Have --version print the version number, the copyright information, the
"compiled with" information, the "running on/with" information, and the
compiler information.
Have --help print the version number, a one-line summary of what the
program does, a reference to http://www.wireshark.org for more
information, a Usage: line, and a list of command-line options.
This means programs doing that don't need to include version.h; that's
left up to get_ws_vcs_version_info() to do.
Change-Id: Idac641bc10e4dfd04c9914d379b3a3e0cc5ca8cb
Reviewed-on: https://code.wireshark.org/review/2794
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In some cases "-v" was already used so "-V" is the option.
Note that the version information in these utilities is much shorter than what
is presented by the big programs.
As requested by https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5804
Bug: 5804
Change-Id: I35db35a4eace2797afd895f9be7322ef39928480
Reviewed-on: https://code.wireshark.org/review/2489
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And make sure we have a pointer to the struct wtap_pkthdr for the packet
before we check it for a time stamp.
Change-Id: I26b205e5467a3a1236e9fd1f7633e86ece5e9040
Reviewed-on: https://code.wireshark.org/review/1762
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pcap-ng files might have Simple Packet Blocks, which don't have time
stamps, and some other file formats might not have time stamps as well.
Only check the time stamp if we have one, and don't use "the start time
stamp is unset" as an indication that we've just read the first packet,
use "the count of packets we've read is 1" as an indication that we've
just read the first packet.
Change-Id: I097c54867655efb5c343fb880a113b3583736bbd
Reviewed-on: https://code.wireshark.org/review/1757
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit c0c480d08c.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 1abeb277f5.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Rename "SVNPATH" to "GITBRANCH" since that seems more appropriate.
Rename "svnversion.h" to "version.h" as Evan suggested. Update some
URLs. In make-version.pl, make sure we don't set an improper upstream
branch name. Use the number of commits + short hash from `git describe`
for package names by default.
Change-Id: I922bba8d83eabdf49284a119f55b4076bc469b96
Reviewed-on: https://code.wireshark.org/review/139
Reviewed-by: Gerald Combs <gerald@wireshark.org>
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
No need to build a constant string on the stack at runtime;
Fix a typo;
Do some whitespace changes;
Change tab-width & etc to 8 in editor modelines.
svn path=/trunk/; revision=54581
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
Lastly, try to improve the documentation a bit concerning chopping and provide another example depicting 2 separate chopping regions. *Maybe* this is clearer?
One more example here for posterity: Given the following 75 byte packet, there
are 8 different ways to chop the 2 regions marked as 10 and 20 in a single pass:
<--------------------------- 75 ---------------------------->
+---+-------+-----------+---------------+-------------------+
| 5 | 10 | 15 | 20 | 25 |
+---+-------+-----------+---------------+-------------------+
1) editcap -C 5:10 -C -25:-20 in.pcap out.pcap
2) editcap -C 5:10 -C 50:-20 in.pcap out.pcap
3) editcap -C -70:10 -C -25:-20 in.pcap out.pcap
4) editcap -C -70:10 -C 50:-20 in.pcap out.pcap
5) editcap -C 30:20 -C -60:-10 in.pcap out.pcap
6) editcap -C 30:20 -C 15:-10 in.pcap out.pcap
7) editcap -C -45:20 -C -60:-10 in.pcap out.pcap
8) editcap -C -45:20 -C 15:-10 in.pcap out.pcap
svn path=/trunk/; revision=51886
Given the following example, it's now possible to chop the 10 bytes depicted from the 100 byte packet 4 different ways and achieve the exact same results:
<-------- 100 --------> Methods:
1) editcap -C 20:10 in.pcap out.pcap
+------+----+---------+ 2) editcap -C -80:10 in.pcap out.pcap
| 20 | 10 | 70 | 3) editcap -C -70:-10 in.pcap out.pcap
+------+----+---------+ 4) editcap -C 30:-10 in.pcap out.pcap
svn path=/trunk/; revision=51854
there and moving it avoids having to recompile the file for use in editcap
and mergecap (which don't link against libwireshark).
svn path=/trunk/; revision=50650
Before:
user0 - USER 0
user1 - USER 1
user10 - USER 10
user11 - USER 11
user12 - USER 12
user13 - USER 13
user14 - USER 14
user15 - USER 15
user2 - USER 2
user3 - USER 3
user4 - USER 4
user5 - USER 5
user6 - USER 6
user7 - USER 7
user8 - USER 8
user9 - USER 9
After:
user0 - USER 0
user1 - USER 1
user2 - USER 2
user3 - USER 3
user4 - USER 4
user5 - USER 5
user6 - USER 6
user7 - USER 7
user8 - USER 8
user9 - USER 9
user10 - USER 10
user11 - USER 11
user12 - USER 12
user13 - USER 13
user14 - USER 14
user15 - USER 15
svn path=/trunk/; revision=50482
[PATCH 1/2] Revert "Try to fix the "LNK4217: locally defined symbol"
warnings.
This reverts commit r48158.
[PATCH 2/2] Employ small hack in editcap to link with a few objects from
libwireshark properly
From me:
Add the ability to reset symbol exports via ws_symbol_export.h's include
guard and do so in capinfos.c and editcap.c. We include ws_symbol_export.h
in over 200 files so it didn't seem to make sense to remove its include
guard entirely.
svn path=/trunk/; revision=48170
is running" mutex. Have the NSIS installer check for this mutex and ask
the user to close Wireshark if it's found. While not perfect this makes
the WinSparkle update process much less annoying.
svn path=/trunk/; revision=47758
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
Using g_fprintf() fails (crashes) on Windows because the Windows GLib DLL
is linked with (depends upon) MSVCRT while editcap is linked with
(depends upon) MSVCR90.
IOW: "You can't do that ... (on Windows)"
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6695 (Comment 2)
for some additional information.
svn path=/trunk/; revision=41168
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
getopt() can/should normally be found in unistd.h, so:
- When testing for getopt(), define that we HAVE_GETOPT instead of
HAVE_GETOPT_H (to avoid confusion).
- Don't attempt to include getopt.h: not all OS's have it (for example,
Solaris 9 does not).
- (All the places which need getopt already include unistd.h (if we have it).)
If this breaks things on some OS, we might need (a real) HAVE_GETOPT_H check.
svn path=/trunk/; revision=38437
is mainly an attempt to fix the currently-broken "test.sh" step on the
XP buildbot. If this causes too many problems we might want to have
suite-capture.sh:capture_step_snapshot pass "-P" to dumpcap instead.
svn path=/trunk/; revision=37736
check_startstop is set.
Refuse to write packets that do not fit in the file type we're writing. This
allows fuzz testing to be done on JPEGs without generating bogus files (with
packets bigger than the maximum packet size). This fixes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6010 .
Note that this is only a problem with editcap is run with -T to force the
encapsulation type.
Maybe this needs a more generic solution (e.g., should this check be done in
the wiretap routines?), but at least for now it'll pacify the buildbot.
svn path=/trunk/; revision=37633
than present, just chop all by setting caplen to 0. In all cases, don't touch
len. In other words, change incl_len but leave orig_len alone.
svn path=/trunk/; revision=37488
original capture file's snaplen, save the new snaplen in the capture file
header so wireshark and capinfos can report it.
svn path=/trunk/; revision=37480
editcap -h sends 9 lines to stderr and the rest to stdout. This problem
affects editcap 1.4.x (branch 1.4) and devel (trunk).
How to duplicate:
1) run "editcap -h"
2) run "editcap -h > /dev/null"
The attached patch replaces 9 ocurrences of "stderr" by "output" in the usage
function.
svn path=/trunk/; revision=34742
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
send normal -h output to stdout so it can be paginated and the usage output
to stderr when there was an error in the command arguments.
svn path=/trunk/; revision=31388
This patch limits the number of fractional digits used to calculate the
fractional component of editcap's -t and -w options.
Specifically this patch truncates the fractional component (if any) of the -t
and -w options to 6 and 9 respectively.
svn path=/trunk/; revision=30698
We can have a situation where a file only contains a valid file header
without any packages, so this will avoid a crash.
svn path=/trunk/; revision=28602
so we don't just exit silently. Don't bother checking the validity of
arguments - it shouldn't be passed NULL fprefix or fsuffix arguments in
the first place, and isn't passed them.
Exit with an exit status of 1 for command-line syntax errors and 2 for
file open/close/IO errors.
svn path=/trunk/; revision=28458
- New duplicate packet removal options for editcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3168
I changed the patch a bit:
- Adapted to 80 chars wide screen
- Merged -w and -W parameters
svn path=/trunk/; revision=28074
routines handled by epan/report_err.c.
Move copy_binary_file() in file.c to epan/filesystem.c, and rename it to
copy_file_binary_mode() (to clarify that it *can* copy text files;
arguably, *all* files are "binary" unless you're on, say, an IBM 1401
:-)). Have it use the report_err.c routines, so it works in
console-mode programs.
Clean up some comments while we're at it.
svn path=/trunk/; revision=27456
#include winsock2.h pulls in about 90 distinct .h files
and about 140 total .h files.
Currently winsock2.h is (mostly unnecessarily) included
for each dissector via packet.h/wtap.h.
This patch removes #include winsock2.h from wtap.h and
then includes winsock2.h (or windows.h) in the
few specific places required.
With this patch, my Windows Wireshark build takes
about 30% less time.
svn path=/trunk/; revision=26535
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
A few changes from me:
- make use of nstime_set_unset and nstime_is_unset i.s.o. extra variable first_pass
- change 'if' to 'while' to allow intervals with no packets
- remove 'unused' variable current_pkt_ts
svn path=/trunk/; revision=25499
plugins should already be linked against libwireshark.
Don't link capinfos and editcap against libwireshark: they only needed to be
because the plugins were linked against libwireshark (see rev 24123 and the
ensuing discussion on -dev).
capinfos and editcap: don't complain if plugins fail to load: dissector
plugins should fail to load because they need libwireshark. I am assuming
here that wiretap plugins don't need libwireshark (I've never seen such a
plugin but LEGO's code and comments suggest this is the case).
(The goal of this checkin is to stop linking capinfos and editcap against
libwireshark while still allowing wiretap plugins. Since we don't have any
such plugins in the tree I do somewhat doubt the need for all this but I don't
want to be the one to remove the functionality.)
svn path=/trunk/; revision=24650
previously called. This prevents the function from always returning TRUE in
programs that hadn't called get_credential_info().
Call get_credential_info() in the programs that should have been.
svn path=/trunk/; revision=24648
meta information that is found at the beginning of
the data - this lets me fuzztest my .out files
properly.
Also make some whitespace more consistent.
svn path=/trunk/; revision=24401
"time_t" is not guaranteed to be an "unsigned long"; when printing it
with %lu, cast it to "unsigned long".
The "secs" field of a wtap_nstime, however, *is* defined to be a time_t;
there's no need to cast it to time_t.
svn path=/trunk/; revision=23036
configure is run with "--without-plugins"
cc1: warnings being treated as errors
about_dlg.c: In function ‘about_wireshark_cb’:
about_dlg.c:426: warning: unused variable ‘plugins_page’
make[2]: *** [about_dlg.o] Error 1
editcap.c: In function ‘main’:
editcap.c:663: error: ‘check_ts’ undeclared (first use in this function)
editcap.c:663: error: (Each undeclared identifier is reported only once
editcap.c:663: error: for each function it appears in.)
make[2]: *** [editcap.o] Error 1
svn path=/trunk/; revision=22761
epan/filesystem.c
have get_plugin_dir() calling init_plugin_dir() if necessary
epan/epan.c and epan/report_err.c
move the report_failure family into the new report_err.c file, have epan_init() calling the initializer
epan/plugins.h and epan/proto.c
do not have init_plugins() calling the proto_reg functions instead do it in init_proto()
gtk/main.c and tshark.c
init_plugin_dir() has become suprefluous
capinfos.c and editcap.c
load the wiretap plugins
Makefiles
do what's needed to build withe the above changes.
svn path=/trunk/; revision=21935
a patch to avoid the warning "implicit declaration of function
'strptime'" in editcap.c
glib.h is included just after the define __USE_XOPEN and include <time.h>
svn path=/trunk/; revision=20455
option explanation is more detailed now, I've added the option parameters to the description
added version information to the usage output
instead of using the usage page to display the available file and encapsulation types (which makes the usage page almost unreadable), use empty options -F or -T to print the available types. I've used optopt for this, it seems to be portable that way ...
svn path=/trunk/; revision=16991
- Editcap
Mikko Tiihonen filed bug 379 including a patch for editcap. This wasn't picked up so far. I've ported the patch to svn 16820 and included a documentation patch.
-packet-ieee80211.c
Radek Vokal of RedHat filed a bug found by Vladimir Kondratiev of Intel in the 802.11 dissector. Radek provided a sample capture and Vladimir a oneliner patch. I've ported the patch to svn 16820 and tested it against the provided capture. Works well.
-From Kan Sasaki
A patch for packet-ospf.c is attached:
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
- lldp Bugfix Bug 596 LLDP TIA Network Policy Decode is not correct
- Camel make it possible to dissect based on OID.
svn path=/trunk/; revision=16822
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
<packet32.h> includes <winsock2.h>; we include that rather than
<winsock.h>, to avoid errors due to conflicting declarations in
<winsock.h> and <winsock2.h>.
svn path=/trunk/; revision=5742
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
- make a leading zero in the argument to -t optional;
- includes the -t option in in the summary portion of of the editcap
usage message.
svn path=/trunk/; revision=3712
"main()", the program exits, and exits with an exit status equal to the
return value of "main()", so "return 0;" is sufficient at the end of
"main()".
svn path=/trunk/; revision=3354
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
snapshot length before writing them to the output file; this may come in
handy if you are translating the file to a different format so that it
can be read by a program that can't handle packets above a certain size
(e.g., the snoop in Solaris 2.5.1 or 2.6, which reject Ethernet packets
larger than the Ethernet MTU, and thus can't handle gigabit Ethernet
captures using jumbo frames).
svn path=/trunk/; revision=1891
as well as individual packets.
I needed to grab quite a few from the middle of a large capture file.
Will eventually need to sort the extract list.
svn path=/trunk/; revision=1498
Update editcap to print out the type of capture file if -v specified and
add a -h flag. Also fix a few compiler warnings ...
svn path=/trunk/; revision=1302
symbolic name, and to list the encapsulation types in the usage message.
Note in the usage message that the default output encapsulation type is
"same as the input file" and that the default output file type is
"libpcap".
svn path=/trunk/; revision=1213
read, and write any format it can write; change the error messages.
Make the "-F" flag take a symbolic capture file type; use
"wtap_short_string_to_file_type()" to translate it to a WTAP_FILE_
value.
List, in the usage message, the capture file types we can write, and the
symbolic types you use on the command line to specify them.
Give it an RCS ID.
svn path=/trunk/; revision=1210
Will need new functions in wiretap before I can do more.
Should perhaps be moved into an examples directory and have other bots added.
svn path=/trunk/; revision=1206
Guy Harris