static to the module.
Add the older(?) ID tag for MPEG audio.
Just use the ID at the beginning to identify MPEG audio files; don't
check the file any further.
If the read of the magic number doesn't work, get the error, and, if
there is no error (i.e., it's a short read), just return 0 (meaning "no
error, but this isn't that type of file).
Similarly, if the magic number doesn't match, just return 0, so other
types of file are tried.
svn path=/trunk/; revision=21192
(Temporarily disable the warnings as errors default on Unix to get
to get the buildbots and people with gcc40 going again until those
additional warnings gcc40 generates can be fixed-I'm working on it
ASAP)
Patch for configure.in which disables by default the treatment of
warnings as errors.
It can be enabled with './configure --with-warnings-as-errors'.
The macro will test first if GCC is present. If it's the case,
HAVE_WARNINGS_AS_ERRORS is defined. All the USING_GCC have been replaced
by HAVE_WARNINGS_AS_ERRORS.
With this switch, people won't suffer from unexpected warnings when
downloading svn sources during the transition time ;)
svn path=/trunk/; revision=21153
directory and most of the plugins to match the same command
put in the Makefile.nmake files for Windows compliations. Fix
a few warnings when compiling under gcc 3.4.4 on FreeBSD. Create
new automake file variable called USING_GCC in configure.in and
wiretap/configure.in to acomplish the above -Werror addition.
svn path=/trunk/; revision=21127
remove all compiler warnings:
a) prevent wrong malloc/free definitions by lex/yacc generated files
b) add int/time_t casts - MSVC2005 is more "sensitive" about this than MSVC6
svn path=/trunk/; revision=21078
In the attached patch, the K12 wiretap now saves the content of record
after captured packet data. The K12 dissector then could extract them and provide
useful information to properly dissect FP frames (user plane of UTRAN Iub
interface).
svn path=/trunk/; revision=20749
Kriang Lerdsuwanakij <lerdsuwa@users.sourceforge.net>
I discovered that Wireshark K12xx detects the type of input (E1 timeslot or ATM)
based on the extra information. My previous patch to enable Wireshark to open
K12xx files with no extra information (extra_len equals 0 in SRCDEST record)
failed to give later dissectors the input type.
Attached is the patch to correct this for ATM PVC. It adds VPI/VCI/CID information
for display in the dissected tree (in k12_open function). k12_read and k12_seek_read
are also made more robust. These are reverse engineered based on hexeditor
and constants found in tektronix configuration file. Please apply the patch.
svn path=/trunk/; revision=20705
Modified to support the header as a pseudo_header rather than as part of
the packet data.
Fixed some calls that fetch data from the USB packet to fetch it in
little-endian byte order.
Got rid of redundant code to get conversation-specific data (the
get_usb_conv_info() call already does that).
For control packets, only parse the setup information if setup_flag is
0.
Don't interpret a control packet as a standard request unless the setup
type is "Standard".
svn path=/trunk/; revision=20632
I found out the reason Wireshark refuses to read some .rf file I have.
Those files have zero extra_len in SRCDEST header structure. See the
attached file for example. It was created by selecting some frames from
a larger .rf5 file (within Tektronix's own reader) and save as a
separate file.
svn path=/trunk/; revision=20579
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
fix this, by providing required functions in the new file file_util.c - it's mostly copied from GLib (g_open alike - that take UTF8 as filename format but don't use msvcrt.dll V6 for this as the glib files do)
"link" to these functions in file_util.h: #define eth_open eth_stdio_open
revert changes (from SVN 20282) throughout the code related to these file functions which were introduced with the first tries of MSVC 2005 ...
Hopefully I've done everything right with the new file_util.c ...
svn path=/trunk/; revision=20402
Wiretap has its own configuration file. Do to its configuration file
what was done to the top-level configuration file.
svn path=/trunk/; revision=20326
used with shared libraries, to fix some error that shows up in some
cases; some Apple documentation recommends it for most shared libraries.
svn path=/trunk/; revision=20312
I posted a patch about 1.5 years ago for the formerly Ethereal to successfully compiled with Visual > 6. I have always successfully used this patched Ethereal/Wireshark compiled with VS 2003 and have just checked when compiled with Visual C++ 2005 Express
svn path=/trunk/; revision=20282
HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data. There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection. Thus the need for a new wiretap encapsulation type...
svn path=/trunk/; revision=20253
This patch consists also the last issues. Additionally it solves:
- For the SSCOP frames the AAL5 decoding was not performed due to an earlier patch. This caused that no SSCOP message was properly decoded.
- As the detection between a LANE frame and a SSCOP frame is rather hard a switch within the atm dissector is included which enforce SSCOP dissecting over a LANE frame. At the moment I do not see a better solution for that.
svn path=/trunk/; revision=20013
- The characters between the timestamp and start of data are almost always " l ", optimise memory usage in this case
- Rename hash table for clarity
svn path=/trunk/; revision=19891
Check for an invalid channel frequency. Pass the channel, data rate,
and quality to the 802.11 dissector, so that they show up there
as well. Clean up whitespace.
svn path=/trunk/; revision=19878
the attached patch add support for the recently introduced pcap
bluetooth data link type. Yes, pcap is going to support also bluetooth
devices (at least on Linux) :-)
svn path=/trunk/; revision=19513
The patch addresses issues with higher precision packet
timings on top end iSeries hardware and should enable the iseries wiretap to handle timings in both micro and nano seconds.
svn path=/trunk/; revision=19428
- Indicate direction of DCH Data in info column
- Assume EDCH payload CRC if 2 bytes are left over (previous test was broken)
svn path=/trunk/; revision=19405
So far Wireshark complained about channel 129, now it gets a little further
and then complains about channel 128.
Solution: Open up all channel from 128 up.
svn path=/trunk/; revision=19358
I am the author of the eyesdn wiretap module. Recently we added ATM
support to our trace format. We used channel id 129 for that, so far
only 0 for D channel and 1-30 for bearer channels had been in use.
svn path=/trunk/; revision=19353
to use cmake as a build system. It's in no way complete, I'd
just like others to be able to participate in playing with cmake
and to document what I'm doing.
Please read the README.cmake for what can be done right now.
svn path=/trunk/; revision=19149
files, and to clean the code up a bit - and incorporate some fixes to
the rework, and other fixes, from Mark C. Brown.
svn path=/trunk/; revision=18945
A patch that adds support for dissection of
libpcap DLT_JUNIPER_VP frames. In addition i have fixed
also the indent for DLT_JUNIPER_GGSN.
svn path=/trunk/; revision=18940
- Add a preference to try to find messages within sctp primitive messages (tries renaming of known mismatches)
- Add outhdr to stub protocol (getting ready for IuB FP)
svn path=/trunk/; revision=18818
structure. Instead of making the host_name field bigger, make the thing
we put in it smaller.
Use that structure when reading files as well as when writing them.
svn path=/trunk/; revision=18796
the contract for wiretap ..._read() functions are that the *err pointer MUST always
be provided as a valid pointer and not a NULL pointer.
ber.c contained a spurios and redundant check for the pointer being non-NULL wich triggered coverity to detect this as a false positive.
this redundant test if the pointer is NULL has been revoved.
svn path=/trunk/; revision=18492
This patch:
- treats the variant field as a variable-length string field. This is
needed for some of the more complicated protocols where the variant
number of the embedded protocol is also represented
- the patch to Makefile.am was not applied from
http://www.wireshark.org/lists/wireshark-dev/200606/msg00009.html
svn path=/trunk/; revision=18427
- Many DCT2000 protocols can be embedded within an IP primitive
message. Add a heuristic to see if we can find the protocol payload
within in IP primitive message, and look for an ethereal dissector
matching the DCT2000 protocol name (this is useful for simple protocol
testing where no physical links are involved)
- Make some more of these protocols (diameter, http, mgcp) findable by name
- Adds protocol 'variant' number to stub and dissector
- Break the duplicated writing of the stub header out into a separate
function
svn path=/trunk/; revision=18212
That requires that we define G_GINT64_MODIFIER ourselves if glib.h
doesn't define it for us, as that's what should be used to print 64-bit
integral values in any calls that use any of the GLib printf functions
(directly or indirectly).
svn path=/trunk/; revision=18154
This patch should hopefully remove any possible buffer overflows in
parse_line() as reported by the current Coverity scan. I'm not sure
that the error it currently reports is valid (I think its confused by
supposing that a condition that is being tested can be true, whereas it
can't...), but this patch fixes a number of potential problems remaining
in the function.
svn path=/trunk/; revision=17979
These patches:
- fix the bounds errors reported by coverity in bug 879
- fix a couple of other potential bounds errors (length checking 1st & 2nd lines in file)
- reorder catapult_dct2000_phdr so that normal protocol pseudo-header info is at the start. This means that the stub dissector can avoid the nasty
(overlapped) memcpy
- a little whitespace fixing
svn path=/trunk/; revision=17886
Put the code to read the packet header and the packet data into routines
(which also fixes some places where observer_seek_read() was using the
sequential file handle rather than the random file handle), make the
packet header reader skip over the TLVs,
Do some additional sanity checking.
Wiretap supports nanosecond resolution; provide nanosecond resolution
time stamps.
Rename some structure members to match their purpose (they're TLV
counts, not flags).
Remove the TLV header from the TLV structures (and eliminate TLV
structures if we don't have the contents or they're just a string); if
we process them, we'll probably end up reading the header and data
separately.
Add some information about some of the TLVs in expert information packets.
svn path=/trunk/; revision=17870
I have taken a look at the trace myself and calculated the TpS to be
20000000.0 for this particular trace. If I also discard the start_timestamp
like it has been done for other versions of the netxray format, then I get
the proper results.
svn path=/trunk/; revision=17869
Please find a patch to catapult_dct2000.c:
- doesn't use g_hash_table_new_full(), which is missing from earlier versions of glib
- fixed a couple of memory leaks
- hopefully cast away a few warnings I saw on the fedora and solaris buildbot logs
svn path=/trunk/; revision=17867
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
wiretap/README.developer
- the referenced default seek_read function doesn't exist now
wiretap/wtap.c
- a "hole" in encap_table was causing the wrong encap value for later
types to be looked up (by name)
mergecap.c
- fix a couple of program name copy+paste errors from editcap.c
svn path=/trunk/; revision=17765
> I've attached a fix that cleans up this code, actually since my last
> update of this module the particular call in question was fairly
> redundant so I just went ahead and removed it and updated the constant
> that specifies the maximum possible line length instead.
>
> Thanks for bring this to my attention.
svn path=/trunk/; revision=17737
Following my last submitted patch I did some further investigation on the different types of iSeries Comms Traces, although the field formats are constant, things such as page throws and line spacing vary depending on the tool used to pull the trace form the iSeries spool.
This patch should better handle the different formats and more importantly exit in a graceful manner if an unknown format is encountered.
svn path=/trunk/; revision=17699
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17450
Sniffer V2 format capture files with captyp=5, timeunit=0.
The ticks_per_sec for this case apparently is 1e6.
Bill Meier
svn path=/trunk/; revision=17019
tethereal internally converted the stdout capture filename "-" into "" which doesn't make any real sense and only complicated things.
To make things even more confusing, wiretap expected "" for dump output and "-" for offline reading ...
svn path=/trunk/; revision=16962
was that file_util.h wasn't in the distribution tarball, so it couldn't
be included - it handles including <sys/stat.h>.
svn path=/trunk/; revision=16423
argument, rather than requiring the caller to get the open() flag and
the fopen() flag in sync. That also means that if we're *not* using
libz, it can just be a wrapper around eth_fopen().
We need to include <fcntl.h>, at least on UN*X, to get open() declared
and the O_ flags defined.
svn path=/trunk/; revision=16409
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
status field bits".
Check for "Internetwork analyzer" captures by checking the Sniffer
network type, and save that type rather than just an "ATM or not" flag
in the private data.
svn path=/trunk/; revision=16283
non-zero value - it's only set from file formats that provide it in a
per-packet header, and only the old DOS Sniffer did so, so it's zero for
all other capture types. Instead, check the actual packet data length.
Also check it against 16; 14 bytes isn't large enough for a LANE
Ethernet frame.
svn path=/trunk/; revision=16261
correct a bug in parsing Lucent/Ascend PPP dumps. Basically, blobs with "PPP-OUT" should be labelled "PPP transmit" while blobs with "PPP-IN" should be labelled "PPP receive". The current code labels them the other way around.
packet-ppp.c
- Properly decode option to enable ECRTP (it wasn't decoded).
- Use the ipv6 knob to control ipv6 decoding (previously, it
was using the ipv4 knob).
svn path=/trunk/; revision=16194
In the bssgp an IE was decoded as mobile identity and should be decoded as (p)tmsi only.
The patch is attached to this email. It also consists the new atm patch which was send yesterday.
svn path=/trunk/; revision=16146
Ethernet packets with a length field as LANE packets, and doesn't do so
for packets that appear to be LANE-encapsulated Ethernet packets with a
type field, is too weak. Back out that part of the heuristics added in
the previous checkin.
svn path=/trunk/; revision=16111
Due to the fact that 3G Signaling appears at an undefined VPI/VCI I added a heuristics (very simple) which should take care of this fact.
svn path=/trunk/; revision=16108
patch to support 4 additional juniper DLTs.
all those are wrappers for exisiting media types augmented with meta-information which gets also displayed using this patch;
svn path=/trunk/; revision=15908
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
define "timezone" as "gint16", as it can be positive (west of
UTC) or negative (east of UTC);
update comments to refer to the new names for structure members;
say the precision of the time stamps is 1 nanosecond only if the
ticks per second is > 10 million;
fix the handling of files truncated exactly on a frame boundary.
svn path=/trunk/; revision=15739
Camel: Fix an off-by-one error. Don't alloc and free where it's not
needed. Remove an unused variable.
PPP and K12: Fix memory leaks.
svn path=/trunk/; revision=15725
The file format stays the same as the common libpcap format, only the lower part of the timestamp field uses nanoseconds instead of microseconds.
This file format uses the libpcap magic number 0xa1b23c4d.
svn path=/trunk/; revision=15623
1. Use the new (good work!) 'nanosec' precision only for gig pods;
2. Rework 'struct netxray_hdr' to make it (somewhat) easier
to maintain and revise:
a. Declare known hdr fields such as 'captype' instead
of using offsets in 'xxx placeholder' fields.
d. Define 'unknown' hdr fields using placeholder names
based upon hex-offset in the netxray header record.
(This isn't perfect, but I hope it will make things
more manageable).
3. Update hdr field info (based upon examination of various
capture files):
a. Define a hdr field which appears to be 'time-zone'
[offset in hours from UTC] for the machine doing
the capture.
(Maybe this field can eventually be used for Ethereal
to display the (local) time as it was at the time
of the capture).
b. Describe certain hdr fields as being "file offsets"
(altho the exact use is still unclear).
Update some comments.
svn path=/trunk/; revision=15603
G_HAVE_GINT64.
Get rid of the floating-point stuff in the Etherpeek Classic file
reading code, just use 64-bit integers. Fix up the calculation of the
nanoseconds portion of the time stamp.
svn path=/trunk/; revision=15544
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
- it appears that there are more packet record types other than 0x00010020.
accept anything matching 0x00010020/28 as a packet record.
- make the stack filename lowercase before comparing it so that capitalization is not an issue.
svn path=/trunk/; revision=15513
of the YYSTYPE structure in "ascend-grammar.c"; the intent is that other
files include "ascend-grammar.h" if they need that structure, but that
"ascend-grammar.c" not itself include "ascend-grammar.h". If it *does*
include it, the compiler complains about YYSTYPE being redefined (even
though the two structures are identical).
svn path=/trunk/; revision=15478
(so if the file's gzipped, it's *NOT* the size of the file after
uncompressing), and an approximation of the amount of that data read
sequentially so far.
Use those for various progress bars and the like.
Make the fstat() in the Ascend trace reader directly use wth->fd, as
it's inside Wiretap; that gets rid of the last caller of wtap_fd() (as
we're no longer directly using fstat() or lseek() in Ethereal), so get
rid of wtap_fd().
svn path=/trunk/; revision=15437
- add support for Multi-Link Frame-Relay (FRF.15) captures
taken on Juniper ML-, LS-, AS- PICs.
- rework of the common juniper header dissector:
test the extension flag (0x80) which indicates that there are
meta-information like interface-index, interface-name etc.
present
- minor bugfix (LSQ L3-proto masks, direction masks were broken)
svn path=/trunk/; revision=15316
a) get rid of warnings of type "no previous declaration" and
b) make sure that declaration and implementation are in sync.
svn path=/trunk/; revision=15168
returned quite a list of files. Add them to MAINTAINERCLEANFILES.
Whitespace changes (replace multiple spaces by TABs, in a few cases this
needed to be done at the beginning of Makefile lines.
svn path=/trunk/; revision=14891
traffic as well as Frame Relay traffic, and give some information about
the cruft found in the xxc field of the header for one CHDLC and one FR
capture.
svn path=/trunk/; revision=14659
There is still much to do, but at the very least it can import files allowing the user to choose which protocols handle the diferent sources.
svn path=/trunk/; revision=14606
fail after the private data is allocated, you have to free the private
data).
The file header in nettl files is 128 bytes - use a #define for it, and
also a #define for the magic number size.
svn path=/trunk/; revision=14553
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
and is equivalent to just "p++". If "p" isn't used after that, "*p++"
does nothing whatsoever, and can just be removed.
svn path=/trunk/; revision=13818
files. Do this with GENERATED_HEADER_FILES, GENERATED_C_FILES, and
GENERATED_FILES macros in Makefile.common files, along the lines of what
wiretap/Makefile.common has.
Clean up "*~" files with "make clean" rather than only "make distclean"
in some additional places.
Add "maintainer-clean" rules to the Makefile.nmake files, paralelling
the ones in the automake-generated Makefile.in files, using the
GENERATED_FILES macros from Makefile.common files. In some cases, move
the cleanup of files from "make distclean" to "make maintainer-clean",
and in other cases, put in a comment indicating why we're not doing that
(because some files that are distributed in the source tarballs, namely
Flex output, were built with a UN*X Flex and won't compile on Windows,
so we get rid of them with "make distclean" so you can clean up stuff
that *has* to be re-generated for Windows).
Clean up some *CLEANFILES definitions - get rid of ones that no longer
apply as files were moved or that add to the definition a name that's
already there.
svn path=/trunk/; revision=13402
Attached is an update to Lucent/Ascend trace parsing: fix a few bugs,
add support for ISDN and Ethernet captures - diffs to 0.10.9.
svn path=/trunk/; revision=13311
were in the middle of processing a record. If we got one at the
*beginning* of the record, that just means we've come to a clean
end-of-file.
svn path=/trunk/; revision=13064
FCS" bit for 802.11, just as it appears to be for Ethernet, and give
more details on the 4 bytes of junk at the end of the packet (i.e., that
we haven't yet seen an 802.11 capture where it's an FCS rather than just
junk).
svn path=/trunk/; revision=13028
specific to particular types of captures, and the same value might
correspond to more than one CAPTYPE_ definition.
Add an additional CAPTYPE_ for some non-gigabit Ethereal capture seen by
Bill Meier, and fix the range check the time stamp units value as per
his mail.
svn path=/trunk/; revision=12937
a number of Windows Sniffer captures - apparently the time stamp units
are in a field in the file header.
Add a capture type value seen in at least one ATM capture.
Update some comments, and add some comments.
Get rid of some redundant setting of "timeunit".
svn path=/trunk/; revision=12936
ugly, as it encapsulates, for example, the 8B/10B code for gigabit
Ethernet and Fibre Channel, so code to read it might have to decode
that; GPF-F isn't so bad).
svn path=/trunk/; revision=12700
Ethereal, unaware that the Ethereal team does *NOT* control libpcap
format, thinks they can just grab 169 and use it for their own
purposes).
svn path=/trunk/; revision=12678
If we get such an error, always call "file_error()" to get an indication
of what the error was and, if it returns 0, set the error to
WTAP_ERR_SHORT_READ.
svn path=/trunk/; revision=12442
by his madwifi Atheros driver on Linux; rename
WTAP_ENCAP_IEEE_802_11_WLAN_BSD to WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP,
and change its text name from "ieee-802-11-bsd" to
"ieee-802-11-radiotap".
svn path=/trunk/; revision=12429
don't have any code to handle it (other than to report that fact...).
Also, refer to the subsystem type code as such, not as a "network type".
svn path=/trunk/; revision=12178
NETTL_SUBSYS_NS_LS_ICMPV6 - they don't even have IP headers, so we need
to directly call the ICMP and ICMPv6 dissectors.
svn path=/trunk/; revision=12047
1) Change nettl subsystem ID's to decimal so as to
match /etc/nettlgen.conf and ease maintenance
2) Add support for hp_apaport (PAgP), hp_apalacp,
and IPv6 subsystem trace records
3) Correct handling of LOOPBACK trace records
svn path=/trunk/; revision=11901
