Set the subtype_read and subtype_seek_read routines for the file type,
rather than having a common read routine that checks the file type each
time.
Make the macros used in the read and seek-read routines more similar,
and use them more similarly in both.
svn path=/trunk/; revision=45706
the macros.
Note why we don't pull the time setting operations into the macros (it's
because that would mean the macros can't be used in the seek-read
routines, as calculating time stamps requires accumulating the time
stamps in a sequential pass through the packets, given that the records
have time stamps relative to the previous packet).
Fix what is probably a typo in the definitions of some macros (which
happen to work without the fix because "fp" and "pp" are both local
variable names as well as macro arguments).
svn path=/trunk/; revision=45705
us to avoid one redefinition of those macros that, in the one
definition, for the read routines, refer to the pseudo-header as
wth->phdr.pseudo_header and, in the next definition, for the seek-read
routine, refer to it as *pseudo_header - instead, we pass &wth->phdr in
the read routine and phdr in the seek-read routine.
svn path=/trunk/; revision=45704
it always fill it in. Have the seek-read routine pass its phdr argument
in. Have it just return a success/failure indication; do the check for
the packet size in the seek-read routine by looking at the caplen field
of the wtap_pkthdr structure.
svn path=/trunk/; revision=45663
Extract it as a string, not a number, and determine the resolution based
on the length of the string, i.e. on the number of digits presented.
(If you base it on the numerical value, leading zeroes will not be taken
into account, but they aren't any different from other digits when
determining the resolution.) The resolution is 1/10^ndigits seconds, so
we have to multiply it by 10^(9-ndigits) to convert the number to
nanoseconds.
svn path=/trunk/; revision=45627
Process several different flavors of header lines the same: "IP Header",
"IPv6 Header", "ARP Header", "TCP Header", "UDP Header", "ICMP Header",
"ICMPv6 Hdr", "Option Hdr" - the hex data for all of them should be
included in the packet data. Process continuation lines if those
headers wrap over more than one line.
Do not assume, or require, that *any* of those be present; there is no
guarantee that "IP Header" or "IPv6 Header" will be present (there's at
least one IBM page showing a packet with "ARP Header" in a trace), and
there is no guarantee that "TCP Header" will be present (there are
traces with "UDP Header" and "ICMPv6 Hdr").
Do not impose limits, other than the overall line limit, on the amount
of hex data in header or data lines; there is no guarantee that, for
example, a TCP header is 20 bytes long (if there are TCP options, it
*will* have more than 20 bytes).
Make sure we have an even number of hex digits.
Set "caplen" to the actual number of bytes we've read, even if that's
less than the purported packet length.
svn path=/trunk/; revision=45626
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
long; that means we read only one byte into our structure, so make its
"rate" element one byte long, so we don't fill in half the "rate"
element with the read - and the *wrong* half on big-endian machines -
and leave the other half un-set and thus containing some random possibly
non-zero data.
In addition, that's not the full data rate for faster networks; for
Wi-Fi, the one-byte "direction" field is actually the upper 8 bits of
the data rate, so combine them when we fill in the data rate in the
pseudo-header.
#BACKPORT
svn path=/trunk/; revision=45504
unsupported feature.
If we see an IDB after all the IDBs at the beginning of the file,
process it. Fixes bug 7851.
Get rid of unused read_idbs flag in pcapng_t structure. (Also, as per
the above, just because we've read all the IDBs at the beginning of the
section, that doesn't necessarily mean we've read all the IDBs in the
section.)
Fix some places where we reject SPBs.
svn path=/trunk/; revision=45495
From me: instead of logging the error with a macro that requires dbg_out
to be set, and giving up, set dbg_out to stderr, log the message (which
now notes that logging will be done to the standard error), and drive
on.
Part of fix for bug 7824.
svn path=/trunk/; revision=45454
- speed up writing timestamp by avoiding g_snprintf()
- avoid call to strstr()
- don't use g_snprintf() for writing a liternal string
- avoid atio() for single-digit strings
- avoid some strcmp() calls where the release number at the end wasn't
important
svn path=/trunk/; revision=45091
Move the GTK+ text import code to the common UI directory. Create
wtap_encap_requires_phdr() from code in file_import_dlg.c.
svn path=/trunk/; revision=44904
Since we have to 'downconvert' the ERF time stamps to Wireshark's internal
representation anyway, we may as well report the resolution which we convert
to, rather than the original native resolution.
svn path=/trunk/; revision=44800
Should we do this for other file formats as well?
A pcapng file with per packet encapsulation will need an IDB per encapsulation as the EPB does not have a linktype indicator only a interface index.
svn path=/trunk/; revision=44281
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
it as appropriate in the code to read Network Instruments Observer
captures (rather than tweaking the "protected" flag in the packet data),
and use that flag in the 802.11 dissector.
Fix indentation while we're at it (tabs are not *ipso facto* 4 spaces).
svn path=/trunk/; revision=43795
Guy Harris