Bug: 14195
Change-Id: Ic6be8e1f8169968c48376984c0d1a1a69c67f32a
Reviewed-on: https://code.wireshark.org/review/24415
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "internal" port type has been serialized by export PDU functionality
and nettrace_3gpp_32_423 wiretap. To better support "endpoint" functionality
the port types will be removed/updated and that changes the implicit values
from the port_type enum.
Take a snapshot of the current port_type values and use those specific values
when reading/writing export PDU data and provide conversion functions that can
be modified when port_types are removed. Do the same for nettrace_3gpp_32_423
wiretap.
Change-Id: I770bd0cab22e84f3cf49032fc86c5927bf85263f
Reviewed-on: https://code.wireshark.org/review/24169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.
Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's been broken for over a year, needs to be modernized and as
implemented it's a maintenance nightmare. Get rid of it.
Ping-Bug: 13036
Change-Id: I34a6e4c28b6d3b96dd6550dd21e9cbeaf050d58f
Reviewed-on: https://code.wireshark.org/review/23967
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Autotools has the very useful feature by design of allowing the user
to override the default build flags (you break it you keep it).
Apparently CMake applies COMPILE_OPTIONS target property after
CMAKE_{C,CXX}_FLAGS so that doesn't work here. Prepend our flags to those
variables instead to make it work then.
Specific target flag overrides can still be added with COMPILER_OPTIONS
(e.g: generated files with -Wno-warning) but this is less effective and
then we're back at the point where this overrides user flags. It's less
of a concern though.
Change-Id: I44761a79be4289238e02d4e781fef0099628817b
Reviewed-on: https://code.wireshark.org/review/23675
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It's not installed so like most other files it doesn't need or benefit
from the prefix.
Change-Id: I01517e06f12b3101fee21b68cba3bc6842bbef5c
Reviewed-on: https://code.wireshark.org/review/23751
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Add a CMake target that dumps the help output for our command line tools
to individual files. Include those files in the tools appendix instead
of pasting them in manually.
Fixup the output of some tools so that they pass the pre-commit checks.
Change-Id: I925f24818422a190927a96531c21f4d16d3fe5b5
Reviewed-on: https://code.wireshark.org/review/23737
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
NetMon apparently didn't zero out the file header, so those fields have
random values in pre-2.2.
Change-Id: I3aeede6ab273d57ca937a5e18e67223fb4ed18da
Reviewed-on: https://code.wireshark.org/review/23666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
IXIA^WKeysight Technologies's vitual IxNetwork version 8.30 will
create capture files in a modified format: It uses a different magic
and adds the total size of all records, i.e. the filesize minus the
headersize. Add support for this.
v2: Different file types use different magic numbers.
Not yet tested/supported: The default fileending is .lcap
Bug: 14073
Change-Id: Ida90b188ca66a78ff22dca237e4fd6b22e02dc14
Reviewed-on: https://code.wireshark.org/review/23614
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we're not going to subtract 4 from actual_octets, there's no reason
to treat actual_octets < 4 as an error.
This makes the "subtract 4 octets of crap" code similar in all cases,
hopefully further reducing the opacity of the code.
Change-Id: I41cda101b321422ce5fd4474fb6903bfe471cb63
Reviewed-on: https://code.wireshark.org/review/23534
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(In the hope of making the code slightly less opaque.)
Change-Id: Ic635eedac4eb9fb764b3633c9003608b9b4ae3df
Reviewed-on: https://code.wireshark.org/review/23533
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Be consistent in the treatment of those 4 octets.
Change-Id: If35c94bd299c3e7ec76306daf325d5aa5e3a19b9
Reviewed-on: https://code.wireshark.org/review/23530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There may be some amount of bogosity involved but initialize the
variables and add a default case to prevent the noise and the build
from breaking with -Werror.
Change-Id: I20432ea74a1e5edc28be75a97077c9aa7bc87a35
Reviewed-on: https://code.wireshark.org/review/23426
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
It's just a WTAP_ENCAP_IEEE_802_11
Change-Id: I7369fac06a7d63812bb7ce7b3c16b9fe606f544c
Reviewed-on: https://code.wireshark.org/review/23418
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For a sane plugin build environment. Include config.h as the first
header in the .c file instead.
Fix by moving required compiler attribute macros to a new
"ws_attributes.h" API header.
Change-Id: I34f58a927f68c1a0e59686c14d214825149749e1
Reviewed-on: https://code.wireshark.org/review/23400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Normally a .cap file contains a network type that when masked with 0xFFF
will convert to a pcap LINKTYPE_ value. However, Microsoft Analyzer
used 0xE080-0xE08A for their own purposes within a .cap file.
Add support for the WPFCapture formats and give a "not supported" error
message to the few left unsupported.
Bug: 10556
Change-Id: I321a75ce769fdec75bdc6b595936c25932950a97
Reviewed-on: https://code.wireshark.org/review/23386
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4221
Change-Id: I59aff777c364af1a064e1e99ea9ac6692a4cedfa
Reviewed-on: https://code.wireshark.org/review/23333
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There isn't a place at the moment that uses it, but prepare
that use by parsing out the process info table and placing
it the netmon private data.
Bug: 4224
Ping-Bug: 1184
Change-Id: I6186b3dce0333042357089d8517c8b47b5ff7f70
Reviewed-on: https://code.wireshark.org/review/23316
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The NetMon wiretap reads the title and description comment fields from a
NetMon file and saves it in the wiretap private structure. Then when
it's time to make a frame, the comment fields are added to a NetMon
pseudoheader with a new WTAP ENCAP type, with the potential for netmon
pseudoheader to contain pseudoheader data from "base" wiretap. Then the
netmon_header dissector displays the comment fields and passes any "base"
wiretap pseudoheader data when calling the wtap_encap dissector table
that the frame dissector normally calls.
Bug: 4225
Change-Id: I8f772bc9494364c98434c78b61eb5a64012ff3b9
Reviewed-on: https://code.wireshark.org/review/23210
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Assigned a WTAP_ENCAP value (WTAP_ENCAP_NETMON_NET_NETEVENT) for the
dissection of Event Tracing records inside a NetworkMonitor file.
Ping-Bug: 6520
Ping-Bug: 6694
Change-Id: Ib100f3779095842e78f9b7741e80258aa866d818
Reviewed-on: https://code.wireshark.org/review/23278
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use this for nordic_ble dissection.
Change-Id: I5323cbd8c244c4e3b645825c60d040e1ae8f3b81
Reviewed-on: https://code.wireshark.org/review/23219
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Undo most of the changes, but turn the return at the end of the default
case into a break.
Change-Id: I022b62a85254ff188f19fd3d7c3fe40b0789b3d2
Reviewed-on: https://code.wireshark.org/review/22695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 74a2ae4aba.
No, that's just Coverity not understanding macros *again*, and thinking a particular expanded instance of a macro is the result of some human being silly rather than of the arguments being such that some computations can be elided at compile time.
Change-Id: I40f2ad8bf018b0df02d90ed0e272505be68dae7e
Reviewed-on: https://code.wireshark.org/review/22693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CIDs 1415436.
Change-Id: I21ada7a308d888b4cbb8557197a2e30bda118f44
Reviewed-on: https://code.wireshark.org/review/22691
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert it to a 4-byte value and byte-swap *that*.
Fixes CID 1415438.
Change-Id: I5cf0b5905f5dd2086c5d8ed6b13b1921bdb69a84
Reviewed-on: https://code.wireshark.org/review/22689
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default case ends with return, so the pointer won't be null by the
time out exit the case statement - either a non-default case is
processed and tag_ptr hasn't been set to null, or the default case is
processed and you return before getting there.
That also means we don't need to set tag_ptr to null in that case.
Fixes CID 1415439.
Change-Id: Id2609c0828561c560820f9cb5e6b5a0ae614aead
Reviewed-on: https://code.wireshark.org/review/22686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The array of headers has MAX_ERF_EHDR entries, and the additional
entries are appended after the first entry, so that leaves room for at
most MAX_ERF_EHDR - 1.
Fixes CID 1415440.
Change-Id: Iaa2c3577bbff429bcc1301e4cfdf1961f067be93
Reviewed-on: https://code.wireshark.org/review/22684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A packet time stamp is an nstime_t, and the seconds part of an nstime_t
is a time_t.
Change-Id: Id2452ceb2f33f43e4a040436d7b3ea1a5c4a0be3
Reviewed-on: https://code.wireshark.org/review/22673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A linktype was recently assigned to Linux vsock in libpcap commit
cfdded36ddcf5d01e1ed9f5d4db596b744a6cda5 ("added DLT_VSOCK for
http://qemu-project.org/Features/VirtioVsock").
The Wireshark vsock dissector can now be automatically applied when
wtap_encap matches the new WTAP_ENCAP_VSOCK constant.
This patch makes Wireshark dissect vsock packet captures without
manually specifying the dissector.
Change-Id: If252071499a61554f624c9ce0ce45a0ccfa88d7a
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22611
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It needed to be done:
https://github.com/shirriff/pup-wireshark
(And, yes, there really *is* a DLT_/LINKTYPE_ for it! The original DLT_
values were ARP hardware types, and 3MB Ethernet was assigned an ARP
hardware type of 2.)
Change-Id: I60d96c28e67854adcb28c7e3579ae5dd1f07df4b
Reviewed-on: https://code.wireshark.org/review/22336
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In change 18a3b0659c, I moved the table
that uses it, but not the actual definition, from libpcap.c to
pcap-common.c; they both should have been moved. Make it so.
Change-Id: I266fce455df3848b873cdfadb12cecdbf9c8d4d3
Reviewed-on: https://code.wireshark.org/review/22216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have them all be "usb-XXX", where XXX indicates the type of header.
Change-Id: I7f1bfea7e264b17c57f94c484d64d1cce91b9b78
Reviewed-on: https://code.wireshark.org/review/22147
Reviewed-by: Guy Harris <guy@alum.mit.edu>