etwdump: either declare functions static or declare them in headers.

If a function is used only in the .c file that defines it, declare it
static.

If it's used in other .c files, don't declare it .c files that call it;
declare it in a .h files also included in the .c file that defines it.

extcap/etl.c

@@ -22,6 +22,7 @@
 #include "wsutil/ws_getopt.h"
 #include "wsutil/strtoi.h"
 #include "etw_message.h"
+#include "etw_ndiscap.h"
 
 #include <rpc.h>
 #include <winevt.h>
@@ -80,14 +81,12 @@ static PROVIDER_FILTER g_provider_filters[32];
 static BOOL g_is_live_session;
 
 static void WINAPI event_callback(PEVENT_RECORD ev);
-void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
+static void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
-void etw_dump_write_ndiscap_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
+static void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
-void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
+static void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
-void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
+static wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info);
-void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char* comment, unsigned short comment_length);
-wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info);
 
-DWORD GetPropertyValue(WCHAR* ProviderId, EVT_PUBLISHER_METADATA_PROPERTY_ID PropertyId, PEVT_VARIANT* Value)
+static DWORD GetPropertyValue(WCHAR* ProviderId, EVT_PUBLISHER_METADATA_PROPERTY_ID PropertyId, PEVT_VARIANT* Value)
 {
     BOOL bRet;
     DWORD err = ERROR_SUCCESS;
@@ -406,7 +405,7 @@ wtap_open_return_val etw_dump(const char* etl_filename, const char* pcapng_filen
     return returnVal;
 }
 
-BOOL is_event_filtered_out(PEVENT_RECORD ev)
+static BOOL is_event_filtered_out(PEVENT_RECORD ev)
 {
     if (g_is_live_session)
     {
@@ -465,7 +464,7 @@ static void WINAPI event_callback(PEVENT_RECORD ev)
     }
 }
 
-wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info)
+static wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_info)
 {
     wtap_dump_params params = { 0 };
     GArray* shb_hdrs = NULL;
@@ -518,7 +517,7 @@ wtap_dumper* etw_dump_open(const char* pcapng_filename, int* err, char** err_inf
     return pdh;
 }
 
-ULONG wtap_etl_record_buffer_init(WTAP_ETL_RECORD** out_etl_record, PEVENT_RECORD ev, BOOLEAN include_user_data, WCHAR* message, WCHAR* provider_name)
+static ULONG wtap_etl_record_buffer_init(WTAP_ETL_RECORD** out_etl_record, PEVENT_RECORD ev, BOOLEAN include_user_data, WCHAR* message, WCHAR* provider_name)
 {
     ULONG total_packet_length = sizeof(WTAP_ETL_RECORD);
     WTAP_ETL_RECORD* etl_record = NULL;
@@ -642,7 +641,7 @@ void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG origin
     wtap_rec_cleanup(&rec);
 }
 
-void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
+static void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
 {
     WTAP_ETL_RECORD* etl_record = NULL;
     ULONG total_packet_length = 0;
@@ -654,7 +653,7 @@ void etw_dump_write_opn_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
     g_free(etl_record);
 }
 
-void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
+static void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
 {
     WTAP_ETL_RECORD* etl_record = NULL;
     ULONG total_packet_length = 0;
@@ -663,7 +662,7 @@ void etw_dump_write_event_head_only(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
     g_free(etl_record);
 }
 
-void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
+static void etw_dump_write_general_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp)
 {
     PTRACE_EVENT_INFO pInfo = NULL;
     PBYTE pUserData = NULL;

extcap/etl.h

@@ -29,7 +29,11 @@ typedef struct
     char padding[64];
 } SUPER_EVENT_TRACE_PROPERTIES;
 
-wtap_open_return_val etw_dump(const char* etl_filename, const char* pcapng_filename, const char* params, int* err, char** err_info);
+extern wtap_open_return_val etw_dump(const char* etl_filename, const char* pcapng_filename, const char* params, int* err, char** err_info);
+
+extern void wtap_etl_add_interface(int pkt_encap, char* interface_name, unsigned short interface_name_length, char* interface_desc, unsigned short interface_desc_length);
+
+extern void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char* comment, unsigned short comment_length);
 
 #endif
 

extcap/etw_message.c

@@ -86,7 +86,7 @@ VOID format_message(WCHAR* lpszMessage, PROPERTY_KEY_VALUE* propArray, DWORD dwP
 * length attribute, the size is inferred from the data type. The length will be zero for variable
 * length, null-terminated strings and structures.
 */
-DWORD GetPropertyLength(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT PropertyLength)
+static DWORD GetPropertyLength(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT PropertyLength)
 {
     DWORD status = ERROR_SUCCESS;
     PROPERTY_DATA_DESCRIPTOR DataDescriptor = { 0 };
@@ -147,7 +147,7 @@ cleanup:
     return status;
 }
 
-DWORD GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT ArraySize)
+static DWORD GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSHORT ArraySize)
 {
     DWORD status = ERROR_SUCCESS;
     PROPERTY_DATA_DESCRIPTOR DataDescriptor = { 0 };
@@ -171,7 +171,7 @@ DWORD GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, USHORT i, PUSH
     return status;
 }
 
-DWORD GetMapInfo(PEVENT_RECORD pEvent, LPWSTR pMapName, PEVENT_MAP_INFO* pMapInfo)
+static DWORD GetMapInfo(PEVENT_RECORD pEvent, LPWSTR pMapName, PEVENT_MAP_INFO* pMapInfo)
 {
     DWORD status = ERROR_SUCCESS;
     DWORD MapSize = 0;

extcap/etw_ndiscap.c

@@ -29,6 +29,8 @@
 #include <winsock2.h>
 #include <netiodef.h>
 
+#include "etw_ndiscap.h"
+
 // inet_ipv6.h and netiodef.h define exactly the same stuff, like _IPV6_ROUTING_HEADER and IP6F_OFF_MASK.
 // So wiretap/wtap.h cannot be directly included in this file. Defines below three WTAP_ENCAP types with the value in wtap.h for compile
 #define WTAP_ENCAP_ETHERNET                       1
@@ -87,12 +89,12 @@ static const char* DOT11_PHY_TYPE_NAMES[] = {
     "802.11ax"        // dot11_phy_type_he = 10
 };
 
-unsigned long long NumFramesConverted;
+static unsigned long long NumFramesConverted;
-char AuxFragBuf[MAX_PACKET_SIZE] = {0};
+static char AuxFragBuf[MAX_PACKET_SIZE] = {0};
-unsigned long AuxFragBufOffset;
+static unsigned long AuxFragBufOffset;
 
-DOT11_EXTSTA_RECV_CONTEXT PacketMetadata;
+static DOT11_EXTSTA_RECV_CONTEXT PacketMetadata;
-BOOLEAN AddWlanMetadata;
+static BOOLEAN AddWlanMetadata;
 
 typedef struct _NDIS_NET_BUFFER_LIST_8021Q_INFO {
     union {
@@ -120,7 +122,7 @@ typedef struct _NDIS_NET_BUFFER_LIST_8021Q_INFO {
 // From: https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/nblinfo/ne-nblinfo-ndis_net_buffer_list_info
 #define MaxNetBufferListInfo 200
 #define Ieee8021QNetBufferListInfo 4
-PBYTE OobData[MaxNetBufferListInfo];
+static PBYTE OobData[MaxNetBufferListInfo];
 
 typedef struct _VMSWITCH_SOURCE_INFO {
     unsigned long SourcePortId;
@@ -135,8 +137,8 @@ typedef struct _VMSWITCH_PACKET_FRAGMENT {
     short VlanId;
 } VMSWITCH_PACKET_FRAGMENT, *PVMSWITCH_PACKET_FRAGMENT;
 
-BOOLEAN CurrentPacketIsVMSwitchPacketFragment;
+static BOOLEAN CurrentPacketIsVMSwitchPacketFragment;
-VMSWITCH_PACKET_FRAGMENT VMSwitchPacketFragment;
+static VMSWITCH_PACKET_FRAGMENT VMSwitchPacketFragment;
 
 struct INTERFACE {
     struct INTERFACE* Next;
@@ -151,16 +153,13 @@ struct INTERFACE {
 };
 
 #define IFACE_HT_SIZE 100
-struct INTERFACE* InterfaceHashTable[IFACE_HT_SIZE];
+static struct INTERFACE* InterfaceHashTable[IFACE_HT_SIZE];
-unsigned long NumInterfaces;
+static unsigned long NumInterfaces;
-
-void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char* comment, unsigned short comment_length);
-void wtap_etl_add_interface(int pkt_encap, char* interface_name, unsigned short interface_name_length, char* interface_desc, unsigned short interface_desc_length);
 
 extern char g_err_info[FILENAME_MAX];
 extern int g_err;
 
-unsigned long HashInterface(unsigned long LowerIfIndex)
+static unsigned long HashInterface(unsigned long LowerIfIndex)
 {
     if (CurrentPacketIsVMSwitchPacketFragment) {
         return VMSwitchPacketFragment.SourcePortId * (VMSwitchPacketFragment.VlanId + 1);
@@ -169,7 +168,7 @@ unsigned long HashInterface(unsigned long LowerIfIndex)
     }
 }
 
-struct INTERFACE* GetInterface(unsigned long LowerIfIndex)
+static struct INTERFACE* GetInterface(unsigned long LowerIfIndex)
 {
     struct INTERFACE* Iface = InterfaceHashTable[HashInterface(LowerIfIndex) % IFACE_HT_SIZE];
     while (Iface != NULL) {
@@ -190,7 +189,7 @@ struct INTERFACE* GetInterface(unsigned long LowerIfIndex)
     return NULL;
 }
 
-struct INTERFACE* AddInterface(PEVENT_RECORD ev, unsigned long LowerIfIndex, unsigned long MiniportIfIndex, int Type)
+static struct INTERFACE* AddInterface(PEVENT_RECORD ev, unsigned long LowerIfIndex, unsigned long MiniportIfIndex, int Type)
 {
     struct INTERFACE** Iface = &InterfaceHashTable[HashInterface(LowerIfIndex) % IFACE_HT_SIZE];
     struct INTERFACE* NewIface = malloc(sizeof(struct INTERFACE));
@@ -365,7 +364,7 @@ struct INTERFACE* AddInterface(PEVENT_RECORD ev, unsigned long LowerIfIndex, uns
     return NewIface;
 }
 
-void ParseVmSwitchPacketFragment(PEVENT_RECORD ev)
+static void ParseVmSwitchPacketFragment(PEVENT_RECORD ev)
 {
     // Parse the current VMSwitch packet event for use elsewhere.
     // NB: Here we only do per-packet parsing. For any event fields that only need to be

extcap/etw_ndiscap.h

@@ -0,0 +1,40 @@
+/** @file
+ *
+ * Copyright 2020, Odysseus Yang
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef __W_ETW_NDISCAP_H__
+#define __W_ETW_NDISCAP_H__
+
+#include <glib.h>
+
+#include <windows.h>
+#include <SDKDDKVer.h>
+#include <strsafe.h>
+#include <evntcons.h>
+#include <tdh.h>
+#include <stdlib.h>
+
+extern void etw_dump_write_ndiscap_event(PEVENT_RECORD ev, ULARGE_INTEGER timestamp);
+
+#endif
+
+
+/*
+ * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */

extcap/etwdump.c

@@ -54,7 +54,7 @@ static const struct ws_option longopts[] = {
 
 int g_include_undecidable_event;
 
-void SignalHandler(_U_ int signal)
+static void SignalHandler(_U_ int signal)
 {
     SUPER_EVENT_TRACE_PROPERTIES super_trace_properties = { 0 };
     super_trace_properties.prop.Wnode.BufferSize = sizeof(SUPER_EVENT_TRACE_PROPERTIES);