[Wireshark-dev] Problem writing a file dissector for vwr capture files

2015-08-30 Thread Joerg Mayer 
Hello,

I'm trying to write a file dissector for the IxVeriWave (.vwr) capture files
(without loosing the ability to open said capture files normally of course)
and am failing:
Running  tshark -X 'read_format:MIME Files Format' -V -r testfile.vwr (or
the equivalent steps in wireshark) results in
tshark: The file testfile.vwr isn't a capture file in a format TShark 
understands.
Trying to just take over the complete capture file was also unsuccessful.
I've attached the current source of the dissector. Simple question: What am
I missing ;-)
In case you want to test, use the capture attached to bug 11464.

Thanks
   Jörg


-- 
Joerg Mayer   jma...@loplof.de
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
/* file-vwr.c
 * Routines for IxVeriWave (.vwr) dissection
 * Documentation only available in form of source code
 *
 * Copyright 2015, Joerg Mayer (see AUTHORS file)
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs ger...@wireshark.org
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include config.h

#include epan/packet.h
#include epan/expert.h
#include wiretap/wtap.h

void proto_register_vwr(void);
void proto_reg_handoff_vwr(void);

static int proto_vwr = -1;

static dissector_handle_t  vwr_handle;

static int hf_vwr_record = -1;

static int hf_vwr_record_header = -1;
static int hf_vwr_record_data = -1;
static int hf_vwr_record_cmd = -1;

static int hf_vwr_header_unknown1 = -1;
static int hf_vwr_header_word1 = -1;
static int hf_vwr_header_word2 = -1;
static int hf_vwr_header_word3 = -1;

static int hf_vwr_data_unknown1 = -1;

static expert_field ei_invalid_header_length = EI_INIT;
static expert_field ei_invalid_data_length = EI_INIT;

static gint ett_vwr_record = -1;
static gint ett_vwr_record_header = -1;
static gint ett_vwr_record_data = -1;

#define VWR_HEADER_LENGTH 20

/*
 * Fetch a 64-bit value in Corey-endian form.
 */
#define pcoreytohll(p)  ((guint64)*((const guint8 *)(p)+4)56|  \
 (guint64)*((const guint8 *)(p)+5)48|  \
 (guint64)*((const guint8 *)(p)+6)40|  \
 (guint64)*((const guint8 *)(p)+7)32|  \
 (guint64)*((const guint8 *)(p)+0)24|  \
 (guint64)*((const guint8 *)(p)+1)16|  \
 (guint64)*((const guint8 *)(p)+2)8|   \
 (guint64)*((const guint8 *)(p)+3)0)

struct record_data {
guint32 data_length;
};

static const value_string record_cmd_vals[] = {

{ 0, NULL }
};

static void
pre_dissect_header(tvbuff_t *tvb, struct record_data *record_data)
{
guint8   record_cmd;
guint32	 word2;
guint32	 word3;
guint32	 data_size;

record_cmd = tvb_get_guint8(tvb, 0);
word2 = tvb_get_guint32(tvb, 8, ENC_BIG_ENDIAN);
word3 = tvb_get_guint32(tvb, 12, ENC_BIG_ENDIAN);

switch (record_cmd) {
case 0x21:
case 0x31:
case 0x8B:
case 0xC1:
data_size = word2  0x;
break;
case 0xFE:
data_size = word3  0x;
break;
default:
	data_size = 0;
break;
}
record_data-data_length = data_size;
}

static gint
dissect_header(proto_tree *tree, tvbuff_t *tvb)
{
proto_tree  *header_tree;
proto_item  *header_item;
gint offset = 0;

header_item = proto_tree_add_item(tree, hf_vwr_record_header, tvb, offset, VWR_HEADER_LENGTH, ENC_NA);
header_tree = proto_item_add_subtree(header_item, ett_vwr_record_header);

proto_tree_add_item(header_tree, hf_vwr_record_cmd, tvb, offset, 1, ENC_NA);
offset +=1;
proto_tree_add_item(header_tree, hf_vwr_header_unknown1, tvb, offset, 3, ENC_NA);
offset +=3;
proto_tree_add_item(header_tree, hf_vwr_header_word1, tvb, offset, 4, ENC_BIG_ENDIAN);
offset +=4;
proto_tree_add_item(header_tree, hf_vwr_header_word2, tvb, offset, 4, ENC_BIG_ENDIAN);
offset +=4;
proto_tree_add_item(header_tree, hf_vwr_header_word3, tvb, offset, 4, ENC_BIG_ENDIAN);
offset +=4;

return offset;
}

static gint
dissect_data(proto_tree *tree, tvbuff_t *tvb, struct record_data *record_data)
{
proto_tree  *data_tree;

Re: [Wireshark-dev] Problem writing a file dissector for vwr capture files

2015-08-30 Thread Hadriel Kaplan 
Did you add the magic info into the magic_files array in
wiretap/mime_file.c?  It looks like it's necessary.
-hadriel

On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer jma...@loplof.de wrote:
 Hello,

 I'm trying to write a file dissector for the IxVeriWave (.vwr) capture files
 (without loosing the ability to open said capture files normally of course)
 and am failing:
 Running  tshark -X 'read_format:MIME Files Format' -V -r testfile.vwr (or
 the equivalent steps in wireshark) results in
 tshark: The file testfile.vwr isn't a capture file in a format TShark 
 understands.
 Trying to just take over the complete capture file was also unsuccessful.
 I've attached the current source of the dissector. Simple question: What am
 I missing ;-)
 In case you want to test, use the capture attached to bug 11464.

 Thanks
Jörg


 --
 Joerg Mayer   jma...@loplof.de
 We are stuck with technology when what we really want is just stuff that
 works. Some say that should read Microsoft instead of technology.

 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:https://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Can I compile only the plugins on Windows?

2015-08-30 Thread Adir Shemesh 
I already have Wireshark compiled, but I'm developing a plugin and
compiling everything takes a lot of time.
In Linux I can use make -C plugins but I couldn't find a solution for
windows.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] MSVC 2015 (VC14) notes/issue

2015-08-30 Thread Pascal Quantin 
Hi all,

2015-08-12 18:57 GMT+02:00 Pascal Quantin pascal.quan...@gmail.com:

 Hi,
 Le 12 août 2015 6:21 PM, Bill Meier wme...@newsguy.com a écrit :
 
  [Resend]
 
  I see that several people (Anders, ...) been building with MSVC-2015
 (VC14) and have fixed a number of issues.
 
  So: I decided to download VC14 and give it a try (using NMake).
 
  A few questions:
 
  Are you using CMake or NMake ?
 
  If using NMake, I assume that you've updated config.nmake  etc. Is
 there some reason you've not committed the changes ?
 
  If not, I've made what I think are the required changes for NMake. Do
 you think it's Ok to commit them ?
 
 
 
  Have you been able to do a complete build ?
 
  So far:
 
  1. Compiling packet-pdc.c gets:
 
  [...]\packet-pdc.c(205) : fatal error C1001: An internal error has
 occurred in the compiler.
  (compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 246)
   To work around this problem, try simplifying or changing the program
 near the locations listed above.
  Please choose the Technical Support command on the Visual C++
   Help menu, or open the Technical Support help file for more information
 
  INTERNAL COMPILER ERROR in 'C:\Program Files\Microsoft Visual Studio
 14.0\VC\BIN\cl.exe'
  Please choose the Technical Support command on the Visual C++
  Help menu, or open the Technical Support help file for more
 information
 
  I've figured out what to change to fix this.
  (I've also extracted a much smaller test file which causes the error and
 will submit the file to Microsoft).
 
 
 
  2. I had to disable building with geoip because:
 
  C:\Program Files\Windows
 Kits\10\include\10.0.10150.0\ucrt\stdio.h(1925): warning C4005: 'snprintf':
 macro redefinition (compiling source file packet-
  ip.c)
  [...]\GeoIP-1.5.1-2-win32ws\include\GeoIP.h(36): note: see previous
 definition of 'snprintf' (compili
  ng source file packet-ip.c)
  C:\Program Files\Windows
 Kits\10\include\10.0.10150.0\ucrt\stdio.h(1927): fatal error C1189:
 #error:  Macro definition of snprintf conflicts with Stan
  dard Library function declaration (compiling source file packet-ip.c)
 
 
  3. I disabled building with LUA because there's apparently yet no LUA
 library (dll) for use with VC14.

 I might have a look at it when coming back from vacation if the packager I
 used last time did not update the library (I have no reliable Internet
 access right now, yes this is still possible nowadays :)). But I was not in
 a hurry as there is no Qt package compiled with MSVC2015 yet, so we still
 have a strong dependency on MSVC2013.


I have now uploaded Lua libraries compiled with MSVC2015. Could one of you
having this compiler give a try to
https://code.wireshark.org/review/#/c/10313/ ?

Thanks,
Pascal.

 libraries compiled with MSVC =
 
  After addressing #1, #2  #3 above (as well as an issue in
 packet-lwres.c), I got a complete working build (based upon a quick test).
 
 
  4. When compiling with code-analysis enabled, I'm getting a boatload of
 the following warning message:
 
  c:\program files\windows kits\10\include\10.0.10150.0
  \ucrt\string.h(130) : warning C28252: Inconsistent annotation for
  'strcpy': _Param_(1) has 'SAL_w
  ritableTo(elementCount(_String_length_(__formal(1,parameter1))+1))' on
  the prior instance. See no file(0).
 
 
  This makes using analysis with vc14 kind of difficult.
 
 
  Bill
 
 ___
  Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
  Archives:https://www.wireshark.org/lists/wireshark-dev
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org
 ?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Can I compile only the plugins on Windows?

2015-08-30 Thread Anders Broman 
Den 30 aug 2015 10:15 skrev Adir Shemesh adir...@gmail.com:

 I already have Wireshark compiled, but I'm developing a plugin and
compiling everything takes a lot of time.
 In Linux I can use make -C plugins but I couldn't find a solution for
windows.


Run the nmake command in the plugins directory, you may have to manually
copy the dll to run dir.
Regards
Anders


___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:https://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org
?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] MSVC 2015 (VC14) notes/issue

2015-08-30 Thread Bill Meier 

On 8/12/2015 12:21 PM, Bill Meier wrote:


2. I had to disable building with geoip because:

#error:  Macro definition of snprintf conflicts with Stan
dard Library function declaration (compiling source file packet-ip.c)





A little digging finds that the Windows Wireshark version of the GeoIP 
library(1.5.2) is a bit old; The current version (on GitHub [1]) is 
1.6.6 and has had various fixes made since 1.5.2.


I also note that the 1.6.6 GeoIP.h no longer has the macro definition 
for snprintf so the MSVC2015 GeoIP compile problem obviously won't occur 
using the latest version.


I don't really know to create the GeoIP libraries (and couldn't easily 
do a 64 bit version anyway) so I'll leave this as a ToDo for others 
(Gerald ?).


(Obviously there's no urgency for this).

[1] https://github.com/maxmind/geoip-api-c

Bill



___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Problem writing a file dissector for vwr capture files

2015-08-30 Thread Joerg Mayer 
On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote:
 Did you add the magic info into the magic_files array in
 wiretap/mime_file.c?  It looks like it's necessary.

Ah, that was the part I was missing. Thanks!
Of course now that I did look at it, it doesn't help me because the file format
doesn't really have a magic value. So how do I go about it properly?

Thanks
   Jörg

 On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer jma...@loplof.de wrote:
  I'm trying to write a file dissector for the IxVeriWave (.vwr) capture files
  (without loosing the ability to open said capture files normally of course)
  and am failing:
  Running  tshark -X 'read_format:MIME Files Format' -V -r testfile.vwr (or
  the equivalent steps in wireshark) results in
  tshark: The file testfile.vwr isn't a capture file in a format TShark 
  understands.
  Trying to just take over the complete capture file was also unsuccessful.
  I've attached the current source of the dissector. Simple question: What am
  I missing ;-)
  In case you want to test, use the capture attached to bug 11464.

-- 
Joerg Mayer   jma...@loplof.de
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Various problems with tshark

2015-08-30 Thread Joerg Mayer 
When using tshark from head I have a bunch of problems right now:

1) stderr is getting spammed with
(process:9870): Capture-WARNING **: Dissector stp incomplete in frame 41915: 
undecoded byte number 57 (0x0030+9)
2) -T fields -e _ws.col.info isn't working (empty column), both with and 
without -V
3) Some of my .vwr captures seem to only decode in tshark (with and without -V) 
but
   don't decode with -2 or in wireshark (I'll open a proper bug for this once I 
have more
   info). Btw, how can I convert .vwr files to pcapng? Both Save and Save As 
are greyed out.

Thanks
   Jörg
-- 
Joerg Mayer   jma...@loplof.de
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe