| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Otherwise, if you link with both libwiretap and libfiletap, it's
anybody's guess which one you get. That means you're wasting memory
with two copies of its routines if they're identical, and means
surprising behavior if they're not (which showed up when I was debugging
a double-free crash - fixing libwiretap's buffer_free() didn't fix the
problem, because Wireshark happened to be calling libfiletap' unfixed
buffer_free()).
There's nothing *tap-specific about Buffers, anyway, so it really
belongs in wsutil.
Change-Id: I91537e46917e91277981f8f3365a2c0873152870
Reviewed-on: https://code.wireshark.org/review/3066
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit c0c480d08c175eed4524ea9e73ec86298f468cf4.
A better way to do this is to have the record type be part of struct wtap_pkthdr; that keeps the metadata for the record together and requires fewer API changes. That is in-progress.
Change-Id: Ic558f163a48e2c6d0df7f55e81a35a5e24b53bc6
Reviewed-on: https://code.wireshark.org/review/1741
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is the first step towards implementing the mechanisms requestd in
bug 8590; currently, we don't return any records other than packet
records from libwiretap, and just ignore non-packet records in the rest
of Wireshark, but this at least gets the ball rolling.
Change-Id: I34a45b54dd361f69fdad1a758d8ca4f42d67d574
Reviewed-on: https://code.wireshark.org/review/1736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This reverts commit 1abeb277f5e6bd27fbaebfecc8184e37ba9d008a.
This isn't building, and looks as if it requires significant work to fix.
Change-Id: I622b1bb243e353e874883a302ab419532b7601f2
Reviewed-on: https://code.wireshark.org/review/1568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Start of refactoring Wiretap and breaking structures down into "generally useful fields for dissection" and "capture specific". Since this in intended as a "base" for Wiretap and Filetap, the "wft" prefix is used for "common" functionality.
The "architectural" changes can be found in cfile.h, wtap.h, wtap-int.h and (new file) wftap-int.h. Most of the other (painstaking) changes were really just the result of compiling those new architecture changes.
bug:9607
Change-Id: Ife858a61760d7a8a03be073546c0e7e582cab2ae
Reviewed-on: https://code.wireshark.org/review/1485
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
willing to read or that's bigger than will fit in the file format;
instead, report an error.
For the "I can't write a packet of that type in that file type" error,
report the file type in question.
svn path=/trunk/; revision=54882
|
|
wtap_seek_read().
svn path=/trunk/; revision=54570
|
|
subtypes, e.g. Network Monitor version 1 and Network Monitor version 2
are separate "file types", even though they both come from Network
Monitor.
Rename various functions, #defines, and variables appropriately.
svn path=/trunk/; revision=53166
|
|
routine, used both by read and seek-read routines.
svn path=/trunk/; revision=49988
|
|
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
|
|
svn path=/trunk/; revision=49709
|
|
common routine.
svn path=/trunk/; revision=49351
|
|
encapsulation, and to process it into a
commview_read_and_process_header() routine.
svn path=/trunk/; revision=49350
|
|
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
|
|
treat that as "this isn't a CommView file" rather than "this is a bad
file".
svn path=/trunk/; revision=46774
|
|
svn path=/trunk/; revision=45619
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
pseudo-header into two bytes and fill in both the rate and direction
fields when writing CommView NCF files out.
svn path=/trunk/; revision=45507
|
|
long; that means we read only one byte into our structure, so make its
"rate" element one byte long, so we don't fill in half the "rate"
element with the read - and the *wrong* half on big-endian machines -
and leave the other half un-set and thus containing some random possibly
non-zero data.
In addition, that's not the full data rate for faster networks; for
Wi-Fi, the one-byte "direction" field is actually the upper 8 bits of
the data rate, so combine them when we fill in the data rate in the
pseudo-header.
#BACKPORT
svn path=/trunk/; revision=45504
|
|
svn path=/trunk/; revision=45015
|
|
than Network Instruments Observer files, as we don't know whether they
are already decrypted.
svn path=/trunk/; revision=43796
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
be OK.
svn path=/trunk/; revision=42125
|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
Set the pseudo-header when doing the sequential read as well as when
doing random reads.
When writing packets to a CommView file, use a slightly less contorted
way to get the year/month/day/hour/minute/second values.
commview_dump() uses the pseudo_header argument; don't mark it as
unused.
svn path=/trunk/; revision=38833
|
|
file_read() return value. Use wtap_file_read_expected_bytes() in a
number of places.
svn path=/trunk/; revision=37053
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
|
|
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
|
|
Coverity 492.
svn path=/trunk/; revision=36356
|
|
new use for the direction field per:
http://www.tamos.com/htmlhelp/commview/logformat.htm
Add basic support for new fields and don't reject files that fit the new
format.
svn path=/trunk/; revision=35234
|
|
wtap_dump_file_write(). Replace various wrappers around fwrite() with
wtap_dump_file_write(), or at least make the wrappers call
wtap_dump_file_write().
svn path=/trunk/; revision=33116
|
|
svn path=/trunk/; revision=28537
|
|
provide a default case (returning an error) to prevent wiretap from asserting
out because we didn't set the packet encapsulation.
svn path=/trunk/; revision=26327
|
|
in Wireshark when reading CommView files. Also write out these values when
coming from a file format with encapsulation type 802.11 with radio.
svn path=/trunk/; revision=23617
|
|
extension found at least on OS X). Also change from 4 to 5 bytes in each strftime() to allow space for the NULL terminator with 4 character outputs.
svn path=/trunk/; revision=23595
|
|
svn path=/trunk/; revision=23594
|
|
per enhancement bug #1795.
svn path=/trunk/; revision=23558
|
