split across page boundaries, rather than being a byte stream, and that
the last page may be short.
Fix some comments.
svn path=/trunk/; revision=50025
out there (especially over USB) and we should be able to load them as long as
they are snapped to a sane length.
Also validate that packets do not specify a snapshot length larger than the one
in the file header, though only make it a warning, as this is not necessarily a
fatally corrupt packet.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
svn path=/trunk/; revision=49999
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
artificial 16MB limit on blocks.
Do some sanity checks when reading options, to make sure we don't read
past the end of the block.
Make some variables unsigned so as not to get inappropriate
sign-extension (which, in practice, should never happen due to the 16MB
block size limit, although if the limit is raised above 2^31-1, the
limit won't protect you).
Fixes bug 8752.
svn path=/trunk/; revision=49833
visual_process_packet_header() and call it in both the read and
seek-read routines.
Pull the post-processing code that guesses the encapsulation based on
the first few bytes in the packet into
visual_fill_in_chdlc_encapsulation() and call it in both the read and
seek-routines. Add some length checks.
svn path=/trunk/; revision=49812
Check that the record length we got out of the file is at least as big as
stats block trailer; if not, declare the file bad.
svn path=/trunk/; revision=49739
seek offset is after calling it, they can use file_tell(). (Some
routines were already assuming it returned a gboolean.)
svn path=/trunk/; revision=49733
that the complaints are valid, or that simply zeroing them is the right fix
if they are, but at least it builds now. Should we be erroring if we don't
see a sliceLength header?
svn path=/trunk/; revision=49705
frame_table field to NULL before trying to allocate the frame table, so
that if we fail before we allocate the frame table, the attempt to free
the private data doesn't crash due to the frame_table field containing a
bogus pointer.
svn path=/trunk/; revision=49697
and fail with ENOMEM if that fails (and the frame table is not empty -
g_try_malloc() will return NULL if you ask it to allocate zero bytes).
Have an error message for ENOMEM on an open that attempts to tell the
user what the problem is without making their head explode.
svn path=/trunk/; revision=49673
routines are passed a separate struct wtap_pkthdr to be filled in.
Get rid of the pseudo_header member of the wblock structure - the
pseudo-header is part of the struct wtap_pkthdr.
Get rid of the union wtap_pseudo_header * argument to
pcap_process_pseudo_header() - it's passed a pointer to a struct
pcap_pkthdr, and that structure contains the union in question.
Have libpcap_read_header() take a FILE_T argument, rather than using
only the "sequential" handle of the wtap it's handed. Have the libpcap
read routine return the offset of the beginning of the pcap record, and
have the seek-read routine read the header and fill in the struct
wtap_pkthdr handed to it.
svn path=/trunk/; revision=49401
both the read and the seek-read routines. Have the read routine return
the offset of the record header as the record's offset, so that the
seek-read routine can read that header.
svn path=/trunk/; revision=49397
globals directly. If we ever manage to make them *not* globals (which
might only be possible with newer versions of Flex), then we can do
better.
Get rid of an unused variable.
Squelch a 64-bit-to-32-bit conversion warning.
svn path=/trunk/; revision=49396
doesn't need to return the number of bytes of captured packet data (it
can just stuff that into the struct wtap_pkthdr), so have it return a
Boolean success/failure indication.
svn path=/trunk/; revision=49376
have it return -1 for errors or EOF, and have iseries_read() check for a
negative return value and return FALSE. That simplifies it a bit, and
handles the "no more records in the file" case
(iseries_seek_next_packet() will hit EOF and return -1 with *err set to
0, which is what the callers of a read routine expect at EOF).
Get rid of duplicate (and incorrect before the change) comment.
svn path=/trunk/; revision=49375
ipfix_read_and_process_message_header() call it and then fill in the
wtap_pkthdr structure, and use the latter routine in the read and
seek-read routines.
Expand a comment, and fix indentation.
svn path=/trunk/; revision=49369
not a wtap *, and have it fill in the specified struct wtap_pkthdr.
That makes the seek-read routine do the right thing.
svn path=/trunk/; revision=49358
routine.
Rename daintree_sna_hex_char() to daintree_sna_process_hex_data() (to
more clearly indicate what it does - it doesn't process a single
character, it processes a whole bunch of them), and have it do some
error checking and fill in the length field in the wtap_pkthdr.
svn path=/trunk/; revision=49356
the same point at which the rest of the wtap_pkthdr is filled in (so
it's done in seek-read routines).
parse_cosine_hex_dump()'s return value is used as the return value of
read routines, so it should be Boolean. Make it so (and have it stuff
the actual length of packet data read into a wtap_pkthdr, which also
ensure that this is done in seek-read routines).
svn path=/trunk/; revision=49352
routine, for use both by the seek and read routines, and move some
common code there.
Make the delta between Symbian and UNIX time a static value.
Make the prefix for all routine names "btsnoop" rather than "snoop".
svn path=/trunk/; revision=49348
for read and seek-read.
Clarify a comment. (wtap_open_offline() only rewinds the file before
calling each open routine; once one of those routines has decided the
file belongs to it, the seek offset belongs to it, so it needs to do all
the seeking necessary - files with a file header *don't* want a rewind,
they want to leave the seek offset positioned *past* the file header so
it can read the records that follow the file header.)
svn path=/trunk/; revision=49347
used in both the seek and seek_read routines.
(And, yes, the time stamp *is* supposed to be filled in by seek_read
routines.)
Pull some now-used-only-once routines into the new routine.
svn path=/trunk/; revision=49335
of the binary dir. Fixed that.
NOTE: It fails with and without this patch for out of tree builds:
jmayer@egg:~/work/wireshark/svn/build/qt-gtk3> make dumpabi
[ 1%] Built target wsutil
[ 1%] Generating libwsutil.abi.tar.gz
ERROR: can't find modules
cp: cannot stat `abi_dumps/libwsutil/libwsutil_*': No such file or directory
make[3]: *** [wsutil/libwsutil.abi.tar.gz] Error 1
make[2]: *** [wsutil/CMakeFiles/dumpabi-libwsutil.dir/all] Error 2
make[1]: *** [CMakeFiles/dumpabi.dir/rule] Error 2
make: *** [dumpabi] Error 2
jmayer@egg:~/work/wireshark/svn/build/qt-gtk3>
svn path=/trunk/; revision=49014
is supported before trying to open for writing - the attempt to open for
writing will do the check for you. Instead, check for specific errors
if the attempt to open for writing fails, and use somewhat more specific
error messages for certain error codes. (We should perhaps check for
even more error codes in those cases.)
That gets rid of all external calls to wtap_dump_can_write_encap(), so
remove it from wtap.h and make it static.
svn path=/trunk/; revision=48691
supports writing files with a given set of encapsulations and comment
types. Use it, rather than asking for a list of file formats that
support the given set of encapsulation and comment types and checking
whether we got back such a list, or duplicating its logic.
Having file.c use it means that nobody's using
wtap_dump_can_write_encaps() any more; get rid of it. Instead, have a
private routine that checks whether a given file format supports a given
set of encapsulations *and* comment types, and use that internally.
svn path=/trunk/; revision=48690
For each capture file type, have a bitset of comment types supported by
that capture file type.
Add a Wiretap routine that, for a given file type, returns the bitset of
comment types it supports.
Have wtap_get_savable_file_types() take a bitset of comment types that
need to be supported by the file types it returns.
Replace cf_has_comments() with a routine that returns a bitset of
capture file comment types in the capture file.
Use those routines in the capture file dialogs; don't wire in the notion
that pcap-NG supports all comment types and no other file formats
support any comment types. (That's currently true, but we don't want to
wire that in as being forever true.)
svn path=/trunk/; revision=48689
leads to a double-free in wtap_close. Fix all the instances I found via
manual code review, and add a brief comment to the list of open routines in
file_access.c
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8518
svn path=/trunk/; revision=48552
implemented wtap_dump_file_seek() and _tell()
implemented the previously declared but unimplemented wtap_dump_file_seek() and wtap_dump_file_tell() functions and used them in the seven files that had previously used a plain ftell or fseek and added error checking as appropriate. I also added a new error WTAP_ERR_CANT_SEEK_COMPRESSED and put it next to WTAP_ERR_CANT_SEEK causing renumbering of two of the existing error codes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48348
input() routine and thus don't need to have it generated - and as it
produces warnings of a routine defined but not used, we don't want to
have it generated.
Squelch a casting-const-away warning.
svn path=/trunk/; revision=47613
"ERF record" is very different from, and much simpler than, the case
where it's not; tweak the code to more clearly separate the "we're being
handed ERF records" case from the "we're being handed packets" case.
svn path=/trunk/; revision=46984
indicate what it means, and use an enum for the compression types.
Note that file_getc() returns a byte, not a character.
svn path=/trunk/; revision=46983
support pcap-NG we might have a better way of doing the third item (more
stuff is needed, but that stuff belongs there for pcap-NG, too).
When parsing hex dump lines, skip leading white space, and skip lines
that have nothing but white space, rather than guessing where the hex
dump information ends based on the line length. Parse the hex bytes
manually.
svn path=/trunk/; revision=46905
return an "EOF or error" indication - an EOF without an error will
return 0.
In iseries_seek_next_packet(), return an error code of WTAP_ERR_BAD_FILE
and an appropriate error message if we don't find a packet header within
the next ISERIES_MAX_TRACE_LEN lines, don't just return -1 and leave the
error information unchanged.
Setting an argument variable before returning has no effect, so don't do
it (so that we don't leave the mistaken impression that it *is* doing
something).
Clean up indentation.
svn path=/trunk/; revision=46819
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
appears to be bogus - even if I put "(gint64) phdr->ts.nsecs" in an
extra layer of parentheses, i.e.
(((gint64) phdr->ts.nsecs) / 1000)
I still get the warning from
i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1 (Based on Apple
Inc. build 5658) (LLVM build 2336.11.00)
svn path=/trunk/; revision=46649
a DOS date.
Use them - which fixes a bug, bug 7998, wherein we were doing the wrong
check to see whether tm_year would fit in a DOS date or not.
svn path=/trunk/; revision=46387
Set the subtype_read and subtype_seek_read routines for the file type,
rather than having a common read routine that checks the file type each
time.
Make the macros used in the read and seek-read routines more similar,
and use them more similarly in both.
svn path=/trunk/; revision=45706
the macros.
Note why we don't pull the time setting operations into the macros (it's
because that would mean the macros can't be used in the seek-read
routines, as calculating time stamps requires accumulating the time
stamps in a sequential pass through the packets, given that the records
have time stamps relative to the previous packet).
Fix what is probably a typo in the definitions of some macros (which
happen to work without the fix because "fp" and "pp" are both local
variable names as well as macro arguments).
svn path=/trunk/; revision=45705
us to avoid one redefinition of those macros that, in the one
definition, for the read routines, refer to the pseudo-header as
wth->phdr.pseudo_header and, in the next definition, for the seek-read
routine, refer to it as *pseudo_header - instead, we pass &wth->phdr in
the read routine and phdr in the seek-read routine.
svn path=/trunk/; revision=45704
it always fill it in. Have the seek-read routine pass its phdr argument
in. Have it just return a success/failure indication; do the check for
the packet size in the seek-read routine by looking at the caplen field
of the wtap_pkthdr structure.
svn path=/trunk/; revision=45663
Extract it as a string, not a number, and determine the resolution based
on the length of the string, i.e. on the number of digits presented.
(If you base it on the numerical value, leading zeroes will not be taken
into account, but they aren't any different from other digits when
determining the resolution.) The resolution is 1/10^ndigits seconds, so
we have to multiply it by 10^(9-ndigits) to convert the number to
nanoseconds.
svn path=/trunk/; revision=45627
Process several different flavors of header lines the same: "IP Header",
"IPv6 Header", "ARP Header", "TCP Header", "UDP Header", "ICMP Header",
"ICMPv6 Hdr", "Option Hdr" - the hex data for all of them should be
included in the packet data. Process continuation lines if those
headers wrap over more than one line.
Do not assume, or require, that *any* of those be present; there is no
guarantee that "IP Header" or "IPv6 Header" will be present (there's at
least one IBM page showing a packet with "ARP Header" in a trace), and
there is no guarantee that "TCP Header" will be present (there are
traces with "UDP Header" and "ICMPv6 Hdr").
Do not impose limits, other than the overall line limit, on the amount
of hex data in header or data lines; there is no guarantee that, for
example, a TCP header is 20 bytes long (if there are TCP options, it
*will* have more than 20 bytes).
Make sure we have an even number of hex digits.
Set "caplen" to the actual number of bytes we've read, even if that's
less than the purported packet length.
svn path=/trunk/; revision=45626
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
long; that means we read only one byte into our structure, so make its
"rate" element one byte long, so we don't fill in half the "rate"
element with the read - and the *wrong* half on big-endian machines -
and leave the other half un-set and thus containing some random possibly
non-zero data.
In addition, that's not the full data rate for faster networks; for
Wi-Fi, the one-byte "direction" field is actually the upper 8 bits of
the data rate, so combine them when we fill in the data rate in the
pseudo-header.
#BACKPORT
svn path=/trunk/; revision=45504
unsupported feature.
If we see an IDB after all the IDBs at the beginning of the file,
process it. Fixes bug 7851.
Get rid of unused read_idbs flag in pcapng_t structure. (Also, as per
the above, just because we've read all the IDBs at the beginning of the
section, that doesn't necessarily mean we've read all the IDBs in the
section.)
Fix some places where we reject SPBs.
svn path=/trunk/; revision=45495
From me: instead of logging the error with a macro that requires dbg_out
to be set, and giving up, set dbg_out to stderr, log the message (which
now notes that logging will be done to the standard error), and drive
on.
Part of fix for bug 7824.
svn path=/trunk/; revision=45454
- speed up writing timestamp by avoiding g_snprintf()
- avoid call to strstr()
- don't use g_snprintf() for writing a liternal string
- avoid atio() for single-digit strings
- avoid some strcmp() calls where the release number at the end wasn't
important
svn path=/trunk/; revision=45091
Move the GTK+ text import code to the common UI directory. Create
wtap_encap_requires_phdr() from code in file_import_dlg.c.
svn path=/trunk/; revision=44904
Since we have to 'downconvert' the ERF time stamps to Wireshark's internal
representation anyway, we may as well report the resolution which we convert
to, rather than the original native resolution.
svn path=/trunk/; revision=44800
Should we do this for other file formats as well?
A pcapng file with per packet encapsulation will need an IDB per encapsulation as the EPB does not have a linktype indicator only a interface index.
svn path=/trunk/; revision=44281
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
it as appropriate in the code to read Network Instruments Observer
captures (rather than tweaking the "protected" flag in the packet data),
and use that flag in the 802.11 dissector.
Fix indentation while we're at it (tabs are not *ipso facto* 4 spaces).
svn path=/trunk/; revision=43795
interface for which we have information.
Fixes bug 7467.
Should also cause an error message, rather than an unreadable capture
file, to be produced for the cases in bug 7381. (This isn't a fix for
bug 7381; it's arguably an improvement, in the sense that a circuit
breaker tripping or a fuse blowing for a short circuit is an improvement
over a fire starting, but it's not a *fix*, any more than a circuit
break or fuse *fixes* the short circuit.)
#BACKPORT
svn path=/trunk/; revision=43657
interface information when opening an output file, one of which I fixed
in my previous checkin and the other of which I didn't notice. Shuffle
code around a little bit so that the lumps are identical and then put
them into a common routine (*with* the fix in question).
#BACKPORT
svn path=/trunk/; revision=43655
we're making a fake interface description (it should match the time
stamp resolution). The dump code for pcap-NG now requires the time
units per second value, as it needs to correctly compute the time stamp
value to write out in an EPB.
svn path=/trunk/; revision=43652
for the interface, not based on the default resolution of 1 microsecond.
Fixes bug 7457.
Fix a comment.
Clean up indentation.
#BACKPORT
svn path=/trunk/; revision=43649
"etherpeek.c" file format is used by AiroPeek and the "airopeek9.c" file
format is used by EtherPeek.
Instead, use the names that WildPackets apparently uses for those
formats - "classic" and "tagged".
svn path=/trunk/; revision=43630
dependencies, otherwise we might have a race condition when doing
parallel makes. Hopefully this will fix intermitten buildbot failures
we've been getting lately.
svn path=/trunk/; revision=43387
file type and a GArray of encapsulation types and returns TRUE if a
capture with all those encapsulation types can be written to a file in
that file type and FALSE otherwise. Use it where appropriate.
svn path=/trunk/; revision=43315
only return file types that could handle a single file with all those
encapsulations - this means that
1) if there's more then one encapsulation, the file format has
to handle per-packet encapsulation;
2) just because a file format handles per-packet encapsulation,
that doesn't mean that it can handle the *particular* encapsulations
being handed to it.
This fixes some cases where we were claiming that a file could be saved
in a format that doesn't actually support it (e.g., ISDN files being
reported as savable in pcap-NG format - there's no LINKTYPE_ value for
ISDN including B and D channels).
svn path=/trunk/; revision=43300
------------------------------------------------------------------------
r43165 | gerald | 2012-06-08 14:23:25 -0700 (Fri, 08 Jun 2012) | 4 lines
Changed paths:
M /trunk-1.6/epan/Makefile.am
M /trunk-1.6/wiretap/Makefile.am
M /trunk-1.6/wsutil/Makefile.am
Use separate commands in the dumpabi recipes instead a big huge long
chain. If abi-compliance-checker fails print the contents of its
log file.
------------------------------------------------------------------------
r43168 | gerald | 2012-06-08 15:43:50 -0700 (Fri, 08 Jun 2012) | 2 lines
Changed paths:
M /trunk-1.6/epan/Makefile.am
M /trunk-1.6/wiretap/Makefile.am
M /trunk-1.6/wsutil/Makefile.am
Make sure ln happens in the right directory.
------------------------------------------------------------------------
We don't currently have a usable tag for "git describe --tags
--abbrev=0" to latch onto so just use the first 1.9 commit.
svn path=/trunk/; revision=43170
SDH support for wireshark.
- Added GPL license.
- Removed not needed includes.
- Skipped th .h file as it wasn't used.
svn path=/trunk/; revision=43106
that will do the right thing here. Instead, cast its negative (which is
positive) to unsigned, use that value as the adjustment, and flip the
signs of the subsequent adjustment operations.
svn path=/trunk/; revision=43105
warning about assigning the difference between two (64-bit) pointers to
a (32-bit) variable. That difference is guaranteed to fit in an
unsigned int; make "had" an unsigned int, and cast the difference to
unsigned int before assigning it to "had".
svn path=/trunk/; revision=43103
a position that's in our data buffer, just reposition within the
buffer, don't do any seeks or I/O on the underlying file. This lets us
do some backwards seeking on a pipe, to allow the rewind-and-try scheme
we use to try to identify capture file types to work, at least for some
capture file formats (those that have magic numbers at the beginning or
have heuristics that don't require much data), on pipes, allowing, for
example, TShark to read those formats from a pipe.
svn path=/trunk/; revision=43102
under development. Maybe you should use a stable version." via the
version number. Use the next best thing and set each number to zero.
svn path=/trunk/; revision=43073
doesn't do safe saves, so wtap_fdreopen() always needs to reopen the
random file descriptor.
At the point where a safe save is done, the sequential read is done, so
the sequential stream is closed; there's no need to reopen it.
(The former fourth argument to wtap_fdreopen() wasn't an indication of
whether the file was compressed, it was an indicationof whether the
random stream should be reopened.)
svn path=/trunk/; revision=42977
file that we ourselves have open. In the "safe save" code path for
capture files, on Windows temporarily close the file descriptors for the
currently-open capture before doing the rename and then, if the rename
failed, reopen them, leaving the rest of the wtap and capture_file
structures intact.
Rename filed_open() to file_fdopen(), to make its name match what it
does a bit better (it's an fdopen()-style routine, i.e. do the
equivalent of an open with an already-open file descriptor rather than a
pathname, in the file_wrappers.c set of routines).
Remove the file_ routines from the .def file for Wiretap - they should
only be called by code inside Wiretap.
Closing a descriptor open for input has no reason to fail (closing a
descriptor open for *writing* could fail if the file is on a server and
dirty pages are pushed asynchronously to the server and synchronously on
a close), so just have file_close() return void.
svn path=/trunk/; revision=42961
(otherwise, nobody sees them); do so.
Fix some cases where we weren't doing the proper post-processing after
doing the heuristics for format changes that didn't involve magic-number
changes (discovered because constructing the interface list is now being
done as part of that post-processing).
Fixes bug 7287.
svn path=/trunk/; revision=42872
(read a record header) from failure (got an EOF or an error). Make it
just return a Boolean.
If it fails in vwr_read(), don't overwrite *err_info (yes,
vwr_read_rec_header() might have set *err_info, so don't lose - and
leak! - the value it returned) - trust vwr_read_rec_header(), or the
routines it calls, to have set it. (If there's a code path where that
doesn't happen, that code path needs to be fixed; the setting of
*err_info in vwr_read() should *not* be restored.)
Thanks to Evan Huus for finding a useless variable with cppcheck, and
reporting it in bug 7295, provoking me to look at this.
svn path=/trunk/; revision=42865
an API to fetch that.
When doing "Save" on a compressed file, write it out compressed.
In the Statistics -> Summary dialog and in capinfos, report whether the
file is gzip-compressed.
svn path=/trunk/; revision=42818
the default extension for the file type iff
the file type we're using has a list of extensions;
the file has no extension or it has one but it's not one of the
ones in the list.
*Don't* expect a file extension to be at most 5 characters plus the dot
- the extension for pcap-ng, our default capture file type, is "pcapng",
and that's 6 characters!
svn path=/trunk/; revision=42800
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
currently just a wrapper around file_seek(), but could be implemented by
reading forward if, for example, we add support for reading
(sequentially only!) from a pipe.
Sort the declarations of file-reading routines into one block.
svn path=/trunk/; revision=42391
encapsulations.
For pre-V9 AiroPeek captures, leave the radio information in the packet
data, just as we do with the Prism, AVS, radiotap, and NetMon headers.
Add a dissector for it.
svn path=/trunk/; revision=42379
would have filled in had it not failed. (Thanks and a tip of the Hatlo
hat to the Clang static analyzer for complaining about this.)
svn path=/trunk/; revision=42306
in little-endian byte order, as that's what the dissector expects. Add
a pletohl() macro for that purpose.
Fix comments (the Veriwave code is *not* writing data to a file!) and
clean up indentation.
svn path=/trunk/; revision=42255
global variables into a structure that's attached to the wtap_t as
private data, and make all the per-*packet* global variables local
variables.
svn path=/trunk/; revision=42251
native file formats, so try them first.
Move eyesdn_open() to the section for open routines for file formats
that have a magic number - EyeSDN traces all start with "EyeSDN".
svn path=/trunk/; revision=42250
we know we had a real problem with the file. If we just get a short
read, return 0, as it means the file is probably not a VWR file.
If we get an invalid message length when reading packets (rather than
when looking for the FPGA version), return WTAP_ERR_BAD_FILE and an
"Invalid message record length" indication, not a generic fallback
"can't read the file" error.
For file_tell() errors, fetch the error code with file_error().
For file_seek() errors, use the error file_seek returned.
svn path=/trunk/; revision=42249
wtap_dump_fdopen_ng() and add a dummy IDB to be able to write pcapng files.
Solves https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6969
mergecap: Can't open or create <FILENAME>: Internal error.
We might want to add a SHB comment from mergecap giving the merged filenames or something like that, Merging of pcapng files
is a different issue, idealy we should probably start using several SHB:s in that case.
svn path=/trunk/; revision=42230
From Tom Cook and Tom Alexander.
1. A VWR encapsulation that reads VeriWave capture files (*.vwr)
generated from
WaveTest test hardware
2. Dissectors that display the VeriWave tap headers (both 802.11 and
Ethernet)
3. A dissector for the WaveAgent protocol. The WaveAgent dissector is
heuristic and parses the WaveAgent packet (a UDP payload).
The WaveAgent dissector has been Fuzz tested.
The VWR ENCAP and dissectors have been used extensively by VeriWave
customers in a special version of WireSark compiled by VeriWave.
svn path=/trunk/; revision=42155
Unable to display the correct IEEE802.11 MCS data rates due to header definition
The problem is due to the ieee_802_11_phdr.data_rate is defined as guint8,
since this variable is counting number of 0.5Mbps units, any datarates which is
higher than 255Mbps would get wrapped up. In the above example, only the lower
8bit value will be put into the ieee_802_11_phdr which is 0x04 and result in
the incorrect 2Mbps display.
There are 802.11n WLAN product is capable to transmit @450Mbps, we should fix
this data_rate from guint8 to guint16.
#BACKPORT
svn path=/trunk/; revision=42123
return the right error code and information string.
InfoVista bought Accellent Group, and, at least according to the
InfoVista Web site, it's "5View", not "5Views".
svn path=/trunk/; revision=42119
Add a new WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR encapsulation type, for use
by the EyeSDN file reader; unlike the pcap-encapsulated MS/TP, it
includes a direction indicator. Don't treat WTAP_ENCAP_BACNET_MS_TP as
if it has a direction indicator, as it doesn't; instead, do that for
WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR.
Add some missing entries to encap_table_base for WTAP_ENCAP_ values that
didn't get entries added.
svn path=/trunk/; revision=41969
or other information; WTAP_ENCAP_MTP2_WITH_PHDR is for MTP2 *with* such
a pseudo-header. Use WTAP_ENCAP_MTP2_WITH_PHDR for the EyeSDN captures,
and don't assume there's a pseudo-header if you have WTAP_ENCAP_MTP2.
svn path=/trunk/; revision=41962
from makefiles (and thus from the buildbot).
The intention is to be able to tell when a human is running the tool so we
can provide more code-review guidance.
As a starter, enable the "too many proto_tree_add_text() calls" check when
a human is running the tool.
svn path=/trunk/; revision=41943
The attached patch extends the mpeg2 ts format detection to take into account
that trailing bytes might be added to each packet.
Once it finds no sync after 188 bytes, it checks an additional 40 bytes for the
next sync byte and adjusts the packet size accordingly.
Only the 188 bytes of the actual ts packet are passed on to wiretap, the
trailer is omitted.
svn path=/trunk/; revision=41863
if they're not. Also report an error for zero-length names.
Handle multiple names per IP address - the pcap-NG spec says "one or
more zero-terminated strings containing the DNS entries for that
address."
Use a Buffer to hold NRB records, so there's no maximum size (well,
there is a maximum size, because the record length is 16 bits, but let's
not allocate 64KiB on the stack if we don't have to).
svn path=/trunk/; revision=41332
Guy Harris