Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I0bf8792b9b524ae4d8e1022b234e2510972c7019
Reviewed-on: https://code.wireshark.org/review/1154
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Also fix indentions.
Change-Id: I5440859aaf3ec1dbf416d9da6c1dab71bec803d8
Reviewed-on: https://code.wireshark.org/review/1094
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
It automatically works for LINKTYPE_PKTAP and, by default, for
LINKTYPE_USER2; if any other dissector is specified for LINKTYPE_USER2,
that dissector overrides PKTAP.
Change-Id: Ic00ac8a81c6101e45d638d337aef42df3920da12
Reviewed-on: https://code.wireshark.org/review/903
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
As the comment after the WTAP_ENCAP_ list says, "After adding new item
here, please also add new item to encap_table_base array".
Change-Id: I918603fa271978b3a81525466c5f4067efc7a783
Reviewed-on: https://code.wireshark.org/review/897
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^\* \$Id\$/,+1 d') (no space before star)
Change-Id: I318968db2b8512ba1303b5fc5c624c66441658f0
Reviewed-on: https://code.wireshark.org/review/879
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^\$Id\$/,+1 d') (No space or star before $Id$)
Change-Id: I0801bd7cf234d32487008a8b6dcee64875b07688
Reviewed-on: https://code.wireshark.org/review/876
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Leave it there, but commented out, just in case it *should* be used.
"#if 0" out the code that sets it.
Change-Id: I8802fc416030106d9d8421b0d7b8612597794bab
Reviewed-on: https://code.wireshark.org/review/867
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The "48 bits, in a weird byte order" is a variant of 64-bit
"Corey-endian", with the upper 16 bits of the result - which are in the
*middle* of the bytes of the number - ignored. Define a pcorey48tohll()
macro and use that, rather than the loop.
There are a bunch of #defines for offsets in the headers; use them
rather than magic constants.
Change-Id: Idfdc8a741278d71a5db47c067914c97615c3e02d
Reviewed-on: https://code.wireshark.org/review/864
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I16086216ffcac0a457c8fcdabfc0458d4e701ea0
Reviewed-on: https://code.wireshark.org/review/809
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I1dd51d1452333826c153b6bb861262a6166af3c5
Reviewed-on: https://code.wireshark.org/review/754
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
This patch causes Wireshark/tshark to segfault if the file is reread(open a file and press reload).
The test suite also fails on
2.1.1 Step: Exit status for existing file: "/home/wireshark/builders/trunk/sol10sparc/build/test/captures/dhcp.pcap" must be 0/home/wireshark/builders/trunk/sol10sparc/build/test/suite-clopts.sh: line 149: 6646 Segmentation Fault (core dumped) $TSHARK -r "${CAPTURE_DIR}dhcp.pcap" > ./testout.txt 2>&1
OSX build bot chokes on
pcapng.c: In function 'pcapng_destroy_option_value':
pcapng.c:377: warning: implicit declaration of function 'g_byte_array_unref'
pcapng.c:379: warning: implicit declaration of function 'g_array_unref'
pcapng.c: In function 'pcapng_collect_block_option':
pcapng.c:419: warning: implicit declaration of function 'g_byte_array_new_take'
pcapng.c:419: warning: initialization makes pointer from integer without a cast
these functions are glib 2.22
This reverts commit 7b13a3b0f6a5617e0e352f87cc5a20afea226aa8.
Change-Id: Ia82fdb2d08287bc2cd2841e1e941ae68cbc2e009
Reviewed-on: https://code.wireshark.org/review/749
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Interface options[1], and more generally pcapng options[2], are useful
information that can provide improved dissector output.
Prior to this change, only certain pcapng interface options were interpreted
and made available to dissectors, e.g. the interface name or description.
This change augments the situation by providing epan_get_interface_option( ),
which returns an array of byte arrays if the option code exists
(otherwise NULL). Each element of the array is a byte buffer containing
the raw data of the option. An array-of-buffers is used because pcapng
allows for multiple instances of the same option to be present in the file.
All interface options found in a pcapng file are thus made available to the
dissector.
The implementation also provides infrastructure to collect options from
other pcapng blocks such as the section header. Currently these options
are discarded, but could be retained in the future to support more features.
[1] http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionidb
[2] http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionopt
Change-Id: I944b6f0f03dde9b8e7d1348b76acde6f9d312f37
Reviewed-on: https://code.wireshark.org/review/331
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
0...heuristic_open_routine_idx-1
at the moment, we loop over all entries of the open_info_arr
Change-Id: Iabca32521a066d994b1c840b7514faa983375f0c
Reviewed-on: https://code.wireshark.org/review/748
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
until recently, we always had a 0,0,0,... entry at the end of the array
that's gone now - which makes sense for people who register wiretap
plugins...
Change-Id: Id47dc4917481ffa8560e17b8740c2f9716bb8df1
Reviewed-on: https://code.wireshark.org/review/747
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
strncpy -> g_strlcpy
Change-Id: Ib17b6799a762e2e2e65bf7c6dd5a894bfb127c86
Reviewed-on: https://code.wireshark.org/review/746
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
logcat.c: In function 'detect_version':
logcat.c:142: warning: implicit conversion shortens 64-bit value into a 32-bit value
logcat.c:143: warning: implicit conversion shortens 64-bit value into a 32-bit value
logcat.c:150: warning: implicit conversion shortens 64-bit value into a 32-bit value
logcat.c:151: warning: implicit conversion shortens 64-bit value into a 32-bit value
logcat.c: In function 'logcat_dump_text':
logcat.c:427: warning: implicit conversion shortens 64-bit value into a 32-bit value
logcat.c:451: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: I4361567e599b7d04f422fccd7f8b1bccc897f114
Reviewed-on: https://code.wireshark.org/review/744
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
registered
The testsuite for Lua file reader/writer uses the acme_file.lua script to
generate a pcapng file from an Acme sipmsg.log file. It then compares the
tshark verbose output of this new pcapng file to a sip.pcapng file in
the test/captures directory that was previously made. Unfortunately, the
acme_file.lua script generates a timestamp based on local system timezone,
rather than UTC, so the testsuite fails if not run in the EST timezone where
the sip.pcapng file was originally made. This has now been fixed.
Also, trying to register new weak heuristic readers fails because the GArray
is terminated with a NULL-based row without Glib knowing about that. So this
commit changes it to let Glib handle the NULL-terminated row, so that appending
takes it into account automatically.
Change-Id: I037ce1cfbda03585b3a1e159df78ff8ebb41fc32
Reviewed-on: https://code.wireshark.org/review/741
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Now Androit Logcat (Logger) binary logs are supported.
Try "adb logcat -Bf /sdcard/log.logcat; adb pull /sdcard/log.logcat".
Also there is possibility to save logs to text format like by "adb".
Change-Id: If7bfc53d3fbd549a0978d1dbf96f3fff671fd601
Reviewed-on: https://code.wireshark.org/review/235
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
capture file formats.
This enables a Lua script to implement a brand new capture file format reader/writer, so that for example one could write a script to read from vendor-specific "logs" of packets, and show them as normal packets in wireshark.
Change-Id: Id394edfffa94529f39789844c382b7ab6cc2d814
Reviewed-on: https://code.wireshark.org/review/431
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
And rename to #define for the stats block trailer length to indicate
that it's the length of the trailer, not the length of the stats block
in its entirety.
Change-Id: Iec82c971b32f2d3f4a604fe75a91633e1813ebd5
Reviewed-on: https://code.wireshark.org/review/701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Makefiles)
There have been discussions on -dev about removing this and I believe I was the last holdout. Finally convinced that I should just have a local copy (ignored by git)
Change-Id: Ic72a22baf58e3412023cf851f0fce16eb07113b0
Reviewed-on: https://code.wireshark.org/review/681
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ibbf3366d0075f7b367383a2950c9f0bc54ae194c
Reviewed-on: https://code.wireshark.org/review/692
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If3ad60532e8b7e74272683b254582d86653c777e
Reviewed-on: https://code.wireshark.org/review/691
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The #defines came from Radiotap, but this isn't Radiotap (I see no
presence bits here), and Radiotap has to handle stuff that this code
doesn't (such as, for example, Atheros Wi-Fi adapters that, annoyingly,
pad the space between the 802.11 header and the 802.11 payload when in
monitor mode, hence the "datapad" flag).
Change-Id: I87ca3539e0f9254ab94cc8897bdf69e4574f0525
Reviewed-on: https://code.wireshark.org/review/690
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Pull the packet data copying code into the routines that parse the rest
of the record data. Have those routines directly fill in the metadata
headers in the packet data, without bothering to fill in a structure
first.
As a result, those routines no longer can set phdr->caplen to a value
different from phdr->len, so don't set WTAP_HAS_CAP_LEN.
Have the existing sanity checking code cause the read to fail if the
checks fail, and add some additional sanity checking.
Use #defines for some offsets into the statistics header and trailer.
Change-Id: Ie936683b96888961d6e2598131cc0eb6146b37e9
Reviewed-on: https://code.wireshark.org/review/689
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
From shekhar.chandra@citrix.com. See bug 9280.
Change-Id: If3abbc653bb1f127b151976d4183af4c4f1e71eb
Reviewed-on: https://code.wireshark.org/review/658
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Always include the length of the metadata headers, as we're always
copying them.
Do a straightforward check to make sure the data length is >= 4 before
subtracting out the FCS (which appears not to actually be an FCS; at
least in the captures I've seen, it looks like random junk).
Improve the comments for that code.
Get rid of some tabs, in favor of spaces, while we're at it, and make
the 3 sections of code where that's done more alike.
Change-Id: Ica338cd492ac535833933a8b7cd5191217c5ab5b
Reviewed-on: https://code.wireshark.org/review/685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
In some cases, we know, based on the FPGA code, what vwr->STATS_LEN is,
so use that #define.
While we're at it, replace some hardcoded numbers that represent the
statistics trailer length with the appropriate #define.
Also, combine two identical case arms for Ethernet into one.
Change-Id: I0bdea8e5aab146094ad21fa7e67dca2913da688b
Reviewed-on: https://code.wireshark.org/review/672
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
vwr->STATS_LEN is the length of the statistics trailer at the end of the
packet, and it's the same for S2 and S3 versions of the WLAN card. It
should *not* be set to the length of the metadata headers that we
*generate and put in front of the packet data that we hand to our
callers*.
Get rid of a debugging message while we're at it.
Change-Id: I465b5ba4dedb88f1f401d34439b44b16a4bb01cc
Reviewed-on: https://code.wireshark.org/review/671
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The so-called "radiotap headers" bear no resemblance to actual
radiotap.org radiotap headers; there are no presence bits, for example.
Get rid of the words "radiotap" and "radio tap", get rid of #defines
that aren't used, get rid of duplicate definitions.
Change-Id: I0bb6abda5d13bf20810dc865a567f4ec51a38056
Reviewed-on: https://code.wireshark.org/review/670
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
In the S1 FPGA code, copy the "MPDU starts at 4 or 6" comment.
Get rid of misleading comment in the S2/S3 FPGA code; we're using the
MPDU_OFF field from the private data structure, so we're not calculating
*anything* at that point. Put in comments indicating what's being done
at the point where those calculations are actually done.
Change-Id: Ifda709a6b2aa7edad964f639086012c72c0a71fe
Reviewed-on: https://code.wireshark.org/review/668
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a comment describing (some of) the record, while we're at it, and
update another comment to reflect reality.
Change-Id: Ia7f1432402b843b96983375c0e0842c030de0cee
Reviewed-on: https://code.wireshark.org/review/667
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I139cd73f6fff84528e105f9246a4207aa48a68df
Reviewed-on: https://code.wireshark.org/review/666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I9292f7b054f7b71727409deb062200a0301db5ee
Reviewed-on: https://code.wireshark.org/review/665
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I39515c13f667a62445e3498cf90742dc271e390c
Reviewed-on: https://code.wireshark.org/review/664
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Instead of throwing in 48 and 64 as numbers, use vwr->STATS_LEN to
indicate what the lengths are. Yeah, it has to be fetched at run time,
but big deal.
That also shows that, as we've already rejected records whose size is
less than vwr->STATS_LEN, we don't have to check for that, so eliminate
those checks.
Change-Id: Id4822b3e5a02abfffb2da96a50999e36548a4279
Reviewed-on: https://code.wireshark.org/review/663
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Fix presumed typo while we're at it.
Change-Id: Ic8ae6e6669e5c5fc618ec2516af98ba2390487ce
Reviewed-on: https://code.wireshark.org/review/660
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Adds support for BLUETOOTH_LE_LL_WITH_PHDR, dissector integrates with existing
BTLE dissector.
Fixes BTLE dissector to correctly extract packet CRC.
Adds CRC checking to BTLE dissector.
Provides optional context to BTLE dissector that allows RF captures to provide
link-layer hints for dissection details. Significantly, parameters for
determining CRC correctness are provided, as well as Access Address validity
information.
Change-Id: I7d4936b053353a7f9c524021c01f67f5828253fb
Reviewed-on: https://code.wireshark.org/review/310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When capturing, they'll be in host byte order. The top of the libpcap
trunk and 1.5 branch, when reading a file, will, if necessary, byte-swap
the type and length values so that they're in the byte order of the host
reading the file (rather than the host that wrote the file).
Do the same when we read a file, and have the NFLOG dissector assume
host byte order for those fields.
Change-Id: I493aed1e07b626af1157d75f3bc293b0a694ad07
Reviewed-on: https://code.wireshark.org/review/148
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Now that we have the ability to choose input file format type
in the GUI, we might as well have it in the command-line too.
Plus it would help me in test-stuies if we had a commandline.
So I've added a '-X read_format:Foo' for this. Using just
'-X read_format:', or with a bad name, will make it print out
the full list (in tshark); just like the '-F' does for output
file formats.
Note: I am *not* putting in code for Win32 GUI,
because I can't compile that and I wouldn't have even
done the GTK one if I could compile Qt originally. (I don't think we need
to add any more features to GTK or Win32, just Qt from now on,
right?)
Change-Id: I2fe6481d186f63bd2303b9e591edf397a2e14b64
Reviewed-on: https://code.wireshark.org/review/493
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I68d5bd33a44783c42a75e8244ef53c73a4f484f9
Reviewed-on: https://code.wireshark.org/review/503
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I7b0fedf0c508404b3f2dea789f50b7b5db4e2eb7
Reviewed-on: https://code.wireshark.org/review/502
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I8116f63ff88687c8db3fd6e8e23b22ab2f759af0
Reviewed-on: https://code.wireshark.org/review/385
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
|
|
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
BlueZ 5/Linux Kernel introduced new way to sniffing Bluetooth interfaces.
We are ready to use it. Libpcap provide new interface called
"bluetooth-monior".
Also fix trivial typos.
Change-Id: Ic608a3d8553bbebbb21f2733ec92c758cbf8f707
Reviewed-on: https://code.wireshark.org/review/253
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Combine the check for whether the field is within the packet data and
the swapping of the field into macros that do both, and use them.
Change-Id: I1db4c5fd76172edd44abc9fb111d79a2537c6c9d
Reviewed-on: https://code.wireshark.org/review/130
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
For some routines that take multiple arguments that come from a struct
wtap_pkthdr, pass a pointer to the struct wtap_pkthdr in question,
rather than the separate arguments. Do this even if we're passing
expressions that were earlier assigned to the struct wtap_pkthdr fields
in question. This simplifies the calling sequences and ensures that the
right values are picked up by the called routine; in at least one case
we were *not* passing the right values (the code to handle Simple Packet
Blocks in pcap-ng files).
Also, call the byte-swapping routines for pseudo-header fields only if
we need to do byte-swapping.
Change-Id: I3a8badfcfeb0237dfc1d1014185a67f18c0f2ebe
Reviewed-on: https://code.wireshark.org/review/119
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If20a14b949667911df44f09c6a705b7645d4c49e
Reviewed-on: https://code.wireshark.org/review/85
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|