/7351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes the code slightly less unclear. (You are in a maze of twisty
little C macros, all different.)
Change-Id: I9f1bcc7a9a1a7afe87ede8b1ba513e3d8e53845c
Reviewed-on: https://code.wireshark.org/review/7349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, have a special macro using the size of the header structure to
find the offset of the packet data.
This means that:
1) you don't have to throw "-{size of data member}" into the
macros that calculate the sizes of the header structures;
2) you don't have a bunch of randomly-chosen data field sizes;
3) you don't have sizes of 0, which cause problems with
compilers that don't support zero-length arrays;
4) you don't have some apparently-incorrect "-{size of data
member}" values (if they're correct, please fix the structure
definitions).
Change-Id: Iea368b83fa2d184bd6df453d51756e4749714e2c
Reviewed-on: https://code.wireshark.org/review/6082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That indicates that it's a problem specific to *writing* capture files;
we've already converted some errors to that style, and added a new one
in that style.
Change-Id: I8268316fd8b1a9e301bf09ae970b4b1fbcb35c9d
Reviewed-on: https://code.wireshark.org/review/5826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Version 3's time stamps are all absolute, so we can directly use the
value in the file; we don't need to keep track of the time in the
private data structure, and some compilers issue warnings due to setting
it and then not using the value to which we set it.
Change some names and indentation to match other file versions while
we're at it.
Change-Id: I97698d933b87a8ad58d9e88ceedd75004797df69
Reviewed-on: https://code.wireshark.org/review/4596
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Clean up some things we ran across while making those changes.
Change-Id: Ic0d8943d36e6e120d7af0a6148fad98015d1e83e
Reviewed-on: https://code.wireshark.org/review/4581
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Unlike the standard I/O routines, the code we introduced that supports
fast random seeking on gzipped files will always supply some specific
error code for read errors, so we don't need WTAP_ERR_CANT_READ.
Add WTAP_ERR_CANT_WRITE for writing, as we're still using the standard
I/O routines for that. Set errno to WTAP_ERR_CANT_WRITE before calling
fwrite() in wtap_dump_file_write(), so that it's used if fwrite() fails
without setting errno.
Change-Id: I6bf066a6838284a532737aa65fd0c9bb3639ad63
Reviewed-on: https://code.wireshark.org/review/4540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add wtap_read_bytes(), which takes a FILE_T, a pointer, a byte count, an
error number pointer, and an error string pointer as arguments, and that
treats a short read of any sort, including a read that returns 0 bytes,
as a WTAP_ERR_SHORT_READ error, and that returns the error number and
string through its last two arguments.
Add wtap_read_bytes_or_eof(), which is similar, but that treats a read
that returns 0 bytes as an EOF, supplying an error number of 0 as an EOF
indication.
Use those in file readers; that simplifies the code and makes it less
likely that somebody will fail to supply the error number and error
string on a file read error.
Change-Id: Ia5dba2a6f81151e87b614461349d611cffc16210
Reviewed-on: https://code.wireshark.org/review/4512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pcap-ng files don't have a per-file time stamp resolution, they have a
per-interface time stamp resolution. Add new time stamp resolution
types of "unknown" and "per-packet", add the time stamp resolution to
struct wtap_pkthdr, have the libwiretap core initialize it to the
per-file time stamp resolution, and have pcap-ng do the same thing with
the resolution that it does with the packet encapsulation.
Get rid of the TS_PREC_AUTO_XXX values; just have TS_PREC_AUTO, which
means "use the packet's resolution to determine how many significant
digits to display". Rename all the WTAP_FILE_TSPREC_XXX values to
WTAP_TSPREC_XXX, as they're also used for per-packet values.
Change-Id: If9fd8f799b19836a5104aaa0870a951498886c69
Reviewed-on: https://code.wireshark.org/review/4349
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's *NOT* an error; it's just a file that isn't a NetScaler file.
Otherwise, we report errors on files that should just be passed on to
other open routines.
Also, NetScaler files are *NOT* text files, and we should *NOT* use
".txt" as the suffix.
Change-Id: If001abbbbc3de3ea27439a44a47ce1d6071d38ae
Reviewed-on: https://code.wireshark.org/review/3678
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In particular, epan/wslua/lrexlib.c has its own buffer_ routines,
causing some linker warnings on some platforms, as reported in bug
10332.
(Not to be backported to 1.12, as that would change the API and ABI of
libwsutil and libwiretap. We should also make the buffer_ routines in
epan/wslua/lrexlib.c static, which should also address this problem, but
the name change avoids other potential namespace collisions.)
Change-Id: I1d42c7d1778c7e4c019deb2608d476c52001ce28
Reviewed-on: https://code.wireshark.org/review/3351
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise, if you link with both libwiretap and libfiletap, it's
anybody's guess which one you get. That means you're wasting memory
with two copies of its routines if they're identical, and means
surprising behavior if they're not (which showed up when I was debugging
a double-free crash - fixing libwiretap's buffer_free() didn't fix the
problem, because Wireshark happened to be calling libfiletap' unfixed
buffer_free()).
There's nothing *tap-specific about Buffers, anyway, so it really
belongs in wsutil.
Change-Id: I91537e46917e91277981f8f3365a2c0873152870
Reviewed-on: https://code.wireshark.org/review/3066
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit c0c480d08c.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 1abeb277f5.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris