Age | Commit message (Collapse) | Author | Files | Lines |
|
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
|
|
ERF wiretap export multiple extension header fix.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8765
svn path=/trunk/; revision=49749
|
|
"ERF record" is very different from, and much simpler than, the case
where it's not; tweak the code to more clearly separate the "we're being
handed ERF records" case from the "we're being handed packets" case.
svn path=/trunk/; revision=46984
|
|
svn path=/trunk/; revision=46980
|
|
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
|
|
svn path=/trunk/; revision=46650
|
|
svn path=/trunk/; revision=45619
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45015
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7266 :
Since we have to 'downconvert' the ERF time stamps to Wireshark's internal
representation anyway, we may as well report the resolution which we convert
to, rather than the original native resolution.
svn path=/trunk/; revision=44800
|
|
svn path=/trunk/; revision=43000
|
|
Add frame.interface_id support for pcap DLT_ERF file format
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7281
svn path=/trunk/; revision=42824
|
|
Add frame.interface_id support for ERF file format
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7266
svn path=/trunk/; revision=42807
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
everyone else...
Also: Do some whitespace and indentation cleanup.
svn path=/trunk/; revision=41281
|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
|
errors.
svn path=/trunk/; revision=41030
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
host-byte-order 64-bit integral quantity to little-endian byte order.
svn path=/trunk/; revision=39900
|
|
I found a heap-based buffer overflow, when parsing ERF file format.
The overflow seems to be controlled by the values read from the file,
and hence seems exploitable to me.
svn path=/trunk/; revision=39508
|
|
svn path=/trunk/; revision=39419
|
|
Allows the saving of packets with snapped length to ERF. Prevents the adding of
automatic CRC and rounds down to the nearest 8 bytes instead of up, adding
zeros.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6409
svn path=/trunk/; revision=39247
|
|
svn path=/trunk/; revision=38905
|
|
This fixes CID 1272.
svn path=/trunk/; revision=38876
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
know it'll fit in a gint16. (alignbytes really shouldn't need to be 64
bits, as if we have 2^63-1 bytes of alignment, We Have A Problem; fixing
that may involve calculating it differently earlier in that routine.)
svn path=/trunk/; revision=38828
|
|
svn path=/trunk/; revision=38827
|
|
Added support for saving ERF files.
From me:
Use crc routines from libwsutil.
svn path=/trunk/; revision=38826
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
guint64 *, and it causes clang to complain.
svn path=/trunk/; revision=36738
|
|
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
|
|
Replace all *_min()/*_max() by MIN() and MAX().
svn path=/trunk/; revision=34770
|
|
Wireshark tools do not detect and read some ERF files correctly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5344
svn path=/trunk/; revision=34665
|
|
InfiniBand Link Packet (flow control) dissector.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4656
svn path=/trunk/; revision=32425
|
|
Endace ATM and AAL2 enhancements.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447
svn path=/trunk/; revision=31766
|
|
svn path=/trunk/; revision=30891
|
|
not actually being an ERF file.
Don't compute the packet size until you know that rlen is valid.
svn path=/trunk/; revision=29366
|
|
reported in bug 3849.
svn path=/trunk/; revision=29364
|
|
svn path=/trunk/; revision=28117
|
|
Endace ERFII (extension header) support.
svn path=/trunk/; revision=26287
|
|
ERF files can contain records of type TYPE_PAD. These records are not related
to captured packets, have a zero timestamp value and no associated packet data.
Normally TYPE_PAD records are stripped out during capture, but in rare cases
unstripped files may exist.
Previously wiretap/erf.c generated an 'unknown record encapsulation' error when
encountering TYPE_PAD records.
With this patch Wireshark skips over any TYPE_PAD records within ERF traces
files without reporting an error. TYPE_PAD records are not counted, displayed
or decoded.
svn path=/trunk/; revision=25733
|
|
- add support for ERF files created with a snaplength
- tighten heuristics (rlen>=16, time_delta < 1 week)
svn path=/trunk/; revision=24929
|
|
This plugin implements a dissector for Infiniband. It is released
under the GPL v2.
Rather than using say libpcap to capture raw (unframed) IP packets
from near the top of an IPoIB stack, this plugin dissects link level
Infiniband frames.
Infiniband trace files can be read from Endace ERF format trace
files, or from libpcap DLT_ERF files containing ERF TYPE_INFINIBAND
records. There is currently no native DLT_INFINIBAND in libpcap.
Each record contains a hardware timestamp, capture metadata such as
port Id, and a complete link level Infiniband frame starting from
the Local Route Header.
svn path=/trunk/; revision=24628
|
|
svn path=/trunk/; revision=24282
|
|
svn path=/trunk/; revision=24054
|
|
otherwise use as the per-packet encapsulation.
The close routine does nothing; get rid of it - you don't *need* a close
routine (by default, the subtype_close pointer is null, which means that
nothing per-file-type is done when the file is closed).
Make the code to handle the length fields in the ERF header common,
rather than copying it to each group of record types.
svn path=/trunk/; revision=24053
|
|
fix http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1727 (pppd format file
incorrectly detected as being an ERF file) by:
The file_seek() call has been replaced by a call to file_read(), so, when the
end of the file is reached and the current record is truncated, we have got an
error.
This solves the problem of bad file format detection.
Additionaly, the ERF heuristic has been improved.
svn path=/trunk/; revision=24051
|
|
fix bug #1983.
svn path=/trunk/; revision=23500
|
|
Fix bug Some Toshiba format files with LAPD cannot be open
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1711
svn path=/trunk/; revision=23379
|
|
Fail to load I4B traces http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1972
svn path=/trunk/; revision=23367
|