the NetMon file format. Currently, we just use the network type field,
and we ignore all the special record types and don't try to handle any
of the other special network types.
We also catch bogus frame tables where the record is bigger than the
frame table says it is.
svn path=/trunk/; revision=33572
wtap_dump_file_write() (it does the right error checking for you, and
returns FALSE on failure and gives you the right error code).
svn path=/trunk/; revision=33117
wtap_dump_file_write(). Replace various wrappers around fwrite() with
wtap_dump_file_write(), or at least make the wrappers call
wtap_dump_file_write().
svn path=/trunk/; revision=33116
done.
Use the wtap_dump_file_ routines to write out capture files, and check
for errors.
Use the phton macros, when available, to translate to big-endian byte
order. Add a new phton24() macro.
Clean up indentation.
svn path=/trunk/; revision=33114
everybody use it; the places using the old wtap_dump_file_write() were
using it in the same way the old wtap_dump_file_write_all() did.
That also lets us get rid of wtap_dump_file_ferror().
Also, have the new wtap_dump_file_write() check for errors from
gzwrite() and fwrite() differently - the former returns 0 on error, the
latter can return a short write on error.
svn path=/trunk/; revision=33113
reach EOF, zlib's file handle seems to stay at EOF even when more data
is appended to the file. Add a check for 1.2.5 which calls gzseek in
order to unset EOF. Fixes bugs 4708 and 4748.
svn path=/trunk/; revision=32715
Support PPP-over-USB.
Don't remove the USB pseudo-header from the packet data for
Linux USB packets, just byte-swap it if necessary and have the
USB dissector fetch the pseudo-header from the raw packet data.
Update USB language ID values.
svn path=/trunk/; revision=32534
1) if it's not an SHB, just say "this is not a pcap-ng file",
don't try to process it (we can't process it, as we haven't
finished setting up all the state information yet);
2) if it has the right SHB type code, but isn't a valid SHB,
just say "this is not a pcap-ng file".
For all other SHB's, treat anything that renders it invalid as an error.
svn path=/trunk/; revision=32393
- Add checking for linker flags
- Install plugins with the name including the Wireshark version.
This will make it easier to find matching plugin versions if
files get just copied over.
svn path=/trunk/; revision=32231
wtap-int.h, and change the unions of pointers to those private data
structures into just void *'s.
Have the generic wtap close routine free up the private data, rather
than the type-specific close routine, just as the wtap_dumper close
routine does for its private data. Get rid of close routines that don't
do anything any more.
svn path=/trunk/; revision=32015
PARSED_RECORD if we got a packet;
PARSED_NONRECORD if the parser succeeded but didn't see a packet;
PARSE_FAILED if the parser failed.
Treat anything other than PARSED_RECORD as a failure, for now; I'm not
sure why we were treating "parser succeeded but didn't see a packet" as
success, as that was causing us to recognize some non-Ascend-output text
files as Ascend files and to return "records" with bogus caplen and len
values.
svn path=/trunk/; revision=32009
iSeries capture processor. Parse the start date into year/month/day at
the time we see it, rather than for every packet; that means we don't
need to allocate a buffer to hold the date as a string (a buffer which
we weren't ever freeing).
svn path=/trunk/; revision=31981
types in the modules for those capture file types, not in wtap-int.h, so
wtap-int.h doesn't have to change when the code to handle that
particular capture type changes, or a new capture file type is added.
(Ultimately, we should do this for all the private data structures.)
svn path=/trunk/; revision=31974
wtap_wtap_encap_to_pcap_encap() to wiretap/pcap-encap.h. Include it
where it's needed; don't include other Wiretap headers where they're not
needed.
Include pcapng.h in pcapng.c, to declare the functions defined in
pcapng.c. Add some casts to squelch some warnings, and add to a comment
to indicate one of the problems.
svn path=/trunk/; revision=31960
now), the capture file's header encapsulation type is set to 1 for Ethernet for
backwards compability only. These files use per-packet encapsulation types
instead. For now, set it to Unknown file encapsulation until we can find a
way to set it to WTAP_ENCAP_PER_PACKET without having to assert in wtap_read()
so the user can see that it is a per-packet encapulation in places such as
the capinfos program.
svn path=/trunk/; revision=31213
From me: Remove changes related to the ARP protocol because it doesn't
appear to be necessary for SocketCAN. Will add later if Felix says it is
needed.
svn path=/trunk/; revision=31196
"... a patch to make the netscaler wiretap code independent of the
host system endian-ness.
I have taken care of (1) reading and writing nstrace files (netscaler.c) and
(2) reading in dissector code (packet-nstrace.c) also."
See: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3540#c26
svn path=/trunk/; revision=31171
Added support for Solaris IPNET layer
From me:
Some code cleanup in packet-ipnet.c
Added packet-ipnet.c to CMakeFiles.txt
Added WTAP_ENCAP_IPNET to encap_table_base[]
svn path=/trunk/; revision=31159
to have been set. Do not set it to something g_mallocated in that case,
as that will cause a memory leak - the error string will not be freed by
the caller, as it's presumed not to have been set.
svn path=/trunk/; revision=31001
more than just dumping, indicate what stuff is used for dumping, and
note that it probably shouldn't be used for that (one should not have to
have a Catapult 2000 input file in order to write a Catapult 2000 output
file).
svn path=/trunk/; revision=30719
threads reading from two different wtap_t's in different threads.
file_externals_table considered unnecessary - a wtap_t has a member
specifically intended to point to private data.
Clean up indentation.
svn path=/trunk/; revision=30707
are any BSD/OS users still out there using Wireshark to read RFC 1483
ATM captures from BSD/OS, they can still do so, but all other users get
to read OpenBSD DLT_ENC captures, not just users *on* OpenBSD.
That also lets us simplify some hacks to deal with a link-layer type of
13 on Nokia IPSO captures.
svn path=/trunk/; revision=30159
on the stack! There is no guarantee that the header length won't cause a
buffer overflow - there could be a bug in some version of Surveyor
generating a bad file, there could be a future version of Surveyor that
has a really big pseudo-header, the file could've been written by
something other than Surveyor that has a bug in it, there could be a
file that's corrupted in transit, or there could be a deliberately
malformed packet trying to cause *Shark to execute arbitrary code.
Also, explicitly check for a too-short header length and fail with
WTAP_ERR_BAD_RECORD in that case.
Add some comments asking some questions about the header.
(The previous change was for bug 3856:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3856
not bug 3865.)
svn path=/trunk/; revision=29958
The Shomiti Wireless head was modified in a recent release such that wireshark
can no longer read Shomiti wireless capture files.
This new format is backwards compatible with the old format.
svn path=/trunk/; revision=29956
It's only beginnings, so epan is commented out in
the subdirs statement.
This is more a synch to avoid duplicate work and creating
conflicting patches to the cmake stuff.
svn path=/trunk/; revision=29666
- made it compile with --as-needed
This patch was taken from the opensuse wireshark.spec file.
No thanks go to the author and the package maintainers of
this package for not sending this upstream - it would have
made it into 1.2.0.
svn path=/trunk/; revision=29326
KHciLoggerDatalinkTypeBCSP and KHciLoggerDatalinkTypeH5 aren't supported
- just explicitly say "BSCP" or "H5".
For unknown link-layer types, say "unknown or unsupported", as other
Wiretap modules do.
svn path=/trunk/; revision=28925
This fixes a bug reported by Tyson Key as a follow up of Bug 3560.
Also some cleanups and debug output improvements.
Thanks to Tyson Key for reporting the bug and providing a tracefile.
This fix will be included in Wireshark 1.2.1 and higher.
svn path=/trunk/; revision=28868
text2pcap uses 102400.
This fixes bug 3620. Thanks to Tyson Key for reporting the bug
and providing capture files.
This fix should be included in Wireshark 1.2.1 and higher.
svn path=/trunk/; revision=28866
encapsulations.
This fixes a bug reported by Sake during the
Sharkfest 09. Thanks for providing a
Netscreen tracefile with multiple link layer
types.
This patch will be included in Wireshark 1.2.1
and higher.
svn path=/trunk/; revision=28862
* adds an encapsulation argument to pcap_write_phdr.
* writes the pseudo header when writing pcapng files.
This fixes a bug where you could not write pcapng files
when using encapsulations requiring pseudo headers.
svn path=/trunk/; revision=28859
this a the file encapsulation.
This fixes a bug where you can not save a file
in libpcap format when you captured it as a
pcapng one.
This fix will be scheduled for Wireshark 1.2.1
and higher.
svn path=/trunk/; revision=28858
* adds an encap argument to pcap_process_pseudo_header.
* adds support for reading pseudo headers.
It fixes Bug 3560.
Thanks to Tyson Key for reporting the bug and providing
trace files. This fix will be scheduled for inclusion in
Wireshark 1.2.1 and higher.
svn path=/trunk/; revision=28857
* Initialize pseudoheader.
* Add some input validation / protection code.
* Fix some return values.
* Clean up some whitespaces.
This fixes Bug 3565. Thanks to Tyson Key how reported
the issue and provided capture files for debugging.
This fix is scheduled for inclusion in Wireshark 1.2.1
and higher.
svn path=/trunk/; revision=28850
Because Lucent/Ascend equipment will sometimes omit the hex dump for a packet
or send two headers followed by two hex dumps, Wireshark needs to be very
lenient when parsing a Lucent/Ascend trace. On a busy access server, a packet
like this is pretty likely to appear within a few minutes.
svn path=/trunk/; revision=28749
That way we hopefully won't need the runlex.sh hack any
more. Also the ylwrap stuff is (hopefully) obsolete.
ascend.[hc] -> ascendtext.[hc]
ascend-scanner.l -> ascend_scanner.l
ascend-grammar.y -> ascend.y
svn path=/trunk/; revision=28744
have it (we have the size with the pseudo-header length already
removed); we've already read the packet, and thus have already checked
it. Fixes bug 3501.
svn path=/trunk/; revision=28607
Add support to read citrix netscaler capture file format.
From me:
- Renamed packet-ns.c to packet-nstrace.c
- Rewrote to not use "goto" in netscaler.c
- Moved dissecting of coreid
svn path=/trunk/; revision=28564
few mistakes that I made earlier.
Current status: dumpcap still doesn't build
Next step: Add a ylwrap like workaround for flex misbehaviour.
svn path=/trunk/; revision=28518
In Juniper NetScreen snoop output files, the encapsulation type of
traffic on ADSL interfaces can be ethernet or PPP. Check whether the
first 6 bytes of the data are the same as the destination mac-address
in the packet header. If they are, assume ethernet. If not, assume PPP.
svn path=/trunk/; revision=28471
If a PCAP file containing WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR packets is saved,
it gets corrupted because the direction pseudo header isn't included.
svn path=/trunk/; revision=28441
- Send last byte of header (type) and data to a packetlogger dissector
- Rewrite type to ACI channel in the dissector
- Direction is indirectly given from the PL type
- Dissect PacketLogger NewC and Info as text
svn path=/trunk/; revision=28141
that would break compilation for older compilers. Create a "DLL_LDFLAGS"
variable and use it in DLLs and plugins. Use PLUGIN_LDFLAGS and
DLL_LDFLAGS where needed. Don't force i386 code in the TPG plugin.
svn path=/trunk/; revision=27582
Added support for HPVM (Integrity Virtual Machines) guest AVIO (Accelerated Virtual IO) driver IGSSN.
Cleaned up the trace record checks.
Made the default ethernet if the nettl subsystem is not recognized.
svn path=/trunk/; revision=27549
wiretap. Modify various other locations to accommodate the fact that
PacketLogger files do not specify the direction of packets.
svn path=/trunk/; revision=27463
Added LAPDm protocol dissector, GSM Um layer, and wiretap support for dct3trace
captures, generated by gammu (many available at http://wiki.thc.org/gsm).
svn path=/trunk/; revision=27176
Also: comment out support for MTP_L2 and SSCOP (encapsulation types
WTAP_ENCAP_MTP2 & WTAP_ENCAP_ATM_PDUS) since I don't know how to
fill in the pseudo_headers required by packet-mtp2 and packet-atm.
svn path=/trunk/; revision=27172
Fixed:
Crash when reading a K12text file with one frame;
Crash after selecting the last frame and then a previous frame
after file open.
Select of frame n (>1) immediately after file open incorrectly
displayed the packet details & data from frame n+1.
File ! Merge (for K12text files) did not work correctly.
Fixes:
Essentially: clear all lexer state (look-ahead buffer, etc)
for every file read. Also: Don't use global for keeping
track of the current file position.
Also: Handle *nix-style line endings as well as DOS-style.
svn path=/trunk/; revision=27158
back to libwiretap for now, as it's inherently tied to reading libpcap
files; at some point we might want to have pcap-reading (and
pcap-ng-reading?) code in a separate library, for use by, for example,
dumpcap (and rawshark?).
svn path=/trunk/; revision=27076
followed by 8 bytes of "struct usb_device_setup_hdr", even if there's no
setup information, but it should be interpreted only if setup_flag is 0.
(That's what those mysterious 8 bytes are.)
svn path=/trunk/; revision=27043
The code in wiretap/wtap.c is not right. Because g_array_append_val should accept a value
of type 'struct encap_type_info' rather than a pointer to this type.
svn path=/trunk/; revision=26816
#include winsock2.h pulls in about 90 distinct .h files
and about 140 total .h files.
Currently winsock2.h is (mostly unnecessarily) included
for each dissector via packet.h/wtap.h.
This patch removes #include winsock2.h from wtap.h and
then includes winsock2.h (or windows.h) in the
few specific places required.
With this patch, my Windows Wireshark build takes
about 30% less time.
svn path=/trunk/; revision=26535
provide a default case (returning an error) to prevent wiretap from asserting
out because we didn't set the packet encapsulation.
svn path=/trunk/; revision=26327
of adding libwsutil but somehow I missed it/got it wrong. This should solve
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1677#c18
Also remove the _DEPENDENCIES lines in epan and wiretap (as was done in the
top-level Makefile in rev 25930) so that automake will automatically figure out
the dependencies for us.
Since the those 2 libraries now link against libwsutil, don't make every
executable link against the library. (If this works I think we can
significantly trim the list of libraries the executables link against and just
let the libraries pull in what they need--which is, apparently, the point of
the --as-needed flag: http://www.gentoo.org/proj/en/qa/asneeded.xml ).
svn path=/trunk/; revision=26218
Fix a final eth_fopen -> ws_fopen
When configuring with --without-zlib these functions need to have some parameters tagged _U_
svn path=/trunk/; revision=26212
do *not* modify the string handed to them - they g_mallocate a new
string and return it.
Create routines that *do* ASCII-only case mapping in place, and use them
instead.
Clean up indentation.
svn path=/trunk/; revision=26131
MSC_VER_REQUIRED when we run mt.exe instead of checking for each
individual MSVC_VARIANT. This fixes the current buildbot test failures
on Windows, which resulted from a missing check for MSVC2008. This
also keeps us from having to mess with a bunch of makefiles when we add
support for new Visual C++ versions.
svn path=/trunk/; revision=26052
From me:
Instead of adding adns_config.h, place it a custom adns package in
wireshark-win32-libs. Update tools/win32-setup.sh accordingly.
Split the MSVC2008EE variant into MSVC2008 and MSVC2008EE, similar to
MSVC2005 and MSVC2005EE. We have to worry about vcredist_x86.exe in
both cases.
Add Pascal to AUTHORS.
Update the Developer's Guide.
svn path=/trunk/; revision=25921
ERF files can contain records of type TYPE_PAD. These records are not related
to captured packets, have a zero timestamp value and no associated packet data.
Normally TYPE_PAD records are stripped out during capture, but in rare cases
unstripped files may exist.
Previously wiretap/erf.c generated an 'unknown record encapsulation' error when
encountering TYPE_PAD records.
With this patch Wireshark skips over any TYPE_PAD records within ERF traces
files without reporting an error. TYPE_PAD records are not counted, displayed
or decoded.
svn path=/trunk/; revision=25733
Guy Harris