Age | Commit message (Collapse) | Author | Files | Lines |
|
routine, used both by read and seek-read routines.
svn path=/trunk/; revision=49988
|
|
as the "where to put the packet data" argument.
This lets more of the libwiretap code be common between the read and
seek-read code paths, and also allows for more flexibility in the "fill
in the data" path - we can expand the buffer as needed in both cases.
svn path=/trunk/; revision=49949
|
|
return an "EOF or error" indication - an EOF without an error will
return 0.
In iseries_seek_next_packet(), return an error code of WTAP_ERR_BAD_FILE
and an appropriate error message if we don't find a packet header within
the next ISERIES_MAX_TRACE_LEN lines, don't just return -1 and leave the
error information unchanged.
Setting an argument variable before returning has no effect, so don't do
it (so that we don't leave the mistaken impression that it *is* doing
something).
Clean up indentation.
svn path=/trunk/; revision=46819
|
|
wtap_file_read_expected_bytes() from an open routine - open routines are
supposed to return -1 on error, 0 if the file doesn't appear to be a
file of the specified type, or 1 if the file does appear to be a file of
the specified type, but those macros will cause the caller to return
FALSE on errors (so that, even if there's an I/O error, it reports "the
file isn't a file of the specified type" rather than "we got an error
trying to read the file").
When doing reads in an open routine before we've concluded that the file
is probably of the right type, return 0, rather than -1, if we get
WTAP_ERR_SHORT_READ - if we don't have enough data to check whether a
file is of a given type, we should keep trying other types, not give up.
For reads done *after* we've concluded the file is probably of the right
type, if a read doesn't return the number of bytes we asked for, but
returns an error of 0, return WTAP_ERR_SHORT_READ - the file is
apparently cut short.
For NetMon and NetXRay/Windows Sniffer files, use a #define for the
magic number size, and use that for both magic numbers.
svn path=/trunk/; revision=46803
|
|
svn path=/trunk/; revision=45653
|
|
svn path=/trunk/; revision=45619
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
svn path=/trunk/; revision=45015
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
Add a new WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR encapsulation type, for use
by the EyeSDN file reader; unlike the pcap-encapsulated MS/TP, it
includes a direction indicator. Don't treat WTAP_ENCAP_BACNET_MS_TP as
if it has a direction indicator, as it doesn't; instead, do that for
WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR.
Add some missing entries to encap_table_base for WTAP_ENCAP_ values that
didn't get entries added.
svn path=/trunk/; revision=41969
|
|
svn path=/trunk/; revision=41966
|
|
or other information; WTAP_ENCAP_MTP2_WITH_PHDR is for MTP2 *with* such
a pseudo-header. Use WTAP_ENCAP_MTP2_WITH_PHDR for the EyeSDN captures,
and don't assume there's a pseudo-header if you have WTAP_ENCAP_MTP2.
svn path=/trunk/; revision=41962
|
|
Patch to add V5.2 tracing capability on E1 links using EyeSDN probes.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7027
Removed preference related stufff as it's not needed.
svn path=/trunk/; revision=41915
|
|
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
|
|
form of corruption/bogosity in a file, including in a file header as
well as in records in the file. Change the error message
wtap_strerror() returns for it to reflect that.
Use it for some file header problems for which it wasn't already being
used - WTAP_ERR_UNSUPPORTED shouldn't be used for that, it should only
be used for files that we have no reason to believe are invalid but that
have a version number we don't know about or some other
non-link-layer-encapsulation-type value we don't know about.
svn path=/trunk/; revision=40175
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
by the gunzipping code. Have it also supply a err_info string, and
report it. Have file_error() supply an err_info string.
Put "the file" - or, for WTAP_ERR_DECOMPRESS, "the compressed file", to
suggest a decompression error - into the rawshark and tshark errors,
along the lines of what other programs print.
Fix a case in the Netscaler code where we weren't fetching the error
code on a read failure.
svn path=/trunk/; revision=36748
|
|
can't be saved in compress form" are both equivalent to "this file file
format requires seeking when writing it". Change the "can compress"
Boolean in the file format table to "writing requires seeking", give all
the entries the proper value, and do the checks for attempting to write
a file format to a pipe or write it in compressed format to common code.
This means we don't need to pass the "can't seek" flag to the dump open
routines.
svn path=/trunk/; revision=36575
|
|
Update or remove some additional "we don't have ferror() in zlib"
comments to reflect the current reality.
svn path=/trunk/; revision=36568
|
|
file_read(buf, bsize, count, file) macro is compilant with fread
function and takes elements count+ size of each element, however to make
it compilant with gzread() it always returns number of bytes.
In wiretap file_read() this is not really used, file_read is called
either with bsize set to 1 or count to 1.
Attached patch remove bsize argument from macro.
svn path=/trunk/; revision=36491
|
|
done.
Use the wtap_dump_file_ routines to write out capture files, and check
for errors.
Use the phton macros, when available, to translate to big-endian byte
order. Add a new phton24() macro.
Clean up indentation.
svn path=/trunk/; revision=33114
|
|
svn path=/trunk/; revision=33107
|
|
svn path=/trunk/; revision=28117
|
|
Add DPNSS link layer dissector, support EyeSDN Trace files with DPNSS.
(Removed a couple of c++ style comments).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3224
svn path=/trunk/; revision=27312
|
|
svn path=/trunk/; revision=25248
|
|
This extends the EyeSDN wiretap module to be able to support:
- DSS1/Q.931
- PPP
- LAPB/X.25
- ATM raw cells
- SS7 MTP2
svn path=/trunk/; revision=25123
|
|
handle files > 2GB correct.
Please distclean Win32 builds!
svn path=/trunk/; revision=19814
|
|
So far Wireshark complained about channel 129, now it gets a little further
and then complains about channel 128.
Solution: Open up all channel from 128 up.
svn path=/trunk/; revision=19358
|
|
I am the author of the eyesdn wiretap module. Recently we added ATM
support to our trace format. We used channel id 129 for that, so far
only 0 for D channel and 1-30 for bearer channels had been in use.
svn path=/trunk/; revision=19353
|
|
- automatic adjustment depending on file format
- manual adjustment through menu items
save the setting in the recent file
svn path=/trunk/; revision=15534
|
|
I've done more than a day to change the timestamp resolution from microseconds to nanoseconds. As I really don't want to loose those changes, I'm going to check in the changes I've done so far. Hopefully someone else will give me a helping hand with the things left ...
What's done: I've changed the timestamp resolution from usec to nsec in almost any place in the sources. I've changed parts of the implementation in nstime.s/.h and a lot of places elsewhere.
As I don't understand the editcap source (well, I'm maybe just too tired right now), hopefully someone else might be able to fix this soon.
Doing all those changes, we get native nanosecond timestamp resolution in Ethereal. After fixing all the remaining issues, I'll take a look how to display this in a convenient way...
As I've also changed the wiretap timestamp resolution from usec to nsec we might want to change the wiretap version number...
svn path=/trunk/; revision=15520
|
|
wtap_loop(), so eliminate wtap_loop().
svn path=/trunk/; revision=14006
|
|
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
|
|
length.
svn path=/trunk/; revision=10541
|
|
svn path=/trunk/; revision=10445
|
|
(a FILE * if zlib isn't used, a gzFile if zlib is used).
Use "size_t" for the amount of data to read in
"eyesdn_check_file_type()", to squelch signed vs. unsigned warnings.
svn path=/trunk/; revision=10392
|
|
rather than requiring individual capture file type handlers to do it
(unless they're doing per-packet encapsulation, in which case we check
to make sure they didn't *leave* it as WTAP_ENCAP_PER_PACKET).
svn path=/trunk/; revision=10290
|
|
svn path=/trunk/; revision=10285
|
|
svn path=/trunk/; revision=10059
|
|
"file_getc()" returns either an 8-bit unsigned value, or -1 for error or
EOF; store its return value into an "int", and check for -1 and return
-2, in "esc_read()" (rather than checking "file_error()" at the end).
Clean up some comments, routine names, and variable names - eyeSDN files
are binary, not text.
In "parse_eyesdn_packet_data()", handle the case of an EOF from
"esc_read()".
svn path=/trunk/; revision=10050
|
|
svn path=/trunk/; revision=10038
|