All files:
- Replace types from sys/types.h by those from glib.h
- Replace ntoh family of macros from netinet/in.h and winsock2.h
by g_ntoh family from glib.h
- Remove now unneeded includes of sys/types.h, netinet/in.h and
winsock2.h
wtap.h
Move includes to the top
svn path=/trunk/; revision=5909
<packet32.h> includes <winsock2.h>; we include that rather than
<winsock.h>, to avoid errors due to conflicting declarations in
<winsock.h> and <winsock2.h>.
svn path=/trunk/; revision=5742
returns radio information such as signal strength, channel, and data
rate in a pseudo-header. Add that pseudo-header.
Use the "802.11 with radio information" encapsulation type for Wireless
Sniffer files; extract the radio information from where it appears to be
in the header.
Add dissector code for that encapsulation type.
Fix an error in the code to put radio information into the AiroPeek
tree.
Make the "wrapped" flag for NetXRay/Windows Sniffer captures a
"gboolean".
svn path=/trunk/; revision=5122
Read in the entire packet, including the padding, and just tell our
caller about the non-padding part; that avoids doing a "file_seek()"
("fseek()"s are inefficient on some platforms, as they flush the
standard I/O buffers and do an "lseek()"), and would also let us supply
the padding to the caller if it turns out it's an FCS rather than
padding.
svn path=/trunk/; revision=5107
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
svn path=/trunk/; revision=4874
data structure attached to the "wtap" structure, rather than in a
pseudo-header structure; get rid of the EtherPeek pseudo-header
structure, as it's not actually used as a pseudo-header, it's just used
as private data for the EtherPeek reader.
Get rid of an extra level of indentation in switch statements.
svn path=/trunk/; revision=4561
The second argument to g_ptr_array_free() does not indicate to
glib to free the objects that the pointers in the GPtrArray refer to,
but simply whether or not the free the block of pointers. We have
to free the objects ourselves.
svn path=/trunk/; revision=4391
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
which we store it a "size_t", and then fix up the bugs that were
revealed by the compiler warnings that produced - "fwrite()" returns 0,
not a negative number, on an I/O error.
Fix up some other items to have type "size_t", or to have various
unsigned types, while we're at it, to squelch compiler warnings.
svn path=/trunk/; revision=3867
in some places use "guint64", on plaforms where it's available,
rather than floating point (we don't yet use it universally, as
we'd have to provide code to do 64-bit arithmetic on
platforms/compilers where 64-bit integral types aren't
supported);
use .838096 microseconds rather than 1 microseconds as the time
stamp units for NetXRay 2.x format, as those capture files seem
to use that time stamp (that's the Sniffer "PC" time stamp;
perhaps when Network Associates assimilated Cinco, they changed
the time stamp units).
svn path=/trunk/; revision=3027
don't need to work around that.
The offset, for a given packet, at which "ascend_seek()" should start
searching for that packet's header must be computed separately from the
offset, for that packet, at which "ascend_seek()" should start searching
for the *next* packet - if the file is a "wdd" capture, and the packet
has a "Date:" header and a WD_DIALOUT_DISP header, the search for that
packet should start at the beginning of the "Date:" header, but the
search for the next packet should start after the WD_DIALOUT_DISP
header, as if we start it after the "Date:" header, the search will stop
at the packet's own WD_DIALOUT_DISP header, as a packet could have a
WD_DIALOUT_DISP header but no "Date:" header.
svn path=/trunk/; revision=2620
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
svn path=/trunk/; revision=2392
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
sequential pass through the file build a list of information about the
compressed blobs, with the starting offset in the compressed file and in
the uncompressed byte stream for each blob.
When seeking on the random stream, check whether the target location is
within the uncompressed buffer we currently have; if not, use that list
to figure out which blob contains the target location, and read that
blob into the buffer. Then, as we now know that the target location is
within the uncompressed buffer we currently have, just move the current
pointer into that buffer to the target location.
This means we don't have to read forwards through any uninteresting
blobs in order to seek forwards, and don't have to go all the way back
to the beginning and seek forwards in order to seek backwards.
svn path=/trunk/; revision=2251
is finally dead, and you're walking away, it springs up again and
attacks.
It appears that the ss990915 version of Alexey Kuznetzov's libpcap patch
has some extra stuff in the per-packet header for some sort of SMP
debugging, and that SuSE Linux 6.3 picked it up.
Thus, even if a libpcap file has the modified magic number, we *still*
have to go through the usual heuristic hell to figure out what type of
file it is.
svn path=/trunk/; revision=2164
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
Jörg Mayer