snoop file unless it has enoguh padding to hold a Shomiti trailer
record. (DEAR SUN MICROSYSTEMS: PLEASE DO NOT STUFF 16 OR MORE BYTES OF
PADDING INTO A SNOOP PACKET. THANK YOU. HAVE A NICE DAY.)
Add a little paranoia about the record and captured data lengths.
svn path=/trunk/; revision=8883
2000, 00:00:00 *local* time. The amount to add to that is just the UNIX
time stamp value for that point in time; get it with "mktime()".
svn path=/trunk/; revision=8854
get rid of the reference to its "tm_gmtoff" member - there are platforms
on which Ethereal runs that don't have "tm_gmtoff" in "struct tm". If
the time stamp in the packets is nanoseconds since midnight 2001-01-01
*local* time, we'd need to compute the offset between that and midnight
2000-01-01 GMT, and adjust the time with that.
svn path=/trunk/; revision=8842
swap the "captured length" and "length" fields, to the open-file code;
store a tri-state (definitely swapped, definitely not swapped, maybe
swapped) value in the per-capture-file-format information for libpcap
format, and use that when processing packets.
svn path=/trunk/; revision=8774
recurse into subdirectories doing "nmake -f Makefile.nmake distclean".
Have "nmake -f Makefile.nmake clean" not remove stuff that "make clean"
doesn't remove (such as Flex/Bison output and config.h files) - and have
"nmake -f Makefile.nmake distclean" remove stuff that "make distclean"
removes, including "tethereal-tap-register.c" and
"ethereal-tap-register.c".
svn path=/trunk/; revision=8672
a UNIX version generating code that, by default, assumes you have
<unistd.h> (as might be the case with recent versions of Cygwin, which I
assume *does* supply <unistd.h>), but you're building on a platform that
lacks <unistd.h> (e.g., building with MSVC++ or MinGW), you can still
compile.
svn path=/trunk/; revision=8602
0 means "there is no FCS in the packet data", 4 means "there is an FCS
in the packet data", -1 means "I don't know whether there's an FCS in
the packet data, guess based on the packet size".
Assume that Ethernet encapsulated inside other protocols has no FCS, by
having the "eth" dissector assume that (and not check for an Ethernet
pseudo-header).
Have "ethertype()" take an argument giving the FCS size; pass 0 when
appropriate.
Fix up Wiretap routines to set the pseudo-header. This means we no
longer use the "generic" seek-and-read routine, so get rid of it.
svn path=/trunk/; revision=8578
0 means "there is no FCS in the packet data", 4 means "there is an FCS
in the packet data", -1 means "I don't know whether there's an FCS in
the packet data, guess based on the packet size".
Assume that Ethernet encapsulated inside other protocols has no FCS, by
having the "eth" dissector assume that (and not check for an Ethernet
pseudo-header).
Have "ethertype()" take an argument giving the FCS size; pass 0 when
appropriate.
Fix up Wiretap routines to set the pseudo-header. This means we no
longer use the "generic" seek-and-read routine, so get rid of it.
svn path=/trunk/; revision=8574
type, and telling them how it should *NOT* be done, i.e. you should ask
tcpdump-workers for a new DLT_ value, you should not just pick a value
on your own, and you should especially not reuse a value that's already
in use!
Put in comments about reserved values in the current CVS libpcap.
svn path=/trunk/; revision=8367
use WTAP_ENCAP_ATM_PDUS as the default encapsulation for ATM;
don't use ULL constants, as not all C compilers that support
gint64 support them, and as there's no need to make them ULL
constants.
svn path=/trunk/; revision=8278
a not-yet-ready-for-prime-time project of mine (fast random access to
gzipped files, plus an mechanism to allow support for other forms of
compression).
svn path=/trunk/; revision=8221
the MS Visual Studio debugger, get confused by two files with the same
name being in a program's source, even though they're in different
directories.
svn path=/trunk/; revision=8208
"unsigned short", "unsigned int" (or "int", as the items appear to be
unsigned), or "unsigned long".
Convert data to and from the appropriate byte order.
Don't free the private data structure in the dumper's close routine -
"wtap_dump_close()" does that for you.
svn path=/trunk/; revision=8094
the network type being 1 and the byte after it being 2; we assume, for
now, that the network type is 1 byte, and that if the byte after it is
0, the network type is an NDIS type - 1, and if it's 2, it's an NDIS type.
svn path=/trunk/; revision=7973
rathe than the record length minus the record header length, as the
number of available (captured) bytes in the packet. Check to make sure
that value isn't bigger than the record length minus the header length.
Only subtract the 4-byte FCS length from the purported length of the
packet on the wire if that would leave the on-the-wire length >= the
number of captured bytes, so that we can better handle capture files
from programs that produce LANalyzer-format captures where the
on-the-wire length *doesn't* include the FCS.
svn path=/trunk/; revision=7948
is pointless, as it's a 16-bit unsigned quantity. Remove those checks -
but note in a comment that WTAP_MAX_PACKET_SIZE must be at least 65535
(as there might well be link-layer types with packets at least that
large).
svn path=/trunk/; revision=7934
variables the user configures - the user isn't expected to change
GLIB_LIBS or GTK_LIBS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate libraries for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7885
variables the user configures - the user isn't expected to change
GLIB_CFLAGS or GTK_CFLAGS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate "/I" flags for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7884
matched if it succeeds, so that it gets re-read when we read the capture
file - it's a line containing a time stamp for a packet, so we need to
re-read it to get that time stamp.
svn path=/trunk/; revision=7752
line, not the "RCV packet" part, so that we recognize files even if they
don't have an "RCV packet" line in the first 200 lines.
svn path=/trunk/; revision=7699
value for DLT_PFLOG, and that goes along with a change to the link-layer
header for DLT_PFLOG - support both the old and new values and format.
svn path=/trunk/; revision=7676
Following fixes for nettl (HP-UX):
1) Fixed 11.X timestamp issue
there is no difference in 10.X/11.X timestamps, so no
need to shift 11.X timestamps
2) Fixed NS_LS_DRIVER trace record handling
now works rather than throwing "...network type that
Ethereal doesn't support" error
3) Fixed handling of traces with sliced packets (nettl -m xx)
now uses correct packet and capture lengths
4) Additional ethernet card support
now handles btlan[1,3-6],gelan,igelan,intl100 driver
trace records
svn path=/trunk/; revision=7642
Makefile.am:99: `YFLAGS' is a user variable, you should not override it;
Makefile.am:99: use `AM_YFLAGS' instead.
Fix it in the proposed way.
svn path=/trunk/; revision=7582
stuff I sent out in a mail message to somebody asking how to add support
for a new file format, but hopefully it'll get improved by various
contributors over time (hint hint).
svn path=/trunk/; revision=7397
aren't 1/1193000.0 second; the code used to use 1/1193180.0 second, but
at least one capture appears to have units of somewhere around
1/3579540.0 second.
svn path=/trunk/; revision=7388
Guy Harris