| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
trying to read the frame table, return -1 with "*err" set to
WTAP_ERR_SHORT_READ, don't return 0 - we've already decided that the
file is a NetMon file, so we shouldn't return a "this isn't a NetMon
file" indication, we should return a "this file is too short" error, as
that's what the problem is.
Fix up the error messages for WTAP_ERR_SHORT_READ to indicate that the
read might have gotten cut short in the middle of data other than a
packet.
svn path=/trunk/; revision=4331
|
|
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
svn path=/trunk/; revision=4328
|
|
later trace formats that have an ASCII dump at the end of the line.
svn path=/trunk/; revision=4327
|
|
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
|
|
duration, from Thomas Wittwer and Matthias Nyffenegger.
svn path=/trunk/; revision=4322
|
|
Rename WTAP_ENCAP_PRISM to WTAP_ENCAP_PRISM_HEADER, to match
DLT_PRISM_HEADER.
Add in missing capture support for WTAP_ENCAP_PRISM_HEADER when
capturing with "pcap_open_live()" rather than reading the capture from a
pipe.
svn path=/trunk/; revision=4299
|
|
Tim Newsham.
Add in missing item for WTAP_ENCAP_CISCO_IOS in the Wiretap
encapsulation type table.
svn path=/trunk/; revision=4290
|
|
*always* zero, so it won't always work, and it's somewhat gross. The
right answer is "don't use Digital/Tru64 UNIX's tcpdump, use
tcpdump.org's".
svn path=/trunk/; revision=4202
|
|
tcpdump and, if we think we've found one, strip off the 3 padding bytes
they put in front of the frame.
svn path=/trunk/; revision=4201
|
|
svn path=/trunk/; revision=4199
|
|
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
|
|
No, Nokia *weren't* kind enough to change the major or minor version
number in the capture file when they changed the format, just as they
weren't kind enough to change the magic number.
svn path=/trunk/; revision=4173
|
|
with one capture I've seen, but perhaps that was done with an old
version of AIX, and newer versions use a minor version number, in the
file, of 4.
However, libpcap hasn't used a minor version of 2 for ages, so perhaps
AIX hasn't updated their libpcap in ages, and aren't about to do so
soon. If they do, let's hope they change the magic number. The capture
file in question *does* have the capture length and real length in the
old, pre-2.3, order, so it really looks as if it's an old version,
rather than IBM trying to be "helpful" by using a different minor
version number so that you can distinguish between normal libpcap and
AIX libpcap formats.)
svn path=/trunk/; revision=4164
|
|
svn path=/trunk/; revision=4126
|
|
svn path=/trunk/; revision=4094
|
|
svn path=/trunk/; revision=4078
|
|
svn path=/trunk/; revision=4077
|
|
svn path=/trunk/; revision=4042
|
|
Update the lists of known capture file formats in the Tethereal,
editcap, and mergecap man pages to match the current list (as found in
the Ethereal man page).
svn path=/trunk/; revision=4039
|
|
the specified encapsulation with the specified capture file type, and
that we can allocate a "wtap_dumper *".
If we could do all that, and could create the dump file, but the
file-type-specific create routine fails (e.g., because there's not
enough disk space to write out the header), remove the dump file.
svn path=/trunk/; revision=4032
|
|
can handle capture files bigger than 2GB.
svn path=/trunk/; revision=3993
|
|
don't need to check whether zlib has them. We *do*, however, have to
check for "gzseek()", as we don't have our own version of that.
svn path=/trunk/; revision=3963
|
|
svn path=/trunk/; revision=3949
|
|
versions of these commands in file_wrappers.c. This allows us to
compile successfully even on platforms where X has an older zlib built
in.
Removed this restriction from acinclude.m4
svn path=/trunk/; revision=3948
|
|
which we store it a "size_t", and then fix up the bugs that were
revealed by the compiler warnings that produced - "fwrite()" returns 0,
not a negative number, on an I/O error.
Fix up some other items to have type "size_t", or to have various
unsigned types, while we're at it, to squelch compiler warnings.
svn path=/trunk/; revision=3867
|
|
were just DLPI data link types, and didn't know that the list had
expanded at some point and that Sun *used* some of the new types (e.g.,
in atmsnoop), or decided on their own to go beyond those types to encode
an Oh-So-Useful link speed indication, or just didn't *care* that they
were just DLPI data link types.
Therefore, we have to map Shomiti link types to wiretap types using a
different mapping table. For now, we assume files with a version number
of 2 are snoop files, and version numbers of 3, 4, and 5 are Shomiti
files; Shomiti claims to use a version number of 2 as well, but to
determine whether a file with a version number of 2 is a snoop file or a
Shomiti file requires that we look at the header of the first packet and
assume that if there's more than 3 bytes of padding it's a Shomiti file.
The return value from "fwrite()" is a "size_t"; make the variable into
which we store it a "size_t", and then fix up the bugs that were
revealed by the compiler warnings that produced - "fwrite()" returns 0,
not a negative number, on an I/O error.
svn path=/trunk/; revision=3866
|
|
Optimize use of AC_CHECK_FUNC in wiretap/acinclude.m4
Move #include "config.h" to be first include in some files.
From albert chin (china@thewrittenword.com)
svn path=/trunk/; revision=3857
|
|
checking for "gzgets()" in zlib.
If there is a "zlib.h" header, and there is a "gzgets()" in zlib, check
whether we find "gzgets()" in zlib when we link with the GTK+ link
flags, and, if not, fail. People often grab XFree86 source and build
and install it on their systems, and they appear sometimes to
misconfigure XFree86 so that, even on systems with zlib, it assumes
there is no zlib, so the XFree86 build process builds and installs its
own "mini-zlib" in the X11 library directory. The "mini-zlib" lacks
"gzgets()", and that's the zlib with which Ethereal gets linked, so the
build of Ethereal fails.
svn path=/trunk/; revision=3849
|
|
"--with-pcap", it adds the "include" subdirectory of that directory to
the list of directories to search for include files, rather than adding
the directory itself.
Check whether libpcap defines "pcap_version", and define
HAVE_PCAP_VERSION if it does. Use "pcap_version" iff HAVE_PCAP_VERSION
is defined, rather than special-casing MacOS X.
Don't #define a string for the WinPcap version; just leave
HAVE_PCAP_VERSION undefined on Windows, as WinPcap 2.2beta is out, so we
can no longer assume that the Windows version of Ethereal is using
WinPcap 2.1.
svn path=/trunk/; revision=3792
|
|
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
|
|
check whether the call succeeded (it doesn't always do so on Windows,
for example).
svn path=/trunk/; revision=3722
|
|
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
|
|
compressed Sniffer files by sequentially moving forward, and we no
longer seek backward by seeking to the beginning and then seeking
forward to the new position, we now seek to the beginning of the
compressed block that contains the target position, if we're not already
in that block, and then move to the appropriate position in that block.
svn path=/trunk/; revision=3658
|
|
the Wiretap DLL.
svn path=/trunk/; revision=3655
|
|
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
|
|
specified to "--with-pcap", add that directory to the include file and
library search paths, so that you can use "--with-pcap=DIR" to search
for libpcap in a directory other than the standard ones (either because
it was installed somewhere other than under "/usr" or "/usr/local", or
because you want to use a special version you've installed rather than
the standard one).
svn path=/trunk/; revision=3611
|
|
the file header to specify the time units; different files appear to
have different time stamp units.
svn path=/trunk/; revision=3407
|
|
svn path=/trunk/; revision=3330
|
|
and thus avoid a compiler warning when compiling ascend-scanner.c.
svn path=/trunk/; revision=3322
|
|
"-L/usr/local/lib" added to CFLAGS and LDFLAGS merely as a result of
running AM_PATH_GLIB, as 1.2.9 and later don't install headers directly
under "/usr/local/include". Therefore, we have to put
"-I/usr/local/include" into CFLAGS ourselves, just as we do in the
top-level configure script, or we run the risk of not being able to find
other packages (libpcap, zlib, etc.) if it's installed under
"/usr/local".
svn path=/trunk/; revision=3318
|
|
wasn't involved with).
svn path=/trunk/; revision=3311
|
|
that the loop in "lanalyzer_open()" is an infinite loop, so the "return
0;" at the end isn't necessary to suppress a compiler warning with that
compiler - and Sun C not only figures it out, it warns that the
"g_assert_not_reached()" and the "return 0;" are unreachable, so I'll
take them out for now (and put them back if my older GCC at home still
requires it to suppress warnings).
svn path=/trunk/; revision=3310
|
|
the result of a "g_malloc()" to it, cast it to "u_char *", not "char *".
svn path=/trunk/; revision=3309
|
|
svn path=/trunk/; revision=3297
|
|
simply PPP data that doesn't have a username associated with it, e.g. for
a dedicated WAN link as opposed to a dialup link.
svn path=/trunk/; revision=3274
|
|
Pre-compiled zlib provided at
http://www.ethereal.com/distribution/win32/zlib-1.1.3-fixed.zip
"fixed" because the pre-compiled version in the "extralibs" package
from the Gimp/Win32 page has a fault zlib.lib in it.
Add note about zlib in README.win32; more work needs to be done to
this file to mention new packaging method.
svn path=/trunk/; revision=3263
|
|
We us $(VERSION), defined in the top-level config.nmake, to replace
@VERSION@ in various files. $(RC_VERSION) and $(WTAP_VERSION) are
similarly used.
svn path=/trunk/; revision=3258
|
|
this, as
1) we still need to handle platforms that don't support 64-bit
integral data types, so we still needed the old stuff in some
fashion anyway
and
2) MSVC appears to treat structures as requiring 8-byte
alignment in some cases, and "guint64"s require 8-byte
alignment on at least some platforms, forcing structures
containing those 64-bit time stamps to have a size that's a
multiple of 8 bytes, which *isn't* the correct size for the
data record header.
svn path=/trunk/; revision=3177
|
|
svn path=/trunk/; revision=3163
|
|
DLT_HDLC to it.
Make a separate dissector for Cisco HDLC, and add a dissector for Cisco
SLARP. Have the PPP dissector call the Cisco HDLC dissector if the
address field is the Cisco HDLC unicast or multicast address. Use the
Cisco HDLC dissector for the Cisco HDLC Wiretap encapsulation type.
Add a new dissector table "chdlctype", for Cisco HDLC packet types
(they're *almost* the same as Ethernet types, but 0x8035 is SLARP, not
Reverse ARP, and 0x2000 is the Cisco Discovery protocol, for example),
replacing "fr.chdlc".
Have a "chdlctype()" routine, similar to "ethertype()", used both by the
Cisco HDLC and Frame Relay dissectors. Have a "chdlc_vals[]"
"value_string" table for Cisco HDLC types and protocol names. Split the
packet type field in the Frame Relay dissector into separate SNAP and
Cisco HDLC fields, and give them the Ethernet type and Cisco HDLC type
"value_string" tables, respectively.
svn path=/trunk/; revision=3133
|
