/* IDB_FILTER */
if ((filter != NULL) && (strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16)) {
block_total_length += sizeof(struct option) +
- (guint16)(ADD_PADDING(strlen(filter) + 1));
+ (guint16)(ADD_PADDING(strlen(filter) + 1)+1);
have_options = TRUE;
}
}
}
- /* write filter string if applicable */
+ /* write filter string if applicable
+ * We only write version 1 of the fileter, libpcap string
+ */
if ((filter != NULL) && (strlen(filter) > 0) && (strlen(filter) < G_MAXUINT16)) {
option.type = IDB_FILTER;
- option.value_length = (guint16)(strlen(filter) + 1);
+ option.value_length = (guint16)(strlen(filter) + 1 + 1 );
WRITE_DATA(fp, &option, sizeof(struct option), *bytes_written, err);
+
+ /* The first byte of the Option Data keeps a code of the filter used, 0 = lipbpcap filter string */
+ WRITE_DATA(fp, &padding, 1, *bytes_written, err);
WRITE_DATA(fp, filter, strlen(filter) + 1, *bytes_written, err);
if ((strlen(filter) + 1) % 4) {
WRITE_DATA(fp, &padding, 4 - (strlen(filter) + 1) % 4 , *bytes_written, err);
/* XXX: if_EUIaddr */
wblock->data.if_descr.if_speed = 0; /* "unknown" */
wblock->data.if_descr.if_tsresol = 6; /* default is 6 for microsecond resolution */
- wblock->data.if_descr.if_filter = NULL;
+ wblock->data.if_descr.if_filter_str = NULL;
+ wblock->data.if_descr.bpf_filter_len = 0;
+ wblock->data.if_descr.if_filter_bpf_bytes = NULL;
wblock->data.if_descr.if_os = NULL;
wblock->data.if_descr.if_fcslen = -1; /* unknown or changes between packets */
/* XXX: guint64 if_tsoffset; */
*/
case(11): /* if_filter */
if (oh.option_length > 0 && oh.option_length < opt_cont_buf_len) {
- wblock->data.if_descr.if_filter = g_strndup(option_content, oh.option_length);
- pcapng_debug1("pcapng_read_if_descr_block: if_filter %s", wblock->data.if_descr.if_filter);
+ /* The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string,
+ * or BPF bytecode.
+ */
+ if (option_content[0] == 0){
+ wblock->data.if_descr.if_filter_str = g_strndup(option_content+1, oh.option_length-1);
+ pcapng_debug1("pcapng_read_if_descr_block: if_filter_str %s", wblock->data.if_descr.if_filter_str);
+ }else if(option_content[0] == 1) {
+ wblock->data.if_descr.bpf_filter_len = oh.option_length-1;
+ wblock->data.if_descr.if_filter_bpf_bytes = g_malloc(oh.option_length-1);
+ memcpy(&wblock->data.if_descr.if_filter_bpf_bytes, option_content+1, oh.option_length-1);
+ }
} else {
pcapng_debug1("pcapng_read_if_descr_block: if_filter length %u seems strange", oh.option_length);
}
int_data.if_speed = wblock.data.if_descr.if_speed;
int_data.if_tsresol = wblock.data.if_descr.if_tsresol;
/* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
- int_data.if_filter = wblock.data.if_descr.if_filter;
+ int_data.if_filter_str = wblock.data.if_descr.if_filter_str;
+ int_data.bpf_filter_len = wblock.data.if_descr.bpf_filter_len;
+ int_data.if_filter_bpf_bytes = wblock.data.if_descr.if_filter_bpf_bytes;
int_data.if_os = wblock.data.if_descr.if_os;
int_data.if_fcslen = wblock.data.if_descr.if_fcslen;
/* XXX if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
gboolean have_options = FALSE;
struct option option_hdr; /* guint16 type, guint16 value_length; */
guint32 options_total_length = 0;
- guint32 comment_len = 0, if_name_len = 0, if_description_len = 0 , if_os_len = 0;
- guint32 comment_pad_len = 0, if_name_pad_len = 0, if_description_pad_len = 0, if_os_pad_len = 0;
+ guint32 comment_len = 0, if_name_len = 0, if_description_len = 0 , if_os_len = 0, if_filter_str_len = 0;
+ guint32 comment_pad_len = 0, if_name_pad_len = 0, if_description_pad_len = 0, if_os_pad_len = 0, if_filter_str_pad_len;
pcapng_debug3("pcapng_write_if_descr_block: encap = %d (%s), snaplen = %d",
* if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
* The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more).
*/
- if (int_data->if_filter) {
+ if (int_data->if_filter_str) {
+ have_options = TRUE;
+ if_filter_str_len = (guint32)strlen(int_data->if_filter_str) & 0xffff+1;
+ if ((if_filter_str_len % 4)) {
+ if_filter_str_pad_len = 4 - (if_filter_str_len % 4);
+ } else {
+ if_filter_str_pad_len = 0;
+ }
+ options_total_length = options_total_length + if_filter_str_len + if_filter_str_pad_len + 4 /* comment options tag */ ;
}
/*
* if_os 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed.
wdh->bytes_dumped += sizeof idb;
/* XXX - write (optional) block options */
- if (comment_len) {
+ if (comment_len != 0) {
option_hdr.type = OPT_COMMENT;
option_hdr.value_length = comment_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
/*
* if_name 2 A UTF-8 string containing the name of the device used to capture data.
*/
- if (if_name_len) {
+ if (if_name_len !=0) {
option_hdr.type = IDB_OPT_IF_NAME;
option_hdr.value_length = if_name_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
/*
* if_description 3 A UTF-8 string containing the description of the device used to capture data.
*/
- if (if_description_len) {
+ if (if_description_len != 0) {
option_hdr.type = IDB_OPT_IF_NAME;
option_hdr.value_length = if_description_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
/*
* if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
*/
+ /* Libpcap string variant */
+ if (if_filter_str_len !=0) {
+ option_hdr.type = IDB_OPT_IF_FILTER;
+ option_hdr.value_length = if_filter_str_len;
+ if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
+ return FALSE;
+ wdh->bytes_dumped += 4;
+
+ /* Write the zero indicaling libpcap filter variant */
+ if (!wtap_dump_file_write(wdh, &zero_pad, 1, err))
+ return FALSE;
+ wdh->bytes_dumped += 1;
+
+ /* Write the comments string */
+ pcapng_debug3("pcapng_write_if_descr_block, if_filter_str:'%s' if_filter_str_len %u if_filter_str_pad_len %u" , int_data->if_filter_str, if_filter_str_len, if_filter_str_len);
+ if (!wtap_dump_file_write(wdh, int_data->if_filter_str, if_filter_str_len, err))
+ return FALSE;
+ wdh->bytes_dumped += comment_len;
+
+ /* write padding (if any) */
+ if (if_filter_str_pad_len != 0) {
+ if (!wtap_dump_file_write(wdh, &zero_pad, if_filter_str_pad_len, err))
+ return FALSE;
+ wdh->bytes_dumped += if_filter_str_pad_len;
+ }
+ }
/*
* if_os 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed.
*/
- if (if_os_len) {
+ if (if_os_len != 0) {
option_hdr.type = IDB_OPT_IF_OS;
option_hdr.value_length = if_os_len;
if (!wtap_dump_file_write(wdh, &option_hdr, 4, err))
* Interface description data
*/
typedef struct wtapng_if_descr_s {
- int wtap_encap; /**< link_type translated to wtap_encap */
+ int wtap_encap; /**< link_type translated to wtap_encap */
guint64 time_units_per_second;
/* mandatory */
guint16 link_type;
guint32 snap_len;
/* options */
- gchar *opt_comment; /**< NULL if not available */
- gchar *if_name; /**< NULL if not available, opt 2 A UTF-8 string containing the name of the device used to capture data. */
- gchar *if_description;/**< NULL if not available, opt 3 A UTF-8 string containing the description of the device used to capture data. */
+ gchar *opt_comment; /**< NULL if not available */
+ gchar *if_name; /**< NULL if not available, opt 2 A UTF-8 string containing the name of the device used to capture data. */
+ gchar *if_description; /**< NULL if not available, opt 3 A UTF-8 string containing the description of the device used to capture data. */
/* XXX: if_IPv4addr opt 4 Interface network address and netmask.*/
/* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
/* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits).*/
/* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits)*/
- guint64 if_speed; /**< 0xFFFFFFFF if unknown, opt 8 Interface speed (in bps). 100000000 for 100Mbps */
- guint8 if_tsresol; /**< default is 6 for microsecond resolution, opt 9 Resolution of timestamps.
- * If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10
- */
+ guint64 if_speed; /**< 0xFFFFFFFF if unknown, opt 8 Interface speed (in bps). 100000000 for 100Mbps */
+ guint8 if_tsresol; /**< default is 6 for microsecond resolution, opt 9 Resolution of timestamps.
+ * If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10
+ */
/* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
- gchar *if_filter; /**< NULL if not available, opt 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
- * The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more).
- */
- gchar *if_os; /**< NULL if not available, 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. */
- gint8 if_fcslen; /**< -1 if unknown or changes between packets, opt 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. */
+ gchar *if_filter_str; /**< NULL if not available, opt 11 libpcap string. */
+ guint16 bpf_filter_len; /** Opt 11 variant II BPF filter len 0 if not used*/
+ gchar *if_filter_bpf_bytes; /** Opt 11 BPF filter or NULL */
+ gchar *if_os; /**< NULL if not available, 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. */
+ gint8 if_fcslen; /**< -1 if unknown or changes between packets, opt 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. */
/* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
} wtapng_if_descr_t;
git.samba.org / metze / wireshark / wip.git / commitdiff