WTAP_ENCAP_ARCNET_LINUX; update various tables mapping Wiretap
encapsulations to file-type encapsulations. Get rid of some trailing
"sorry, that's not supported" entries while we're at it.
svn path=/trunk/; revision=40274
> WTAP_MAX_PACKET_SIZE, either that should be caught above the
per-file-type layer in Wiretap or should be handled by the caller.
We've recently fixed at least one problem with reported lengths > 2^31 -
1 (by clamping the length to 2^31 - 1), so let's just remove the check
from the pcap-NG reader, to squelch some complaints we're getting from
the buildbot (bug 6673 and its duplicates).
(The pcap reader uses it to cope with some of the botched libpcap
formats that changed the per-packet header without changing the magic
number; I'll look at trying to preserve those heuristics while still
allowing reported lengths > WTAP_MAX_PACKET_SIZE.)
svn path=/trunk/; revision=40207
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
out in version 2.1 of the file format (the minimum version to support
that).
Change some data types to avoid having file offsets that are before the
beginning of the file.
Clean up some other data types and some comments.
svn path=/trunk/; revision=39898
100-nanosecond resolution, but that's still better than microsecond
resolution).
For NetMon 1.x format, only claim to support millisecond resolution, as
that's all you get.
Fix handling of negative time deltas in NetMon 2.x format.
When writing a NetMon file, trim the time of the first packet to
millisecond precision to get the capture start time, so that the start
time written to the file (which has millisecond precision) is the same
as the start time used to calculate the deltas written to the packet
headers.
svn path=/trunk/; revision=39886
routines blowing up if handed a too-large time_t.
While we're at it, also check for dates that can't be represented in DOS
format (pre-1980 dates).
svn path=/trunk/; revision=39883
link" records, including stuff that's from a G.704 PRI frame but not
from a D or H channel in that frame. Handle them (currently, we ignore
them).
The low-order bit of the flags field for "packet" records" is "network
to user" (NT->TE), not "user to network" (TE->NT).
svn path=/trunk/; revision=39663
bytes of what we thought was a version string appears to be an 8-byte
record of some sort in the captures we originally looked at, and appears
to be a non-8-byte record in another capture. If we treat that as a
record, the version string field appears to be null-padded and 41 bytes
long.
svn path=/trunk/; revision=39645
might be a record type, with 0 being a "Stop Monitor" record and 1 being
a packet. Ignore records other than packet records.
svn path=/trunk/; revision=39590
software. More work is needed:
we don't know where the capture start time is yet;
we aren't handling the "stop capture" record;
we don't know where the ISDN channel is;
there might be non-ISDN file formats;
but this at least is easier than trying to text2pcap hex dumps from that
software into pcap files.
svn path=/trunk/; revision=39588
I found a heap-based buffer overflow, when parsing ERF file format.
The overflow seems to be controlled by the values read from the file,
and hence seems exploitable to me.
svn path=/trunk/; revision=39508
This patch extends the ATM parser so as to allow GPRS NS traffic encapsulated
in ATM AAL5.
Additionally, added support for this into the 'Meta' dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6447
svn path=/trunk/; revision=39394
First bug: The Network Instruments Observer file format abbreviation is
incorrect. It is "niobserverv" instead of "niobserver", which is probably a
vestige from 1.4 when the abbreviation was "niobserverv9".
Second bug: The packet header magic number field is correctly swapped the first
time when reading the entire packet header. It is incorrectly swapped yet again
when reporting an invalid value. Both swaps use GUINT_FROM_LE, which is a no-op
on little-endian platforms. But the error message that is displayed to users of
big-endian platforms will contain a byte-reversed value.
svn path=/trunk/; revision=39392
Allows the saving of packets with snapped length to ERF. Prevents the adding of
automatic CRC and rounds down to the nearest 8 bytes instead of up, adding
zeros.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6409
svn path=/trunk/; revision=39247
Bill Meier