Keep the actual error code and pointer-to-error-string in the scanner
state, rather than pointers to the variables passed in to us.
Initialize them to 0 and NULL, respectively.
That way, when the actual scanner routine returns, we don't check for an
error by looking at the error variable pointed to by our argument, which
might not have been set by the scanner and might have stack junk in it,
we look at a structure member we set to 0 before the scan.
Bug: 12903
Change-Id: I5a382da569a226e60c3c2a47f3a1515b0490c31d
Reviewed-on: https://code.wireshark.org/review/17716
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change the way a line is read in iseries. Instead of reading a string
then convert it with atoi, parse it as an integer and convert it to
nsecs.
Change-Id: Id8e8e9866dbcef3b1612a608f9647bc490263dae
Reviewed-on: https://code.wireshark.org/review/17558
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Mirrors the behavior of wtap_close.
Change-Id: I1a04878fdd0409fa74931737332f9b8a1ae77fb1
Reviewed-on: https://code.wireshark.org/review/17620
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We support reading some types of files that aren't capture files, in
case we have a dissector for that file format (because, for example,
it's often transported over HTTP). Don't include them in the set of
files "All Capture Files" matches; you can still look for them as they
have individual entries in the drop-down menu of file type patterns.
Ultimately, there should be Fileshark/TFileshark programs to read those
files - and other file types, and even capture files if the goal is to
look at the file structure rather than at the packets - and *that's* the
program that should offer the ability to load JPEGs and so on.
(No, this does not reduce the "All Capture Files" list down to a level
that makes the problem in bug 12837 go away. The right way to fix
*that* is to arrange, somehow, that the "All Capture Files" entry not
actually list all the suffixes it matches.)
Change-Id: I705bff5fcd0694c6c6a11892621a195aa7cd0264
Reviewed-on: https://code.wireshark.org/review/17619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have xml_get_int() handle the setting of the two error reporting values
and give a better error message. Have it check to make sure that there
isn't cruft after the digits.
Change-Id: Id590430eb52668ef76de8aa7096a27d8fc094208
Reviewed-on: https://code.wireshark.org/review/17601
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not all uses of atoi() or various strto* routines in Wireshark expect
the string to contain *only* a number, so not all uses should require
that the byte after the number be a '\0'. Have the ws_strto* routines
take a "pointer a pointer set to point to the character after the
number" argument, and have the callers do the appropriate checks of the
character after that.
This fixes the VMS trace reading code so that it can read those files
again.
The get_ routines are handed command-line arguments, so they *do* expect
the string to contain only a number; have them check to make sure the
byte after the number is a '\0'.
Change-Id: I46fc1bea7912b9278e385fe38491a0a2ad60d697
Reviewed-on: https://code.wireshark.org/review/17560
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make pkt_len unsigned.
Improve the error message for ws_strtou32() failure.
Change-Id: I080b4fc132c8e405bc1dbd87fc717c2b337517bc
Reviewed-on: https://code.wireshark.org/review/17547
Reviewed-by: Guy Harris <guy@alum.mit.edu>
pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.
pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).
Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Both of them need to have the CAN ID/flags field of the header
byte-swapped as necessary to make sure it's in the *reading* host's byte
order, not the *writing* host's byte order, if the two are different.
Change-Id: Iac1589fdd9fe4d9ee6fbac8d821b48694d68919b
Reviewed-on: https://code.wireshark.org/review/17333
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Setting our compiler warning flags in CMAKE_C_FLAGS does not allow
using different flags per target.
Allow for that possibility by setting the internal WS_WARNINGS_{C,CXX}_FLAGS
and using the COMPILE_OPTIONS property to set them.
This change is just setting mechanism and there should be no difference
in generated warnings.
The check_X_compiler_flag cmake test is changed to test each flag individually.
We need a list, not a space separated string, and the aggregate test is not
significant.
Change-Id: I59fc5cd7e130c7a5e001c598e3df3e13f83a6a25
Reviewed-on: https://code.wireshark.org/review/17150
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Unfortunately, only one libpcap code path puts the CAN ID in the
SocketCAN header in network byte order; the others leave it in host byte
order. Therefore, a new LINKTYPE_/DLT_ value was introduced, and
libpcap was changed to use that for the cases where the CAN ID is in
host byte order. Support them both.
This means we need to, when reading pcap and pcapng files, fix up the
CAN ID if the host that wrote the file has a different byte order from
ours (as libpcap also now does). This includes Linux "cooked" captures,
which can include CAN packets.
Change-Id: I75ff2d68d1fbdb42753ce85d18f04166f21736dd
Reviewed-on: https://code.wireshark.org/review/17155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we got no bytes of data from a putative packet, the file isn't a
valid Ascend file, regardless of whether the parser failed or not. Just
have parse_ascend() return a Boolean, TRUE if we got a packet and FALSE
if not, and, in the case where we got no data but the parser didn't
fail, provide "no data returned by parse" as the error string.
(We weren't actually distinguishing between them when we called
parse_ascend() - we were treating all non-PARSED_RECORD returns as an
error.)
Change-Id: I85a3e318015258f6a62c8d23ac2f906e28789982
Reviewed-on: https://code.wireshark.org/review/17130
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Expand comments, and merge two separate if checks.
Change-Id: If339ce632ccc91c425ba6db4a32296c3038253ac
Reviewed-on: https://code.wireshark.org/review/17128
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's what we're doing already, but get rid of the variable to which we
assigned the return value.
Change-Id: I55e31664bc26bbfffe4a4ca764c917eefbb9a8f1
Reviewed-on: https://code.wireshark.org/review/17126
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set wirelen to the length from the header, but don't set caplen; start
caplen out as 0 and count it up whenever we add a byte.
Bug: 12754
Change-Id: Ib4e45e947df6077f97a423157c152dac9f57734a
Reviewed-on: https://code.wireshark.org/review/17120
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Adds various clock configuration related tags.
Uses ptp_v2 value strings exported from packet-ptp.
Refactor out common ERF_TYPE_META bitfield code.
Also clean up field registration a bit.
Add flow_hash_mode enum, other minor wording cleanup.
Manually display relative timestamps as nanoseconds for <1ms.
Fix ns_host_* tag subtree summary field name duplication.
Ping-Bug: 12303
Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93
Reviewed-on: https://code.wireshark.org/review/16782
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The old information is copied over from one of the input files; if we
don't have information about the OS on the machine writing the *output*
file, just throw the old information away.
(We need a better way to preserve information from the input files;
perhaps this:
http://www.winpcap.org/pipermail/pcap-ng-format/2016-June/000362.html
might work.)
Change-Id: Ia25771736d267173f2b6949a91e81e217ee7d16f
Reviewed-on: https://code.wireshark.org/review/16730
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1. Create ws_g_warning for legitimate uses of g_warning
2. Use proto_tree_add_debug_text
3. Comment some out
Change-Id: Ida044bf40286b955fdd529c4f9907c8e09b3d7c5
Reviewed-on: https://code.wireshark.org/review/16678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1e6bd722b3f04f171b462fc680ca080bb7ec03c7
Reviewed-on: https://code.wireshark.org/review/16625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
To remove OPT_SHB_HARDWARE, use wtap_block_remove_option().
To get the string value from a GString, use g_string_free(string,
FALSE), not g_string_free(string, TRUE) - the latter will free the
string value and return NULL.
Change-Id: I0c5a9f818543f6752f455f04fb3c024208e23954
Reviewed-on: https://code.wireshark.org/review/16567
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also, rename routines that write out an option write_wtap_XXb_option()
from write_wtap_XXb_block().
Change-Id: I4884a2f5275a5e2e32137b47255fac6995f311ef
Reviewed-on: https://code.wireshark.org/review/16566
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A string option, if present, always has a value; it might be a null
*string*, but you won't get a null pointer (if the option isn't present,
it simply isn't present).
Fix some comments while we're at it.
Change-Id: I9c1420f56998a7d04de5c5cc2e92631b181f303a
Reviewed-on: https://code.wireshark.org/review/16564
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A wtap_block_t always has an array of options, even if it's empty.
Fixes CID 1364135.
Change-Id: Ib1ba791ddcac078ec34def321d63d140c5576037
Reviewed-on: https://code.wireshark.org/review/16535
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not used; currently, everything that accesses instances of a
multiple-instance-allowed option do so in a loop that iterates over
option instances by fetching values of the Nth option until the attempt
to fetch the option fails, making only one pass over the options.
Change-Id: Ife9583a5d246027dbfc133ab58027ef6641d65ef
Reviewed-on: https://code.wireshark.org/review/16534
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That will allow deletion of comments, stripping of options when
sanitizing captures, etc..
Change-Id: I9667ba2ccf4e548ff3b7d500796b260a437bcea0
Reviewed-on: https://code.wireshark.org/review/16485
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The pcapng spec gives option numbers in decimal, not hex.
Get rid of the "XXX if not available" comments - if an option isn't
present in a block, it's not present, and doesn't have *any* value.
Change-Id: I1bf0c9a5aaad7dfadf9248e22b67e172625bdd0d
Reviewed-on: https://code.wireshark.org/review/16480
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Explicitly cst the results of g_memdup().
Change-Id: I20fd1f355e68735d7cc9bbeb41717a1c2a74de37
Reviewed-on: https://code.wireshark.org/review/16477
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, we don't have to worry about multiple instances of an option
pointing to the same data. and having to worry about freeing data that's
pointed to by another instance.
Change-Id: I3470a9eebf346023713fd0d6ff2451d727c25089
Reviewed-on: https://code.wireshark.org/review/16471
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix a typo - compare for unequal snapshot lengths, not equal snapshot
lengths.
Also, move the debug messages about checks right above the checks.
Change-Id: If6f5e125f05f3788b63e9f75d98f55e27830870b
Reviewed-on: https://code.wireshark.org/review/16470
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Cast some numerical values to wtap_block_type_t.
Change-Id: I56651c62045880638175c39174341feffb4b1068
Reviewed-on: https://code.wireshark.org/review/16451
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It gets passed a wtap_block_type_t value, so declare it as such.
Change-Id: I6980cab7e1885c9920b2a75e12f9d2d2a64d6f96
Reviewed-on: https://code.wireshark.org/review/16450
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A block can have zero or more instances of a given option. We
distinguish between "one instance only" options, where a block can have
zero or one instance, and "multiple instances allowed" options, where a
block can have zero or more instances.
For "one instance only" options:
"add" routines add an instance if there isn't one already
and fail if there is;
"set" routines add an instance if there isn't one already
and change the value of the existing instance if there is one;
"set nth" routines fail;
"get" routines return the value of the instance if there is one
and fail if there isn't;
"get nth" routines fail.
For "multiple instances allowed" options:
"add" routines add an instance;
"set" routines fail;
"set nth" routines set the value of the nth instance if there is
one and fail otherwise;
"get" routines fail;
"get nth" routines get the value if the nth instance if there is
one and fail otherwise.
Rename "optionblock" to just "block"; it describes the contents of a
block, including both mandatory items and options.
Add some support for NRB options, including IPv4 and IPv6 option types.
Change-Id: Iad184f668626c3d1498b2ed00c7f1672e4abf52e
Reviewed-on: https://code.wireshark.org/review/16444
Reviewed-by: Guy Harris <guy@alum.mit.edu>
VS Code Analysis claims the arrays are too large and should be moved to help
Change-Id: I741ebe8cc73a108cb6e6d9ecbda37e2a4b6e1b4b
Reviewed-on: https://code.wireshark.org/review/16423
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
VS Code analysis considers them hardcoded values so the if statement is either
always true or always false.
Change-Id: Iabb8462b66f728195bf378ae26c79a783feddb03
Reviewed-on: https://code.wireshark.org/review/16422
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now that nmake build system has been removed they are not needed anymore.
Change-Id: I88075f955bb4349185859c1af4be22e53de5850f
Reviewed-on: https://code.wireshark.org/review/16050
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This aligns the name with what is done for other Wireshark shared libraries.
Moreover it allows to compile a wiretap plugin once per major release, without
the need to recompile it each time ${PROJECT_VERSION} changes (each nightly
build / official release).
Change-Id: I53c82277223a4f323079cf695168ac85c2fba523
Reviewed-on: https://code.wireshark.org/review/16058
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add encap_priv pointer to libpcap_t.
Initialize erf_priv when ENCAP_ERF.
Use erf_populate_interface_from_header() to dynamically create interfaces.
Free encap_priv on pcap_close.
Ping-Bug: 12303
Change-Id: Ieda425ef3e50a124d9c38ee4538aa3644128ce60
Reviewed-on: https://code.wireshark.org/review/15362
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Randpktdump requires the init the wtap opttypes.
Fixed making the init function public and calling it.
Bug: 12539
Change-Id: I02585c41012deacff1526b51ed09ab555cbfc8ce
Reviewed-on: https://code.wireshark.org/review/15951
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Description entry was missing in the list.
Change-Id: Ia8f8bd4608ee6800a352f4979752b5c45c4a5086
Reviewed-on: https://code.wireshark.org/review/15947
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It can be useful for wiretap plugins
Change-Id: Ic56e4357ba3bfcef30d13615efc1361399c3133e
Reviewed-on: https://code.wireshark.org/review/15955
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
And revert to the previous behavior of map_phdr_interface_id(); that
change broke the mergecap tests when it was merging pcap files into a
pcapng file.
Change-Id: I2e079b0e87dce06e98faa9ab7615f9b9b2701b77
Reviewed-on: https://code.wireshark.org/review/15932
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Address of stack memory associated with local variable 'default_filter'
is still referred to by the global variable 'filter_option' upon returning
to the caller. This will be a dangling reference.
Change-Id: I6160a37f05b8aea245b723ec50803e4062886738
Reviewed-on: https://code.wireshark.org/review/14427
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add REC_TYPE_SYSCALL to wiretap and use it for Sysdig events. Call the
Sysdig event dissector from the frame dissector. Create a "syscall"
protocol for system calls, but add "frame" items to it for now.
Add the ability to write Sysdig events. This lets us merge packet
capture and syscall capture files.
Change-Id: I12774ec69c89d8e329b6130c67f29aade4e3d778
Reviewed-on: https://code.wireshark.org/review/15078
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's not "the biggest record we're willing to write", it's "the
biggest record the pcapng format supports, as the record length is a
16-bit field".
Change-Id: Icbd5e0cc4ed8e2a3a0d474245a9b9ed2c999d520
Reviewed-on: https://code.wireshark.org/review/15818
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(cherry picked from commit 09de28933f9a17d4472206e1ac4b7c92001e44f5)
Reviewed-on: https://code.wireshark.org/review/15820
The IPv6 comments gave more details.
Change-Id: I4e4d865feadbabfd625cdf2b2b162b99c4f23efa
Reviewed-on: https://code.wireshark.org/review/15815
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data is not applied anywhere, just stored. The first Section Header block
is still the only one that is used to read a pcapng file.
Change-Id: If9546401101d2fe79b2325bacbd597b92127e86e
Reviewed-on: https://code.wireshark.org/review/15705
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector has always been able to cope with unknown record types so pass them
through (and call the data dissector from the ERF dissector in this case).
Previously was stopping processing on the first unrecognized record which is
very unhelpful for otherwise valid files that have new types mixed in.
Remove ERF type check altogether from open heuristic as ERF type could be past
48 in future and with more extension headers bit any byte value could be valid.
Also allow setting ERF_RECORDS_TO_CHECK to 0 to force skipping the heuristic.
Change-Id: I8331eef30ba2e949564f418b3100bd73b8f58116
Reviewed-on: https://code.wireshark.org/review/15361
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also make it use ws_inet_ntop6() (rather than implementing the string
conversion ourselves).
Remove ip6_to_str_buf_len().
Change-Id: I1eff3a8941e00987c2ff0c4dcfda13476af86191
Reviewed-on: https://code.wireshark.org/review/15692
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Done for performance improvements.
This could probably be done in checkAPIs.pl, but this was just
a quick manual check with grepping.
Change-Id: I91ff102cb528bb00fa2f65489de53890e7e46f2d
Reviewed-on: https://code.wireshark.org/review/15751
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Use it for OPT_COMMENT in the SHB, as there may be ore than one instance
of OPT_COMMENT in an SHB.
Also, use wtap_optionblock_get_option_string for OPT_SHB_HARDWARE,
OPT_SHB_OS, and OPT_SHB_USERAPPL; they're specified as "only one
instance allowed".
Change-Id: I23ad87e41e40b7ae1155e96c0523a6f8caad5204
Reviewed-on: https://code.wireshark.org/review/15750
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't put them in the summary structure; the summary routines should
calculate summary statistics, not dig up every bit of information that
*could* appear in a summary.
Instead, have the GUI code call wtap_file_get_shb() to get the SHB
information and call wtap_optionblock_get_option_string() to fetch the
option values.
Move the option code definitions into wtap_opttypes.h, as they're used
by the API.
Change-Id: Icef11f5fb30fdc3df1bb0208aae9ed0aebaf0182
Reviewed-on: https://code.wireshark.org/review/15748
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This doesn't try to use any data from multiple Name Resolution blocks, it
just converts single Name Resolution block usage into a GArray, so the
potential is there to then use/support multiple Name Resolution blocks
within a file format (like pcapng)
Change-Id: Ib0b584af0bd263f183bd6d31ba18275ab0577d0c
Reviewed-on: https://code.wireshark.org/review/15684
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This doesn't try to use any data from multiple Section Header blocks, it
just converts single Section Header block usage into a GArray, so the
potential is there to then use/support multiple Section Header blocks
within a file format (like pcapng)
Change-Id: I6ad1f7b8daf4b1ad7ba0eb1ecf2e170421505486
Reviewed-on: https://code.wireshark.org/review/15636
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 10203
Change-Id: Ifa24870d711449b87e9839dd46af614e4aa28fde
Reviewed-on: https://code.wireshark.org/review/15608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Register Wireshark for PacketLogger, ERF, IPFIX, and VWR files on
freedesktop.org, OS X, and Windows (we were already registered for ERF and VWR
files on Windows).
Change-Id: I8105997cb15ea06e1c078489fd88763d4ce9e40c
Reviewed-on: https://code.wireshark.org/review/15635
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I666d4f546d9fdc026ccd7fac7750e80df7f9b697
Reviewed-on: https://code.wireshark.org/review/15611
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The write functionality was too PCAPNG-specific and the intention is to
keep the option blocks as generic as possible.
So moved the write functionality back to pcapng.c and added a
wtap_opttype API to loop through all options in the block
(wtap_optionblock_foreach_option)
Change-Id: Iaf49126a1a3e2ed60ae02c52878ca22671dac335
Reviewed-on: https://code.wireshark.org/review/15525
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also add a length parameter to wtap_optionblock_set_option_string
Change-Id: I8c7bbc48aa96b5c2a91ab9a17980928d6894f1ee
Reviewed-on: https://code.wireshark.org/review/15505
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault.
Fix final tag of exactly 4 bytes not being dissected.
Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour).
Add dissector expertinfo for truncated tags. Dissect type and length on error.
Bug: 12352
Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94
Reviewed-on: https://code.wireshark.org/review/15357
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d23148c6f8d847aacec1d25cb694793ec9bb84e
Reviewed-on: https://code.wireshark.org/review/15504
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They're not marshalled as a 64-bit integer in pcapng files, they're
marshelled as 2 32-bit integers, the first of which is the upper 64 bits
of the value and the second of which is the lower 64 bits of the value.
Bug: 12349
Change-Id: I2bde51ac11b2518ef2ddaecf43672c984f26081a
Reviewed-on: https://code.wireshark.org/review/15492
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set len and caplen in pcap_read_post_process to actual wlen/payload length like for native ERF.
This fixes padding incorrectly showing as an Ethernet trailer or equivalent as
well as packet length calculations being incorrect.
Fix up rlen when writing ENCAP_ERF so it isn't longer than the actual record
length. This differs from native ERF behaviour which pads the record instead
but there is currently no non-hackish way to do this for pcap/pcap-ng.
Note: This means records captured from a DAG card in Wireshark (or old
PCAP(-NG) files opened) will have padding stripped when saved as PCAP(-NG) and
thus cannot be transmitted when converted to native ERF without aligning first.
However, if the file is saved as native ERF originally the padding will be
preserved (and zeroed). Given that extension header write support was very
broken and transmission of PCAP(-NG) is not supported without conversion this
is not expected to have been common.
Ping-Bug: 3606
Change-Id: I49dce03984d7f07431b6eb7e16a993aeb571f288
Reviewed-on: https://code.wireshark.org/review/15359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
cast one of the factors to uint64 to make sure that the calculation uses
uint64 and not uint32 which may overflow
Change-Id: Iec14f870a694008f5a734294d9154117b6c64b78
Reviewed-on: https://code.wireshark.org/review/15346
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Write ERF subheader after extension headers, especially important for Ethernet
(other types predate extension headers for the most part).
Add missing ERF_TYPE_MC_AAL2 and ERF_TYPE_COLOR_HASH_ETH.
Truncate final ERF extension header when too many. Rlen is not currently
adjusted so may be incorrect (see followup patch). Existing tools generally
check against PCAP incl_len anyway as there are other scenarios where this can
happen like naive snapping or Wireshark ERF-to-PCAP.
Properly fixing this will involve getting rid of the ERF pseudoheader.
Consistent with the ERF wiretap (except for different padding behaviour).
Bug: 3606
Change-Id: I6086cbc3fef948586fbad6f585f648d99adfff4f
Reviewed-on: https://code.wireshark.org/review/15358
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The lex files use malloc and friends which is prohibited; don't check them
(until checkAPIs becomes smart enough to realize this is OK).
This mirrors what is done in cmake.
Change-Id: Ie80ea7a9b7c0e25c70c8edf3671e80a493ea1b2f
Reviewed-on: https://code.wireshark.org/review/15377
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the option length should be 1 byte, not 4 bytes.
Change-Id: I1b356c7ce101f9bbdc9793fc280b6564e12f303f
Reviewed-on: https://code.wireshark.org/review/15265
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This generates a top level target, checkAPI, that is
excluded from the ALL build target, so must be run separately.
On Windows using a Visual Studio generator, call
msbuild /p:Configuration=RelWithDebInfo checkAPI.vcxproj
Change-Id: I44a57c564dcfc75499463b942436f4b920a82478
Reviewed-on: https://code.wireshark.org/review/14873
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Check for destination or source MAC addresses that aren't 12 characters
(hex dump of 6 octets) long and type/length fields that aren't 4
characters (hex dump of 2 octets) long.
The buffer into which we copy the hex dump characters doesn't need to be
null-terminated, so don't bother to null-terminate it. Use the final
offset into the buffer as the buffer length, rather than using strlen().
Just memcpy the MAC addresses and type/length fields into the buffer;
the buffer is guaranteed to be big enough for all of them, and, as
noted, it doesn't need to be null-terminated.
Change-Id: I790e953542ae8443af01c81229a8deb877448ee3
Reviewed-on: https://code.wireshark.org/review/15239
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't check against it. Insteead, use phdr->caplen as the buffer
size; that's based on the number of hex digits we've found.
While we're at it, also get rid of ISERIES_PKT_ALLOC_SIZE - it makes it
less obvious that it's based on the packet length from the packet
header.
Change-Id: I8ad6306c62e7bc4cf896b335f39a5a77780fb2ea
Reviewed-on: https://code.wireshark.org/review/15236
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().
So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.
Bug: 12394
Change-Id: I4b19b95f2e1ffc96dac5c91bff6698c246f52007
Reviewed-on: https://code.wireshark.org/review/15230
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().
So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.
Bug: 12395
Change-Id: I43b458a73b0934e9a5c2c89d34eac5a8f21a7455
Reviewed-on: https://code.wireshark.org/review/15223
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().
So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.
Bug: 12396
Change-Id: I54fe8f61f42c32b5ef33da633ece51bbcda8c95f
Reviewed-on: https://code.wireshark.org/review/15220
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().
So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.
Change-Id: I6450d468504e942df72342176a0e145e5ac3db5f
Reviewed-on: https://code.wireshark.org/review/15216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And note that our limit (which is what we use as the fixed buffer size)
is less than WTAP_MAX_PACKET_SIZE, so we don't have to check against
WTAP_MAX_PACKET_SIZE.
Change-Id: I28cd95c40fd2fba9994a5d64ef323f1d8c1c4478
Reviewed-on: https://code.wireshark.org/review/15204
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.
A normal packet should be Ethernet-sized; initially make the buffer big
enough for a maximum-sized Ethernet packet.
Once we know the payload length, check to make sure the packet length
won't be > WTAP_MAX_PACKET_SIZE and fail if it will. Then boost the
buffer size to be large enough for the packet, even if it's bigger than
a maximum-sized Ethernet packet.
Change-Id: I75b2108dd68f5bc5cd436bf5b82990089a7116bf
Reviewed-on: https://code.wireshark.org/review/15200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Share more code between the read and seek-read routines.
Also note why that code doesn't have to check against
WTAP_MAX_PACKET_SIZE.
Change-Id: I09086fcd3c16883c2598fb0aeb172c66f480d315
Reviewed-on: https://code.wireshark.org/review/15193
Reviewed-by: Guy Harris <guy@alum.mit.edu>
These file formats have 16-bit packet lengths, so, even with some extra
metadata added, the packet data length will never be bigger than
WTAP_MAX_PACKET_SIZE. (No, we won't ever reduce WTAP_MAX_PACKET_SIZE.)
Change-Id: I9e1b1d90971f91cc6e5d66d0aa93841445b2bc22
Reviewed-on: https://code.wireshark.org/review/15186
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And note the cases where we don't have to check, as the length in the
file is 2 bytes long, and 65535 + the metadata length is <
WTAP_MAX_PACKET_SIZE.
Change-Id: I1e690eeee900b9aa7484dc0bd0c106dc38c77269
Reviewed-on: https://code.wireshark.org/review/15180
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And use the actual packet length, rather than a fixed value, as the
buffer size we need for the packet.
Change-Id: I3af6724210a85b50610839d1bdf97fcf5a152b2f
Reviewed-on: https://code.wireshark.org/review/15179
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.
Check it against WTAP_MAX_PACKET_SIZE to make sure we don't try to
allocate a huge amount of memory, just as we do in other file readers.
Use the now-validated packet size as the length in
ws_buffer_assure_space(), so we are certain to have enough space, and
don't allocate too much space.
Merge the header and packet data parsing routines while we're at it.
Bug: 12396
Change-Id: I7f981f9cdcbea7ecdeb88bfff2f12d875de2244f
Reviewed-on: https://code.wireshark.org/review/15176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.
Check it against WTAP_MAX_PACKET_SIZE to make sure we don't try to
allocate a huge amount of memory, just as we do in other file readers.
Use the now-validated packet size as the length in
ws_buffer_assure_space(), so we are certain to have enough space, and
don't allocate too much space.
Merge the header and packet data parsing routines while we're at it.
Bug: 12395
Change-Id: Ia70f33b71ff28451190fcf144c333fd1362646b2
Reviewed-on: https://code.wireshark.org/review/15172
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.
Check it against WTAP_MAX_PACKET_SIZE to make sure we don't try to
allocate a huge amount of memory, just as we do in other file readers.
Use the now-validated packet size as the length in
ws_buffer_assure_space(), so we are certain to have enough space, and
don't allocate too much space.
Bug: 12394
Change-Id: Ifa023ce70f7a2697bf151009b035a6e6cf8d5d90
Reviewed-on: https://code.wireshark.org/review/15169
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Chances are they want to include the file extension in wiretap's list of
file extensions (for the File->Open dialog) as well as the various files
needed for integration with the various desktop environments that
Wireshark supports.
(I should have put this advice there years ago when creating the
freedesktop.org mime-package file.)
Add a comment to the mime-package file explaining its purpose, giving
a link to the specification, and talking about MIME types and the registration
thereof.
Change-Id: I60540bf88062b7a90653888534405f6aef4f657c
Reviewed-on: https://code.wireshark.org/review/15011
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Remove the need for version.h.in and bring CMake up to par with autotools.
Change-Id: I701b56c475f5fdec1f9a028536fff6992ce8eaca
Reviewed-on: https://code.wireshark.org/review/15031
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
By putting it in this list the File->Open dialog will include an option for
*.mplog files.
Change-Id: Icf6480f7be1023650262fc1f3996a390e137cb88
Reviewed-on: https://code.wireshark.org/review/15048
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows keeping the code-sharing with the static linking.
This "fixes" a hypothetical ABI mismatch with wsutil and avoids pulling more
external dependencies to wsutil than strictly necessary.
A nice side-effect is that libwsutil no longer depends on version.h.
Follow up to f95976eefc.
Change-Id: I8f0d6a557ab3f7ce6f0e2c269124c89f29d6ad23
Reviewed-on: https://code.wireshark.org/review/15002
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Found by valgrind:
==14298== at 0x4C2CE8E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14298== by 0xA66C6AE: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA63BB32: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA63BEB7: g_array_append_vals (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA193252: wtap_optionblock_add_option (wtap_opttypes.c:352)
==14298== by 0xA19361C: shb_create (wtap_opttypes.c:607)
==14298== by 0xA192F96: wtap_optionblock_create (wtap_opttypes.c:126)
==14298== by 0xA168784: wtap_open_offline (file_access.c:824)
==14298== by 0x11D47C: cf_open (tshark.c:4194)
==14298== by 0x117852: main (tshark.c:2183)
et al.
Change-Id: Ic16595ed3c12b9ed6c2813852ceb594c29ece929
Reviewed-on: https://code.wireshark.org/review/15004
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's not guaranteed to be a C string, so don't call it "str".
Change-Id: I614ccf4f87b9f6f58d9b72596827224006f1de30
Reviewed-on: https://code.wireshark.org/review/14998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use wtap_read_bytes() which will return WTAP_ERR_SHORT_READ if we don't
get the specified number of bytes. Treat all errors *other* than
WTAP_ERR_SHORT_READ as an I/O error.
Change-Id: If38b5ad1b142441f2f2dd356be196bf381058da4
Reviewed-on: https://code.wireshark.org/review/14997
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no need for an open routine to seek back to the beginning of the
file - the file open code has done that already.
Change-Id: I4053474e60e7c8e8f59a89503d4bb08499d9399e
Reviewed-on: https://code.wireshark.org/review/14996
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And *any* EOFs in the seek-read routine.
Change-Id: I5742c7bbd782e59e9c64e4821f22c706ddbc5382
Reviewed-on: https://code.wireshark.org/review/14995
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We just care whether the first 6 bytes of the file are "MPCSII";
memcmp() will do that, and we don't have to worry about NULs.
Change-Id: I03872c30e76eedce67577657270e36f0795e74bd
Reviewed-on: https://code.wireshark.org/review/14994
Reviewed-by: Guy Harris <guy@alum.mit.edu>
the mplog format is used by some commercial logging tools that capture
ISO 14443 traffic between a card reader and a contactless smartcard
Change-Id: If359b8f0f671eb2a7c6315e2b8960a5bd581a9e9
Reviewed-on: https://code.wireshark.org/review/14950
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The presence bits field isn't made up of multiple bytes, it's a single
32-bit field, so move the bit values up 8 bits so they don't collide
with the values from the first byte.
Prevents a crash with at least one 32.423 file.
Change-Id: I804e76a5b8844f1f3894a43af7fd8bbe9fa7447c
Reviewed-on: https://code.wireshark.org/review/14943
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.
Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.
Note that we could probably improve startup performance by using wmem
in diam_dict.*.
Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use %option extra_type= rather than #defining YY_EXTRA_TYPE.
Change comments to reflect that the state structure is used both by the
lexical analyzer and the parser.
Change-Id: I19a81de61cbd6e86d71154f376ef0681cc6d42fb
Reviewed-on: https://code.wireshark.org/review/14826
Reviewed-by: Guy Harris <guy@alum.mit.edu>
master-branch libpcap now generates a reentrant Flex scanner and
Bison/Berkeley YACC parser for capture filter expressions, so it
requires versions of Flex and Bison/Berkeley YACC that support that.
We might as well do the same. For libwiretap, it means we could
actually have multiple K12 text or Ascend/Lucent text files open at the
same time. For libwireshark, it might not be as useful, as we only read
configuration files at startup (which should only happen once, in one
thread) or on demand (in which case, if we ever support multiple threads
running libwireshark, we'd need a mutex to ensure that only one file
reads it), but it's still the right thing to do.
We also require a version of Flex that can write out a header file, so
we change the runlex script to generate the header file ourselves. This
means we require a version of Flex new enough to support --header-file.
Clean up some other stuff encountered in the process.
Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16
Reviewed-on: https://code.wireshark.org/review/14719
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is consistent with what the rest of the files do, and doesn't
require that the compiler explicitly be told to treat the current
directory as an include directory.
Change-Id: Iefaedd2acc936f45d5095546f8dea7167d2e88c8
Reviewed-on: https://code.wireshark.org/review/14797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When the state pointer is NULL it's defensively coded against by a
NULL pointer check. Variable initialization before should then not
dereference that pointer.
Change-Id: I0ed09e2f22be5651324f43fc3fd339d2f95684c0
Reviewed-on: https://code.wireshark.org/review/14776
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either use "wtap.h", if it's only for files in the wiretap directory, or
<wiretap/wtap.h>, if it's also a header that stuff outside libwiretap
can include.
Change-Id: If1c71b3dae9a3c0d64661ae1734f925319e447d1
Reviewed-on: https://code.wireshark.org/review/14788
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.
The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.
ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.
Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.
ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.
Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.
Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.
Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.
Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1) Handle the ASCII and Unicode magic numbers the same way - as static
const char arrays. Note that Unicode specifically means little-endian
UCS-2 (or UTF-16, but they probably use few if any characters outside of
ASCII, much less the Basic Multilingual Plane).
2) Treat all seek errors as open errors rather than "not my file type".
3) Fix capitalization of "Unicode".
Change-Id: I47b7e057ccada00347499a6b17f8f8fc44e7c503
Reviewed-on: https://code.wireshark.org/review/14689
Reviewed-by: Guy Harris <guy@alum.mit.edu>
git/epan/dissectors/packet-a21.c:478:25: error: 'item' was marked unused but was used
[-Werror,-Wused-but-marked-unused]
proto_item_append_text(item, "%s", val_to_str_const(event_id, a21_event_vals, "Unknown"));
^
Added manual change id because file-jpeg.c forced the use of commit -n
Change-Id: Iffff53d6253758c8454d9583f0a11f317c8390cb
Reviewed-on: https://code.wireshark.org/review/14666
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Otherwise, they get treated as generic XML files. No, a standard XML
tag, followed by <dump>, isn't a *perfect* magic number, but if you
*really* want to read it as a generic XML file, you can do so from the
UI.
(This is just like TNEF files.)
Change-Id: I7624023ecf87a21ef339222c89b3c9abd7acc727
Reviewed-on: https://code.wireshark.org/review/14656
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This takes away much of the pain (and merge conflicts) of micro-managing every
sub-folder file.
Change-Id: I7d7bb1173511ec9312ca4a97c6a59a26b0b194f4
Reviewed-on: https://code.wireshark.org/review/14595
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Add pkg-config 0.29.1 macros to our distribution. This makes the
aclocal-flags script obsolete, since we are already not using GLib
autoconf macros.
ACLOCAL_AMFLAGS need only be defined on the top-level Makefile.am.
Change-Id: Idd868dcfeb8f279517970d0f96d9d53e3a7e4d5c
Reviewed-on: https://code.wireshark.org/review/14568
Reviewed-by: João Valverde <j@v6e.pt>
Issue found by Clang (Assigned value is garbage or undefined).
Change-Id: I9a3ab41dd01becbd454af02f2567ea3a2beeba40
Reviewed-on: https://code.wireshark.org/review/14399
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make a more formal method for registering options within a block and do it all with a single function (wtap_optionblock_add_block).
Add ability for block to be able to write itself, refactored out of pcapng.c. This was implemented for SHB, ISB, and IDB blocks. Name resolution (NRB), while possible, seemed a little messy for the moment.
Change-Id: Ie855c8550c7c7d96cfc188c0cd90bfbc4d5f0ee8
Reviewed-on: https://code.wireshark.org/review/14357
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also required mergecap to look for plugins to initialize wiretap option blocks.
Change-Id: I4208d1028dd0f94f185393801d72025329266cb7
Reviewed-on: https://code.wireshark.org/review/14300
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't treat it like a GList
Bug: 12220
Change-Id: I057649a26d135516c6e8d4fb028c6cb9dcda2e7c
Reviewed-on: https://code.wireshark.org/review/14326
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use pkg-config if a zlib.pc file is available.
Remove the now redundant AC_TRY_LINK_FUNC test (there are no linker flags
for GTK+ here).
Change-Id: I7de744749eba7231ae0097b975144b76ffcf1bdb
Reviewed-on: https://code.wireshark.org/review/14263
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I52de10a1d96b6ef7294ad8be9ec9195defca4b53
Reviewed-on: https://code.wireshark.org/review/14266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12173
Change-Id: Ifff28491073d50e088b26847830a3bc8835f4282
Reviewed-on: https://code.wireshark.org/review/14180
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12174
Change-Id: I82eb0ac75f2e03f15c2f016e9b7ff72fdc7044f5
Reviewed-on: https://code.wireshark.org/review/14179
Reviewed-by: Michael Mann <mmann78@netscape.net>
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Icf0831717de10fc615971fa1cf75af2f1ea2d03d
Reviewed-on: https://code.wireshark.org/review/14150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If it's 0x1A2B3C4D, that means it has the same byte order as the
instruction set for which Wireshark was built[*]; if it's 0x4D3C2B1A, it
means it has the opposite byte order. (We assume no "middle-endian"
machines here; it's extremely unlikely that any of this code will ever
work on a PDP-11.)
Wireshark *does* work on big-endian machines (if there are any places
where it doesn't, those are bugs that must be fixed), so we can't assume
that "same byte order as our instruction set" means "little-endian".
[*]If, for example, you run a PowerPC binary under Rosetta, it'll act as
if big-endian is the native byte order, even though it's running on a
little-endian machine.
Change-Id: Ic438bd85c034f1fba276408ba30214d7078121d1
Reviewed-on: https://code.wireshark.org/review/14133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't use the byte order from any previously-seen SHB, as it might be
different.
Bug: 12167
Change-Id: I19a81f81f2e8115938387487e2682b8b11a100fe
Reviewed-on: https://code.wireshark.org/review/14131
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to allocate an WTAP_OPTION_BLOCK_IF_DESCR option block;
don't use the value we allocated.
We must not allocate an WTAP_OPTION_BLOCK_IF_STATS option block until we
need it, as we may have to allocate *more than one* of them here! The
old code would reuse the same block, adding it more than once, causing a
"freeing already freed data"/"freeing non-allocated data" error on some
platforms.
Change-Id: I8582627c1f5deecfd4f6490dcdf8c31ee3809d12
Reviewed-on: https://code.wireshark.org/review/14130
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The S1 code works similarly to the S2/S3 code, and has the same issue.
Change-Id: I288e30ccdf67d8a6daec8c8428c0f703e18ecc89
Reviewed-on: https://code.wireshark.org/review/14127
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The 1 is for the byte written with vht_ndp_flag; the 16 is for the PLCP
header. Separate them out; no change to the actual code (as any
compiler worth its salt would do constant folding).
Change-Id: I5e081c67e605203153270ed9a3f9e30b9e9b968c
Reviewed-on: https://code.wireshark.org/review/14125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Commit v1.99.10rc0-316-gf28e23f added some additional room for the 16
byte PLCP header and 1 byte L1P. These are however not part of the
remaining data, only the header.
Bug: 11795
Change-Id: Ia6935d27366a07f818f147c9094a801429b049e2
Reviewed-on: https://code.wireshark.org/review/12240
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
Some only allow buffer overruns (read), others also buffer overflows
(write).
Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).
Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DO NOT USE THIS FOR ANYTHING NEW.
Change-Id: Iee2ddaa2eeb735b33aef9e81b32bb4a3535e3451
Reviewed-on: https://code.wireshark.org/review/14023
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't correspond to anything we support - and the old Linux USB
LINKTYPE_ value of 186 doesn't give enough information to dissect the
packets (it discards the event type, for example), so we drop the rest
of our support for it as well.
Change-Id: I6f537d9263174aba4320edf5140e1d1540e979c8
Reviewed-on: https://code.wireshark.org/review/14020
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wtap_read() and wtap_seek_read() now do so before calling the read or
seek-read routine, so there's no need to do so in those routines.
Rename hcidump_process_packet() to hcidump_read_packet() while we're at
it, as it doesn't just process an already-read packet, it does the
reading as well as the processing.
Change-Id: Ic13da6a2096e68550d80f2eff31f03d0edb58147
Reviewed-on: https://code.wireshark.org/review/13998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If you include something from the wiretap directory, always precede it
with wiretap/.
Fix some includes of files in the top-level directory to use a path
relative to the current directory, not relative to the wiretap
directory.
This makes it a bit clearer what's being included.
Change-Id: Ib99655a13c6006cf6c3112e9d4db6f47df9aff54
Reviewed-on: https://code.wireshark.org/review/13990
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
in size.
Wireshark/Tshark hangs when netscaler trace file smaller than 16KB is opened.
It also hangs when a gzipped trace file is opened. With this fix,
Files with sizes that are not multiple of 16KB and gzipped files can be opened.
Bug: 12083
Change-Id: I26b2fc406edafcb2f1f6161d69064ba5662ddf29
Reviewed-on: https://code.wireshark.org/review/13721
Reviewed-by: Michael Mann <mmann78@netscape.net>
Signed overflow is undefined, so testing for overflow with
"if (i + 1 < i)" is itself undefined. Because this instance is an
increment, we can just test against G_MAXINT.
Change-Id: Ib8b7c23ec362d5637125fcf6457ea9423fedf0e1
Reviewed-on: https://code.wireshark.org/review/13896
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just use the table - or an empty table if we're not including the
compressed file extensions.
Change-Id: I0b3ef3987e1986953f2957c27c84b2ee59b90bc0
Reviewed-on: https://code.wireshark.org/review/13611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
GNU coding standards recommend against it and automake is designed
around it.
This allows overriding the global build flags using AM_CFLAGS, etc.,
or per object flags, something that is difficult or impossible currently
because of automake precedence rules.
Change-Id: I3f1ea12e560af5a46b2f04b342b1882bbf123f12
Reviewed-on: https://code.wireshark.org/review/13455
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
We set them to the file's values in wtap_read(), but we weren't setting
them in wtap_seek_read(); set them in both places.
Change-Id: Id604b1c7d27d4cee6600249e9435c49d02f8dd61
Reviewed-on: https://code.wireshark.org/review/13531
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found building with GCC 5.3.0 and CFLAGS="-g -Og".
Change-Id: I5bc29b6e91cc98332a513c9d03b02d2f6906608d
Reviewed-on: https://code.wireshark.org/review/13362
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
check that we have a line that contains OBJECT PROTOCOL ETHERNET
(at the moment, we fail if there's a line containing OBJECT PROTOCOL but
not ETHERNET and succeed otherwise
-> a file with some random lines will be identified as iseries)
initialize our line buffer with 0s to make sure we don't access uninitialized
data while parsing
don't set wth->priv unless the file is really an iseries file
free the iseries struct if the file is not our type
Bug: 11985
Change-Id: I0ac7003c047f54ca025d02e59b56d1ff4e2a6be7
Reviewed-on: https://code.wireshark.org/review/13360
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
like it's done for the other file types
Change-Id: I8caa360b9c527ea642ee6b5102759ad341ad0030
Reviewed-on: https://code.wireshark.org/review/13359
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Discovered by changing wtap_encap_requires_phdr() to use a switch
statement and comparing the case arms.
Change-Id: I2a23b86ddfbc88c1b3251a0e97f7f00ee93f630e
Reviewed-on: https://code.wireshark.org/review/13341
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Include the pcapng block name in every error message to give user a better hint as to where the error is
Bug: 8798
Change-Id: Idd80a8541ac37a42b9bd2e988fa8da1ce7bc91a0
Reviewed-on: https://code.wireshark.org/review/13310
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I guess the ability to define a structure inside another structure is a
C-ism discarded by C++, so it causes warnings if you disallow stuff that
can't be handled by a C++ compiler, as we do.
Change-Id: I8cf52af0424708eb663ab6dbfecbf317fe3bccdb
Reviewed-on: https://code.wireshark.org/review/13257
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When using UPPER_PDU to wrap logcat text data it was not possible
to dump underlying data to logcat textfiles.
Add ability to write it down properly.
Change-Id: Ia20142cc340f34d80de93e213084cf1df83099d6
Reviewed-on: https://code.wireshark.org/review/13230
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix indentation.
Just directly assign values to elements in the packet buffer; no need to
convert them to numbers and note the value as a comment.
Give more detail in the comment for null-terminating buffers. Terminate
packet_buf[] once we're finished reading into it, to make it a bit
clearer what's being done.
Make the magic number buffer 513 bytes, so we have 512 bytes plus a
terminating null.
Change-Id: Ie182d93393cc55835b24075e908393c386c85c24
Reviewed-on: https://code.wireshark.org/review/13250
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 11982
Change-Id: Ib704d9128ab6427751edbf3a33f4b8fd14902562
Reviewed-on: https://code.wireshark.org/review/13233
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Stuff in an ERF file is big-endian, except for timestamps, so we want to
convert from big-endian to host format. (The two functions do the same
thing; this just makes it clearer what we're doing.)
Change-Id: I28e27857dcf299085e8a55747ffd45ad8313789b
Reviewed-on: https://code.wireshark.org/review/13248
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for Generic Framing Procedure. Generic Framing Procedure (GFP)
is used to map octet-aligned variable length payloads (e.g. Ethernet, MPLS,
octet-aligned PPP, IP) into octet-synchronous signals such as SONET/SDH
(ITU-T G.707) and OTN (ITU-T G.709). GFP is a telecommunications industry
standard defined in ITU-T G.7041/Y.1303.
(https://www.itu.int/rec/T-REC-G.7041/)
Bug: 11961
Change-Id: Idf5b311e82b051b1ee65bde5149b3de405537b02
Reviewed-on: https://code.wireshark.org/review/13043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The use of a flag field here is aesthetically unpleasing when the flags
are referred to frequently. Convert these into bitfield entries.
Change-Id: I6f47e31558439dfd343ec7f856d04480366a1237
Reviewed-on: https://code.wireshark.org/review/12511
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris