osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

wiretap: register most built-in file types from its module. 

Remove most of the built-in file types from the table in
wiretap/file_access.c and, instead, have the file types register
themselves, using wtap_register_file_type_subtypes().

This reduces the source code changes needed to add a new file type from
three (add the handler, add the file type to the table in file_access.c,
add a #define for the file type in wiretap/wtap.h) to one (add the
handler).  (It also requires adding the handler's source file to
wiretap/CMakeLists.txt, but that's required in both cases.)

A few remain because the WTAP_FILE_TYPE_SUBTYPE_ #define is used
elsewhere; that needs to be fixed.

Fix the wiretap/CMakefile.txt file to scan k12text.l, as that now
contains a registration routine.  In the process, avoid scanning files
that don't implement a file type and won't ever have a registration
routine.

Add a Lua routine to fetch the total number of file types; we use that
in some code to construct the wtap_filetypes table, which we need to do
in order to continue to have all the values that used to come from the
WTAP_FILE_TYPE_SUBTYPE_ types.

While we're at it, add modelines to a file that lacked them.
This commit is contained in:
Guy Harris 2021-02-14 00:34:10 -08:00
parent 5b3c3d0682
commit b8b3531883
73 changed files with 1581 additions and 768 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/wslua/make-init-lua.pl
View File

@ -83,10 +83,6 @@ while(<WTAP_H>) {
$wtap_encaps_table .= "\t[\"$1\"] = $2,\n";
}
if ( /^#define WTAP_FILE_TYPE_SUBTYPE_([A-Z0-9_]+)\s+(\d+)/ ) {
$wtap_filetypes_table .= "\t[\"$1\"] = $2,\n";
}
if ( /^#define WTAP_TSPREC_([A-Z0-9_]+)\s+(\d+)/ ) {
$wtap_tsprecs_table .= "\t[\"$1\"] = $2,\n";
# for backwards compatibility we need to add them to the filetypes table too

129
epan/wslua/template-init.lua
View File

@ -78,8 +78,137 @@ end
%WTAP_ENCAPS%
--
-- This pulls in the WTAP_TSPREC_ values that are included in
-- wtap_filetypes for backwards compatibility.
--
%WTAP_FILETYPES%
--
-- Generate the wtap_filetypes items for file types, for backwards
-- compatibility.
-- We no longer have WTAP_FILE_TYPE_SUBTYPE_ #defines;
-- built-in file types are registered the same way that
-- plugin file types are registered.
--
-- New code should use wtap_name_to_file_type_subtype to
-- look up file types by name.
--
-- "UNKNOWN" is a special case; it has no name.
--
wtap_filetypes["UNKNOWN"] = 0
for filetype = 1, wtap_get_num_file_types_subtypes() - 1 do
local typename = wtap_file_type_subtype_name(filetype)
--
-- In most cases, the old #define was just a capitalized
-- version of the file type name.
--
-- We process the exceptions here.
--
if typename == "nsecpcap" then
wtap_filetypes["PCAP_NSEC"] = filetype
elseif typename == "aixpcap" then
wtap_filetypes["PCAP_AIX"] = filetype
elseif typename == "modpcap" then
wtap_filetypes["PCAP_SS991029"] = filetype
elseif typename == "nokiapcap" then
wtap_filetypes["PCAP_NOKIA"] = filetype
elseif typename == "rh6_1pcap" then
wtap_filetypes["PCAP_SS990417"] = filetype
elseif typename == "suse6_3pcap" then
wtap_filetypes["PCAP_SS990915"] = filetype
elseif typename == "iptrace_1" then
wtap_filetypes["IPTRACE_1_0"] = filetype
elseif typename == "iptrace_2" then
wtap_filetypes["IPTRACE_2_0"] = filetype
elseif typename == "dct2000" then
wtap_filetypes["CATAPULT_DCT2000"] = filetype
elseif typename == "netxray1" then
wtap_filetypes["NETXRAY_OLD"] = filetype
elseif typename == "netxray2" then
-- This is correct; the #define was wrong
wtap_filetypes["NETXRAY_1_0"] = filetype
elseif typename == "etherwatch" then
wtap_filetypes["DBS_ETHERWATCH"] = filetype
elseif typename == "iseries_ascii" then
wtap_filetypes["ISERIES"] = filetype
elseif typename == "iseries_unicode" then
wtap_filetypes["ISERIES_UNICODE"] = filetype
elseif typename == "netmon1" then
wtap_filetypes["NETMON_1_x"] = filetype
elseif typename == "netmon2" then
wtap_filetypes["NETMON_2_x"] = filetype
elseif typename == "ngsniffer" then
wtap_filetypes["NGSNIFFER_UNCOMPRESSED"] = filetype
elseif typename == "ngsniffer_comp" then
wtap_filetypes["NGSNIFFER_COMPRESSED"] = filetype
elseif typename == "ngwsniffer_1_1" then
wtap_filetypes["NETXRAY_1_1"] = filetype
elseif typename == "ngwsniffer_2_0" then
wtap_filetypes["NETXRAY_2_00x"] = filetype
elseif typename == "niobserver" then
wtap_filetypes["NETWORK_INSTRUMENTS"] = filetype
elseif typename == "pppd" then
wtap_filetypes["PPPDUMP"] = filetype
elseif typename == "tcpiptrace" then
wtap_filetypes["VMS"] = filetype
elseif typename == "rf5" then
wtap_filetypes["K12"] = filetype
elseif typename == "visual" then
wtap_filetypes["VISUAL_NETWORKS"] = filetype
elseif typename == "peekclassic56" then
wtap_filetypes["PEEKCLASSIC_V56"] = filetype
elseif typename == "peekclassic7" then
wtap_filetypes["PEEKCLASSIC_V7"] = filetype
elseif typename == "pklg" then
wtap_filetypes["PACKETLOGGER"] = filetype
elseif typename == "dsna" then
wtap_filetypes["DAINTREE_SNA"] = filetype
elseif typename == "nstrace10" then
wtap_filetypes["NETSCALER_1_0"] = filetype
elseif typename == "nstrace20" then
wtap_filetypes["NETSCALER_2_0"] = filetype
elseif typename == "nstrace30" then
wtap_filetypes["NETSCALER_3_0"] = filetype
elseif typename == "nstrace35" then
wtap_filetypes["NETSCALER_3_5"] = filetype
elseif typename == "jpeg" then
wtap_filetypes["JPEG_JFIF"] = filetype
elseif typename == "mp2t" then
wtap_filetypes["MPEG_2_TS"] = filetype
elseif typename == "vwr80211" then
wtap_filetypes["VWR_80211"] = filetype
elseif typename == "vwreth" then
wtap_filetypes["VWR_ETH"] = filetype
elseif typename == "stanag4607" then
wtap_filetypes["STANAG_4607"] = filetype
elseif typename == "logcat-brief" then
wtap_filetypes["LOGCAT_BRIEF"] = filetype
elseif typename == "logcat-process" then
wtap_filetypes["LOGCAT_PROCESS"] = filetype
elseif typename == "logcat-tag" then
wtap_filetypes["LOGCAT_TAG"] = filetype
elseif typename == "logcat-thread" then
wtap_filetypes["LOGCAT_THREAD"] = filetype
elseif typename == "logcat-time" then
wtap_filetypes["LOGCAT_TIME"] = filetype
elseif typename == "logcat-threadtime" then
wtap_filetypes["LOGCAT_THREADTIME"] = filetype
elseif typename == "logcat-long" then
wtap_filetypes["LOGCAT_LONG"] = filetype
elseif typename == "colasoft-pb" then
wtap_filetypes["PACKET_BUILDER"] = filetype
elseif typename == "3gpp32423" then
wtap_filetypes["NETTRACE_3GPP_32_423"] = filetype
elseif typename == "3gpp_log" then
wtap_filetypes["LOG_3GPP"] = filetype
elseif typename == "jpeg" then
wtap_filetypes["JPEG_JFIF"] = filetype
else
wtap_filetypes[string.upper(typename)] = filetype
end
end
%WTAP_TSPRECS%
%WTAP_COMMENTTYPES%

13
epan/wslua/wslua_wtap.c
View File

@ -83,3 +83,16 @@ WSLUA_FUNCTION wslua_wtap_name_to_file_type_subtype(lua_State* LS) {
lua_pushnumber(LS,filetype);
WSLUA_RETURN(1); /* The filetype value for the file type with that name, or nil if there is no such file type. */
}
WSLUA_FUNCTION wslua_wtap_get_num_file_types_subtypes(lua_State* LS) {
/*
Get the total number of filetype values.
Note: as filetype values begin with 0, this is one *greater*
than the largest filetype value.
@since 3.5.0
*/
lua_pushnumber(LS,wtap_get_num_file_types_subtypes());
WSLUA_RETURN(1); /* The total number of registered file types. */
}

22
wiretap/5views.c
View File

@ -95,6 +95,9 @@ static int _5views_read_header(wtap *wth, FILE_T fh, t_5VW_TimeStamped_Header *h
static gboolean _5views_dump(wtap_dumper *wdh, const wtap_rec *rec, const guint8 *pd, int *err, gchar **err_info);
static gboolean _5views_dump_finish(wtap_dumper *wdh, int *err, gchar **err_info);
static int _5views_file_type_subtype = -1;
void register_5views(void);
wtap_open_return_val
_5views_open(wtap *wth, int *err, gchar **err_info)
@ -160,7 +163,7 @@ _5views_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
/* This is a 5views capture file */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_5VIEWS;
wth->file_type_subtype = _5views_file_type_subtype;
wth->subtype_read = _5views_read;
wth->subtype_seek_read = _5views_seek_read;
wth->file_encap = encap;
@ -307,7 +310,7 @@ static const int wtap_encap[] = {
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
int _5views_dump_can_write_encap(int encap)
static int _5views_dump_can_write_encap(int encap)
{
/* Per-packet encapsulations aren't supported. */
if (encap == WTAP_ENCAP_PER_PACKET)
@ -321,7 +324,7 @@ int _5views_dump_can_write_encap(int encap)
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure */
gboolean _5views_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
static gboolean _5views_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
_5views_dump_t *_5views;
@ -450,6 +453,19 @@ static gboolean _5views_dump_finish(wtap_dumper *wdh, int *err, gchar **err_info
return TRUE;
}
static const struct file_type_subtype_info _5views_info = {
"InfoVista 5View capture", "5views", "5vw", NULL,
TRUE, FALSE, 0,
_5views_dump_can_write_encap, _5views_dump_open, NULL
};
void register_5views(void)
{
_5views_file_type_subtype =
wtap_register_file_type_subtypes(&_5views_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

2
wiretap/5views.h
View File

@ -12,7 +12,5 @@
#include "wtap.h"
wtap_open_return_val _5views_open(wtap *wth, int *err, gchar **err_info);
gboolean _5views_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int _5views_dump_can_write_encap(int encap);
#endif

41
wiretap/CMakeLists.txt
View File

@ -18,7 +18,12 @@ set(WIRETAP_PUBLIC_HEADERS
wtap_opttypes.h
)
set(WIRETAP_NONGENERATED_FILES
#
# Files that implement reading and possibly writing one or more
# file types. (For cases where more than one source file is
# used, this should be the one that contains a registration routine.)
#
set(WIRETAP_C_MODULE_FILES
${CMAKE_CURRENT_SOURCE_DIR}/5views.c
${CMAKE_CURRENT_SOURCE_DIR}/aethra.c
${CMAKE_CURRENT_SOURCE_DIR}/ascendtext.c
@ -39,8 +44,6 @@ set(WIRETAP_NONGENERATED_FILES
${CMAKE_CURRENT_SOURCE_DIR}/dct3trace.c
${CMAKE_CURRENT_SOURCE_DIR}/erf.c
${CMAKE_CURRENT_SOURCE_DIR}/eyesdn.c
${CMAKE_CURRENT_SOURCE_DIR}/file_access.c
${CMAKE_CURRENT_SOURCE_DIR}/file_wrappers.c
${CMAKE_CURRENT_SOURCE_DIR}/hcidump.c
${CMAKE_CURRENT_SOURCE_DIR}/i4btrace.c
${CMAKE_CURRENT_SOURCE_DIR}/ipfix.c
@ -53,7 +56,6 @@ set(WIRETAP_NONGENERATED_FILES
${CMAKE_CURRENT_SOURCE_DIR}/log3gpp.c
${CMAKE_CURRENT_SOURCE_DIR}/logcat.c
${CMAKE_CURRENT_SOURCE_DIR}/logcat_text.c
${CMAKE_CURRENT_SOURCE_DIR}/merge.c
${CMAKE_CURRENT_SOURCE_DIR}/mp4.c
${CMAKE_CURRENT_SOURCE_DIR}/mpeg.c
${CMAKE_CURRENT_SOURCE_DIR}/mplog.c
@ -84,17 +86,42 @@ set(WIRETAP_NONGENERATED_FILES
${CMAKE_CURRENT_SOURCE_DIR}/visual.c
${CMAKE_CURRENT_SOURCE_DIR}/vms.c
${CMAKE_CURRENT_SOURCE_DIR}/vwr.c
)
set(WIRETAP_LEX_MODULE_FILES
${CMAKE_CURRENT_SOURCE_DIR}/k12text.l
)
#
# Files to scan for registration routines.
#
set(WIRETAP_MODULE_FILES
${WIRETAP_C_MODULE_FILES}
${WIRETAP_LEX_MODULE_FILES}
)
#
# C source files that aren't generated.
#
set(WIRETAP_NONGENERATED_C_FILES
${WIRETAP_C_MODULE_FILES}
${CMAKE_CURRENT_SOURCE_DIR}/file_access.c
${CMAKE_CURRENT_SOURCE_DIR}/file_wrappers.c
${CMAKE_CURRENT_SOURCE_DIR}/merge.c
${CMAKE_CURRENT_SOURCE_DIR}/wtap.c
${CMAKE_CURRENT_SOURCE_DIR}/wtap_opttypes.c
)
set(WIRETAP_FILES ${WIRETAP_NONGENERATED_FILES} wtap_modules.c)
#
# All C files to compile.
#
set(WIRETAP_FILES ${WIRETAP_NONGENERATED_C_FILES} wtap_modules.c)
add_lex_files(LEX_FILES WIRETAP_FILES
${WIRETAP_LEX_MODULE_FILES}
${CMAKE_CURRENT_SOURCE_DIR}/ascend_scanner.l
${CMAKE_CURRENT_SOURCE_DIR}/busmaster_scanner.l
${CMAKE_CURRENT_SOURCE_DIR}/candump_scanner.l
${CMAKE_CURRENT_SOURCE_DIR}/k12text.l
)
add_lemon_files(LEMON_FILES WIRETAP_FILES
@ -109,7 +136,7 @@ add_lemon_files(LEMON_FILES WIRETAP_FILES
#
file(GENERATE
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/wtap_modules.in.txt"
CONTENT "$<JOIN:${WIRETAP_NONGENERATED_FILES},\n>\n"
CONTENT "$<JOIN:${WIRETAP_MODULE_FILES},\n>\n"
)
add_custom_command(
OUTPUT wtap_modules.c

19
wiretap/aethra.c
View File

@ -109,6 +109,10 @@ static gboolean aethra_seek_read(wtap *wth, gint64 seek_off,
static gboolean aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr,
wtap_rec *rec, int *err, gchar **err_info);
static int aethra_file_type_subtype = -1;
void register_aethra(void);
wtap_open_return_val aethra_open(wtap *wth, int *err, gchar **err_info)
{
struct aethra_hdr hdr;
@ -130,7 +134,7 @@ wtap_open_return_val aethra_open(wtap *wth, int *err, gchar **err_info)
if (!wtap_read_bytes(wth->fh, (char *)&hdr + sizeof hdr.magic,
sizeof hdr - sizeof hdr.magic, err, err_info))
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_AETHRA;
wth->file_type_subtype = aethra_file_type_subtype;
aethra = g_new(aethra_t, 1);
wth->priv = (void *)aethra;
wth->subtype_read = aethra_read;
@ -337,6 +341,19 @@ aethra_read_rec_header(wtap *wth, FILE_T fh, struct aethrarec_hdr *hdr,
return TRUE;
}
static const struct file_type_subtype_info aethra_info = {
"Aethra .aps file", "aethra", "aps", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_aethra(void)
{
aethra_file_type_subtype =
wtap_register_file_type_subtypes(&aethra_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/ascendtext.c
View File

@ -83,6 +83,10 @@ static gboolean ascend_seek_read(wtap *wth, gint64 seek_off,
wtap_rec *rec, Buffer *buf,
int *err, gchar **err_info);
static int ascend_file_type_subtype = -1;
void register_ascend(void);
/* Seeks to the beginning of the next packet, and returns the
byte offset at which the header for that packet begins.
Returns -1 on failure. */
@ -261,7 +265,7 @@ wtap_open_return_val ascend_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_NOT_MINE;
}
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_ASCEND;
wth->file_type_subtype = ascend_file_type_subtype;
wth->file_encap = WTAP_ENCAP_ASCEND;
wth->snapshot_length = ASCEND_MAX_PKT_LEN;
@ -452,3 +456,15 @@ static gboolean ascend_seek_read(wtap *wth, gint64 seek_off,
}
return TRUE;
}
static const struct file_type_subtype_info ascend_info = {
"Lucent/Ascend access server trace", "ascend", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_ascend(void)
{
ascend_file_type_subtype = wtap_register_file_type_subtypes(&ascend_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}

22
wiretap/btsnoop.c
View File

@ -71,6 +71,10 @@ static gboolean btsnoop_seek_read(wtap *wth, gint64 seek_off,
static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
static int btsnoop_file_type_subtype = -1;
void register_btsnoop(void);
wtap_open_return_val btsnoop_open(wtap *wth, int *err, gchar **err_info)
{
char magic[sizeof btsnoop_magic];
@ -137,7 +141,7 @@ wtap_open_return_val btsnoop_open(wtap *wth, int *err, gchar **err_info)
wth->file_encap = file_encap;
wth->snapshot_length = 0; /* not available in header */
wth->file_tsprec = WTAP_TSPREC_USEC;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_BTSNOOP;
wth->file_type_subtype = btsnoop_file_type_subtype;
/*
* Add an IDB; we don't know how many interfaces were
@ -236,7 +240,7 @@ static gboolean btsnoop_read_record(wtap *wth, FILE_T fh,
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
int btsnoop_dump_can_write_encap(int encap)
static int btsnoop_dump_can_write_encap(int encap)
{
/* Per-packet encapsulations aren't supported. */
if (encap == WTAP_ENCAP_PER_PACKET)
@ -372,7 +376,7 @@ static gboolean btsnoop_dump(wtap_dumper *wdh,
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure */
gboolean btsnoop_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
static gboolean btsnoop_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
struct btsnoop_hdr file_hdr;
guint32 datalink;
@ -422,6 +426,18 @@ gboolean btsnoop_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
return TRUE;
}
static const struct file_type_subtype_info btsnoop_info = {
"Symbian OS btsnoop", "btsnoop", "log", NULL,
FALSE, FALSE, 0,
btsnoop_dump_can_write_encap, btsnoop_dump_open, NULL
};
void register_btsnoop(void)
{
btsnoop_file_type_subtype = wtap_register_file_type_subtypes(&btsnoop_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

2
wiretap/btsnoop.h
View File

@ -12,7 +12,5 @@
#include "ws_symbol_export.h"
wtap_open_return_val btsnoop_open(wtap *wth, int *err, gchar **err_info);
gboolean btsnoop_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int btsnoop_dump_can_write_encap(int encap);
#endif

17
wiretap/camins.c
View File

@ -107,6 +107,10 @@ typedef enum {
#define DVB_CI_PSEUDO_HDR_HOST_TO_CAM 0xFE
static int camins_file_type_subtype = -1;
void register_camins(void);
/* Detect a camins file by looking at the blocks that access the 16bit
size register. The matching blocks to access the upper and lower 8bit
must be no further than 5 blocks apart.
@ -433,7 +437,7 @@ wtap_open_return_val camins_open(wtap *wth, int *err, gchar **err_info _U_)
wth->subtype_read = camins_read;
wth->subtype_seek_read = camins_seek_read;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_CAMINS;
wth->file_type_subtype = camins_file_type_subtype;
*err = 0;
@ -448,6 +452,17 @@ wtap_open_return_val camins_open(wtap *wth, int *err, gchar **err_info _U_)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info camins_info = {
"CAM Inspector file", "camins", "camins", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_camins(void)
{
camins_file_type_subtype = wtap_register_file_type_subtypes(&camins_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html

31
wiretap/capsa.c
View File

@ -113,6 +113,11 @@ static gboolean capsa_seek_read(wtap *wth, gint64 seek_off,
static int capsa_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info);
static int capsa_file_type_subtype = -1;
static int packet_builder_file_type_subtype = -1;
void register_capsa(void);
wtap_open_return_val capsa_open(wtap *wth, int *err, gchar **err_info)
{
char magic[sizeof capsa_magic];
@ -144,11 +149,11 @@ wtap_open_return_val capsa_open(wtap *wth, int *err, gchar **err_info)
switch (format_indicator) {
case 1: /* Capsa */
file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_COLASOFT_CAPSA;
file_type_subtype = capsa_file_type_subtype;
break;
case 2: /* Packet Builder */
file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_COLASOFT_PACKET_BUILDER;
file_type_subtype = packet_builder_file_type_subtype;
break;
default:
@ -429,6 +434,28 @@ capsa_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec,
return rec_size - (header_size + packet_size);
}
static const struct file_type_subtype_info capsa_info = {
"Colasoft Capsa format", "capsa", "cscpkt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
static const struct file_type_subtype_info packet_builder_info = {
"Colasoft Packet Builder format", "colasoft-pb", "cscpkt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_capsa(void)
{
capsa_file_type_subtype =
wtap_register_file_type_subtypes(&capsa_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
packet_builder_file_type_subtype =
wtap_register_file_type_subtypes(&packet_builder_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

23
wiretap/catapult_dct2000.c
View File

@ -146,6 +146,9 @@ static guint packet_offset_hash_func(gconstpointer v);
static gboolean get_file_time_stamp(gchar *linebuff, time_t *secs, guint32 *usecs);
static gboolean free_line_prefix_info(gpointer key, gpointer value, gpointer user_data);
static int dct2000_file_type_subtype = -1;
void register_dct2000(void);
/********************************************/
@ -239,7 +242,7 @@ catapult_dct2000_open(wtap *wth, int *err, gchar **err_info)
/* File is for us. Fill in details so packets can be read */
/* Set our file type */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_CATAPULT_DCT2000;
wth->file_type_subtype = dct2000_file_type_subtype;
/* Use our own encapsulation to send all packets to our stub dissector */
wth->file_encap = WTAP_ENCAP_CATAPULT_DCT2000;
@ -541,7 +544,7 @@ typedef struct {
/* The file that we are writing to has been opened. */
/* Set other dump callbacks. */
/*****************************************************/
gboolean
static gboolean
catapult_dct2000_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_)
{
/* Fill in other dump callbacks */
@ -554,7 +557,7 @@ catapult_dct2000_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_)
/* Respond to queries about which encap types we support */
/* writing to. */
/*********************************************************/
int
static int
catapult_dct2000_dump_can_write_encap(int encap)
{
switch (encap) {
@ -1648,6 +1651,20 @@ free_line_prefix_info(gpointer key, gpointer value,
return TRUE;
}
static const struct file_type_subtype_info dct2000_info = {
"Catapult DCT2000 trace (.out format)", "dct2000", "out", NULL,
FALSE, FALSE, 0,
catapult_dct2000_dump_can_write_encap, catapult_dct2000_dump_open, NULL
};
void register_dct2000(void)
{
dct2000_file_type_subtype =
wtap_register_file_type_subtypes(&dct2000_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

2
wiretap/catapult_dct2000.h
View File

@ -13,8 +13,6 @@
#include "ws_symbol_export.h"
wtap_open_return_val catapult_dct2000_open(wtap *wth, int *err, gchar **err_info);
gboolean catapult_dct2000_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int catapult_dct2000_dump_can_write_encap(int encap);
#define DCT2000_ENCAP_UNHANDLED 0
#define DCT2000_ENCAP_SSCOP 101

19
wiretap/commview.c
View File

@ -89,6 +89,10 @@ static gboolean commview_read_header(commview_header_t *cv_hdr, FILE_T fh,
static gboolean commview_dump(wtap_dumper *wdh, const wtap_rec *rec,
const guint8 *pd, int *err, gchar **err_info);
static int commview_file_type_subtype = -1;
void register_commview(void);
wtap_open_return_val commview_open(wtap *wth, int *err, gchar **err_info)
{
commview_header_t cv_hdr;
@ -122,7 +126,7 @@ wtap_open_return_val commview_open(wtap *wth, int *err, gchar **err_info)
wth->subtype_read = commview_read;
wth->subtype_seek_read = commview_seek_read;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_COMMVIEW;
wth->file_type_subtype = commview_file_type_subtype;
wth->file_encap = WTAP_ENCAP_PER_PACKET;
wth->file_tsprec = WTAP_TSPREC_USEC;
@ -596,6 +600,19 @@ static gboolean commview_dump(wtap_dumper *wdh,
return TRUE;
}
static const struct file_type_subtype_info commview_info = {
"TamoSoft CommView", "commview", "ncf", NULL,
FALSE, FALSE, 0,
commview_dump_can_write_encap, commview_dump_open, NULL
};
void register_commview(void)
{
commview_file_type_subtype =
wtap_register_file_type_subtypes(&commview_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/cosine.c
View File

@ -158,6 +158,10 @@ static int parse_cosine_packet(FILE_T fh, wtap_rec *rec, Buffer* buf,
static int parse_single_hex_dump_line(char* rec, guint8 *buf,
guint byte_offset);
static int cosine_file_type_subtype = -1;
void register_cosine(void);
/* Returns TRUE if the line appears to be an empty line. Otherwise it
returns FALSE. */
static gboolean empty_line(const gchar *line)
@ -256,7 +260,7 @@ wtap_open_return_val cosine_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
wth->file_encap = WTAP_ENCAP_COSINE;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_COSINE;
wth->file_type_subtype = cosine_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = cosine_read;
wth->subtype_seek_read = cosine_seek_read;
@ -484,6 +488,19 @@ parse_single_hex_dump_line(char* rec, guint8 *buf, guint byte_offset)
return num_items_scanned;
}
static const struct file_type_subtype_info cosine_info = {
"CoSine IPSX L2 capture", "cosine", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_cosine(void)
{
cosine_file_type_subtype =
wtap_register_file_type_subtypes(&cosine_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/csids.c
View File

@ -43,6 +43,10 @@ struct csids_header {
guint16 caplen; /* the capture length */
};
static int csids_file_type_subtype = -1;
void register_csids(void);
wtap_open_return_val csids_open(wtap *wth, int *err, gchar **err_info)
{
/* There is no file header. There is only a header for each packet
@ -113,7 +117,7 @@ wtap_open_return_val csids_open(wtap *wth, int *err, gchar **err_info)
wth->priv = (void *)csids;
csids->byteswapped = byteswap;
wth->file_encap = WTAP_ENCAP_RAW_IP;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_CSIDS;
wth->file_type_subtype = csids_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = csids_read;
wth->subtype_seek_read = csids_seek_read;
@ -205,6 +209,18 @@ csids_read_packet(FILE_T fh, csids_t *csids, wtap_rec *rec,
return TRUE;
}
static const struct file_type_subtype_info csids_info = {
"CSIDS IPLog", "csids", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_csids(void)
{
csids_file_type_subtype = wtap_register_file_type_subtypes(&csids_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/daintree-sna.c
View File

@ -67,6 +67,10 @@ static gboolean daintree_sna_seek_read(wtap *wth, gint64 seek_off,
static gboolean daintree_sna_read_packet(FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info);
static int daintree_sna_file_type_subtype = -1;
void register_daintree_sna(void);
/* Open a file and determine if it's a Daintree file */
wtap_open_return_val daintree_sna_open(wtap *wth, int *err, gchar **err_info)
{
@ -99,7 +103,7 @@ wtap_open_return_val daintree_sna_open(wtap *wth, int *err, gchar **err_info)
wth->subtype_seek_read = daintree_sna_seek_read;
/* set up for file type */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_DAINTREE_SNA;
wth->file_type_subtype = daintree_sna_file_type_subtype;
wth->file_encap = WTAP_ENCAP_IEEE802_15_4_NOFCS;
wth->file_tsprec = WTAP_TSPREC_USEC;
wth->snapshot_length = 0; /* not available in header */
@ -250,6 +254,19 @@ daintree_sna_read_packet(FILE_T fh, wtap_rec *rec, Buffer *buf,
return TRUE;
}
static const struct file_type_subtype_info daintree_sna_info = {
"Daintree SNA", "dsna", "dcf", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_daintree_sna(void)
{
daintree_sna_file_type_subtype =
wtap_register_file_type_subtypes(&daintree_sna_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/dbs-etherwatch.c
View File

@ -80,6 +80,10 @@ static guint parse_single_hex_dump_line(char* rec, guint8 *buf,
int byte_offset);
static guint parse_hex_dump(char* dump, guint8 *buf, char separator, char end);
static int dbs_etherwatch_file_type_subtype = -1;
void register_dbs_etherwatch(void);
/* Seeks to the beginning of the next packet, and returns the
byte offset. Returns -1 on failure, and sets "*err" to the error
and "*err_info" to null or an additional error string. */
@ -172,7 +176,7 @@ wtap_open_return_val dbs_etherwatch_open(wtap *wth, int *err, gchar **err_info)
}
wth->file_encap = WTAP_ENCAP_ETHERNET;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_DBS_ETHERWATCH;
wth->file_type_subtype = dbs_etherwatch_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = dbs_etherwatch_read;
wth->subtype_seek_read = dbs_etherwatch_seek_read;
@ -626,6 +630,18 @@ parse_hex_dump(char* dump, guint8 *buf, char separator, char end) {
return count;
}
static const struct file_type_subtype_info dbs_etherwatch_info = {
"DBS Etherwatch (VMS)", "etherwatch", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_dbs_etherwatch(void)
{
dbs_etherwatch_file_type_subtype = wtap_register_file_type_subtypes(&dbs_etherwatch_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/dct3trace.c
View File

@ -65,6 +65,10 @@ static gboolean dct3trace_read(wtap *wth, wtap_rec *rec,
static gboolean dct3trace_seek_read(wtap *wth, gint64 seek_off,
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
static int dct3trace_file_type_subtype = -1;
void register_dct3trace(void);
/*
* Following 3 functions taken from gsmdecode-0.7bis, with permission:
*
@ -204,7 +208,7 @@ wtap_open_return_val dct3trace_open(wtap *wth, int *err, gchar **err_info)
}
wth->file_encap = WTAP_ENCAP_GSM_UM;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_DCT3TRACE;
wth->file_type_subtype = dct3trace_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = dct3trace_read;
wth->subtype_seek_read = dct3trace_seek_read;
@ -398,6 +402,19 @@ static gboolean dct3trace_seek_read(wtap *wth, gint64 seek_off,
return dct3trace_get_packet(wth->random_fh, rec, buf, err, err_info);
}
static const struct file_type_subtype_info dct3trace_info = {
"Gammu DCT3 trace", "dct3trace", "xml", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_dct3trace(void)
{
dct3trace_file_type_subtype =
wtap_register_file_type_subtypes(&dct3trace_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

32
wiretap/dpa400.c
View File

@ -32,6 +32,10 @@ struct dpa400_header {
guint8 sb2;
};
static int dpa400_file_type_subtype = -1;
void register_dpa400(void);
static gboolean dpa400_read_header(FILE_T fh, struct dpa400_header *hdr, int *err, gchar **err_info)
{
if (!wtap_read_bytes_or_eof(fh, hdr, sizeof(struct dpa400_header), err, err_info))
@ -224,7 +228,7 @@ wtap_open_return_val dpa400_open(wtap *wth, int *err, gchar **err_info)
if (memcmp(magic, dpa_magic, sizeof(dpa_magic)))
return WTAP_OPEN_NOT_MINE;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_DPA400;
wth->file_type_subtype = dpa400_file_type_subtype;
wth->file_encap = WTAP_ENCAP_DPAUXMON;
wth->file_tsprec = WTAP_TSPREC_USEC;
wth->subtype_read = dpa400_read;
@ -241,3 +245,29 @@ wtap_open_return_val dpa400_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info dpa400_info = {
"Unigraf DPA-400 capture", "dpa400", "bin", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_dpa400(void)
{
dpa400_file_type_subtype =
wtap_register_file_type_subtypes(&dpa400_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 8
* tab-width: 8
* indent-tabs-mode: t
* End:
*
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
* :indentSize=8:tabSize=8:noTabs=false:
*/

23
wiretap/eyesdn.c
View File

@ -15,6 +15,10 @@
#include <string.h>
#include <errno.h>
static int eyesdn_file_type_subtype = -1;
void register_eyesdn(void);
/* This module reads the output of the EyeSDN USB S0/E1 ISDN probes
* They store HDLC frames of D and B channels in a binary format
* The fileformat is
@ -130,7 +134,7 @@ wtap_open_return_val eyesdn_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_NOT_MINE;
wth->file_encap = WTAP_ENCAP_PER_PACKET;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_EYESDN;
wth->file_type_subtype = eyesdn_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = eyesdn_read;
wth->subtype_seek_read = eyesdn_seek_read;
@ -338,7 +342,7 @@ static gboolean eyesdn_dump(wtap_dumper *wdh,
const wtap_rec *rec,
const guint8 *pd, int *err, gchar **err_info);
gboolean eyesdn_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
static gboolean eyesdn_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
wdh->subtype_write=eyesdn_dump;
@ -350,7 +354,7 @@ gboolean eyesdn_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
return TRUE;
}
int eyesdn_dump_can_write_encap(int encap)
static int eyesdn_dump_can_write_encap(int encap)
{
switch (encap) {
case WTAP_ENCAP_ISDN:
@ -472,6 +476,19 @@ static gboolean eyesdn_dump(wtap_dumper *wdh,
return TRUE;
}
static const struct file_type_subtype_info eyesdn_info = {
"EyeSDN USB S0/E1 ISDN trace format", "eyesdn", "trc", NULL,
FALSE, FALSE, 0,
eyesdn_dump_can_write_encap, eyesdn_dump_open, NULL
};
void register_eyesdn(void)
{
eyesdn_file_type_subtype =
wtap_register_file_type_subtypes(&eyesdn_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

3
wiretap/eyesdn.h
View File

@ -28,7 +28,4 @@ enum EyeSDN_TYPES {
EYESDN_ENCAP_V5_EF
};
gboolean eyesdn_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int eyesdn_dump_can_write_encap(int encap);
#endif

365
wiretap/file_access.c
View File

@ -1267,11 +1267,6 @@ static const struct file_type_subtype_info dump_open_table_base[] = {
FALSE, FALSE, 0,
libpcap_dump_can_write_encap, libpcap_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_5VIEWS */
{ "InfoVista 5View capture", "5views", "5vw", NULL,
TRUE, FALSE, 0,
_5views_dump_can_write_encap, _5views_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_IPTRACE_1_0 */
{ "AIX iptrace 1.0", "iptrace_1", NULL, NULL,
FALSE, FALSE, 0,
@ -1287,373 +1282,13 @@ static const struct file_type_subtype_info dump_open_table_base[] = {
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_HCIDUMP */
{ "Bluetooth HCI dump", "hcidump", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_CATAPULT_DCT2000 */
{ "Catapult DCT2000 trace (.out format)", "dct2000", "out", NULL,
FALSE, FALSE, 0,
catapult_dct2000_dump_can_write_encap, catapult_dct2000_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD */
{ "Cinco Networks NetXRay 1.x", "netxray1", "cap", NULL,
TRUE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0 */
{ "Cinco Networks NetXRay 2.0 or later", "netxray2", "cap", NULL,
TRUE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_COSINE */
{ "CoSine IPSX L2 capture", "cosine", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_CSIDS */
{ "CSIDS IPLog", "csids", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_DBS_ETHERWATCH */
{ "DBS Etherwatch (VMS)", "etherwatch", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_ERF */
{ "Endace ERF capture", "erf", "erf", NULL,
FALSE, TRUE, WTAP_COMMENT_PER_SECTION|WTAP_COMMENT_PER_INTERFACE|WTAP_COMMENT_PER_PACKET,
erf_dump_can_write_encap, erf_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_EYESDN */
{ "EyeSDN USB S0/E1 ISDN trace format", "eyesdn", "trc", NULL,
FALSE, FALSE, 0,
eyesdn_dump_can_write_encap, eyesdn_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETTL */
{ "HP-UX nettl trace", "nettl", "trc0", "trc1",
FALSE, FALSE, 0,
nettl_dump_can_write_encap, nettl_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_ISERIES */
{ "IBM iSeries comm. trace (ASCII)", "iseries_ascii", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_ISERIES_UNICODE */
{ "IBM iSeries comm. trace (Unicode)", "iseries_unicode", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_I4BTRACE */
{ "I4B ISDN trace", "i4btrace", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_ASCEND */
{ "Lucent/Ascend access server trace", "ascend", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x */
{ "Microsoft NetMon 1.x", "netmon1", "cap", NULL,
TRUE, FALSE, 0,
netmon_dump_can_write_encap_1_x, netmon_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x */
{ "Microsoft NetMon 2.x", "netmon2", "cap", NULL,
TRUE, FALSE, 0,
netmon_dump_can_write_encap_2_x, netmon_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED */
{ "Sniffer (DOS)", "ngsniffer", "cap", "enc;trc;fdc;syc",
FALSE, FALSE, 0,
ngsniffer_dump_can_write_encap, ngsniffer_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_COMPRESSED */
{ "Sniffer (DOS), compressed", "ngsniffer_comp", "cap", "enc;trc;fdc;syc",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1 */
{ "NetXray, Sniffer (Windows) 1.1", "ngwsniffer_1_1", "cap", NULL,
TRUE, FALSE, 0,
netxray_dump_can_write_encap_1_1, netxray_dump_open_1_1, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x */
{ "Sniffer (Windows) 2.00x", "ngwsniffer_2_0", "cap", "caz",
TRUE, FALSE, 0,
netxray_dump_can_write_encap_2_0, netxray_dump_open_2_0, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETWORK_INSTRUMENTS */
{ "Network Instruments Observer", "niobserver", "bfr", NULL,
FALSE, FALSE, 0,
network_instruments_dump_can_write_encap, network_instruments_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LANALYZER */
{ "Novell LANalyzer","lanalyzer", "tr1", NULL,
TRUE, FALSE, 0,
lanalyzer_dump_can_write_encap, lanalyzer_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_PPPDUMP */
{ "pppd log (pppdump format)", "pppd", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_RADCOM */
{ "RADCOM WAN/LAN analyzer", "radcom", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_SNOOP */
{ "Sun snoop", "snoop", "snoop", "cap",
FALSE, FALSE, 0,
snoop_dump_can_write_encap, snoop_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_SHOMITI */
{ "Shomiti/Finisar Surveyor", "shomiti", "cap", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_VMS */
{ "TCPIPtrace (VMS)", "tcpiptrace", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_K12 */
{ "Tektronix K12xx 32-bit .rf5 format", "rf5", "rf5", NULL,
TRUE, FALSE, 0,
k12_dump_can_write_encap, k12_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_TOSHIBA */
{ "Toshiba Compact ISDN Router snoop", "toshiba", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_VISUAL_NETWORKS */
{ "Visual Networks traffic capture", "visual", NULL, NULL,
TRUE, FALSE, 0,
visual_dump_can_write_encap, visual_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V56 */
{ "Savvius classic (V5 and V6)", "peekclassic56", "pkt", "tpc;apc;wpz",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V7 */
{ "Savvius classic (V7)", "peekclassic7", "pkt", "tpc;apc;wpz",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_PEEKTAGGED */
{ "Savvius tagged", "peektagged", "pkt", "tpc;apc;wpz",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_MPEG */
{ "MPEG", "mpeg", "mpeg", "mpg;mp3",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_K12TEXT */
{ "K12 text file", "k12text", "txt", NULL,
FALSE, FALSE, 0,
k12text_dump_can_write_encap, k12text_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETSCREEN */
{ "NetScreen snoop text file", "netscreen", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_COMMVIEW */
{ "TamoSoft CommView", "commview", "ncf", NULL,
FALSE, FALSE, 0,
commview_dump_can_write_encap, commview_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_BTSNOOP */
{ "Symbian OS btsnoop", "btsnoop", "log", NULL,
FALSE, FALSE, 0,
btsnoop_dump_can_write_encap, btsnoop_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_TNEF */
{ "Transport-Neutral Encapsulation Format", "tnef", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_DCT3TRACE */
{ "Gammu DCT3 trace", "dct3trace", "xml", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_PACKETLOGGER */
{ "macOS PacketLogger", "pklg", "pklg", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_DAINTREE_SNA */
{ "Daintree SNA", "dsna", "dcf", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0 */
{ "NetScaler Trace (Version 1.0)", "nstrace10", NULL, NULL,
TRUE, FALSE, 0,
nstrace_10_dump_can_write_encap, nstrace_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0 */
{ "NetScaler Trace (Version 2.0)", "nstrace20", "cap", NULL,
TRUE, FALSE, 0,
nstrace_20_dump_can_write_encap, nstrace_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_JPEG_JFIF */
{ "JPEG/JFIF", "jpeg", "jpg", "jpeg;jfif",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_IPFIX */
{ "IPFIX File Format", "ipfix", "pfx", "ipfix",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_MIME */
{ "MIME File Format", "mime", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_AETHRA */
{ "Aethra .aps file", "aethra", "aps", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_MPEG_2_TS */
{ "MPEG2 transport stream", "mp2t", "mp2t", "ts;mpg",
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_VWR_80211 */
{ "Ixia IxVeriWave .vwr Raw 802.11 Capture", "vwr80211", "vwr", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_VWR_ETH */
{ "Ixia IxVeriWave .vwr Raw Ethernet Capture", "vwreth", "vwr", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_CAMINS */
{ "CAM Inspector file", "camins", "camins", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_STANAG_4607 */
{ "STANAG 4607 Format", "stanag4607", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0 */
{ "NetScaler Trace (Version 3.0)", "nstrace30", "cap", NULL,
TRUE, FALSE, 0,
nstrace_30_dump_can_write_encap, nstrace_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT */
{ "Android Logcat Binary format", "logcat", "logcat", NULL,
FALSE, FALSE, 0,
logcat_dump_can_write_encap, logcat_binary_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_BRIEF */
{ "Android Logcat Brief text format", "logcat-brief", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_brief_dump_can_write_encap, logcat_text_brief_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_PROCESS */
{ "Android Logcat Process text format", "logcat-process", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_process_dump_can_write_encap, logcat_text_process_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TAG */
{ "Android Logcat Tag text format", "logcat-tag", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_tag_dump_can_write_encap, logcat_text_tag_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREAD */
{ "Android Logcat Thread text format", "logcat-thread", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_thread_dump_can_write_encap, logcat_text_thread_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TIME */
{ "Android Logcat Time text format", "logcat-time", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_time_dump_can_write_encap, logcat_text_time_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREADTIME */
{ "Android Logcat Threadtime text format", "logcat-threadtime", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_threadtime_dump_can_write_encap, logcat_text_threadtime_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG */
{ "Android Logcat Long text format", "logcat-long", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_long_dump_can_write_encap, logcat_text_long_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_COLASOFT_CAPSA */
{ "Colasoft Capsa format", "capsa", "cscpkt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_COLASOFT_PACKET_BUILDER */
{ "Colasoft Packet Builder format", "colasoft-pb", "cscpkt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_JSON */
{ "JavaScript Object Notation", "json", "json", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 */
{ "NetScaler Trace (Version 3.5)", "nstrace35", "cap", NULL,
TRUE, FALSE, 0,
nstrace_35_dump_can_write_encap, nstrace_dump_open, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 */
{ "3GPP TS 32.423 Trace", "3gpp32423", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_MPLOG */
{ "Micropross mplog", "mplog", "mplog", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_DPA400 */
{ "Unigraf DPA-400 capture", "dpa400", "bin", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_RFC7468 */
{ "RFC 7468 files", "rfc7468", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_RUBY_MARSHAL */
{ "Ruby marshal files", "ruby_marshal", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL */
{ "systemd journal export", "systemd_journal", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_LOG_3GPP */
{ "3GPP Log", "3gpp_log", "*.log", NULL,
TRUE, FALSE, 0,
NULL, NULL, NULL },
/* WTAP_FILE_TYPE_SUBTYPE_MP4 */
{ "MP4 media", "mp4", "mp4", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL }
};

20
wiretap/hcidump.c
View File

@ -11,6 +11,10 @@
#include "file_wrappers.h"
#include "hcidump.h"
static int hcidump_file_type_subtype = -1;
void register_hcidump(void);
struct dump_hdr {
guint16 len;
guint8 in;
@ -98,7 +102,7 @@ wtap_open_return_val hcidump_open(wtap *wth, int *err, gchar **err_info)
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_HCIDUMP;
wth->file_type_subtype = hcidump_file_type_subtype;
wth->file_encap = WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR;
wth->snapshot_length = 0;
@ -117,6 +121,20 @@ wtap_open_return_val hcidump_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info hcidump_info = {
"Bluetooth HCI dump", "hcidump", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_hcidump(void)
{
hcidump_file_type_subtype =
wtap_register_file_type_subtypes(&hcidump_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/i4btrace.c
View File

@ -27,6 +27,10 @@ static gboolean i4btrace_seek_read(wtap *wth, gint64 seek_off,
static int i4b_read_rec(wtap *wth, FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info);
static int i4btrace_file_type_subtype = -1;
void register_i4btrace(void);
/*
* Byte-swap the header.
*/
@ -154,7 +158,7 @@ wtap_open_return_val i4btrace_open(wtap *wth, int *err, gchar **err_info)
/* Get capture start time */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_I4BTRACE;
wth->file_type_subtype = i4btrace_file_type_subtype;
i4btrace = g_new(i4btrace_t, 1);
wth->priv = (void *)i4btrace;
wth->subtype_read = i4btrace_read;
@ -293,6 +297,19 @@ i4b_read_rec(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
return wtap_read_packet_bytes(fh, buf, length, err, err_info);
}
static const struct file_type_subtype_info i4btrace_info = {
"I4B ISDN trace", "i4btrace", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_i4btrace(void)
{
i4btrace_file_type_subtype =
wtap_register_file_type_subtypes(&i4btrace_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/ipfix.c
View File

@ -94,6 +94,10 @@ typedef struct ipfix_set_header_s {
#define IPFIX_SET_HDR_SIZE 4
static int ipfix_file_type_subtype = -1;
void register_ipfix(void);
/* Read IPFIX message header from file. Return true on success. Set *err to
* 0 on EOF, any other value for "real" errors (EOF is ok, since return
* value is still FALSE)
@ -269,7 +273,7 @@ ipfix_open(wtap *wth, int *err, gchar **err_info)
wth->file_tsprec = WTAP_TSPREC_SEC;
wth->subtype_read = ipfix_read;
wth->subtype_seek_read = ipfix_seek_read;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_IPFIX;
wth->file_type_subtype = ipfix_file_type_subtype;
/*
* Add an IDB; we don't know how many interfaces were
@ -324,6 +328,18 @@ ipfix_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec,
return TRUE;
}
static const struct file_type_subtype_info ipfix_info = {
"IPFIX File Format", "ipfix", "pfx", "ipfix",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_ipfix(void)
{
ipfix_file_type_subtype = wtap_register_file_type_subtypes(&ipfix_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

29
wiretap/iseries.c
View File

@ -194,6 +194,11 @@ static int iseries_UNICODE_to_ASCII (guint8 * buf, guint bytes);
static gboolean iseries_parse_hex_string (const char * ascii, guint8 * buf,
size_t len);
static int iseries_file_type_subtype = -1;
static int iseries_unicode_file_type_subtype = -1;
void register_iseries(void);
/*
* XXX - it would probably be cleaner to use a UCS-2 flavor of file_gets(),
* rather than file_gets(), if we're reading a UCS-2 file.
@ -240,7 +245,7 @@ iseries_open (wtap * wth, int *err, gchar ** err_info)
}
wth->file_encap = WTAP_ENCAP_ETHERNET;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_ISERIES_UNICODE;
wth->file_type_subtype = iseries_unicode_file_type_subtype;
wth->snapshot_length = 0;
wth->subtype_read = iseries_read;
wth->subtype_seek_read = iseries_seek_read;
@ -289,7 +294,7 @@ iseries_open (wtap * wth, int *err, gchar ** err_info)
}
wth->file_encap = WTAP_ENCAP_ETHERNET;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_ISERIES;
wth->file_type_subtype = iseries_file_type_subtype;
wth->snapshot_length = 0;
wth->subtype_read = iseries_read;
wth->subtype_seek_read = iseries_seek_read;
@ -1047,6 +1052,26 @@ iseries_parse_hex_string (const char * ascii, guint8 * buf, size_t len)
return TRUE;
}
static const struct file_type_subtype_info iseries_info = {
"IBM iSeries comm. trace (ASCII)", "iseries_ascii", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
static const struct file_type_subtype_info iseries_unicode_info = {
"IBM iSeries comm. trace (Unicode)", "iseries_unicode", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_iseries(void)
{
iseries_file_type_subtype = wtap_register_file_type_subtypes(&iseries_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
iseries_unicode_file_type_subtype = wtap_register_file_type_subtypes(&iseries_unicode_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/json.c
View File

@ -18,6 +18,10 @@
/* Maximum size of json file. */
#define MAX_FILE_SIZE (50*1024*1024)
static int json_file_type_subtype = -1;
void register_json(void);
wtap_open_return_val json_open(wtap *wth, int *err, gchar **err_info)
{
guint8* filebuf;
@ -52,7 +56,7 @@ wtap_open_return_val json_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
}
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_JSON;
wth->file_type_subtype = json_file_type_subtype;
wth->file_encap = WTAP_ENCAP_JSON;
wth->file_tsprec = WTAP_TSPREC_SEC;
wth->subtype_read = wtap_full_file_read;
@ -63,6 +67,19 @@ wtap_open_return_val json_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info json_info = {
/* WTAP_FILE_TYPE_SUBTYPE_JSON */
"JavaScript Object Notation", "json", "json", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_json(void)
{
json_file_type_subtype = wtap_register_file_type_subtypes(&json_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

22
wiretap/k12.c
View File

@ -36,6 +36,10 @@
* are stored in the file.
*/
static int k12_file_type_subtype = -1;
void register_k12(void);
/* #define DEBUG_K12 */
#ifdef DEBUG_K12
#include <stdio.h>
@ -1080,7 +1084,7 @@ wtap_open_return_val k12_open(wtap *wth, int *err, gchar **err_info) {
file_data->num_of_records--;
} while(1);
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_K12;
wth->file_type_subtype = k12_file_type_subtype;
wth->file_encap = WTAP_ENCAP_K12;
wth->snapshot_length = 0;
wth->subtype_read = k12_read;
@ -1106,7 +1110,7 @@ typedef struct {
guint32 file_offset;
} k12_dump_t;
int k12_dump_can_write_encap(int encap) {
static int k12_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -1367,7 +1371,7 @@ static gboolean k12_dump_finish(wtap_dumper *wdh, int *err, gchar **err_info _U_
}
gboolean k12_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_) {
static gboolean k12_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_) {
k12_dump_t *k12;
if ( ! wtap_dump_file_write(wdh, k12_file_magic, 8, err)) {
@ -1389,6 +1393,18 @@ gboolean k12_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_) {
return TRUE;
}
static const struct file_type_subtype_info k12_info = {
"Tektronix K12xx 32-bit .rf5 format", "rf5", "rf5", NULL,
TRUE, FALSE, 0,
k12_dump_can_write_encap, k12_dump_open, NULL
};
void register_k12(void)
{
k12_file_type_subtype = wtap_register_file_type_subtypes(&k12_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

4
wiretap/k12.h
View File

@ -13,11 +13,7 @@
#include "wtap.h"
wtap_open_return_val k12_open(wtap *wth, int *err, gchar **err_info);
int k12_dump_can_write_encap(int encap);
gboolean k12_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
wtap_open_return_val k12text_open(wtap *wth, int *err, gchar **err_info);
int k12text_dump_can_write_encap(int encap);
gboolean k12text_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
#endif

22
wiretap/k12text.l
View File

@ -190,6 +190,10 @@ typedef struct {
#define k12text_realloc(ptr, size, yyscanner) (void *)realloc((char *)(ptr), (size))
#define k12text_free(ptr, yyscanner) free((char *)ptr)
static int k12text_file_type_subtype = -1;
void register_k12text(void);
%}
start_timestamp \053[\055]{9}\053[\055]{15,100}\053[\055]{10,100}\053
oneormoredigits [0-9]+:
@ -455,7 +459,7 @@ k12text_open(wtap *wth, int *err, gchar **err_info)
k12text = g_new(k12text_t, 1);
wth->priv = (void *)k12text;
k12text->next_frame_offset = 0;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_K12TEXT;
wth->file_type_subtype = k12text_file_type_subtype;
wth->file_encap = WTAP_ENCAP_PER_PACKET;
wth->snapshot_length = 0;
wth->subtype_read = k12text_read;
@ -548,7 +552,7 @@ k12text_dump(wtap_dumper *wdh, const wtap_rec *rec,
}
gboolean
static gboolean
k12text_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_)
{
wdh->subtype_write = k12text_dump;
@ -556,7 +560,7 @@ k12text_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_)
return TRUE;
}
int
static int
k12text_dump_can_write_encap(int encap)
{
switch (encap) {
@ -571,3 +575,15 @@ k12text_dump_can_write_encap(int encap)
return WTAP_ERR_UNWRITABLE_ENCAP;
}
}
static const struct file_type_subtype_info k12text_info = {
"K12 text file", "k12text", "txt", NULL,
FALSE, FALSE, 0,
k12text_dump_can_write_encap, k12text_dump_open, NULL
};
void register_k12text(void)
{
k12text_file_type_subtype = wtap_register_file_type_subtypes(&k12text_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}

18
wiretap/lanalyzer.c
View File

@ -265,6 +265,10 @@ static gboolean lanalyzer_seek_read(wtap *wth, gint64 seek_off,
static gboolean lanalyzer_dump_finish(wtap_dumper *wdh, int *err,
gchar **err_info);
static int lanalyzer_file_type_subtype = -1;
void register_lanalyzer(void);
wtap_open_return_val lanalyzer_open(wtap *wth, int *err, gchar **err_info)
{
LA_RecordHeader rec_header;
@ -452,7 +456,7 @@ done:
/* If we made it this far, then the file is a readable LANAlyzer file.
* Let's get some info from it. Note that we get wth->snapshot_length
* from a record later in the file. */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LANALYZER;
wth->file_type_subtype = lanalyzer_file_type_subtype;
lanalyzer = g_new(lanalyzer_t, 1);
lanalyzer->start = start;
wth->priv = (void *)lanalyzer;
@ -960,6 +964,18 @@ static gboolean lanalyzer_dump_finish(wtap_dumper *wdh, int *err,
return *err ? FALSE : TRUE;
}
static const struct file_type_subtype_info lanalyzer_info = {
"Novell LANalyzer","lanalyzer", "tr1", NULL,
TRUE, FALSE, 0,
lanalyzer_dump_can_write_encap, lanalyzer_dump_open, NULL
};
void register_lanalyzer(void)
{
lanalyzer_file_type_subtype = wtap_register_file_type_subtypes(&lanalyzer_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/log3gpp.c
View File

@ -86,6 +86,10 @@ static guchar hex_from_char(gchar c);
static gboolean get_file_time_stamp(gchar* linebuff, time_t *secs, guint32 *usecs);
static int log3gpp_file_type_subtype = -1;
void register_log3gpp(void);
/***************************************************************************/
/* Free log3gpp-specific capture info from file that was open for reading */
/***************************************************************************/
@ -196,7 +200,7 @@ log3gpp_open(wtap *wth, int *err, gchar **err_info _U_)
/* File is for us. Fill in details so packets can be read */
/* Set our file type */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOG_3GPP;
wth->file_type_subtype = log3gpp_file_type_subtype;
/* Use our own encapsulation to send all packets to our stub dissector */
wth->file_encap = WTAP_ENCAP_LOG_3GPP;
@ -882,6 +886,19 @@ gboolean get_file_time_stamp(gchar* linebuff, time_t *secs, guint32 *usecs)
return TRUE;
}
static const struct file_type_subtype_info log3gpp_info = {
"3GPP Log", "3gpp_log", "*.log", NULL,
TRUE, FALSE, 0,
NULL, NULL, NULL
};
void register_log3gpp(void)
{
log3gpp_file_type_subtype =
wtap_register_file_type_subtypes(&log3gpp_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
#if 0
/* Register with wtap */
void wtap_register_phonelog(void) {

22
wiretap/logcat.c
View File

@ -14,6 +14,10 @@
#include "logcat.h"
static int logcat_file_type_subtype = -1;
void register_logcat(void);
/* Returns '?' for invalid priorities */
static gchar get_priority(const guint8 priority) {
static gchar priorities[] = "??VDIWEFS";
@ -282,7 +286,7 @@ wtap_open_return_val logcat_open(wtap *wth, int *err, gchar **err_info)
wth->priv = logcat;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT;
wth->file_type_subtype = logcat_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT;
wth->snapshot_length = 0;
@ -301,7 +305,7 @@ wtap_open_return_val logcat_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
int logcat_dump_can_write_encap(int encap)
static int logcat_dump_can_write_encap(int encap)
{
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -352,7 +356,7 @@ static gboolean logcat_binary_dump(wtap_dumper *wdh,
return TRUE;
}
gboolean logcat_binary_dump_open(wtap_dumper *wdh, int *err _U_,
static gboolean logcat_binary_dump_open(wtap_dumper *wdh, int *err _U_,
gchar **err_info _U_)
{
wdh->subtype_write = logcat_binary_dump;
@ -360,6 +364,18 @@ gboolean logcat_binary_dump_open(wtap_dumper *wdh, int *err _U_,
return TRUE;
}
static const struct file_type_subtype_info logcat_info = {
"Android Logcat Binary format", "logcat", "logcat", NULL,
FALSE, FALSE, 0,
logcat_dump_can_write_encap, logcat_binary_dump_open, NULL
};
void register_logcat(void)
{
logcat_file_type_subtype = wtap_register_file_type_subtypes(&logcat_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

4
wiretap/logcat.h
View File

@ -47,10 +47,6 @@ struct logger_entry_v2 {
wtap_open_return_val logcat_open(wtap *wth, int *err, gchar **err_info);
gboolean logcat_binary_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int logcat_dump_can_write_encap(int encap);
gint logcat_exported_pdu_length(const guint8 *pd);
#endif

122
wiretap/logcat_text.c
View File

@ -20,6 +20,16 @@ struct dumper_t {
int type;
};
static int logcat_text_brief_file_type_subtype = -1;
static int logcat_text_process_file_type_subtype = -1;
static int logcat_text_tag_file_type_subtype = -1;
static int logcat_text_thread_file_type_subtype = -1;
static int logcat_text_time_file_type_subtype = -1;
static int logcat_text_threadtime_file_type_subtype = -1;
static int logcat_text_long_file_type_subtype = -1;
void register_logcat_text(void);
/* Returns '?' for invalid priorities */
static gchar get_priority(const guint8 priority) {
static gchar priorities[] = "??VDIWEFS";
@ -187,7 +197,7 @@ static gboolean logcat_text_read_packet(FILE_T fh, wtap_rec *rec,
return FALSE;
}
if (WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG == file_type &&
if (logcat_text_long_file_type_subtype == file_type &&
!g_regex_match_simple(SPECIAL_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW), G_REGEX_MATCH_NOTEMPTY)) {
gint64 file_off = 0;
gchar *lbuff;
@ -219,11 +229,11 @@ static gboolean logcat_text_read_packet(FILE_T fh, wtap_rec *rec,
ws_buffer_assure_space(buf, rec->rec_header.packet_header.caplen + 1);
pd = ws_buffer_start_ptr(buf);
if ((WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TIME == file_type
|| WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREADTIME == file_type
|| WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG == file_type)
if ((logcat_text_time_file_type_subtype == file_type
|| logcat_text_threadtime_file_type_subtype == file_type
|| logcat_text_long_file_type_subtype == file_type)
&& '-' != cbuff[0]) { /* the last part filters out the -- beginning of... lines */
if (WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG == file_type) {
if (logcat_text_long_file_type_subtype == file_type) {
get_time(cbuff+2, rec);
} else {
get_time(cbuff, rec);
@ -276,31 +286,31 @@ wtap_open_return_val logcat_text_open(wtap *wth, int *err, gchar **err_info _U_)
if (g_regex_match_simple(BRIEF_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW),
G_REGEX_MATCH_NOTEMPTY)) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT_BRIEF;
wth->file_type_subtype = logcat_text_brief_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT_BRIEF;
} else if (g_regex_match_simple(TAG_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW),
G_REGEX_MATCH_NOTEMPTY)) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TAG;
wth->file_type_subtype = logcat_text_tag_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT_TAG;
} else if (g_regex_match_simple(PROCESS_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW),
G_REGEX_MATCH_NOTEMPTY)) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT_PROCESS;
wth->file_type_subtype = logcat_text_process_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT_PROCESS;
} else if (g_regex_match_simple(TIME_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW),
G_REGEX_MATCH_NOTEMPTY)) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TIME;
wth->file_type_subtype = logcat_text_time_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT_TIME;
} else if (g_regex_match_simple(THREAD_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW),
G_REGEX_MATCH_NOTEMPTY)) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREAD;
wth->file_type_subtype = logcat_text_thread_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT_THREAD;
} else if (g_regex_match_simple(THREADTIME_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW),
G_REGEX_MATCH_NOTEMPTY)) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREADTIME;
wth->file_type_subtype = logcat_text_threadtime_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT_THREADTIME;
} else if (g_regex_match_simple(LONG_STRING, cbuff, (GRegexCompileFlags)(G_REGEX_ANCHORED | G_REGEX_RAW),
G_REGEX_MATCH_NOTEMPTY)) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG;
wth->file_type_subtype = logcat_text_long_file_type_subtype;
wth->file_encap = WTAP_ENCAP_LOGCAT_LONG;
} else {
g_free(cbuff);
@ -320,7 +330,7 @@ wtap_open_return_val logcat_text_open(wtap *wth, int *err, gchar **err_info _U_)
return WTAP_OPEN_MINE;
}
int logcat_text_brief_dump_can_write_encap(int encap) {
static int logcat_text_brief_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -334,7 +344,7 @@ int logcat_text_brief_dump_can_write_encap(int encap) {
}
}
int logcat_text_process_dump_can_write_encap(int encap) {
static int logcat_text_process_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -348,7 +358,7 @@ int logcat_text_process_dump_can_write_encap(int encap) {
}
}
int logcat_text_tag_dump_can_write_encap(int encap) {
static int logcat_text_tag_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -362,7 +372,7 @@ int logcat_text_tag_dump_can_write_encap(int encap) {
}
}
int logcat_text_time_dump_can_write_encap(int encap) {
static int logcat_text_time_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -376,7 +386,7 @@ int logcat_text_time_dump_can_write_encap(int encap) {
}
}
int logcat_text_thread_dump_can_write_encap(int encap) {
static int logcat_text_thread_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -390,7 +400,7 @@ int logcat_text_thread_dump_can_write_encap(int encap) {
}
}
int logcat_text_threadtime_dump_can_write_encap(int encap) {
static int logcat_text_threadtime_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -404,7 +414,7 @@ int logcat_text_threadtime_dump_can_write_encap(int encap) {
}
}
int logcat_text_long_dump_can_write_encap(int encap) {
static int logcat_text_long_dump_can_write_encap(int encap) {
if (encap == WTAP_ENCAP_PER_PACKET)
return WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED;
@ -590,34 +600,94 @@ static gboolean logcat_text_dump_open(wtap_dumper *wdh, guint dump_type) {
return TRUE;
}
gboolean logcat_text_brief_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
static gboolean logcat_text_brief_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
return logcat_text_dump_open(wdh, WTAP_ENCAP_LOGCAT_BRIEF);
}
gboolean logcat_text_process_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
static gboolean logcat_text_process_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
return logcat_text_dump_open(wdh, WTAP_ENCAP_LOGCAT_PROCESS);
}
gboolean logcat_text_tag_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
static gboolean logcat_text_tag_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
return logcat_text_dump_open(wdh, WTAP_ENCAP_LOGCAT_TAG);
}
gboolean logcat_text_time_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
static gboolean logcat_text_time_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
return logcat_text_dump_open(wdh, WTAP_ENCAP_LOGCAT_TIME);
}
gboolean logcat_text_thread_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
static gboolean logcat_text_thread_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
return logcat_text_dump_open(wdh, WTAP_ENCAP_LOGCAT_THREAD);
}
gboolean logcat_text_threadtime_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
static gboolean logcat_text_threadtime_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
return logcat_text_dump_open(wdh, WTAP_ENCAP_LOGCAT_THREADTIME);
}
gboolean logcat_text_long_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
static gboolean logcat_text_long_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_) {
return logcat_text_dump_open(wdh, WTAP_ENCAP_LOGCAT_LONG);
}
static const struct file_type_subtype_info logcat_text_brief_info = {
"Android Logcat Brief text format", "logcat-brief", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_brief_dump_can_write_encap, logcat_text_brief_dump_open, NULL
};
static const struct file_type_subtype_info logcat_text_process_info = {
"Android Logcat Process text format", "logcat-process", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_process_dump_can_write_encap, logcat_text_process_dump_open, NULL
};
static const struct file_type_subtype_info logcat_text_tag_info = {
"Android Logcat Tag text format", "logcat-tag", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_tag_dump_can_write_encap, logcat_text_tag_dump_open, NULL
};
static const struct file_type_subtype_info logcat_text_thread_info = {
"Android Logcat Thread text format", "logcat-thread", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_thread_dump_can_write_encap, logcat_text_thread_dump_open, NULL
};
static const struct file_type_subtype_info logcat_text_time_info = {
"Android Logcat Time text format", "logcat-time", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_time_dump_can_write_encap, logcat_text_time_dump_open, NULL
};
static const struct file_type_subtype_info logcat_text_threadtime_info = {
"Android Logcat Threadtime text format", "logcat-threadtime", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_threadtime_dump_can_write_encap, logcat_text_threadtime_dump_open, NULL
};
static const struct file_type_subtype_info logcat_text_long_info = {
"Android Logcat Long text format", "logcat-long", NULL, NULL,
FALSE, FALSE, 0,
logcat_text_long_dump_can_write_encap, logcat_text_long_dump_open, NULL
};
void register_logcat_text(void)
{
logcat_text_brief_file_type_subtype = wtap_register_file_type_subtypes(&logcat_text_brief_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
logcat_text_process_file_type_subtype = wtap_register_file_type_subtypes(&logcat_text_process_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
logcat_text_tag_file_type_subtype = wtap_register_file_type_subtypes(&logcat_text_tag_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
logcat_text_thread_file_type_subtype = wtap_register_file_type_subtypes(&logcat_text_thread_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
logcat_text_time_file_type_subtype = wtap_register_file_type_subtypes(&logcat_text_time_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
logcat_text_threadtime_file_type_subtype = wtap_register_file_type_subtypes(&logcat_text_threadtime_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
logcat_text_long_file_type_subtype = wtap_register_file_type_subtypes(&logcat_text_long_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

16
wiretap/logcat_text.h
View File

@ -24,22 +24,6 @@
wtap_open_return_val logcat_text_open(wtap *wth, int *err, gchar **err_info);
gboolean logcat_text_brief_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
gboolean logcat_text_process_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
gboolean logcat_text_tag_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
gboolean logcat_text_time_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
gboolean logcat_text_thread_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
gboolean logcat_text_threadtime_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
gboolean logcat_text_long_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int logcat_text_brief_dump_can_write_encap(int encap);
int logcat_text_tag_dump_can_write_encap(int encap);
int logcat_text_process_dump_can_write_encap(int encap);
int logcat_text_thread_dump_can_write_encap(int encap);
int logcat_text_time_dump_can_write_encap(int encap);
int logcat_text_threadtime_dump_can_write_encap(int encap);
int logcat_text_long_dump_can_write_encap(int encap);
#endif
/*

37
wiretap/mime_file.c
View File

@ -90,6 +90,10 @@ static const mime_files_t magic_files[] = {
#define N_MAGIC_TYPES (sizeof(magic_files) / sizeof(magic_files[0]))
static int mime_file_type_subtype = -1;
void register_mime(void);
wtap_open_return_val
mime_file_open(wtap *wth, int *err, gchar **err_info)
{
@ -135,7 +139,7 @@ mime_file_open(wtap *wth, int *err, gchar **err_info)
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_MIME;
wth->file_type_subtype = mime_file_type_subtype;
wth->file_encap = WTAP_ENCAP_MIME;
wth->file_tsprec = WTAP_TSPREC_SEC;
wth->subtype_read = wtap_full_file_read;
@ -145,6 +149,37 @@ mime_file_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info mime_info = {
"MIME File Format", "mime", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
/*
* XXX - registered solely for the benefit of Lua scripts that
* look for the file type "JPEG_JFIF"; it may be removed once
* we get rid of wtap_filetypes.
*/
static const struct file_type_subtype_info jpeg_jfif_info = {
"JPEG/JFIF", "jpeg", "jpg", "jpeg;jfif",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_mime(void)
{
mime_file_type_subtype =
wtap_register_file_type_subtypes(&mime_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
/*
* Obsoleted by "mime", so just register it; we don't
* need its return value.
*/
wtap_register_file_type_subtypes(&jpeg_jfif_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/mp2t.c
View File

@ -46,6 +46,10 @@ typedef struct {
guint8 trailer_len;
} mp2t_filetype_t;
static int mp2t_file_type_subtype = -1;
void register_mp2t(void);
static gboolean
mp2t_read_packet(mp2t_filetype_t *mp2t, FILE_T fh, gint64 offset,
wtap_rec *rec, Buffer *buf, int *err,
@ -374,7 +378,7 @@ found:
return WTAP_OPEN_ERROR;
}
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_MPEG_2_TS;
wth->file_type_subtype = mp2t_file_type_subtype;
wth->file_encap = WTAP_ENCAP_MPEG_2_TS;
wth->file_tsprec = WTAP_TSPREC_NSEC;
wth->subtype_read = mp2t_read;
@ -391,6 +395,18 @@ found:
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info mp2t_info = {
"MPEG2 transport stream", "mp2t", "mp2t", "ts;mpg",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_mp2t(void)
{
mp2t_file_type_subtype = wtap_register_file_type_subtypes(&mp2t_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

20
wiretap/mp4.c
View File

@ -16,6 +16,10 @@
static const guint8 mp4_magic[] = { 'f', 't', 'y', 'p' };
static int mp4_file_type_subtype = -1;
void register_mp4(void);
wtap_open_return_val
mp4_open(wtap *wth, int *err, gchar **err_info)
{
@ -38,7 +42,7 @@ mp4_open(wtap *wth, int *err, gchar **err_info)
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_MP4;
wth->file_type_subtype = mp4_file_type_subtype;
wth->file_encap = WTAP_ENCAP_MP4;
wth->file_tsprec = WTAP_TSPREC_SEC;
wth->subtype_read = wtap_full_file_read;
@ -48,6 +52,20 @@ mp4_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info mp4_info = {
/* WTAP_FILE_TYPE_SUBTYPE_MP4 */
"MP4 media", "mp4", "mp4", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_mp4(void)
{
mp4_file_type_subtype =
wtap_register_file_type_subtypes(&mp4_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/mpeg.c
View File

@ -35,6 +35,10 @@ typedef struct {
time_t t0;
} mpeg_t;
static int mpeg_file_type_subtype = -1;
void register_mpeg(void);
static int
mpeg_resync(FILE_T fh, int *err)
{
@ -245,7 +249,7 @@ good_magic:
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_MPEG;
wth->file_type_subtype = mpeg_file_type_subtype;
wth->file_encap = WTAP_ENCAP_MPEG;
wth->file_tsprec = WTAP_TSPREC_NSEC;
wth->subtype_read = mpeg_read;
@ -261,6 +265,19 @@ good_magic:
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info mpeg_info = {
"MPEG", "mpeg", "mpeg", "mpg;mp3",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_mpeg(void)
{
mpeg_file_type_subtype =
wtap_register_file_type_subtypes(&mpeg_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

17
wiretap/mplog.c
View File

@ -73,6 +73,10 @@
#define PKT_BUF_LEN (ISO14443_PSEUDO_HDR_LEN + ISO14443_MAX_PKT_LEN)
static int mplog_file_type_subtype = -1;
void register_mplog(void);
/* read the next packet, starting at the current position of fh
as we know very little about the file format, our approach is rather simple:
- we read block-by-block until a known block-type is found
@ -231,7 +235,7 @@ wtap_open_return_val mplog_open(wtap *wth, int *err, gchar **err_info)
wth->subtype_read = mplog_read;
wth->subtype_seek_read = mplog_seek_read;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_MPLOG;
wth->file_type_subtype = mplog_file_type_subtype;
/* skip the file header */
if (-1 == file_seek(wth->fh, 0x80, SEEK_SET, err))
@ -250,6 +254,17 @@ wtap_open_return_val mplog_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info mplog_info = {
"Micropross mplog", "mplog", "mplog", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_mplog(void)
{
mplog_file_type_subtype = wtap_register_file_type_subtypes(&mplog_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html

126
wiretap/netmon.c
View File

@ -227,6 +227,11 @@ static gboolean netmon_dump(wtap_dumper *wdh, const wtap_rec *rec,
static gboolean netmon_dump_finish(wtap_dumper *wdh, int *err,
gchar **err_info);
static int netmon_1_x_file_type_subtype = -1;
static int netmon_2_x_file_type_subtype = -1;
void register_netmon(void);
/*
* Convert a counted UTF-16 string, which is probably also null-terminated
* but is not guaranteed to be null-terminated (as it came from a file),
@ -440,11 +445,11 @@ wtap_open_return_val netmon_open(wtap *wth, int *err, gchar **err_info)
switch (hdr.ver_major) {
case 1:
file_type = WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x;
file_type = netmon_1_x_file_type_subtype;
break;
case 2:
file_type = WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x;
file_type = netmon_2_x_file_type_subtype;
break;
default:
@ -1561,6 +1566,7 @@ netmon_close(wtap *wth)
}
typedef struct {
gboolean is_v2;
gboolean got_first_record_time;
nstime_t first_record_time;
guint32 frame_table_offset;
@ -1590,7 +1596,7 @@ static const int wtap_encap[] = {
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
int netmon_dump_can_write_encap_1_x(int encap)
static int netmon_dump_can_write_encap_1_x(int encap)
{
/*
* Per-packet encapsulations are *not* supported in NetMon 1.x
@ -1602,7 +1608,7 @@ int netmon_dump_can_write_encap_1_x(int encap)
return 0;
}
int netmon_dump_can_write_encap_2_x(int encap)
static int netmon_dump_can_write_encap_2_x(int encap)
{
/*
* Per-packet encapsulations are supported in NetMon 2.1
@ -1619,7 +1625,8 @@ int netmon_dump_can_write_encap_2_x(int encap)
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure */
gboolean netmon_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
static gboolean netmon_dump_open(wtap_dumper *wdh, gboolean is_v2,
int *err, gchar **err_info _U_)
{
netmon_dump_t *netmon;
@ -1635,6 +1642,7 @@ gboolean netmon_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
netmon = g_new(netmon_dump_t, 1);
wdh->priv = (void *)netmon;
netmon->is_v2 = is_v2;
netmon->frame_table_offset = CAPTUREFILE_HEADER_SIZE;
netmon->got_first_record_time = FALSE;
netmon->frame_table = NULL;
@ -1645,6 +1653,16 @@ gboolean netmon_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
return TRUE;
}
static gboolean netmon_dump_open_1_x(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
return netmon_dump_open(wdh, 1, err, err_info);
}
static gboolean netmon_dump_open_2_x(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
return netmon_dump_open(wdh, 2, err, err_info);
}
/* Write a record for a packet to a dump file.
Returns TRUE on success, FALSE on failure. */
static gboolean netmon_dump(wtap_dumper *wdh, const wtap_rec *rec,
@ -1669,9 +1687,13 @@ static gboolean netmon_dump(wtap_dumper *wdh, const wtap_rec *rec,
return FALSE;
}
switch (wdh->file_type_subtype) {
case WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x:
if (netmon->is_v2) {
/* Don't write anything we're not willing to read. */
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
} else {
/*
* The length fields are 16-bit, so there's a hard limit
* of 65535.
@ -1680,21 +1702,6 @@ static gboolean netmon_dump(wtap_dumper *wdh, const wtap_rec *rec,
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
break;
case WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x:
/* Don't write anything we're not willing to read. */
if (rec->rec_header.packet_header.caplen > WTAP_MAX_PACKET_SIZE_STANDARD) {
*err = WTAP_ERR_PACKET_TOO_LARGE;
return FALSE;
}
break;
default:
/* We should never get here - our open routine
should only get called for the types above. */
*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
return FALSE;
}
if (wdh->encap == WTAP_ENCAP_PER_PACKET) {
@ -1777,29 +1784,18 @@ static gboolean netmon_dump(wtap_dumper *wdh, const wtap_rec *rec,
nsecs += 1000000000;
secs--;
}
switch (wdh->file_type_subtype) {
case WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x:
rec_1_x_hdr.ts_delta = GUINT32_TO_LE(secs*1000 + (nsecs + 500000)/1000000);
rec_1_x_hdr.orig_len = GUINT16_TO_LE(rec->rec_header.packet_header.len + atm_hdrsize);
rec_1_x_hdr.incl_len = GUINT16_TO_LE(rec->rec_header.packet_header.caplen + atm_hdrsize);
hdrp = &rec_1_x_hdr;
hdr_size = sizeof rec_1_x_hdr;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x:
if (netmon->is_v2) {
rec_2_x_hdr.ts_delta = GUINT64_TO_LE(secs*1000000 + (nsecs + 500)/1000);
rec_2_x_hdr.orig_len = GUINT32_TO_LE(rec->rec_header.packet_header.len + atm_hdrsize);
rec_2_x_hdr.incl_len = GUINT32_TO_LE(rec->rec_header.packet_header.caplen + atm_hdrsize);
hdrp = &rec_2_x_hdr;
hdr_size = sizeof rec_2_x_hdr;
break;
default:
/* We should never get here - our open routine
should only get called for the types above. */
*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
return FALSE;
} else {
rec_1_x_hdr.ts_delta = GUINT32_TO_LE(secs*1000 + (nsecs + 500000)/1000000);
rec_1_x_hdr.orig_len = GUINT16_TO_LE(rec->rec_header.packet_header.len + atm_hdrsize);
rec_1_x_hdr.incl_len = GUINT16_TO_LE(rec->rec_header.packet_header.caplen + atm_hdrsize);
hdrp = &rec_1_x_hdr;
hdr_size = sizeof rec_1_x_hdr;
}
/*
@ -1914,17 +1910,7 @@ static gboolean netmon_dump_finish(wtap_dumper *wdh, int *err,
if (wtap_dump_file_seek(wdh, 0, SEEK_SET, err) == -1)
return FALSE;
memset(&file_hdr, '\0', sizeof file_hdr);
switch (wdh->file_type_subtype) {
case WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x:
magicp = netmon_1_x_magic;
magic_size = sizeof netmon_1_x_magic;
/* NetMon file version, for 1.x, is 1.1 */
file_hdr.ver_major = 1;
file_hdr.ver_minor = 1;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x:
if (netmon->is_v2) {
magicp = netmon_2_x_magic;
magic_size = sizeof netmon_2_x_magic;
/*
@ -1946,14 +1932,12 @@ static gboolean netmon_dump_finish(wtap_dumper *wdh, int *err,
file_hdr.ver_major = 2;
file_hdr.ver_minor =
(wdh->encap == WTAP_ENCAP_PER_PACKET) ? 1 : 0;
break;
default:
/* We should never get here - our open routine
should only get called for the types above. */
if (err != NULL)
*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
return FALSE;
} else {
magicp = netmon_1_x_magic;
magic_size = sizeof netmon_1_x_magic;
/* NetMon file version, for 1.x, is 1.1 */
file_hdr.ver_major = 1;
file_hdr.ver_minor = 1;
}
if (!wtap_dump_file_write(wdh, magicp, magic_size, err))
return FALSE;
@ -1995,6 +1979,28 @@ static gboolean netmon_dump_finish(wtap_dumper *wdh, int *err,
return TRUE;
}
static const struct file_type_subtype_info netmon_1_x_info = {
"Microsoft NetMon 1.x", "netmon1", "cap", NULL,
TRUE, FALSE, 0,
netmon_dump_can_write_encap_1_x, netmon_dump_open_1_x, NULL
};
static const struct file_type_subtype_info netmon_2_x_info = {
"Microsoft NetMon 2.x", "netmon2", "cap", NULL,
TRUE, FALSE, 0,
netmon_dump_can_write_encap_2_x, netmon_dump_open_2_x, NULL
};
void register_netmon(void)
{
netmon_1_x_file_type_subtype =
wtap_register_file_type_subtypes(&netmon_1_x_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
netmon_2_x_file_type_subtype =
wtap_register_file_type_subtypes(&netmon_2_x_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

3
wiretap/netmon.h
View File

@ -13,8 +13,5 @@
#include "wtap.h"
wtap_open_return_val netmon_open(wtap *wth, int *err, gchar **err_info);
gboolean netmon_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int netmon_dump_can_write_encap_1_x(int encap);
int netmon_dump_can_write_encap_2_x(int encap);
#endif

183
wiretap/netscaler.c
View File

@ -602,7 +602,16 @@ typedef struct {
guint64 file_size;
} nstrace_t;
static guint32 nspm_signature_version(gchar*, gint32);
/*
* File versions.
*/
#define NSPM_SIGNATURE_1_0 0
#define NSPM_SIGNATURE_2_0 1
#define NSPM_SIGNATURE_3_0 2
#define NSPM_SIGNATURE_3_5 3
#define NSPM_SIGNATURE_NOMATCH -1
static int nspm_signature_version(gchar*, gint32);
static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
int *err, gchar **err_info,
gint64 *data_offset);
@ -630,13 +639,21 @@ static gboolean nstrace_set_start_time_v10(wtap *wth, int *err,
gchar **err_info);
static gboolean nstrace_set_start_time_v20(wtap *wth, int *err,
gchar **err_info);
static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info);
static gboolean nstrace_set_start_time(wtap *wth, int version, int *err,
gchar **err_info);
static guint64 ns_hrtime2nsec(guint32 tm);
static gboolean nstrace_dump(wtap_dumper *wdh, const wtap_rec *rec,
const guint8 *pd, int *err, gchar **err_info);
static int nstrace_1_0_file_type_subtype = -1;
static int nstrace_2_0_file_type_subtype = -1;
static int nstrace_3_0_file_type_subtype = -1;
static int nstrace_3_5_file_type_subtype = -1;
void register_nstrace(void);
/*
* Minimum of the page size and the amount of data left in the file;
* the last page of a file can be short.
@ -697,6 +714,7 @@ nstrace_read_buf(FILE_T fh, void *buf, guint32 buflen, int *err,
*/
wtap_open_return_val nstrace_open(wtap *wth, int *err, gchar **err_info)
{
int file_version;
gchar *nstrace_buf;
gint64 file_size;
gint32 page_size;
@ -724,26 +742,29 @@ wtap_open_return_val nstrace_open(wtap *wth, int *err, gchar **err_info)
/*
* Scan it for a signature block.
*/
wth->file_type_subtype = nspm_signature_version(nstrace_buf, page_size);
file_version = nspm_signature_version(nstrace_buf, page_size);
switch (file_version) {
switch (wth->file_type_subtype)
{
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0:
case NSPM_SIGNATURE_1_0:
wth->file_type_subtype = nstrace_1_0_file_type_subtype;
wth->file_encap = WTAP_ENCAP_NSTRACE_1_0;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0:
case NSPM_SIGNATURE_2_0:
wth->file_type_subtype = nstrace_2_0_file_type_subtype;
wth->file_encap = WTAP_ENCAP_NSTRACE_2_0;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0:
case NSPM_SIGNATURE_3_0:
wth->file_type_subtype = nstrace_3_0_file_type_subtype;
wth->file_encap = WTAP_ENCAP_NSTRACE_3_0;
g_free(nstrace_buf);
nstrace_buf = (gchar *)g_malloc(NSPR_PAGESIZE_TRACE);
page_size = GET_READ_PAGE_SIZEV3(file_size);
break;
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5:
case NSPM_SIGNATURE_3_5:
wth->file_type_subtype = nstrace_3_5_file_type_subtype;
wth->file_encap = WTAP_ENCAP_NSTRACE_3_5;
g_free(nstrace_buf);
nstrace_buf = (gchar *)g_malloc(NSPR_PAGESIZE_TRACE);
@ -772,24 +793,24 @@ wtap_open_return_val nstrace_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_NOT_MINE;
}
switch (wth->file_type_subtype)
switch (file_version)
{
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0:
case NSPM_SIGNATURE_1_0:
wth->subtype_read = nstrace_read_v10;
wth->subtype_seek_read = nstrace_seek_read_v10;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0:
case NSPM_SIGNATURE_2_0:
wth->subtype_read = nstrace_read_v20;
wth->subtype_seek_read = nstrace_seek_read_v20;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0:
case NSPM_SIGNATURE_3_0:
wth->subtype_read = nstrace_read_v30;
wth->subtype_seek_read = nstrace_seek_read_v30;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5:
case NSPM_SIGNATURE_3_5:
wth->subtype_read = nstrace_read_v30;
wth->subtype_seek_read = nstrace_seek_read_v30;
break;
@ -810,7 +831,7 @@ wtap_open_return_val nstrace_open(wtap *wth, int *err, gchar **err_info)
/* Set the start time by looking for the abstime record */
if ((nstrace_set_start_time(wth, err, err_info)) == FALSE)
if ((nstrace_set_start_time(wth, file_version, err, err_info)) == FALSE)
{
/*
* No absolute time record seen, so we just reset the read
@ -898,7 +919,7 @@ nspm_signature_func(35)
**
** XXX - can we assume the signature block is the first block?
*/
static guint32
static int
nspm_signature_version(gchar *nstrace_buf, gint32 len)
{
gchar *dp = nstrace_buf;
@ -929,7 +950,7 @@ nspm_signature_version(gchar *nstrace_buf, gint32 len)
(pletoh16(&sigv10p->nsprRecordSize) >= nspr_signature_v10_s))
{
if ((nspm_signature_isv10(sigv10p->sig_Signature, sizeof sigv10p->sig_Signature)))
return WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0;
return NSPM_SIGNATURE_1_0;
}
#undef sigv10p
@ -954,17 +975,17 @@ nspm_signature_version(gchar *nstrace_buf, gint32 len)
(sigv20p->sig_RecordSize >= nspr_signature_v20_s))
{
if (nspm_signature_isv20(sigv20p->sig_Signature, sizeof sigv20p->sig_Signature)){
return WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0;
return NSPM_SIGNATURE_2_0;
} else if (nspm_signature_isv30(sigv20p->sig_Signature, sizeof sigv20p->sig_Signature)){
return WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0;
return NSPM_SIGNATURE_3_0;
} else if (nspm_signature_isv35(sigv20p->sig_Signature, sizeof sigv20p->sig_Signature)){
return WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5;
return NSPM_SIGNATURE_3_5;
}
}
#undef sigv20p
}
return WTAP_FILE_TYPE_SUBTYPE_UNKNOWN; /* no version found */
return NSPM_SIGNATURE_NOMATCH; /* no version found */
}
#define nspr_getv10recordtype(hdp) (pletoh16(&(hdp)->nsprRecordType))
@ -1033,13 +1054,14 @@ nstrace_set_start_time_ver(20)
** the next record after the ABSTIME record. Inorder to report correct time values, all trace
** records before the ABSTIME record are ignored.
*/
static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info)
static gboolean nstrace_set_start_time(wtap *wth, int file_version, int *err,
gchar **err_info)
{
if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0)
if (file_version == NSPM_SIGNATURE_1_0)
return nstrace_set_start_time_v10(wth, err, err_info);
else if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0)
else if (file_version == NSPM_SIGNATURE_2_0)
return nstrace_set_start_time_v20(wth, err, err_info);
else if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0)
else if (file_version == NSPM_SIGNATURE_3_0)
return nstrace_set_start_time_v20(wth, err, err_info);
return FALSE;
}
@ -1989,7 +2011,13 @@ static void nstrace_close(wtap *wth)
}
#define NSTRACE_1_0 0
#define NSTRACE_2_0 1
#define NSTRACE_3_0 2
#define NSTRACE_3_5 3
typedef struct {
guint version;
guint16 page_offset;
guint16 page_len;
guint32 absrec_time;
@ -2039,7 +2067,8 @@ int nstrace_35_dump_can_write_encap(int encap)
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
** failure */
gboolean nstrace_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_)
static gboolean nstrace_dump_open(wtap_dumper *wdh, guint version, int *err _U_,
gchar **err_info _U_)
{
nstrace_dump_t *nstrace;
@ -2047,9 +2076,10 @@ gboolean nstrace_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_)
nstrace = g_new(nstrace_dump_t, 1);
wdh->priv = (void *)nstrace;
nstrace->version = version;
nstrace->page_offset = 0;
if ((wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0) ||
(wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5))
if ((nstrace->version == NSTRACE_3_0) ||
(nstrace->version == NSTRACE_3_5))
nstrace->page_len = NSPR_PAGESIZE_TRACE;
else
nstrace->page_len = NSPR_PAGESIZE;
@ -2060,12 +2090,35 @@ gboolean nstrace_dump_open(wtap_dumper *wdh, int *err _U_, gchar **err_info _U_)
return TRUE;
}
static gboolean nstrace_10_dump_open(wtap_dumper *wdh, int *err,
gchar **err_info)
{
return nstrace_dump_open(wdh, NSTRACE_1_0, err, err_info);
}
static gboolean nstrace_20_dump_open(wtap_dumper *wdh, int *err,
gchar **err_info)
{
return nstrace_dump_open(wdh, NSTRACE_2_0, err, err_info);
}
static gboolean nstrace_30_dump_open(wtap_dumper *wdh, int *err,
gchar **err_info)
{
return nstrace_dump_open(wdh, NSTRACE_3_0, err, err_info);
}
static gboolean nstrace_35_dump_open(wtap_dumper *wdh, int *err,
gchar **err_info)
{
return nstrace_dump_open(wdh, NSTRACE_3_5, err, err_info);
}
static gboolean nstrace_add_signature(wtap_dumper *wdh, int *err)
{
nstrace_dump_t *nstrace = (nstrace_dump_t *)wdh->priv;
if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0)
if (nstrace->version == NSTRACE_1_0)
{
guint16 val16b;
nspr_signature_v10_t sig10;
@ -2086,7 +2139,7 @@ static gboolean nstrace_add_signature(wtap_dumper *wdh, int *err)
/* Move forward the page offset */
nstrace->page_offset += (guint16) nspr_signature_v10_s;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0)
} else if (nstrace->version == NSTRACE_2_0)
{
nspr_signature_v20_t sig20;
@ -2102,7 +2155,7 @@ static gboolean nstrace_add_signature(wtap_dumper *wdh, int *err)
/* Move forward the page offset */
nstrace->page_offset += (guint16) sig20.sig_RecordSize;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0)
} else if (nstrace->version == NSTRACE_3_0)
{
nspr_signature_v30_t sig30;
@ -2117,7 +2170,7 @@ static gboolean nstrace_add_signature(wtap_dumper *wdh, int *err)
/* Move forward the page offset */
nstrace->page_offset += (guint16) sig30.sig_RecordSize;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5)
} else if (nstrace->version == NSTRACE_3_5)
{
nspr_signature_v35_t sig35;
@ -2149,7 +2202,7 @@ nstrace_add_abstime(wtap_dumper *wdh, const wtap_rec *rec,
nstrace_dump_t *nstrace = (nstrace_dump_t *)wdh->priv;
guint64 nsg_creltime;
if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0)
if (nstrace->version == NSTRACE_1_0)
{
guint16 val16;
guint32 reltime;
@ -2176,9 +2229,9 @@ nstrace_add_abstime(wtap_dumper *wdh, const wtap_rec *rec,
/* Move forward the page offset */
nstrace->page_offset += nspr_abstime_v10_s;
} else if ((wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0) ||
(wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0) ||
(wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5)) {
} else if ((nstrace->version == NSTRACE_2_0) ||
(nstrace->version == NSTRACE_3_0) ||
(nstrace->version == NSTRACE_3_5)) {
guint32 reltime;
guint64 abstime;
nspr_abstime_v20_t abs20;
@ -2227,18 +2280,18 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const wtap_rec *rec,
{
nstrace->newfile = FALSE;
/* Add the signature record and abs time record */
if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0)
if (nstrace->version == NSTRACE_1_0)
{
if (!nstrace_add_signature(wdh, err) ||
!nstrace_add_abstime(wdh, rec, pd, err))
return FALSE;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0)
} else if (nstrace->version == NSTRACE_2_0)
{
if (!nstrace_add_signature(wdh, err) ||
!nstrace_add_abstime(wdh, rec, pd, err))
return FALSE;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0 ||
wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 )
} else if (nstrace->version == NSTRACE_3_0 ||
nstrace->version == NSTRACE_3_5 )
{
if (!nstrace_add_signature(wdh, err) ||
!nstrace_add_abstime(wdh, rec, pd, err))
@ -2254,7 +2307,7 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const wtap_rec *rec,
{
case NSPR_HEADER_VERSION100:
if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0)
if (nstrace->version == NSTRACE_1_0)
{
if (nstrace->page_offset + rec->rec_header.packet_header.caplen >= nstrace->page_len)
{
@ -2274,7 +2327,7 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const wtap_rec *rec,
return FALSE;
nstrace->page_offset += (guint16) rec->rec_header.packet_header.caplen;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0)
} else if (nstrace->version == NSTRACE_2_0)
{
*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
return FALSE;
@ -2289,11 +2342,11 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const wtap_rec *rec,
case NSPR_HEADER_VERSION204:
case NSPR_HEADER_VERSION205:
case NSPR_HEADER_VERSION206:
if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0)
if (nstrace->version == NSTRACE_1_0)
{
*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
return FALSE;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0)
} else if (nstrace->version == NSTRACE_2_0)
{
if (nstrace->page_offset + rec->rec_header.packet_header.caplen >= nstrace->page_len)
{
@ -2319,15 +2372,15 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const wtap_rec *rec,
case NSPR_HEADER_VERSION300:
case NSPR_HEADER_VERSION350:
if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0)
if (nstrace->version == NSTRACE_1_0)
{
*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
return FALSE;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0)
} else if (nstrace->version == NSTRACE_2_0)
{
*err = WTAP_ERR_UNWRITABLE_FILE_TYPE;
return FALSE;
} else if (wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0 || wdh->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5)
} else if (nstrace->version == NSTRACE_3_0 || nstrace->version == NSTRACE_3_5)
{
if (nstrace->page_offset + rec->rec_header.packet_header.caplen >= nstrace->page_len)
{
@ -2362,6 +2415,42 @@ static gboolean nstrace_dump(wtap_dumper *wdh, const wtap_rec *rec,
return TRUE;
}
static const struct file_type_subtype_info nstrace_1_0_info = {
"NetScaler Trace (Version 1.0)", "nstrace10", NULL, NULL,
TRUE, FALSE, 0,
nstrace_10_dump_can_write_encap, nstrace_10_dump_open, NULL
};
static const struct file_type_subtype_info nstrace_2_0_info = {
"NetScaler Trace (Version 2.0)", "nstrace20", "cap", NULL,
TRUE, FALSE, 0,
nstrace_20_dump_can_write_encap, nstrace_20_dump_open, NULL
};
static const struct file_type_subtype_info nstrace_3_0_info = {
"NetScaler Trace (Version 3.0)", "nstrace30", "cap", NULL,
TRUE, FALSE, 0,
nstrace_30_dump_can_write_encap, nstrace_30_dump_open, NULL
};
static const struct file_type_subtype_info nstrace_3_5_info = {
"NetScaler Trace (Version 3.5)", "nstrace35", "cap", NULL,
TRUE, FALSE, 0,
nstrace_35_dump_can_write_encap, nstrace_35_dump_open, NULL
};
void register_netscaler(void)
{
nstrace_1_0_file_type_subtype = wtap_register_file_type_subtypes(&nstrace_1_0_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
nstrace_2_0_file_type_subtype = wtap_register_file_type_subtypes(&nstrace_2_0_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
nstrace_3_0_file_type_subtype = wtap_register_file_type_subtypes(&nstrace_3_0_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
nstrace_3_5_file_type_subtype = wtap_register_file_type_subtypes(&nstrace_3_5_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

7
wiretap/netscaler.h
View File

@ -108,12 +108,5 @@
#define NSPR_HEADER_VERSION350 0x35
wtap_open_return_val nstrace_open(wtap *wth, int *err, gchar **err_info);
int nstrace_10_dump_can_write_encap(int encap);
int nstrace_20_dump_can_write_encap(int encap);
int nstrace_30_dump_can_write_encap(int encap);
int nstrace_35_dump_can_write_encap(int encap);
gboolean nstrace_dump_open(wtap_dumper *wdh, int *err, char **err_info);
#endif /* _NETSCALER_H */

19
wiretap/netscreen.c
View File

@ -61,6 +61,10 @@ static gboolean parse_netscreen_packet(FILE_T fh, wtap_rec *rec,
static int parse_single_hex_dump_line(char* rec, guint8 *buf,
guint byte_offset);
static int netscreen_file_type_subtype = -1;
void register_netscreen(void);
/* Returns TRUE if the line appears to be a line with protocol info.
Otherwise it returns FALSE. */
static gboolean info_line(const gchar *line)
@ -159,7 +163,7 @@ wtap_open_return_val netscreen_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
wth->file_encap = WTAP_ENCAP_UNKNOWN;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NETSCREEN;
wth->file_type_subtype = netscreen_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = netscreen_read;
wth->subtype_seek_read = netscreen_seek_read;
@ -446,6 +450,19 @@ parse_single_hex_dump_line(char* rec, guint8 *buf, guint byte_offset)
return num_items_scanned;
}
static const struct file_type_subtype_info netscreen_info = {
"NetScreen snoop text file", "netscreen", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_netscreen(void)
{
netscreen_file_type_subtype =
wtap_register_file_type_subtypes(&netscreen_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

22
wiretap/nettl.c
View File

@ -173,6 +173,10 @@ static gboolean nettl_read_rec(wtap *wth, FILE_T fh, wtap_rec *rec,
static gboolean nettl_dump(wtap_dumper *wdh, const wtap_rec *rec,
const guint8 *pd, int *err, gchar **err_info);
static int nettl_file_type_subtype = -1;
void register_nettl(void);
wtap_open_return_val nettl_open(wtap *wth, int *err, gchar **err_info)
{
struct nettl_file_hdr file_hdr;
@ -200,7 +204,7 @@ wtap_open_return_val nettl_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
/* This is an nettl file */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NETTL;
wth->file_type_subtype = nettl_file_type_subtype;
nettl = g_new(nettl_t,1);
wth->priv = (void *)nettl;
if (file_hdr.os_vers[2] == '1' && file_hdr.os_vers[3] == '1')
@ -613,7 +617,7 @@ nettl_read_rec(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
when they are first opened, so we allow that for tshark read/write.
*/
int nettl_dump_can_write_encap(int encap)
static int nettl_dump_can_write_encap(int encap)
{
switch (encap) {
@ -642,7 +646,7 @@ int nettl_dump_can_write_encap(int encap)
/* Returns TRUE on success, FALSE on failure;
sets "*err" to an error code on failure */
gboolean nettl_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
static gboolean nettl_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
struct nettl_file_hdr file_hdr;
@ -793,6 +797,18 @@ static gboolean nettl_dump(wtap_dumper *wdh,
return TRUE;
}
static const struct file_type_subtype_info nettl_info = {
"HP-UX nettl trace", "nettl", "trc0", "trc1",
FALSE, FALSE, 0,
nettl_dump_can_write_encap, nettl_dump_open, NULL
};
void register_nettl(void)
{
nettl_file_type_subtype = wtap_register_file_type_subtypes(&nettl_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

2
wiretap/nettl.h
View File

@ -117,7 +117,5 @@
#define NETTL_HDR_PDU_MASK 0x30000000
wtap_open_return_val nettl_open(wtap *wth, int *err, gchar **err_info);
gboolean nettl_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int nettl_dump_can_write_encap(int encap);
#endif

20
wiretap/nettrace_3gpp_32_423.c
View File

@ -111,6 +111,10 @@ typedef struct exported_pdu_info {
#define EXP_PDU_TAG_COL_PROT_BIT 0x0200
static int nettrace_3gpp_32_423_file_type_subtype = -1;
void register_nettrace_3gpp_32_423(void);
/* Parse a string IPv4 or IPv6 address into bytes for exported_pdu_info.
* Also parses the port pairs and transport layer type.
*/
@ -815,7 +819,7 @@ nettrace_3gpp_32_423_file_open(wtap *wth, int *err, gchar **err_info)
file_info->buffer = g_byte_array_sized_new(RINGBUFFER_START_SIZE);
g_byte_array_append(file_info->buffer, curr_pos, (guint)(bytes_read - (curr_pos - magic_buf)));
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423;
wth->file_type_subtype = nettrace_3gpp_32_423_file_type_subtype;
wth->file_encap = WTAP_ENCAP_WIRESHARK_UPPER_PDU;
wth->file_tsprec = WTAP_TSPREC_MSEC;
wth->subtype_read = nettrace_read;
@ -827,6 +831,20 @@ nettrace_3gpp_32_423_file_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info nettrace_3gpp_32_423_info = {
/* WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 */
"3GPP TS 32.423 Trace", "3gpp32423", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_nettrace_3gpp_32_423(void)
{
nettrace_3gpp_32_423_file_type_subtype =
wtap_register_file_type_subtypes(&nettrace_3gpp_32_423_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

22
wiretap/network_instruments.c
View File

@ -116,6 +116,10 @@ static gboolean observer_dump(wtap_dumper *wdh, const wtap_rec *rec,
static gint observer_to_wtap_encap(int observer_encap);
static gint wtap_to_observer_encap(int wtap_encap);
static int network_instruments_file_type_subtype = -1;
void register_network_instruments(void);
wtap_open_return_val network_instruments_open(wtap *wth, int *err, gchar **err_info)
{
guint offset;
@ -294,7 +298,7 @@ wtap_open_return_val network_instruments_open(wtap *wth, int *err, gchar **err_i
wth->subtype_sequential_close = NULL;
wth->snapshot_length = 0; /* not available in header */
wth->file_tsprec = WTAP_TSPREC_NSEC;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NETWORK_INSTRUMENTS;
wth->file_type_subtype = network_instruments_file_type_subtype;
/* reset the pointer to the first packet */
if (file_seek(wth->fh, header_offset, SEEK_SET, err) == -1)
@ -646,7 +650,7 @@ skip_to_next_packet(wtap *wth, int offset_to_next_packet, int current_offset_fro
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
int network_instruments_dump_can_write_encap(int encap)
static int network_instruments_dump_can_write_encap(int encap)
{
/* per-packet encapsulations aren't supported */
if (encap == WTAP_ENCAP_PER_PACKET)
@ -660,7 +664,7 @@ int network_instruments_dump_can_write_encap(int encap)
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure. */
gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err,
static gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err,
gchar **err_info)
{
observer_dump_private_state * private_state = NULL;
@ -876,6 +880,18 @@ static gint wtap_to_observer_encap(int wtap_encap)
return OBSERVER_UNDEFINED;
}
static const struct file_type_subtype_info network_instruments_info = {
"Network Instruments Observer", "niobserver", "bfr", NULL,
FALSE, FALSE, 0,
network_instruments_dump_can_write_encap, network_instruments_dump_open, NULL
};
void register_network_instruments(void)
{
network_instruments_file_type_subtype = wtap_register_file_type_subtypes(&network_instruments_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

2
wiretap/network_instruments.h
View File

@ -19,8 +19,6 @@
#include "wtap.h"
wtap_open_return_val network_instruments_open(wtap *wth, int *err, gchar **err_info);
int network_instruments_dump_can_write_encap(int encap);
gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
/*
* In v15 the high_byte was added to allow a larger offset This was done by

117
wiretap/netxray.c
View File

@ -408,6 +408,13 @@ static gboolean netxray_dump_2_0(wtap_dumper *wdh,
static gboolean netxray_dump_finish_2_0(wtap_dumper *wdh, int *err,
gchar **err_info);
static int netxray_old_file_type_subtype = -1;
static int netxray_1_0_file_type_subtype = -1;
static int netxray_1_1_file_type_subtype = -1;
static int netxray_2_00x_file_type_subtype = -1;
void register_netxray(void);
wtap_open_return_val
netxray_open(wtap *wth, int *err, gchar **err_info)
{
@ -470,7 +477,7 @@ netxray_open(wtap *wth, int *err, gchar **err_info)
if (is_old) {
version_major = 0;
version_minor = 0;
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD;
file_type = netxray_old_file_type_subtype;
} else {
/* It appears that version 1.1 files (as produced by Windows
* Sniffer Pro 2.0.01) have the time stamp in microseconds,
@ -482,27 +489,27 @@ netxray_open(wtap *wth, int *err, gchar **err_info)
if (memcmp(hdr.version, vers_1_0, sizeof vers_1_0) == 0) {
version_major = 1;
version_minor = 0;
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0;
file_type = netxray_1_0_file_type_subtype;
} else if (memcmp(hdr.version, vers_1_1, sizeof vers_1_1) == 0) {
version_major = 1;
version_minor = 1;
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1;
file_type = netxray_1_1_file_type_subtype;
} else if (memcmp(hdr.version, vers_2_000, sizeof vers_2_000) == 0) {
version_major = 2;
version_minor = 0;
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
file_type = netxray_2_00x_file_type_subtype;
} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0) {
version_major = 2;
version_minor = 1;
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
file_type = netxray_2_00x_file_type_subtype;
} else if (memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
version_major = 2;
version_minor = 2;
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
file_type = netxray_2_00x_file_type_subtype;
} else if (memcmp(hdr.version, vers_2_003, sizeof vers_2_003) == 0) {
version_major = 2;
version_minor = 3;
file_type = WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x;
file_type = netxray_2_00x_file_type_subtype;
} else {
*err = WTAP_ERR_UNSUPPORTED;
*err_info = g_strdup_printf("netxray: version \"%.8s\" unsupported", hdr.version);
@ -551,30 +558,37 @@ netxray_open(wtap *wth, int *err, gchar **err_info)
*/
start_timestamp = (double)pletoh32(&hdr.timelo)
+ (double)pletoh32(&hdr.timehi)*4294967296.0;
switch (file_type) {
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD:
if (is_old) {
ticks_per_sec = 1000.0;
wth->file_tsprec = WTAP_TSPREC_MSEC;
break;
} else if (version_major == 1) {
switch (version_minor) {
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0:
ticks_per_sec = 1000.0;
wth->file_tsprec = WTAP_TSPREC_MSEC;
break;
case 0:
ticks_per_sec = 1000.0;
wth->file_tsprec = WTAP_TSPREC_MSEC;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1:
/*
* In version 1.1 files (as produced by Windows Sniffer
* Pro 2.0.01), the time stamp is in microseconds,
* rather than the milliseconds time stamps in NetXRay
* and older versions of Windows Sniffer.
*/
ticks_per_sec = 1000000.0;
wth->file_tsprec = WTAP_TSPREC_USEC;
break;
case 1:
/*
* In version 1.1 files (as produced by Windows
* Sniffer Pro 2.0.01), the time stamp is in
* microseconds, rather than the milliseconds
* time stamps in NetXRay and older versions
* of Windows Sniffer.
*/
ticks_per_sec = 1000000.0;
wth->file_tsprec = WTAP_TSPREC_USEC;
break;
case WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x:
default:
/* "Can't happen" - we rejected that above */
*err = WTAP_ERR_INTERNAL;
*err_info = g_strdup_printf("netxray: version %d.%d somehow didn't get rejected",
version_major, version_minor);
return WTAP_OPEN_ERROR;
}
} else if (version_major == 2) {
/*
* Get the time stamp units from the appropriate TpS
* table or from the file header.
@ -731,11 +745,12 @@ netxray_open(wtap *wth, int *err, gchar **err_info)
wth->file_tsprec = WTAP_TSPREC_NSEC;
else
wth->file_tsprec = WTAP_TSPREC_USEC;
break;
default:
g_assert_not_reached();
ticks_per_sec = 0.0;
} else {
/* "Can't happen" - we rejected that above */
*err = WTAP_ERR_INTERNAL;
*err_info = g_strdup_printf("netxray: version %d.%d somehow didn't get rejected",
version_major, version_minor);
return WTAP_OPEN_ERROR;
}
start_timestamp = start_timestamp/ticks_per_sec;
@ -2080,6 +2095,46 @@ netxray_dump_finish_2_0(wtap_dumper *wdh, int *err, gchar **err_info _U_)
return TRUE;
}
static const struct file_type_subtype_info netxray_old_info = {
"Cinco Networks NetXRay 1.x", "netxray1", "cap", NULL,
TRUE, FALSE, 0,
NULL, NULL, NULL
};
static const struct file_type_subtype_info netxray_1_0_info = {
"Cinco Networks NetXRay 2.0 or later", "netxray2", "cap", NULL,
TRUE, FALSE, 0,
NULL, NULL, NULL
};
static const struct file_type_subtype_info netxray_1_1_info = {
"NetXray, Sniffer (Windows) 1.1", "ngwsniffer_1_1", "cap", NULL,
TRUE, FALSE, 0,
netxray_dump_can_write_encap_1_1, netxray_dump_open_1_1, NULL
};
static const struct file_type_subtype_info netxray_2_00x_info = {
"Sniffer (Windows) 2.00x", "ngwsniffer_2_0", "cap", "caz",
TRUE, FALSE, 0,
netxray_dump_can_write_encap_2_0, netxray_dump_open_2_0, NULL
};
void register_netxray(void)
{
netxray_old_file_type_subtype =
wtap_register_file_type_subtypes(&netxray_old_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
netxray_1_0_file_type_subtype =
wtap_register_file_type_subtypes(&netxray_1_0_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
netxray_1_1_file_type_subtype =
wtap_register_file_type_subtypes(&netxray_1_1_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
netxray_2_00x_file_type_subtype =
wtap_register_file_type_subtypes(&netxray_2_00x_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

4
wiretap/netxray.h
View File

@ -13,9 +13,5 @@
#include "wtap.h"
wtap_open_return_val netxray_open(wtap *wth, int *err, gchar **err_info);
int netxray_dump_can_write_encap_1_1(int encap);
gboolean netxray_dump_open_1_1(wtap_dumper *wdh, int *err, gchar **err_info);
int netxray_dump_can_write_encap_2_0(int encap);
gboolean netxray_dump_open_2_0(wtap_dumper *wdh, int *err, gchar **err_info);
#endif

76
wiretap/ngsniffer.c
View File

@ -464,6 +464,7 @@ typedef struct {
typedef struct {
guint maj_vers;
guint min_vers;
gboolean is_compressed;
guint32 timeunit;
time_t start;
guint network; /* network type */
@ -530,6 +531,11 @@ static gboolean ng_skip_bytes_seq(wtap *wth, unsigned int count, int *err,
static gboolean ng_file_seek_rand(wtap *wth, gint64 offset, int *err,
gchar **err_info);
static int ngsniffer_uncompressed_file_type_subtype = -1;
static int ngsniffer_compressed_file_type_subtype = -1;
void register_ngsniffer(void);
wtap_open_return_val
ngsniffer_open(wtap *wth, int *err, gchar **err_info)
{
@ -609,13 +615,6 @@ ngsniffer_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
}
/* compressed or uncompressed Sniffer file? */
if (version.format != 1) {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_COMPRESSED;
} else {
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED;
}
/* Set encap type before reading header records because the
* header record may change encap type.
*/
@ -693,6 +692,16 @@ ngsniffer_open(wtap *wth, int *err, gchar **err_info)
/* This is a ngsniffer file */
ngsniffer = g_new(ngsniffer_t, 1);
wth->priv = (void *)ngsniffer;
/* compressed or uncompressed Sniffer file? */
if (version.format != 1) {
wth->file_type_subtype = ngsniffer_compressed_file_type_subtype;
ngsniffer->is_compressed = TRUE;
} else {
wth->file_type_subtype = ngsniffer_uncompressed_file_type_subtype;
ngsniffer->is_compressed = FALSE;
}
ngsniffer->maj_vers = maj_vers;
ngsniffer->min_vers = pletoh16(&version.min_vers);
@ -2005,7 +2014,7 @@ static const int wtap_encap[] = {
/* Returns 0 if we could write the specified encapsulation type,
an error indication otherwise. */
int
static int
ngsniffer_dump_can_write_encap(int encap)
{
/* Per-packet encapsulations aren't supported. */
@ -2020,7 +2029,7 @@ ngsniffer_dump_can_write_encap(int encap)
/* Returns TRUE on success, FALSE on failure; sets "*err" to an error code on
failure */
gboolean
static gboolean
ngsniffer_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
ngsniffer_dump_t *ngsniffer;
@ -2462,7 +2471,8 @@ ng_read_bytes_or_eof(wtap *wth, void *buffer, unsigned int nbytes, gboolean is_r
comp_stream = &ngsniffer->seq;
}
if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED) {
if (!ngsniffer->is_compressed) {
/* Uncompressed - just read bytes */
if (!wtap_read_bytes_or_eof(infile, buffer, nbytes, err, err_info))
return FALSE;
comp_stream->uncomp_offset += nbytes;
@ -2470,7 +2480,11 @@ ng_read_bytes_or_eof(wtap *wth, void *buffer, unsigned int nbytes, gboolean is_r
return TRUE;
}
/* Allocate the stream buffer if it hasn't already been allocated. */
/*
* Compressed.
*
* Allocate the stream buffer if it hasn't already been allocated.
*/
if (comp_stream->buf == NULL) {
comp_stream->buf = (unsigned char *)g_malloc(OUTBUF_SIZE);
@ -2634,12 +2648,17 @@ ng_skip_bytes_seq(wtap *wth, unsigned int count, int *err, gchar **err_info)
ngsniffer = (ngsniffer_t *)wth->priv;
if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED) {
if (!ngsniffer->is_compressed) {
/* Uncompressed - just read forward and discard data */
ngsniffer->seq.uncomp_offset += count;
return wtap_read_bytes(wth->fh, NULL, count, err, err_info);
}
/* Ok, now read and discard "count" bytes. */
/*
* Compressed.
*
* Now read and discard "count" bytes.
*/
buf = (char *)g_malloc(INBUF_SIZE);
while (count != 0) {
if (count > INBUF_SIZE)
@ -2677,12 +2696,19 @@ ng_file_seek_rand(wtap *wth, gint64 offset, int *err, gchar **err_info)
ngsniffer = (ngsniffer_t *)wth->priv;
if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED) {
if (!ngsniffer->is_compressed) {
/* Uncompressed - just seek. */
if (file_seek(wth->random_fh, offset, SEEK_SET, err) == -1)
return FALSE;
return TRUE;
}
/*
* Compressed.
*
* How many *uncompressed* should we move forward or
* backward?
*/
delta = offset - ngsniffer->rand.uncomp_offset;
/* Is the place to which we're seeking within the current buffer, or
@ -2816,6 +2842,28 @@ ng_file_seek_rand(wtap *wth, gint64 offset, int *err, gchar **err_info)
return TRUE;
}
static const struct file_type_subtype_info ngsniffer_uncompressed_info = {
"Sniffer (DOS)", "ngsniffer", "cap", "enc;trc;fdc;syc",
FALSE, FALSE, 0,
ngsniffer_dump_can_write_encap, ngsniffer_dump_open, NULL
};
static const struct file_type_subtype_info ngsniffer_compressed_info = {
"Sniffer (DOS), compressed", "ngsniffer_comp", "cap", "enc;trc;fdc;syc",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_ngsniffer(void)
{
ngsniffer_uncompressed_file_type_subtype =
wtap_register_file_type_subtypes(&ngsniffer_uncompressed_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
ngsniffer_compressed_file_type_subtype =
wtap_register_file_type_subtypes(&ngsniffer_compressed_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

2
wiretap/ngsniffer.h
View File

@ -13,7 +13,5 @@
#include "wtap.h"
wtap_open_return_val ngsniffer_open(wtap *wth, int *err, gchar **err_info);
gboolean ngsniffer_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int ngsniffer_dump_can_write_encap(int encap);
#endif

19
wiretap/packetlogger.c
View File

@ -66,6 +66,10 @@ static gboolean packetlogger_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err,
gchar **err_info);
static int packetlogger_file_type_subtype = -1;
void register_packetlogger(void);
/*
* Number of packets to try reading.
*/
@ -199,7 +203,7 @@ wtap_open_return_val packetlogger_open(wtap *wth, int *err, gchar **err_info)
wth->subtype_read = packetlogger_read;
wth->subtype_seek_read = packetlogger_seek_read;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PACKETLOGGER;
wth->file_type_subtype = packetlogger_file_type_subtype;
wth->file_encap = WTAP_ENCAP_PACKETLOGGER;
wth->file_tsprec = WTAP_TSPREC_USEC;
@ -373,6 +377,19 @@ packetlogger_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
return wtap_read_packet_bytes(fh, buf, rec->rec_header.packet_header.caplen, err, err_info);
}
static const struct file_type_subtype_info packetlogger_info = {
"macOS PacketLogger", "pklg", "pklg", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_packetlogger(void)
{
packetlogger_file_type_subtype =
wtap_register_file_type_subtypes(&packetlogger_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

31
wiretap/peekclassic.c
View File

@ -151,6 +151,11 @@ static gboolean peekclassic_seek_read_v56(wtap *wth, gint64 seek_off,
static gboolean peekclassic_read_packet_v56(wtap *wth, FILE_T fh,
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
static int peekclassic_v56_file_type_subtype = -1;
static int peekclassic_v7_file_type_subtype = -1;
void register_peekclassic(void);
wtap_open_return_val peekclassic_open(wtap *wth, int *err, gchar **err_info)
{
peekclassic_header_t ep_hdr;
@ -324,13 +329,13 @@ wtap_open_return_val peekclassic_open(wtap *wth, int *err, gchar **err_info)
case 5:
case 6:
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V56;
wth->file_type_subtype = peekclassic_v56_file_type_subtype;
wth->subtype_read = peekclassic_read_v56;
wth->subtype_seek_read = peekclassic_seek_read_v56;
break;
case 7:
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V7;
wth->file_type_subtype = peekclassic_v7_file_type_subtype;
wth->subtype_read = peekclassic_read_v7;
wth->subtype_seek_read = peekclassic_seek_read_v7;
break;
@ -657,6 +662,28 @@ static gboolean peekclassic_read_packet_v56(wtap *wth, FILE_T fh,
return wtap_read_packet_bytes(fh, buf, sliceLength, err, err_info);
}
static const struct file_type_subtype_info peekclassic_v56_info = {
"Savvius classic (V5 and V6)", "peekclassic56", "pkt", "tpc;apc;wpz",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
static const struct file_type_subtype_info peekclassic_v7_info = {
"Savvius classic (V7)", "peekclassic7", "pkt", "tpc;apc;wpz",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_peekclassic(void)
{
peekclassic_v56_file_type_subtype =
wtap_register_file_type_subtypes(&peekclassic_v56_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
peekclassic_v7_file_type_subtype =
wtap_register_file_type_subtypes(&peekclassic_v7_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/peektagged.c
View File

@ -158,6 +158,10 @@ static gboolean peektagged_read(wtap *wth, wtap_rec *rec, Buffer *buf,
static gboolean peektagged_seek_read(wtap *wth, gint64 seek_off,
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
static int peektagged_file_type_subtype = -1;
void register_peektagged(void);
static int wtap_file_read_pattern (wtap *wth, const char *pattern, int *err,
gchar **err_info)
{
@ -371,7 +375,7 @@ wtap_open_return_val peektagged_open(wtap *wth, int *err, gchar **err_info)
*/
file_encap = peektagged_encap[mediaSubType];
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PEEKTAGGED;
wth->file_type_subtype = peektagged_file_type_subtype;
wth->file_encap = file_encap;
wth->subtype_read = peektagged_read;
wth->subtype_seek_read = peektagged_seek_read;
@ -881,6 +885,18 @@ peektagged_seek_read(wtap *wth, gint64 seek_off,
return TRUE;
}
static const struct file_type_subtype_info peektagged_info = {
"Savvius tagged", "peektagged", "pkt", "tpc;apc;wpz",
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_peektagged(void)
{
peektagged_file_type_subtype = wtap_register_file_type_subtypes(&peektagged_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/pppdump.c
View File

@ -88,6 +88,10 @@ static gboolean pppdump_read(wtap *wth, wtap_rec *rec, Buffer *buf,
static gboolean pppdump_seek_read(wtap *wth, gint64 seek_off,
wtap_rec *rec, Buffer *buf, int *err, gchar **err_info);
static int pppdump_file_type_subtype = -1;
void register_pppdump(void);
/*
* Information saved about a packet, during the initial sequential pass
* through the file, to allow us to later re-read it when randomly
@ -278,7 +282,7 @@ pppdump_open(wtap *wth, int *err, gchar **err_info)
state->offset = 5;
wth->file_encap = WTAP_ENCAP_PPP_WITH_PHDR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_PPPDUMP;
wth->file_type_subtype = pppdump_file_type_subtype;
wth->snapshot_length = PPPD_BUF_SIZE; /* just guessing */
wth->subtype_read = pppdump_read;
@ -792,6 +796,19 @@ pppdump_close(wtap *wth)
}
}
static const struct file_type_subtype_info pppdump_info = {
"pppd log (pppdump format)", "pppd", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_pppdump(void)
{
pppdump_file_type_subtype =
wtap_register_file_type_subtypes(&pppdump_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/radcom.c
View File

@ -78,6 +78,10 @@ static gboolean radcom_seek_read(wtap *wth, gint64 seek_off,
static gboolean radcom_read_rec(wtap *wth, FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info);
static int radcom_file_type_subtype = -1;
void register_radcom(void);
wtap_open_return_val radcom_open(wtap *wth, int *err, gchar **err_info)
{
guint8 r_magic[8], t_magic[11], search_encap[7];
@ -172,7 +176,7 @@ wtap_open_return_val radcom_open(wtap *wth, int *err, gchar **err_info)
}
/* This is a radcom file */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_RADCOM;
wth->file_type_subtype = radcom_file_type_subtype;
wth->subtype_read = radcom_read;
wth->subtype_seek_read = radcom_seek_read;
wth->snapshot_length = 0; /* not available in header, only in frame */
@ -368,6 +372,19 @@ radcom_read_rec(wtap *wth, FILE_T fh, wtap_rec *rec, Buffer *buf,
return TRUE;
}
static const struct file_type_subtype_info radcom_info = {
"RADCOM WAN/LAN analyzer", "radcom", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_radcom(void)
{
radcom_file_type_subtype =
wtap_register_file_type_subtypes(&radcom_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/rfc7468.c
View File

@ -24,6 +24,10 @@
terminator. */
#define MAX_LINE_LENGTH (128 + 2)
static int rfc7468_file_type_subtype = -1;
void register_rfc7468(void);
static char *read_complete_text_line(char line[MAX_LINE_LENGTH], FILE_T fh, int *err, gchar **err_info)
{
char *line_end;
@ -83,7 +87,7 @@ wtap_open_return_val rfc7468_open(wtap *wth, int *err, gchar **err_info)
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_RFC7468;
wth->file_type_subtype = rfc7468_file_type_subtype;
wth->file_encap = WTAP_ENCAP_RFC7468;
wth->snapshot_length = 0;
@ -95,6 +99,18 @@ wtap_open_return_val rfc7468_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info rfc7468_info = {
"RFC 7468 files", "rfc7468", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_rfc7468(void)
{
rfc7468_file_type_subtype = wtap_register_file_type_subtypes(&rfc7468_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/ruby_marshal.c
View File

@ -16,6 +16,10 @@
#include "ruby_marshal.h"
static int ruby_marshal_file_type_subtype = -1;
void register_ruby_marshal(void);
static gboolean is_ruby_marshal(const guint8* filebuf)
{
if (filebuf[0] != RUBY_MARSHAL_MAJOR)
@ -70,7 +74,7 @@ wtap_open_return_val ruby_marshal_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
}
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_RUBY_MARSHAL;
wth->file_type_subtype = ruby_marshal_file_type_subtype;
wth->file_encap = WTAP_ENCAP_RUBY_MARSHAL;
wth->file_tsprec = WTAP_TSPREC_SEC;
wth->subtype_read = wtap_full_file_read;
@ -80,6 +84,18 @@ wtap_open_return_val ruby_marshal_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info ruby_marshal_info = {
"Ruby marshal files", "ruby_marshal", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_ruby_marshal(void)
{
ruby_marshal_file_type_subtype = wtap_register_file_type_subtypes(&ruby_marshal_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

48
wiretap/snoop.c
View File

@ -15,6 +15,10 @@
#include "snoop.h"
/* See RFC 1761 for a description of the "snoop" file format. */
typedef struct {
gboolean is_shomiti;
} snoop_t;
/* Magic number in "snoop" files. */
static const char snoop_magic[] = {
's', 'n', 'o', 'o', 'p', '\0', '\0', '\0'
@ -85,6 +89,11 @@ static gboolean snoop_read_shomiti_wireless_pseudoheader(FILE_T fh,
static gboolean snoop_dump(wtap_dumper *wdh, const wtap_rec *rec,
const guint8 *pd, int *err, gchar **err_info);
static int snoop_file_type_subtype = -1;
static int shomiti_file_type_subtype = -1;
void register_snoop(void);
/*
* See
*
@ -238,6 +247,7 @@ wtap_open_return_val snoop_open(wtap *wth, int *err, gchar **err_info)
#define NUM_SHOMITI_ENCAPS (sizeof shomiti_encap / sizeof shomiti_encap[0])
int file_encap;
gint64 saved_offset;
snoop_t *snoop;
/* Read in the string that should be at the start of a "snoop" file */
if (!wtap_read_bytes(wth->fh, magic, sizeof magic, err, err_info)) {
@ -362,9 +372,6 @@ wtap_open_return_val snoop_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
}
file_encap = shomiti_encap[hdr.network];
/* This is a Shomiti file */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_SHOMITI;
} else if (hdr.network & SNOOP_PRIVATE_BIT) {
if ((hdr.network^SNOOP_PRIVATE_BIT) >= NUM_SNOOP_PRIVATE_ENCAPS
|| snoop_private_encap[hdr.network^SNOOP_PRIVATE_BIT] == WTAP_ENCAP_UNKNOWN) {
@ -374,9 +381,6 @@ wtap_open_return_val snoop_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
}
file_encap = snoop_private_encap[hdr.network^SNOOP_PRIVATE_BIT];
/* This is a snoop file */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_SNOOP;
} else {
if (hdr.network >= NUM_SNOOP_ENCAPS
|| snoop_encap[hdr.network] == WTAP_ENCAP_UNKNOWN) {
@ -386,9 +390,6 @@ wtap_open_return_val snoop_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_ERROR;
}
file_encap = snoop_encap[hdr.network];
/* This is a snoop file */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_SNOOP;
}
/*
@ -396,11 +397,15 @@ wtap_open_return_val snoop_open(wtap *wth, int *err, gchar **err_info)
* records, so we use the same routines to read snoop and
* Shomiti files.
*/
wth->file_type_subtype = is_shomiti ? shomiti_file_type_subtype : snoop_file_type_subtype;
snoop = g_new0(snoop_t, 1);
wth->priv = (void *)snoop;
wth->subtype_read = snoop_read;
wth->subtype_seek_read = snoop_seek_read;
wth->file_encap = file_encap;
wth->snapshot_length = 0; /* not available in header */
wth->file_tsprec = WTAP_TSPREC_USEC;
snoop->is_shomiti = is_shomiti;
/*
* Add an IDB; we don't know how many interfaces were
@ -467,6 +472,7 @@ static int
snoop_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info)
{
snoop_t *snoop = (snoop_t *)wth->priv;
struct snooprec_hdr hdr;
guint32 rec_size;
guint32 packet_size;
@ -547,7 +553,7 @@ snoop_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec,
* this frame; if this is a Shomit file, we assume there
* is. (XXX - or should we treat it a "maybe"?)
*/
if (wth->file_type_subtype == WTAP_FILE_TYPE_SUBTYPE_SHOMITI)
if (snoop->is_shomiti)
rec->rec_header.packet_header.pseudo_header.eth.fcs_len = 4;
else
rec->rec_header.packet_header.pseudo_header.eth.fcs_len = 0;
@ -911,6 +917,28 @@ static gboolean snoop_dump(wtap_dumper *wdh,
return TRUE;
}
static const struct file_type_subtype_info snoop_info = {
"Sun snoop", "snoop", "snoop", "cap",
FALSE, FALSE, 0,
snoop_dump_can_write_encap, snoop_dump_open, NULL
};
static const struct file_type_subtype_info shomiti_info = {
"Shomiti/Finisar Surveyor", "shomiti", "cap", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_snoop(void)
{
snoop_file_type_subtype =
wtap_register_file_type_subtypes(&snoop_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
shomiti_file_type_subtype =
wtap_register_file_type_subtypes(&shomiti_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/stanag4607.c
View File

@ -29,6 +29,10 @@ typedef struct {
#define PKT_HDR_SIZE 32 /* size of a packet header */
#define SEG_HDR_SIZE 5 /* size of a segment header */
static int stanag4607_file_type_subtype = -1;
void register_stanag4607(void);
static gboolean is_valid_id(guint16 version_id)
{
#define VERSION_21 0x3231
@ -181,7 +185,7 @@ wtap_open_return_val stanag4607_open(wtap *wth, int *err, gchar **err_info)
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_STANAG_4607;
wth->file_type_subtype = stanag4607_file_type_subtype;
wth->file_encap = WTAP_ENCAP_STANAG_4607;
wth->snapshot_length = 0; /* not known */
@ -204,6 +208,18 @@ wtap_open_return_val stanag4607_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info stanag4607_info = {
"STANAG 4607 Format", "stanag4607", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_stanag4607(void)
{
stanag4607_file_type_subtype = wtap_register_file_type_subtypes(&stanag4607_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

18
wiretap/tnef.c
View File

@ -14,6 +14,10 @@
#include <wsutil/buffer.h>
#include "tnef.h"
static int tnef_file_type_subtype = -1;
void register_tnef(void);
wtap_open_return_val tnef_open(wtap *wth, int *err, gchar **err_info)
{
guint32 magic;
@ -29,7 +33,7 @@ wtap_open_return_val tnef_open(wtap *wth, int *err, gchar **err_info)
if (file_seek(wth->fh, 0, SEEK_SET, err) == -1)
return WTAP_OPEN_ERROR;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_TNEF;
wth->file_type_subtype = tnef_file_type_subtype;
wth->file_encap = WTAP_ENCAP_TNEF;
wth->snapshot_length = 0;
@ -40,6 +44,18 @@ wtap_open_return_val tnef_open(wtap *wth, int *err, gchar **err_info)
return WTAP_OPEN_MINE;
}
static const struct file_type_subtype_info tnef_info = {
"Transport-Neutral Encapsulation Format", "tnef", NULL, NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_tnef(void)
{
tnef_file_type_subtype = wtap_register_file_type_subtypes(&tnef_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

19
wiretap/toshiba.c
View File

@ -95,6 +95,10 @@ static gboolean parse_single_hex_dump_line(char* rec, guint8 *buf,
static gboolean parse_toshiba_packet(FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info);
static int toshiba_file_type_subtype = -1;
void register_toshiba(void);
/* Seeks to the beginning of the next packet, and returns the
byte offset. Returns -1 on failure, and sets "*err" to the error
and "*err_info" to null or an additional error string. */
@ -185,7 +189,7 @@ wtap_open_return_val toshiba_open(wtap *wth, int *err, gchar **err_info)
}
wth->file_encap = WTAP_ENCAP_PER_PACKET;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_TOSHIBA;
wth->file_type_subtype = toshiba_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = toshiba_read;
wth->subtype_seek_read = toshiba_seek_read;
@ -425,6 +429,19 @@ parse_single_hex_dump_line(char* rec, guint8 *buf, guint byte_offset) {
return TRUE;
}
static const struct file_type_subtype_info toshiba_info = {
"Toshiba Compact ISDN Router snoop", "toshiba", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_toshiba(void)
{
toshiba_file_type_subtype =
wtap_register_file_type_subtypes(&toshiba_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

22
wiretap/visual.c
View File

@ -157,6 +157,10 @@ static gboolean visual_dump_finish(wtap_dumper *wdh, int *err,
gchar **err_info);
static void visual_dump_free(wtap_dumper *wdh);
static int visual_file_type_subtype = -1;
void register_visual(void);
/* Open a file for reading */
wtap_open_return_val visual_open(wtap *wth, int *err, gchar **err_info)
@ -236,7 +240,7 @@ wtap_open_return_val visual_open(wtap *wth, int *err, gchar **err_info)
}
/* Fill in the wiretap struct with data from the file header */
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_VISUAL_NETWORKS;
wth->file_type_subtype = visual_file_type_subtype;
wth->file_encap = encap;
wth->snapshot_length = pletoh16(&vfile_hdr.max_length);
@ -576,7 +580,7 @@ visual_read_packet(wtap *wth, FILE_T fh, wtap_rec *rec,
/* Check for media types that may be written in Visual file format.
Returns 0 if the specified encapsulation type is supported,
an error indication otherwise. */
int visual_dump_can_write_encap(int encap)
static int visual_dump_can_write_encap(int encap)
{
/* Per-packet encapsulations aren't supported. */
if (encap == WTAP_ENCAP_PER_PACKET)
@ -602,7 +606,7 @@ int visual_dump_can_write_encap(int encap)
/* Open a file for writing.
Returns TRUE on success, FALSE on failure; sets "*err" to an
error code on failure */
gboolean visual_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
static gboolean visual_dump_open(wtap_dumper *wdh, int *err, gchar **err_info _U_)
{
struct visual_write_info *visual;
@ -857,6 +861,18 @@ static void visual_dump_free(wtap_dumper *wdh)
}
}
static const struct file_type_subtype_info visual_info = {
"Visual Networks traffic capture", "visual", NULL, NULL,
TRUE, FALSE, 0,
visual_dump_can_write_encap, visual_dump_open, NULL
};
void register_visual(void)
{
visual_file_type_subtype = wtap_register_file_type_subtypes(&visual_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

2
wiretap/visual.h
View File

@ -19,7 +19,5 @@
#include "ws_symbol_export.h"
wtap_open_return_val visual_open(wtap *wth, int *err, gchar **err_info);
gboolean visual_dump_open(wtap_dumper *wdh, int *err, gchar **err_info);
int visual_dump_can_write_encap(int encap);
#endif

18
wiretap/vms.c
View File

@ -135,6 +135,10 @@ static gboolean parse_single_hex_dump_line(char* rec, guint8 *buf,
static gboolean parse_vms_packet(FILE_T fh, wtap_rec *rec,
Buffer *buf, int *err, gchar **err_info);
static int vms_file_type_subtype = -1;
void register_vms(void);
#ifdef TCPIPTRACE_FRAGMENTS_HAVE_HEADER_LINE
/* Seeks to the beginning of the next packet, and returns the
byte offset. Returns -1 on failure, and sets "*err" to the error
@ -232,7 +236,7 @@ wtap_open_return_val vms_open(wtap *wth, int *err, gchar **err_info)
}
wth->file_encap = WTAP_ENCAP_RAW_IP;
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_VMS;
wth->file_type_subtype = vms_file_type_subtype;
wth->snapshot_length = 0; /* not known */
wth->subtype_read = vms_read;
wth->subtype_seek_read = vms_seek_read;
@ -524,6 +528,18 @@ parse_single_hex_dump_line(char* rec, guint8 *buf, long byte_offset,
return TRUE;
}
static const struct file_type_subtype_info vms_info = {
"TCPIPtrace (VMS)", "tcpiptrace", "txt", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_vms(void)
{
vms_file_type_subtype = wtap_register_file_type_subtypes(&vms_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

29
wiretap/vwr.c
View File

@ -802,6 +802,11 @@ static float get_legacy_rate(guint8);
static float get_ht_rate(guint8, guint16);
static float get_vht_rate(guint8, guint16, guint8);
static int vwr_80211_file_type_subtype = -1;
static int vwr_eth_file_type_subtype = -1;
void register_vwr(void);
/* Open a .vwr file for reading */
/* This does very little, except setting the wiretap header for a VWR file type */
/* and setting the timestamp precision to microseconds. */
@ -836,9 +841,9 @@ wtap_open_return_val vwr_open(wtap *wth, int *err, gchar **err_info)
wth->file_encap = WTAP_ENCAP_IXVERIWAVE;
if (fpgaVer == S2_W_FPGA || fpgaVer == S1_W_FPGA || fpgaVer == S3_W_FPGA)
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_VWR_80211;
wth->file_type_subtype = vwr_80211_file_type_subtype;
else if (fpgaVer == vVW510012_E_FPGA || fpgaVer == vVW510024_E_FPGA)
wth->file_type_subtype = WTAP_FILE_TYPE_SUBTYPE_VWR_ETH;
wth->file_type_subtype = vwr_eth_file_type_subtype;
/*
* Add an IDB; we don't know how many interfaces were
@ -3365,6 +3370,26 @@ vwr_process_rec_data(FILE_T fh, int rec_size,
return ret;
}
static const struct file_type_subtype_info vwr_80211_info = {
"Ixia IxVeriWave .vwr Raw 802.11 Capture", "vwr80211", "vwr", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
static const struct file_type_subtype_info vwr_eth_info = {
"Ixia IxVeriWave .vwr Raw Ethernet Capture", "vwreth", "vwr", NULL,
FALSE, FALSE, 0,
NULL, NULL, NULL
};
void register_vwr(void)
{
vwr_80211_file_type_subtype = wtap_register_file_type_subtypes(&vwr_80211_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
vwr_eth_file_type_subtype = wtap_register_file_type_subtypes(&vwr_eth_info,
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN);
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*

83
wiretap/wtap.h
View File

@ -309,84 +309,11 @@ extern "C" {
#define WTAP_FILE_TYPE_SUBTYPE_PCAP_NOKIA 6
#define WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990417 7
#define WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990915 8
#define WTAP_FILE_TYPE_SUBTYPE_5VIEWS 9
#define WTAP_FILE_TYPE_SUBTYPE_IPTRACE_1_0 10
#define WTAP_FILE_TYPE_SUBTYPE_IPTRACE_2_0 11
#define WTAP_FILE_TYPE_SUBTYPE_BER 12
#define WTAP_FILE_TYPE_SUBTYPE_HCIDUMP 13
#define WTAP_FILE_TYPE_SUBTYPE_CATAPULT_DCT2000 14
#define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD 15
#define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0 16
#define WTAP_FILE_TYPE_SUBTYPE_COSINE 17
#define WTAP_FILE_TYPE_SUBTYPE_CSIDS 18
#define WTAP_FILE_TYPE_SUBTYPE_DBS_ETHERWATCH 19
#define WTAP_FILE_TYPE_SUBTYPE_ERF 20
#define WTAP_FILE_TYPE_SUBTYPE_EYESDN 21
#define WTAP_FILE_TYPE_SUBTYPE_NETTL 22
#define WTAP_FILE_TYPE_SUBTYPE_ISERIES 23
#define WTAP_FILE_TYPE_SUBTYPE_ISERIES_UNICODE 24
#define WTAP_FILE_TYPE_SUBTYPE_I4BTRACE 25
#define WTAP_FILE_TYPE_SUBTYPE_ASCEND 26
#define WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x 27
#define WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x 28
#define WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED 29
#define WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_COMPRESSED 30
#define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1 31
#define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x 32
#define WTAP_FILE_TYPE_SUBTYPE_NETWORK_INSTRUMENTS 33
#define WTAP_FILE_TYPE_SUBTYPE_LANALYZER 34
#define WTAP_FILE_TYPE_SUBTYPE_PPPDUMP 35
#define WTAP_FILE_TYPE_SUBTYPE_RADCOM 36
#define WTAP_FILE_TYPE_SUBTYPE_SNOOP 37
#define WTAP_FILE_TYPE_SUBTYPE_SHOMITI 38
#define WTAP_FILE_TYPE_SUBTYPE_VMS 39
#define WTAP_FILE_TYPE_SUBTYPE_K12 40
#define WTAP_FILE_TYPE_SUBTYPE_TOSHIBA 41
#define WTAP_FILE_TYPE_SUBTYPE_VISUAL_NETWORKS 42
#define WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V56 43
#define WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V7 44
#define WTAP_FILE_TYPE_SUBTYPE_PEEKTAGGED 45
#define WTAP_FILE_TYPE_SUBTYPE_MPEG 46
#define WTAP_FILE_TYPE_SUBTYPE_K12TEXT 47
#define WTAP_FILE_TYPE_SUBTYPE_NETSCREEN 48
#define WTAP_FILE_TYPE_SUBTYPE_COMMVIEW 49
#define WTAP_FILE_TYPE_SUBTYPE_BTSNOOP 50
#define WTAP_FILE_TYPE_SUBTYPE_TNEF 51
#define WTAP_FILE_TYPE_SUBTYPE_DCT3TRACE 52
#define WTAP_FILE_TYPE_SUBTYPE_PACKETLOGGER 53
#define WTAP_FILE_TYPE_SUBTYPE_DAINTREE_SNA 54
#define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0 55
#define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0 56
#define WTAP_FILE_TYPE_SUBTYPE_JPEG_JFIF 57 /* obsoleted by WTAP_FILE_TYPE_SUBTYPE_MIME */
#define WTAP_FILE_TYPE_SUBTYPE_IPFIX 58
#define WTAP_FILE_TYPE_SUBTYPE_MIME 59
#define WTAP_FILE_TYPE_SUBTYPE_AETHRA 60
#define WTAP_FILE_TYPE_SUBTYPE_MPEG_2_TS 61
#define WTAP_FILE_TYPE_SUBTYPE_VWR_80211 62
#define WTAP_FILE_TYPE_SUBTYPE_VWR_ETH 63
#define WTAP_FILE_TYPE_SUBTYPE_CAMINS 64
#define WTAP_FILE_TYPE_SUBTYPE_STANAG_4607 65
#define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0 66
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT 67
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_BRIEF 68
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_PROCESS 69
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TAG 70
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREAD 71
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TIME 72
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREADTIME 73
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG 74
#define WTAP_FILE_TYPE_SUBTYPE_COLASOFT_CAPSA 75
#define WTAP_FILE_TYPE_SUBTYPE_COLASOFT_PACKET_BUILDER 76
#define WTAP_FILE_TYPE_SUBTYPE_JSON 77
#define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 78
#define WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 79
#define WTAP_FILE_TYPE_SUBTYPE_MPLOG 80
#define WTAP_FILE_TYPE_SUBTYPE_DPA400 81
#define WTAP_FILE_TYPE_SUBTYPE_RFC7468 82
#define WTAP_FILE_TYPE_SUBTYPE_RUBY_MARSHAL 83
#define WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL 84
#define WTAP_FILE_TYPE_SUBTYPE_LOG_3GPP 85
#define WTAP_FILE_TYPE_SUBTYPE_MP4 86
#define WTAP_FILE_TYPE_SUBTYPE_IPTRACE_1_0 9
#define WTAP_FILE_TYPE_SUBTYPE_IPTRACE_2_0 10
#define WTAP_FILE_TYPE_SUBTYPE_BER 11
#define WTAP_FILE_TYPE_SUBTYPE_ERF 12
#define WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL 13
#define WTAP_NUM_FILE_TYPES_SUBTYPES wtap_get_num_file_types_subtypes()