threads reading from two different wtap_t's in different threads.
file_externals_table considered unnecessary - a wtap_t has a member
specifically intended to point to private data.
Clean up indentation.
svn path=/trunk/; revision=30707
are any BSD/OS users still out there using Wireshark to read RFC 1483
ATM captures from BSD/OS, they can still do so, but all other users get
to read OpenBSD DLT_ENC captures, not just users *on* OpenBSD.
That also lets us simplify some hacks to deal with a link-layer type of
13 on Nokia IPSO captures.
svn path=/trunk/; revision=30159
on the stack! There is no guarantee that the header length won't cause a
buffer overflow - there could be a bug in some version of Surveyor
generating a bad file, there could be a future version of Surveyor that
has a really big pseudo-header, the file could've been written by
something other than Surveyor that has a bug in it, there could be a
file that's corrupted in transit, or there could be a deliberately
malformed packet trying to cause *Shark to execute arbitrary code.
Also, explicitly check for a too-short header length and fail with
WTAP_ERR_BAD_RECORD in that case.
Add some comments asking some questions about the header.
(The previous change was for bug 3856:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3856
not bug 3865.)
svn path=/trunk/; revision=29958
The Shomiti Wireless head was modified in a recent release such that wireshark
can no longer read Shomiti wireless capture files.
This new format is backwards compatible with the old format.
svn path=/trunk/; revision=29956
It's only beginnings, so epan is commented out in
the subdirs statement.
This is more a synch to avoid duplicate work and creating
conflicting patches to the cmake stuff.
svn path=/trunk/; revision=29666
- made it compile with --as-needed
This patch was taken from the opensuse wireshark.spec file.
No thanks go to the author and the package maintainers of
this package for not sending this upstream - it would have
made it into 1.2.0.
svn path=/trunk/; revision=29326
KHciLoggerDatalinkTypeBCSP and KHciLoggerDatalinkTypeH5 aren't supported
- just explicitly say "BSCP" or "H5".
For unknown link-layer types, say "unknown or unsupported", as other
Wiretap modules do.
svn path=/trunk/; revision=28925
This fixes a bug reported by Tyson Key as a follow up of Bug 3560.
Also some cleanups and debug output improvements.
Thanks to Tyson Key for reporting the bug and providing a tracefile.
This fix will be included in Wireshark 1.2.1 and higher.
svn path=/trunk/; revision=28868
text2pcap uses 102400.
This fixes bug 3620. Thanks to Tyson Key for reporting the bug
and providing capture files.
This fix should be included in Wireshark 1.2.1 and higher.
svn path=/trunk/; revision=28866
encapsulations.
This fixes a bug reported by Sake during the
Sharkfest 09. Thanks for providing a
Netscreen tracefile with multiple link layer
types.
This patch will be included in Wireshark 1.2.1
and higher.
svn path=/trunk/; revision=28862
* adds an encapsulation argument to pcap_write_phdr.
* writes the pseudo header when writing pcapng files.
This fixes a bug where you could not write pcapng files
when using encapsulations requiring pseudo headers.
svn path=/trunk/; revision=28859
this a the file encapsulation.
This fixes a bug where you can not save a file
in libpcap format when you captured it as a
pcapng one.
This fix will be scheduled for Wireshark 1.2.1
and higher.
svn path=/trunk/; revision=28858
* adds an encap argument to pcap_process_pseudo_header.
* adds support for reading pseudo headers.
It fixes Bug 3560.
Thanks to Tyson Key for reporting the bug and providing
trace files. This fix will be scheduled for inclusion in
Wireshark 1.2.1 and higher.
svn path=/trunk/; revision=28857
* Initialize pseudoheader.
* Add some input validation / protection code.
* Fix some return values.
* Clean up some whitespaces.
This fixes Bug 3565. Thanks to Tyson Key how reported
the issue and provided capture files for debugging.
This fix is scheduled for inclusion in Wireshark 1.2.1
and higher.
svn path=/trunk/; revision=28850
Because Lucent/Ascend equipment will sometimes omit the hex dump for a packet
or send two headers followed by two hex dumps, Wireshark needs to be very
lenient when parsing a Lucent/Ascend trace. On a busy access server, a packet
like this is pretty likely to appear within a few minutes.
svn path=/trunk/; revision=28749
That way we hopefully won't need the runlex.sh hack any
more. Also the ylwrap stuff is (hopefully) obsolete.
ascend.[hc] -> ascendtext.[hc]
ascend-scanner.l -> ascend_scanner.l
ascend-grammar.y -> ascend.y
svn path=/trunk/; revision=28744
have it (we have the size with the pseudo-header length already
removed); we've already read the packet, and thus have already checked
it. Fixes bug 3501.
svn path=/trunk/; revision=28607
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
few mistakes that I made earlier.
Current status: dumpcap still doesn't build
Next step: Add a ylwrap like workaround for flex misbehaviour.
svn path=/trunk/; revision=28518
In Juniper NetScreen snoop output files, the encapsulation type of
traffic on ADSL interfaces can be ethernet or PPP. Check whether the
first 6 bytes of the data are the same as the destination mac-address
in the packet header. If they are, assume ethernet. If not, assume PPP.
svn path=/trunk/; revision=28471
If a PCAP file containing WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR packets is saved,
it gets corrupted because the direction pseudo header isn't included.
svn path=/trunk/; revision=28441
- Send last byte of header (type) and data to a packetlogger dissector
- Rewrite type to ACI channel in the dissector
- Direction is indirectly given from the PL type
- Dissect PacketLogger NewC and Info as text
svn path=/trunk/; revision=28141