| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
svn path=/trunk/; revision=2464
|
|
8, which is NDIS's ATM type. At least one capture appears to have
LLC-encapsulated frames in it; for now, we'll map it to
WTAP_ENCAP_ATM_RFC1483 - and make Ethereal dissect
WTAP_ENCAP_ATM_RFC1483 by handing the frames to "dissect_llc()".
While we're at it, we'll have Ethereal panic if handed a Wiretap packet
type it doesn't dissect, rather than giving you a rather blank
dissection.
svn path=/trunk/; revision=2457
|
|
pseudo_header.
Use generic "p2p_phdr" instead of "lapd_phdr". Modify toshiba.c and
packet-lapd.c to take that into account.
Add frame.p2p_dir, a filterable field, 0=sent, 1=recvd
Make p2p_dir available in packe_info, as I think it will be needed
in VJ COMP and UNCOMP dissection.
Rename WTAP_ENCAP_TR to WTAP_ENCAP_TOKEN_RING.
Mention pppd-log support in man page.
Mention atmsnoop in README.
svn path=/trunk/; revision=2455
|
|
svn path=/trunk/; revision=2452
|
|
svn path=/trunk/; revision=2450
|
|
svn path=/trunk/; revision=2449
|
|
svn path=/trunk/; revision=2448
|
|
file header to 4; fortunately, as they appear to put their extensions to
snoop into the padding at the end of the record, all their capture files
look alike to programs such as snoop and Ethereal that ignore the
padding, so we can just treat version 4 just like version 2 (unless and
until Brent decides a new snoop format is called for, changes the record
header, and picks a version number that's the same as one used by
Shomiti).
svn path=/trunk/; revision=2447
|
|
objects are reference-counted so that won't make it disappear if
Ethereal is also linked with it as a shared SNMP library.
svn path=/trunk/; revision=2444
|
|
of Nokia box (firewall) - yep, it's yet *another* mutant libpcap format
that didn't change the magic number, sigh....
svn path=/trunk/; revision=2440
|
|
svn path=/trunk/; revision=2430
|
|
is, for now, handled as WTAP_ENCAP_PPP (although we may have to split
WTAP_ENCAP_PPP into more than one type at some point).
svn path=/trunk/; revision=2423
|
|
a "keep reading" boolean value is returned from the function.
This avoids having to hack around the fact that some file formats truly
do have records that start at offset 0. (i4btrace and csids have no
file header. Neither does the pppdump-style file that I'm looking at right now).
svn path=/trunk/; revision=2392
|
|
that these calls work on Win32. I still don't have a good reason as to
why this is necessary, but it fixes the problem. I'll continue looking
for a reason.
svn path=/trunk/; revision=2386
|
|
every C file. I noticed this because of a build break of csids.obj on
Win32.
svn path=/trunk/; revision=2378
|
|
encapsulation type codes - for those libpcap type codes whose numerical
value is interpreted differently by different versions of libpcap,
include <pcap.h> if you can and, if you can, use what it defines to
control which Wiretap code we map those type codes to.
Also, map the new libpcap type codes introduced by libpcap 0.5.
svn path=/trunk/; revision=2369
|
|
svn path=/trunk/; revision=2335
|
|
svn path=/trunk/; revision=2299
|
|
instead of != ==.
svn path=/trunk/; revision=2273
|
|
Set "current_blob" when the first read is done from the random file, as
"current_blob" is the current blob in the random file.
svn path=/trunk/; revision=2262
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
|
sequential pass through the file build a list of information about the
compressed blobs, with the starting offset in the compressed file and in
the uncompressed byte stream for each blob.
When seeking on the random stream, check whether the target location is
within the uncompressed buffer we currently have; if not, use that list
to figure out which blob contains the target location, and read that
blob into the buffer. Then, as we now know that the target location is
within the uncompressed buffer we currently have, just move the current
pointer into that buffer to the target location.
This means we don't have to read forwards through any uninteresting
blobs in order to seek forwards, and don't have to go all the way back
to the beginning and seek forwards in order to seek backwards.
svn path=/trunk/; revision=2251
|
|
IPLog format.
svn path=/trunk/; revision=2231
|
|
svn path=/trunk/; revision=2203
|
|
svn path=/trunk/; revision=2189
|
|
the C run-time library sets "statb.st_mode" appropriately, at least for
plain files and directories; it just doesn't offer the POSIX "S_ISxxx()"
macros to test the file type.
If those macros aren't defined (which might also be the case on really
ancient UNIX systems), define them appropriately, and use them even on
Win32 systems, so that we can properly report attempts by a user to read
from a directory on Win32, just as we do on UNIX.
svn path=/trunk/; revision=2188
|
|
defined on Win32 systems - it's not defined in <sys/types.h> on those
systems.
In "buffer.c", include "config.h", to cause HAVE_WINSOCK_H to be
defined, on systems that have it, so that we include it in <buffer.h>.
svn path=/trunk/; revision=2187
|
|
capture.c :
- modified capture() to try to open an interface as a pipe if pcap_open_live()
failed, and then read data in libpcap format from this pipe ;
- add new functions used by capture() : pipe_open_live() and pipe_dispatch()
which are equivalents to the pcap_ functions.
libpcap.[ch] :
- moved the MAGIC and headers definitions from libpcap.c to libpcap.h
because capture() now needs it.
svn path=/trunk/; revision=2181
|
|
1) aclocal expects autoconf/automake macros to be hidden;
2) GTK+ hid its autoconf/automake macros;
and, if both places exist but aren't the same directory, returns a "-I"
flag to tell aclocal to look in GTK+'s directory.
Then have "autogen.sh", and Makefiles in directories with "acinclude.m4"
files, use that script and pass what flag it supplies, if any, to
aclocal.
This should, I hope, avoid problems such as those FreeBSD systems where
GTK+ was installed from a port or package (and thus stuck its macros in
"/usr/X11R6/share/aclocal") but aclocal doesn't look there.
(It doesn't solve the problem of somebody downloading and installing,
say, libtool from source - which means it probably shows up under
"/usr/local", with its macros in "/usr/local/share/aclocal" - on a
system that comes with aclocal (meaning it probably just looks in
"/usr/share/aclocal", but that may be best fixed by, whenever you
download a source tarball for something that's part of your OS,
configuring it to install in the standard system directories and
*overwriting* your OS's version.)
svn path=/trunk/; revision=2165
|
|
is finally dead, and you're walking away, it springs up again and
attacks.
It appears that the ss990915 version of Alexey Kuznetzov's libpcap patch
has some extra stuff in the per-packet header for some sort of SMP
debugging, and that SuSE Linux 6.3 picked it up.
Thus, even if a libpcap file has the modified magic number, we *still*
have to go through the usual heuristic hell to figure out what type of
file it is.
svn path=/trunk/; revision=2164
|
|
pointers and arrays in a number of places, to remove warnings some
compilers give.
svn path=/trunk/; revision=2160
|
|
When capturing, report errors trying to create the output file
with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
When checking whether an "open()" of a capture file succeeded, check
whether "open()" returns a negative number, not whether it returns 0.
In "wtap_open_offline()", if the file to be opened is a directory,
return EISDIR, not WTAP_ERR_NOT_REGULAR_FILE, so that the error message
can say "that's a directory, not a file".
If "wtap_open_offline()" returns WTAP_ERR_NOT_REGULAR_FILE, don't just
say the file is "invalid", say it's a "special file" or socket or some
other weird type of file.
svn path=/trunk/; revision=2144
|
|
a random stream open.
svn path=/trunk/; revision=2097
|
|
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
|
|
2.002, as used by release 3.50 of the Network Associates Sniffer for
Windows; currently, we treat it just like the 2.001 version, so we
rename the version #define WTAP_FILE_NETXRAY_2_001 to
WTAP_FILE_NETXRAY_2_00x and use that for both 2.001 and 2.002.
svn path=/trunk/; revision=2087
|
|
Differentiate between LAPB and LAPD sync sniffer traces.
Personally I think there must be a better way to find out which
protocol is in the trace but I currently lack the time to look
at the remaining frame info.
svn path=/trunk/; revision=2072
|
|
When trying to decode a sample trace from the NG offline sniffer
installation, one trace resulted in a "corrupted" error. The
reason was, that the file was a version 2 file format. That
format used type 8 for header purposes while version 4 uses it
for FRAME4.
svn path=/trunk/; revision=2071
|
|
svn path=/trunk/; revision=2047
|
|
svn path=/trunk/; revision=2041
|
|
of multiple compile lines in the output of the build, speeds the build
up).
svn path=/trunk/; revision=2024
|
|
unreliable).
svn path=/trunk/; revision=2019
|
|
Mayer, and yours truly.
svn path=/trunk/; revision=2002
|
|
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
|
|
"FILE_T" is either a "gzFile" or a "FILE *", depending on whether zlib
support is enabled or not). Fix various function declarations and
definitions.
svn path=/trunk/; revision=1984
|
|
svn path=/trunk/; revision=1982
|
|
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
|
|
to little-endian shorts - and to convert host-byte-order longs to
little-endian shorts (if the host-byte-order long will fit into a short,
"htoles()" does the right thing; if it doesn't, there is no right thing
to do - perhaps we should return a wiretap error, although, at least at
present, it's unlikely that we'll have packets bigger than 65535 bytes,
so it's unlikely that the values won't fit into a short).
svn path=/trunk/; revision=1953
|
|
svn path=/trunk/; revision=1951
|
|
Tethereal was dying on me because err was initialized to some random value.
It was this section of code that would exit even if wtap_loop was successful
(returned TRUE) because err was never initialized or set to anything.
err = load_cap_file(&cf, out_file_type);
if (err != 0) {
dissect_cleanup();
exit(2);
}
<BIGGER sheepish grin>
Fixed even more errors in LLC dissector. I had inadvertantly used the
wrong tvbuff_t* when calling dissect_data_tvb(). There is no way we are going
to be successful in this tvbuff conversion w/o regression testing. I'm
working on setting up a simple Makefile for regression testing tonight.
That's why I'm finding so many bugs in my LLC conversion.
</BIGGER sheepish grin>
svn path=/trunk/; revision=1946
|
|
ago.
svn path=/trunk/; revision=1937
|
