Adds support for BLUETOOTH_LE_LL_WITH_PHDR, dissector integrates with existing
BTLE dissector.
Fixes BTLE dissector to correctly extract packet CRC.
Adds CRC checking to BTLE dissector.
Provides optional context to BTLE dissector that allows RF captures to provide
link-layer hints for dissection details. Significantly, parameters for
determining CRC correctness are provided, as well as Access Address validity
information.
Change-Id: I7d4936b053353a7f9c524021c01f67f5828253fb
Reviewed-on: https://code.wireshark.org/review/310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
From Michal Labedski
1. add support for new btsnoop "format" introduced by BlueZ team in "btmon" tool
2. Bluetooth: Make EIR, AD and COD more generic
3. Bluetooth: HCI/LL: Update Error Codes to Core 4.1 Specification
4. Ubertooth: Fix response command handling
5. Ubertooth: Update to support firmware version
6. Ubertooth: Dissect by Vendor Id/Product Id
svn path=/trunk/; revision=54699
knowledge of particular types of plugins. Instead, let particular types
of plugins register with the common plugin code, giving a name and a
routine to recognize that type of plugin.
In particular applications, only process the relevant plugin types.
Add a Makefile.common to the codecs directory.
svn path=/trunk/; revision=53710
From İbrahim Can Yüce
From me: Update to new tcp_dissect_pdus format, minor whitespace issues noticed in wiretap files.
svn path=/trunk/; revision=53669
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
Compilation fails on (only the ?) OSX-10.6-x64 buildbot with error:
netscaler.c: In function 'nstrace_read_v30':
netscaler.c:1295: warning: implicit conversion shortens 64-bit value into a 32-bit value
(Life is too short for me to dig multiple levels deep into a set of macros to try to see which
actual line of code is causing the problem. Maybe the patch submitter can identify the problem).
svn path=/trunk/; revision=52666
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
file that we ourselves have open. In the "safe save" code path for
capture files, on Windows temporarily close the file descriptors for the
currently-open capture before doing the rename and then, if the rename
failed, reopen them, leaving the rest of the wtap and capture_file
structures intact.
Rename filed_open() to file_fdopen(), to make its name match what it
does a bit better (it's an fdopen()-style routine, i.e. do the
equivalent of an open with an already-open file descriptor rather than a
pathname, in the file_wrappers.c set of routines).
Remove the file_ routines from the .def file for Wiretap - they should
only be called by code inside Wiretap.
Closing a descriptor open for input has no reason to fail (closing a
descriptor open for *writing* could fail if the file is on a server and
dirty pages are pushed asynchronously to the server and synchronously on
a close), so just have file_close() return void.
svn path=/trunk/; revision=42961
an API to fetch that.
When doing "Save" on a compressed file, write it out compressed.
In the Statistics -> Summary dialog and in capinfos, report whether the
file is gzip-compressed.
svn path=/trunk/; revision=42818
encapsulations.
For pre-V9 AiroPeek captures, leave the radio information in the packet
data, just as we do with the Prism, AVS, radiotap, and NetMon headers.
Add a dissector for it.
svn path=/trunk/; revision=42379
From Tom Cook and Tom Alexander.
1. A VWR encapsulation that reads VeriWave capture files (*.vwr)
generated from
WaveTest test hardware
2. Dissectors that display the VeriWave tap headers (both 802.11 and
Ethernet)
3. A dissector for the WaveAgent protocol. The WaveAgent dissector is
heuristic and parses the WaveAgent packet (a UDP payload).
The WaveAgent dissector has been Fuzz tested.
The VWR ENCAP and dissectors have been used extensively by VeriWave
customers in a special version of WireSark compiled by VeriWave.
svn path=/trunk/; revision=42155
Add a new WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR encapsulation type, for use
by the EyeSDN file reader; unlike the pcap-encapsulated MS/TP, it
includes a direction indicator. Don't treat WTAP_ENCAP_BACNET_MS_TP as
if it has a direction indicator, as it doesn't; instead, do that for
WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR.
Add some missing entries to encap_table_base for WTAP_ENCAP_ values that
didn't get entries added.
svn path=/trunk/; revision=41969
clickable to open an edit window.
- Add checks for NULL pointers.
Help with a different color LED possibly with Jeff's (c) in it apreceated.
Should the LED be placed elsewhere or the whole thing done differently?
svn path=/trunk/; revision=41242
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
structure include a file descriptor. Add a wtap_fstat() for the file
readers that use file times to generate time stamps (we really need a
way to say "this file has no time stamps" or "this file has only
relative time stamps).
svn path=/trunk/; revision=37026
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
don't have an "additional information" string.
Get rid of WTAP_ERR_ZLIB; just report an internal error with
WTAP_ERR_INTERNAL instead. (If they start happening, we can think about
supplying an "additional information" string for compression errors on
output.)
svn path=/trunk/; revision=36774
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
zran.c example in the zlib source.
This means that problems in the file's contents might not be reported
when a packet is read, as long as there's no problem in the contents of
the file up to the last bit of compressed data for the packet; we now
check for errors after finishing the sequential read of the file, at
least in some programs, so that shouldn't be an issue (the other
programs need to be changed to do so as well). This is necessary in
order to be able to read all the packets we saw in the sequential pass;
it also lets us get a few more packets from truncated files in some
cases.
svn path=/trunk/; revision=36577
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
support it.
Rename ws_lseek to ws_lseek64, as it should be given a 64-bit offset,
and have it use _lseeki64 on Windows, to try to get 64-bit offset
support; AC_SYS_LARGEFILE should cause lseek() to support 64-bit offsets
on UN*X if possible.
svn path=/trunk/; revision=36542
Introduce file_clearerr
I'm unsure of this patch,
gzclearerr() is used to clear the end-of-file mark, but for FILE
there's function which do the same (clearerr).
I created test program if clearerr() is needed for tailing file.
and it seems to work without it (at least on Linux, so for
!HAVE_LIBZ I commented it out).
For now this patch introduce file_clearerr macro, and define it
only when EOF marking must be cleared (i.e. when HAVE_LIBZ and
HAVE_GZCLEARERR are defined).
So everything works like before, patch just to keep same prefix
for file interface :)
svn path=/trunk/; revision=36510
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
include the FCS, and use it for the Daintree SNA file format. While
we're at it, explicitly check to make sure the purported packet length
gives it at least one byte of packet data, and fix some print formats to
use %u for unsigned values.
svn path=/trunk/; revision=33678
reach EOF, zlib's file handle seems to stay at EOF even when more data
is appended to the file. Add a check for 1.2.5 which calls gzseek in
order to unset EOF. Fixes bugs 4708 and 4748.
svn path=/trunk/; revision=32715
wtap-int.h, and change the unions of pointers to those private data
structures into just void *'s.
Have the generic wtap close routine free up the private data, rather
than the type-specific close routine, just as the wtap_dumper close
routine does for its private data. Get rid of close routines that don't
do anything any more.
svn path=/trunk/; revision=32015
Added support for Solaris IPNET layer
From me:
Some code cleanup in packet-ipnet.c
Added packet-ipnet.c to CMakeFiles.txt
Added WTAP_ENCAP_IPNET to encap_table_base[]
svn path=/trunk/; revision=31159
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
The code in wiretap/wtap.c is not right. Because g_array_append_val should accept a value
of type 'struct encap_type_info' rather than a pointer to this type.
svn path=/trunk/; revision=26816
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
1/ patches to support the libpcap/SITA format 'WTAP_ENCAP_SITA'.
2/ patches to the LAPB dissector to accept MLP (Multi-link protocol)
(although MLP dissection has _not_ been added (yet)).
3/ New protocol dissectors for:
a) SITA's WAN layer 0 status header,
b) An airline protocol ALC,
c) An airline (and other industry) protocol UTS.
These patches are submitted as a set since the new protocol dissectors are not
useful without the libpcap/SITA related changes, and there is no point in
having those changes without the additional dissectors.
This fixes bug/enhancement 2016.
svn path=/trunk/; revision=23885
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1751
The patch adds support to wiretap for a new libpcap DLT for bluetooth captures.
This DLT carries the direction information, which now can be displayed
correctly.
The hci H4 dissector is updated to handle also the newly introduced wtap encap.
svn path=/trunk/; revision=23208
This is a replacement of the existing decoding of ERF files (Extensible Record
Format from Endace).
For the decoding of the ERF files, according to the "type of record" given in
the ERF header, several decoders can be used. Up to now, the decoder is
determined according to an environment variable, or with a kind of heuristic.
And, all the treatment is done during the file extraction.
The new architecture, will separate the ERF file decoding, and the ERF record
decoding. The ERF records will be decoded with a specific dissector. This
dissector can be configured with options, to replace the environment variable.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839
svn path=/trunk/; revision=23092
The encap_table_base in wcap.c is missing an entry.
This causes e.g. "dumpcap -i usb3 -L" to output:
Data link types (use option -y to set):
USB_LINUX
(MPEG)
svn path=/trunk/; revision=22292
So far I've done only regression testing (the new functionality and what's in wtap-plugins.c has not yet being tested).
it is a first step in the way to have lua opening files.
svn path=/trunk/; revision=21686
HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data. There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection. Thus the need for a new wiretap encapsulation type...
svn path=/trunk/; revision=20253
A patch that adds support for dissection of
libpcap DLT_JUNIPER_VP frames. In addition i have fixed
also the indent for DLT_JUNIPER_GGSN.
svn path=/trunk/; revision=18940
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
wiretap/README.developer
- the referenced default seek_read function doesn't exist now
wiretap/wtap.c
- a "hole" in encap_table was causing the wrong encap value for later
types to be looked up (by name)
mergecap.c
- fix a couple of program name copy+paste errors from editcap.c
svn path=/trunk/; revision=17765
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17450
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
patch to support 4 additional juniper DLTs.
all those are wrappers for exisiting media types augmented with meta-information which gets also displayed using this patch;
svn path=/trunk/; revision=15908
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
(so if the file's gzipped, it's *NOT* the size of the file after
uncompressing), and an approximation of the amount of that data read
sequentially so far.
Use those for various progress bars and the like.
Make the fstat() in the Ascend trace reader directly use wth->fd, as
it's inside Wiretap; that gets rid of the last caller of wtap_fd() (as
we're no longer directly using fstat() or lseek() in Ethereal), so get
rid of wtap_fd().
svn path=/trunk/; revision=15437
- add support for Multi-Link Frame-Relay (FRF.15) captures
taken on Juniper ML-, LS-, AS- PICs.
- rework of the common juniper header dissector:
test the extension flag (0x80) which indicates that there are
meta-information like interface-index, interface-name etc.
present
- minor bugfix (LSQ L3-proto masks, direction masks were broken)
svn path=/trunk/; revision=15316
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
Ethereal, unaware that the Ethereal team does *NOT* control libpcap
format, thinks they can just grab 169 and use it for their own
purposes).
svn path=/trunk/; revision=12678
by his madwifi Atheros driver on Linux; rename
WTAP_ENCAP_IEEE_802_11_WLAN_BSD to WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP,
and change its text name from "ieee-802-11-bsd" to
"ieee-802-11-radiotap".
svn path=/trunk/; revision=12429
NETTL_SUBSYS_NS_LS_ICMPV6 - they don't even have IP headers, so we need
to directly call the ICMP and ICMPv6 dissectors.
svn path=/trunk/; revision=12047
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
firewall/Symantec Enterprise Firewall. Thanks, Axent/Symantec, for not
asking us for a DLT_ value and not telling us about the link-layer type.
svn path=/trunk/; revision=10361
rather than requiring individual capture file type handlers to do it
(unless they're doing per-packet encapsulation, in which case we check
to make sure they didn't *leave* it as WTAP_ENCAP_PER_PACKET).
svn path=/trunk/; revision=10290
current CVS libpcap uses 163 for the AVS radio header (127 was never
used for the AVS radio header). Redo the Wiretap encapsulation values
for that (and shuffle them to put the 802.11 Wiretap values together).
svn path=/trunk/; revision=9904
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
value for DLT_PFLOG, and that goes along with a change to the link-layer
header for DLT_PFLOG - support both the old and new values and format.
svn path=/trunk/; revision=7676
that have direction information.
Support writing WTAP_ENCAP_FRELAY_WITH_PHDR and WTAP_ENCAP_PPP_WITH_PHDR
captures out in libpcap format - we throw away the direction
information, but so it goes.
When reading/writing Windows Sniffer format, read and write the
direction flag.
svn path=/trunk/; revision=7052
addresses and the protocol type, as supplied by BPF; on Linux, they *do*
have an offset field, as supplied by PF_PACKET sockets. Add a new
WTAP_ENCAP_ARCNET_LINUX, with packets that include the offset field, and
don't dissect an offset in WTAP_ENCAP_ARCNET packets.
Map a libpcap link-layer type of 129 to WTAP_ENCAP_ARCNET_LINUX; that
value was recently assigned to Linux-style ARCNET.
Add some more ARCNET protocol IDs.
For most protocol IDs, dissect an ATA 878.2 fragmentation header; don't
do it for RFC 1051 IP and ARP, and Diagnose packets. Set the length of
the ARCNET protocol tree item appropriately.
Dissect both the RFC 1051 and RFC 1201 styles of IP and ARP over ARCNET,
and dissect the RFC 1201 style of RARP as well.
svn path=/trunk/; revision=6981
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
header.
Add overflow checks to "BYTES_ARE_IN_FRAME()", and cast all arguments to
unsigned values (negative values should never be passed) to squelch
compiler warnings.
svn path=/trunk/; revision=6567
WTAP_ENCAP_ISDN encapsulation type, which includes a pseudo-header
giving the direction (user-to-network or network-to-user) and the
channel number.
Add a new circuit type, using the ISDN channel number as the circuit ID.
Add an ISDN dissector to put the direction and channel number into the
protocol tree and to call the appropriate dissector for the payload
based on the channel (LAPD for the D channel; V.120, PPP, or data for B
channels, based on some heuristics).
svn path=/trunk/; revision=6521
All files:
- Replace types from sys/types.h by those from glib.h
- Replace ntoh family of macros from netinet/in.h and winsock2.h
by g_ntoh family from glib.h
- Remove now unneeded includes of sys/types.h, netinet/in.h and
winsock2.h
wtap.h
Move includes to the top
svn path=/trunk/; revision=5909
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
Have "wtap_open_offline()", if asked to open a FIFO, return that error
if it was asked to open the file for random access.
svn path=/trunk/; revision=5643
returns radio information such as signal strength, channel, and data
rate in a pseudo-header. Add that pseudo-header.
Use the "802.11 with radio information" encapsulation type for Wireless
Sniffer files; extract the radio information from where it appears to be
in the header.
Add dissector code for that encapsulation type.
Fix an error in the code to put radio information into the AiroPeek
tree.
Make the "wrapped" flag for NetXRay/Windows Sniffer captures a
"gboolean".
svn path=/trunk/; revision=5122
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
svn path=/trunk/; revision=4874
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
svn path=/trunk/; revision=4299
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support
natively.
The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.
svn path=/trunk/; revision=2772
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
svn path=/trunk/; revision=2392
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
Christopher Kilgour