Age | Commit message (Collapse) | Author | Files | Lines |
|
That's a little cleaner, and lets us preserve the LINKTYPE_ value for
DLT_LOOP captures. ("Preserve" here doesn't mean "write files with a
link-layer header type of 12", as that's ambiguous; we write it with a
link-layer header type of LINKTYPE_LOOP, i.e. 108. If programs on
OpenBSD don't recognize that as DLT_LOOP, that's a bug in OpenBSD's
libpcap or in the program.)
Change-Id: I48a2e04aed41c013823ffb5c588d2a8e8b376e15
Reviewed-on: https://code.wireshark.org/review/7143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ib5c600c491a3d8adcfa91c00fa9445283610545b
Reviewed-on: https://code.wireshark.org/review/5830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Check for them *only* on opening for writing and writes.
Change-Id: I4b537d511ec04bcfc81f69166a2b9a2ee9310067
Reviewed-on: https://code.wireshark.org/review/5827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3c6b7686de478e42eeeb9c51c8bdb5b6843666af
Reviewed-on: https://code.wireshark.org/review/5814
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
WTAP_ERR_FILE_UNKNOWN_FORMAT is reported if the file is in a format that
libwiretap doesn't know about (either because it's not a capture file at
all or because it's a capture file in a format it doesn't support).
WTAP_ERR_UNSUPPORTED is for files in a *known* format that are using
features or file format elements (record type, link-layer header type,
etc.) that libwireshark doesn't support. Fix some copy-and-pasteos
causing WTAP_ERR_UNSUPPORTED to be reported with a message appropriate
for WTAP_ERR_FILE_UNKNOWN_FORMAT.
Change-Id: Ic675ffd501c52838d8944a6c61e1b01041b73098
Reviewed-on: https://code.wireshark.org/review/5799
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4da7b335d905dbca10bbce03aa88e1cdeeb1f8ad
Reviewed-on: https://code.wireshark.org/review/4626
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
don't pick up the in-tree copy.
Change-Id: I7ec473876cdba1a025c52362d7f6adc62d24ce71
Reviewed-on: https://code.wireshark.org/review/3798
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|
|
This reverts commit c0c480d08c175eed4524ea9e73ec86298f468cf4.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit 1abeb277f5e6bd27fbaebfecc8184e37ba9d008a.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ic58c3584994f822d5d5a1434050aaa61f86ba17c
Reviewed-on: https://code.wireshark.org/review/937
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That way, the packet counts are will be valid when capturing.
Change-Id: I0a21cc817d918e7f849620db5ca6dfd84bd2cd87
Reviewed-on: https://code.wireshark.org/review/936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The best heuristic can fail, so add possibility to manually choose
capture file format type, so not correctly recognize file format can be
loaded in Wireshark.
On the other side now it is possible to open capture file
as file format to be dissected.
Change-Id: I5a9f662b32ff7e042f753a92eaaa86c6e41f400a
Reviewed-on: https://code.wireshark.org/review/16
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
|
|
svn path=/trunk/; revision=54332
|
|
packet dissection, they're specific to the entire Wireshark suite of
programs.
svn path=/trunk/; revision=53377
|
|
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
|
|
it into a separate capture_session structure. capture_opts should
contain only user-specified option information (and stuff directly
derived from it, such as the "capturing from a pipe" flag).
svn path=/trunk/; revision=49493
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45015
|
|
LINKTYPE_AX25.
svn path=/trunk/; revision=44211
|
|
Part 1 of the fix for bug 7529.
svn path=/trunk/; revision=44202
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
dissector source files to match the "packet-ieee80211-XXX" pattern used
for other 802.11 radio header dissectors.
svn path=/trunk/; revision=42380
|
|
encapsulations.
For pre-V9 AiroPeek captures, leave the radio information in the packet
data, just as we do with the Prism, AVS, radiotap, and NetMon headers.
Add a dissector for it.
svn path=/trunk/; revision=42379
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
number get actually updated.
svn path=/trunk/; revision=37279
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
Coverity 726.
svn path=/trunk/; revision=36245
|
|
Also: do some minor reformmating and cleanup of whitespace.
svn path=/trunk/; revision=34492
|
|
Implement dissector for IPMB (DLT_IPMB_LINUX, 209).
svn path=/trunk/; revision=25986
|
|
don't need global_capture_opts don't need to have it declared and thus
don't need capture_options defined.
Include gtk/capture_globals in the files in question.
Change some more capture_opts references to refer to
global_capture_opts.
Change some global_capture_opts references in routines with a
capture_opts argument to refer to capture_opts.
The structure type is capture_options, not capture_opts; fix some
references.
Include <sys/types.h>, if it's present, in capture_opts.h, so we get
gid_t defined.
Clean up indentation.
svn path=/trunk/; revision=25574
|
|
the capture_opts structure as an argument, rather than just a pointer to
the interface name.
Don't declare a global "capture_opts" pointer, as we don't define it any
more.
svn path=/trunk/; revision=25570
|
|
have them use least some of the radio-information fields, so that the
same field name can be used for multiple radio header types. The AVS
header can supply the data rate in bits/second, so have that field be in
those units, and make it 64 bits to leave room for the future, Just In
Case. Display it as Mb/s, however.
svn path=/trunk/; revision=23911
|
|
svn path=/trunk/; revision=23077
|
|
svn path=/trunk/; revision=22752
|
|
svn path=/trunk/; revision=22750
|
|
svn path=/trunk/; revision=22195
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
svn path=/trunk/; revision=18268
|
|
svn path=/trunk/; revision=18235
|
|
svn path=/trunk/; revision=18197
|
|
In "capture_input_new_file()", don't call the callbacks unless we
succeed in opening the new file. Have "capture_info_new_file()" return
a success/failure indication.
Improve the message logged when we fail to open the new file if we're
only opening it for the quick packet counts. We really should put up an
alert box and give up on the capture at that point.
svn path=/trunk/; revision=17437
|
|
headers.
Fix capture_radiotap() to check for padding between the 802.11 header
and the 802.11 payload and to call different capture routines depending
on whether it's present or not, and create capture_ieee80211_datapad()
to handle the case where it's present.
Fix capture_radiotap() to convert the Radiotap header length from
little-endian, and to do some sanity checking of that length.
Fix capture_ieee80211_common() to use the offset supplied to it to fetch
the frame control field, as that offset isn't necessarily 0.
svn path=/trunk/; revision=17083
|
|
svn path=/trunk/; revision=16771
|
|
svn path=/trunk/; revision=16709
|
|
Declare the "pd" argument to be "const guchar *", to match the way
packet data is declared elsewhere, and so that if the headers
"capture_info.c" includes don't define "u_char" it still compiles.
svn path=/trunk/; revision=16671
|