as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
is supported before trying to open for writing - the attempt to open for
writing will do the check for you. Instead, check for specific errors
if the attempt to open for writing fails, and use somewhat more specific
error messages for certain error codes. (We should perhaps check for
even more error codes in those cases.)
That gets rid of all external calls to wtap_dump_can_write_encap(), so
remove it from wtap.h and make it static.
svn path=/trunk/; revision=48691
supports writing files with a given set of encapsulations and comment
types. Use it, rather than asking for a list of file formats that
support the given set of encapsulation and comment types and checking
whether we got back such a list, or duplicating its logic.
Having file.c use it means that nobody's using
wtap_dump_can_write_encaps() any more; get rid of it. Instead, have a
private routine that checks whether a given file format supports a given
set of encapsulations *and* comment types, and use that internally.
svn path=/trunk/; revision=48690
For each capture file type, have a bitset of comment types supported by
that capture file type.
Add a Wiretap routine that, for a given file type, returns the bitset of
comment types it supports.
Have wtap_get_savable_file_types() take a bitset of comment types that
need to be supported by the file types it returns.
Replace cf_has_comments() with a routine that returns a bitset of
capture file comment types in the capture file.
Use those routines in the capture file dialogs; don't wire in the notion
that pcap-NG supports all comment types and no other file formats
support any comment types. (That's currently true, but we don't want to
wire that in as being forever true.)
svn path=/trunk/; revision=48689
implemented wtap_dump_file_seek() and _tell()
implemented the previously declared but unimplemented wtap_dump_file_seek() and wtap_dump_file_tell() functions and used them in the seven files that had previously used a plain ftell or fseek and added error checking as appropriate. I also added a new error WTAP_ERR_CANT_SEEK_COMPRESSED and put it next to WTAP_ERR_CANT_SEEK causing renumbering of two of the existing error codes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416
svn path=/trunk/; revision=48348
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
it as appropriate in the code to read Network Instruments Observer
captures (rather than tweaking the "protected" flag in the packet data),
and use that flag in the 802.11 dissector.
Fix indentation while we're at it (tabs are not *ipso facto* 4 spaces).
svn path=/trunk/; revision=43795
"etherpeek.c" file format is used by AiroPeek and the "airopeek9.c" file
format is used by EtherPeek.
Instead, use the names that WildPackets apparently uses for those
formats - "classic" and "tagged".
svn path=/trunk/; revision=43630
file type and a GArray of encapsulation types and returns TRUE if a
capture with all those encapsulation types can be written to a file in
that file type and FALSE otherwise. Use it where appropriate.
svn path=/trunk/; revision=43315
only return file types that could handle a single file with all those
encapsulations - this means that
1) if there's more then one encapsulation, the file format has
to handle per-packet encapsulation;
2) just because a file format handles per-packet encapsulation,
that doesn't mean that it can handle the *particular* encapsulations
being handed to it.
This fixes some cases where we were claiming that a file could be saved
in a format that doesn't actually support it (e.g., ISDN files being
reported as savable in pcap-NG format - there's no LINKTYPE_ value for
ISDN including B and D channels).
svn path=/trunk/; revision=43300
SDH support for wireshark.
- Added GPL license.
- Removed not needed includes.
- Skipped th .h file as it wasn't used.
svn path=/trunk/; revision=43106
doesn't do safe saves, so wtap_fdreopen() always needs to reopen the
random file descriptor.
At the point where a safe save is done, the sequential read is done, so
the sequential stream is closed; there's no need to reopen it.
(The former fourth argument to wtap_fdreopen() wasn't an indication of
whether the file was compressed, it was an indicationof whether the
random stream should be reopened.)
svn path=/trunk/; revision=42977
file that we ourselves have open. In the "safe save" code path for
capture files, on Windows temporarily close the file descriptors for the
currently-open capture before doing the rename and then, if the rename
failed, reopen them, leaving the rest of the wtap and capture_file
structures intact.
Rename filed_open() to file_fdopen(), to make its name match what it
does a bit better (it's an fdopen()-style routine, i.e. do the
equivalent of an open with an already-open file descriptor rather than a
pathname, in the file_wrappers.c set of routines).
Remove the file_ routines from the .def file for Wiretap - they should
only be called by code inside Wiretap.
Closing a descriptor open for input has no reason to fail (closing a
descriptor open for *writing* could fail if the file is on a server and
dirty pages are pushed asynchronously to the server and synchronously on
a close), so just have file_close() return void.
svn path=/trunk/; revision=42961
an API to fetch that.
When doing "Save" on a compressed file, write it out compressed.
In the Statistics -> Summary dialog and in capinfos, report whether the
file is gzip-compressed.
svn path=/trunk/; revision=42818
the default extension for the file type iff
the file type we're using has a list of extensions;
the file has no extension or it has one but it's not one of the
ones in the list.
*Don't* expect a file extension to be at most 5 characters plus the dot
- the extension for pcap-ng, our default capture file type, is "pcapng",
and that's 6 characters!
svn path=/trunk/; revision=42800
encapsulations.
For pre-V9 AiroPeek captures, leave the radio information in the packet
data, just as we do with the Prism, AVS, radiotap, and NetMon headers.
Add a dissector for it.
svn path=/trunk/; revision=42379
wtap_dump_fdopen_ng() and add a dummy IDB to be able to write pcapng files.
Solves https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6969
mergecap: Can't open or create <FILENAME>: Internal error.
We might want to add a SHB comment from mergecap giving the merged filenames or something like that, Merging of pcapng files
is a different issue, idealy we should probably start using several SHB:s in that case.
svn path=/trunk/; revision=42230
From Tom Cook and Tom Alexander.
1. A VWR encapsulation that reads VeriWave capture files (*.vwr)
generated from
WaveTest test hardware
2. Dissectors that display the VeriWave tap headers (both 802.11 and
Ethernet)
3. A dissector for the WaveAgent protocol. The WaveAgent dissector is
heuristic and parses the WaveAgent packet (a UDP payload).
The WaveAgent dissector has been Fuzz tested.
The VWR ENCAP and dissectors have been used extensively by VeriWave
customers in a special version of WireSark compiled by VeriWave.
svn path=/trunk/; revision=42155
Unable to display the correct IEEE802.11 MCS data rates due to header definition
The problem is due to the ieee_802_11_phdr.data_rate is defined as guint8,
since this variable is counting number of 0.5Mbps units, any datarates which is
higher than 255Mbps would get wrapped up. In the above example, only the lower
8bit value will be put into the ieee_802_11_phdr which is 0x04 and result in
the incorrect 2Mbps display.
There are 802.11n WLAN product is capable to transmit @450Mbps, we should fix
this data_rate from guint8 to guint16.
#BACKPORT
svn path=/trunk/; revision=42123
Add a new WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR encapsulation type, for use
by the EyeSDN file reader; unlike the pcap-encapsulated MS/TP, it
includes a direction indicator. Don't treat WTAP_ENCAP_BACNET_MS_TP as
if it has a direction indicator, as it doesn't; instead, do that for
WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR.
Add some missing entries to encap_table_base for WTAP_ENCAP_ values that
didn't get entries added.
svn path=/trunk/; revision=41969
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
Guy Harris