The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
BlueZ 5/Linux Kernel introduced new way to sniffing Bluetooth interfaces.
We are ready to use it. Libpcap provide new interface called
"bluetooth-monior".
Also fix trivial typos.
Change-Id: Ic608a3d8553bbebbb21f2733ec92c758cbf8f707
Reviewed-on: https://code.wireshark.org/review/253
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Combine the check for whether the field is within the packet data and
the swapping of the field into macros that do both, and use them.
Change-Id: I1db4c5fd76172edd44abc9fb111d79a2537c6c9d
Reviewed-on: https://code.wireshark.org/review/130
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For some routines that take multiple arguments that come from a struct
wtap_pkthdr, pass a pointer to the struct wtap_pkthdr in question,
rather than the separate arguments. Do this even if we're passing
expressions that were earlier assigned to the struct wtap_pkthdr fields
in question. This simplifies the calling sequences and ensures that the
right values are picked up by the called routine; in at least one case
we were *not* passing the right values (the code to handle Simple Packet
Blocks in pcap-ng files).
Also, call the byte-swapping routines for pseudo-header fields only if
we need to do byte-swapping.
Change-Id: I3a8badfcfeb0237dfc1d1014185a67f18c0f2ebe
Reviewed-on: https://code.wireshark.org/review/119
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
heuristic cases broken in r49999 when we permitted packets > 64KB, since that
relaxed so severely the definition of a valid packet header.
64MB is an arbitrary and perhaps suboptimal number, but it seems to do the right
thing in all the examples I have handy.
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9634
svn path=/trunk/; revision=54812
From Michal Labedski
1. add support for new btsnoop "format" introduced by BlueZ team in "btmon" tool
2. Bluetooth: Make EIR, AD and COD more generic
3. Bluetooth: HCI/LL: Update Error Codes to Core 4.1 Specification
4. Ubertooth: Fix response command handling
5. Ubertooth: Update to support firmware version
6. Ubertooth: Dissect by Vendor Id/Product Id
svn path=/trunk/; revision=54699
This is a VERY PRELIMINARY version of tfshark. It's an attempt to jumpstart FileShark and its architecture. Right now it's mostly just a very stripped down version of tshark with all of the necessary build modifications (including now building filetap library since tfshark depends on it)
This code has helped me identify what I believe to be all of the necessary layers for a complete fileshark architecture. And those layers will slowly be added in time (patches always welcome!).
svn path=/trunk/; revision=54646
seek-read routine does that.
Pass the length we just filled in to buffer_assure_space() in the
seek-read routine, and use that in the memcpy() as well.
svn path=/trunk/; revision=54568
both the read and seek-read routines.
Use the packet length read from the packet header when reading packets
randomly.
svn path=/trunk/; revision=54549
of bytes in them to 0, as there's no data in them, and set the offset in
that buffer of the stream's current position, to 0, as we're currently
at the beginning of the file in both streams.
This fixes some tricky-to-reproduce errors (which show up only if the
ngsniffer_t structure is allocated from data that's been allocated,
written to in those variables, and freed).
#BACKPORT 1.8, 1.10
svn path=/trunk/; revision=54544
ngsniffer_read_rec_data(), and separatelyskip extra data after that.
When reading randomly, use the packet length read from the packet
header.
svn path=/trunk/; revision=54523
and set it in NetXRay/Windows Sniffer files if the putative "ATM
reassembly failed" flag is set and, if reassembly failed, don't attempt
to dissect the packet.
svn path=/trunk/; revision=54503
heuristics, but do have a file extension that files of that format are
likely to have, use the extension of the file we're opening, if it has
one, as a hint for which heuristics to try first.
svn path=/trunk/; revision=54495
numeric values using strtoul and casting it the result to a guint32.
Hopefully no user or session IDs are negative or greater than 32 bits.
svn path=/trunk/; revision=54100
suspect, the change to handle VWR files with no packets); shuffle it
after all the types we've seen misidentified as VWR files.
svn path=/trunk/; revision=54012