a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
box into a common subroutine.
Don't call "change_time_formats()" to update the display unless the time
format actually changed.
svn path=/trunk/; revision=2094
make it easier to use grep to find all references to it without getting
a lot of false hits and to check, after allocating the memory chunk for
"frame_data" structures, that the allocation succeeded.
svn path=/trunk/; revision=2092
allocate the buffer into which it formats the variable value, and return
that value. This
1) makes it more closely resemble the formatting routine in the
libsmi-based "packet-snmp.c" under development;
2) makes it less likely to overrun the buffer (we can't be
certain how long the string "sprint_value()" generates will
be, but we can make a reasonable guess as to the maximum size
based on the type and size of the object we're formatting).
When *not* using "-lsnmp", dynamically allocate the buffers into which
we format octet strings and OID values, based on the size of the object
we're formatting, so that we don't overrun the buffer.
svn path=/trunk/; revision=2091
than setting "eoc" from "asn1->pointer" and "enc_len" and then setting
"size" from "eoc" and "asn1->pointer", to make it clearer how it's being
set.
svn path=/trunk/; revision=2090
2.002, as used by release 3.50 of the Network Associates Sniffer for
Windows; currently, we treat it just like the 2.001 version, so we
rename the version #define WTAP_FILE_NETXRAY_2_001 to
WTAP_FILE_NETXRAY_2_00x and use that for both 2.001 and 2.002.
svn path=/trunk/; revision=2087
file, not as a text file; that makes no difference on UNIX, but, as the
file *is* binary, it makes a difference on Win32 systems.
svn path=/trunk/; revision=2086
FT_ETHER field; the ISIS spec doesn't say it's necessarily a 6-byte
Ethernet address (and, if it's FT_BYTES, you can test it in a filter
much the same way you test an Ethernet address).
Make "isis_hello.lan_id" an FT_BYTES field rather than an FT_STRING
field - it's an array of bytes, not a character string.
Don't require that "system ID" fields be 6 octets; use the size value
from the ISIS PDU header. (This means that PDUs containing "system ID"
fields can't be described as C structures; dissect them by stepping the
offset instead.)
svn path=/trunk/; revision=2080
symbolically as full sequences, call "snmp_set_suffix_only(2)" to cause
them to be displayed symbolically as a module name and a name within
that module, as that might make it easier to find the RFC or whatever
that describes the object in question.
Don't just statically call it, though, on Linux, as that causes binaries
built on Red Hat releases prior to 6.2 to fail to run on 6.2, due to the
UCD SNMP 4.1.1 library used in RH 6.2 not being 100% binary-compatible
with the UCD SNMP libraries used in those prior releases. Instead, on
Linux, try to "dlopen()" the "libsnmp.so" library and, if that succeeds,
try to find "snmp_set_suffix_only()" in that library - if that succeeds,
call it, otherwise try to find "ds_set_int()" in that library and, if
*that* succeeds, call it with the arguments that, in UCD SNMP 4.1.1, the
"snmp_set_suffix_only()" macro passes to it.
svn path=/trunk/; revision=2077
Differentiate between LAPB and LAPD sync sniffer traces.
Personally I think there must be a better way to find out which
protocol is in the trace but I currently lack the time to look
at the remaining frame info.
svn path=/trunk/; revision=2072
When trying to decode a sample trace from the NG offline sniffer
installation, one trace resulted in a "corrupted" error. The
reason was, that the file was a version 2 file format. That
format used type 8 for header purposes while version 4 uses it
for FRAME4.
svn path=/trunk/; revision=2071
tvbuffs.
In doing so, I realied that my recommendation for using
tvb_new_subset(pi.compat_top_tvb, -1, -1) was incorrect, because
some dissectors (ethernet!) change pi.len and pi.cap_len. So, I have
to take those two variables into account instead of using -1 and -1.
So, I provide a macro called tvb_create_from_top(offset), where
offset is the name of your offset variable. It is a wrapper around
tvb_new_subset().
I converted the lines that followed my suggestion to use
tvb_create_from_top().
In proto.c I added
proto_tree_add_debug_text(proto_tree*, const char*, ...)
It's much like proto_tree_add_text(), except that it takes no offset
or length; it's soley for temporarily putting debug text into the
proto_tree while debugging a dissector. In making sure that its
use is temporary, the funciton also prints the debug string to stdout
to remind the programmer that the debug code needs to be removed
before shipping the code.
svn path=/trunk/; revision=2068
that causes "packet-x11.c" to fail to compile due to it defining its own
function named "boolean", so we rename the "packet-x11.c" "boolean()"
function to "add_boolean()".
svn path=/trunk/; revision=2066
build to fail on Win32 systems. It's defined (at least in the X11R6 on
my FreeBSD 3.4 system) as "((unsigned long)~0L)", which presumably means
"set all the bits" - which means "set all 32 bits" in the "value_string"
table where it appears, as the value member of an entry in such a table
is a "guint32", so just use 0xFFFFFFFF.
Get rid of other unneeded #includes as well.
svn path=/trunk/; revision=2061
the top-level "compatibility" tvbuff, so that we don't blow up if we get
short frames *or* misinterpret data due to, for example, trying to treat
the initial client->server message in a connection as an X11 request, or
interpreting the middle of a multi-frame request (e.g., a big PutImage)
as if it contained requests. (I have a capture file on which the
non-tvbuffified code crashed.)
Attempt to dissect requests until we reach the end of the frame, even if
that would take us past the end of the captured data in the frame before
we reach the end of the frame; the tvbuff code will throw an exception
if we go past the end of the captured data, which means it'll put a
"Short frame" indication into the protocol tree, which is what we want
(the frame *is* short, because the capture length was too short).
Define functions taking no arguments with a "(void)" argument list, so
that the compiler knows that they must not be passed any arguments.
svn path=/trunk/; revision=2059