<packet32.h> includes <winsock2.h>; we include that rather than
<winsock.h>, to avoid errors due to conflicting declarations in
<winsock.h> and <winsock2.h>.
svn path=/trunk/; revision=5742
types and Wiretap encapsulations after the entries to map between
platform-independent libpcap link-layer types and those Wiretap
encapsulations, so that, when writing a libpcap-format file, we choose
the platform-independent link-layer types.
svn path=/trunk/; revision=5668
In libpcap.c, move wtap_pcap_encap_to_wtap_encap before libpcap_open
so that if HAVE_PCAP_H is not true, the file will still compile.
svn path=/trunk/; revision=5660
Have "wtap_open_offline()", if asked to open a FIFO, return that error
if it was asked to open the file for random access.
svn path=/trunk/; revision=5643
the internal z_err value for the stream if an "fseek()" call it makes
fails, so that if "gzerror()" is subsequently called, it returns Z_OK
rather than an error.
To work around this, we pass "file_seek()" an "int *err", and have the
with-zlib version of "file_seek()" check, if "gzseek()" fails, whether
the return value of "file_error()" is 0 and, if so, have it return
"errno" instead.
svn path=/trunk/; revision=5642
they are, in fact, WTAP_ENCAP_FRELAY. Support 11 as WTAP_ENCAP_FRELAY
if DLT_FR is defined and is equal to 11, and support 107 as
WTAP_ENCAP_FRELAY unconditionally.
Get rid of a comment indicating that 105 isn't used - it's been
supported as DLT_IEEE802_11 for a while.
svn path=/trunk/; revision=5640
is always called before the "close" routine is called, so the "close"
routine doesn't need to free anything that's freed by the
"sequential_close" routine.
svn path=/trunk/; revision=5619
the packets, as the offsets of the frames have been saved by our caller
(because they need them to pass to the random-read routine); add a
sequential_close routine for Netmon files and free up the frame table in
that routine.
svn path=/trunk/; revision=5618
EtherPeek heuristic is a bit stronger, and there's at least one
EtherPeek capture that gets misidentified as a pppdump capture if you
check for pppdump captures first.
svn path=/trunk/; revision=5585
specify them on the command line of Tethereal/editcap/etc. (and to keep
those programs from dropping core when enumerating the names); now that
we can write Windows Sniffer 2.00x-format files, give them a short name.
svn path=/trunk/; revision=5524
Added support for NS_LS_TCP, NS_LS_UDP, NS_LS_LOOPBACK, NS_LS_ICMP and
unnamed subsystem 0xb9 (which contains ethernet headers in my captures frames).
However, NS_LS_ICMP will not be dissected since we dont have a
RAW_ICMP wiretap encapsulation type.
Updated decoding of usec timestamp for HPUX11 since HPUX11 has 0.1us
resolution for the scalar in this field.
YMMV but all these ones works for me from nettl traces from HPUX11.
svn path=/trunk/; revision=5523
A little work still needs to be done on the new NCP dissector -- make
some of the COL_INFO texts more useful, handle a Unicode issue, and
modify some of the cases that use "request conditions".
But the NCP dissector as it stands is very usable now.
Note: I didn't merge in the PROTO_LENGTH_UNTIL_END macro... I wanted
to think about the various possible macros and review an email conversation
I had with Guy on the subject.
svn path=/trunk/; revision=5432
"err" argument is null and return an error code through that argument
only if it isn't, to match what "wtap_dump_close()", which calls those
routines, does.
Put the NetXRay dump routines in order by version number.
svn path=/trunk/; revision=5385
into Wiretap, so that if you read a frame from Wiretap you have what
traffic type information could be gleaned from the information in the
capture file, and can write the frame out to a capture file where the
file contains some or all of that information without having to
determine it outside of Wiretap.
svn path=/trunk/; revision=5314
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
comparing with the "size_t" value "ngsniffer->rand.nbytes", rather than
just casting "ngsniffer->rand.nextout" to "unsigned" - if "unsigned" is
shorter than "long", the latter doesn't do what you want.
svn path=/trunk/; revision=5252
"struct x25_phdr" to "wiretap/wtap.h".
Have two X.25 dissectors, one of which assumes that there's a "struct
x25_phdr" pseudo-header and one of which doesn't; the former uses the
information in that pseudo-header to determine whether the packet is
DTE->DCE or DCE->DTE, and the latter assumes it has no clue whether the
packet is DTE->DCE or DCE->TDE. Use the former one in the LAPB
dissector, and the latter one in the XOT dissector and in the LLC
dissector table.
In the X.25-over-TCP dissector, handle multiple X.25 packets per TCP
segment, and handle X.25 packets split across TCP segments.
svn path=/trunk/; revision=5134
the "read" routine, which means it's already had any end-of-frame
padding/FCS removed; we don't need to remove it in the "seek_read"
routine.
svn path=/trunk/; revision=5124
returns radio information such as signal strength, channel, and data
rate in a pseudo-header. Add that pseudo-header.
Use the "802.11 with radio information" encapsulation type for Wireless
Sniffer files; extract the radio information from where it appears to be
in the header.
Add dissector code for that encapsulation type.
Fix an error in the code to put radio information into the AiroPeek
tree.
Make the "wrapped" flag for NetXRay/Windows Sniffer captures a
"gboolean".
svn path=/trunk/; revision=5122
Read in the entire packet, including the padding, and just tell our
caller about the non-padding part; that avoids doing a "file_seek()"
("fseek()"s are inefficient on some platforms, as they flush the
standard I/O buffers and do an "lseek()"), and would also let us supply
the padding to the caller if it turns out it's an FCS rather than
padding.
svn path=/trunk/; revision=5107
as BPF filters return either 0 if they fail or the snapshot length if
they succeed, and a snapshot length of 0 means success is
indistinguishable from failure and the filter expression would reject
all packets.
Now that a snapshot length of 0, inside Ethereal, means "snapshot length
unknown", we have to, when opening a libpcap file for output, make the
snapshot length some non-zero value. We make it WTAP_MAX_PACKET_SIZE,
in case some program uses the snapshot length as a buffer size. (That
doesn't help if there are packets with more than 65535 bytes of data; if
there are, we'd need to raise WTAP_MAX_PACKET_SIZE just to make those
files readable in Ethereal in any case.)
svn path=/trunk/; revision=4905
Guy Harris