Wireshark · Wireshark-dev: [Wireshark-dev] Preserve Section header block when saving file in Wireshark.

[Anders Broman <a.broman@xxxxxxxxxxxx>]

Hi,
Here is a half baked attempt at preserving the SHB, does this look to be 
on the right track?
If it looks OK feel free to apply it or any part of it or even complete 
it :-)

Regards
Anders

Index: pcapng.c
===================================================================
--- pcapng.c	(revision 41027)
+++ pcapng.c	(working copy)
@@ -186,16 +186,18 @@
 
 
 /* Capture section */
+#if 0
+/* Moved to wtap.h */
 typedef struct wtapng_section_s {
 	/* mandatory */
 	guint64				section_length;
 	/* options */
 	gchar				*opt_comment;	/* NULL if not available */
 	gchar				*shb_hardware;	/* NULL if not available */
-	gchar				*shb_os;	/* NULL if not available */
+	gchar				*shb_os;		/* NULL if not available */
 	gchar				*shb_user_appl;	/* NULL if not available */
 } wtapng_section_t;
-
+#endif
 /* Interface Description */
 typedef struct wtapng_if_descr_s {
 	/* mandatory */
@@ -203,7 +205,7 @@
 	guint32				snap_len;
 	/* options */
 	gchar				*opt_comment;	/* NULL if not available */
-	gchar				*if_name;	/* NULL if not available */
+	gchar				*if_name;		/* NULL if not available */
 	gchar				*if_description;/* NULL if not available */
 	/* XXX: if_IPv4addr */
 	/* XXX: if_IPv6addr */
@@ -1505,6 +1507,11 @@
 		return 0;
 	}
 
+	wth->shb_hdr.opt_comment	= wblock.data.section.opt_comment;
+	wth->shb_hdr.shb_hardware	= wblock.data.section.shb_hardware;
+	wth->shb_hdr.shb_os			= wblock.data.section.shb_os;
+	wth->shb_hdr.shb_user_appl	= wblock.data.section.shb_user_appl;
+
 	wth->file_encap = WTAP_ENCAP_UNKNOWN;
 	wth->snapshot_length = 0;
 	wth->tsprecision = WTAP_FILE_TSPREC_NSEC;
@@ -2179,11 +2186,18 @@
 	wblock.type = BLOCK_TYPE_SHB;
 	wblock.data.section.section_length = -1;
 
-	/* XXX - options unused */
-	wblock.data.section.opt_comment   = NULL;
-	wblock.data.section.shb_hardware  = NULL;
-	wblock.data.section.shb_os        = NULL;
-	wblock.data.section.shb_user_appl = NULL;
+	/* Options */
+	if(wdh->shb_hdr){
+		wblock.data.section.opt_comment   = wdh->shb_hdr->opt_comment;
+		wblock.data.section.shb_hardware  = wdh->shb_hdr->shb_hardware;
+		wblock.data.section.shb_os        = wdh->shb_hdr->shb_os;
+		wblock.data.section.shb_user_appl = wdh->shb_hdr->shb_user_appl;
+	}else{
+		wblock.data.section.opt_comment   = NULL;
+		wblock.data.section.shb_hardware  = NULL;
+		wblock.data.section.shb_os        = NULL;
+		wblock.data.section.shb_user_appl = NULL;
+	}
 
 	if (!pcapng_write_block(wdh, &wblock, err)) {
 		return FALSE;
Index: wtap.h
===================================================================
--- wtap.h	(revision 41027)
+++ wtap.h	(working copy)
@@ -833,6 +833,19 @@
 	guint32				pack_flags;     /* XXX - 0 for now (any value for "we don't have it"?) */
 };
 
+/**
+ * Holds the option strings from pcapng:s Section Header block(SHB).
+ */
+typedef struct wtapng_section_s {
+	/* mandatory */
+	guint64				section_length;
+	/* options */
+	gchar				*opt_comment;	/* NULL if not available */
+	gchar				*shb_hardware;	/* NULL if not available, UTF-8 string containing the description of the hardware used to create this section. */
+	gchar				*shb_os;		/* NULL if not available, UTF-8 string containing the name of the operating system used to create this section. */
+	gchar				*shb_user_appl;	/* NULL if not available, UTF-8 string containing the name of the application used to create this section. */
+} wtapng_section_t;
+
 struct Buffer;
 struct wtap_dumper;
 
@@ -946,10 +959,16 @@
 gboolean wtap_dump_can_write_encap(int filetype, int encap);
 gboolean wtap_dump_can_compress(int filetype);
 gboolean wtap_dump_has_name_resolution(int filetype);
+
 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
 	int snaplen, gboolean compressed, int *err);
+
+wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
+	int snaplen, gboolean compressed, wtapng_section_t *shb_hdr,int *err);
+
 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
 	gboolean compressed, int *err);
+
 gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
 	const union wtap_pseudo_header *pseudo_header, const guint8 *, int *err);
 void wtap_dump_flush(wtap_dumper *);
Index: file_access.c
===================================================================
--- file_access.c	(revision 41027)
+++ file_access.c	(working copy)
@@ -976,6 +976,12 @@
 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
 				int snaplen, gboolean compressed, int *err)
 {
+	return wtap_dump_open_ng(filename, filetype, encap,snaplen, compressed, NULL, err);
+}
+
+wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
+				int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, int *err)
+{
 	wtap_dumper *wdh;
 	WFILE_T fh;
 
@@ -988,7 +994,10 @@
 	wdh = wtap_dump_alloc_wdh(filetype, encap, snaplen, compressed, err);
 	if (wdh == NULL)
 		return NULL;	/* couldn't allocate it */
-
+	
+	/* Set Section Header Block data */
+	wdh->shb_hdr = shb_hdr;
+	
 	/* "-" means stdout */
 	if (strcmp(filename, "-") == 0) {
 		if (compressed) {
Index: wtap-int.h
===================================================================
--- wtap-int.h	(revision 41027)
+++ wtap-int.h	(working copy)
@@ -51,6 +51,7 @@
 	guint						snapshot_length;
 	struct Buffer				*frame_buffer;
 	struct wtap_pkthdr			phdr;
+	struct wtapng_section_s		shb_hdr;
 	union wtap_pseudo_header	pseudo_header;
 
 	gint64						data_offset;
@@ -99,9 +100,10 @@
 	subtype_write_func	subtype_write;
 	subtype_close_func	subtype_close;
 
-	int			tsprecision;	/* timestamp precision of the lower 32bits
-								 * e.g. WTAP_FILE_TSPREC_USEC */
-	struct addrinfo *addrinfo_list;
+	int							tsprecision;	/* timestamp precision of the lower 32bits
+												 * e.g. WTAP_FILE_TSPREC_USEC */
+	struct addrinfo				*addrinfo_list;
+	struct wtapng_section_s		*shb_hdr;
 };
 
 extern gboolean wtap_dump_file_write(wtap_dumper *wdh, const void *buf,
Index: wtap.def
===================================================================
--- wtap.def	(revision 41027)
+++ wtap.def	(working copy)
@@ -41,6 +41,7 @@
 wtap_dump_fdopen
 wtap_dump_flush
 wtap_dump_open
+wtap_dump_open_ng
 wtap_dump_set_addrinfo_list
 wtap_encap_short_string
 wtap_encap_string