subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
whether the (zero-based) interface ID is < the number of interface IDs,
so we don't need to do so in pcapng_read().
Unions are tricky - if the compiler doesn't ensure that the right
component of the union is being used at any given time, various problems
can happen.
Remove some members from the "data" union in the wtapng_block_t
structure, and use a local variable of the specified type.
svn path=/trunk/; revision=52262
the number of bytes available for packet data in the block;
the packet length;
*and* the snapshot length for the interface.
One more fix for bug 9200, so it should *now* be fixed.
svn path=/trunk/; revision=52250
subtract out the minimum SPB size, which includes the length of
*everything* except for the packet data.
Fixes one problem found by the file in bug 9200.
svn path=/trunk/; revision=52244
minus the lengths of the two length fields and the packet length field,
it's the minimum of that and the packet length, as there might be
padding.
Fixes one problem found by the file in bug 9200.
While we're at it, pcapng_read_packet_block() and
pcapng_read_simple_packet_block() return an integer, not a Boolean;
return 0, not FALSE (they have the same value, but returning 0 makes it
clearer that the return value isn't restricted to TRUE or FALSE).
svn path=/trunk/; revision=52241
With gcc :
pcapng.c: In function 'pcapng_read_packet_block':
pcapng.c:1147:9: error: request for member 'pseudo_header' in something not a structure or union
With clang :
pcapng.c:1150:86: error: member reference type 'struct wtap_pkthdr *' is a pointer; maybe you meant to use '->'?
pcap_get_phdr_size(int_data.wtap_encap, &wblock->packet_header.pseudo_header));
~~~~~~~~~~~~~~~~~~~~~^
->
(Error message from clang is better...)
svn path=/trunk/; revision=51317
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
artificial 16MB limit on blocks.
Do some sanity checks when reading options, to make sure we don't read
past the end of the block.
Make some variables unsigned so as not to get inappropriate
sign-extension (which, in practice, should never happen due to the 16MB
block size limit, although if the limit is raised above 2^31-1, the
limit won't protect you).
Fixes bug 8752.
svn path=/trunk/; revision=49833
routines are passed a separate struct wtap_pkthdr to be filled in.
Get rid of the pseudo_header member of the wblock structure - the
pseudo-header is part of the struct wtap_pkthdr.
Get rid of the union wtap_pseudo_header * argument to
pcap_process_pseudo_header() - it's passed a pointer to a struct
pcap_pkthdr, and that structure contains the union in question.
Have libpcap_read_header() take a FILE_T argument, rather than using
only the "sequential" handle of the wtap it's handed. Have the libpcap
read routine return the offset of the beginning of the pcap record, and
have the seek-read routine read the header and fill in the struct
wtap_pkthdr handed to it.
svn path=/trunk/; revision=49401
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
unsupported feature.
If we see an IDB after all the IDBs at the beginning of the file,
process it. Fixes bug 7851.
Get rid of unused read_idbs flag in pcapng_t structure. (Also, as per
the above, just because we've read all the IDBs at the beginning of the
section, that doesn't necessarily mean we've read all the IDBs in the
section.)
Fix some places where we reject SPBs.
svn path=/trunk/; revision=45495
interface for which we have information.
Fixes bug 7467.
Should also cause an error message, rather than an unreadable capture
file, to be produced for the cases in bug 7381. (This isn't a fix for
bug 7381; it's arguably an improvement, in the sense that a circuit
breaker tripping or a fuse blowing for a short circuit is an improvement
over a fire starting, but it's not a *fix*, any more than a circuit
break or fuse *fixes* the short circuit.)
#BACKPORT
svn path=/trunk/; revision=43657
for the interface, not based on the default resolution of 1 microsecond.
Fixes bug 7457.
Fix a comment.
Clean up indentation.
#BACKPORT
svn path=/trunk/; revision=43649
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423