used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
Make the "fs" and "flags" fields in type 6 records unsigned, as they are
in other per-frame records - they're probably the same set of flag bits.
svn path=/trunk/; revision=6814
well as Cisco HDLC support. It compiles OK, but I do not claim that it is
not borken.
I will have to add a small dissector that eats the first two bytes and then
calls the Ethernet dissector as well, to complete the work.
svn path=/trunk/; revision=6809
WTAP_ENCAP_ISDN encapsulation type, which includes a pseudo-header
giving the direction (user-to-network or network-to-user) and the
channel number.
Add a new circuit type, using the ISDN channel number as the circuit ID.
Add an ISDN dissector to put the direction and channel number into the
protocol tree and to call the appropriate dissector for the payload
based on the channel (LAPD for the D channel; V.120, PPP, or data for B
channels, based on some heuristics).
svn path=/trunk/; revision=6521
All files:
- Replace types from sys/types.h by those from glib.h
- Replace ntoh family of macros from netinet/in.h and winsock2.h
by g_ntoh family from glib.h
- Remove now unneeded includes of sys/types.h, netinet/in.h and
winsock2.h
wtap.h
Move includes to the top
svn path=/trunk/; revision=5909
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
the internal z_err value for the stream if an "fseek()" call it makes
fails, so that if "gzerror()" is subsequently called, it returns Z_OK
rather than an error.
To work around this, we pass "file_seek()" an "int *err", and have the
with-zlib version of "file_seek()" check, if "gzseek()" fails, whether
the return value of "file_error()" is 0 and, if so, have it return
"errno" instead.
svn path=/trunk/; revision=5642
is always called before the "close" routine is called, so the "close"
routine doesn't need to free anything that's freed by the
"sequential_close" routine.
svn path=/trunk/; revision=5619
"err" argument is null and return an error code through that argument
only if it isn't, to match what "wtap_dump_close()", which calls those
routines, does.
Put the NetXRay dump routines in order by version number.
svn path=/trunk/; revision=5385
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
comparing with the "size_t" value "ngsniffer->rand.nbytes", rather than
just casting "ngsniffer->rand.nextout" to "unsigned" - if "unsigned" is
shorter than "long", the latter doesn't do what you want.
svn path=/trunk/; revision=5252
"struct x25_phdr" to "wiretap/wtap.h".
Have two X.25 dissectors, one of which assumes that there's a "struct
x25_phdr" pseudo-header and one of which doesn't; the former uses the
information in that pseudo-header to determine whether the packet is
DTE->DCE or DCE->DTE, and the latter assumes it has no clue whether the
packet is DTE->DCE or DCE->TDE. Use the former one in the LAPB
dissector, and the latter one in the XOT dissector and in the LLC
dissector table.
In the X.25-over-TCP dissector, handle multiple X.25 packets per TCP
segment, and handle X.25 packets split across TCP segments.
svn path=/trunk/; revision=5134
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
svn path=/trunk/; revision=4874
For file types where we allocate private data, add "close" routines
where they were missing, to free the private data. Also fix up the code
to clean up after some errors by freeing private data where that wasn't
being done.
Get rid of unused arguments to "wtap_dump_open_finish()".
Fix indentation.
svn path=/trunk/; revision=4857
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4847
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
in Sniffer Classic files; there's nothing we can do about those
platforms that bit-swap FDDI addresses before handing them to DLPI or
whatever, so we'll just let people live with wrong FDDI addresses (or
maybe someday put in code to bit-swap them before writing them out to
the capture file).
svn path=/trunk/; revision=4519
which we store it a "size_t", and then fix up the bugs that were
revealed by the compiler warnings that produced - "fwrite()" returns 0,
not a negative number, on an I/O error.
Fix up some other items to have type "size_t", or to have various
unsigned types, while we're at it, to squelch compiler warnings.
svn path=/trunk/; revision=3867
compressed Sniffer files by sequentially moving forward, and we no
longer seek backward by seeking to the beginning and then seeking
forward to the new position, we now seek to the beginning of the
compressed block that contains the target position, if we're not already
in that block, and then move to the appropriate position in that block.
svn path=/trunk/; revision=3658
beginning of the file before reading anything from the file is bogus -
do that in the loop that tries each of the open routines, instead.
(They may have to reset the seek pointer later if, for example, the
capture file begins with the first packet, and the "open()" routine
looks at that packet to try to guess whether the packet is in the file
format in question.)
Set "wth->data_offset" to 0 while you're at it, so capture file readers
don't have to do that, either.
svn path=/trunk/; revision=3123
REC_HEADER2 encapsulation type.
Modified skip_header_records to accept REC_HEADER3-REC_HEADER7.
These header records would cause file read error if the capture file was
compressed.
svn path=/trunk/; revision=2910
"Internetwork analyzer" capture, from Jeff Foster. (It's not a
replacement for the heuristics, as
1) at least one PPP capture doesn't have a type 7 record
and
2) LAPB/X.25 and LAPD/ISDN might both be "HDLC" captures and
we'd need to figure out how to tell them apart.)
svn path=/trunk/; revision=2902
packet is too small to contain all the data that the frame header claims
was captured for the packet; treat that as a bad record, and return an
error.
svn path=/trunk/; revision=2711
just an EOF, it should set "*err" to 0. Fix up a bunch of read routines
for various capture file types to set "*err" appropriately.
svn path=/trunk/; revision=2667
is WTAP_ENCAP_LAPB *or* WTAP_ENCAP_V120, and we have to set "p2p.sent"
in the capture file for *all* WTAP_ENCAP_LAPD captures; fix the
i4btrace and Sniffer capture file readers to do so.
(XXX - should we eliminate "x25.flags", and use "p2p.sent" instead? The
directions for X.25 are DTE->DCE and DCE->DTE, not "sent" and
"received", but I suspect that "sent" and "received" should be thought
of from the point of view of the DTE, so DTE->DCE is "sent" and DCE->DTE
is "received"; the directions for ISDN are user->network and
network->user, but I suspect that "sent" and "received" should be
thought of from the standpoint of the user equipment, so user->network
is "sent" and network->user is "received".)
svn path=/trunk/; revision=2606
these other than a trace file a client sent me. The header appears to
be similar to frame2 and frame4 records, but with extra bytes at the end.
The trace file also contains record types 13 - 17 which appear to contain
metainformation such as retransmit counts.
svn path=/trunk/; revision=2508
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
svn path=/trunk/; revision=2392
Set "current_blob" when the first read is done from the random file, as
"current_blob" is the current blob in the random file.
svn path=/trunk/; revision=2262
sequential pass through the file build a list of information about the
compressed blobs, with the starting offset in the compressed file and in
the uncompressed byte stream for each blob.
When seeking on the random stream, check whether the target location is
within the uncompressed buffer we currently have; if not, use that list
to figure out which blob contains the target location, and read that
blob into the buffer. Then, as we now know that the target location is
within the uncompressed buffer we currently have, just move the current
pointer into that buffer to the target location.
This means we don't have to read forwards through any uninteresting
blobs in order to seek forwards, and don't have to go all the way back
to the beginning and seek forwards in order to seek backwards.
svn path=/trunk/; revision=2251