Fix the check for the Interface Statistics Block as well.
Make the check for the Simple Packet BLock similar to the other checks -
at the beginning, set interface_id to 0 and then check interface_id
against the size of the array.
Change-Id: Ib05255fe13eca6292447f365b62ff3094805bd4a
Reviewed-on: https://code.wireshark.org/review/37071
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
*Any* packet block can have an invalid interface ID; that's not just an
error in the first packet block.
For Enhanced Packet Blocks and Packet Blocks, you can have an invalid
interface ID even if you've already seen one or more Interface
Description Blocks; you have to check whether the interface ID is >= the
number of IDBs we've seen.
Change-Id: I33268d224ef3ad928ad9c000027fb6783806b978
Reviewed-on: https://code.wireshark.org/review/37070
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
A valid pcapng file must have an IDB before any EPB/SPB/PB/ISB. So check
our interface count when we parse the first such block of a section, and
add expert info if there are no interfaces.
Discovered during work on Bug #16526.
Ping-Bug: 16526
Change-Id: I23ff452fd163a0e4472e0658a905f85ab85d5e9d
Reviewed-on: https://code.wireshark.org/review/36986
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Simply free RX tvb if there isn't any actual RX payload.
Ping-Bug: 11743
Change-Id: I05b6818cf7889a44730c4d44980947cece65395e
Reviewed-on: https://code.wireshark.org/review/37025
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Filipe Laíns <lains@archlinux.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Don't allocate the GString until we know we'll be using it.
Change-Id: I97e2f897795ada864cbacc3822d39e7348a93ca2
Ping-Bug: 16335
Reviewed-on: https://code.wireshark.org/review/37048
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
/opt/SourceCode/wireshark/epan/dissectors/packet-aoe.c 328 warn V581 The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 323, 328.
/opt/SourceCode/wireshark/epan/dissectors/packet-aprs.c 1148 warn V1037 Two or more case-branches perform the same actions. Check lines: 1148, 1161
/opt/SourceCode/wireshark/epan/dissectors/packet-lsd.c 127 err V547 Expression 'strlen("cookie") == 0' is always false.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 3385 warn V547 Expression 'conversation == NULL' is always true.
/opt/SourceCode/wireshark/epan/dissectors/packet-snort-config.c 465 note V576 Incorrect format. Consider checking the fourth actual argument of the 'g_snprintf' function. Under certain conditions the pointer can be null.
/opt/SourceCode/wireshark/epan/dissectors/packet-snort.c 630 warn V768 The variable 'condition' is of enum type. It is odd that it is used as a variable of a Boolean-type.
/opt/SourceCode/wireshark/epan/dissectors/packet-snort.c 969 warn V547 Expression '!attempt_match' is always false.
Bug: 16335
Change-Id: I93bbc40f0467ebaab74335f6edc7d60e1c600a94
Reviewed-on: https://code.wireshark.org/review/37044
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Don't allocate the cols_hidden GString until we know we need it.
Change-Id: I02966d2820efeb5d61d259a567bf9063d8b519f1
Ping-Bug: 16335
Reviewed-on: https://code.wireshark.org/review/37043
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
While we're at it, fix a return - the return value is a pointer, with
NULL meaning error, not a Boolean, with FALSE meaning error, so return
NULL, not FALSE.
Change-Id: Ie77fe2c6173293a2a202ad29a6c5033e2a401aa7
Ping-Bug: 16335
Reviewed-on: https://code.wireshark.org/review/37033
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
/opt/SourceCode/wireshark/epan/export_object.c 106 err V773 The function was exited without releasing the 'ext_str' pointer. A memory leak is possible.
Bug: 16335
Change-Id: Ic4811dabe2de9f9e7793f276336d2a87665e5791
Reviewed-on: https://code.wireshark.org/review/37027
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
That can just be done at the end of libpcap_open(), rather than in
wtap_open_offline() immediately after the open routine - which, in this
case, would be libpcap_open() - returns. That's cleaner, as it puts
capture-file-type-dependent code in the capture-file-type-specific code.
Note, though, that it's a bit weird for LINKTYPE_ERF files (and it was
equally weird before this change), and that other capture file types
should be doing this as well.
Change-Id: Ida94779a2e1021c81314f82655ec1d0f2f14e960
Reviewed-on: https://code.wireshark.org/review/37022
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
wiretap/erf_record.h has declarations for records in ERF files and in
LINKTYPE_ERF packets in pcap and pcapng files.
wiretap/erf-common.h has declarations of routines to be called by
pcap/pcapng reader code when processing LINKTYPE_ERF packets.
wiretap/erf.h is what's left, for use by wiretap/erf.c and the code with
the tables of file readers and writers.
Change-Id: Ia982e79b14a025a80dcbc7c812fb3b2cdb9c6aaa
Reviewed-on: https://code.wireshark.org/review/37021
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
I guess the "replace" part of "TODO: Replace uses in pcapng and pcap
with erf_read_header() and/or erf_populate_interface_from_header() and
delete." has been done, so we do the "delete" part.
Change-Id: Icd691aa8c3defdd68c306ad9eaf1379a8ba6ec0f
Reviewed-on: https://code.wireshark.org/review/37020
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Stop including glib.h in dissectors, this will come in implicitly with
packet.h including proto.h, an essential include file for dissectors.
While at it, config.h is no longer conditional and stdio.h is usually
not needed either. Some other cleanups too.
Change-Id: I60c12f16d7ef1e6398509293031ffed7460d2c61
Reviewed-on: https://code.wireshark.org/review/36969
Reviewed-by: Orgad Shaneh <orgads@gmail.com>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The time stamps are calculated by sequential processing, not read from a
value in the packet record, so we don't supply them when reading
randomly. Make sure the presence flags are 0 in that case (our callers
currently don't look at time stamps when reading randomly, because
some other file formats also don't supply time stamps for random reads,
but we should make it clean).
Change-Id: I494acc5bdf60e0a1de5cf002c3ea8403afce8a07
Reviewed-on: https://code.wireshark.org/review/37008
Reviewed-by: Guy Harris <gharris@sonic.net>
The time stamps are calculated by sequential processing, not read from a
value in the packet record, so we don't supply them when reading
randomly. Make sure the presence flags are 0 in that case (our callers
currently don't look at time stamps when reading randomly, because
some other file formats also don't supply time stamps for random reads,
but we should make it clean).
Change-Id: Ic035cc7d4eb36f76beefcfd98a389af09365d363
Reviewed-on: https://code.wireshark.org/review/37004
Reviewed-by: Guy Harris <gharris@sonic.net>
Make wtap_file_get_shb() take a section number argument, and update code
that called it. In most cases, we convert the code to iterate over
sections; in cases where a big code change would be required, we
temporarily pass it 0 and mark the code as "needs to be updated for
multiple sections".
Eliminate cf_read_section_comment(); in calls outside file.c, other code
directly calls the libwiretap routines it calls and, inside file.c, we
just transplant the code and then fix it not to assume a single SHB.
Change-Id: I85e94d0a4fc878e9d937088759be04cb004e019b
Reviewed-on: https://code.wireshark.org/review/37000
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Apparently FindPackageHandleStandardArgs uses if(DEFINED ...) to test
VERSION_VAR, for somewhat obscure reasons. If we didn't find a suitable
GLib package we must not define GLIB2_VERSION, otherwise the status
output is confused and just generally wrong.
Change-Id: Iad4012e69a7c641c50d1e399bbfdb51583cb3b40
Reviewed-on: https://code.wireshark.org/review/36990
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The uftp4.complete.reserved field takes up 3 bytes, however the
associated tree item only highlights 2 bytes. Fixed to highlight all 3
bytes.
Change-Id: I720f0829648543aca615d0b539ba996d2cff7216
Reviewed-on: https://code.wireshark.org/review/36995
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This moves us closer to fixing bug 16531; it addresses the second issue
there, as the right snapslen is used for packets in the second section,
so we no longer get errors reading the file.
It still doesn't fix the *names* of the interfaces, and it doesn't - and
*shouldn't* - show the interfaces with different interface numbers, as
the numbers are per-section rather than global.
Change-Id: Ia3aa3309b75a4bcd9f229048ddce6a981b9409b1
Ping-Bug: 16531
Reviewed-on: https://code.wireshark.org/review/36985
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If a personal profile has the same name as a global profile (which
is usually the case if it has been copied without changing the name
afterwards), there was a bug where renaming the profile was no longer
possible.
Bug: 16423
Change-Id: Idafd216d007179a4c6221eafc2ff296d277d5b1d
Reviewed-on: https://code.wireshark.org/review/36902
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Have pcapng_read_block() take two pointers to a section_info_t as
arguments - one for the current section, if any, and one to something to
fill in, as information for the new section, if the block is an SHB.
The first of them is null when we're trying to read the first block;
that serves as an indication that "not an SHB" means "this file isn't a
pcapng file" rather than "this pcapng file is bad".
Change-Id: I1b0a8bfacde982b819e548847bcc9412d30788f3
Reviewed-on: https://code.wireshark.org/review/36984
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Move the byte order - and version - fields out of the per-file pcapng_t
structure and put them in a per-section section_info_t structure that
also contains the file offset of the SHB at the beginning of the
section.
Have a GArray of section_info_t structures pointed to by the pcapng_t
structure; update it as Section Header Blocks are read sequentially,
adding new structures.
In the random read routine, search backwards through the array of
section_info_t structures, looking for the first section where the SHB
is at or before the offset from which we're reading.
Change-Id: Iad06c8d1ff10595707b73f297f073803b5a0c8e5
Ping-Bug: 15707
Reviewed-on: https://code.wireshark.org/review/36981
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
An entire pcapng file is dissected as a unit, so there's only one file;
the "file_number" field counts Section Header Blocks, so it's a section
number, not a file number. Rename it to "section_number".
Change-Id: I3ee477c9aa0ee4cdfa7496935b2be915c31a4644
Reviewed-on: https://code.wireshark.org/review/36977
Reviewed-by: Guy Harris <gharris@sonic.net>
Make the buffers big enough to handle the largest possible time values
you can get with a 64-bit time_t.
Don't cast the seconds value to unsigned long; it's probably signed, and
may not fit in an unsigned long (64-bit on an ILP32 or LLP64 platform),
so cast it to gint64 and print using G_GINT64_MODIFIER followed by "d".
Bug: 16519
Change-Id: I3ab79dfa086d2c4dfb6b93eba8cef3bdce731731
Reviewed-on: https://code.wireshark.org/review/36971
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Provide Doxygen comment blocks for unit string and true false string
helper functions.
Change-Id: I70801561e9cd3ead5e3417ea9d297d828105f3d0
Reviewed-on: https://code.wireshark.org/review/36968
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remember the delegates that we use and free them explicitly
in the destructor.
Change-Id: Iba07c3e9952dc152d94468b6b7c7e2c2a74c1f65
Reviewed-on: https://code.wireshark.org/review/36965
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remember the delegates that we use and free them explicitly
in the destructor.
Change-Id: I79698eb6ee4f565efcb3f02ac6239914c6acf3f5
Reviewed-on: https://code.wireshark.org/review/36964
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only use proto_tree_add_bytes_item() if you
1) are processing a hex string rather than binary byte array;
2) need the raw byte data.
While we're at it, fix the encoding argument in some calls adding
FT_BYTES fields to be ENC_NA, and, for some cases that could use
FT_UINT_BYTES, use proto_tree_add_item_ret_uint() to handle the length
and add a comment about that.
Change-Id: I6a1baca5c7da3001c0a6669f9c251e9773346c8c
Reviewed-on: https://code.wireshark.org/review/36967
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
MSVC falsely reports a '*/' found outside of comment warning
Change-Id: I41366c9760f6b698a1c6a4309cdfa2f9828bb0c2
Reviewed-on: https://code.wireshark.org/review/36961
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
modified the peekremote dissector to support 11ax flag in the extended
flags (one reserved bit set to 1 for ax and 1 for 160mhz). Also added
constants for new data rates MCS 10-11.When the 11ax flag is on,
decoding the phy as 11ax (11ax PHY is a different commit already in the
main code since november 2019)
Bug: 15740
Change-Id: Ida7977cdbbd5c83d2158115d9560c5acc815eab9
Reviewed-on: https://code.wireshark.org/review/36686
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Group them by the data types for which they're used, starting with the
byte-order definitions which (with the inclusion of ENC_NA) are used
with all types.
Put all the ones used for strings together, starting with the character
encodings, with the Zigbee flag and the flags for "this is a string but
we're going to interpret it as a byte array or time stamp".
Make ENC_CHARENCODING_MASK equal to ENC_STR_MASK; no, there's no reason
for ENC_STR_MASK to replace ENC_CHARENCODING_MASK - the opposite should
happen, as ENC_CHARENCODING_MASK at least specifies what the bits set in
it are used for, namely character encodings. If all #defines for
strings should have _STR_ in them, start with the character encoings.
Change-Id: I072420f313086153b4ea4034911fc293453dea00
Reviewed-on: https://code.wireshark.org/review/36962
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Guy Harris