include only extensions used mostly by capture files (i.e., not ".txt"
or ".xml"), and list each extension set only once (it's silly to have,
for example, separate entries for NetMon, Shomiti Surveyor, and
NetScaler with ".cap" when you get all those types no matter which entry
you choose).
svn path=/trunk/; revision=51547
the "All Files" entry (the current UI guidelines from Microsoft say to
do so, and that's what Paint does, at least), and add an "All Capture
Files" entry with all the file extensions for the file types we support
(it'll pick up all text files, but there's not much we can do about
that, and it won't pick up files with *no* extension or weird
extensions, such as you might get from UN*X systems or from WinDump
commands, but at least it'll filter out some other crud).
Fix what appear to be memory leaks; that should be backported unless
I've missed something and they aren't leaks.
Fix an out-of-date comment, and add an additional comment.
svn path=/trunk/; revision=51481
------------------------------------------------------------------------
r51462 | guy | 2013-08-21 20:21:47 -0700 (Wed, 21 Aug 2013) | 8 lines
What was I thinking? ".caz" is used for compressed *Windows* Sniffer
files (which are just gzipped uncompressed Windows Sniffer files, albeit
with the checksum computed differently in some fashion, or perhaps just
being computed incorrectly), not compressed *DOS* Sniffer files (which
use their own form of compression, which doesn't compress the entire
file, just most of it, and which use the same extensions as uncompressed
DOS Sniffer files).
svn path=/trunk/; revision=51465
files (which are just gzipped uncompressed Windows Sniffer files, albeit
with the checksum computed differently in some fashion, or perhaps just
being computed incorrectly), not compressed *DOS* Sniffer files (which
use their own form of compression, which doesn't compress the entire
file, just most of it, and which use the same extensions as uncompressed
DOS Sniffer files).
svn path=/trunk/; revision=51462
With gcc :
pcapng.c: In function 'pcapng_read_packet_block':
pcapng.c:1147:9: error: request for member 'pseudo_header' in something not a structure or union
With clang :
pcapng.c:1150:86: error: member reference type 'struct wtap_pkthdr *' is a pointer; maybe you meant to use '->'?
pcap_get_phdr_size(int_data.wtap_encap, &wblock->packet_header.pseudo_header));
~~~~~~~~~~~~~~~~~~~~~^
->
(Error message from clang is better...)
svn path=/trunk/; revision=51317
and assign float constants, not double constants, to float variables.
Floating-point constants are double by default; you have to add "f" to
the end to make them float.
This squelches 64-bit-to-32-bit warnings.
svn path=/trunk/; revision=51289
This was the 4th patch, but also:
- use gmalloc0() to allocate vwr struct. Otherwise, valgrind says that
many of fields were still uninitialised when parse_s1_W_stats later
read them
- whitespace tidyup, got rid of remaining tabs and trailing whitespace
Did a fair bit of fuzz-testing without seeing any problems.
svn path=/trunk/; revision=51248
------------------------------------------------------------------------
r51049 | guy | 2013-07-30 22:00:28 -0700 (Tue, 30 Jul 2013) | 5 lines
If no target OS version was specified, default to the major version on
which we're running, so we *always* build against an SDK. (The "10" in
"10.x.y" is not *really* part of the version number, so the "major
version" includes the "10" and the major version number following it.)
svn path=/trunk/; revision=51050
mktime(). That eliminates the need for casts.
It should *also* be part of a per-wtap-structure private data structure,
not a global variable; make it so.
svn path=/trunk/; revision=51000
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
split across page boundaries, rather than being a byte stream, and that
the last page may be short.
Fix some comments.
svn path=/trunk/; revision=50025
out there (especially over USB) and we should be able to load them as long as
they are snapped to a sane length.
Also validate that packets do not specify a snapshot length larger than the one
in the file header, though only make it a warning, as this is not necessarily a
fatally corrupt packet.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
svn path=/trunk/; revision=49999
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
artificial 16MB limit on blocks.
Do some sanity checks when reading options, to make sure we don't read
past the end of the block.
Make some variables unsigned so as not to get inappropriate
sign-extension (which, in practice, should never happen due to the 16MB
block size limit, although if the limit is raised above 2^31-1, the
limit won't protect you).
Fixes bug 8752.
svn path=/trunk/; revision=49833
visual_process_packet_header() and call it in both the read and
seek-read routines.
Pull the post-processing code that guesses the encapsulation based on
the first few bytes in the packet into
visual_fill_in_chdlc_encapsulation() and call it in both the read and
seek-routines. Add some length checks.
svn path=/trunk/; revision=49812
Check that the record length we got out of the file is at least as big as
stats block trailer; if not, declare the file bad.
svn path=/trunk/; revision=49739
seek offset is after calling it, they can use file_tell(). (Some
routines were already assuming it returned a gboolean.)
svn path=/trunk/; revision=49733
that the complaints are valid, or that simply zeroing them is the right fix
if they are, but at least it builds now. Should we be erroring if we don't
see a sliceLength header?
svn path=/trunk/; revision=49705
frame_table field to NULL before trying to allocate the frame table, so
that if we fail before we allocate the frame table, the attempt to free
the private data doesn't crash due to the frame_table field containing a
bogus pointer.
svn path=/trunk/; revision=49697
and fail with ENOMEM if that fails (and the frame table is not empty -
g_try_malloc() will return NULL if you ask it to allocate zero bytes).
Have an error message for ENOMEM on an open that attempts to tell the
user what the problem is without making their head explode.
svn path=/trunk/; revision=49673
routines are passed a separate struct wtap_pkthdr to be filled in.
Get rid of the pseudo_header member of the wblock structure - the
pseudo-header is part of the struct wtap_pkthdr.
Get rid of the union wtap_pseudo_header * argument to
pcap_process_pseudo_header() - it's passed a pointer to a struct
pcap_pkthdr, and that structure contains the union in question.
Have libpcap_read_header() take a FILE_T argument, rather than using
only the "sequential" handle of the wtap it's handed. Have the libpcap
read routine return the offset of the beginning of the pcap record, and
have the seek-read routine read the header and fill in the struct
wtap_pkthdr handed to it.
svn path=/trunk/; revision=49401
both the read and the seek-read routines. Have the read routine return
the offset of the record header as the record's offset, so that the
seek-read routine can read that header.
svn path=/trunk/; revision=49397
globals directly. If we ever manage to make them *not* globals (which
might only be possible with newer versions of Flex), then we can do
better.
Get rid of an unused variable.
Squelch a 64-bit-to-32-bit conversion warning.
svn path=/trunk/; revision=49396
doesn't need to return the number of bytes of captured packet data (it
can just stuff that into the struct wtap_pkthdr), so have it return a
Boolean success/failure indication.
svn path=/trunk/; revision=49376
have it return -1 for errors or EOF, and have iseries_read() check for a
negative return value and return FALSE. That simplifies it a bit, and
handles the "no more records in the file" case
(iseries_seek_next_packet() will hit EOF and return -1 with *err set to
0, which is what the callers of a read routine expect at EOF).
Get rid of duplicate (and incorrect before the change) comment.
svn path=/trunk/; revision=49375
ipfix_read_and_process_message_header() call it and then fill in the
wtap_pkthdr structure, and use the latter routine in the read and
seek-read routines.
Expand a comment, and fix indentation.
svn path=/trunk/; revision=49369