traffic as well as Frame Relay traffic, and give some information about
the cruft found in the xxc field of the header for one CHDLC and one FR
capture.
svn path=/trunk/; revision=14659
There is still much to do, but at the very least it can import files allowing the user to choose which protocols handle the diferent sources.
svn path=/trunk/; revision=14606
fail after the private data is allocated, you have to free the private
data).
The file header in nettl files is 128 bytes - use a #define for it, and
also a #define for the magic number size.
svn path=/trunk/; revision=14553
indicating the direction, narrowband/broadband, and interface number.
- Add support to display the direction and interface number.
- Add support to packet-mtp2.c to use the broadband/narrowband indication.
svn path=/trunk/; revision=14265
and is equivalent to just "p++". If "p" isn't used after that, "*p++"
does nothing whatsoever, and can just be removed.
svn path=/trunk/; revision=13818
files. Do this with GENERATED_HEADER_FILES, GENERATED_C_FILES, and
GENERATED_FILES macros in Makefile.common files, along the lines of what
wiretap/Makefile.common has.
Clean up "*~" files with "make clean" rather than only "make distclean"
in some additional places.
Add "maintainer-clean" rules to the Makefile.nmake files, paralelling
the ones in the automake-generated Makefile.in files, using the
GENERATED_FILES macros from Makefile.common files. In some cases, move
the cleanup of files from "make distclean" to "make maintainer-clean",
and in other cases, put in a comment indicating why we're not doing that
(because some files that are distributed in the source tarballs, namely
Flex output, were built with a UN*X Flex and won't compile on Windows,
so we get rid of them with "make distclean" so you can clean up stuff
that *has* to be re-generated for Windows).
Clean up some *CLEANFILES definitions - get rid of ones that no longer
apply as files were moved or that add to the definition a name that's
already there.
svn path=/trunk/; revision=13402
Attached is an update to Lucent/Ascend trace parsing: fix a few bugs,
add support for ISDN and Ethernet captures - diffs to 0.10.9.
svn path=/trunk/; revision=13311
were in the middle of processing a record. If we got one at the
*beginning* of the record, that just means we've come to a clean
end-of-file.
svn path=/trunk/; revision=13064
FCS" bit for 802.11, just as it appears to be for Ethernet, and give
more details on the 4 bytes of junk at the end of the packet (i.e., that
we haven't yet seen an 802.11 capture where it's an FCS rather than just
junk).
svn path=/trunk/; revision=13028
specific to particular types of captures, and the same value might
correspond to more than one CAPTYPE_ definition.
Add an additional CAPTYPE_ for some non-gigabit Ethereal capture seen by
Bill Meier, and fix the range check the time stamp units value as per
his mail.
svn path=/trunk/; revision=12937
a number of Windows Sniffer captures - apparently the time stamp units
are in a field in the file header.
Add a capture type value seen in at least one ATM capture.
Update some comments, and add some comments.
Get rid of some redundant setting of "timeunit".
svn path=/trunk/; revision=12936
ugly, as it encapsulates, for example, the 8B/10B code for gigabit
Ethernet and Fibre Channel, so code to read it might have to decode
that; GPF-F isn't so bad).
svn path=/trunk/; revision=12700
Ethereal, unaware that the Ethereal team does *NOT* control libpcap
format, thinks they can just grab 169 and use it for their own
purposes).
svn path=/trunk/; revision=12678
If we get such an error, always call "file_error()" to get an indication
of what the error was and, if it returns 0, set the error to
WTAP_ERR_SHORT_READ.
svn path=/trunk/; revision=12442
by his madwifi Atheros driver on Linux; rename
WTAP_ENCAP_IEEE_802_11_WLAN_BSD to WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP,
and change its text name from "ieee-802-11-bsd" to
"ieee-802-11-radiotap".
svn path=/trunk/; revision=12429
don't have any code to handle it (other than to report that fact...).
Also, refer to the subsystem type code as such, not as a "network type".
svn path=/trunk/; revision=12178
NETTL_SUBSYS_NS_LS_ICMPV6 - they don't even have IP headers, so we need
to directly call the ICMP and ICMPv6 dissectors.
svn path=/trunk/; revision=12047
1) Change nettl subsystem ID's to decimal so as to
match /etc/nettlgen.conf and ease maintenance
2) Add support for hp_apaport (PAgP), hp_apalacp,
and IPv6 subsystem trace records
3) Correct handling of LOOPBACK trace records
svn path=/trunk/; revision=11901
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
WTAP_ERR_UNSUPPORTED_ENCAP, not WTAP_ERR_UNSUPPORTED, as it presumably
means the capture was done on some type of device we don't know about.
svn path=/trunk/; revision=11339
level configure.in to mirror that change in wiretap. Otherwise people who
have both versions of glib/gtk installed may see crashes.
svn path=/trunk/; revision=11049
Set the file encapsulation the same way it's done for iptrace captures -
leave it as "unknown" to start with, and, for each packet we see, set it
to the packet's encapsulation type if the file encapsulation type is
unknown and set it to "per-packet" if the file encapsulation type is
"known" but isn't the type of that packet, so files that have all the
same type of packet have that type as the file type and packets that
*don't* have all the same type of packet have "per-packet".
svn path=/trunk/; revision=10543
WTAP_ENCAP_PRISM_HEADER, WTAP_ENCAP_IEEE_802_11_WLAN_BSD, and
WTAP_ENCAP_IEEE_802_11_WLAN_AVS.
In the seek_read routine, set it for all 802.11 types.
svn path=/trunk/; revision=10404
(a FILE * if zlib isn't used, a gzFile if zlib is used).
Use "size_t" for the amount of data to read in
"eyesdn_check_file_type()", to squelch signed vs. unsigned warnings.
svn path=/trunk/; revision=10392
firewall/Symantec Enterprise Firewall. Thanks, Axent/Symantec, for not
asking us for a DLT_ value and not telling us about the link-layer type.
svn path=/trunk/; revision=10361
rather than requiring individual capture file type handlers to do it
(unless they're doing per-packet encapsulation, in which case we check
to make sure they didn't *leave* it as WTAP_ENCAP_PER_PACKET).
svn path=/trunk/; revision=10290
"file_getc()" returns either an 8-bit unsigned value, or -1 for error or
EOF; store its return value into an "int", and check for -1 and return
-2, in "esc_read()" (rather than checking "file_error()" at the end).
Clean up some comments, routine names, and variable names - eyeSDN files
are binary, not text.
In "parse_eyesdn_packet_data()", handle the case of an EOF from
"esc_read()".
svn path=/trunk/; revision=10050
could probably map it to one of the many different 802.11+radio headers,
but we should probably just have *one* Wiretap encapsulation for 802.11,
with a radiotap-style list of attributes attached to it.
svn path=/trunk/; revision=10041
"subscript has type `char'" warnings and to make the code work correctly
if there are characters with the 8th bit set.
svn path=/trunk/; revision=10010
The MediaType field seems to be 0 for the Ethernet captures; however,
the MediaSubType field is different.
The fields in the header are different - we can't use hard-coded offsets
for the fields, we have to process them as a sequence of tag/value
items.
Rename some routines to use the same naming convention as the V9 open
routine rather than the same convention as the V5/V6/V7 read and
seek/read routines.
svn path=/trunk/; revision=9990
only for versions 5, 6, and 7 of the file format.
Add another comment explaining why this refers to "etherpeek" even
though it's also used for AiroPeek and probably also TokenPeek.
svn path=/trunk/; revision=9989
current CVS libpcap uses 163 for the AVS radio header (127 was never
used for the AVS radio header). Redo the Wiretap encapsulation values
for that (and shuffle them to put the 802.11 Wiretap values together).
svn path=/trunk/; revision=9904
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
"gint8" - there's no reason for them to be signed, and making them
signed can cause compiler warnings if a value won't fit in 8 bits if
sign-extended.
svn path=/trunk/; revision=9467
except that the 0x80 bit is turned on in the file version number field.
Turn that bit off before processing that field.
svn path=/trunk/; revision=9342
errors when reading the header as indications that the file isn't an
AiroPeek V9 file.
Put in comments nothing some additional checks we should do.
svn path=/trunk/; revision=9145
snoop file unless it has enoguh padding to hold a Shomiti trailer
record. (DEAR SUN MICROSYSTEMS: PLEASE DO NOT STUFF 16 OR MORE BYTES OF
PADDING INTO A SNOOP PACKET. THANK YOU. HAVE A NICE DAY.)
Add a little paranoia about the record and captured data lengths.
svn path=/trunk/; revision=8883
2000, 00:00:00 *local* time. The amount to add to that is just the UNIX
time stamp value for that point in time; get it with "mktime()".
svn path=/trunk/; revision=8854
get rid of the reference to its "tm_gmtoff" member - there are platforms
on which Ethereal runs that don't have "tm_gmtoff" in "struct tm". If
the time stamp in the packets is nanoseconds since midnight 2001-01-01
*local* time, we'd need to compute the offset between that and midnight
2000-01-01 GMT, and adjust the time with that.
svn path=/trunk/; revision=8842
swap the "captured length" and "length" fields, to the open-file code;
store a tri-state (definitely swapped, definitely not swapped, maybe
swapped) value in the per-capture-file-format information for libpcap
format, and use that when processing packets.
svn path=/trunk/; revision=8774
recurse into subdirectories doing "nmake -f Makefile.nmake distclean".
Have "nmake -f Makefile.nmake clean" not remove stuff that "make clean"
doesn't remove (such as Flex/Bison output and config.h files) - and have
"nmake -f Makefile.nmake distclean" remove stuff that "make distclean"
removes, including "tethereal-tap-register.c" and
"ethereal-tap-register.c".
svn path=/trunk/; revision=8672
a UNIX version generating code that, by default, assumes you have
<unistd.h> (as might be the case with recent versions of Cygwin, which I
assume *does* supply <unistd.h>), but you're building on a platform that
lacks <unistd.h> (e.g., building with MSVC++ or MinGW), you can still
compile.
svn path=/trunk/; revision=8602
0 means "there is no FCS in the packet data", 4 means "there is an FCS
in the packet data", -1 means "I don't know whether there's an FCS in
the packet data, guess based on the packet size".
Assume that Ethernet encapsulated inside other protocols has no FCS, by
having the "eth" dissector assume that (and not check for an Ethernet
pseudo-header).
Have "ethertype()" take an argument giving the FCS size; pass 0 when
appropriate.
Fix up Wiretap routines to set the pseudo-header. This means we no
longer use the "generic" seek-and-read routine, so get rid of it.
svn path=/trunk/; revision=8578
0 means "there is no FCS in the packet data", 4 means "there is an FCS
in the packet data", -1 means "I don't know whether there's an FCS in
the packet data, guess based on the packet size".
Assume that Ethernet encapsulated inside other protocols has no FCS, by
having the "eth" dissector assume that (and not check for an Ethernet
pseudo-header).
Have "ethertype()" take an argument giving the FCS size; pass 0 when
appropriate.
Fix up Wiretap routines to set the pseudo-header. This means we no
longer use the "generic" seek-and-read routine, so get rid of it.
svn path=/trunk/; revision=8574
type, and telling them how it should *NOT* be done, i.e. you should ask
tcpdump-workers for a new DLT_ value, you should not just pick a value
on your own, and you should especially not reuse a value that's already
in use!
Put in comments about reserved values in the current CVS libpcap.
svn path=/trunk/; revision=8367
use WTAP_ENCAP_ATM_PDUS as the default encapsulation for ATM;
don't use ULL constants, as not all C compilers that support
gint64 support them, and as there's no need to make them ULL
constants.
svn path=/trunk/; revision=8278
a not-yet-ready-for-prime-time project of mine (fast random access to
gzipped files, plus an mechanism to allow support for other forms of
compression).
svn path=/trunk/; revision=8221
the MS Visual Studio debugger, get confused by two files with the same
name being in a program's source, even though they're in different
directories.
svn path=/trunk/; revision=8208
"unsigned short", "unsigned int" (or "int", as the items appear to be
unsigned), or "unsigned long".
Convert data to and from the appropriate byte order.
Don't free the private data structure in the dumper's close routine -
"wtap_dump_close()" does that for you.
svn path=/trunk/; revision=8094
the network type being 1 and the byte after it being 2; we assume, for
now, that the network type is 1 byte, and that if the byte after it is
0, the network type is an NDIS type - 1, and if it's 2, it's an NDIS type.
svn path=/trunk/; revision=7973
rathe than the record length minus the record header length, as the
number of available (captured) bytes in the packet. Check to make sure
that value isn't bigger than the record length minus the header length.
Only subtract the 4-byte FCS length from the purported length of the
packet on the wire if that would leave the on-the-wire length >= the
number of captured bytes, so that we can better handle capture files
from programs that produce LANalyzer-format captures where the
on-the-wire length *doesn't* include the FCS.
svn path=/trunk/; revision=7948
is pointless, as it's a 16-bit unsigned quantity. Remove those checks -
but note in a comment that WTAP_MAX_PACKET_SIZE must be at least 65535
(as there might well be link-layer types with packets at least that
large).
svn path=/trunk/; revision=7934
variables the user configures - the user isn't expected to change
GLIB_LIBS or GTK_LIBS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate libraries for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7885
variables the user configures - the user isn't expected to change
GLIB_CFLAGS or GTK_CFLAGS, and there's a comment nothing that users
shouldn't have to do so), which contain the appropriate "/I" flags for
building stuff that requires only GLib, and stuff that required GTK+ and
GLib, respectively, and use those macros in the Makefile.nmake files.
svn path=/trunk/; revision=7884
matched if it succeeds, so that it gets re-read when we read the capture
file - it's a line containing a time stamp for a packet, so we need to
re-read it to get that time stamp.
svn path=/trunk/; revision=7752
line, not the "RCV packet" part, so that we recognize files even if they
don't have an "RCV packet" line in the first 200 lines.
svn path=/trunk/; revision=7699
value for DLT_PFLOG, and that goes along with a change to the link-layer
header for DLT_PFLOG - support both the old and new values and format.
svn path=/trunk/; revision=7676
Following fixes for nettl (HP-UX):
1) Fixed 11.X timestamp issue
there is no difference in 10.X/11.X timestamps, so no
need to shift 11.X timestamps
2) Fixed NS_LS_DRIVER trace record handling
now works rather than throwing "...network type that
Ethereal doesn't support" error
3) Fixed handling of traces with sliced packets (nettl -m xx)
now uses correct packet and capture lengths
4) Additional ethernet card support
now handles btlan[1,3-6],gelan,igelan,intl100 driver
trace records
svn path=/trunk/; revision=7642
Makefile.am:99: `YFLAGS' is a user variable, you should not override it;
Makefile.am:99: use `AM_YFLAGS' instead.
Fix it in the proposed way.
svn path=/trunk/; revision=7582
stuff I sent out in a mail message to somebody asking how to add support
for a new file format, but hopefully it'll get improved by various
contributors over time (hint hint).
svn path=/trunk/; revision=7397
aren't 1/1193000.0 second; the code used to use 1/1193180.0 second, but
at least one capture appears to have units of somewhere around
1/3579540.0 second.
svn path=/trunk/; revision=7388
2 the time stamps are in units of 1/31250000 seconds rather than
nanoseconds - and, by generating Windows Sniffer captures with various
hdr.timeunit values, that for all the non-zero values he tested, the
time stamps for non-gigabit pod captures are in units of 1/1193000
second.
Instead of having a TpS array, just test for the exception value (0 for
non-gigabit pod captures, 2 for gigabit pod captures).
svn path=/trunk/; revision=7380
type for loopback devices; map it to DLT_NULL when reading libpcap files
with a major version of 2 and a minor version of 2, and when capturing
from an "loN" device on AIX.
svn path=/trunk/; revision=7361
rename WTAP_ENCAP_ENC0 to WTAP_ENCAP_ENC.
un-#if 0 out the code to handle the value 109 for DLT_ENC, as I've just
checked in support for DLT_ENC in tcpdump.org libpcap and tcpdump, which
maps DLT_ENC to 109 in the file header.
Give packet-enc.c an RCS ID.
svn path=/trunk/; revision=7323
Add support for the OpenBSD enc(4) encapsulating interface. Add
support for Ethernet over IP (RFC 3378).
Fold Markus' .h files into their respective .c files, add a define to
ipproto.h and use it.
svn path=/trunk/; revision=7310
Add a bunch of capture types discovered by stuffing them into Windows
Sniffer captures and seeing what a Sniffer thought they were. Add
support for writing at least some of them.
svn path=/trunk/; revision=7265
