1) "-e" isn't supported by good old /bin/sh, so we use "-r"
instead;
2) "The algorithm for determining the precedence of the
operators and the return value that will be generated is
based on the number of arguments presented to test", so we
explicitly parenthesize.
svn path=/trunk/; revision=22448
such as the fact that Flex strips all but the last component of the "-o"
argument, and that it doesn't generate a header file to declare routines
the generated lexical analyzer defines. Use that script when building
lexical analyzers, and, for each lexical analyzer, include the generated
header file in the generated analyzer.
svn path=/trunk/; revision=22446
Makefile.nmake files; currently, it has the (F)lex-to-C rule and a
.SUFFIXES pseudo-rule to add .l to the list of suffixes. Have
Makefile.nmake files with .l.c rules include Makefile.nmake.inc to get
that rule.
The names Makefile.am.inc and Makefile.nmake.inc aren't necessarily the
right names for the files in question.
Use $(PACKAGE) in the Mate plugin's Makefile, rather than "mate".
svn path=/trunk/; revision=22437
Makefile.am files; currently, it has the (F)lex-to-C rule. Have
Makefile.am files with .l.c rules include Makefile.am.inc to get that
rule.
svn path=/trunk/; revision=22436
Move the %options to the beginning if they weren't already there, and
put them in the same order in all files.
Add "prefix=" options to .l files that don't already have them, so we
don't have to pass a "-P" option.
Add "never-interactive" and "noyywrap" options to our lexical analyzers,
to remove extra isatty() checks and to eliminate the need for yywrap()
from the Flex library.
Get rid of %option nostdinit - that's the default.
Add .l.c: rules to Makefile.am files, replacing the rules for specific
.l files. Have those rules all check that $(LEX) is set.
Update the address for the FSF.
svn path=/trunk/; revision=22424
a source release tarball without having Flex (think of a source release
tarball being as much a platform-independent distribution format for
people *not* interested in development, and who are on platforms for
which there aren't binary packages, as a way of getting the source to do
development). Don't check Flex's capabilities in the configure script
(handling reentrant scanners would have to be done differently).
svn path=/trunk/; revision=22414
Its argument, however, needs to be cast to "guchar", so that if the
high-order bit is set, it doesn't get sign-extended.
svn path=/trunk/; revision=22303
The encap_table_base in wcap.c is missing an entry.
This causes e.g. "dumpcap -i usb3 -L" to output:
Data link types (use option -y to set):
USB_LINUX
(MPEG)
svn path=/trunk/; revision=22292
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
network type; there's no "presumably" about it.
Suggest that "realtick" might have the right time stamp in other cases
(if not, a comment should explicitly indicate that, so that in all cases
where we either know that realtick is wrong or have a lot of evidence to
show that it's right, we note that fact).
svn path=/trunk/; revision=21996
Fix compilation failures when building wireshark-0.99.6-SVN-21916 on an
x86_64-unknown-linux-gnu target with gcc version 4.1.2 20070403 (Red Hat
4.1.2-8).
The failures fall into two categories:
(1) Casts between pointers and 32-bit integers without an intermediary cast
via 'long' or 'unsigned long'. This results in a compiler warning complaining
about casts between a pointer and an integer of a different size.
(2) Passing values to "%lld" or similar printf-style format options that the
compiler thinks are a different size. Such values need to be cast to 'long
long' or 'unsigned long long'.
svn path=/trunk/; revision=21975
possibly-unaligned pointers, and turn on -Wcast-align so at least some
future code that does that will fail to compile.
svn path=/trunk/; revision=21968
what the complete set of warnings we should either try to fix or, for
cases where it can't be fixed, turn off or or avoid -Werror for. I'll
revert this change as soon as a complete set of buildbot builds start
with it.
svn path=/trunk/; revision=21917
libraries. A single library is generated with the lex code without the barrier
"stop on warning". An other library is generated from the remaining source
files with the "stop on warning" barrier.
svn path=/trunk/; revision=21817
Since wiretap.h is not autogenerated, just make wtap-plugins.h include
the top level config.h to pull in the defines for HAVE_DIRENT which was
checked at top level
svn path=/trunk/; revision=21707
So far I've done only regression testing (the new functionality and what's in wtap-plugins.c has not yet being tested).
it is a first step in the way to have lua opening files.
svn path=/trunk/; revision=21686
--enable-warnings-as-errors (if any tests enabled by
--enable-extra-gcc-checks are safe to treat as errors, they're safe to
turn on by default).
svn path=/trunk/; revision=21515
on some platforms due to unfixable problems (e.g., crappy vendor
headers), we can move them back to the "extra" list.
Put those warnings in the order in which they appear in the GCC man page
on my machine.
If we turn on -pedantic, try turning on -Wno-long-long as well, so that
it's not *so* pedantic that it rejects the 64-bit integral data types
that we explicitly require.
svn path=/trunk/; revision=21514
Add -Wpointer-arith to the GCC -W flags by default.
Make "extra-gcc-checks" and "warnings-as-errors" --enable flags rather
than --with flags - autoconf's model is that --enable is for turning
features on or off, --with is for enabling or disabling the use of
external packages (libpcap, Net-SNMP, GNU ADNS, etc.).
When testing whether the compiler is GCC, use the same style all the
time - check whether "x$GCC" equals "xyes". (The "x" might be overkill
- if you don't quote the arguments, it avoids a missing argument to
"test"/"[", but if you do, it might not be needed.)
svn path=/trunk/; revision=21492
Check for a case where, conceivably, the on-the-wire packet length (from
the IP header) could be shorter than the captured data length (due to
Ethernet padding), and handle it by making sure the on-the-wire length
is always >= the captured data length.
svn path=/trunk/; revision=21490
static to the module.
Add the older(?) ID tag for MPEG audio.
Just use the ID at the beginning to identify MPEG audio files; don't
check the file any further.
If the read of the magic number doesn't work, get the error, and, if
there is no error (i.e., it's a short read), just return 0 (meaning "no
error, but this isn't that type of file).
Similarly, if the magic number doesn't match, just return 0, so other
types of file are tried.
svn path=/trunk/; revision=21192
(Temporarily disable the warnings as errors default on Unix to get
to get the buildbots and people with gcc40 going again until those
additional warnings gcc40 generates can be fixed-I'm working on it
ASAP)
Patch for configure.in which disables by default the treatment of
warnings as errors.
It can be enabled with './configure --with-warnings-as-errors'.
The macro will test first if GCC is present. If it's the case,
HAVE_WARNINGS_AS_ERRORS is defined. All the USING_GCC have been replaced
by HAVE_WARNINGS_AS_ERRORS.
With this switch, people won't suffer from unexpected warnings when
downloading svn sources during the transition time ;)
svn path=/trunk/; revision=21153
directory and most of the plugins to match the same command
put in the Makefile.nmake files for Windows compliations. Fix
a few warnings when compiling under gcc 3.4.4 on FreeBSD. Create
new automake file variable called USING_GCC in configure.in and
wiretap/configure.in to acomplish the above -Werror addition.
svn path=/trunk/; revision=21127
remove all compiler warnings:
a) prevent wrong malloc/free definitions by lex/yacc generated files
b) add int/time_t casts - MSVC2005 is more "sensitive" about this than MSVC6
svn path=/trunk/; revision=21078
In the attached patch, the K12 wiretap now saves the content of record
after captured packet data. The K12 dissector then could extract them and provide
useful information to properly dissect FP frames (user plane of UTRAN Iub
interface).
svn path=/trunk/; revision=20749
Kriang Lerdsuwanakij <lerdsuwa@users.sourceforge.net>
I discovered that Wireshark K12xx detects the type of input (E1 timeslot or ATM)
based on the extra information. My previous patch to enable Wireshark to open
K12xx files with no extra information (extra_len equals 0 in SRCDEST record)
failed to give later dissectors the input type.
Attached is the patch to correct this for ATM PVC. It adds VPI/VCI/CID information
for display in the dissected tree (in k12_open function). k12_read and k12_seek_read
are also made more robust. These are reverse engineered based on hexeditor
and constants found in tektronix configuration file. Please apply the patch.
svn path=/trunk/; revision=20705
Modified to support the header as a pseudo_header rather than as part of
the packet data.
Fixed some calls that fetch data from the USB packet to fetch it in
little-endian byte order.
Got rid of redundant code to get conversation-specific data (the
get_usb_conv_info() call already does that).
For control packets, only parse the setup information if setup_flag is
0.
Don't interpret a control packet as a standard request unless the setup
type is "Standard".
svn path=/trunk/; revision=20632
I found out the reason Wireshark refuses to read some .rf file I have.
Those files have zero extra_len in SRCDEST header structure. See the
attached file for example. It was created by selecting some frames from
a larger .rf5 file (within Tektronix's own reader) and save as a
separate file.
svn path=/trunk/; revision=20579
32-bit numbers. Separate signed and unsigned accessors have been
added and used where appropriate.
Definitely not for 0.99.5.
svn path=/trunk/; revision=20472
fix this, by providing required functions in the new file file_util.c - it's mostly copied from GLib (g_open alike - that take UTF8 as filename format but don't use msvcrt.dll V6 for this as the glib files do)
"link" to these functions in file_util.h: #define eth_open eth_stdio_open
revert changes (from SVN 20282) throughout the code related to these file functions which were introduced with the first tries of MSVC 2005 ...
Hopefully I've done everything right with the new file_util.c ...
svn path=/trunk/; revision=20402
Wiretap has its own configuration file. Do to its configuration file
what was done to the top-level configuration file.
svn path=/trunk/; revision=20326
used with shared libraries, to fix some error that shows up in some
cases; some Apple documentation recommends it for most shared libraries.
svn path=/trunk/; revision=20312
I posted a patch about 1.5 years ago for the formerly Ethereal to successfully compiled with Visual > 6. I have always successfully used this patched Ethereal/Wireshark compiled with VS 2003 and have just checked when compiled with Visual C++ 2005 Express
svn path=/trunk/; revision=20282
HP-UX 11.31 will add a new nettl trace subsystem, NS_LS_TELNET (ID=267).
NS_LS_TELNET is just raw telnet data. There is no layer 2/3/4 headers, so
there's just the HP-UX nettl record header followed directly by the TCP payload
for a telnet connection. Thus the need for a new wiretap encapsulation type...
svn path=/trunk/; revision=20253
This patch consists also the last issues. Additionally it solves:
- For the SSCOP frames the AAL5 decoding was not performed due to an earlier patch. This caused that no SSCOP message was properly decoded.
- As the detection between a LANE frame and a SSCOP frame is rather hard a switch within the atm dissector is included which enforce SSCOP dissecting over a LANE frame. At the moment I do not see a better solution for that.
svn path=/trunk/; revision=20013
- The characters between the timestamp and start of data are almost always " l ", optimise memory usage in this case
- Rename hash table for clarity
svn path=/trunk/; revision=19891
Check for an invalid channel frequency. Pass the channel, data rate,
and quality to the 802.11 dissector, so that they show up there
as well. Clean up whitespace.
svn path=/trunk/; revision=19878
the attached patch add support for the recently introduced pcap
bluetooth data link type. Yes, pcap is going to support also bluetooth
devices (at least on Linux) :-)
svn path=/trunk/; revision=19513
The patch addresses issues with higher precision packet
timings on top end iSeries hardware and should enable the iseries wiretap to handle timings in both micro and nano seconds.
svn path=/trunk/; revision=19428
- Indicate direction of DCH Data in info column
- Assume EDCH payload CRC if 2 bytes are left over (previous test was broken)
svn path=/trunk/; revision=19405
So far Wireshark complained about channel 129, now it gets a little further
and then complains about channel 128.
Solution: Open up all channel from 128 up.
svn path=/trunk/; revision=19358
I am the author of the eyesdn wiretap module. Recently we added ATM
support to our trace format. We used channel id 129 for that, so far
only 0 for D channel and 1-30 for bearer channels had been in use.
svn path=/trunk/; revision=19353
to use cmake as a build system. It's in no way complete, I'd
just like others to be able to participate in playing with cmake
and to document what I'm doing.
Please read the README.cmake for what can be done right now.
svn path=/trunk/; revision=19149
files, and to clean the code up a bit - and incorporate some fixes to
the rework, and other fixes, from Mark C. Brown.
svn path=/trunk/; revision=18945
A patch that adds support for dissection of
libpcap DLT_JUNIPER_VP frames. In addition i have fixed
also the indent for DLT_JUNIPER_GGSN.
svn path=/trunk/; revision=18940
- Add a preference to try to find messages within sctp primitive messages (tries renaming of known mismatches)
- Add outhdr to stub protocol (getting ready for IuB FP)
svn path=/trunk/; revision=18818
structure. Instead of making the host_name field bigger, make the thing
we put in it smaller.
Use that structure when reading files as well as when writing them.
svn path=/trunk/; revision=18796
the contract for wiretap ..._read() functions are that the *err pointer MUST always
be provided as a valid pointer and not a NULL pointer.
ber.c contained a spurios and redundant check for the pointer being non-NULL wich triggered coverity to detect this as a false positive.
this redundant test if the pointer is NULL has been revoved.
svn path=/trunk/; revision=18492
This patch:
- treats the variant field as a variable-length string field. This is
needed for some of the more complicated protocols where the variant
number of the embedded protocol is also represented
- the patch to Makefile.am was not applied from
http://www.wireshark.org/lists/wireshark-dev/200606/msg00009.html
svn path=/trunk/; revision=18427
- Many DCT2000 protocols can be embedded within an IP primitive
message. Add a heuristic to see if we can find the protocol payload
within in IP primitive message, and look for an ethereal dissector
matching the DCT2000 protocol name (this is useful for simple protocol
testing where no physical links are involved)
- Make some more of these protocols (diameter, http, mgcp) findable by name
- Adds protocol 'variant' number to stub and dissector
- Break the duplicated writing of the stub header out into a separate
function
svn path=/trunk/; revision=18212
That requires that we define G_GINT64_MODIFIER ourselves if glib.h
doesn't define it for us, as that's what should be used to print 64-bit
integral values in any calls that use any of the GLib printf functions
(directly or indirectly).
svn path=/trunk/; revision=18154
This patch should hopefully remove any possible buffer overflows in
parse_line() as reported by the current Coverity scan. I'm not sure
that the error it currently reports is valid (I think its confused by
supposing that a condition that is being tested can be true, whereas it
can't...), but this patch fixes a number of potential problems remaining
in the function.
svn path=/trunk/; revision=17979
These patches:
- fix the bounds errors reported by coverity in bug 879
- fix a couple of other potential bounds errors (length checking 1st & 2nd lines in file)
- reorder catapult_dct2000_phdr so that normal protocol pseudo-header info is at the start. This means that the stub dissector can avoid the nasty
(overlapped) memcpy
- a little whitespace fixing
svn path=/trunk/; revision=17886
Put the code to read the packet header and the packet data into routines
(which also fixes some places where observer_seek_read() was using the
sequential file handle rather than the random file handle), make the
packet header reader skip over the TLVs,
Do some additional sanity checking.
Wiretap supports nanosecond resolution; provide nanosecond resolution
time stamps.
Rename some structure members to match their purpose (they're TLV
counts, not flags).
Remove the TLV header from the TLV structures (and eliminate TLV
structures if we don't have the contents or they're just a string); if
we process them, we'll probably end up reading the header and data
separately.
Add some information about some of the TLVs in expert information packets.
svn path=/trunk/; revision=17870
I have taken a look at the trace myself and calculated the TpS to be
20000000.0 for this particular trace. If I also discard the start_timestamp
like it has been done for other versions of the netxray format, then I get
the proper results.
svn path=/trunk/; revision=17869
Please find a patch to catapult_dct2000.c:
- doesn't use g_hash_table_new_full(), which is missing from earlier versions of glib
- fixed a couple of memory leaks
- hopefully cast away a few warnings I saw on the fedora and solaris buildbot logs
svn path=/trunk/; revision=17867
patch and new files provide support for Catapult DCT2000
.out files to wiretap and ethereal.
This wiretap support (catapult_dct2000.c+h) appends a short header to
each packet giving some context, and a corresponding ethereal dissector
(packet-catapult-dct2000.c) parses this before passing the real payload
onto an existing ethereal dissector (for ethernet, ip, lapd, ppp,
frame-relay,...).
For now, there is only support for saving dct2000 files in their own
format, although I may add support for converting between dct2000 and
libpcap later.
updated version of these files and patch, now with support
for MTP2. Olivier's trace used the ANSI variant - the MTP2 and MTP3
decode fine with the right preferences set (although the ISUP dissector
reports a reserved/retired message type).
Witha a change to NOT to declare gboolean catapult_dct2000_board_ports_only;
as extern as MSVC choked on it.
svn path=/trunk/; revision=17862
wiretap/README.developer
- the referenced default seek_read function doesn't exist now
wiretap/wtap.c
- a "hole" in encap_table was causing the wrong encap value for later
types to be looked up (by name)
mergecap.c
- fix a couple of program name copy+paste errors from editcap.c
svn path=/trunk/; revision=17765
> I've attached a fix that cleans up this code, actually since my last
> update of this module the particular call in question was fairly
> redundant so I just went ahead and removed it and updated the constant
> that specifies the maximum possible line length instead.
>
> Thanks for bring this to my attention.
svn path=/trunk/; revision=17737
Following my last submitted patch I did some further investigation on the different types of iSeries Comms Traces, although the field formats are constant, things such as page throws and line spacing vary depending on the tool used to pull the trace form the iSeries spool.
This patch should better handle the different formats and more importantly exit in a graceful manner if an unknown format is encountered.
svn path=/trunk/; revision=17699
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17450
Sniffer V2 format capture files with captyp=5, timeunit=0.
The ticks_per_sec for this case apparently is 1e6.
Bill Meier
svn path=/trunk/; revision=17019
tethereal internally converted the stdout capture filename "-" into "" which doesn't make any real sense and only complicated things.
To make things even more confusing, wiretap expected "" for dump output and "-" for offline reading ...
svn path=/trunk/; revision=16962
was that file_util.h wasn't in the distribution tarball, so it couldn't
be included - it handles including <sys/stat.h>.
svn path=/trunk/; revision=16423
argument, rather than requiring the caller to get the open() flag and
the fopen() flag in sync. That also means that if we're *not* using
libz, it can just be a wrapper around eth_fopen().
We need to include <fcntl.h>, at least on UN*X, to get open() declared
and the O_ flags defined.
svn path=/trunk/; revision=16409
to do this, I've added file_util.h to wiretap (would file_compat.h be a better name?), and provide compat_macros like eth_open() instead of open(). While at it, move other file related things there, like #include <io.h>, definition of O_BINARY and alike, so it's all in one place.
deleted related things from config.h.win32
As of these massive changes, I'm almost certain that this will break the Unix build. I'll keep an eye on the buildbot so hopefully everything is working again soon.
svn path=/trunk/; revision=16403
status field bits".
Check for "Internetwork analyzer" captures by checking the Sniffer
network type, and save that type rather than just an "ATM or not" flag
in the private data.
svn path=/trunk/; revision=16283
non-zero value - it's only set from file formats that provide it in a
per-packet header, and only the old DOS Sniffer did so, so it's zero for
all other capture types. Instead, check the actual packet data length.
Also check it against 16; 14 bytes isn't large enough for a LANE
Ethernet frame.
svn path=/trunk/; revision=16261
correct a bug in parsing Lucent/Ascend PPP dumps. Basically, blobs with "PPP-OUT" should be labelled "PPP transmit" while blobs with "PPP-IN" should be labelled "PPP receive". The current code labels them the other way around.
packet-ppp.c
- Properly decode option to enable ECRTP (it wasn't decoded).
- Use the ipv6 knob to control ipv6 decoding (previously, it
was using the ipv4 knob).
svn path=/trunk/; revision=16194
In the bssgp an IE was decoded as mobile identity and should be decoded as (p)tmsi only.
The patch is attached to this email. It also consists the new atm patch which was send yesterday.
svn path=/trunk/; revision=16146
Ethernet packets with a length field as LANE packets, and doesn't do so
for packets that appear to be LANE-encapsulated Ethernet packets with a
type field, is too weak. Back out that part of the heuristics added in
the previous checkin.
svn path=/trunk/; revision=16111
Due to the fact that 3G Signaling appears at an undefined VPI/VCI I added a heuristics (very simple) which should take care of this fact.
svn path=/trunk/; revision=16108
patch to support 4 additional juniper DLTs.
all those are wrappers for exisiting media types augmented with meta-information which gets also displayed using this patch;
svn path=/trunk/; revision=15908
Guy Harris