implemented wtap_dump_file_seek() and _tell()
implemented the previously declared but unimplemented wtap_dump_file_seek() and wtap_dump_file_tell() functions and used them in the seven files that had previously used a plain ftell or fseek and added error checking as appropriate. I also added a new error WTAP_ERR_CANT_SEEK_COMPRESSED and put it next to WTAP_ERR_CANT_SEEK causing renumbering of two of the existing error codes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48348
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
Set the subtype_read and subtype_seek_read routines for the file type,
rather than having a common read routine that checks the file type each
time.
Make the macros used in the read and seek-read routines more similar,
and use them more similarly in both.
svn path=/trunk/; revision=45706
the macros.
Note why we don't pull the time setting operations into the macros (it's
because that would mean the macros can't be used in the seek-read
routines, as calculating time stamps requires accumulating the time
stamps in a sequential pass through the packets, given that the records
have time stamps relative to the previous packet).
Fix what is probably a typo in the definitions of some macros (which
happen to work without the fix because "fp" and "pp" are both local
variable names as well as macro arguments).
svn path=/trunk/; revision=45705
us to avoid one redefinition of those macros that, in the one
definition, for the read routines, refer to the pseudo-header as
wth->phdr.pseudo_header and, in the next definition, for the seek-read
routine, refer to it as *pseudo_header - instead, we pass &wth->phdr in
the read routine and phdr in the seek-read routine.
svn path=/trunk/; revision=45704
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
Fix an out-of-array-bounds warning from OpenBSD's compiler. (Note: this is
actually a false positive since adequate memory is allocated.)
From me: some additional code simplification.
svn path=/trunk/; revision=40680
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
we can cast not-necessarily-aligned pointers to pointers to those
structures without risk of compiler warnings *or* the underlying problem
the compiler's trying to warn us about (no, you can't always dereference
an unaligned pointer - SPARC traps, and at least some ARM processors may
do something other than what you want, for example).
This also caught some cases where we were not even properly
byte-swapping on big-endian platforms.
This also lets us not muck around with splitting 64-bit times into two
32-bit fields - we have pletohll(), after all.
svn path=/trunk/; revision=36787
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
wtap_dump_file_write(). Replace various wrappers around fwrite() with
wtap_dump_file_write(), or at least make the wrappers call
wtap_dump_file_write().
svn path=/trunk/; revision=33116
wtap-int.h, and change the unions of pointers to those private data
structures into just void *'s.
Have the generic wtap close routine free up the private data, rather
than the type-specific close routine, just as the wtap_dumper close
routine does for its private data. Get rid of close routines that don't
do anything any more.
svn path=/trunk/; revision=32015
"... a patch to make the netscaler wiretap code independent of the
host system endian-ness.
I have taken care of (1) reading and writing nstrace files (netscaler.c) and
(2) reading in dissector code (packet-nstrace.c) also."
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3540#c26
svn path=/trunk/; revision=31171
to have been set. Do not set it to something g_mallocated in that case,
as that will cause a memory leak - the error string will not be freed by
the caller, as it's presumed not to have been set.
svn path=/trunk/; revision=31001
Anders Broman