Change-Id: I52de10a1d96b6ef7294ad8be9ec9195defca4b53
Reviewed-on: https://code.wireshark.org/review/14266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12173
Change-Id: Ifff28491073d50e088b26847830a3bc8835f4282
Reviewed-on: https://code.wireshark.org/review/14180
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12174
Change-Id: I82eb0ac75f2e03f15c2f016e9b7ff72fdc7044f5
Reviewed-on: https://code.wireshark.org/review/14179
Reviewed-by: Michael Mann <mmann78@netscape.net>
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Icf0831717de10fc615971fa1cf75af2f1ea2d03d
Reviewed-on: https://code.wireshark.org/review/14150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If it's 0x1A2B3C4D, that means it has the same byte order as the
instruction set for which Wireshark was built[*]; if it's 0x4D3C2B1A, it
means it has the opposite byte order. (We assume no "middle-endian"
machines here; it's extremely unlikely that any of this code will ever
work on a PDP-11.)
Wireshark *does* work on big-endian machines (if there are any places
where it doesn't, those are bugs that must be fixed), so we can't assume
that "same byte order as our instruction set" means "little-endian".
[*]If, for example, you run a PowerPC binary under Rosetta, it'll act as
if big-endian is the native byte order, even though it's running on a
little-endian machine.
Change-Id: Ic438bd85c034f1fba276408ba30214d7078121d1
Reviewed-on: https://code.wireshark.org/review/14133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't use the byte order from any previously-seen SHB, as it might be
different.
Bug: 12167
Change-Id: I19a81f81f2e8115938387487e2682b8b11a100fe
Reviewed-on: https://code.wireshark.org/review/14131
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to allocate an WTAP_OPTION_BLOCK_IF_DESCR option block;
don't use the value we allocated.
We must not allocate an WTAP_OPTION_BLOCK_IF_STATS option block until we
need it, as we may have to allocate *more than one* of them here! The
old code would reuse the same block, adding it more than once, causing a
"freeing already freed data"/"freeing non-allocated data" error on some
platforms.
Change-Id: I8582627c1f5deecfd4f6490dcdf8c31ee3809d12
Reviewed-on: https://code.wireshark.org/review/14130
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The S1 code works similarly to the S2/S3 code, and has the same issue.
Change-Id: I288e30ccdf67d8a6daec8c8428c0f703e18ecc89
Reviewed-on: https://code.wireshark.org/review/14127
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The 1 is for the byte written with vht_ndp_flag; the 16 is for the PLCP
header. Separate them out; no change to the actual code (as any
compiler worth its salt would do constant folding).
Change-Id: I5e081c67e605203153270ed9a3f9e30b9e9b968c
Reviewed-on: https://code.wireshark.org/review/14125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Commit v1.99.10rc0-316-gf28e23f added some additional room for the 16
byte PLCP header and 1 byte L1P. These are however not part of the
remaining data, only the header.
Bug: 11795
Change-Id: Ia6935d27366a07f818f147c9094a801429b049e2
Reviewed-on: https://code.wireshark.org/review/12240
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
Some only allow buffer overruns (read), others also buffer overflows
(write).
Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).
Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DO NOT USE THIS FOR ANYTHING NEW.
Change-Id: Iee2ddaa2eeb735b33aef9e81b32bb4a3535e3451
Reviewed-on: https://code.wireshark.org/review/14023
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't correspond to anything we support - and the old Linux USB
LINKTYPE_ value of 186 doesn't give enough information to dissect the
packets (it discards the event type, for example), so we drop the rest
of our support for it as well.
Change-Id: I6f537d9263174aba4320edf5140e1d1540e979c8
Reviewed-on: https://code.wireshark.org/review/14020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wtap_read() and wtap_seek_read() now do so before calling the read or
seek-read routine, so there's no need to do so in those routines.
Rename hcidump_process_packet() to hcidump_read_packet() while we're at
it, as it doesn't just process an already-read packet, it does the
reading as well as the processing.
Change-Id: Ic13da6a2096e68550d80f2eff31f03d0edb58147
Reviewed-on: https://code.wireshark.org/review/13998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If you include something from the wiretap directory, always precede it
with wiretap/.
Fix some includes of files in the top-level directory to use a path
relative to the current directory, not relative to the wiretap
directory.
This makes it a bit clearer what's being included.
Change-Id: Ib99655a13c6006cf6c3112e9d4db6f47df9aff54
Reviewed-on: https://code.wireshark.org/review/13990
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
in size.
Wireshark/Tshark hangs when netscaler trace file smaller than 16KB is opened.
It also hangs when a gzipped trace file is opened. With this fix,
Files with sizes that are not multiple of 16KB and gzipped files can be opened.
Bug: 12083
Change-Id: I26b2fc406edafcb2f1f6161d69064ba5662ddf29
Reviewed-on: https://code.wireshark.org/review/13721
Reviewed-by: Michael Mann <mmann78@netscape.net>
Signed overflow is undefined, so testing for overflow with
"if (i + 1 < i)" is itself undefined. Because this instance is an
increment, we can just test against G_MAXINT.
Change-Id: Ib8b7c23ec362d5637125fcf6457ea9423fedf0e1
Reviewed-on: https://code.wireshark.org/review/13896
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just use the table - or an empty table if we're not including the
compressed file extensions.
Change-Id: I0b3ef3987e1986953f2957c27c84b2ee59b90bc0
Reviewed-on: https://code.wireshark.org/review/13611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
GNU coding standards recommend against it and automake is designed
around it.
This allows overriding the global build flags using AM_CFLAGS, etc.,
or per object flags, something that is difficult or impossible currently
because of automake precedence rules.
Change-Id: I3f1ea12e560af5a46b2f04b342b1882bbf123f12
Reviewed-on: https://code.wireshark.org/review/13455
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
We set them to the file's values in wtap_read(), but we weren't setting
them in wtap_seek_read(); set them in both places.
Change-Id: Id604b1c7d27d4cee6600249e9435c49d02f8dd61
Reviewed-on: https://code.wireshark.org/review/13531
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found building with GCC 5.3.0 and CFLAGS="-g -Og".
Change-Id: I5bc29b6e91cc98332a513c9d03b02d2f6906608d
Reviewed-on: https://code.wireshark.org/review/13362
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
check that we have a line that contains OBJECT PROTOCOL ETHERNET
(at the moment, we fail if there's a line containing OBJECT PROTOCOL but
not ETHERNET and succeed otherwise
-> a file with some random lines will be identified as iseries)
initialize our line buffer with 0s to make sure we don't access uninitialized
data while parsing
don't set wth->priv unless the file is really an iseries file
free the iseries struct if the file is not our type
Bug: 11985
Change-Id: I0ac7003c047f54ca025d02e59b56d1ff4e2a6be7
Reviewed-on: https://code.wireshark.org/review/13360
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
like it's done for the other file types
Change-Id: I8caa360b9c527ea642ee6b5102759ad341ad0030
Reviewed-on: https://code.wireshark.org/review/13359
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Discovered by changing wtap_encap_requires_phdr() to use a switch
statement and comparing the case arms.
Change-Id: I2a23b86ddfbc88c1b3251a0e97f7f00ee93f630e
Reviewed-on: https://code.wireshark.org/review/13341
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Include the pcapng block name in every error message to give user a better hint as to where the error is
Bug: 8798
Change-Id: Idd80a8541ac37a42b9bd2e988fa8da1ce7bc91a0
Reviewed-on: https://code.wireshark.org/review/13310
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I guess the ability to define a structure inside another structure is a
C-ism discarded by C++, so it causes warnings if you disallow stuff that
can't be handled by a C++ compiler, as we do.
Change-Id: I8cf52af0424708eb663ab6dbfecbf317fe3bccdb
Reviewed-on: https://code.wireshark.org/review/13257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When using UPPER_PDU to wrap logcat text data it was not possible
to dump underlying data to logcat textfiles.
Add ability to write it down properly.
Change-Id: Ia20142cc340f34d80de93e213084cf1df83099d6
Reviewed-on: https://code.wireshark.org/review/13230
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix indentation.
Just directly assign values to elements in the packet buffer; no need to
convert them to numbers and note the value as a comment.
Give more detail in the comment for null-terminating buffers. Terminate
packet_buf[] once we're finished reading into it, to make it a bit
clearer what's being done.
Make the magic number buffer 513 bytes, so we have 512 bytes plus a
terminating null.
Change-Id: Ie182d93393cc55835b24075e908393c386c85c24
Reviewed-on: https://code.wireshark.org/review/13250
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11982
Change-Id: Ib704d9128ab6427751edbf3a33f4b8fd14902562
Reviewed-on: https://code.wireshark.org/review/13233
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Stuff in an ERF file is big-endian, except for timestamps, so we want to
convert from big-endian to host format. (The two functions do the same
thing; this just makes it clearer what we're doing.)
Change-Id: I28e27857dcf299085e8a55747ffd45ad8313789b
Reviewed-on: https://code.wireshark.org/review/13248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for Generic Framing Procedure. Generic Framing Procedure (GFP)
is used to map octet-aligned variable length payloads (e.g. Ethernet, MPLS,
octet-aligned PPP, IP) into octet-synchronous signals such as SONET/SDH
(ITU-T G.707) and OTN (ITU-T G.709). GFP is a telecommunications industry
standard defined in ITU-T G.7041/Y.1303.
(https://www.itu.int/rec/T-REC-G.7041/)
Bug: 11961
Change-Id: Idf5b311e82b051b1ee65bde5149b3de405537b02
Reviewed-on: https://code.wireshark.org/review/13043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The use of a flag field here is aesthetically unpleasing when the flags
are referred to frequently. Convert these into bitfield entries.
Change-Id: I6f47e31558439dfd343ec7f856d04480366a1237
Reviewed-on: https://code.wireshark.org/review/12511
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
rec_length_remaining is the amount of data we haven't already read from
the record; it starts out as the record length and gets decreased. It
is not the length of data in the packet.
Change-Id: I46cd78e29aee13a686f1f6c8efbe258277e15686
Reviewed-on: https://code.wireshark.org/review/12759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Before reading the record header of a REC_FRAME{2,4,6} record, make sure
the record length is >= the length of that header.
Whe calling fix_pseudo_header(), pass the actual length of the packet
data, not the remaining length of the record (which may include
padding), so we don't read past the end of the packet data.
Bug: 11827
Change-Id: I1c63a4cb014c4616ffdd202660e68c576f266872
Reviewed-on: https://code.wireshark.org/review/12756
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add the TYPE_COLOR_HASH_POS and TYPE_COLOR_HASH_ETH types, note that
type 26 has no #define, mention that types 28 through 31 are reserved
for future record types.
Change-Id: Ic828254599599c6bd7399d4682f9a3d4bff1f0f7
Reviewed-on: https://code.wireshark.org/review/12728
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update erf_open heuristic to not break when ERF_TYPE_META records are present.
Remove check for maximum non-pad ERF type and add defines for reserved types.
No dissection in this commit beyond record type name, this will come later.
Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85
Reviewed-on: https://code.wireshark.org/review/12708
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The offsetof() macro is an ANSI C library feature.
Change-Id: I2ac91b0b4c94c6f6baf14133b076fdc5ed2e182b
Reviewed-on: https://code.wireshark.org/review/12707
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ZLIB_CONST must be defined before including zlib.h to expose z_const,
*AND* z_const shouldn't be used unless it's defined, because older
versions of zlib don't define it even if you define ZLIB_CONST.
While we're at it, throw in some DIAG_OFF(cast-qual)/DIAG_ON(cast-qual)
pairs to suppress unavoidable "cast throws away const qualification"
warnings.
The original "make zlib constness-aware" change also removed an
unnecessary include of <zlib.h> from wiretap/wtap.c, so we do that as
well.
Change-Id: I3c5269a8fbc54bbbb4d316544cc7b8fa30614c19
Reviewed-on: https://code.wireshark.org/review/12675
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit fb0246c6fd. That commit assumes that if you define Z_CONST, z_const will be defined; that is *not* the case with older versions of zlib, which don't define z_const under any circumstances.
Change-Id: I6f9b7ea18922799b1aaf94dc2c63120128f2550a
Reviewed-on: https://code.wireshark.org/review/12671
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ZLIB_CONST must be defined before including zlib.h to expose 'z_const'.
Change-Id: Ic0dbd59ed3c760dd84ef4546f6ff4d5d3db91519
Reviewed-on: https://code.wireshark.org/review/12547
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
("Unused" includes "set but not used".)
Change-Id: Id67859b366e8caa50262f8530630ec4e8ef1507a
Reviewed-on: https://code.wireshark.org/review/12457
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit b56f53884b.
Sadly, we *do* get warnings at this point with older versions of Flex,
such as the one on the 32-bit OS X buildbot.
Change-Id: I9aec1a16e9f2e1bbcfaac3dffdabdd89af5815e3
Reviewed-on: https://code.wireshark.org/review/12443
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We shouldn't be getting warnings at this point.
Change-Id: I363a48546cb8d916425f42962ae1697d52ed9a29
Reviewed-on: https://code.wireshark.org/review/12436
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tweak lemonflex-tail.inc to fix an issue this reveals.
It appears that, at least on the buildbots, the Visual Studio compiler
no longer issues warnings for the code generated with %option noyywrap.
Change-Id: Id64d56f1ae8a79d0336488a4a50518da1f511497
Reviewed-on: https://code.wireshark.org/review/12433
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11820
Change-Id: I7e0a603c20ca0c524399beb3d89e14c45dc3a06e
Reviewed-on: https://code.wireshark.org/review/12393
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As the comment says, that routine "[ensures] there is a valid bitrate",
and a bitrate of 0, which comes from truncating a fractional bitrate, is
not a valid bitrate (an MPEG-2 Transport Stream with a bitrate less than
1 bit per second is not going to carrry any sensible audio/video
stream).
Make the "first" argument unsigned; it can never be negative.
Restructure the code and change some data types to make it more obvious
that it can't.
Change-Id: Idd4d073dc558bb31271318e14b2f74292cd16a2b
Reviewed-on: https://code.wireshark.org/review/12352
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11821
Change-Id: I3243c837d84ccbce7d377810a5f381e906aeb1eb
Reviewed-on: https://code.wireshark.org/review/12323
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia2ce54592485d2995bcfd56bd127a2fedb1a7d07
Reviewed-on: https://code.wireshark.org/review/12293
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Handle Date: outside the "loop over magic strings" loop; that way, we
don't have to compare against "Date:" twice.
Don't use strlen() on constant strings - sizeof string - 1 lets us
calculate the length at compile time.
Change-Id: I7e4ff2f9762f96749a39609efa76430e5915d4f4
Reviewed-on: https://code.wireshark.org/review/12302
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11794
Change-Id: I74517806b119729ae6d9780bbd4bb094701ff05e
Reviewed-on: https://code.wireshark.org/review/12266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 11791
Change-Id: Ibaa2c16229c1b78818283ba5f954b09f3894dc60
Reviewed-on: https://code.wireshark.org/review/12270
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
No need to put them on the stack and initialize them at the beginning of
the routine.
Change-Id: Id6332be186660c881cf37290f70d03cc77ac66be
Reviewed-on: https://code.wireshark.org/review/12265
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For unsigned x, x/8 is x >> 3, and x*8 is x << 3, so 8*(x/8) is the result
of shifting x right 3 bits and then left 3 bits, which is the same as
masking out the low-order 3 bits, and x - (8*x/8) is the result of
subtracting all but the low-order 3 bits from x, thus it's the lower 3
bits, so you can just mask it with 0x7. That means the result is in the
range 0 through 7, so as long as the array has 8 elements, you're OK; it
does, but explicitly declare it as such, to make it clearer that it is,
and to get compiler warnings if not all 8 elements are initialized.
Change-Id: Iff9c0626b9bdc012cca52e4160dda9e947315bc4
Reviewed-on: https://code.wireshark.org/review/12264
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11789
Change-Id: Ieba9f32928b91be5d07b25bf54005155f7cc79f6
Reviewed-on: https://code.wireshark.org/review/12245
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
wtap.c:74:25: warning: ISO C forbids conversion of object pointer
to function pointer type [-Wpedantic]
Choose ISO C or dynamic loading, can't have both.
Change-Id: I6d48073dadaf7c1710bd87ed71a2e7b65970d47e
Reviewed-on: https://code.wireshark.org/review/12165
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcapng.c:461:31: warning: ISO C forbids passing argument 3 of 'g_hash_table_insert' between function pointer and 'void *' [-Wpedantic]
pcapng.c:1404:32: warning: ISO C forbids conversion of object pointer to function pointer type [-Wpedantic]
pcapng.c:1918:32: warning: ISO C forbids conversion of object pointer to function pointer type [-Wpedantic]
Change-Id: I535633098cc5d37442732dd92e8c9d3cda36631a
Reviewed-on: https://code.wireshark.org/review/12161
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes warning:
nettrace_3gpp_32_423.c:813:4: warning: format '%u' expects argument
of type 'unsigned int *', but argument 3 has type 'int *' [-Wformat=]
Change-Id: I4bfcc19ecac115d5aa2e222dfed8ea8b0b450d71
Reviewed-on: https://code.wireshark.org/review/12211
Reviewed-by: Guy Harris <guy@alum.mit.edu>
when we check for an mpeg2 transport stream, we're trying to detect an
initial offset before the first sync byte and the length of additional
data appended to each packet
use those values when we go through the file again and verify the PCR
Bug: 11749
Change-Id: Iab03cb271d23d38f850ca857b64ca47ba4501175
Reviewed-on: https://code.wireshark.org/review/12183
Reviewed-by: Michael Mann <mmann78@netscape.net>
Process it in libwiretap; no need to hand it to libwireshark for
dissection, it can just dissect the radio information pseudo-header with
the processed information.
Change-Id: I482697947eecbd3967cf1910ba2fa2bff805cd66
Reviewed-on: https://code.wireshark.org/review/12202
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also, fix the month check ("month" is in the range 1 through 12, not 0
through 11), and if neither sscanf() gets the right number of fields,
fail immediately.
Change-Id: I3f0da49e969c020c292facb843b9741116647302
Reviewed-on: https://code.wireshark.org/review/12170
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add some bounds checks while we're at it.
Change-Id: I19804aee10496fd68f95a27865f8f455d3abbe9f
Reviewed-on: https://code.wireshark.org/review/12166
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Thanks and a tip of the Hatlo hat to Coverity for finding this.
Change-Id: Ie9d4089443e52ef427e0cc8ae6e90a9d9787134e
Reviewed-on: https://code.wireshark.org/review/12123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
add DLT_ISO14443 to pcap_to_wtap_map[]
define WTAP_ENCAP_ISO14443, link it to the iso14443 dissector
Change-Id: Id837197c4d66071094f9336d60db36a371424807
Reviewed-on: https://code.wireshark.org/review/11959
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by cppcheck. The buffer is 9+1 characters, which means we should specify
9, not 10 to the scanf string since the count does not include the
null-terminator.
Change-Id: I0aae8cce337055b304efa9399cd5d8059928d2d8
Reviewed-on: https://code.wireshark.org/review/11887
Reviewed-by: Evan Huus <eapache@gmail.com>
It includes the temporary-file generation, so you don't have to do it
yourself.
Change-Id: I0798df95a5c5646224ec49612f50b423ed78547a
Reviewed-on: https://code.wireshark.org/review/11751
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That matches what we do with the other two pairs of dump opening
routines.
Change-Id: I0e6e475573c3a8d4ab6cf991d0aadc14150af233
Reviewed-on: https://code.wireshark.org/review/11744
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We just export some UI helpers and the Big Merge Engine.
Change-Id: I60bc8ab167e7100189a9ce60d84c0e4db27b6bda
Reviewed-on: https://code.wireshark.org/review/11689
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a dissector for reading Sysdig event blocks. It only handles plain
events but it's usable for reading trace files on hand here.
Use a script to generate various parts of the dissector. As an experiment,
update parts in-place instead of using a template.
Ultimately there should probably be a top-level "Syscall" or "Event"
dissector alongside the "Frame" dissector, which could then call this.
You could then directly compare an executable's system calls alongside
its network traffic.
For now leverage the pcapng_block dissector and keep everything under
"Frame".
Next steps:
- Items listed at the top of packet-sysdig-event.c.
Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37
Reviewed-on: https://code.wireshark.org/review/11103
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The callers of wtap_dump_init_dumper() always call
wtap_dump_open_check() first, with the same arguments in all cases; pull
the latter call into wtap_dump_init_dumper() itself.
Change-Id: I2b44dc3a018745e175b5c74ff1a346749fec2b71
Reviewed-on: https://code.wireshark.org/review/11681
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a "this is stdout" flag for a wtap_dumper, and have "open the
standard output for dumping" routines that set that flag. When closing
a wtap_dumper, do most of the work regardless of whether we're writing
to the standard output or not (so that everything gets written out) and
only skip the closing of the underlying file descriptor.
Change-Id: I9f7e4d142b3bd598055d806b7ded1cb4c378de8e
Reviewed-on: https://code.wireshark.org/review/11673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's a UI convention, and the GUI shouldn't honor that convention - a
user might get confused if they try to save to "-" and end up with
nothing (and with a ton of crap in a log file if programs launched from
the GUI end up with their standard output and error logged).
While we're at it, make randcap report write and close errors.
Change-Id: I9c450f0ca0320ce4c36d13d209b56d72edb43012
Reviewed-on: https://code.wireshark.org/review/11666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libwiretap no longer uses standard I/O routines to read files; those
includes are left over from when it did.
Change-Id: Ia46c5e24ed25c6bd254cd271746ace539a37e590
Reviewed-on: https://code.wireshark.org/review/11634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(And with #defines of read as _read and write as _write on Windows,
which might make structure members have surprising names if you try to
look at them in a debugger.)
Change-Id: Iaab5622cbde216d5fedd4bc014c83e4eef95f8a0
Reviewed-on: https://code.wireshark.org/review/11631
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, rename a variable to avoid colliding with the read()
routine.
Change-Id: I6629ec761f48751f34a2e7d04180d7583ad85710
Reviewed-on: https://code.wireshark.org/review/11626
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't have any Flex scanners that support an interactive command-line
interface, so none of our scanners are, or need to be, interactive.
Mark text2pcap's scanner as not interactive.
That means none of our scanners should call isatty(), so they don't have
any need to include <io.h> on Windows; remove that include from the
Lucent/Ascent text capture scanner.
Update a comment to reflect that what matters isn't whether we can read
from a terminal or whether we actually do so, what matters is whether
they read *interactively* from a terminal (if you want to run text2pcap
reading from the standard input and type at it, be my guest).
Change-Id: I59979d1fdb37e1913125a400963ff7a3fa6b9bbd
Reviewed-on: https://code.wireshark.org/review/11587
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move the definitions of hashipv4_t and hashipv6_t to wiretap/wtap.h, as
that's the main place they're used. Change them a bit not to depend on
other stuff from libwireshark, and change the code as required by those
changes.
This should fix the Solaris build; apparently, the Sun^WOracle compiler
is generating code for static inline functions even if they're never
called, so that libwiretap ends up including code that calls tvbuff and
wmem functions.
There's probably further cleanup that could be done here, but this
should at least fix the build, as well as getting rid of a dependency
between two libraries that are at least somewhat independent (libwiretap
should *not* depend on libwireshark, as some programs use libwiretap but
not libwireshark, and, ultimately, we probably want it to be possible to
use libwireshark without libwiretap but that'd be more work).
Change-Id: I91c745282f17d7c8bff7809aa277eab2b3cf47c1
Reviewed-on: https://code.wireshark.org/review/11537
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add "/WX" to the Visual C++ compiler flags if DISABLE_WERROR is off,
similar to config.nmake.
We haven't compiled C++ code with -Wshorten-64-to-32 for quite
some time so there's no need to add -Wno-shorten-64-to-32 in
ui/qt/CMakeLists.txt.
Additionally, squelch
----
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3050) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3065) : see reference to function template instantiation 'void std::_Median<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3127) : see reference to function template instantiation 'std::pair<_RanIt,_RanIt> std::_Unguarded_partition<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3157) : see reference to function template instantiation 'void std::_Sort<_Iter,int,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Diff,_Pr)' being compiled
with
[
_Iter=QList<QString>::iterator
, _RanIt=QList<QString>::iterator
, _Diff=int
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
.\rpc_service_response_time_dialog.cpp(130) : see reference to function template instantiation 'void std::sort<QList<QString>::iterator,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3051) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3052) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3053) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
----
in both rpc_service_response_time_dialog.cpp and wireshark_application.cpp
so that we'll compile successfully.
Change-Id: I457bcede99dcb1f3c1001f1f559c4901bb000357
Reviewed-on: https://code.wireshark.org/review/10533
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove variadic macros restriction (c99, c++11 feature) from
README.developer. GCC, Clang, MSVC 2005 all support it.
Enable -Wno-variadic-macros in configure.ac and CMakeLists.txt when
-Wpedantic is enabled (which would enable -Wvariadic-macros).
For all files matching 'define\s*\w+[0-9]\(', replace "FOO[0-9]" by
"FOO" and adjust the macro definition accordingly. The nbap dissector
was regenerated after adjusting its template and .cnf file. The
generated code is the same since all files disabled the debug macros.
Discussed at:
https://www.wireshark.org/lists/wireshark-dev/201209/msg00142.htmlhttps://www.wireshark.org/lists/wireshark-dev/201510/msg00012.html
Change-Id: I3b2e22487db817cbbaac774a592669a4f44314b2
Reviewed-on: https://code.wireshark.org/review/10781
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The packet data in some records has an FCS and in some records doesn't.
It appears that only the Series III packets do. Handle that.
Handle HT and VHT information supplied by Series III.
Get rid of an unused include while we're at it, and make the checks for
whether the protocol tree is being built a bit clearer, by testing the
tree pointer we'll actually be using. Make some style cleanups. Get
rid of some unused cruft.
Fix FPGA version checks.
This is based on Ixia's patches to an older version of Wireshark, but is
much cleaned up.
Bug: 11464
Change-Id: Ia341e6ffb1771cf38be812bf786f59b3250b7d5b
Reviewed-on: https://code.wireshark.org/review/10756
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If a pcapng Name Resolution Block has options, they should not screw up the
pcapng reader and cause it to fail to read the file.
Bug: 11485
Change-Id: Ic27cba937b6d93a3d9ed92522ed6b39ae2daeb8f
Reviewed-on: https://code.wireshark.org/review/10307
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Per the spec, it's always encoded in network order (4 separate bytes), and
thus should not be swapped on read.
Bug: 11484
Change-Id: I6a650896b324f42bfd2e05759c84e87ace733372
Reviewed-on: https://code.wireshark.org/review/10304
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
An IDB snaplen of 0 means no limit, so a Simple Packet Block's capture
length should be the same as its encoded packet length in such a case.
Bug: 11483
Change-Id: I8856d6c6a669a0048ea64b3adbd23c37a598431d
Reviewed-on: https://code.wireshark.org/review/10303
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
*Especially* don't stuff the amount of remaining data in a block into an
int that will then be passed to file_skip() as an amount to skip ahead,
as a Really Large Value will turn into a negative value and produce
various forms of bizarre and tricky-to-debug behavior.
Change-Id: I4d0a6b36fe50df84925690ad688a3ab0433ceb17
Reviewed-on: https://code.wireshark.org/review/10299
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't treat an EOF at the beginning of a frame as an error.
Treat I/O errors as hard errors; treat short reads as an indication that
the file isn't an MPEG-2 Transport Stream file.
Treat the PCR for a given PID not going forward as an indication that
the file isn't an MPEG-2 Transport Stream file.
Bug: 11471
Change-Id: I42b5887049423f8265db9d121d7b5bd388e5b244
Reviewed-on: https://code.wireshark.org/review/10286
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Currently there are a lot of local hacks in the 802.11ad support and
better support can be provided.
Also add a structure to track 802.11ad (DMG) specific features in the phdr
structure as suggested by Guy Harris.
Also, respond to some suggestions by Guy Harris.
Change-Id: I8459e3986a134a08ee2e31f0158b8aa5c9b91d86
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10204
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The 'number_of_interfaces' member of struct wtap is not used - nor is it
needed since the interface_data is a GArray with its own 'len' member.
Change-Id: Id0fb25248dea4bea9fc88a8ea35c09ba55029d89
Reviewed-on: https://code.wireshark.org/review/10138
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Like bug 11447, when wiretap reads a legacy PCAP file it needs to
set the interface description's tsprecision member. And like bug
11447, I'm wondering why we have the field to begin with. But I'm
fixing this so that the Windows buildbots can get going again.
Change-Id: I71d0fe2e999ee7d11f1f5cc424681a99e17b1b1b
Reviewed-on: https://code.wireshark.org/review/10139
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Down the rabbit hole we go...
Change-Id: I8371b95b85128209b56960eb6e54648a6babbb84
Reviewed-on: https://code.wireshark.org/review/10137
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
This change will be undone once the problem is found.
Change-Id: Ica9cfe31b4e30fad2bb9de508af61baa1c455cc1
Reviewed-on: https://code.wireshark.org/review/10136
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Add more information about the capture file, and about the interface
descriptions in it. Also remove long-unused g_options code.
Change-Id: I93cbd70fc7b09ec1b8b2fd6c85bb885c7f749543
Reviewed-on: https://code.wireshark.org/review/10073
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactor the file merging code by removing the duplicate logic from mergecap.c
and file.c's cf_merge_files(), into a new merge_files() function in merge.c.
Also the following user-visible changes:
* Removed the '-T' encap type option from mergecap, as it's illogical for
mergecap and would complicate common merge code.
* Input files with IDBs of different name, speed, tsprecision, etc., will produce
an output PCAPNG file with separate IDBs, even if their encap types are the same.
* Added a '-I' IDB merge mode option for mergecap, to control how IDBs are merged.
* Changed Wireshark's drag-and-drop merging to use PCAPNG instead of PCAP.
Bug: 8795
Bug: 7381
Change-Id: Icc30d217e093d6f40114422204afd2e332834f71
Reviewed-on: https://code.wireshark.org/review/10058
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They have educational values and can be used to debugging some issues.
Now Wireshark can open three files (BTSNOOP, PCAP, PCAPNG)
in two modes: Capture (Traditional) and File-Format.
Change-Id: I833b2464d11864f170923dc989a1925d3d217943
Reviewed-on: https://code.wireshark.org/review/10089
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The CMake dumpbabi targets collectively copy over 800 files. Do
that when when we build the actual targets instead of at configure
time. Hopefully this will speed up initial CMake runs.
Change-Id: I6e4d691e24c73ea05d638a0f897f570541c84e38
Reviewed-on: https://code.wireshark.org/review/10052
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Using 2 spaces for indent is way past its prime.
Change-Id: I80caf89f15e576f9aeb25754576a9f18215ccb3c
Reviewed-on: https://code.wireshark.org/review/10032
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
If we assume that, the time stamps of the sample captures on the
Colasoft site are in the range 2000-2014, and the HTTP time stamps in
the HTTP capture from there are close to the packet time stamps.
Change-Id: Id0e29c03dc8ada40f1040b95f169b4f3a8954a0f
Reviewed-on: https://code.wireshark.org/review/9986
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As the comment says, "Entries must be sorted by
WTAP_FILE_TYPE_SUBTYPE_xxx values in ascending order." If they're not,
the file type to file type string routines don't give the right answer.
Change-Id: I06afe7bb98cb36c54ddc831113bb632598ab2eb0
Reviewed-on: https://code.wireshark.org/review/9975
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Right now the output encapsulation type is ignored if the output (default) format is set to pcapng.
Change-Id: Ibffaaed5979bf63ed4e3fa3b1f859a82b401d80b
Reviewed-on: https://code.wireshark.org/review/9911
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If a host name is *so* long that an entry for it won't fit in a
65535-byte Name Resolution Block record, ignore the entry for that host.
Use more appropriate data types (guint32 for sizes that are 32-bit
unsigned integers, guint16 for the host name length as it'd better fit
in 16 bits).
Clean up some comments.
Remove a _U_ that's applied to a variable that *is* used.
Change-Id: I153d5aa885105149c62a5e5d2b78b54cf6ed7b4e
Reviewed-on: https://code.wireshark.org/review/9917
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make pcapng decode options in an NRB during read, and store the comment
option, and write it back out as well. Also make it handle plugin handlers
for unknown options in received NRB(s).
Change-Id: I81863ef8d85cb1c8b5ba6673ba0e562efe77714f
Reviewed-on: https://code.wireshark.org/review/9723
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use "3gpp32423" instead of "nettrace3gpp324423":
- There were too many "4"s in the previous name ("324423" vs "32423").
- "nettrace" isn't an official name, per 3GPP TS 32 423
- It's shorter.
Change-Id: Ic981d0351a3014fb79702955ebef7b13f6ce4a2e
Reviewed-on: https://code.wireshark.org/review/9863
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Improve consistency when referring to 3GPP TS 32.423:
- The standard name is "3GPP TS 32.423" (with "TS", and "." separator).
- Fix typo in number series ("32" not "34").
- The standard refers to "Trace", not "Nettrace".
Change-Id: If9994b9c6de69b6e1bdfc6679fbaabe698971949
Reviewed-on: https://code.wireshark.org/review/9795
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There were some cases where it wasn't getting initialized when we set
the PHY to 11b, in addition to the one Pascal found.
Change-Id: I127737cd29dc53c96342364de5cb722b135f23f3
Reviewed-on: https://code.wireshark.org/review/9540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't appear to provide the FEC type, although radiotap does, so
add a flag to indicate whether we have that.
Change-Id: I298d79bc6b640ee2408c3d70075c32bf331a210c
Reviewed-on: https://code.wireshark.org/review/9533
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The command byte values aren't FPGA-specific - if they were, the code
wouldn't have worked. Provide #defines for the main ones and check for
them, and use that to determine whether the packet is transmitted or
received.
Add a bunch of #defines, shuffle some defines to cluster related ones
together and separate unrelated ones, get rid of duplicate #defines
(where different FPGAs use the same value).
Fix some typoes.
Change-Id: Ic8adc589d7c36a4a91a81858de40c904743dd067
Reviewed-on: https://code.wireshark.org/review/9529
Reviewed-by: Guy Harris <guy@alum.mit.edu>
OK, where's NSS for the presumably-one-and-only user hiding for 11ac?
Change-Id: I53eb216c5d209dc5bb46c1d0aca7f8a200161e3e
Reviewed-on: https://code.wireshark.org/review/9512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
OK, anybody know how to convert a frequency between 4.9 GHz and 5.0 GHz
into a channel number, in a fashion that handles what's actually used in
both the US and Japan?
Change-Id: I95f4f9649e379b3d6651aadf8f62d8406b81b3b3
Reviewed-on: https://code.wireshark.org/review/9511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We're already only setting it for 11b and 11g; this makes it a bit
cleaner, e.g. we don't need to say "oh, wait, we *don't* have short
preamble" for 11n and 11ac.
Change-Id: Idcf3e8c93d6a417f0319e4bd33247b98f07b6052
Reviewed-on: https://code.wireshark.org/review/9209
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The assignment of a short to a guint8 in packet-ieee80211-radiotap.c line 1696
generates a narrowing warning.
In my reading of the spec which shows the field as 9 bits,
and looking at the hf fields for this item I think it should be a guint16.
Change-Id: Ic7785c2bfc66d72f7b1e914b1a46f32079fc99d9
Reviewed-on: https://code.wireshark.org/review/9197
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add more fields to the metadata to handle everything radiotap has, and
show them.
Call the FEC type field just "FEC", and have it be an integer field with
0 meaning BCC and 1 meaning LDPC, rather than a Boolean.
11ac doesn't have *an* MCS, it can have up to 4, one per user.
Label the 11ac bandwidth values the same way we do in the radiotap
dissector.
Change-Id: I2c2415baff3e5d68d49dda497980e8271d26b1f6
Reviewed-on: https://code.wireshark.org/review/9176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just for completeness' sake.
Change-Id: I1ed609431c8bc62a79ebbf837fa2fc62f627a002
Reviewed-on: https://code.wireshark.org/review/9157
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a field that holds the PHY type but nothing else. Have
a union with structures holding PHY-type-specific information, as a
bunch of attributes are PHY-specific.
If we have a channel and band, but don't have the frequency, attempt to
calculate the frequency, and add that to the radio information if we
succeed. If we have the frequency, but don't have the channel, attempt
to calculate the channel, and add that to the radio information if we
succeed.
Handle FHSS information, 11a "half/quarter-clocked" and turbo
information, 11g normal vs. Super G, additional 11n and 11ac
information, and the "short preamble" flag for 11b and 11g.
Add a PHY type for 11 legacy DSSS and detect it if possible.
Clean up the AVS dissector - make all fields wlancap. fields (if you
want generic fields, use the wlan_radio. fields).
Set more fields when writing out Commview Wi-Fi files.
Change-Id: I691ac59f5e9e1a23779b56a65124049914b72e69
Reviewed-on: https://code.wireshark.org/review/9146
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BTSNOOP format is supported by libwiretap and this dissector add
ability to open the same file in second mode:
1. Wireshark aka Protocol Viewer (default)
2. Fileshark aka File Viewer
Mode 2 also has feature to dissect protocols contained by this file,
try "Protocol Preferences -> Dissect next layer".
Change-Id: I99f0df5b55d31bf5a7d6e9269bfc054c09022b51
Reviewed-on: https://code.wireshark.org/review/17
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide that information so that the "802.11 radio information" protocol
can indicate whether a packet was 802.11 legacy/11b/11a/11g/11n/11ac,
and possibly whether it's 2.4 GHz or 5 GHz 11n. (Sometimes the center
frequency might not be supplied, so the band information can be useful.)
Also, provide some 11ac information, now that we can distinguish between
11n and 11ac. Don't calculate the data rate from the MCS index unless
it's 11n; we don't yet have code to calculate it for 11ac.
For radiotap, only provide guard interval information for 11n and 11ac,
not for earlier standards.
Handle the 11ac flag in the Peek remote protocol.
For Peek tagged files, the "extension flags" are 11n/11ac flags, so we
don't have to check for the "MCS used" bit in order to decide that the
packet is 11n or 11ac or to decide whether to provide the "bandwidth" or
"short GI" information.
Change-Id: Ia8a1a9b11a35243ed84eb4e72c384cc77512b098
Reviewed-on: https://code.wireshark.org/review/9032
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have dissectors of various forms of radio information headers in the
packets fill in a struct ieee_802_11_phdr with radio information as
appropriate, and call the "802.11 radio information" dissector rather
than the raw 802.11 dissector.
This means that the radio information can be found in a
protocol-independent and encapsulation-independent form when you're
looking at the packet; that information can be presented in a form
somewhat easier to read than the raw metadata header format.
It also enables having a single "radio information" tap that allows
statistics to handle all different sorts of radio information
encapsulation.
In addition, it lets us clean up some of the arguments passed to the
common 802.11 dissector routine, by having it pull that information from
the struct ieee_802_11_phdr.
Ensure that the right structure gets passed to that routine, and that
all the appropriate parts of that structure are filled in.
Rename the 802.11 radio protocol to "wlan_radio", rather than just
"radio", as it's 802.11-specific. Give all its fields "wlan_radio."
names rather than "wlan." names.
Change-Id: I78d79afece0ce0cf5fc17293c1e29596413b31c8
Reviewed-on: https://code.wireshark.org/review/8992
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove some unused members, and move the presence flags after the
should-always-be-set fields, right before the fields to which it
applies.
Change-Id: I8d6f08e1d3d8de0c11a9e04de4e98408d6b90693
Reviewed-on: https://code.wireshark.org/review/8972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those aren't pseudo-headers exported from libwiretap, they're just
structures corresponding to the pseudo-headers for some pcap/pcap-ng
link-layer header types.
Change-Id: Iec37cfc162b64adacdeb57e14e546bced7b673fa
Reviewed-on: https://code.wireshark.org/review/8941
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only this issue with a netscaler trace file
Bug: 11248
Change-Id: I2bc2cae5c988eeff7bdd08471bf421faafcd4e73
Reviewed-on: https://code.wireshark.org/review/8672
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It points to an array of bytes, not a character string.
Add some casts to squelch other Sun/Oracle C warnings.
Clean up some comments while we're at it.
Change-Id: Id0908178cb00d537e95569b9ce6f745c8fd6d716
Reviewed-on: https://code.wireshark.org/review/8369
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The LHS of the & operation is unsigned; make the RHS unsigned as well.
That squelches a Sun/Oracle C warning.
Change-Id: I6983cc89603a512020b8e8b560c00632de6b2fb3
Reviewed-on: https://code.wireshark.org/review/8363
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
Change-Id: I0d27565c382a04ceda9eec65f45a430ceb74cf53
Reviewed-on: https://code.wireshark.org/review/8255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
declaration of 'random' shadows a global declaration.
Change-Id: I2dde89a3f0e5abb3b8acc3c7d09e1a0d53a6c0f7
Reviewed-on: https://code.wireshark.org/review/8245
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a variant of filetime_to_nstime() that takes a value that's like a
FILETIME but in units of nanoseconds rather than tenths of a
microsecond, and use that. (It looks as if they might just get FILETIME
values from the OS and multiply them by 100, as the nanosecond-FILETIME
values appear to be multiples of 100 in the captures I've seen, but they
might have chosen nanosecond resolution in case they need to support a
higher-resolution time stamp source, so we don't assume that the values
will always be a multiple of 100.)
Change-Id: If6a1cb2cb673688b042eb113b79cfd267f5454a5
Reviewed-on: https://code.wireshark.org/review/8150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We had several copies of that code; put it into a filetime_to_nstime()
routine in wsutil, and call that common routine instead.
Change-Id: I1eb5579c36c129ff8d23f9212285ab3f63be0f43
Reviewed-on: https://code.wireshark.org/review/8142
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I.e., make them time_t's.
Change-Id: I102e9f585ae2798927757fe7f0f7a5a3fa251ec2
Reviewed-on: https://code.wireshark.org/review/8134
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The time is calculated based on a 32-bit "seconds since the Epoch" value
for the start time and a 32-bit delta from that time, in milliseconds.
We can just split that delta into seconds and milliseconds, add the
seconds to the start time to get the seconds part of the time stamp, and
multiply the milliseconds by 1,000,000 to get the nanoseconds part of
the time stamp. The only 64-bit arithmetic needed is adding the seconds
to a 64-bit version of the start time (just in case seconds+start time
goes past Y2.038K).
Change-Id: Id7c4c6255870627f81fc99dae919abaf47efc710
Reviewed-on: https://code.wireshark.org/review/8132
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Increase file size limit for mime files that can be
loaded by Wireshark to AddressSpace/2. On 32bit machines the limit can be
2 GiB.
Change-Id: I5b38b3ebe401077f4e1e873cff4b37da560d592f
Reviewed-on: https://code.wireshark.org/review/4907
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ica74f3f9239a96486967cf248feb4313bc390734
Reviewed-on: https://code.wireshark.org/review/7751
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically: Management/Control frames saved by Microsoft Netmon (3.4?)
with "IEEE 802.11 plus Network Monitor radio header" encapsulation
may or may not be saved with an FCS.
See Bug 11105.
Fix: Use "check fcs" preference to specify whether Management & Control
frames have an fcs for this encapsulation.
Change-Id: Ibd0be7b4765c2df2b959cb2234aeed027266246b
Reviewed-on: https://code.wireshark.org/review/7939
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Michael Mann