structure include a file descriptor. Add a wtap_fstat() for the file
readers that use file times to generate time stamps (we really need a
way to say "this file has no time stamps" or "this file has only
relative time stamps).
svn path=/trunk/; revision=37026
the file, rather than the offset in the uncompressed data stream. That
way we don't get the "hey, we're more than 100% into the file, better
refigure this" surprise.
svn path=/trunk/; revision=37025
This patch incorporates the following fixes from the patch attached to
bug 5671 with changes as noted below:
1.) Files where the packet header and packet data are noncontiguous are
handled improperly, resulting in read misalignment and ultimately the
error message, "Observer: bad record: Invalid magic number 0xXXXXXXXX."
This bug is caused by not obeying the packet_entry_header.offset_to_frame
field.
2.) Daylight savings time is not properly accounted for in files using
local time encoding.
3.) As of Observer/GigaStor v13.10 (bug 5671 incorrectly stated v14),
timestamps in the file format changed from local time encoding to GMT
encoding. Wiretap has been changed to support reading both formats.
Patch submitted with bug 5671 added a separate file type to allow
writing local format. This patch does not add the separate file type
and always writes GMT.
4.) The wtap_dumper.bytes_dumped field is not being properly incremented
as data is written to files.
This patch also incorporates the following additional enhancements /
fixes not in bug 5671:
1.) Support for reading BFR files which contain Fibre Channel captures.
Test file Fibre_Channel_Capture.bfr attached.
2.) Support for modified file header used in upcoming v15. New header
file format takes an unused byte from the version string to allow for a
larger offset to the first packet to be specified. Test file
V15_Lrg_Hdr_Test.bfr is attached, it is also a fuzz test as the number
of TLV items given in the header is less then the actual.
3.) It was found that if the number of TLV items given in the header was
larger then present it would fail to open the file. Test file
V9_Num_TLVs_Too_Big.bfr is attached.
svn path=/trunk/; revision=36970
From me:
- #include <stdlib.h> not needed;
- Use consistent indentation;
- use #if 0/#endif to comment out code rather than /* */
svn path=/trunk/; revision=36884
From me:
- remove unneeded #include <stdlib.h>;
- fix some indentation;
- use #if 0/#endif rather that /* */ to comment out some code
svn path=/trunk/; revision=36883
we can cast not-necessarily-aligned pointers to pointers to those
structures without risk of compiler warnings *or* the underlying problem
the compiler's trying to warn us about (no, you can't always dereference
an unaligned pointer - SPARC traps, and at least some ARM processors may
do something other than what you want, for example).
This also caught some cases where we were not even properly
byte-swapping on big-endian platforms.
This also lets us not muck around with splitting 64-bit times into two
32-bit fields - we have pletohll(), after all.
svn path=/trunk/; revision=36787
file before doing any writes - it starts out at the beginning of the
file. This means that you *can* write a Network Instruments capture
file to a pipe, or write it out in compressed form, now that its
dump_open routine no longer seeks.
NetXRay format and K12 binary format, however, *do* require a seek when
writing them.
svn path=/trunk/; revision=36776
don't have an "additional information" string.
Get rid of WTAP_ERR_ZLIB; just report an internal error with
WTAP_ERR_INTERNAL instead. (If they start happening, we can think about
supplying an "additional information" string for compression errors on
output.)
svn path=/trunk/; revision=36774
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
has semantics similar to getc().
If it fails due to an EOF, set state->err to WTAP_ERR_SHORT_READ to
report a premature EOF; otherwise, raw_read() has already set
state->err, so don't set state->err to something else - that loses the
errno value in favor of a generic "bad data" error.
svn path=/trunk/; revision=36744
*", and some compilers complain when you cast that pointer to something
requiring stricter alignment. Maybe the intent is to nudge you into
thinking about whether the pointer really is properly aligned, but....
svn path=/trunk/; revision=36739
in which case ENOMEM is the right error, or we're running on Windows but
using UN*Xy routines, in which case ENOMEM is the right error; unlike
zlib, we don't have to run on a whole pile of OSes.)
svn path=/trunk/; revision=36648
analyzer warnings.
Return an actual error if we're failing because we're trying to write to
the standard output in compressed mode.
svn path=/trunk/; revision=36636
keeps GCC 4.6.0 from complaining about them and failing to build with
-Werror, and may also squelch some Coverity (and other static analyzer)
complaints.
svn path=/trunk/; revision=36599
In the end-of-stream code, when we're checking the CRC and length, don't
check the CRC or length if we failed to read them, and don't check the
length if the CRC is bad.
We define O_BINARY as 0 on UN*X in <wsutil/file_util.h>, so we don't
need to avoid using it on UN*X.
In file_gets(), check for delayed errors.
svn path=/trunk/; revision=36590
zran.c example in the zlib source.
This means that problems in the file's contents might not be reported
when a packet is read, as long as there's no problem in the contents of
the file up to the last bit of compressed data for the packet; we now
check for errors after finishing the sequential read of the file, at
least in some programs, so that shouldn't be an issue (the other
programs need to be changed to do so as well). This is necessary in
order to be able to read all the packets we saw in the sequential pass;
it also lets us get a few more packets from truncated files in some
cases.
svn path=/trunk/; revision=36577
may happen if, when reading a compressed file, we find an error in the
file's contents past the last packet (e.g., the file being cut short so
that we can't get a full buffer worth of compressed data), and that
reporting of that error is delayed (so that you can get all of the
packets that we *can* decompress). Check for those errors, at least on
the sequential read pass (the only errors we should see when closing the
random stream are errors we've already seen in the sequential stream).
svn path=/trunk/; revision=36576
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
this frees us from worrying about zlib large file issues on the write
side, and also lets us clean up a few other things.
svn path=/trunk/; revision=36563
support it.
Rename ws_lseek to ws_lseek64, as it should be given a 64-bit offset,
and have it use _lseeki64 on Windows, to try to get 64-bit offset
support; AC_SYS_LARGEFILE should cause lseek() to support 64-bit offsets
on UN*X if possible.
svn path=/trunk/; revision=36542
wiretap/file_wrappers.c; nothing outside of file_wrappers.c needs to
know what it looks like, it just passes around pointers to it.
svn path=/trunk/; revision=36538
calls that use it, cast it to whatever it's supposed to be. Making it a
gzFile means you can't use any stdio macros that reach inside the
structure; making it a FILE *, as it used to be, amounts to trying to
use a FILE * as a void * if we're writing a compressed file out.
svn path=/trunk/; revision=36521
unsigned int - to match file_read(). Shrink some arguments, variables,
and structure members appropriately.
Fix an incorrect sizeof - sizeof a pointer is the size of the pointer,
not the size of what it points to.
svn path=/trunk/; revision=36515
ws_lseek() to the appropriate type for the second argument to _lseek()
for Windows or lseek() for UN*X; ultimately, we want to call the
appropriate 64-bit-offset seek routine if available, otherwise cast the
value down and hand it to the 32-bit-offset seek routine.
svn path=/trunk/; revision=36514
Introduce file_clearerr
I'm unsure of this patch,
gzclearerr() is used to clear the end-of-file mark, but for FILE
there's function which do the same (clearerr).
I created test program if clearerr() is needed for tailing file.
and it seems to work without it (at least on Linux, so for
!HAVE_LIBZ I commented it out).
For now this patch introduce file_clearerr macro, and define it
only when EOF marking must be cleared (i.e. when HAVE_LIBZ and
HAVE_GZCLEARERR are defined).
So everything works like before, patch just to keep same prefix
for file interface :)
svn path=/trunk/; revision=36510
file-wrappers.[ch] is used only for reading files, and mode is always
"rb".
Attached patch removes 'mode' argument from file_open() & filed_open().
svn path=/trunk/; revision=36493
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
Coverity 789-790.
Since we've been keeping track of how many bytes we put in the buffer,
use that value instead of calling strlen() find it again.
Also, some white space/indentation cleanup.
svn path=/trunk/; revision=36397
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
netscreen_read(), checking the return value of
parse_netscreen_hex_dump() against -1 and explicitly returning FALSE if
it's -1, otherwise driving on.
svn path=/trunk/; revision=36237
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5654
From me:
- Entry for DVBCI added to wtap.c encap_table_base[];
- Some code simplification with respect to the use of col_...() for COL_INFO;
- Certain tests for "enough bytes available" not really needed;
- (Other minor tweaks);
- #include<stdio.h> not req'd;
- Minor reformatting and whitespace cleanup;
svn path=/trunk/; revision=36149
either the VC++ analyzer can't determine that or it *can*, in fact,
happen). Pick an error code that's not too far off.
svn path=/trunk/; revision=35957
pseudo-header, and hence there's no direction indication. Don't set
pinfo->p2p_dir for it. Use WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR, not
WTAP_ENCAP_BLUETOOTH_H4, for capture files where we have the direction.
Don't assume pinfo->p2p_dir is either P2P_DIR_SENT or P2P_DIR_RECV when
setting the info column in various Bluetooth dissectors; it might be
unknown.
In the HCI H4 dissector, put the direction into the info column
regardless of whether we have a type match or not; the dissectors for
HCI packet types appear to assume it's been set (as they put a blank at
the beginning of the stuff they append to the direction).
svn path=/trunk/; revision=35933
Get rid of debugging printouts that are equivalent to the "additional
error information" messages.
Return additional error info for all WTAP_ERR_BAD_RECORD errors.
svn path=/trunk/; revision=35800
- Define macros for certain CFLAGS in config.nmake iso of having defs in each makefile;
a. -DHAVE_CONFIG_H and -D_U_="" are now part of a macro named STANDARD_CFLAGS;
b. -WX has been replaced by WARNINGS_ARE_ERRORS (defined as -WX in config.nmake)
(This allows disabling "Warnings as Errors" by just changing config.nmake)
c. CVARSDLL definitions (not usage) have been removed from the various makefiles.
XXX: It appears the usage of CVARSDLL can also be removed (not yet done) since:
-DWIN32 and -DNULL=0 do not appear to be needed (any more);
-D_MT and _D_DLL are not needed since /MP causes these definitions.
d. Define a macro WARNINGS_CFLAGS with additional specific compiler (level4) warnings to be enabled.
E.G., 4295: array is too small to include a terminating null character
- config.nmake: reformat some long lines for readability;
- plugins\Makefile.nmake: clean-deps does nothing: remove it (and usage in top-level makefile);
- dissectors/Makefile.nmake: test to enable packet-rrc.obj target needs to include MSVC2010 ...
svn path=/trunk/; revision=35747
will see random crap as the error code.
However, if we're skipping a "TCPIPTRACE-W-BUFFERSFUL" error, if the
"error" we get is an end-of-file indication, that's *not* an error.
It is, however, ultimately a "we dropped some packets" indication; add a
comment noting that we should eventually treat it as such.
svn path=/trunk/; revision=35337
From me: For ipfix_open() don't actually return with *err=WTAP_ERR_BAD_RECORD.
Also: Move #define RECORDS_FOR_IPFIX_CHECK to ipfix.c from ipfix.h since
the definition is only used in ipfix.c.
svn path=/trunk/; revision=34589
http://www.opensync.org/browser/branches/3rd-party-cmake-modules/modules
+ split out FindGMODULE2.cmake
+ contains /sw/... by default
+ supposedly tested on OSX
- Disable pcre for cmake builds by default, gregex should be
picked up automatically if glib2 is not too old.
Should you have trouble linking due to some libgmodule... stuff
undefined, please add "${GMODULE2_LIBRARIES}" after "${GLIB2_LIBRARIES}"
an report back.
svn path=/trunk/; revision=34248
I try to configure Wireshark with cmake on macosx 10.6.
It fails with : set_target_properties called with incorrect number of arguments.
Attached a patch to fix this issue.
svn path=/trunk/; revision=34201
This fix adds back two lines of code removed in SVN #33678.
"Define WTAP_ENCAP_IEEE802_15_4_NOFCS, for use in file formats that don't
include the FCS, and use it for the Daintree SNA file format. [...]"
This fix just restores the discarding of two end-of-frame "pad" bytes as each frame is read
from the capture file; This seems to me to be the correct behaviour.
svn path=/trunk/; revision=33909
include the FCS, and use it for the Daintree SNA file format. While
we're at it, explicitly check to make sure the purported packet length
gives it at least one byte of packet data, and fix some print formats to
use %u for unsigned values.
svn path=/trunk/; revision=33678
is 0, but the packets have Ethernet headers. We handle this by mapping
0 to WTAP_ENCAP_ETHERNET.
(XXX - should we, instead, use the per-file link-layer type?)
svn path=/trunk/; revision=33620
to a gint64 (which won't sign-extend it) before multiplying by 1000, so
that the product is 64-bit and won't overflow.
svn path=/trunk/; revision=33609
format, the time offset from the start of the capture always had a
positive value, so it's an unsigned value. (In newer versions of NetMon
3.x, the capture can start before the "capture start" time stamp is set,
so packets can have a *negative* offset from the capture start time
stamp. Those captures are in the 2.x file format.)
svn path=/trunk/; revision=33607
the NetMon file format. Currently, we just use the network type field,
and we ignore all the special record types and don't try to handle any
of the other special network types.
We also catch bogus frame tables where the record is bigger than the
frame table says it is.
svn path=/trunk/; revision=33572
wtap_dump_file_write() (it does the right error checking for you, and
returns FALSE on failure and gives you the right error code).
svn path=/trunk/; revision=33117
wtap_dump_file_write(). Replace various wrappers around fwrite() with
wtap_dump_file_write(), or at least make the wrappers call
wtap_dump_file_write().
svn path=/trunk/; revision=33116
done.
Use the wtap_dump_file_ routines to write out capture files, and check
for errors.
Use the phton macros, when available, to translate to big-endian byte
order. Add a new phton24() macro.
Clean up indentation.
svn path=/trunk/; revision=33114
everybody use it; the places using the old wtap_dump_file_write() were
using it in the same way the old wtap_dump_file_write_all() did.
That also lets us get rid of wtap_dump_file_ferror().
Also, have the new wtap_dump_file_write() check for errors from
gzwrite() and fwrite() differently - the former returns 0 on error, the
latter can return a short write on error.
svn path=/trunk/; revision=33113
Guy Harris