Using g_fprintf() fails (crashes) on Windows because the Windows GLib DLL
is linked with (depends upon) MSVCRT while editcap is linked with
(depends upon) MSVCR90.
IOW: "You can't do that ... (on Windows)"
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6695 (Comment 2)
for some additional information.
svn path=/trunk/; revision=41168
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
type" when writing out a capture file (i.e., writing a
per-packet-encapsulation capture to a file type that supports it but
doesn't support one of the packet's encapsulations), report the packet
number and, when doing this in a merge operation, report the file from
which it came.
When reporting "sorry, that file can't be written to a file of that
type, period", show the file type rather than the input file link-layer
type that causes the problem. (We could show both. We could be
*really* ambitious and iterate through all possible file types and show
the ones that will or at least might work....)
file_write_error_message() is documented as handling only UNIX-style
errnos, and libwireshark should be usable without libwiretap, so leave
it up to its callers to handle Wiretap errors such as
WTAP_ERR_SHORT_WRITE.
Clean up indentation.
svn path=/trunk/; revision=39949
getopt() can/should normally be found in unistd.h, so:
- When testing for getopt(), define that we HAVE_GETOPT instead of
HAVE_GETOPT_H (to avoid confusion).
- Don't attempt to include getopt.h: not all OS's have it (for example,
Solaris 9 does not).
- (All the places which need getopt already include unistd.h (if we have it).)
If this breaks things on some OS, we might need (a real) HAVE_GETOPT_H check.
svn path=/trunk/; revision=38437
is mainly an attempt to fix the currently-broken "test.sh" step on the
XP buildbot. If this causes too many problems we might want to have
suite-capture.sh:capture_step_snapshot pass "-P" to dumpcap instead.
svn path=/trunk/; revision=37736
check_startstop is set.
Refuse to write packets that do not fit in the file type we're writing. This
allows fuzz testing to be done on JPEGs without generating bogus files (with
packets bigger than the maximum packet size). This fixes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6010 .
Note that this is only a problem with editcap is run with -T to force the
encapsulation type.
Maybe this needs a more generic solution (e.g., should this check be done in
the wiretap routines?), but at least for now it'll pacify the buildbot.
svn path=/trunk/; revision=37633
than present, just chop all by setting caplen to 0. In all cases, don't touch
len. In other words, change incl_len but leave orig_len alone.
svn path=/trunk/; revision=37488
original capture file's snaplen, save the new snaplen in the capture file
header so wireshark and capinfos can report it.
svn path=/trunk/; revision=37480
editcap -h sends 9 lines to stderr and the rest to stdout. This problem
affects editcap 1.4.x (branch 1.4) and devel (trunk).
How to duplicate:
1) run "editcap -h"
2) run "editcap -h > /dev/null"
The attached patch replaces 9 ocurrences of "stderr" by "output" in the usage
function.
svn path=/trunk/; revision=34742
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
send normal -h output to stdout so it can be paginated and the usage output
to stderr when there was an error in the command arguments.
svn path=/trunk/; revision=31388
This patch limits the number of fractional digits used to calculate the
fractional component of editcap's -t and -w options.
Specifically this patch truncates the fractional component (if any) of the -t
and -w options to 6 and 9 respectively.
svn path=/trunk/; revision=30698
We can have a situation where a file only contains a valid file header
without any packages, so this will avoid a crash.
svn path=/trunk/; revision=28602
so we don't just exit silently. Don't bother checking the validity of
arguments - it shouldn't be passed NULL fprefix or fsuffix arguments in
the first place, and isn't passed them.
Exit with an exit status of 1 for command-line syntax errors and 2 for
file open/close/IO errors.
svn path=/trunk/; revision=28458
- New duplicate packet removal options for editcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3168
I changed the patch a bit:
- Adapted to 80 chars wide screen
- Merged -w and -W parameters
svn path=/trunk/; revision=28074
routines handled by epan/report_err.c.
Move copy_binary_file() in file.c to epan/filesystem.c, and rename it to
copy_file_binary_mode() (to clarify that it *can* copy text files;
arguably, *all* files are "binary" unless you're on, say, an IBM 1401
:-)). Have it use the report_err.c routines, so it works in
console-mode programs.
Clean up some comments while we're at it.
svn path=/trunk/; revision=27456
#include winsock2.h pulls in about 90 distinct .h files
and about 140 total .h files.
Currently winsock2.h is (mostly unnecessarily) included
for each dissector via packet.h/wtap.h.
This patch removes #include winsock2.h from wtap.h and
then includes winsock2.h (or windows.h) in the
few specific places required.
With this patch, my Windows Wireshark build takes
about 30% less time.
svn path=/trunk/; revision=26535
capinfos and dumpcap don't need to depend on libwireshark nor directly pull
in those modules). Because capinfos and editcap were only being linked with
privileges.c if we had plugins, this allows those programs to be linked when
someone is compiling --without-plugins.
svn path=/trunk/; revision=25640
A few changes from me:
- make use of nstime_set_unset and nstime_is_unset i.s.o. extra variable first_pass
- change 'if' to 'while' to allow intervals with no packets
- remove 'unused' variable current_pkt_ts
svn path=/trunk/; revision=25499
plugins should already be linked against libwireshark.
Don't link capinfos and editcap against libwireshark: they only needed to be
because the plugins were linked against libwireshark (see rev 24123 and the
ensuing discussion on -dev).
capinfos and editcap: don't complain if plugins fail to load: dissector
plugins should fail to load because they need libwireshark. I am assuming
here that wiretap plugins don't need libwireshark (I've never seen such a
plugin but LEGO's code and comments suggest this is the case).
(The goal of this checkin is to stop linking capinfos and editcap against
libwireshark while still allowing wiretap plugins. Since we don't have any
such plugins in the tree I do somewhat doubt the need for all this but I don't
want to be the one to remove the functionality.)
svn path=/trunk/; revision=24650
previously called. This prevents the function from always returning TRUE in
programs that hadn't called get_credential_info().
Call get_credential_info() in the programs that should have been.
svn path=/trunk/; revision=24648
meta information that is found at the beginning of
the data - this lets me fuzztest my .out files
properly.
Also make some whitespace more consistent.
svn path=/trunk/; revision=24401
"time_t" is not guaranteed to be an "unsigned long"; when printing it
with %lu, cast it to "unsigned long".
The "secs" field of a wtap_nstime, however, *is* defined to be a time_t;
there's no need to cast it to time_t.
svn path=/trunk/; revision=23036
configure is run with "--without-plugins"
cc1: warnings being treated as errors
about_dlg.c: In function ‘about_wireshark_cb’:
about_dlg.c:426: warning: unused variable ‘plugins_page’
make[2]: *** [about_dlg.o] Error 1
editcap.c: In function ‘main’:
editcap.c:663: error: ‘check_ts’ undeclared (first use in this function)
editcap.c:663: error: (Each undeclared identifier is reported only once
editcap.c:663: error: for each function it appears in.)
make[2]: *** [editcap.o] Error 1
svn path=/trunk/; revision=22761
epan/filesystem.c
have get_plugin_dir() calling init_plugin_dir() if necessary
epan/epan.c and epan/report_err.c
move the report_failure family into the new report_err.c file, have epan_init() calling the initializer
epan/plugins.h and epan/proto.c
do not have init_plugins() calling the proto_reg functions instead do it in init_proto()
gtk/main.c and tshark.c
init_plugin_dir() has become suprefluous
capinfos.c and editcap.c
load the wiretap plugins
Makefiles
do what's needed to build withe the above changes.
svn path=/trunk/; revision=21935
a patch to avoid the warning "implicit declaration of function
'strptime'" in editcap.c
glib.h is included just after the define __USE_XOPEN and include <time.h>
svn path=/trunk/; revision=20455
option explanation is more detailed now, I've added the option parameters to the description
added version information to the usage output
instead of using the usage page to display the available file and encapsulation types (which makes the usage page almost unreadable), use empty options -F or -T to print the available types. I've used optopt for this, it seems to be portable that way ...
svn path=/trunk/; revision=16991
- Editcap
Mikko Tiihonen filed bug 379 including a patch for editcap. This wasn't picked up so far. I've ported the patch to svn 16820 and included a documentation patch.
-packet-ieee80211.c
Radek Vokal of RedHat filed a bug found by Vladimir Kondratiev of Intel in the 802.11 dissector. Radek provided a sample capture and Vladimir a oneliner patch. I've ported the patch to svn 16820 and tested it against the provided capture. Works well.
-From Kan Sasaki
A patch for packet-ospf.c is attached:
- Fix the handling of the DN-bit of options field.
- Add a new function dissect_ospf_bitfield() to dissect a bitfield
such as options, flags. The following functions are merged by
using this function.
- dissect_ospf_lls_extended_options()
- dissect_ospf_dbd()
- dissect_ospf_options()
- dissect_ospf_v3_prefix_options()
- dissect the flags and prefix-options bitfield.
- lldp Bugfix Bug 596 LLDP TIA Network Policy Decode is not correct
- Camel make it possible to dissect based on OID.
svn path=/trunk/; revision=16822
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
<packet32.h> includes <winsock2.h>; we include that rather than
<winsock.h>, to avoid errors due to conflicting declarations in
<winsock.h> and <winsock2.h>.
svn path=/trunk/; revision=5742
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
- make a leading zero in the argument to -t optional;
- includes the -t option in in the summary portion of of the editcap
usage message.
svn path=/trunk/; revision=3712
"main()", the program exits, and exits with an exit status equal to the
return value of "main()", so "return 0;" is sufficient at the end of
"main()".
svn path=/trunk/; revision=3354
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
snapshot length before writing them to the output file; this may come in
handy if you are translating the file to a different format so that it
can be read by a program that can't handle packets above a certain size
(e.g., the snoop in Solaris 2.5.1 or 2.6, which reject Ethernet packets
larger than the Ethernet MTU, and thus can't handle gigabit Ethernet
captures using jumbo frames).
svn path=/trunk/; revision=1891
as well as individual packets.
I needed to grab quite a few from the middle of a large capture file.
Will eventually need to sort the extract list.
svn path=/trunk/; revision=1498
Update editcap to print out the type of capture file if -v specified and
add a -h flag. Also fix a few compiler warnings ...
svn path=/trunk/; revision=1302
symbolic name, and to list the encapsulation types in the usage message.
Note in the usage message that the default output encapsulation type is
"same as the input file" and that the default output file type is
"libpcap".
svn path=/trunk/; revision=1213
read, and write any format it can write; change the error messages.
Make the "-F" flag take a symbolic capture file type; use
"wtap_short_string_to_file_type()" to translate it to a WTAP_FILE_
value.
List, in the usage message, the capture file types we can write, and the
symbolic types you use on the command line to specify them.
Give it an RCS ID.
svn path=/trunk/; revision=1210
Will need new functions in wiretap before I can do more.
Should perhaps be moved into an examples directory and have other bots added.
svn path=/trunk/; revision=1206