handle that file not ending with a 2-byte 0xffff end-of-file record.
This fixes bug 9455, although it doesn't add support for reading an
"index" file for a capture that's in multiple .rf5 files, which is a
separate issue noted in that bug.
It also doesn't attempt to figure out what the data in the new record
type following the data that appears to be the same as that in the other
data record format but preceding the actual packet data is.
svn path=/trunk/; revision=53452
in a source description record, including the stack. Dump some other
fields in those records as well.
Attach separate sequential and random read buffers to the private data
structure, rather than allocating them in various routines (and not
always freeing them) and, in at least one case, allocating a single
*common* buffer for all wth's to use.
Fix some comments (the DS0 mask is 32 bytes long, but gets turned into a
bitmask).
Put in a description of what a "stack file"'s contents look like. Much
of it may be useless to us (for example, we have the notion that TCP has
protocol number 6 built-in...), but the RELATION entries that map from
"BASE" to a protocol could obviate the need to have the user specify a
map from stack file names to starting protocols, and we might be able to
use, for example, entries that map TCP/UDP/SCTP port numbers to
protocols to obviate the need for the user to explicitly use Decode As
or otherwise configure port-to-protocol mappings themselves.
Add a bunch of record length checks before we fetch data from records.
svn path=/trunk/; revision=53450
Dump the raw contents of records as hex and ASCII, not just hex.
Sort the record types, and add a new one for a type we've seen in a k18
file and about which we know nothing.
For unknown record types, print the type in hex.
svn path=/trunk/; revision=53441
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
.cap, for example, doesn't refer to a particular file type - a whole
bunch of file types use .cap.
Also offer, in addition to "All Files", "All Capture Files", which
matches all the extensions we know about.
svn path=/trunk/; revision=53156
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8818
Add support for dissection ELF files. It opens as a "capture" file via wiretap
at the moment for simplicity's sake, but the intention is eventually to have
this (and other file types we dissect) open through some other program sharing
much of the libwireshark infrastructure.
svn path=/trunk/; revision=52775
Compilation fails on (only the ?) OSX-10.6-x64 buildbot with error:
netscaler.c: In function 'nstrace_read_v30':
netscaler.c:1295: warning: implicit conversion shortens 64-bit value into a 32-bit value
(Life is too short for me to dig multiple levels deep into a set of macros to try to see which
actual line of code is causing the problem. Maybe the patch submitter can identify the problem).
svn path=/trunk/; revision=52666
We read a two-byte length field and add a constant number of header
bytes to this length, so we could in theory be larger than guint16.
svn path=/trunk/; revision=52619
range check for array index
don't assign the result of pntohs() to a gint16
range check for the values stored in phdr.(cap)len
svn path=/trunk/; revision=52618
don't assign the output of pntoh24() to a gint16
unfortunately, vwr detection does not work reliably and many pdf files
are recognized as vwr - this commit should prevent wireshark from
crashing when it tries to load the USB 2.0 spec as pdf ;-)
svn path=/trunk/; revision=52599
whether the (zero-based) interface ID is < the number of interface IDs,
so we don't need to do so in pcapng_read().
Unions are tricky - if the compiler doesn't ensure that the right
component of the union is being used at any given time, various problems
can happen.
Remove some members from the "data" union in the wtapng_block_t
structure, and use a local variable of the specified type.
svn path=/trunk/; revision=52262
the number of bytes available for packet data in the block;
the packet length;
*and* the snapshot length for the interface.
One more fix for bug 9200, so it should *now* be fixed.
svn path=/trunk/; revision=52250
subtract out the minimum SPB size, which includes the length of
*everything* except for the packet data.
Fixes one problem found by the file in bug 9200.
svn path=/trunk/; revision=52244
minus the lengths of the two length fields and the packet length field,
it's the minimum of that and the packet length, as there might be
padding.
Fixes one problem found by the file in bug 9200.
While we're at it, pcapng_read_packet_block() and
pcapng_read_simple_packet_block() return an integer, not a Boolean;
return 0, not FALSE (they have the same value, but returning 0 makes it
clearer that the return value isn't restricted to TRUE or FALSE).
svn path=/trunk/; revision=52241