wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
unsupported feature.
If we see an IDB after all the IDBs at the beginning of the file,
process it. Fixes bug 7851.
Get rid of unused read_idbs flag in pcapng_t structure. (Also, as per
the above, just because we've read all the IDBs at the beginning of the
section, that doesn't necessarily mean we've read all the IDBs in the
section.)
Fix some places where we reject SPBs.
svn path=/trunk/; revision=45495
interface for which we have information.
Fixes bug 7467.
Should also cause an error message, rather than an unreadable capture
file, to be produced for the cases in bug 7381. (This isn't a fix for
bug 7381; it's arguably an improvement, in the sense that a circuit
breaker tripping or a fuse blowing for a short circuit is an improvement
over a fire starting, but it's not a *fix*, any more than a circuit
break or fuse *fixes* the short circuit.)
#BACKPORT
svn path=/trunk/; revision=43657
for the interface, not based on the default resolution of 1 microsecond.
Fixes bug 7457.
Fix a comment.
Clean up indentation.
#BACKPORT
svn path=/trunk/; revision=43649
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
if they're not. Also report an error for zero-length names.
Handle multiple names per IP address - the pcap-NG spec says "one or
more zero-terminated strings containing the DNS entries for that
address."
Use a Buffer to hold NRB records, so there's no maximum size (well,
there is a maximum size, because the record length is 16 bits, but let's
not allocate 64KiB on the stack if we don't have to).
svn path=/trunk/; revision=41332
pcap_read_simple_packet_block(), not in pcap_read() - the way the fields
are filled in differs between simple and non-simple packet blocks.
Clean up white space.
svn path=/trunk/; revision=41284
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
Guy Harris