Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A linktype was recently assigned to Linux vsock in libpcap commit
cfdded36ddcf5d01e1ed9f5d4db596b744a6cda5 ("added DLT_VSOCK for
http://qemu-project.org/Features/VirtioVsock").
The Wireshark vsock dissector can now be automatically applied when
wtap_encap matches the new WTAP_ENCAP_VSOCK constant.
This patch makes Wireshark dissect vsock packet captures without
manually specifying the dissector.
Change-Id: If252071499a61554f624c9ce0ce45a0ccfa88d7a
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22611
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It needed to be done:
https://github.com/shirriff/pup-wireshark
(And, yes, there really *is* a DLT_/LINKTYPE_ for it! The original DLT_
values were ARP hardware types, and 3MB Ethernet was assigned an ARP
hardware type of 2.)
Change-Id: I60d96c28e67854adcb28c7e3579ae5dd1f07df4b
Reviewed-on: https://code.wireshark.org/review/22336
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In change 18a3b0659c, I moved the table
that uses it, but not the actual definition, from libpcap.c to
pcap-common.c; they both should have been moved. Make it so.
Change-Id: I266fce455df3848b873cdfadb12cecdbf9c8d4d3
Reviewed-on: https://code.wireshark.org/review/22216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have them all be "usb-XXX", where XXX indicates the type of header.
Change-Id: I7f1bfea7e264b17c57f94c484d64d1cce91b9b78
Reviewed-on: https://code.wireshark.org/review/22147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Correct some symbolic references in source file comments
and add a note about the CMake configuration options.
Change-Id: Idb670a2c798c2a52cdce142340ce8fc5a2022508
Reviewed-on: https://code.wireshark.org/review/22138
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for handling LoRaTap (https://github.com/eriknl/LoRaTap) DLT in
wiretap and add dissector for LoRaTap headers.
Exposes Syncword for subdissectors to dissect frame payload.
Change-Id: Ie4ba2189964376938f45eb3da93f2c3376042e85
Reviewed-on: https://code.wireshark.org/review/21915
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Either 1) it can be determined from the libwiretap encapsulation type,
in which case it's redundant information or 2) there *is* no pcap/pcapng
link-layer header type for that encapsulation type, in which case you
need to check for the attempt to determine it failing and handle that
failure appropriately.
Change-Id: Ie9557b513365c1fc8c6df74b9c8239e29aad46bc
Reviewed-on: https://code.wireshark.org/review/21924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For HT mixed, set it the same way it's set for HT greenfield.
For pre-HT, set it to 0.
Also, for the "unknown" case, set rate_mcs_index to 0.
This should obviate the need to initialize either of those variables,
don't initialize them, so that failing to set them in an arm of the
switch statement shows up as an error if the compiler's dataflow
analysis actually bothers to check this.
Change-Id: I92703770dd5000a579b53609fb93a2085fd9fca3
Reviewed-on: https://code.wireshark.org/review/21573
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I don't know whether this is a bug in the software or a lack of support
in the hardware.
This at least notes the issue in CID 1405905.
Change-Id: I481454bc38842a0f877cb8b52b73e1156fd362b5
Reviewed-on: https://code.wireshark.org/review/21558
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's valid only for 3 or 6 spatial streams; return 0 as the bitrate
for all other values. Also, handle the 6 spatial streams case.
Give the conversion tables explicit sizes, to make it clear what
subscripts are valid.
Return 0 for an MCS > 9, for consistency with the other error return,
and to mark it as clearly wrong.
Fixes CID 1405908.
Change-Id: Icbf655c63c0e88fd6cec7c66bae85fd887a3bd9c
Reviewed-on: https://code.wireshark.org/review/21557
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That should remove the need to initialize them, make it clearer what
values are being used in the "RF only" case, and catch any cases where
they don't get set in the "not just RF" case in the future.
Change-Id: I10c3ecef608ed2f481111fb7bc32bb8494b68d27
Reviewed-on: https://code.wireshark.org/review/21536
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Prevents some compiler warnings
Change-Id: I9d62d0f3e6b7794c5ed43f37d52f86d81344a33c
Reviewed-on: https://code.wireshark.org/review/21531
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add some parentheses to make an expression clearer to people who haven't
memorized the table of C operator precedences.
Don't fiddle the nss variable in place; explicitly combine it with the
IS_TX value when we put it in the header, to make it clearer what's in
that header byte.
Change-Id: I870b892fb9dab2bc210956f923e0183f4e147989
Reviewed-on: https://code.wireshark.org/review/21530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The packet-ixveriwave.c dissector appears to do so.
Change-Id: Ie02c4611ef18e83abcd3b625bbc40014080ffca1
Reviewed-on: https://code.wireshark.org/review/21525
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do the MCS -> NSS mapping for HT by a table lookup.
For VHT with Series II, do it the old way for now, under the assumption
that the MCS index and NSS are bit fields, but note that the MCS index
and NSS bit fields would overlap.
Change-Id: Ibc89590faf15900171b2a1b4ac1e50793ed70c32
Reviewed-on: https://code.wireshark.org/review/21523
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That maeks the code a little clearer.
It also makes it clearer that the "MCS index" is, for pre-HT, a rate
index, so rename some variables and macros.
Change-Id: I64b7bca073df0f837e5d968682345187000207fc
Reviewed-on: https://code.wireshark.org/review/21521
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They're not necessary for most hardware; remove the unnecessary checks,
and add comments indicating why they're not necessary (or fix the
"maximum value of actual_octets is" part of the comment).
They *are* necessary for Series III hardware; put in the check.
Change-Id: Idd64a74099d5cf7398a2ddb850442e53c9206724
Reviewed-on: https://code.wireshark.org/review/21491
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add some additional blank lines, remove some extra, blank lines, fix
indentation.
Make vVW510024_E_IS_VLAN 32-bits, to match the other flags.
Change-Id: Id1cd63ff2b75764907a44e9f8525b1537666fde1
Reviewed-on: https://code.wireshark.org/review/21488
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's only a 17-byte PLCP header with the Series III hardware.
Change-Id: Ice8dfbbc5daa0578ee4eb6588fc8a8b597806d0d
Reviewed-on: https://code.wireshark.org/review/21487
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer that the Series I hardware doesn't do HT or VHT.
Change-Id: Ibeccfcba997555bef06098828f01951dc32a6d2c
Reviewed-on: https://code.wireshark.org/review/21486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix "VHTPPDU" to be "VHT PPDU".
Move the code that processes the RSSI values before the code that
processes the next two bytes of the header, so it's done in order; that
makes it a bit easier to see the layout of that header (although 2 bytes
of it are processed below).
Fix the comment describing what the first 16 bytes of the record data
after the stats are. Don't use vVW510021_W_STATS_HEADER_LEN - that's
for the Series II hardware.
Fix some indentation.
Change-Id: If47c4a44fd5e72971a28daf6af88d5e19c53abbe
Reviewed-on: https://code.wireshark.org/review/21482
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(The dissector checks for it.)
Change-Id: Ic1456b263f3cbda2a630259a2b71b1f1015b5e3e
Reviewed-on: https://code.wireshark.org/review/21442
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Include the RF information length if there's RF information.
While we're at it:
Rename the variable holding the offset of the stats information from "j"
to "stats_offset", to make it clearer what it is.
Clean up whitespace.
Get rid of comments that no longer apply.
Improve the comment explaining the MPDU_OFF value for Series III.
Change-Id: I49e2926a80aa8bb11f87d97fdc628bcc9f1220e0
Reviewed-on: https://code.wireshark.org/review/21439
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add #defines for the remaining command types, based on some other
Get rid of the HEADER_IS_xxx #defines; they're the same for all
hardware, and the switch statement doesn't distinguish between different
hardware.
Set *IS_TX in the switch statement cases. While we're at it, set v_size
and *v_type in the default case; add a VT_UNKNOWN value for that case.
Change-Id: Ib17d1e435c99fcb746144b4735c160a5f22b7544
Reviewed-on: https://code.wireshark.org/review/21438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There aren't any "4 Management bytes for OCTO version FPGA" in that
header.
Change-Id: I57f673dad5bc10b888fae22c2fb1a45af57ff493
Reviewed-on: https://code.wireshark.org/review/21434
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Idad8f7eeed968eeed9f553fef98d58453f328afb
Reviewed-on: https://code.wireshark.org/review/21421
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Whitespace, remove now-irrelevant comments, add more comments, expand
some comments, make an if chain more straightforward.
Change-Id: I9772022247e2f0fdbfc676db9f0031bad7f8884d
Reviewed-on: https://code.wireshark.org/review/21423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
You don't have to and the bitfield container with a mask and compare it
against the bit, you can just test the bit, which is a pretty standard C
idiom.
Change-Id: I87b3d84f802114199fb93357358412c623199ca2
Reviewed-on: https://code.wireshark.org/review/21422
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes stuff a bit clearer.
Also, add some comments, remove some redundant comments, fix some
comments, and use some #defines instead of hardcoded constants and
expressions.
And get rid of an unnecessary setting of *err to WTAP_ERR_SHORT_READ -
either it's a short read, in which case it was already set to
WTAP_ERR_SHORT_READ, or it's *not* a short read, in which case *err was
set to the appropriate error code, and we should leave it alone.
Change-Id: I657f505915854ac4a6b85e87b4021961b1a1c507
Reviewed-on: https://code.wireshark.org/review/21415
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's only called if vwr->FPGA_VERSION is S2_W_FPGA, so any code that's
run only if it's *not* S2_W_FPGA is dead code. Remove it, for clarity.
While we're at it, add some new comments, fix some comments, and get rid
of an unused argument to vwr_read_s2_W_rec().
Change-Id: I3e4bd5d7a79f36d8354a0bbf875ee87eeaf60d43
Reviewed-on: https://code.wireshark.org/review/21414
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The cfile_ error-reporting routines free err_info; the caller doesn't
have to and, in fact, mustn't do so themselves.
While we're at it, make sure wtap_seek_read() always zeroes out *err and
nulls out *err_info, so the latter either points to a freshly-allocated
string or is null.
Change-Id: Idfe05a3ba2fbf2647ba14e483187617ee53e3c69
Reviewed-on: https://code.wireshark.org/review/21407
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Attempt to make the various metadata headers, and the code that
constructs them, a bit clearer.
(Also, it's VeriWave; be consistent.)
Change-Id: I0bb7d70f547d492c4947ceb313888991f2d374f2
Reviewed-on: https://code.wireshark.org/review/21360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have them just return the information needed for the caller to produce
an error message, and have the callers use the new cfile_ routines for
reporting errors.
This requires that the "write failure alert box" routine take the
*input* file name as an argument, so that, on a merge, if the problem is
that a record from a given input file can't be written out to the type
of output file we're generating, the input file name can be given, along
with the record number in that file.
Change-Id: If5a5e00539e7e652008a523dec92c0b359a48e71
Reviewed-on: https://code.wireshark.org/review/21257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Addresses CIDs 1398222 and 1398221.
Fix the previous fix while we're at it.
Change-Id: I6fe54e6ad115ac05154291b76de316426db72139
Reviewed-on: https://code.wireshark.org/review/21176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's more consistent.
Handle the "libpcap" names for backwards compatibility.
Change-Id: I819404d69bddd733b7ee38e23d3ddc71110c0faf
Reviewed-on: https://code.wireshark.org/review/21172
Reviewed-by: Guy Harris <guy@alum.mit.edu>