| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This doesn't try to use any data from multiple Name Resolution blocks, it
just converts single Name Resolution block usage into a GArray, so the
potential is there to then use/support multiple Name Resolution blocks
within a file format (like pcapng)
Change-Id: Ib0b584af0bd263f183bd6d31ba18275ab0577d0c
Reviewed-on: https://code.wireshark.org/review/15684
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This doesn't try to use any data from multiple Section Header blocks, it
just converts single Section Header block usage into a GArray, so the
potential is there to then use/support multiple Section Header blocks
within a file format (like pcapng)
Change-Id: I6ad1f7b8daf4b1ad7ba0eb1ecf2e170421505486
Reviewed-on: https://code.wireshark.org/review/15636
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Ping-Bug: 10203
Change-Id: Ifa24870d711449b87e9839dd46af614e4aa28fde
Reviewed-on: https://code.wireshark.org/review/15608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Register Wireshark for PacketLogger, ERF, IPFIX, and VWR files on
freedesktop.org, OS X, and Windows (we were already registered for ERF and VWR
files on Windows).
Change-Id: I8105997cb15ea06e1c078489fd88763d4ce9e40c
Reviewed-on: https://code.wireshark.org/review/15635
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: If65ff14589ccd0b2d643256f3443dc26b3b71371
Reviewed-on: https://code.wireshark.org/review/15640
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Also add a length parameter to wtap_optionblock_set_option_string
Change-Id: I8c7bbc48aa96b5c2a91ab9a17980928d6894f1ee
Reviewed-on: https://code.wireshark.org/review/15505
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Chances are they want to include the file extension in wiretap's list of
file extensions (for the File->Open dialog) as well as the various files
needed for integration with the various desktop environments that
Wireshark supports.
(I should have put this advice there years ago when creating the
freedesktop.org mime-package file.)
Add a comment to the mime-package file explaining its purpose, giving
a link to the specification, and talking about MIME types and the registration
thereof.
Change-Id: I60540bf88062b7a90653888534405f6aef4f657c
Reviewed-on: https://code.wireshark.org/review/15011
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
By putting it in this list the File->Open dialog will include an option for
*.mplog files.
Change-Id: Icf6480f7be1023650262fc1f3996a390e137cb88
Reviewed-on: https://code.wireshark.org/review/15048
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
the mplog format is used by some commercial logging tools that capture
ISO 14443 traffic between a card reader and a contactless smartcard
Change-Id: If359b8f0f671eb2a7c6315e2b8960a5bd581a9e9
Reviewed-on: https://code.wireshark.org/review/14950
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.
Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.
Note that we could probably improve startup performance by using wmem
in diam_dict.*.
Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I12f92c983d587c2a4751428cdf299635090c9f0b
Reviewed-on: https://code.wireshark.org/review/14748
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Otherwise, they get treated as generic XML files. No, a standard XML
tag, followed by <dump>, isn't a *perfect* magic number, but if you
*really* want to read it as a generic XML file, you can do so from the
UI.
(This is just like TNEF files.)
Change-Id: I7624023ecf87a21ef339222c89b3c9abd7acc727
Reviewed-on: https://code.wireshark.org/review/14656
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Just use the table - or an empty table if we're not including the
compressed file extensions.
Change-Id: I0b3ef3987e1986953f2957c27c84b2ee59b90bc0
Reviewed-on: https://code.wireshark.org/review/13611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I529d37e57b12fa7515f2bd18a013618b50300231
Reviewed-on: https://code.wireshark.org/review/12974
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Thanks and a tip of the Hatlo hat to Coverity for finding this.
Change-Id: Ie9d4089443e52ef427e0cc8ae6e90a9d9787134e
Reviewed-on: https://code.wireshark.org/review/12123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I882cc5c264fdf97452c84bd5cea0e5d56bd6eb45
Reviewed-on: https://code.wireshark.org/review/11753
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It includes the temporary-file generation, so you don't have to do it
yourself.
Change-Id: I0798df95a5c5646224ec49612f50b423ed78547a
Reviewed-on: https://code.wireshark.org/review/11751
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That matches what we do with the other two pairs of dump opening
routines.
Change-Id: I0e6e475573c3a8d4ab6cf991d0aadc14150af233
Reviewed-on: https://code.wireshark.org/review/11744
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The callers of wtap_dump_init_dumper() always call
wtap_dump_open_check() first, with the same arguments in all cases; pull
the latter call into wtap_dump_init_dumper() itself.
Change-Id: I2b44dc3a018745e175b5c74ff1a346749fec2b71
Reviewed-on: https://code.wireshark.org/review/11681
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have a "this is stdout" flag for a wtap_dumper, and have "open the
standard output for dumping" routines that set that flag. When closing
a wtap_dumper, do most of the work regardless of whether we're writing
to the standard output or not (so that everything gets written out) and
only skip the closing of the underlying file descriptor.
Change-Id: I9f7e4d142b3bd598055d806b7ded1cb4c378de8e
Reviewed-on: https://code.wireshark.org/review/11673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That's a UI convention, and the GUI shouldn't honor that convention - a
user might get confused if they try to save to "-" and end up with
nothing (and with a ton of crap in a log file if programs launched from
the GUI end up with their standard output and error logged).
While we're at it, make randcap report write and close errors.
Change-Id: I9c450f0ca0320ce4c36d13d209b56d72edb43012
Reviewed-on: https://code.wireshark.org/review/11666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Be more consistent about using the ws_ routines, as we suggest in
README.developer.
In C++ on UN*X, define ws_close as ::close rather than close, so that it
works even in classes with methods or members named "close".
Change-Id: Ide2652229e6b6b4624cbddae0e909a4ea1efa591
Reviewed-on: https://code.wireshark.org/review/11637
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6b81d3e853d503c6a81f9793957b48ab34c6808c
Reviewed-on: https://code.wireshark.org/review/10156
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Like bug 11447, when wiretap reads a legacy PCAP file it needs to
set the interface description's tsprecision member. And like bug
11447, I'm wondering why we have the field to begin with. But I'm
fixing this so that the Windows buildbots can get going again.
Change-Id: I71d0fe2e999ee7d11f1f5cc424681a99e17b1b1b
Reviewed-on: https://code.wireshark.org/review/10139
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
|
|
As the comment says, "Entries must be sorted by
WTAP_FILE_TYPE_SUBTYPE_xxx values in ascending order." If they're not,
the file type to file type string routines don't give the right answer.
Change-Id: I06afe7bb98cb36c54ddc831113bb632598ab2eb0
Reviewed-on: https://code.wireshark.org/review/9975
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Right now the output encapsulation type is ignored if the output (default) format is set to pcapng.
Change-Id: Ibffaaed5979bf63ed4e3fa3b1f859a82b401d80b
Reviewed-on: https://code.wireshark.org/review/9911
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Make pcapng decode options in an NRB during read, and store the comment
option, and write it back out as well. Also make it handle plugin handlers
for unknown options in received NRB(s).
Change-Id: I81863ef8d85cb1c8b5ba6673ba0e562efe77714f
Reviewed-on: https://code.wireshark.org/review/9723
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use "3gpp32423" instead of "nettrace3gpp324423":
- There were too many "4"s in the previous name ("324423" vs "32423").
- "nettrace" isn't an official name, per 3GPP TS 32 423
- It's shorter.
Change-Id: Ic981d0351a3014fb79702955ebef7b13f6ce4a2e
Reviewed-on: https://code.wireshark.org/review/9863
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Improve consistency when referring to 3GPP TS 32.423:
- The standard name is "3GPP TS 32.423" (with "TS", and "." separator).
- Fix typo in number series ("32" not "34").
- The standard refers to "Trace", not "Nettrace".
Change-Id: If9994b9c6de69b6e1bdfc6679fbaabe698971949
Reviewed-on: https://code.wireshark.org/review/9795
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
As reported on https://ask.wireshark.org/questions/43483/why-does-editcap-write-out-nseclibpcap-correctly-with-nanosecond-timestamps-but-not-with-pcapng
Change-Id: I81ec6dd6bdc6008297141ca8e210f4fb989cd3d6
Reviewed-on: https://code.wireshark.org/review/9111
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I2494c2b1dcc9e324535b3f659b51b44059c478bd
Reviewed-on: https://code.wireshark.org/review/8304
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
TS 32 423(XML)
Change-Id: I37895ec35797089a32c7d1695e735046d6aa979e
Reviewed-on: https://code.wireshark.org/review/8237
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ica74f3f9239a96486967cf248feb4313bc390734
Reviewed-on: https://code.wireshark.org/review/7751
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
If a file type has a list of "typical" extensions, and a file has an
extension that is *not* one of those extensions, the file is unlikely to
be of that type.
For files that have extensions, after we try the heuristics that have a
list of "typical" extensions that includes the file's extension, try the
heuristics that have no such list, and after that try the heuristics
that have such a list but where the list *doesn't* include the file's
extension.
This fixes, for example, some cases where non-PacketLogger files were
getting identified as PacketLogger files.
Change-Id: I2d8c3b983ed6ccd692beb888668f77eb9b5f437b
Reviewed-on: https://code.wireshark.org/review/7315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
libjsmn has also been moved from epan/ to wsutil/ to make it visible from wiretap.
Change-Id: I59abb3419acb1baa83194b38152d3651ed5c123c
Bug: 10878
Reviewed-on: https://code.wireshark.org/review/6716
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I10d3057801673bc1c8ea78f144215869cc4b1851
Reviewed-on: https://code.wireshark.org/review/6217
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Change-Id: Ic5a5acb0f36d3aa144edbfb1ae71097b18426db4
Reviewed-on: https://code.wireshark.org/review/6216
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: Ib5c600c491a3d8adcfa91c00fa9445283610545b
Reviewed-on: https://code.wireshark.org/review/5830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I20ca39f69052b4134147577ae5be74c05b4d5e48
Reviewed-on: https://code.wireshark.org/review/5543
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I7963f05a78ec764a21d388fcdba618ffbcf935e4
Reviewed-on: https://code.wireshark.org/review/4930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I55002477a416710592a482725af68cdf2511e063
Reviewed-on: https://code.wireshark.org/review/4929
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The time stamp origin is not correct. Capsa's absolute time stamp for
the sample captures from their Web site would be helpful.
Change-Id: I365daf7b42240e33f54df76939254f41ed57a9b2
Reviewed-on: https://code.wireshark.org/review/4671
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
For open_info, use names based on the names in other lists.
Also, in comments, indicate what the three count 'em three tables are
used for, and clean up the type/subtype table.
Change-Id: I7a763119e790d5970f87dff05284f465eebfb7e7
Reviewed-on: https://code.wireshark.org/review/4599
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Clean up some things we ran across while making those changes.
Change-Id: Ic0d8943d36e6e120d7af0a6148fad98015d1e83e
Reviewed-on: https://code.wireshark.org/review/4581
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Unlike the standard I/O routines, the code we introduced that supports
fast random seeking on gzipped files will always supply some specific
error code for read errors, so we don't need WTAP_ERR_CANT_READ.
Add WTAP_ERR_CANT_WRITE for writing, as we're still using the standard
I/O routines for that. Set errno to WTAP_ERR_CANT_WRITE before calling
fwrite() in wtap_dump_file_write(), so that it's used if fwrite() fails
without setting errno.
Change-Id: I6bf066a6838284a532737aa65fd0c9bb3639ad63
Reviewed-on: https://code.wireshark.org/review/4540
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
