| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add support for the OpenBSD enc(4) encapsulating interface. Add
support for Ethernet over IP (RFC 3378).
Fold Markus' .h files into their respective .c files, add a define to
ipproto.h and use it.
svn path=/trunk/; revision=7310
|
|
that have direction information.
Support writing WTAP_ENCAP_FRELAY_WITH_PHDR and WTAP_ENCAP_PPP_WITH_PHDR
captures out in libpcap format - we throw away the direction
information, but so it goes.
When reading/writing Windows Sniffer format, read and write the
direction flag.
svn path=/trunk/; revision=7052
|
|
addresses and the protocol type, as supplied by BPF; on Linux, they *do*
have an offset field, as supplied by PF_PACKET sockets. Add a new
WTAP_ENCAP_ARCNET_LINUX, with packets that include the offset field, and
don't dissect an offset in WTAP_ENCAP_ARCNET packets.
Map a libpcap link-layer type of 129 to WTAP_ENCAP_ARCNET_LINUX; that
value was recently assigned to Linux-style ARCNET.
Add some more ARCNET protocol IDs.
For most protocol IDs, dissect an ATA 878.2 fragmentation header; don't
do it for RFC 1051 IP and ARP, and Diagnose packets. Set the length of
the ARCNET protocol tree item appropriately.
Dissect both the RFC 1051 and RFC 1201 styles of IP and ARP over ARCNET,
and dissect the RFC 1201 style of RARP as well.
svn path=/trunk/; revision=6981
|
|
that flag in the ATM pseudo-header, and use it to determine whether a
frame is a raw cell or a reassembled frame, rather than using the AAL,
as you can have raw AAL5 cells in a capture.
svn path=/trunk/; revision=6889
|
|
number of 1 means DCE->DTE, in DOS Sniffer ATM captures.
svn path=/trunk/; revision=6881
|
|
from network-based libpcaps that use that protocol.
svn path=/trunk/; revision=6875
|
|
used for the DOS-based ATM Sniffer. (That's not a great name, but I
couldn't think of a better one.)
Add a new WTAP_ENCAP_ATM_PDUS_UNTRUNCATED encapsulation type for capture
files where reassembled frames don't have trailers, such as the AAL5
trailer, chopped off. That's what at least some versions of the
Windows-based ATM Sniffer appear to have.
Map the ATM capture file type for NetXRay captures to
WTAP_ENCAP_ATM_PDUS_UNTRUNCATED, and put in stuff to fill in what we've
reverse-engineered, so far, for the pseudo-header; there's more that
needs to be done on it, e.g. getting the channel, AAL type, and traffic
type (or inferring them if they're not in the packet header).
svn path=/trunk/; revision=6840
|
|
svn path=/trunk/; revision=6780
|
|
when extracting the ATM pseudo-header from the data it points to, cast
it to a "const struct sunatm_hdr *".
svn path=/trunk/; revision=6679
|
|
bytes of padding in front of FDDI frames; strip it off.
svn path=/trunk/; revision=6647
|
|
map libpcap's DLT_IP_OVER_FC to it.
svn path=/trunk/; revision=6473
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6115
|
|
svn path=/trunk/; revision=5967
|
|
All files:
- Replace types from sys/types.h by those from glib.h
- Replace ntoh family of macros from netinet/in.h and winsock2.h
by g_ntoh family from glib.h
- Remove now unneeded includes of sys/types.h, netinet/in.h and
winsock2.h
wtap.h
Move includes to the top
svn path=/trunk/; revision=5909
|
|
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
|
|
types and Wiretap encapsulations after the entries to map between
platform-independent libpcap link-layer types and those Wiretap
encapsulations, so that, when writing a libpcap-format file, we choose
the platform-independent link-layer types.
svn path=/trunk/; revision=5668
|
|
In libpcap.c, move wtap_pcap_encap_to_wtap_encap before libpcap_open
so that if HAVE_PCAP_H is not true, the file will still compile.
svn path=/trunk/; revision=5660
|
|
extracting a pseudo-header, for the use of SunATM captures.
Add support for SunATM capture.
svn path=/trunk/; revision=5652
|
|
the internal z_err value for the stream if an "fseek()" call it makes
fails, so that if "gzerror()" is subsequently called, it returns Z_OK
rather than an error.
To work around this, we pass "file_seek()" an "int *err", and have the
with-zlib version of "file_seek()" check, if "gzseek()" fails, whether
the return value of "file_error()" is 0 and, if so, have it return
"errno" instead.
svn path=/trunk/; revision=5642
|
|
they are, in fact, WTAP_ENCAP_FRELAY. Support 11 as WTAP_ENCAP_FRELAY
if DLT_FR is defined and is equal to 11, and support 107 as
WTAP_ENCAP_FRELAY unconditionally.
Get rid of a comment indicating that 105 isn't used - it's been
supported as DLT_IEEE802_11 for a while.
svn path=/trunk/; revision=5640
|
|
"ntohs()".
svn path=/trunk/; revision=5636
|
|
into libpcap or tcpdump, but the LINKTYPE_ number is reserved for that
purpose).
svn path=/trunk/; revision=5633
|
|
as BPF filters return either 0 if they fail or the snapshot length if
they succeed, and a snapshot length of 0 means success is
indistinguishable from failure and the filter expression would reject
all packets.
Now that a snapshot length of 0, inside Ethereal, means "snapshot length
unknown", we have to, when opening a libpcap file for output, make the
snapshot length some non-zero value. We make it WTAP_MAX_PACKET_SIZE,
in case some program uses the snapshot length as a buffer size. (That
doesn't help if there are packets with more than 65535 bytes of data; if
there are, we'd need to raise WTAP_MAX_PACKET_SIZE just to make those
files readable in Ethereal in any case.)
svn path=/trunk/; revision=4905
|
|
svn path=/trunk/; revision=4899
|
|
svn path=/trunk/; revision=4898
|
|
For file types where we allocate private data, add "close" routines
where they were missing, to free the private data. Also fix up the code
to clean up after some errors by freeing private data where that wasn't
being done.
Get rid of unused arguments to "wtap_dump_open_finish()".
Fix indentation.
svn path=/trunk/; revision=4857
|
|
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4847
|
|
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
|
|
svn path=/trunk/; revision=4707
|
|
is defined as 17.
svn path=/trunk/; revision=4617
|
|
logging virtual interface, from Mike Frantzen.
svn path=/trunk/; revision=4616
|
|
duration, from Thomas Wittwer and Matthias Nyffenegger.
svn path=/trunk/; revision=4322
|
|
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
svn path=/trunk/; revision=4299
|
|
Tim Newsham.
Add in missing item for WTAP_ENCAP_CISCO_IOS in the Wiretap
encapsulation type table.
svn path=/trunk/; revision=4290
|
|
*always* zero, so it won't always work, and it's somewhat gross. The
right answer is "don't use Digital/Tru64 UNIX's tcpdump, use
tcpdump.org's".
svn path=/trunk/; revision=4202
|
|
tcpdump and, if we think we've found one, strip off the 3 padding bytes
they put in front of the frame.
svn path=/trunk/; revision=4201
|
|
svn path=/trunk/; revision=4199
|
|
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
|
|
No, Nokia *weren't* kind enough to change the major or minor version
number in the capture file when they changed the format, just as they
weren't kind enough to change the magic number.
svn path=/trunk/; revision=4173
|
|
with one capture I've seen, but perhaps that was done with an old
version of AIX, and newer versions use a minor version number, in the
file, of 4.
However, libpcap hasn't used a minor version of 2 for ages, so perhaps
AIX hasn't updated their libpcap in ages, and aren't about to do so
soon. If they do, let's hope they change the magic number. The capture
file in question *does* have the capture length and real length in the
old, pre-2.3, order, so it really looks as if it's an old version,
rather than IBM trying to be "helpful" by using a different minor
version number so that you can distinguish between normal libpcap and
AIX libpcap formats.)
svn path=/trunk/; revision=4164
|
|
svn path=/trunk/; revision=4126
|
|
svn path=/trunk/; revision=4077
|
|
can handle capture files bigger than 2GB.
svn path=/trunk/; revision=3993
|
|
which we store it a "size_t", and then fix up the bugs that were
revealed by the compiler warnings that produced - "fwrite()" returns 0,
not a negative number, on an I/O error.
Fix up some other items to have type "size_t", or to have various
unsigned types, while we're at it, to squelch compiler warnings.
svn path=/trunk/; revision=3867
|
|
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
|
|
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
|
|
svn path=/trunk/; revision=3125
|
|
beginning of the file before reading anything from the file is bogus -
do that in the loop that tries each of the open routines, instead.
(They may have to reset the seek pointer later if, for example, the
capture file begins with the first packet, and the "open()" routine
looks at that packet to try to guess whether the packet is in the file
format in question.)
Set "wth->data_offset" to 0 while you're at it, so capture file readers
don't have to do that, either.
svn path=/trunk/; revision=3123
|
|
version of libpcap; that's used on Linux for captures on the "any"
device (which captures from all interfaces simultaneously) and for
captures on devices whose link-layer type libpcap doesn't (yet) support
natively.
The spanning tree code, when checking for GV{M,R,...}P packets, must
first check whether the link-layer destination address is, in fact, an
Ethernet-style address; on Linux cooked captures, there *is* no
destination address, so it's of type AT_NONE, not AT_ETHER.
svn path=/trunk/; revision=2772
|
|
Add in stuff for a bunch of libpcap formats either in libpcap 0.5.2 or
in the current CVS version; we don't implement all of them in
Ethereal/Wiretap (those are "#if 0"ed out), but we do implement the IEEE
802.11 stuff (which isn't yet in libpcap or tcpdump, but the CVS version
of libpcap *does* reserve 105 as the encapsulation type number for
802.11).
svn path=/trunk/; revision=2646
|
