pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
pointer to a string to a non-const pointer discards qualifiers; make the
err_info member of the wtap_reader structure a const pointer.
svn path=/trunk/; revision=37671
<zlib.h> there, rather than wtap-int.h. That obviates the need to
include config.h earlier in ascend_scanner.l; revert the previous
change, so we don't require a version of Flex that supports %top.
svn path=/trunk/; revision=37640
This is significant update to the existing iseries wiretap module. It adds
support for IPv6 (formatted & unformatted comms traces), in addition I've
tidied up the sscanf routines to better handle traces files with offset lines.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5957
svn path=/trunk/; revision=37466
structure include a file descriptor. Add a wtap_fstat() for the file
readers that use file times to generate time stamps (we really need a
way to say "this file has no time stamps" or "this file has only
relative time stamps).
svn path=/trunk/; revision=37026
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
This patch incorporates the following fixes from the patch attached to
bug 5671 with changes as noted below:
1.) Files where the packet header and packet data are noncontiguous are
handled improperly, resulting in read misalignment and ultimately the
error message, "Observer: bad record: Invalid magic number 0xXXXXXXXX."
This bug is caused by not obeying the packet_entry_header.offset_to_frame
field.
2.) Daylight savings time is not properly accounted for in files using
local time encoding.
3.) As of Observer/GigaStor v13.10 (bug 5671 incorrectly stated v14),
timestamps in the file format changed from local time encoding to GMT
encoding. Wiretap has been changed to support reading both formats.
Patch submitted with bug 5671 added a separate file type to allow
writing local format. This patch does not add the separate file type
and always writes GMT.
4.) The wtap_dumper.bytes_dumped field is not being properly incremented
as data is written to files.
This patch also incorporates the following additional enhancements /
fixes not in bug 5671:
1.) Support for reading BFR files which contain Fibre Channel captures.
Test file Fibre_Channel_Capture.bfr attached.
2.) Support for modified file header used in upcoming v15. New header
file format takes an unused byte from the version string to allow for a
larger offset to the first packet to be specified. Test file
V15_Lrg_Hdr_Test.bfr is attached, it is also a fuzz test as the number
of TLV items given in the header is less then the actual.
3.) It was found that if the number of TLV items given in the header was
larger then present it would fail to open the file. Test file
V9_Num_TLVs_Too_Big.bfr is attached.
svn path=/trunk/; revision=36970
From me:
- #include <stdlib.h> not needed;
- Use consistent indentation;
- use #if 0/#endif to comment out code rather than /* */
svn path=/trunk/; revision=36884
From me:
- remove unneeded #include <stdlib.h>;
- fix some indentation;
- use #if 0/#endif rather that /* */ to comment out some code
svn path=/trunk/; revision=36883
we can cast not-necessarily-aligned pointers to pointers to those
structures without risk of compiler warnings *or* the underlying problem
the compiler's trying to warn us about (no, you can't always dereference
an unaligned pointer - SPARC traps, and at least some ARM processors may
do something other than what you want, for example).
This also caught some cases where we were not even properly
byte-swapping on big-endian platforms.
This also lets us not muck around with splitting 64-bit times into two
32-bit fields - we have pletohll(), after all.
svn path=/trunk/; revision=36787
file before doing any writes - it starts out at the beginning of the
file. This means that you *can* write a Network Instruments capture
file to a pipe, or write it out in compressed form, now that its
dump_open routine no longer seeks.
NetXRay format and K12 binary format, however, *do* require a seek when
writing them.
svn path=/trunk/; revision=36776
don't have an "additional information" string.
Get rid of WTAP_ERR_ZLIB; just report an internal error with
WTAP_ERR_INTERNAL instead. (If they start happening, we can think about
supplying an "additional information" string for compression errors on
output.)
svn path=/trunk/; revision=36774
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
has semantics similar to getc().
If it fails due to an EOF, set state->err to WTAP_ERR_SHORT_READ to
report a premature EOF; otherwise, raw_read() has already set
state->err, so don't set state->err to something else - that loses the
errno value in favor of a generic "bad data" error.
svn path=/trunk/; revision=36744
*", and some compilers complain when you cast that pointer to something
requiring stricter alignment. Maybe the intent is to nudge you into
thinking about whether the pointer really is properly aligned, but....
svn path=/trunk/; revision=36739
in which case ENOMEM is the right error, or we're running on Windows but
using UN*Xy routines, in which case ENOMEM is the right error; unlike
zlib, we don't have to run on a whole pile of OSes.)
svn path=/trunk/; revision=36648
analyzer warnings.
Return an actual error if we're failing because we're trying to write to
the standard output in compressed mode.
svn path=/trunk/; revision=36636
keeps GCC 4.6.0 from complaining about them and failing to build with
-Werror, and may also squelch some Coverity (and other static analyzer)
complaints.
svn path=/trunk/; revision=36599
In the end-of-stream code, when we're checking the CRC and length, don't
check the CRC or length if we failed to read them, and don't check the
length if the CRC is bad.
We define O_BINARY as 0 on UN*X in <wsutil/file_util.h>, so we don't
need to avoid using it on UN*X.
In file_gets(), check for delayed errors.
svn path=/trunk/; revision=36590
zran.c example in the zlib source.
This means that problems in the file's contents might not be reported
when a packet is read, as long as there's no problem in the contents of
the file up to the last bit of compressed data for the packet; we now
check for errors after finishing the sequential read of the file, at
least in some programs, so that shouldn't be an issue (the other
programs need to be changed to do so as well). This is necessary in
order to be able to read all the packets we saw in the sequential pass;
it also lets us get a few more packets from truncated files in some
cases.
svn path=/trunk/; revision=36577
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
this frees us from worrying about zlib large file issues on the write
side, and also lets us clean up a few other things.
svn path=/trunk/; revision=36563
support it.
Rename ws_lseek to ws_lseek64, as it should be given a 64-bit offset,
and have it use _lseeki64 on Windows, to try to get 64-bit offset
support; AC_SYS_LARGEFILE should cause lseek() to support 64-bit offsets
on UN*X if possible.
svn path=/trunk/; revision=36542
wiretap/file_wrappers.c; nothing outside of file_wrappers.c needs to
know what it looks like, it just passes around pointers to it.
svn path=/trunk/; revision=36538
calls that use it, cast it to whatever it's supposed to be. Making it a
gzFile means you can't use any stdio macros that reach inside the
structure; making it a FILE *, as it used to be, amounts to trying to
use a FILE * as a void * if we're writing a compressed file out.
svn path=/trunk/; revision=36521
unsigned int - to match file_read(). Shrink some arguments, variables,
and structure members appropriately.
Fix an incorrect sizeof - sizeof a pointer is the size of the pointer,
not the size of what it points to.
svn path=/trunk/; revision=36515
ws_lseek() to the appropriate type for the second argument to _lseek()
for Windows or lseek() for UN*X; ultimately, we want to call the
appropriate 64-bit-offset seek routine if available, otherwise cast the
value down and hand it to the 32-bit-offset seek routine.
svn path=/trunk/; revision=36514
Introduce file_clearerr
I'm unsure of this patch,
gzclearerr() is used to clear the end-of-file mark, but for FILE
there's function which do the same (clearerr).
I created test program if clearerr() is needed for tailing file.
and it seems to work without it (at least on Linux, so for
!HAVE_LIBZ I commented it out).
For now this patch introduce file_clearerr macro, and define it
only when EOF marking must be cleared (i.e. when HAVE_LIBZ and
HAVE_GZCLEARERR are defined).
So everything works like before, patch just to keep same prefix
for file interface :)
svn path=/trunk/; revision=36510
file-wrappers.[ch] is used only for reading files, and mode is always
"rb".
Attached patch removes 'mode' argument from file_open() & filed_open().
svn path=/trunk/; revision=36493
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
Coverity 789-790.
Since we've been keeping track of how many bytes we put in the buffer,
use that value instead of calling strlen() find it again.
Also, some white space/indentation cleanup.
svn path=/trunk/; revision=36397