We rename "file format" plugins to "libwiretap" plugins, as they can
register as read handlers for a new file type, read/write handlers for a
pcap-ng block type (or both).
To register as a pcap-ng block type handler, in the
register_wtap_module() routine of your plugin, call
register_pcapng_block_type_handler() with the pcap-ng block type and
pointers to your routines to read and write those blocks. Those
routines should read and write REC_TYPE_FILE_TYPE_SPECIFIC records, with
the block type in the pseudo-header for the record in the struct
wtap_pkthdr structure, with time stamps stored in that structure, and
with a blob of data for the rest of the record.
This is for bug 8590.
Change-Id: I71847d834854a29ceb85894fd094c2ae91a04273
Reviewed-on: https://code.wireshark.org/review/1775
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 1abeb277f5.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now Androit Logcat (Logger) binary logs are supported.
Try "adb logcat -Bf /sdcard/log.logcat; adb pull /sdcard/log.logcat".
Also there is possibility to save logs to text format like by "adb".
Change-Id: If7bfc53d3fbd549a0978d1dbf96f3fff671fd601
Reviewed-on: https://code.wireshark.org/review/235
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"etherpeek.c" file format is used by AiroPeek and the "airopeek9.c" file
format is used by EtherPeek.
Instead, use the names that WildPackets apparently uses for those
formats - "classic" and "tagged".
svn path=/trunk/; revision=43630
From Tom Cook and Tom Alexander.
1. A VWR encapsulation that reads VeriWave capture files (*.vwr)
generated from
WaveTest test hardware
2. Dissectors that display the VeriWave tap headers (both 802.11 and
Ethernet)
3. A dissector for the WaveAgent protocol. The WaveAgent dissector is
heuristic and parses the WaveAgent packet (a UDP payload).
The WaveAgent dissector has been Fuzz tested.
The VWR ENCAP and dissectors have been used extensively by VeriWave
customers in a special version of WireSark compiled by VeriWave.
svn path=/trunk/; revision=42155
software. More work is needed:
we don't know where the capture start time is yet;
we aren't handling the "stop capture" record;
we don't know where the ISDN channel is;
there might be non-ISDN file formats;
but this at least is easier than trying to text2pcap hex dumps from that
software into pcap files.
svn path=/trunk/; revision=39588
wtap_wtap_encap_to_pcap_encap() to wiretap/pcap-encap.h. Include it
where it's needed; don't include other Wiretap headers where they're not
needed.
Include pcapng.h in pcapng.c, to declare the functions defined in
pcapng.c. Add some casts to squelch some warnings, and add to a comment
to indicate one of the problems.
svn path=/trunk/; revision=31960
That way we hopefully won't need the runlex.sh hack any
more. Also the ylwrap stuff is (hopefully) obsolete.
ascend.[hc] -> ascendtext.[hc]
ascend-scanner.l -> ascend_scanner.l
ascend-grammar.y -> ascend.y
svn path=/trunk/; revision=28744
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
Added support for Symbian OS btsnoop.
The bluetooth HCI layer in Symbian OS can be configured to log all packets to a
file. The log format, "btsnoop" is based on the RFC1761 "snoop" format - but
differences in the header make it incompatible.
The btsnoop format supports logging of these formats:
"H1" (raw HCI packets without framing)
"H4" (HCI UART packets including packet type header)
"H5" (HCI 3 wire UART packets including framing)
"BCSP" (HCI bluecore serial protocol including framing)
"H1" and "H4" are section numbers in the original v1 bluetooth specifications,
but still used colloquially - wireshark's existing support for Linux bluez HCI
logs uses the "H4" name.
In practice, the "H1" format is used for H5,BCSP and USB HCI logs, as the HCI
packet logs are mainly useful for debugging higher layers, bluetooth profiles
and bluetooth applications.
From me:
Deleted some unused prototypes.
Mark an unused parameter.
svn path=/trunk/; revision=24263
no-longer-needed wiretap/wtap-capture.h.
Clean up wiretap/libwiretap.vcproj (note: this isn't going to scale, if
it has to contain a list of all the files, as most committers will be
editing only Makefile.common files).
svn path=/trunk/; revision=23803
This patch adds support for the Juniper NetScreen snoop output format.
It takes a text-dump op the captured packets and parses the headers
and hex-data. Since the snoop files on a Junpiper NetScreen can be saved
to a tftp-server, this patch makes it quite easy to use the snoop
function of the Juniper NetScreen firewalls.
/* XXX TODO:
*
* o Create a wiki-page with instruction on how to make tracefiles
* on Juniper NetScreen devices. Also put a few examples up
* on the wiki (Done: wiki-page added 2007-08-03)
*
* o Use the interface names to properly detect the encapsulation
* type (ie adsl packets are now not properly dissected)
* (Done: adsl packets are now correctly seen as PPP, 2007-08-03)
*
* o Pass the interface names and the traffic direction to either
* the frame-structure, a pseudo-header or use PPI. This needs
* to be discussed on the dev-list first
* (Posted a message to wireshark-dev abou this 2007-08-03)
*
*/
svn path=/trunk/; revision=22533
such as the fact that Flex strips all but the last component of the "-o"
argument, and that it doesn't generate a header file to declare routines
the generated lexical analyzer defines. Use that script when building
lexical analyzers, and, for each lexical analyzer, include the generated
header file in the generated analyzer.
svn path=/trunk/; revision=22446
libraries. A single library is generated with the lex code without the barrier
"stop on warning". An other library is generated from the remaining source
files with the "stop on warning" barrier.
svn path=/trunk/; revision=21817
So far I've done only regression testing (the new functionality and what's in wtap-plugins.c has not yet being tested).
it is a first step in the way to have lua opening files.
svn path=/trunk/; revision=21686
fix this, by providing required functions in the new file file_util.c - it's mostly copied from GLib (g_open alike - that take UTF8 as filename format but don't use msvcrt.dll V6 for this as the glib files do)
"link" to these functions in file_util.h: #define eth_open eth_stdio_open
revert changes (from SVN 20282) throughout the code related to these file functions which were introduced with the first tries of MSVC 2005 ...
Hopefully I've done everything right with the new file_util.c ...
svn path=/trunk/; revision=20402
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
Guy Harris