Because Lucent/Ascend equipment will sometimes omit the hex dump for a packet
or send two headers followed by two hex dumps, Wireshark needs to be very
lenient when parsing a Lucent/Ascend trace. On a busy access server, a packet
like this is pretty likely to appear within a few minutes.
svn path=/trunk/; revision=28749
That way we hopefully won't need the runlex.sh hack any
more. Also the ylwrap stuff is (hopefully) obsolete.
ascend.[hc] -> ascendtext.[hc]
ascend-scanner.l -> ascend_scanner.l
ascend-grammar.y -> ascend.y
svn path=/trunk/; revision=28744
have it (we have the size with the pseudo-header length already
removed); we've already read the packet, and thus have already checked
it. Fixes bug 3501.
svn path=/trunk/; revision=28607
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
few mistakes that I made earlier.
Current status: dumpcap still doesn't build
Next step: Add a ylwrap like workaround for flex misbehaviour.
svn path=/trunk/; revision=28518
In Juniper NetScreen snoop output files, the encapsulation type of
traffic on ADSL interfaces can be ethernet or PPP. Check whether the
first 6 bytes of the data are the same as the destination mac-address
in the packet header. If they are, assume ethernet. If not, assume PPP.
svn path=/trunk/; revision=28471
If a PCAP file containing WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR packets is saved,
it gets corrupted because the direction pseudo header isn't included.
svn path=/trunk/; revision=28441
- Send last byte of header (type) and data to a packetlogger dissector
- Rewrite type to ACI channel in the dissector
- Direction is indirectly given from the PL type
- Dissect PacketLogger NewC and Info as text
svn path=/trunk/; revision=28141
that would break compilation for older compilers. Create a "DLL_LDFLAGS"
variable and use it in DLLs and plugins. Use PLUGIN_LDFLAGS and
DLL_LDFLAGS where needed. Don't force i386 code in the TPG plugin.
svn path=/trunk/; revision=27582
Added support for HPVM (Integrity Virtual Machines) guest AVIO (Accelerated Virtual IO) driver IGSSN.
Cleaned up the trace record checks.
Made the default ethernet if the nettl subsystem is not recognized.
svn path=/trunk/; revision=27549
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
Also: comment out support for MTP_L2 and SSCOP (encapsulation types
WTAP_ENCAP_MTP2 & WTAP_ENCAP_ATM_PDUS) since I don't know how to
fill in the pseudo_headers required by packet-mtp2 and packet-atm.
svn path=/trunk/; revision=27172
Fixed:
Crash when reading a K12text file with one frame;
Crash after selecting the last frame and then a previous frame
after file open.
Select of frame n (>1) immediately after file open incorrectly
displayed the packet details & data from frame n+1.
File ! Merge (for K12text files) did not work correctly.
Fixes:
Essentially: clear all lexer state (look-ahead buffer, etc)
for every file read. Also: Don't use global for keeping
track of the current file position.
Also: Handle *nix-style line endings as well as DOS-style.
svn path=/trunk/; revision=27158
back to libwiretap for now, as it's inherently tied to reading libpcap
files; at some point we might want to have pcap-reading (and
pcap-ng-reading?) code in a separate library, for use by, for example,
dumpcap (and rawshark?).
svn path=/trunk/; revision=27076
followed by 8 bytes of "struct usb_device_setup_hdr", even if there's no
setup information, but it should be interpreted only if setup_flag is 0.
(That's what those mysterious 8 bytes are.)
svn path=/trunk/; revision=27043
The code in wiretap/wtap.c is not right. Because g_array_append_val should accept a value
of type 'struct encap_type_info' rather than a pointer to this type.
svn path=/trunk/; revision=26816
#include winsock2.h pulls in about 90 distinct .h files
and about 140 total .h files.
Currently winsock2.h is (mostly unnecessarily) included
for each dissector via packet.h/wtap.h.
This patch removes #include winsock2.h from wtap.h and
then includes winsock2.h (or windows.h) in the
few specific places required.
With this patch, my Windows Wireshark build takes
about 30% less time.
svn path=/trunk/; revision=26535
provide a default case (returning an error) to prevent wiretap from asserting
out because we didn't set the packet encapsulation.
svn path=/trunk/; revision=26327
of adding libwsutil but somehow I missed it/got it wrong. This should solve
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1677#c18
Also remove the _DEPENDENCIES lines in epan and wiretap (as was done in the
top-level Makefile in rev 25930) so that automake will automatically figure out
the dependencies for us.
Since the those 2 libraries now link against libwsutil, don't make every
executable link against the library. (If this works I think we can
significantly trim the list of libraries the executables link against and just
let the libraries pull in what they need--which is, apparently, the point of
the --as-needed flag: http://www.gentoo.org/proj/en/qa/asneeded.xml ).
svn path=/trunk/; revision=26218
Fix a final eth_fopen -> ws_fopen
When configuring with --without-zlib these functions need to have some parameters tagged _U_
svn path=/trunk/; revision=26212
do *not* modify the string handed to them - they g_mallocate a new
string and return it.
Create routines that *do* ASCII-only case mapping in place, and use them
instead.
Clean up indentation.
svn path=/trunk/; revision=26131
MSC_VER_REQUIRED when we run mt.exe instead of checking for each
individual MSVC_VARIANT. This fixes the current buildbot test failures
on Windows, which resulted from a missing check for MSVC2008. This
also keeps us from having to mess with a bunch of makefiles when we add
support for new Visual C++ versions.
svn path=/trunk/; revision=26052
From me:
Instead of adding adns_config.h, place it a custom adns package in
wireshark-win32-libs. Update tools/win32-setup.sh accordingly.
Split the MSVC2008EE variant into MSVC2008 and MSVC2008EE, similar to
MSVC2005 and MSVC2005EE. We have to worry about vcredist_x86.exe in
both cases.
Add Pascal to AUTHORS.
Update the Developer's Guide.
svn path=/trunk/; revision=25921
ERF files can contain records of type TYPE_PAD. These records are not related
to captured packets, have a zero timestamp value and no associated packet data.
Normally TYPE_PAD records are stripped out during capture, but in rare cases
unstripped files may exist.
Previously wiretap/erf.c generated an 'unknown record encapsulation' error when
encountering TYPE_PAD records.
With this patch Wireshark skips over any TYPE_PAD records within ERF traces
files without reporting an error. TYPE_PAD records are not counted, displayed
or decoded.
svn path=/trunk/; revision=25733
any case, the detailed error string is supposed to be g_malloced....)
Fix some "snoop" to be "btsnoop", and note that this is Symbian btsnoop,
not regular snoop.
svn path=/trunk/; revision=25580
are expected to return a g_mallocated error string; that's why they fill
in a gchar **, not a const gchar **. g_strdup() the argument to
KERROR(), so it's g_mallocated.
svn path=/trunk/; revision=25398
the types of read and seek_read routines in Wiretap are supposed to be,
and get rid of the casts of pointers to those functions (type problems
should be fixed, not papered over with casts, whenver possible).
svn path=/trunk/; revision=25393
argument, as
1) it doesn't modify the string that argument points to
and
2) it's a buffer of "char".
Use g_ascii_xdigit_value() and put the values of the two bytes together
ourselves; strtoul() is a bit of overkill for two-hex-digit pairs.
While we're at it, check for invalid hex digits, and for bytes where
only one hex digit is present.
svn path=/trunk/; revision=25392
since rev 17756, meant that attempts to read iSeries files would fail in the
"Make sure it [pkt_encap] is not WTAP_ENCAP_PER_PACKET" assertion in
wtap_read().
Also set file_encap to WTAP_ENCAP_ETHERNET (instead of WTAP_ENCAP_PER_PACKET)
since it seems that all the packets in iSeries files are Ethernet (or at least
this module currently only supports Ethernet).
svn path=/trunk/; revision=25388
I was counting the length without the terminating NULL, and didn't want one to be written to the string and copied into the file.
svn path=/trunk/; revision=25383
libwireshark (and the plugins using those functions) do not depend on
wiretap on Windows.
While doing that, rename the eth_* functions to ws_*.
svn path=/trunk/; revision=25354
Michael Tüxen