Age | Commit message (Collapse) | Author | Files | Lines |
|
captures, from Olivier Abad.
svn path=/trunk/; revision=5202
|
|
svn path=/trunk/; revision=5126
|
|
"wtap_read()".
Add some additional error checks to the Sniffer file reader.
svn path=/trunk/; revision=4875
|
|
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
svn path=/trunk/; revision=4874
|
|
For file types where we allocate private data, add "close" routines
where they were missing, to free the private data. Also fix up the code
to clean up after some errors by freeing private data where that wasn't
being done.
Get rid of unused arguments to "wtap_dump_open_finish()".
Fix indentation.
svn path=/trunk/; revision=4857
|
|
scripts, and check in changes to add _U_ to some unused arguments (some
other should perhaps be used, so we leave the _U_ out so that the
warnings serve as a reminder to check those).
svn path=/trunk/; revision=4847
|
|
non-existent functions.
Remove the "filetype" argument from the "can_write_encap" functions for
particular capture file types - the argument value is implicit, in that
the routine being called is the routine for that particular file type.
svn path=/trunk/; revision=4823
|
|
that EtherPeek for Windows uses the same format as EtherPeek for MacOS,
so the code isn't specific to the MacOS version.
Check the physMedium value in the secondary header, and leave a
placeholder for a value of 1, which is presumably used in AiroPeek
captures.
Treat unknown mediaType and physMedium values as indications that we
don't have a *Peek file, not as unsupported *Peek files - we need all
the heuristics we can get.
svn path=/trunk/; revision=4601
|
|
formats we can read; include vendor names.
We should be able to read TokenPeek captures, as well as captures from
the Windows versions of EtherPeek.
Don't list the version numbers for EtherPeek and TokenPeek - those are
file format version numbers, not program version numbers.
svn path=/trunk/; revision=4599
|
|
svn path=/trunk/; revision=4562
|
|
Nisbet.
Make a comment in "wiretap/file.c" clearer, so people know where to put
the entries for their capture file type.
svn path=/trunk/; revision=4328
|
|
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
|
|
duration, from Thomas Wittwer and Matthias Nyffenegger.
svn path=/trunk/; revision=4322
|
|
svn path=/trunk/; revision=4199
|
|
with one capture I've seen, but perhaps that was done with an old
version of AIX, and newer versions use a minor version number, in the
file, of 4.
However, libpcap hasn't used a minor version of 2 for ages, so perhaps
AIX hasn't updated their libpcap in ages, and aren't about to do so
soon. If they do, let's hope they change the magic number. The capture
file in question *does* have the capture length and real length in the
old, pre-2.3, order, so it really looks as if it's an old version,
rather than IBM trying to be "helpful" by using a different minor
version number so that you can distinguish between normal libpcap and
AIX libpcap formats.)
svn path=/trunk/; revision=4164
|
|
svn path=/trunk/; revision=4094
|
|
svn path=/trunk/; revision=4042
|
|
Update the lists of known capture file formats in the Tethereal,
editcap, and mergecap man pages to match the current list (as found in
the Ethereal man page).
svn path=/trunk/; revision=4039
|
|
the specified encapsulation with the specified capture file type, and
that we can allocate a "wtap_dumper *".
If we could do all that, and could create the dump file, but the
file-type-specific create routine fails (e.g., because there's not
enough disk space to write out the header), remove the dump file.
svn path=/trunk/; revision=4032
|
|
can handle capture files bigger than 2GB.
svn path=/trunk/; revision=3993
|
|
* gcc 3.0 warning fixes:
- text2pcap.c: The number of characters to scan should probably not be 0
- wiretap/csids.c: using preincrement on a variable used on both
sides of an assignment might be undefined by the C99(?) standard
* turn on additional warnings for epan and wiretap too
- epan/configure.in
- wiretap/configure.in
* Fix some warnings (missing includes, signed/unsigned, missing
initializers) found by turning on the warnings
- all other files :-)
svn path=/trunk/; revision=3709
|
|
beginning of the file before reading anything from the file is bogus -
do that in the loop that tries each of the open routines, instead.
(They may have to reset the seek pointer later if, for example, the
capture file begins with the first packet, and the "open()" routine
looks at that packet to try to guess whether the packet is in the file
format in question.)
Set "wth->data_offset" to 0 while you're at it, so capture file readers
don't have to do that, either.
svn path=/trunk/; revision=3123
|
|
error trying to open a file.
svn path=/trunk/; revision=3122
|
|
svn path=/trunk/; revision=3066
|
|
(We really need to put in some rudimentary 64-bit integer support, for
the benefit of platforms+compilers that don't support it; the
floating-point calculations we're doing now appear not to get exactly
the right answer, from an experiment at reading a NetMon 2.x file and
writing it back out as NetMon 2.x with editcap.)
svn path=/trunk/; revision=2939
|
|
svn path=/trunk/; revision=2448
|
|
of Nokia box (firewall) - yep, it's yet *another* mutant libpcap format
that didn't change the magic number, sigh....
svn path=/trunk/; revision=2440
|
|
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
|
|
IPLog format.
svn path=/trunk/; revision=2231
|
|
svn path=/trunk/; revision=2189
|
|
the C run-time library sets "statb.st_mode" appropriately, at least for
plain files and directories; it just doesn't offer the POSIX "S_ISxxx()"
macros to test the file type.
If those macros aren't defined (which might also be the case on really
ancient UNIX systems), define them appropriately, and use them even on
Win32 systems, so that we can properly report attempts by a user to read
from a directory on Win32, just as we do on UNIX.
svn path=/trunk/; revision=2188
|
|
is finally dead, and you're walking away, it springs up again and
attacks.
It appears that the ss990915 version of Alexey Kuznetzov's libpcap patch
has some extra stuff in the per-packet header for some sort of SMP
debugging, and that SuSE Linux 6.3 picked it up.
Thus, even if a libpcap file has the modified magic number, we *still*
have to go through the usual heuristic hell to figure out what type of
file it is.
svn path=/trunk/; revision=2164
|
|
When capturing, report errors trying to create the output file
with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
When checking whether an "open()" of a capture file succeeded, check
whether "open()" returns a negative number, not whether it returns 0.
In "wtap_open_offline()", if the file to be opened is a directory,
return EISDIR, not WTAP_ERR_NOT_REGULAR_FILE, so that the error message
can say "that's a directory, not a file".
If "wtap_open_offline()" returns WTAP_ERR_NOT_REGULAR_FILE, don't just
say the file is "invalid", say it's a "special file" or socket or some
other weird type of file.
svn path=/trunk/; revision=2144
|
|
2.002, as used by release 3.50 of the Network Associates Sniffer for
Windows; currently, we treat it just like the 2.001 version, so we
rename the version #define WTAP_FILE_NETXRAY_2_001 to
WTAP_FILE_NETXRAY_2_00x and use that for both 2.001 and 2.002.
svn path=/trunk/; revision=2087
|
|
Mayer, and yours truly.
svn path=/trunk/; revision=2002
|
|
to that file, leave public definitions in wtap.h.
Rename "union pseudo_header" to "union wtap_pseudo_header".
Make the wtap_pseudo_header pointer available in packet_info struct.
svn path=/trunk/; revision=1989
|
|
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
|
|
per the "capture" member of a "wtap" structure, so that it doesn't
collide with the C++ reserved word "private".
svn path=/trunk/; revision=1936
|
|
from the frame table - Network Monitor 2.x, at least, doesn't always
write frame N+1 right after frame N.
To do that, we need to mallocate a big array to hold the frame table,
and free it when we close the capture file; this requires that we have
capture-file-type-specific close routines as well as
capture-file-type-specific read routines - we let it the pointer to that
routine be null if it's not needed. Given that, we might as well get
rid of the switch statement in "wtap_close()", in favor of using
capture-file-type-specific close routines, as per the comment before
that switch statement.
svn path=/trunk/; revision=1740
|
|
("w" and "wb" are the same on UNIX, but not on Win32).
svn path=/trunk/; revision=1598
|
|
Ethereal on win32 now correctly reads trace files.
svn path=/trunk/; revision=1538
|
|
forwarding e-mail address.
svn path=/trunk/; revision=1522
|
|
hideous problem on FreeBSD 3.[23] (and perhaps other BSDs) if
HAVE_UNISTD_H is defined before "zlib.h" is included, turn "file_seek()"
into a subroutine defined in a file that *undefines* HAVE_UNISTD_H
before including "zlib.h", so that the *only* call to "gzseek()" is made
from a file that does not have HAVE_UNISTD_H defined when it includes
"zlib.h".
Move "file_error()" to that file while you're at it, so it holds all the
wrappers that hide the presence or absence of zlib from routines to read
capture files.
Turn "file.h", which declared those wrapper functions as well as wrapper
macros, into "file_wrapper.h" - it belongs with the "file_wrapper.c"
file that defines the wrapper functions, not with "file.c" which handles
higher-layer file access functions.
Remove the comment in "configure.in" that explained why defining
HAVE_UNISTD_H was a bad idea, as we're not obliged to define it and work
around the problem. (The comment in "file_wrapper.c" explains the
workaround.)
svn path=/trunk/; revision=1463
|
|
Added lots of #ifdef HAVE_*_H wrappers.
Added some #defines in config.h.win32
Check for more headers in configure.in
Added prototype for inet_aton() in inet_v6defs.h.
Changed "BYTE" token (i.e., #define) in ascend-gramamr.y because it
conflicts with a windows definition. Use HEXBYTE instead.
svn path=/trunk/; revision=1448
|
|
the capture; set it to that when writing the capture.
Support Token Ring and FDDI captures (as per the network type in the
file header appearing to be either the NDIS network type, or the NDIS
network type minus 1 - I forget whether Ethernet has an NDIS type of 0
or 1).
Don't write the file header twice, keeping a static copy of it around,
as Wiretap code isn't supposed to keep any static data around; instead,
write it only when we're done writing out all the records (as we do on
Network Monitor captures).
Compute the time stamps when writing the file.
Give Windows Sniffer 1.1-format a short name, so "editcap" doesn't dump
core or print "(null)" in its usage message.
WTAP_ENCAP_NULL isn't supported by NetMon; don't write it.
svn path=/trunk/; revision=1336
|
|
It's very basic, and doesn't write out the timestamps currently. It also
only handles WTAP_ENCAP_ETHERNET, although it can probably do the others,
but I don't have a good way to test them. This code has not yet been tested
against a Sniffer Pro, although wiretap can read the files just fine.
svn path=/trunk/; revision=1318
|
|
and V.120 decoder.
svn path=/trunk/; revision=1304
|
|
Kuznetsov "libpcap" format and the early Kuznetsov format Red Hat 6.1
uses.
svn path=/trunk/; revision=1303
|
|
files (the former have a different per-packet header, and a different
magic number, from the standard "libpcap"; the latter have the same
per-packet header as "modified" "libpcap" files, but the same magic
number as standard "libpcap" files, sigh).
Support writing "libpcap" captures in all three formats (so that, for
example, people running Ethereal on RH 6.1 can write out captures that
the "tcpdump" that comes with RH 6.1 can read, although that's not the
default format we save in - there's no way to tell whether you're
running on RH 6.1, as far as I know; "uname()" just tells you, on Linux
systems, that the kernel is Linux 2.x, and what "x" is, it doesn't say
what the *rest* of the system is).
Fix the table in "file.c" to use Olivier's code for writing Sniffer
files.
svn path=/trunk/; revision=1288
|
|
svn path=/trunk/; revision=1211
|