When building with GCC 10.2.0 and optimization level 3 some new
warnings turn up. Fix them.
./epan/crypt/dot11decrypt_util.c: In function ‘dot11decrypt_derive_pmk_r0’:
../epan/crypt/dot11decrypt_util.c:308:5: error: ‘sha256_res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
308 | memcpy(pmk_r0_name, sha256_res, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../epan/crypt/dot11decrypt_util.c: In function ‘dot11decrypt_derive_pmk_r1’:
../epan/crypt/dot11decrypt_util.c:357:5: error: ‘sha256_res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
357 | memcpy(pmk_r1_name, sha256_res, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../wiretap/wtap_opttypes.c: In function ‘wtap_block_add_if_filter_option’:
../wiretap/wtap_opttypes.c:782:12: error: ‘*((void *)&filter_dest+8)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
782 | return filter_dest;
| ^~~~~~~~~~~
../wiretap/wtap_opttypes.c: In function ‘wtap_block_set_if_filter_option_value’:
../wiretap/wtap_opttypes.c:782:12: error: ‘*((void *)&filter_dest+8)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
782 | return filter_dest;
| ^~~~~~~~~~~
Instead of a "supports name resolution" Boolean and bitflags for types of
comments supported, provide a list of block types that the file
type/subtype supports, with each block type having a list of options
supported. Indicate whether "supported" means "one instance" or
"multiple instances".
"Supports" doesn't just mean "can be written", it also means "could be
read".
Rename WTAP_BLOCK_IF_DESCRIPTION to WTAP_BLOCK_IF_ID_AND_INFO, to
indicate that it provides, in addition to information about the
interface, an ID (implicitly, in pcapng files, by its ordinal number)
that is associated with every packet in the file. Emphasize that in
comments - just because your capture file format can list the interfaces
on which a capture was done, that doesn't mean it supports this; it
doesn't do so if the file doesn't indicate, for every packet, on which
of those interfaces it was captured (I'm looking at *you*, Microsoft
Network Monitor...).
Use APIs to query that information to do what the "does this file
type/subtype support name resolution information", "does this file
type/subtype support all of these comment types", and "does this file
type/subtype support - and require - interface IDs" APIs did.
Provide backwards compatibility for Lua.
This allows us to eliminate the WTAP_FILE_TYPE_SUBTYPE_ values for IBM's
iptrace; do so.
For most file types, blocks for which we don't have a wtap_block_type_t
aren't "custom", they're just "file-type specific". Add
WTAP_BLOCK_FT_SPECIFIC_REPORT and WTAP_BLOCK_FT_SPECIFIC_EVENT block
types; the "mandatory" part of those blocks includes a
file-type-specific block type value, with specific values assigned to
specific block types (either as part of the file type's definition, or
by us if necessary).
For pcapng files, blocks for which we don't have a wtap_block_type_t are
either "local" (block type has the high-order bit set), are defined in
the current spec but aren't supported yet (which we should fix), or are
*not* defined in the current spec and are *not* "local" (in which case
whoever's using the block number should submit a pull request to the
spec to register the block type *and* give it a specification, so we can
add support). For "local" block types and for not-yet-supported
non-"local" block types, they should be handled as file-type-specific
blocks with the file-type-specific block value being the pcapng block
type code, with plugin support in the pcapng code to read *and* write
those blocks.
Move the structures for the "mandatory" parts of blocks to
wiretap/wtap_opttypes.h, right after the definition of
wtap_block_type_t.
When registering a custom block type, set the block type field of the
wtap_blocktype_t structure. (We may do custom blocks differently, so
this is just for now.)
When registering a standard block type, don't pass in the block type, as
we can just use the type in the wtap_blocktype_t structure.
Remove NG from the names - it adds nothing.
Don't use the abbreviations for pcapng block names, spell out what the
block does (e.g. "WTAP_BLOCK_DECRYPTION_SECRETS" rather than
"WTAP_BLOCK_DSB"), to make it more obvious what the block does.
Spell out some other abbreviations.
Add WTAP_BLOCK_PACKET for future use for packet blocks; there's no need
to distinguish between the Enhanced Packet Block, the Simple Packet
Block, and the deprecated Packet Block here.
Option types aren't guaranteed to be small integers, so store option
types for a block type in a hash table, so we don't need to have a big
array to handle the custom option types (the type values of which aren't
small integers) and with local-use option types (the type values of
which also aren't small integers).
Make all the option type structures const while we're at it.
Change the data structure for that option to have a type field,
indicating that it's either a pcap filter string or a BPF program,
followed by a union with a string-pointer member for pcap filter strings
and an instruction-count-and-pointer-to-instructions structure for BPF
programs.
Have routines to add, set, and fetch that option that handle that
structure; discard the "generic structured option" routines. That means
there's more type checking possible at compile time.
Add more code to handle BPF programs.
When writing pcapng files, check, both for that option and for string
options, whether the option length is too big for the data to fit in a
pcapng option, and don't write it if it is. (XXX - truncate the data?
Report an error?)
We have wtap_block_set_string_option_value(),
wtap_block_set_string_option_value_format(), and
wtap_block_set_nth_string_option_value(); complete the collection and
win valuable prizes.
It currently wraps wtap_block_create() and wtap_block_copy(); if there
are no remaining use cases for wtap_block_copy() at some point, it can
just *replace* wtap_block_copy().
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support for writing it in live captures will come later; this change,
but not that one, will be backported so older versions of Wireshark
won't remove it when writing a file out.
Change-Id: I9fd4067991acfd2d18c03d0a373ce8337a9f3a76
Reviewed-on: https://code.wireshark.org/review/29064
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The cleanup routine has been added to exit section of the applications.
Those which required a exit restyle have been patched as well.
Change-Id: I3a8787f0718ac7fef00dc58176869c7510fda7b1
Reviewed-on: https://code.wireshark.org/review/19949
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
A wtap_block_t always has an array of options, even if it's empty.
Fixes CID 1364135.
Change-Id: Ib1ba791ddcac078ec34def321d63d140c5576037
Reviewed-on: https://code.wireshark.org/review/16535
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not used; currently, everything that accesses instances of a
multiple-instance-allowed option do so in a loop that iterates over
option instances by fetching values of the Nth option until the attempt
to fetch the option fails, making only one pass over the options.
Change-Id: Ife9583a5d246027dbfc133ab58027ef6641d65ef
Reviewed-on: https://code.wireshark.org/review/16534
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That will allow deletion of comments, stripping of options when
sanitizing captures, etc..
Change-Id: I9667ba2ccf4e548ff3b7d500796b260a437bcea0
Reviewed-on: https://code.wireshark.org/review/16485
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Explicitly cst the results of g_memdup().
Change-Id: I20fd1f355e68735d7cc9bbeb41717a1c2a74de37
Reviewed-on: https://code.wireshark.org/review/16477
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, we don't have to worry about multiple instances of an option
pointing to the same data. and having to worry about freeing data that's
pointed to by another instance.
Change-Id: I3470a9eebf346023713fd0d6ff2451d727c25089
Reviewed-on: https://code.wireshark.org/review/16471
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Cast some numerical values to wtap_block_type_t.
Change-Id: I56651c62045880638175c39174341feffb4b1068
Reviewed-on: https://code.wireshark.org/review/16451
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It gets passed a wtap_block_type_t value, so declare it as such.
Change-Id: I6980cab7e1885c9920b2a75e12f9d2d2a64d6f96
Reviewed-on: https://code.wireshark.org/review/16450
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A block can have zero or more instances of a given option. We
distinguish between "one instance only" options, where a block can have
zero or one instance, and "multiple instances allowed" options, where a
block can have zero or more instances.
For "one instance only" options:
"add" routines add an instance if there isn't one already
and fail if there is;
"set" routines add an instance if there isn't one already
and change the value of the existing instance if there is one;
"set nth" routines fail;
"get" routines return the value of the instance if there is one
and fail if there isn't;
"get nth" routines fail.
For "multiple instances allowed" options:
"add" routines add an instance;
"set" routines fail;
"set nth" routines set the value of the nth instance if there is
one and fail otherwise;
"get" routines fail;
"get nth" routines get the value if the nth instance if there is
one and fail otherwise.
Rename "optionblock" to just "block"; it describes the contents of a
block, including both mandatory items and options.
Add some support for NRB options, including IPv4 and IPv6 option types.
Change-Id: Iad184f668626c3d1498b2ed00c7f1672e4abf52e
Reviewed-on: https://code.wireshark.org/review/16444
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Address of stack memory associated with local variable 'default_filter'
is still referred to by the global variable 'filter_option' upon returning
to the caller. This will be a dangling reference.
Change-Id: I6160a37f05b8aea245b723ec50803e4062886738
Reviewed-on: https://code.wireshark.org/review/14427
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use it for OPT_COMMENT in the SHB, as there may be ore than one instance
of OPT_COMMENT in an SHB.
Also, use wtap_optionblock_get_option_string for OPT_SHB_HARDWARE,
OPT_SHB_OS, and OPT_SHB_USERAPPL; they're specified as "only one
instance allowed".
Change-Id: I23ad87e41e40b7ae1155e96c0523a6f8caad5204
Reviewed-on: https://code.wireshark.org/review/15750
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This doesn't try to use any data from multiple Section Header blocks, it
just converts single Section Header block usage into a GArray, so the
potential is there to then use/support multiple Section Header blocks
within a file format (like pcapng)
Change-Id: I6ad1f7b8daf4b1ad7ba0eb1ecf2e170421505486
Reviewed-on: https://code.wireshark.org/review/15636
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The write functionality was too PCAPNG-specific and the intention is to
keep the option blocks as generic as possible.
So moved the write functionality back to pcapng.c and added a
wtap_opttype API to loop through all options in the block
(wtap_optionblock_foreach_option)
Change-Id: Iaf49126a1a3e2ed60ae02c52878ca22671dac335
Reviewed-on: https://code.wireshark.org/review/15525
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also add a length parameter to wtap_optionblock_set_option_string
Change-Id: I8c7bbc48aa96b5c2a91ab9a17980928d6894f1ee
Reviewed-on: https://code.wireshark.org/review/15505
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d23148c6f8d847aacec1d25cb694793ec9bb84e
Reviewed-on: https://code.wireshark.org/review/15504
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They're not marshalled as a 64-bit integer in pcapng files, they're
marshelled as 2 32-bit integers, the first of which is the upper 64 bits
of the value and the second of which is the lower 64 bits of the value.
Bug: 12349
Change-Id: I2bde51ac11b2518ef2ddaecf43672c984f26081a
Reviewed-on: https://code.wireshark.org/review/15492
Reviewed-by: Guy Harris <guy@alum.mit.edu>
the option length should be 1 byte, not 4 bytes.
Change-Id: I1b356c7ce101f9bbdc9793fc280b6564e12f303f
Reviewed-on: https://code.wireshark.org/review/15265
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found by valgrind:
==14298== at 0x4C2CE8E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14298== by 0xA66C6AE: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA63BB32: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA63BEB7: g_array_append_vals (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14298== by 0xA193252: wtap_optionblock_add_option (wtap_opttypes.c:352)
==14298== by 0xA19361C: shb_create (wtap_opttypes.c:607)
==14298== by 0xA192F96: wtap_optionblock_create (wtap_opttypes.c:126)
==14298== by 0xA168784: wtap_open_offline (file_access.c:824)
==14298== by 0x11D47C: cf_open (tshark.c:4194)
==14298== by 0x117852: main (tshark.c:2183)
et al.
Change-Id: Ic16595ed3c12b9ed6c2813852ceb594c29ece929
Reviewed-on: https://code.wireshark.org/review/15004
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue found by Clang (Assigned value is garbage or undefined).
Change-Id: I9a3ab41dd01becbd454af02f2567ea3a2beeba40
Reviewed-on: https://code.wireshark.org/review/14399
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make a more formal method for registering options within a block and do it all with a single function (wtap_optionblock_add_block).
Add ability for block to be able to write itself, refactored out of pcapng.c. This was implemented for SHB, ISB, and IDB blocks. Name resolution (NRB), while possible, seemed a little messy for the moment.
Change-Id: Ie855c8550c7c7d96cfc188c0cd90bfbc4d5f0ee8
Reviewed-on: https://code.wireshark.org/review/14357
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also required mergecap to look for plugins to initialize wiretap option blocks.
Change-Id: I4208d1028dd0f94f185393801d72025329266cb7
Reviewed-on: https://code.wireshark.org/review/14300
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't treat it like a GList
Bug: 12220
Change-Id: I057649a26d135516c6e8d4fb028c6cb9dcda2e7c
Reviewed-on: https://code.wireshark.org/review/14326
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I52de10a1d96b6ef7294ad8be9ec9195defca4b53
Reviewed-on: https://code.wireshark.org/review/14266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12173
Change-Id: Ifff28491073d50e088b26847830a3bc8835f4282
Reviewed-on: https://code.wireshark.org/review/14180
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris