Added a mapping between DLT_IPMI_HPM_2 link-layer header type to the IPMI Trace Wiretap encapsulation.
Change-Id: I458d44ad0f51beecfe5589e0e9cb75f4771d866b
Reviewed-on: https://code.wireshark.org/review/2054
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This reverts commit 1abeb277f5.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
See IEEE Standard 802.3-2012 Section 5, Clause 65 and CableLabs DPoE
Security and Certificate Specification 1.0, Section 6.
Currently dissects 1G mode. 10G mode will be added when hardware is
available.
Change-Id: I6232af9bf6807644ef66a120d97e5fa5927988fe
Reviewed-on: https://code.wireshark.org/review/1284
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
It automatically works for LINKTYPE_PKTAP and, by default, for
LINKTYPE_USER2; if any other dissector is specified for LINKTYPE_USER2,
that dissector overrides PKTAP.
Change-Id: Ic00ac8a81c6101e45d638d337aef42df3920da12
Reviewed-on: https://code.wireshark.org/review/903
Reviewed-by: Evan Huus <eapache@gmail.com>
Adds support for BLUETOOTH_LE_LL_WITH_PHDR, dissector integrates with existing
BTLE dissector.
Fixes BTLE dissector to correctly extract packet CRC.
Adds CRC checking to BTLE dissector.
Provides optional context to BTLE dissector that allows RF captures to provide
link-layer hints for dissection details. Significantly, parameters for
determining CRC correctness are provided, as well as Access Address validity
information.
Change-Id: I7d4936b053353a7f9c524021c01f67f5828253fb
Reviewed-on: https://code.wireshark.org/review/310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When capturing, they'll be in host byte order. The top of the libpcap
trunk and 1.5 branch, when reading a file, will, if necessary, byte-swap
the type and length values so that they're in the byte order of the host
reading the file (rather than the host that wrote the file).
Do the same when we read a file, and have the NFLOG dissector assume
host byte order for those fields.
Change-Id: I493aed1e07b626af1157d75f3bc293b0a694ad07
Reviewed-on: https://code.wireshark.org/review/148
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
BlueZ 5/Linux Kernel introduced new way to sniffing Bluetooth interfaces.
We are ready to use it. Libpcap provide new interface called
"bluetooth-monior".
Also fix trivial typos.
Change-Id: Ic608a3d8553bbebbb21f2733ec92c758cbf8f707
Reviewed-on: https://code.wireshark.org/review/253
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Combine the check for whether the field is within the packet data and
the swapping of the field into macros that do both, and use them.
Change-Id: I1db4c5fd76172edd44abc9fb111d79a2537c6c9d
Reviewed-on: https://code.wireshark.org/review/130
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For some routines that take multiple arguments that come from a struct
wtap_pkthdr, pass a pointer to the struct wtap_pkthdr in question,
rather than the separate arguments. Do this even if we're passing
expressions that were earlier assigned to the struct wtap_pkthdr fields
in question. This simplifies the calling sequences and ensures that the
right values are picked up by the called routine; in at least one case
we were *not* passing the right values (the code to handle Simple Packet
Blocks in pcap-ng files).
Also, call the byte-swapping routines for pseudo-header fields only if
we need to do byte-swapping.
Change-Id: I3a8badfcfeb0237dfc1d1014185a67f18c0f2ebe
Reviewed-on: https://code.wireshark.org/review/119
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
From İbrahim Can Yüce
From me: Update to new tcp_dissect_pdus format, minor whitespace issues noticed in wiretap files.
svn path=/trunk/; revision=53669
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
------------------------------------------------------------------------
r51049 | guy | 2013-07-30 22:00:28 -0700 (Tue, 30 Jul 2013) | 5 lines
If no target OS version was specified, default to the major version on
which we're running, so we *always* build against an SDK. (The "10" in
"10.x.y" is not *really* part of the version number, so the "major
version" includes the "10" and the major version number following it.)
svn path=/trunk/; revision=51050
routines are passed a separate struct wtap_pkthdr to be filled in.
Get rid of the pseudo_header member of the wblock structure - the
pseudo-header is part of the struct wtap_pkthdr.
Get rid of the union wtap_pseudo_header * argument to
pcap_process_pseudo_header() - it's passed a pointer to a struct
pcap_pkthdr, and that structure contains the union in question.
Have libpcap_read_header() take a FILE_T argument, rather than using
only the "sequential" handle of the wtap it's handed. Have the libpcap
read routine return the offset of the beginning of the pcap record, and
have the seek-read routine read the header and fill in the struct
wtap_pkthdr handed to it.
svn path=/trunk/; revision=49401
Move the GTK+ text import code to the common UI directory. Create
wtap_encap_requires_phdr() from code in file_import_dlg.c.
svn path=/trunk/; revision=44904
encapsulations.
For pre-V9 AiroPeek captures, leave the radio information in the packet
data, just as we do with the Prism, AVS, radiotap, and NetMon headers.
Add a dissector for it.
svn path=/trunk/; revision=42379
For WTAP_ENCAP_ERF files if we find an Extension and/or Multi-Channel header,
ensure that the size of the full pseudoheader is smaller than the packet size
to avoid an underflow and subsequent attempt to allocate a rather large amount
of memory.
svn path=/trunk/; revision=41008
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
U-beauty\bdn