Add a new WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR encapsulation type, for use
by the EyeSDN file reader; unlike the pcap-encapsulated MS/TP, it
includes a direction indicator. Don't treat WTAP_ENCAP_BACNET_MS_TP as
if it has a direction indicator, as it doesn't; instead, do that for
WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR.
Add some missing entries to encap_table_base for WTAP_ENCAP_ values that
didn't get entries added.
svn path=/trunk/; revision=41969
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
This is POC we may want to have more efficient use of the frame data
structure etc. But this allows for work to be done on the GUI to actually add comments.
svn path=/trunk/; revision=40969
encapsulation value and returns a GArray containing all the file types
that could be used to save a file of that file type and that
encapsulation value (which could be WTAP_ENCAP_PER_PACKET), with the
input file type first if that can be used and pcap or pcap-ng first if
not and if one of them can be used, and with pcap and pcap-ng clustered
together if they're among the file types that can be used.
Use that routine for the GTK+ file save dialog.
svn path=/trunk/; revision=40685
a field that gives the default extension for the file type,
*without* a leading "." (i.e., just the extension, not the "."
that separates it from the rest of the file name), which is NULL
if there are no known extensions;
a field that gives a semicolon-separated list of *other*
extensions, without "*." or ".", which is NULL if there are no
known extensions or there are no known extensions other than the
default.
Rename wtap_file_extension_default_string() to
wtap_default_file_extension() (matches the name of the field).
svn path=/trunk/; revision=40678
GSList of extensions for a file type, including extensions for the
compressed versions of those file types that we can read.
svn path=/trunk/; revision=40623
Wireshark distribution, give us code to read it. If somebody wants it
in their private version of Wireshark, they can manage that themselves.
(We should support plugins for file types at some point; I think we
already have support for Lua file readers.)
svn path=/trunk/; revision=40620
Move pcap-NG right after standard pcap in the list of file types, so
that it shows up early in the list of output file types in the "Save
As..." dialog box (if, that is, it's supported; if not, neither is pcap,
as they use the same link-layer header type values).
svn path=/trunk/; revision=40493
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
software. More work is needed:
we don't know where the capture start time is yet;
we aren't handling the "stop capture" record;
we don't know where the ISDN channel is;
there might be non-ISDN file formats;
but this at least is easier than trying to text2pcap hex dumps from that
software into pcap files.
svn path=/trunk/; revision=39588
This patch extends the ATM parser so as to allow GPRS NS traffic encapsulated
in ATM AAL5.
Additionally, added support for this into the 'Meta' dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6447
svn path=/trunk/; revision=39394
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
This patch incorporates the following fixes from the patch attached to
bug 5671 with changes as noted below:
1.) Files where the packet header and packet data are noncontiguous are
handled improperly, resulting in read misalignment and ultimately the
error message, "Observer: bad record: Invalid magic number 0xXXXXXXXX."
This bug is caused by not obeying the packet_entry_header.offset_to_frame
field.
2.) Daylight savings time is not properly accounted for in files using
local time encoding.
3.) As of Observer/GigaStor v13.10 (bug 5671 incorrectly stated v14),
timestamps in the file format changed from local time encoding to GMT
encoding. Wiretap has been changed to support reading both formats.
Patch submitted with bug 5671 added a separate file type to allow
writing local format. This patch does not add the separate file type
and always writes GMT.
4.) The wtap_dumper.bytes_dumped field is not being properly incremented
as data is written to files.
This patch also incorporates the following additional enhancements /
fixes not in bug 5671:
1.) Support for reading BFR files which contain Fibre Channel captures.
Test file Fibre_Channel_Capture.bfr attached.
2.) Support for modified file header used in upcoming v15. New header
file format takes an unused byte from the version string to allow for a
larger offset to the first packet to be specified. Test file
V15_Lrg_Hdr_Test.bfr is attached, it is also a fuzz test as the number
of TLV items given in the header is less then the actual.
3.) It was found that if the number of TLV items given in the header was
larger then present it would fail to open the file. Test file
V9_Num_TLVs_Too_Big.bfr is attached.
svn path=/trunk/; revision=36970
don't have an "additional information" string.
Get rid of WTAP_ERR_ZLIB; just report an internal error with
WTAP_ERR_INTERNAL instead. (If they start happening, we can think about
supplying an "additional information" string for compression errors on
output.)
svn path=/trunk/; revision=36774
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
Guy Harris