1berry/wireshark
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

etwdump: either declare functions static or declare them in headers.

Browse Source 
If a function is used only in the .c file that defines it, declare it
static.

If it's used in other .c files, don't declare it .c files that call it;
declare it in a .h files also included in the .c file that defines it.
This commit is contained in:
Guy Harris 2025-01-07 11:48:03 -08:00
parent 9954342fe9
commit febd09fad9
6 changed files with 77 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
extcap/etl.c
View File

@ -22,6 +22,7 @@
#include "wsutil/ws_getopt.h"
#include "wsutil/strtoi.h"
#include "etw_message.h"
#include "etw_ndiscap.h"
#include <rpc.h>
#include <winevt.h>
@ -80,14 +81,12 @@ static PROVIDER_FILTER g_provider_filters[32];
static BOOL g_is_live_session;
static void WINAPI event_callback(PEVENT_RECORD ev);
void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
void etw_dump_write_ndiscap_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char* comment, unsigned short comment_length);
wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info);
static void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
static void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
static void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
static wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info);
DWORD GetPropertyValue(WCHAR* ProviderId, EVT_PUBLISHER_METADATA_PROPERTY_ID PropertyId, PEVT_VARIANT* Value)
static DWORD GetPropertyValue(WCHAR* ProviderId, EVT_PUBLISHER_METADATA_PROPERTY_ID PropertyId, PEVT_VARIANT* Value)
{
BOOL bRet;
DWORD err = ERROR_SUCCESS;
@ -406,7 +405,7 @@ wtap_open_return_val etw_dump(const char* etl_filename, const char* pcapng_filen
return returnVal;
}
BOOL is_event_filtered_out(PEVENT_RECORD ev)
static BOOL is_event_filtered_out(PEVENT_RECORD ev)
{
if (g_is_live_session)
{
@ -465,7 +464,7 @@ static void WINAPI event_callback(PEVENT_RECORD ev)
}
}
wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info)
static wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info)
{
wtap_dump_params params = { 0 };
GArray* shb_hdrs = NULL;
@ -518,7 +517,7 @@ wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_inf
return pdh;
}
ULONG wtap_etl_record_buffer_init(WTAP_ETL_RECORD** out_etl_record, PEVENT_RECORD ev, BOOLEAN include_user_data, WCHAR* message, WCHAR* provider_name)
static ULONG wtap_etl_record_buffer_init(WTAP_ETL_RECORD** out_etl_record, PEVENT_RECORD ev, BOOLEAN include_user_data, WCHAR* message, WCHAR* provider_name)
{
ULONG total_packet_length = sizeof(WTAP_ETL_RECORD);
WTAP_ETL_RECORD* etl_record = NULL;
@ -642,7 +641,7 @@ void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG origin
wtap_rec_cleanup(&rec);
}
void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
static void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
{
WTAP_ETL_RECORD* etl_record = NULL;
ULONG total_packet_length = 0;
@ -654,7 +653,7 @@ void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
g_free(etl_record);
}
void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
static void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
{
WTAP_ETL_RECORD* etl_record = NULL;
ULONG total_packet_length = 0;
@ -663,7 +662,7 @@ void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
g_free(etl_record);
}
void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
static void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
{
PTRACE_EVENT_INFO pInfo = NULL;
PBYTE pUserData = NULL;

6
extcap/etl.h
View File

@ -29,7 +29,11 @@ typedef struct
char padding[64];
} SUPER_EVENT_TRACE_PROPERTIES;
wtap_open_return_val etw_dump(const char* etl_filename, const char* pcapng_filename, const char* params, int* err, char** err_info);
extern wtap_open_return_val etw_dump(const char* etl_filename, const char* pcapng_filename, const char* params, int* err, char** err_info);
extern void wtap_etl_add_interface(int pkt_encap, char* interface_name, unsigned short interface_name_length, char* interface_desc, unsigned short interface_desc_length);
extern void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char* comment, unsigned short comment_length);
#endif

6
extcap/etw_message.c
View File

@ -86,7 +86,7 @@ VOID format_message(WCHAR* lpszMessage, PROPERTY_KEY_VALUE* propArray, DWORD dwP
* length attribute, the size is inferred from the data type. The length will be zero for variable
* length, null-terminated strings and structures.
*/
DWORD GetPropertyLength(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT PropertyLength)
static DWORD GetPropertyLength(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT PropertyLength)
{
DWORD status = ERROR_SUCCESS;
PROPERTY_DATA_DESCRIPTOR DataDescriptor = { 0 };
@ -147,7 +147,7 @@ cleanup:
return status;
}
DWORD GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT ArraySize)
static DWORD GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT ArraySize)
{
DWORD status = ERROR_SUCCESS;
PROPERTY_DATA_DESCRIPTOR DataDescriptor = { 0 };
@ -171,7 +171,7 @@ DWORD GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSH
return status;
}
DWORD GetMapInfo(PEVENT_RECORD pEvent, LPWSTR pMapName, PEVENT_MAP_INFO* pMapInfo)
static DWORD GetMapInfo(PEVENT_RECORD pEvent, LPWSTR pMapName, PEVENT_MAP_INFO* pMapInfo)
{
DWORD status = ERROR_SUCCESS;
DWORD MapSize = 0;

33
extcap/etw_ndiscap.c
View File

@ -29,6 +29,8 @@
#include <winsock2.h>
#include <netiodef.h>
#include "etw_ndiscap.h"
// inet_ipv6.h and netiodef.h define exactly the same stuff, like _IPV6_ROUTING_HEADER and IP6F_OFF_MASK.
// So wiretap/wtap.h cannot be directly included in this file. Defines below three WTAP_ENCAP types with the value in wtap.h for compile
#define WTAP_ENCAP_ETHERNET 1
@ -87,12 +89,12 @@ static const char* DOT11_PHY_TYPE_NAMES[] = {
"802.11ax" // dot11_phy_type_he = 10
};
unsigned long long NumFramesConverted;
char AuxFragBuf[MAX_PACKET_SIZE] = {0};
unsigned long AuxFragBufOffset;
static unsigned long long NumFramesConverted;
static char AuxFragBuf[MAX_PACKET_SIZE] = {0};
static unsigned long AuxFragBufOffset;
DOT11_EXTSTA_RECV_CONTEXT PacketMetadata;
BOOLEAN AddWlanMetadata;
static DOT11_EXTSTA_RECV_CONTEXT PacketMetadata;
static BOOLEAN AddWlanMetadata;
typedef struct _NDIS_NET_BUFFER_LIST_8021Q_INFO {
union {
@ -120,7 +122,7 @@ typedef struct _NDIS_NET_BUFFER_LIST_8021Q_INFO {
// From: https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/nblinfo/ne-nblinfo-ndis_net_buffer_list_info
#define MaxNetBufferListInfo 200
#define Ieee8021QNetBufferListInfo 4
PBYTE OobData[MaxNetBufferListInfo];
static PBYTE OobData[MaxNetBufferListInfo];
typedef struct _VMSWITCH_SOURCE_INFO {
unsigned long SourcePortId;
@ -135,8 +137,8 @@ typedef struct _VMSWITCH_PACKET_FRAGMENT {
short VlanId;
} VMSWITCH_PACKET_FRAGMENT, *PVMSWITCH_PACKET_FRAGMENT;
BOOLEAN CurrentPacketIsVMSwitchPacketFragment;
VMSWITCH_PACKET_FRAGMENT VMSwitchPacketFragment;
static BOOLEAN CurrentPacketIsVMSwitchPacketFragment;
static VMSWITCH_PACKET_FRAGMENT VMSwitchPacketFragment;
struct INTERFACE {
struct INTERFACE* Next;
@ -151,16 +153,13 @@ struct INTERFACE {
};
#define IFACE_HT_SIZE 100
struct INTERFACE* InterfaceHashTable[IFACE_HT_SIZE];
unsigned long NumInterfaces;
void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char* comment, unsigned short comment_length);
void wtap_etl_add_interface(int pkt_encap, char* interface_name, unsigned short interface_name_length, char* interface_desc, unsigned short interface_desc_length);
static struct INTERFACE* InterfaceHashTable[IFACE_HT_SIZE];
static unsigned long NumInterfaces;
extern char g_err_info[FILENAME_MAX];
extern int g_err;
unsigned long HashInterface(unsigned long LowerIfIndex)
static unsigned long HashInterface(unsigned long LowerIfIndex)
{
if (CurrentPacketIsVMSwitchPacketFragment) {
return VMSwitchPacketFragment.SourcePortId * (VMSwitchPacketFragment.VlanId + 1);
@ -169,7 +168,7 @@ unsigned long HashInterface(unsigned long LowerIfIndex)
}
}
struct INTERFACE* GetInterface(unsigned long LowerIfIndex)
static struct INTERFACE* GetInterface(unsigned long LowerIfIndex)
{
struct INTERFACE* Iface = InterfaceHashTable[HashInterface(LowerIfIndex) % IFACE_HT_SIZE];
while (Iface != NULL) {
@ -190,7 +189,7 @@ struct INTERFACE* GetInterface(unsigned long LowerIfIndex)
return NULL;
}
struct INTERFACE* AddInterface(PEVENT_RECORD ev, unsigned long LowerIfIndex, unsigned long MiniportIfIndex, int Type)
static struct INTERFACE* AddInterface(PEVENT_RECORD ev, unsigned long LowerIfIndex, unsigned long MiniportIfIndex, int Type)
{
struct INTERFACE** Iface = &InterfaceHashTable[HashInterface(LowerIfIndex) % IFACE_HT_SIZE];
struct INTERFACE* NewIface = malloc(sizeof(struct INTERFACE));
@ -365,7 +364,7 @@ struct INTERFACE* AddInterface(PEVENT_RECORD ev, unsigned long LowerIfIndex, uns
return NewIface;
}
void ParseVmSwitchPacketFragment(PEVENT_RECORD ev)
static void ParseVmSwitchPacketFragment(PEVENT_RECORD ev)
{
// Parse the current VMSwitch packet event for use elsewhere.
// NB: Here we only do per-packet parsing. For any event fields that only need to be

40
extcap/etw_ndiscap.h Normal file
View File

@ -0,0 +1,40 @@
/** @file
*
* Copyright 2020, Odysseus Yang
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef __W_ETW_NDISCAP_H__
#define __W_ETW_NDISCAP_H__
#include <glib.h>
#include <windows.h>
#include <SDKDDKVer.h>
#include <strsafe.h>
#include <evntcons.h>
#include <tdh.h>
#include <stdlib.h>
extern void etw_dump_write_ndiscap_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
#endif
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/

2
extcap/etwdump.c
View File

@ -54,7 +54,7 @@ static const struct ws_option longopts[] = {
int g_include_undecidable_event;
void SignalHandler(_U_ int signal)
static void SignalHandler(_U_ int signal)
{
SUPER_EVENT_TRACE_PROPERTIES super_trace_properties = { 0 };
super_trace_properties.prop.Wnode.BufferSize = sizeof(SUPER_EVENT_TRACE_PROPERTIES);