There are protocols out there that have 64-bit wide bit mask fields, so
make the internal representation and bitfield decoders 64-bit aware.
For this, the ws_ctz() fallback and bits_count_ones() have to be tweaked
slightly.
Change-Id: I19237b954a69c9e6c55864f281993c1e8731a233
Reviewed-on: https://code.wireshark.org/review/4158
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's hyper with 8 bytes alignment it can have 1/100000 sec resolution or 1sec resolution
Bug: 10541
Change-Id: Iecc4c6d1bd1695a4c02db72e1617134254810cd9
Reviewed-on: https://code.wireshark.org/review/4606
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fetch the count of records from one of the locations where it appears to
be, and, currently, require that it be equal to the count at the other
location where it appears to be; if they ever differ, we'll need the
file in order to reverse-engineer some more.
Fix the way we *write* .rf5 files - it turns out that we were
1) not writing the full file size;
2) not writing the packet count in the right location.
Detect files written by the old code, and get the packet count from the
right location for those files.
Change-Id: I7ce83afbc9dbbd300c81c96ef8f7785a0aeefa7a
Reviewed-on: https://code.wireshark.org/review/4608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 10540
Change-Id: If4a8603a7cb62894cc46094056dd5313039884b2
Reviewed-on: https://code.wireshark.org/review/4604
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 10542
Change-Id: I8fcfbbd96833af2c57754a4c8f96cf702972e22a
Reviewed-on: https://code.wireshark.org/review/4603
Reviewed-by: Michael Mann <mmann78@netscape.net>
For open_info, use names based on the names in other lists.
Also, in comments, indicate what the three count 'em three tables are
used for, and clean up the type/subtype table.
Change-Id: I7a763119e790d5970f87dff05284f465eebfb7e7
Reviewed-on: https://code.wireshark.org/review/4599
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Fix for Single-bit Objects offset-pointer
- Enhancement for Obj 12 Var 2 (Pattern Control Block) and Var 3 (Pattern Mask) Decoding
Bug: 10558
Change-Id: I8d3f6cee4acbab09d0b93dab6b868cddd842b682
Reviewed-on: https://code.wireshark.org/review/4597
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug 10532
Updated with Bandwidth Profile support
Change-Id: I0f31eb6c78a5e34bcb1c286a9a10730b3b63481c
Reviewed-on: https://code.wireshark.org/review/4571
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I57a01eacaa02e45c23bb4827ae982c897fb308ee
Reviewed-on: https://code.wireshark.org/review/4592
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Version 3's time stamps are all absolute, so we can directly use the
value in the file; we don't need to keep track of the time in the
private data structure, and some compilers issue warnings due to setting
it and then not using the value to which we set it.
Change some names and indentation to match other file versions while
we're at it.
Change-Id: I97698d933b87a8ad58d9e88ceedd75004797df69
Reviewed-on: https://code.wireshark.org/review/4596
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 10547
Change-Id: I4708fd9977e635c66ef1350ce5098520e4c2ce1e
Reviewed-on: https://code.wireshark.org/review/4579
Reviewed-by: Michael Mann <mmann78@netscape.net>
Work around a CMake bug using file globbing.
Change-Id: I67dc8268154e05834e5d4e7d8f22c6eb25b24c1f
Reviewed-on: https://code.wireshark.org/review/4595
Reviewed-by: Gerald Combs <gerald@wireshark.org>
and TAI.
Change-Id: I95d9ebf1d6f4eabe30b557fdc937d56006f8b123
Reviewed-on: https://code.wireshark.org/review/4593
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It returns the length of the string it read, so only treat 0 and -1 as
errors. (0 either means "EOF" or "string is zero length", but this is
only in the code that reads numbers, and a number needs at least 1
digit, so both EOF and "zero-length string" mean "this isn't a valid
Peek tagged file".)
Change-Id: Ib83eb2f1e53d912a2138be01480e2b464cf936db
Reviewed-on: https://code.wireshark.org/review/4591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, log a message if a Lua file format module lacks a
read or a seek-read routine, rather than completely silently ignoring
that module if it claims a file.
Change-Id: I9778f7835922439e2d3708614689280ef7b61d33
Reviewed-on: https://code.wireshark.org/review/4590
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I don't have a capture to check but this appears to be correct.
Change-Id: I93405d1e3ec4aac3761d06e257db3ec2e32b2fc2
Reviewed-on: https://code.wireshark.org/review/4587
Reviewed-by: Gerald Combs <gerald@wireshark.org>
They happen to be, at least now, but that's not valid in C++, and it's
probably unwise in any case.
Change-Id: Ifd49920cfaa376e5e7788329ee83db3956a7cdff
Reviewed-on: https://code.wireshark.org/review/4585
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sadly, the GTK+ folks decided not to use size_t for the size argument,
so it doesn't do the right thing on LLP64 platforms such as Windows.
Change-Id: I2aa9096215c488b48f1cf68d2a285a48abb6f07f
Reviewed-on: https://code.wireshark.org/review/4584
Reviewed-by: Guy Harris <guy@alum.mit.edu>
plugins/*/CMakeLists.txt has a lot of repitition. We might want to
create a module or include file to simplify things.
Change-Id: Iadd453c286a4127beacd80edf6dc200aa9148852
Reviewed-on: https://code.wireshark.org/review/4582
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Clean up some things we ran across while making those changes.
Change-Id: Ic0d8943d36e6e120d7af0a6148fad98015d1e83e
Reviewed-on: https://code.wireshark.org/review/4581
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add an ENABLE_APPLICATION_BUNDLE option which is enabled by default on
OS X and disabled elsewhere. The bundle is currently bare-bones and only
contains the main executables, Info.plist, and application icon.
Capitalize the main application name when ENABLE_APPLICATION_BUNDLE is
set and on Windows.
Start updating CPackConfig.txt for OS X packaging.
To do:
- Add supporting libraries and frameworks.
- Make the bundle standalone. I.e. call FIXUP_BUNDLE or
replicate the relevant parts of osx-app.sh
Change-Id: I4e25abd3b8cbe121ec8615b98706a15c58812cdb
Reviewed-on: https://code.wireshark.org/review/4577
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also "refactored" a few fields into proto_tree_add_bitmask calls.
Change-Id: I3a222b38e1992943d6ee4bd300026bc28c5bbb78
Reviewed-on: https://code.wireshark.org/review/4575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some other cleanup while in the neighborhood. Not sure the all the proto_tree_add_expert calls are needed after each field (having implicit bounds error thrown should be sufficient), but left them in there.
Change-Id: I3ca75ec9f51ccbed6b6ca792789daa8e7cebf34a
Reviewed-on: https://code.wireshark.org/review/4574
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The protofield is optional and can not be replaced with 'nil'
as with the other fields for this function.
Change-Id: I2b1dd7f290264394b400cea2110b65b657c71456
Reviewed-on: https://code.wireshark.org/review/4549
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
As Graham pointed out, "#pragma warning(disable..." affects the rest
of the file. Add a push+pop so that we only operate on the line in
question. Ideally we'd be able to use "suppress" but an "#endif"
prevents that.
Change-Id: Ia01d6c245879f1c845dc68c18caea2cbceb273ef
Reviewed-on: https://code.wireshark.org/review/4569
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Distringuish "the compression data has a problem" from "the capture file
(not compressed, or after decompression) data has a problem", with
WTAP_ERR_DECOMPRESS used for the former (whether it's the gzipping
decoded by our gunzip code or the Sniffer compression) and
WTAP_ERR_BAD_FILE used for the latter.
Change-Id: I8e6bff7edb480deba00c52a9e5afff607492e085
Reviewed-on: https://code.wireshark.org/review/4568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There is regular expression that extracts only the number from
--extcap-interface argument and only that number (as string) is being
passed to extcap_dlts().
Change-Id: I5159f9405a766c1edff792213b2aef72b9a29ba4
Reviewed-on: https://code.wireshark.org/review/4550
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If the goal is to look like a libwiretap routine, we only need to set
*err_info on an error, and we should set it to a g_mallocated string (or
NULL).
Handle WTAP_ERR_UNSUPPORTED while we're at it - we never return it, but
we never return WTAP_ERR_UNSUPPORTED_ENCAP, either, but we handle it.
Change-Id: I9d93c43278d22f0fa77ec1cf7f29b476c8dd0dd0
Reviewed-on: https://code.wireshark.org/review/4565
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get rid of WTAP_ERR_UNC_TRUNCATED and WTAP_ERR_UNC_BAD_OFFSET, and lump
them under WTAP_ERR_BAD_FILE, with an error string; they're just another
form of "this file isn't a valid file of the type in question".
Change-Id: I0e9ac7c2ee66c8d789234a301c1dc2173aef1312
Reviewed-on: https://code.wireshark.org/review/4562
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Daniel Mack