| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
sure we clean up everything.
svn path=/trunk/; revision=46773
|
|
Use pkthdr instead of pseudo_header as argument for dissecting.
svn path=/trunk/; revision=45601
|
|
resolution information between capture files so that we don't leak host
entries from one file to another (e.g. embarassing-host-name.example.com
from file1.pcapng into a name resolution block in file2.pcapng).
host_name_lookup_cleanup and host_name_lookup_init must now be called
after each call to se_free_all. As a result we now end up reading our
various name resolution files much more than we should.
svn path=/trunk/; revision=45511
|
|
svn path=/trunk/; revision=45015
|
|
needed when wrinting the file if the format is converted to pcapng.
Should we do this for other file formats as well?
A pcapng file with per packet encapsulation will need an IDB per encapsulation as the EPB does not have a linktype indicator only a interface index.
svn path=/trunk/; revision=44281
|
|
the per-file encapsulation type needed to write out a set of packets
with all those encapsulation types. If there's only one such
encapsulation type, that's the type, otherwise WTAP_ENCAP_PER_PACKET is
needed. Use that in wtap_dump_can_write_encaps().
Also use it in cf_save_packets() and cf_export_specified_packets(), so
that we can write out files with WTAP_ENCAP_PER_PACKET as the file
encapsulation type and only one actual per-packet encapsulation type in
some cases where that failed before. This fixes the case that showed up
in bug 7505, although there are other cases where we *could* write out a
capture in a given file format but won't be able to do so; fixing those
will take more work.
#BACKPORT
(Note: this adds a routine to libwiretap, so, when backported, the
*minor* version of the library should be increased. Code that worked
with the version of the library prior to this change will continue to
work, so there's no need to change the *major* version of the library.)
svn path=/trunk/; revision=43847
|
|
interface information when opening an output file, one of which I fixed
in my previous checkin and the other of which I didn't notice. Shuffle
code around a little bit so that the lumps are identical and then put
them into a common routine (*with* the fix in question).
#BACKPORT
svn path=/trunk/; revision=43655
|
|
we're making a fake interface description (it should match the time
stamp resolution). The dump code for pcap-NG now requires the time
units per second value, as it needs to correctly compute the time stamp
value to write out in an EPB.
svn path=/trunk/; revision=43652
|
|
"etherpeek.c" file format is used by AiroPeek and the "airopeek9.c" file
format is used by EtherPeek.
Instead, use the names that WildPackets apparently uses for those
formats - "classic" and "tagged".
svn path=/trunk/; revision=43630
|
|
(COPYING will be updated in next commit)
svn path=/trunk/; revision=43536
|
|
svn path=/trunk/; revision=43317
|
|
file type and a GArray of encapsulation types and returns TRUE if a
capture with all those encapsulation types can be written to a file in
that file type and FALSE otherwise. Use it where appropriate.
svn path=/trunk/; revision=43315
|
|
only return file types that could handle a single file with all those
encapsulations - this means that
1) if there's more then one encapsulation, the file format has
to handle per-packet encapsulation;
2) just because a file format handles per-packet encapsulation,
that doesn't mean that it can handle the *particular* encapsulations
being handed to it.
This fixes some cases where we were claiming that a file could be saved
in a format that doesn't actually support it (e.g., ISDN files being
reported as savable in pcap-NG format - there's no LINKTYPE_ value for
ISDN including B and D channels).
svn path=/trunk/; revision=43300
|
|
doesn't do safe saves, so wtap_fdreopen() always needs to reopen the
random file descriptor.
At the point where a safe save is done, the sequential read is done, so
the sequential stream is closed; there's no need to reopen it.
(The former fourth argument to wtap_fdreopen() wasn't an indication of
whether the file was compressed, it was an indicationof whether the
random stream should be reopened.)
svn path=/trunk/; revision=42977
|
|
the same #includes.
svn path=/trunk/; revision=42963
|
|
file that we ourselves have open. In the "safe save" code path for
capture files, on Windows temporarily close the file descriptors for the
currently-open capture before doing the rename and then, if the rename
failed, reopen them, leaving the rest of the wtap and capture_file
structures intact.
Rename filed_open() to file_fdopen(), to make its name match what it
does a bit better (it's an fdopen()-style routine, i.e. do the
equivalent of an open with an already-open file descriptor rather than a
pathname, in the file_wrappers.c set of routines).
Remove the file_ routines from the .def file for Wiretap - they should
only be called by code inside Wiretap.
Closing a descriptor open for input has no reason to fail (closing a
descriptor open for *writing* could fail if the file is on a server and
dirty pages are pushed asynchronously to the server and synchronously on
a close), so just have file_close() return void.
svn path=/trunk/; revision=42961
|
|
the default extension for the file type iff
the file type we're using has a list of extensions;
the file has no extension or it has one but it's not one of the
ones in the list.
*Don't* expect a file extension to be at most 5 characters plus the dot
- the extension for pcap-ng, our default capture file type, is "pcapng",
and that's 6 characters!
svn path=/trunk/; revision=42800
|
|
which could use lseek() and were thus expensive due to system call
overhead. To avoid making a system call for every packet on a
sequential read, we maintained a data_offset field in the wtap structure
for sequential reads.
It's now a routine that just returns information from the FILE_T data
structure, so it's cheap. Use it, rather than maintaining the data_offset
field.
Readers for some file formats need to maintain file offset themselves;
have them do so in their private data structures.
svn path=/trunk/; revision=42423
|
|
as a suffix for pcap-ng files.
svn path=/trunk/; revision=42330
|
|
native file formats, so try them first.
Move eyesdn_open() to the section for open routines for file formats
that have a magic number - EyeSDN traces all start with "EyeSDN".
svn path=/trunk/; revision=42250
|
|
wtap_dump_fdopen_ng() and add a dummy IDB to be able to write pcapng files.
Solves https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6969
mergecap: Can't open or create <FILENAME>: Internal error.
We might want to add a SHB comment from mergecap giving the merged filenames or something like that, Merging of pcapng files
is a different issue, idealy we should probably start using several SHB:s in that case.
svn path=/trunk/; revision=42230
|
|
From Tom Cook and Tom Alexander.
1. A VWR encapsulation that reads VeriWave capture files (*.vwr)
generated from
WaveTest test hardware
2. Dissectors that display the VeriWave tap headers (both 802.11 and
Ethernet)
3. A dissector for the WaveAgent protocol. The WaveAgent dissector is
heuristic and parses the WaveAgent packet (a UDP payload).
The WaveAgent dissector has been Fuzz tested.
The VWR ENCAP and dissectors have been used extensively by VeriWave
customers in a special version of WireSark compiled by VeriWave.
svn path=/trunk/; revision=42155
|
|
return the right error code and information string.
InfoVista bought Accellent Group, and, at least according to the
InfoVista Web site, it's "5View", not "5Views".
svn path=/trunk/; revision=42119
|
|
fixes the double-free editcap crashes that the buildbot's been seeing lately.
svn path=/trunk/; revision=41542
|
|
svn path=/trunk/; revision=41522
|
|
svn path=/trunk/; revision=41387
|
|
code of the filter used
svn path=/trunk/; revision=41339
|
|
and should not contain the extension in the default_file_extension
member - that's why the name starts with "additional".
svn path=/trunk/; revision=41293
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6894
svn path=/trunk/; revision=41286
|
|
svn path=/trunk/; revision=41123
|
|
This seems right, but doesn't make the buildbots happy, because
a read pcap file is reported a per packet encaps...
svn path=/trunk/; revision=41121
|
|
you provide NULL when you call it via wtap_dump_open.
This does not make the buildbots happy, but at least
tshark doesn't crash anymore.
svn path=/trunk/; revision=41111
|
|
svn path=/trunk/; revision=41091
|
|
correct lengt for strings, handle more than 100 char comment
svn path=/trunk/; revision=41082
|
|
svn path=/trunk/; revision=41032
|
|
encapsulation value and returns a GArray containing all the file types
that could be used to save a file of that file type and that
encapsulation value (which could be WTAP_ENCAP_PER_PACKET), with the
input file type first if that can be used and pcap or pcap-ng first if
not and if one of them can be used, and with pcap and pcap-ng clustered
together if they're among the file types that can be used.
Use that routine for the GTK+ file save dialog.
svn path=/trunk/; revision=40685
|
|
a field that gives the default extension for the file type,
*without* a leading "." (i.e., just the extension, not the "."
that separates it from the rest of the file name), which is NULL
if there are no known extensions;
a field that gives a semicolon-separated list of *other*
extensions, without "*." or ".", which is NULL if there are no
known extensions or there are no known extensions other than the
default.
Rename wtap_file_extension_default_string() to
wtap_default_file_extension() (matches the name of the field).
svn path=/trunk/; revision=40678
|
|
sense of "what follows the last . in the file name", i.e. not including
the ".".
svn path=/trunk/; revision=40674
|
|
extensions at all.
For file types that are plain text and that don't already have
extensions, add "txt" as the extension.
svn path=/trunk/; revision=40657
|
|
GSList of extensions for a file type, including extensions for the
compressed versions of those file types that we can read.
svn path=/trunk/; revision=40623
|
|
select only files of that type; you might as well use "All Files (*.*)"
for that.
The default suffix is a suffix, not a pattern, so it shouldn't be
"*.{something}".
We only use the patterns on Windows, where file names are
case-insensitive, so there's no point in capital letters in suffixes.
svn path=/trunk/; revision=40621
|
|
Wireshark distribution, give us code to read it. If somebody wants it
in their private version of Wireshark, they can manage that themselves.
(We should support plugins for file types at some point; I think we
already have support for Lua file readers.)
svn path=/trunk/; revision=40620
|
|
svn path=/trunk/; revision=40495
|
|
Move pcap-NG right after standard pcap in the list of file types, so
that it shows up early in the list of output file types in the "Save
As..." dialog box (if, that is, it's supported; if not, neither is pcap,
as they use the same link-layer header type values).
svn path=/trunk/; revision=40493
|
|
software. More work is needed:
we don't know where the capture start time is yet;
we aren't handling the "stop capture" record;
we don't know where the ISDN channel is;
there might be non-ISDN file formats;
but this at least is easier than trying to text2pcap hex dumps from that
software into pcap files.
svn path=/trunk/; revision=39588
|
|
First bug: The Network Instruments Observer file format abbreviation is
incorrect. It is "niobserverv" instead of "niobserver", which is probably a
vestige from 1.4 when the abbreviation was "niobserverv9".
Second bug: The packet header magic number field is correctly swapped the first
time when reading the entire packet header. It is incorrectly swapped yet again
when reporting an invalid value. Both swaps use GUINT_FROM_LE, which is a no-op
on little-endian platforms. But the error message that is displayed to users of
big-endian platforms will contain a byte-reversed value.
svn path=/trunk/; revision=39392
|
|
same.
Add to wiretap/pcap-common.c a routine to fill in the pseudo-header for
ATM (by looking at the VPI, VCI, and packet data, and guessing) and
Ethernet (setting the FCS length appropriately). Use it for both pcap
and pcap-ng files.
svn path=/trunk/; revision=38840
|
|
Added support for saving ERF files.
From me:
Use crc routines from libwsutil.
svn path=/trunk/; revision=38826
|
|
pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
|
|
svn path=/trunk/; revision=37643
|
