Age | Commit message (Collapse) | Author | Files | Lines |
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I28436e003ce7fe31d53e6663f3cc7aca00845e4b
Reviewed-on: https://code.wireshark.org/review/25392
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Allow file_read() to take a null pointer as a buffer argument; a null
argument means "do everything except copy the bytes from the file to the
user buffer". That means that wtap_read_bytes() and
wtap_read_bytes_or_eof() also support a null pointer as a buffer
argument.
Use wtap_read_bytes() with a null buffer argument rather than
file_skip() to skip forward over data.
This fixes some places where files were mis-identified as ERF files, as
the ERF open heuristics now get a short "read" error if they try to skip
over more bytes than exist in the file.
Change-Id: I4f73499d877c1f582e2bcf9b045034880cb09622
Reviewed-on: https://code.wireshark.org/review/17974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I41c7918b7396934c651fb957d3b61db0c7a19527
Reviewed-on: https://code.wireshark.org/review/9990
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4928f99cdc2b8fc2a3aef648b613ce0b93ed3563
Reviewed-on: https://code.wireshark.org/review/9989
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4b0b4bb31901208e09a535ef922e134116309531
Reviewed-on: https://code.wireshark.org/review/9988
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If we assume that, the time stamps of the sample captures on the
Colasoft site are in the range 2000-2014, and the HTTP time stamps in
the HTTP capture from there are close to the packet time stamps.
Change-Id: Id0e29c03dc8ada40f1040b95f169b4f3a8954a0f
Reviewed-on: https://code.wireshark.org/review/9986
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I10d3057801673bc1c8ea78f144215869cc4b1851
Reviewed-on: https://code.wireshark.org/review/6217
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: Ic5a5acb0f36d3aa144edbfb1ae71097b18426db4
Reviewed-on: https://code.wireshark.org/review/6216
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
I don't trust Packet Builder's ability to convert time stamps between
Capsa format and pcap.
Change-Id: I0ac2e14216e37127d81d5bf1c6d48a2c20841a8e
Reviewed-on: https://code.wireshark.org/review/4721
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Clean up the code to read the block according to that description.
Change-Id: Icb332e293c4b41d91989aa17a7546f298068e908
Reviewed-on: https://code.wireshark.org/review/4716
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ibaebda819094f09610dc9cf8a303440b93bf2da0
Reviewed-on: https://code.wireshark.org/review/4686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The time stamps aren't known to be right, so don't provide them - that
way, instead of users reading Capsa files and getting the wrong idea
about the time stamps, they'll get no time stamps and have to ask for
our help, at which point we can ask them for *their* help in seeing what
Capsa thinks the time stamps are. (The joys of reverse-engineering.)
Change-Id: I77e12c09f2bc74b50a1b2b226fa6da3e8c0fedf9
Reviewed-on: https://code.wireshark.org/review/4685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3f11d48f74d71367cc76c76dfc88763894f23f2c
Reviewed-on: https://code.wireshark.org/review/4679
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(So why can't GCC or Clang be taught to warn about *all* implicit
shortenings, as MSVC does, not just 64-bit-to-32-bit shortenings?)
Change-Id: I88c0b0aa2f1b306f58952589ff8bcae17bc29768
Reviewed-on: https://code.wireshark.org/review/4676
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(Yes, we should, on platforms with a 32-bit time_t, check to make sure
the time stamp fits and do something if it doesn't. Or we should make
the seconds part of an nstime_t be 64-bit and handle overly-large values
when converting them to year/month/day/hour/minute/second.)
Change-Id: If219534985dce29d00754ff151f6c4b5893080d8
Reviewed-on: https://code.wireshark.org/review/4675
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5b383c967c465882819ac449fbd54915bc692687
Reviewed-on: https://code.wireshark.org/review/4674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I9a620da95c1dd9b173cebe28f790eeb50e3f9a8f
Reviewed-on: https://code.wireshark.org/review/4673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I68e85e2e29e1154170ccc50488ec943958978150
Reviewed-on: https://code.wireshark.org/review/4672
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The time stamp origin is not correct. Capsa's absolute time stamp for
the sample captures from their Web site would be helpful.
Change-Id: I365daf7b42240e33f54df76939254f41ed57a9b2
Reviewed-on: https://code.wireshark.org/review/4671
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|